[tor-dev] Shrink Tor binary size
Sergey Ponomarev
stokito at gmail.com
Sun Jun 26 00:06:58 UTC 2022
I’m working on a firmware for routers based on OpenWrt and it needs
Tor out of the box for NAT punching i.e. SSH and Web admin access. It
will expose a Single Onion Service i.e. not "hidden" with just 3 hop
for a better performance.
In fact it just needs to connect to some random relay to have a tunnel
and encrypt/decrypt traffic. The full hidden service functionality
with IP/RP dances is not needed: I'm not trying to hide the location
of the router.
In fact most users even don't need anonymity with the 3 hop to access
their router but Tor requires 3.
So this is probably a kind of abuse of the Tor network but this is the
only free network of proxies. At the same time a user will have an
encryption while accessing the router's admin panel. I may enable
HTTPS with a self signed cert but users must accept it manually which
is hard for inexperienced users.
The Tor is already ported to OpenWrt but its binary is more than 2mb.
For 16mb routers this is not critical but a lot and I need to keep
space.
So is it possible to compile Tor without some features?
As far as I understood from autoconf I can disable Relay functionality.
But maybe I can also disable some admin api parts and SOCKS proxy.
Also OpenWrt out of the box has WolfSSL so is it possible to compile
tor with it instead of OpenSSL?
Another problem is files sizes inside of /var/lib/tor/:
20,442 cached-certs
2,303,443 cached-microdesc-consensus
8,725,598 cached-microdescs.new
3,531 state
I think that all these files may be minimized. E.g. cached-certs
contains keys in PEM format which is just Base64 form of DER.
So switching to plain DER certs can significantly reduce size.
As a side question: is it possible to make a small relay proxy that
can work part time when I sleep?
Imagine that each router already has a Tor. This is potentially
thousands of relay nodes and all of them have a motivation to support
the network which they are using themselves.
But users don’t want to lose bandwidth. I see that I can set some
traffic or bandwidth limits.
But maybe I can write some script that will enable or disable the
relay by schedule in the evening.
As far I know relays must be always online so this will make the relay
unstable and it won’t be used by Tor.
Is it technically possible?
Regards,
Sergey Ponomarev,
stokito.com
More information about the tor-dev
mailing list