Re: Proposed student project

[Roger Dingledine <arma@xxxxxxx>]

On Mon, Sep 15, 2008 at 02:12:12PM -0400, Chris Akins wrote:
> The basic idea
> is to build a zero-configuration Tor relay in hardware that sits between the
> home user's router and their computer. Two plugs: one to the outside world,
> one to the computer. 

Two thoughts come to mind immediately. First, you will want to use
Tor's transparent proxy interface with iptables / pf:
https://wiki.torproject.org/noreply/TheOnionRouter/TransparentProxy

You might like Incognito's firewall rules:
https://svn.torproject.org/svn/incognito/trunk/root_overlay/var/lib/iptables/rules-save

For the software side, you should look at coderman's draft thoughts on
a self-contained Tor in a VM:
https://svn.torproject.org/svn/torvm/trunk/doc/design.html

Second, if you want this Tor to be able to act as a relay too (aka a Tor
server), it will need some non-trivial hardware. Exactly what hardware is
needed is an open question, and worth exploring more. The Tor software
development process seems to have cycles where we 1) accidentally cause
Tor to use too many resources, then 2) fix that, then go back to 1.

So some versions of Tor are much more friendly, cpu and memory wise,
than others. The current 0.2.1.5-alpha version is quite good I believe.

> The relay would automatically handle all the configuration details, and
> render interception almost impossible, barring subversion of the target
> machine.

You may find that some config details, like how much rate limiting the
user wants to put in place, are hard to guess automatically.

--Roger