Tor on Debian, self compiled for better Performance

According to the [url=https://www.torproject.org/faq.html.en#RelayMemory]TorProject FAQ[/url], a Tor relay will use less memory if compiled with openBSD-malloc and the latest openSSL. This helps if you’re resources are limited, or if you run a high bandwidth node. Here’s how you can do that on a Debian system.


There’s also a nice list of additional information compiled for Tor relay operators on the mailing list: [url=http://archives.seul.org/or/relays/May-2010/msg00001.html]Tips for running a Tor relay[/url].

OpenBSD-Malloc CPU and memory tradeoff

According to the Torproject FAQ, there is a tradeoff between memory and CPU consumption: OpenBSD’s malloc implementation is lighter on memory, but uses more CPU. OpenSSL 1.0.0 saves memory without affecting CPU consumption. We can confirm this, so choose accordingly.

OpenSSL 1.0.0

As the default location for OpenSSL on Debian is /usr/bin , and the default configuration for the sources point to /usr/local/ssl/bin , there will be no conflicts between the packaged version and our manually compiled version – you can safely have both installed. You probably don’t even have to install openSSL at all, just point the Tor build rules to it, but I’ve installed it nevertheless:

wget http://www.openssl.org/source/openssl-1.0.0.tar.gz
tar xfz openssl-1.0.0.tar.gz
cd openssl-*
./config shared
make
make test
make install

(you should check openssl.org for later releases; 1.0.0 is current at the moment of writing)

Tor

Add Tor sources to apt (replace DIST with your current distribution, eg. lenny):

deb-src http://deb.torproject.org/torproject.org DIST main
deb-src http://deb.torproject.org/torproject.org DIST main
deb-src http://deb.torproject.org/torproject.org experimental-DIST main

Install required packages for building Tor and an own package:

apt-get install build-essential fakeroot devscripts
apt-get build-dep tor

Download current Tor sources to ~/debian-packages:

mkdir ~/debian-packages; cd ~/debian-packages
apt-get source tor
cd tor-*

Edit configuration for openBSD-malloc and openSSL: Edit debian/rules, find the following section:

config.status: configure
dh_testdir
./configure \
$(confflags) \
--prefix=/usr \
--mandir=\$${prefix}/share/man \
--infodir=\$${prefix}/share/info \
--localstatedir=/var \
--sysconfdir=/etc

Change to (inserted lines in bold):

config.status: configure
dh_testdir
./configure \
$(confflags) \
--enable-openbsd-malloc \
--enable-static-openssl \
--with-openssl-dir=/usr/local/ssl \
--prefix=/usr \
--mandir=\$${prefix}/share/man \
--infodir=\$${prefix}/share/info \
--localstatedir=/var \
--sysconfdir=/etc

Now, compile and build your own package and install it:

debuild -rfakeroot -uc -us
cd ..
sudo dpkg -i tor_*.deb

(mostly taken from [url=https://www.torproject.org/docs/debian.html.en]here[/url]; thanks)

For 64 bit Debian

For 64bit, I was required to compile OpenSSL using “./config shared -fPIC”. The default location for the libraries then is /usr/local/ssl/lib64.

Libevent2

Tor still uses Libevent 1.x. According to benchmarks, libevent2 is far better. I haven’t tested to compile Tor using libevent2, but if you still run into bottlenecks, you might want to try. Let us know of the results! [url=http://monkey.org/~provos/libevent/]http://monkey.org/~provos/libevent/[/url]

1 Response

  1. Libertas says:

    Be aware that for security-critical programs like Tor, it’s better to focus on building for security and stability rather than speed. Tor is generally pretty resource-light and the build usually shouldn’t need to be altered.

    That said, Libevent 2 is supposed to be far faster than Libevent 1, so using a stable version of Libevent 2 when you have the choice is probably a good idea. It’s also probably the largest optimization you can make by far.

Leave a Reply

Your email address will not be published. Required fields are marked *