diff options
| author | Mike Perry <mikeperry-git@torproject.org> | 2016-09-06 11:35:53 -0700 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2017-05-08 13:49:21 -0400 |
| commit | b0e92634d85a3bf7612a6ce0339b96e4aad1e0bb (patch) | |
| tree | 43a2d03fb5c35e203b5d284882c05c1d273dd887 /src/or/channelpadding.h | |
| parent | 515e1f663ad4a5f1023ef2d2bbcb2de0152d0a47 (diff) | |
| download | tor-b0e92634d85a3bf7612a6ce0339b96e4aad1e0bb.tar.gz tor-b0e92634d85a3bf7612a6ce0339b96e4aad1e0bb.zip | |
Netflow record collapsing defense.
This defense will cause Cisco, Juniper, Fortinet, and other routers operating
in the default configuration to collapse netflow records that would normally
be split due to the 15 second flow idle timeout.
Collapsing these records should greatly reduce the utility of default netflow
data for correlation attacks, since all client-side records should become 30
minute chunks of total bytes sent/received, rather than creating multiple
separate records for every webpage load/ssh command interaction/XMPP chat/whatever
else happens to be inactive for more than 15 seconds.
The defense adds consensus parameters to govern the range of timeout values
for sending padding packets, as well as for keeping connections open.
The defense only sends padding when connections are otherwise inactive, and it
does not pad connections used solely for directory traffic at all. By default
it also doesn't pad inter-relay connections.
Statistics on the total padding in the last 24 hours are exported to the
extra-info descriptors.
Diffstat (limited to 'src/or/channelpadding.h')
| -rw-r--r-- | src/or/channelpadding.h | 38 |
1 files changed, 38 insertions, 0 deletions
diff --git a/src/or/channelpadding.h b/src/or/channelpadding.h new file mode 100644 index 0000000000..07af7a6b46 --- /dev/null +++ b/src/or/channelpadding.h @@ -0,0 +1,38 @@ +/* Copyright (c) 2001 Matej Pfajfar. + * Copyright (c) 2001-2004, Roger Dingledine. + * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson. + * Copyright (c) 2007-2015, The Tor Project, Inc. */ +/* See LICENSE for licensing information */ + +/** + * \file circuitbuild.h + * \brief Header file for circuitbuild.c. + **/ +#ifndef TOR_CHANNELPADDING_H +#define TOR_CHANNELPADDING_H + +#include "channelpadding_negotiation.h" + +typedef enum { + CHANNELPADDING_WONTPAD, + CHANNELPADDING_PADLATER, + CHANNELPADDING_PADDING_SCHEDULED, + CHANNELPADDING_PADDING_ALREADY_SCHEDULED, + CHANNELPADDING_PADDING_SENT, +} channelpadding_decision_t; + +channelpadding_decision_t channelpadding_decide_to_pad_channel(channel_t + *chan); +int channelpadding_update_padding_for_channel(channel_t *, + const channelpadding_negotiate_t *); + +void channelpadding_disable_padding_on_channel(channel_t *chan); +void channelpadding_reduce_padding_on_channel(channel_t *chan); +int channelpadding_send_enable_command(channel_t *chan, uint16_t low_timeout, + uint16_t high_timeout); + +int channelpadding_get_circuits_available_timeout(void); +unsigned int channelpadding_get_channel_idle_timeout(const channel_t *, int); + +#endif + |