Currently, if Tox node wishes to work through Tor, it has to choose the SOCKS5 proxy option. This automatically disables DHT and makes such node work through the TCP relay. As far as I know, the number of TCP relays is very limited in the network. (qTox has the hardcoded list of 60.) This puts Tor-connected nodes at a disadvantage, makes them unscalable, because all of them have to share a limited number of TCP relays.

ZeroNet, IMO, took a better approach. My suggestion is based on their approach.

• Add the "Tor integration" option with values "No/Always/Mixed". "Tor integration"=Always will enable proxy=SOCKS5, will make user to specify Tor control port (default is 9051), and HashedControlPassword (same as in torrc). Mixed mode will additionally leave Tox in the clearnet.
• In the beginning Tox will connect to the Tor control port and create the session Tor onion address {onion}.
• Tor-connected Tox instance will then register as such in DHT, with address={onion}
• Tor-connected instances will be able to connect to each other and to clearnet instances the same way as clearnet instances connect to each other, only replacing UDP with TCP for DHT.
• Clearnet-only instances will be able to connect to Tor-only instances using TCP relays, like this happens now.

Implementation-wise, the address of the Tox node will change from {IP} to {IP,Onion}. DHT will support the TCP connectivity to enable Tor nodes that have no UDP access. Only clearnet-only->onion-only connections will require going through TCP relays. All other connections will generally be direct.

This will make Tox work within the Tor network in a way similar to how it currently works over the clearnet, in a scalable fashion. Tor->Tor calls will not need to ever leave the Tor network.