aboutsummaryrefslogtreecommitdiff
path: root/src/core/or/relay.h
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2019-05-17 11:03:16 -0400
committerGeorge Kadianakis <desnacked@riseup.net>2019-05-27 14:20:07 +0300
commit0bc1241494a118d5319207a9f4683b993d389e77 (patch)
tree64d010086cf5f330dd1fcceaf9ad39b9364b6a09 /src/core/or/relay.h
parent530d1179ffe54ad0db2678142154fdd20f71cf53 (diff)
downloadtor-0bc1241494a118d5319207a9f4683b993d389e77.tar.gz
tor-0bc1241494a118d5319207a9f4683b993d389e77.zip
Make sure that we send at least some random data in RELAY_DATA cells
Proposal 289 prevents SENDME-flooding by requiring the other side to authenticate the data it has received. But this data won't actually be random if they are downloading a known resource. "No problem", we said, "let's fell the empty parts of our cells with some randomness!" and we did that in #26871. Unfortunately, if the relay data payloads are all completely full, there won't be any empty parts for us to randomize. Therefore, we now pick random "randomness windows" between CIRCWINDOW_INCREMENT/2 and CIRCWINDOW_INCREMENT. We remember whether we have sent a cell containing at least 16 bytes of randomness in that window. If we haven't, then when the window is exhausted, we send one. (This window approach is designed to lower the number of rng checks we have to do. The number 16 is pulled out of a hat to change the attacker's guessing difficulty to "impossible".) Implements 28646.
Diffstat (limited to 'src/core/or/relay.h')
-rw-r--r--src/core/or/relay.h1
1 files changed, 1 insertions, 0 deletions
diff --git a/src/core/or/relay.h b/src/core/or/relay.h
index 97d5d6d0f2..0fc308f7df 100644
--- a/src/core/or/relay.h
+++ b/src/core/or/relay.h
@@ -42,6 +42,7 @@ int connection_edge_package_raw_inbuf(edge_connection_t *conn,
int package_partial,
int *max_cells);
void connection_edge_consider_sending_sendme(edge_connection_t *conn);
+void circuit_reset_sendme_randomness(circuit_t *circ);
extern uint64_t stats_n_data_cells_packaged;
extern uint64_t stats_n_data_bytes_packaged;