Tor路由学习总结1 – Glossary专业词汇表

darknet

1. MUST   This word, or the terms “REQUIRED” or “SHALL”

即绝对必须要做的

2. MUST NOT   This phrase, or the phrase “SHALL NOT”

即绝对禁止要做的

3. SHOULD   This word, or the adjective “RECOMMENDED”

即存在特殊情况可以不这么做,但一般情况下还是应该遵守

4. SHOULD NOT   This phrase, or the phrase “NOT RECOMMENDED”

即存在特殊情况可以这么做,但一般情况下还是不应该这么做

5. MAY   This word, or the adjective “OPTIONAL”

即你可以自主选择

 

1.0 Commonly used Tor configuration terms

   ORPort  – Onion Router Port  洋葱路由端口

   DirPort – Directory Port           目录服务端口

2.0 Tor network components

   2.1 Relays, aka OR (onion router)    中继

    2.1.1 Specific roles

      Exit relay: The final hop in an exit circuit before traffic leaves the Tor network to connect to external servers.   

      出口中继,即一个出口链路中最后一个节点

 

      Non-exit relay: Relays that send and receive traffic only to other Tor relays and Tor clients.

      非出口中继,仅仅接收和发送其他Tor中继和Tor客户端的流量

 

      Entry relay: The first hop in a Tor circuit. Can be either a guard relay or a bridge, depending on the client’s configuration.

      入口中继,可以设置为一个守卫中继或者一个网桥,这取决于客户端所处环境

 

      Guard relay: A relay that a client uses as its entry for a longer period of time.  Guard relays are rotated more slowly to prevent  attacks that can come from being exposed to too many guards.

      守卫中继,客户端长期用作入口的节点,守卫中继轮换周期较长用以防止暴露较多的守卫中继

 

      Bridge: A relay intentionally not listed in the public Tor consensus.Currently, bridges are used only as entry relays.

      桥,一个未被列入Tor共识文档(用于存储Tor各服务器公认的节点或者信息) 中的中继通常情况下被用作入口中继

 

      Directory cache: A relay that downloads cached directory information from the directory authorities and serves it to clients on  demand. Any relay will act as a directory cache, if its bandwidth is high enough.

      目录缓存,中继从目录管理服务器下载目录缓存信息并根据需要提供给客户端的中继,如果其带宽足够高,任何中继都将充当目录缓存

 

      Rendezvous point: A relay connecting a client to a hidden service.Each party builds a three-hop circuit, meeting at the rendezvous  point.

      汇合点,用于连接一个客户端和一个隐藏服务的中继,每个主体都会建立一个三跳的链路用以满足汇合点

 

   2.2 Client, aka OP (onion proxy)     客户端/洋葱代理

   2.3 Authorities:

    Directory Authority: Nine total in the Tor network, operated by

    trusted individuals. Directory authorities define and serve the

    consensus document, defining the “state of the network.” This document

    contains a “router status” section for every relay currently

    in the network. Directory authorities also serve router descriptors,

    extra info documents, microdescriptors, and the microdescriptor consensus.

   目录管理服务器:Tor网络共有九个,由受信任的个人运营(真的安全么?)。 目录机构定义并提供共识文档,定义“网络状态”。 本文档 包含当前网络中每个中继的“路由器状态”部分。 目录机构还提供路由器描述符,额外信息文档,微描述符和微描述符共识

 

    Bridge Authority: One total. Similar in responsibility to directory authorities, but for bridges.

    网桥管理服务器,总共只有一个,只是用来管理网桥信息

 

    Fallback directory mirror: One of a list of directory caches distributed with the Tor software. (When a client first connects to the   network, and has no directory information, it asks a fallback directory. From then on, the client can ask any directory cache that’s  listed in the directory information it has.

    目录备份镜像:随Tor软件一起分发的目录高速缓存列表之一。 (当客户端首次连接到网络,并且没有目录信息时,它会询问备份目          录镜像。从那时起,客户端可以询问它所拥有的目录信息中列出的任何目录缓存

 

   2.4 Hidden Service     隐藏网络

   2.5 Circuit:

   An established path through the network, where cryptographic keys are negotiated using the ntor protocol or TAP (Tor                Authentication Protocol (deprecated)) with each hop. Circuits can differ in length depending on their purpose. See also Leaky Pipe Topology.

  链路,利用已协商好的秘钥遵循Tor制定的协议所构建的通过网络的路径

 

    Origin Circuit 

    Exit Circuit: A circuit which connects clients to destinations outside the Tor network. For example, if a client wanted to                                visit duckduckgo.com, this connection would require an exit circuit.

    出口链路,用于将客户端通过Tor网络连接互联网

 

    Internal Circuit: A circuit whose traffic never leaves the Tor network. For example, a client could connect to a hidden service via an internal circuit.

   内部链路,主要用于连接Tor内部的隐藏网络,流量不会离开Tor网络

 

   2.6 Edge connection:

 

   2.7 Consensus: The state of the Tor network, published every hour,   decided by a vote from the network’s directory authorities. Clients fetch the consensus from directory authorities, fallback  directories, or directory caches.

   共识文档,每小时发布一次Tor网络的状态,由网络目录机构投票决定。 客户端从目录管理服务器,目录备份镜像或其他目录缓存(可由带宽足够的中继充当)

 

   2.8 Descriptor: Each descriptor represents information about one  relay in the Tor network. The descriptor includes the relay’s     IP address, public keys, and other data. Relays send descriptors to directory authorities, who vote and publish a  summary of     them  in the network consensus.

        描述符:每个描述符代表有关Tor网络中一个中继的信息。 描述符包括中继的IP地址,公钥和其他数据。 中继向目录管理机构发送描述符,目录管理机构在网络共识中投票并发布它们的摘要。

 

3.0 Tor network protocols Tor网络协议

    3.1 Link handshake

      The link handshake establishes the TLS connection over which two Tor participants will send Tor cells.  This handshake              also  authenticates the participants to each other, possibly using Tor cells.

      握手连接,基于TLS建立,通过发送Tor固定的格式包

    3.2 Circuit handshake

      Circuit handshakes establish the hop-by-hop onion encryption  that clients use to tunnel their application traffic.  The client          does a pairwise key establishment handshake with each individual relay in the circuit.  For every hop except the  first, these        handshakes tunnel through existing hops in the circuit.  Each cell type in this protocol also has a newer version (with a “2”          suffix), e.g., CREATE2.

     链路握手,用于隧道其应用流量的逐跳洋葱加密。 客户端与电路中的每个单独的继电器进行成对密钥建立握手。 对于除第一       跳之外的每一跳,这些握手都会穿过电路中的现有跳跃。

 

      CREATE cell: First part of a handshake, sent by the initiator.      创建请求包,由发起者发送

      CREATED cell: Second part of a handshake, sent by the responder.    创建完成包,由回复者发送

      EXTEND cell: (also known as a RELAY_EXTEND cell) First part of a handshake, tunneled through an existing circuit. 

      The last relay  in the circuit so far will decrypt this cell and send the payload in a CREATED cell to the chosen next hop              relay.     扩展包,当前最后一个中继负责解密其中的负载并将其封装进创建完成包发送至下一跳中继。

 

      EXTENDED cell: (also known as a RELAY_EXTENDED cell) Second part of a handshake, tunneled through an existing              circuit.  The last  relay in the circuit so far receives the CREATED cell from the  new last hop relay and encrypts the payload        in an EXTENDED cell to tunnel back to the client.    扩展完成包,当前最后一个中继收到扩展中继返回的创建成功包后将其          加密并封装至扩展完成包返回给客户端。

 

      Onion skin: A CREATE/CREATE2 or EXTEND/EXTEND2 payload that contains the first part of the TAP or ntor key                      establishment handshake.     洋葱皮:CREATE / CREATE2或EXTEND / EXTEND2有效负载,包含TAP或ntor密钥建立握手        的第一部分。

 

    3.3 Hidden Service Protocol

    3.4 Directory Protocol

 

4.0 General network definitions

   Leaky Pipe Topology: The ability for the origin of a circuit to address relay cells to be addressed to any hop in the path of a         circuit. In Tor, the destination hop is determined by using the ‘recognized’ field of relay cells.

   泄漏管道拓扑:电路原点可以将中继单元寻址到电路路径中的任何一跳。 在Tor中,通过使用已认证的中继包来确定目的地跳。

 

   Stream: A single application-level connection or request, multiplexed over a Tor circuit.  A ‘Stream’ can currently carry the           contents of a TCP connection, a DNS request, or a Tor directory request.

   数据流:单个应用级连接或请求,通过Tor电路复用。 “数据流”当前可以携带TCP连接,DNS请求或Tor目录请求的内容。

 

   Channel: A pairwise connection between two Tor relays, or between a client and a relay. Circuits are multiplexed over                 Channels. All  channels are currently implemented as TLS connections.

   通道:两个Tor中继之间或客户端和中继之间的成对连接。 电路通过通道多路复用。 所有通道当前都实现为TLS连接。