IP datagram size for TLS connection to relay

Csaba Kiraly kiraly at disi.unitn.it
Sat Dec 4 06:39:22 UTC 2010

TCP (and thus TLS) in general is a stream protocol. The fact that Tor or someone else writes to it in units of 512 does not guarantee anything about how the stream is segmented into IP packets. It usually gets fragmented the same (or multiples of it), since data is flushed fast, but you can easily get other sizes when your send rate is higher or some if TCP's widows gets clogged.


On 12/03/2010 11:37 PM, Xinwen Fu wrote:
> This phenomenon was explored: http://www.cs.uml.edu/~xinwenfu/paper/CCS09_Fu.pdf <http://www.cs.uml.edu/%7Exinwenfu/paper/CCS09_Fu.pdf>.
> Equal-sized cells at the application layer does not mean equal-sized packets at the IP layer.
> Xinwen Fu
> On Fri, Dec 3, 2010 at 12:18 PM, Nick Mathewson <nickm at freehaven.net <mailto:nickm at freehaven.net>> wrote:
>     On Fri, Dec 3, 2010 at 6:25 AM, Weidong Shao <weidongshao at gmail.com <mailto:weidongshao at gmail.com>> wrote:
>     > Hi
>     > I did a packet capture and found that the IP datagram size for TLS between
>     > my browser and the first relay has different sizes, some of which are 638,
>     > which corresponds to  the fixed TOR cell size of 512. But I also see sizes
>     > of 1500, and other values.
>     > Does it mean that there are IP packets other than the 512-byte tor cell in
>     > the same TLS connection?
>     It's just as likely that the packets aren't always getting sent in
>     multiples of one cell.  The current code puts cells in a buffer as
>     it's about to send them, and lets the buffers and ratelimiting
>     backends decide how much to send at a time.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20101204/4b52b261/attachment.htm>

More information about the tor-dev mailing list