"Ted" == Ted Lemon <ted(_dot_)lemon(_at_)nominum(_dot_)com> writes:
Ted> Absolutely. However, it is perhaps worth noting that there
Ted> is a long-standing solution to the problem that
Ted> doesn??t require socks: nsswitch.conf.
Ted> It??s not the right architectural solution either,
Ted> for a couple of reasons: not an appropriate UI for non-hackers,
Ted> and a bit too dependent on the list of things switched being
Ted> small. But the point is that this is actually a pretty
Ted> well-understood problem, and if, as a policy, we continue to
Ted> add special-use names as required, the solution to the problem
Ted> of how to handle these special-use names in the host stack is
Ted> already well understood.
At least on my OS, nsswitch.conf only allows me to change name
resolution.
It doesn't allow me to connect to a hidden service without modifying my
application.
(There's no IP address corresponding to the application.)
I could I guess allocate a IPv6 ULA (or site-local eve) block to a local
tun adapter, have a name service engine that allocated addresses in that
range to hidden services, and then grab the packets out of that tun
interface, map back to v4, and run through TOR.
However, both the sox approach and what I'll call the
nsswitch+extra_complexity approach have a dependence on DNS in common.
The slot that my application has is a hostname slot, not a URI slot when
interacting with the network layer.
--Sam