[tor-relays] do not run Tor client and OR relay together!
starlight.2015q3 at binnacle.cx
starlight.2015q3 at binnacle.cx
Sun Aug 16 21:14:42 UTC 2015
I think separate packages are good idea
--is about making it easier for regular
users to configure Tor with less pain.
'openssh' provides a good example,
as it come with three component
packages:
openssh (core files)
openssh-client
openssh-server
so one would have
tor-core
tor-client
tor-server
where the client and server packages
would configure separate run-time directories,
'torrc's and boot-system start/stop scripts
for the respective instances. The 'tor'
binary would appear in the tor-core component.
I am confident of the analysis regarding
how easy it is to isolate client circuit
establishment cells from other relay traffic.
Is rather obvious--just look at the debug
trace 'channel_write_packed_cell' lines
associated with circuit establishment
and how they stand-out temporally
from the relay channel_write_packed_cell()
lines. Unfortunately the log-to-file
feature does not include fractional
seconds, but it's glaring even with
whole-second resolution.
At 23:47 8/16/2015 +0300, you wrote:
>Hi,
>
>Shipping tor-client and tor-relay as separate
>packages is the worst thing we could do, since
>it's the same thing with just one config line more
>or less. It will mess things up terribly.
>
>We don't know that just yet, we are getting to
>fast from one thing to another - wait until proper
>review over that ticket and we'll see what needs
>to be done / if something needs to be done.
>
>
>On 8/16/2015 8:50 PM, Ana Lucia Cortez wrote:
>>
>> On 16.08.2015 at 17:36, starlight.2015q3 at binnacle.cx wrote:
>>> Anyone who has configured a Tor SOCKS5
>>> client to run in a 'tor' instance that also
>>> operates as an OR relay should isolate the
>>> client to a separate client-only process.
>>
>>> The client function disturbs relay traffic
>>> forwarding in a manner that lends itself to
>>> confirmation analysis.
>>
>>> See bug 16585, particularly comment 5 and onward:
>>
>>>
>https://trac.torproject.org/projects/tor/ticket/16585#comment:5
>>
>>> Perhaps read comment 10 first.
>>
>>
>> It would be nice to have both installed as services by the
>deb-package
>> or two different deb-packages for tor-client and tor-relay.
>>
>> Apart from the fact that they run the
>> same binary they are quite different
>> to configure and setup.
>>
>> Maybe that would help to make it easier
>> to run relays and hidden services on
>> the same machine.
>>
>> _______________________________________________
>> tor-relays mailing list
>> tor-relays at lists.torproject.org
>>
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
>>
>_______________________________________________
>tor-relays mailing list
>tor-relays at lists.torproject.org
>https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays
More information about the tor-relays
mailing list