[tor-talk] TOR-Client bug?/wrong package size?
Nick Mathewson
nickm at torproject.org
Wed Jun 29 15:26:06 UTC 2011
On Wed, Jun 29, 2011 at 4:51 AM, <bemoo129 at hushmail.com> wrote:
> Hello,
>
> Does anybody know how TOR deals with TCP-Pakets?
>
> For example, while logging my outgoing traffic via iptables or
> wireshark, i saw a large amount of TLS-encrypted packages - but
> they all had a differend size, sometimes 60bytes, sometimes more
> then 1000.
>
> In the TOR Documentation they explain, TOR will sent no normal tcp-
> packets via a tcp-connection, but "cell" packets - with have a
> fixed size of 512 byte.
Cells are 512 bytes.
Cells are sent over TLS, which adds its own message over head.
Because of the way that Tor's internal buffers work, the TLS
implemantation may decide to send any number (not necessarily integer)
of cells in a TLS record that it wants.
TLS records are sent over TCP. The TLS implementation delivers TLS
records to the kernel's TCP stack using the send() call [or write(),
or writev(), or WSASend(), depending on which network backend it's
using]. The TCP stack is then free to send these TLS records in as
many or as few TCP records as it wants.
So you shouldn't expect to see TCP packets that are an even multiple
of 512 bytes: the TLS and TCP implementations are both free to package
or split byte streams.
hth,
--
Nick
More information about the tor-talk
mailing list