The aim of TorLab is to emulate a private Tor network on one PC, hopefully helping the development of Tor and also the analysis of low-latency anonymous routing architectures.

TorLab is implemented as a Netkit "laboratory". A Netkit laboratory is a directory with a set of configuration files organized into subdirectories, that together define a virtual network. Netkit creates a number of User Mode Linux based virtual machines (one per subdirectory), each having its own special configuration (the files in the directory) and its own startup script (a file in the main directory of the lab).

These virtual machines have their own virtual ethernet interfaces and are connected via virtual ethernet networks according to the network configuration file (lab.conf).

Once the lab is started, each virtual machine opens its own xterm window, and works as an independent PC with its own Debian based system.

This laboratory was created to emulate a whole Tor overlay network, running the real Tor code.

See TorLabInstall for download and install instructions.

Emulation features

The laboratory starts up the following virtual nodes (each node using about 20-30 MB of memory):

  • 2 authoritative directories (ORs and clients as well)
  • 3 ORs (directories and clients as well)
  • 1 client
  • 1 nameserver (otherwise Tor complains)
  • 1 probe (running tcpdump on the whole virtual network)

The following issues are already addressed

  • Tor needs at least two authoritative directory servers to work: 2 authoritative directory servers are created

  • Each Tor node should be able to verify the authenticity of the directories by knowing its unique fingerprint: key pairs and the fingerprint is pre-calculated for each auth dir. The fingerprints are pre-configures in each Tor node.
  • Tor handles private IP addresses specially: use of public IP space in the virtual net

  • Tor servers don't start up without being able to connect to a nameserver: virtual nameserver to give Tor server the name lookup they need
  • Tor servers tend to do name lookups in order to verify this and that: virtual nameserver has real Internet access through TAP to give answers to name queries. It seems that connections are not made based on the IP addresses learned, thus it is enough to give Internet access to the nameserver.
Last modified 11 years ago Last modified on Oct 29, 2007, 11:27:06 AM