On Wed, Jun 29, 2011 at 4:51 AM, <bemoo...@hushmail.com> wrote: > Hello, > > Does anybody know how TOR deals with TCP-Pakets? > > For example, while logging my outgoing traffic via iptables or > wireshark, i saw a large amount of TLS-encrypted packages - but > they all had a differend size, sometimes 60bytes, sometimes more > then 1000. > > In the TOR Documentation they explain, TOR will sent no normal tcp- > packets via a tcp-connection, but "cell" packets - with have a > fixed size of 512 byte.
Cells are 512 bytes. Cells are sent over TLS, which adds its own message over head. Because of the way that Tor's internal buffers work, the TLS implemantation may decide to send any number (not necessarily integer) of cells in a TLS record that it wants. TLS records are sent over TCP. The TLS implementation delivers TLS records to the kernel's TCP stack using the send() call [or write(), or writev(), or WSASend(), depending on which network backend it's using]. The TCP stack is then free to send these TLS records in as many or as few TCP records as it wants. So you shouldn't expect to see TCP packets that are an even multiple of 512 bytes: the TLS and TCP implementations are both free to package or split byte streams. hth, -- Nick _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
