[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] TOR-Client bug?/wrong package size?

On Wed, Jun 29, 2011 at 4:51 AM,  <bemoo129@xxxxxxxxxxxx> wrote:
> Hello,
> Does anybody know how TOR deals with TCP-Pakets?
> For example, while logging my outgoing traffic via iptables or
> wireshark, i saw a large amount of TLS-encrypted packages - but
> they all had a differend size, sometimes 60bytes, sometimes more
> then 1000.
> In the TOR Documentation they explain, TOR will sent no normal tcp-
> packets via a tcp-connection, but "cell" packets - with have a
> fixed size of 512 byte.

Cells are 512 bytes.

Cells are sent over TLS, which adds its own message over head.
Because of the way that Tor's internal buffers work, the TLS
implemantation may decide to send any number (not necessarily integer)
of cells in a TLS record that it wants.

TLS  records are sent over TCP.  The TLS implementation delivers TLS
records to the kernel's TCP stack using the send() call [or write(),
or writev(), or WSASend(), depending on which network backend it's
using].  The TCP stack is then free to send these TLS records in as
many or as few TCP records as it wants.

So you shouldn't expect to see TCP packets that are an even multiple
of 512 bytes: the TLS and TCP implementations are both free to package
or split byte streams.

tor-talk mailing list