grarpamp grarpamp@gmail.com wrote:
Or instead of router mode, try bridge mode feeding into any old pc running
Noting that even some crappy hardware will still fall over when put in its so called "bridge" mode, which should just be some packet buffering between the wires and their encodings, but it's obviously still looking at the traffic above layer2. So you may still need to swap out hardware.
Absolutely. Another reason to avoid electronics store routers for tor (or many other things) is the information in recently exposed documents that the CIA started invading those devices and, where possible, "upgrading" their firmware as standard practice at least a decade ago.
because there is secondary storage (HDD and/or SSD), paging
is available if the routing functions' memory needs grow larger than the
Sure, but there's no free substitute for RAM, and you probably don't want packets burning a hole in your SSD. Add more RAM if not maxed out.
My point was intended to be only that having a regular computer handle the routing means it doesn't have to die if available RAM be exhausted, i.e., not an argument for speed, but rather for survival under unusual loads. Now that I'm more awake than when I wrote that, though, I realize I don't recall whether routing and NAT tables and mbufs are page-fixed or pageable anyway. :-( It's still better to have a router that you own and the CIA [probably] doesn't.
disable swap, boot USB, set read-only, use small ramdisks for write paths. If used RAM for a used PC isn't in budget or isn't enough, then maybe spindle, but it won't be as fast. And eventually CPU or interrupts or i/o get swamped. Then you put a newer PC that can hold proper amounts of RAM, CPU, etc.
Very true. The device need also not be dedicated to just those functions. Many people would prefer to stick a heavily used relay on their border gateway machine to keep its traffic load off their LANs anyway. Also, if FreeBSD is used, kernel memory for routing tables, NAT tables if used, and mbufs should be allocated from 4 MB superpages, allowing the routing to run very fast. And with an electronics store router, you don't have the kernel configuration information available to look at, whereas you do have that and all the rest as well if you install the OS yourself. Let's also not omit the ability to apply security fixes as they become available, where the store-bought boxes would be running obsolete and unsafe OS in their firmware, probably by the time the store sold them.
Scott Bennett, Comm. ASMELG, CFIAG ********************************************************************** * Internet: bennett at sdf.org *xor* bennett at freeshell.org * *--------------------------------------------------------------------* * "A well regulated and disciplined militia, is at all times a good * * objection to the introduction of that bane of all free governments * * -- a standing army." * * -- Gov. John Hancock, New York Journal, 28 January 1790 * **********************************************************************