For socat there is quite likely a solution to avoid starting unneeded ones:
Working on that now.
1 Like
Made a ton of progress.
In essence, by using systemd socket activation only the required socket redirection services will be started on demand which should save a lot a lot RAM.
https://github.com/Whonix/anon-ws-disable-stacked-tor/blob/master/usr/share/anon-ws-disable-stacked-tor/systemd-unit-files-generator auto generates all the systemd unit service and socket files. For now, supposed to be run manually at package build time.
Here is the list of all the generated systemd unit files:
Port redirection is already functional. Example systemd unit files:
- https://github.com/Whonix/anon-ws-disable-stacked-tor/blob/master/lib/systemd/system/anon-ws-disable-stacked-tor_autogen__var_run_anon-ws-disable-stacked-tor_127.0.0.1_9051.sock.service
- https://github.com/Whonix/anon-ws-disable-stacked-tor/blob/master/lib/systemd/system/anon-ws-disable-stacked-tor_autogen__var_run_anon-ws-disable-stacked-tor_127.0.0.1_9051.sock.socket
Test from workstation:
nc 127.0.0.1 9051
Type some Tor Control Protocol command such as SIGNAL NEWNYM.
Unix domain socket file based redirection does not work yet. So in effect Tor Browser does not work yet.
- https://github.com/Whonix/anon-ws-disable-stacked-tor/blob/master/lib/systemd/system/anon-ws-disable-stacked-tor_autogen__var_run_anon-ws-disable-stacked-tor_127.0.0.1_9051.sock.service
- https://github.com/Whonix/anon-ws-disable-stacked-tor/blob/master/lib/systemd/system/anon-ws-disable-stacked-tor_autogen__var_run_anon-ws-disable-stacked-tor_127.0.0.1_9051.sock.socket
Somehow ListenStream=/var/run/anon-ws-disable-stacked-tor/127.0.0.1_9051.sock does not create a unix domain socket file. Any idea?
2 Likes
Just needs adding
SocketUser=debian-tor
Wondering about other man page options we should set?
https://www.freedesktop.org/software/systemd/man/systemd.socket.html
Anyone any good with octals regarding chmod such as chmod 02700 /var/lib/tor ring any bell? I must admit, I never understood the octals and used chmod o+r etc.
anon-ws-disable-stacked-tor in essence is a Tor emulation running on the workstation forwarding it to the gateway. Therefore I need to know…
What is the chmod octal of…?
-
/var/run/tor/folder? -
/var/run/tor/socks? -
/var/run/tor/control? -
/var/run/tor/control.authcookie? -
/var/run/tor/log? -
/var/run/tor/socks? -
/var/run/tor/tor.pid?
1 Like
find /var/run/tor/
/var/run/tor/
/var/run/tor/control
/var/run/tor/socks
/var/run/tor/control.authcookie
/var/run/tor/tor.pid
/var/run/tor/log
user@host:~$ find /var/run/tor/ | xargs stat --format '%a'
2755
660
666
640
644
640
/var/run/tor/ 2755
/var/run/tor/control 660
/var/run/tor/socks 666
/var/run/tor/control.authcookie 640
/var/run/tor/tor.pid 644
/var/run/tor/log 640
This is now done. When updated anon-ws-disable-stacked-tor package is uploaded we need to carefully check for regressions in connectivity.
It might be that Tor Browser is starting up slower due to this but it may be unrelated.
3 Likes
Upload done just now.
3 Likes