Re: IP datagram size for TLS connection to relay

[Csaba Kiraly <kiraly@xxxxxxxxxxxxx>]

TCP (and thus TLS) in general is a stream protocol. The fact that Tor or someone else writes to it in units of 512 does not guarantee anything about how the stream is segmented into IP packets. It usually gets fragmented the same (or multiples of it), since data is flushed fast, but you can easily get other sizes when your send rate is higher or some if TCP's widows gets clogged.

Csaba

On 12/03/2010 11:37 PM, Xinwen Fu wrote:

This phenomenon was explored: http://www.cs.uml.edu/~xinwenfu/paper/CCS09_Fu.pdf.

Equal-sized cells at the application layer does not mean equal-sized packets at the IP layer.

Xinwen Fu

On Fri, Dec 3, 2010 at 12:18 PM, Nick Mathewson <nickm@xxxxxxxxxxxxx> wrote:

On Fri, Dec 3, 2010 at 6:25 AM, Weidong Shao <weidongshao@xxxxxxxxx> wrote:
> Hi
> I did a packet capture and found that the IP datagram size for TLS between
> my browser and the first relay has different sizes, some of which are 638,
> which corresponds to  the fixed TOR cell size of 512. But I also see sizes
> of 1500, and other values.
> Does it mean that there are IP packets other than the 512-byte tor cell in
> the same TLS connection?

It's just as likely that the packets aren't always getting sent in
multiples of one cell.  The current code puts cells in a buffer as
it's about to send them, and lets the buffers and ratelimiting
backends decide how much to send at a time.