aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--padding-spec.txt85
-rw-r--r--proposals/000-index.txt4
-rw-r--r--proposals/339-udp-over-tor.md13
-rw-r--r--proposals/BY_INDEX.md2
-rw-r--r--proposals/README.md2
-rw-r--r--tor-spec.txt10
6 files changed, 73 insertions, 43 deletions
diff --git a/padding-spec.txt b/padding-spec.txt
index 825f1d7..ea16d8b 100644
--- a/padding-spec.txt
+++ b/padding-spec.txt
@@ -143,6 +143,12 @@ Table of Contents
user traffic in that time period is multiplexed over a single connection
(as it is with Tor).
+ Though flow measurement in principle can be bidirectional (counting cells
+ sent in both directions between a pair of IPs) or unidirectional (counting
+ only cells sent from one IP to another), we assume for safety that all
+ measurement is unidirectional, and so traffic must be sent by both parties
+ in order to prevent record splitting.
+
2.2. Implementation
Tor clients currently maintain one TLS connection to their Guard node to
@@ -154,35 +160,41 @@ Table of Contents
connections, and pad them, but otherwise not pad between normal relays.
Both clients and Guards will maintain a timer for all application (ie:
- non-directory) TLS connections. Every time a non-padding packet is sent or
- received by either end, that endpoint will sample a timeout value from
- between 1.5 seconds and 9.5 seconds using the max(X,X) distribution
- described in Section 2.3. The time range is subject to consensus
+ non-directory) TLS connections. Every time a padding packet sent by an
+ endpoint, that endpoint will sample a timeout value from
+ the max(X,X) distribution described in Section 2.3. The default
+ range is from 1.5 seconds to 9.5 seconds time range, subject to consensus
parameters as specified in Section 2.6.
- If the connection becomes active for any reason before this timer
- expires, the timer is reset to a new random value between 1.5 and 9.5
- seconds. If the connection remains inactive until the timer expires, a
- single CELL_PADDING cell will be sent on that connection.
+ (The timing is randomized to avoid making it obvious which cells are
+ padding.)
- In this way, the connection will only be padded in the event that it is
- idle, and will always transmit a packet before the minimum 10 second inactive
- timeout.
+ If another cell is sent for any reason before this timer expires, the timer
+ is reset to a new random value.
-2.3. Padding Cell Timeout Distribution Statistics
+ If the connection remains inactive until the timer expires, a
+ single CELL_PADDING cell will be sent on that connection (which will
+ also start a new timer).
+
+ In this way, the connection will only be padded in a given direction in
+ the event that it is idle in that direction, and will always transmit a
+ packet before the minimum 10 second inactive timeout.
- It turns out that because the padding is bidirectional, and because both
- endpoints are maintaining timers, this creates the situation where the time
- before sending a padding packet in either direction is actually
- min(client_timeout, server_timeout).
+ (In practice, an implementation may not be able to determine when,
+ exactly, a cell is sent on a given channel. For example, even though the
+ cell has been given to the kernel via a call to `send(2)`, the kernel may
+ still be buffering that cell. In cases such as these, implementations
+ should use a reasonable proxy for the time at which a cell is sent: for
+ example, when the cell is queued. If this strategy is used,
+ implementations should try to observe the innermost (closest to the wire)
+ queue that the practically can, and if this queue is already nonempty,
+ padding should not be scheduled until after the queue does become empty.)
- If client_timeout and server_timeout are uniformly sampled, then the
- distribution of min(client_timeout,server_timeout) is no longer uniform, and
- the resulting average timeout (Exp[min(X,X)]) is much lower than the
- midpoint of the timeout range.
+2.3. Padding Cell Timeout Distribution Statistics
- To compensate for this, instead of sampling each endpoint timeout uniformly,
- we instead sample it from max(X,X), where X is uniformly distributed.
+ To limit the amount of padding sent, instead of sampling each endpoint
+ timeout uniformly, we instead sample it from max(X,X), where X is
+ uniformly distributed.
If X is a random variable uniform from 0..R-1 (where R=high-low), then the
random variable Y = max(X,X) has Prob(Y == i) = (2.0*i + 1)/(R*R).
@@ -206,9 +218,6 @@ Table of Contents
15000 7499.5 7995 4999.5 9999.5
20000 9900.5 10661 6666.2 13332.8
- In this way, we maintain the property that the midpoint of the timeout range
- is the expected mean time before a padding packet is sent in either
- direction.
2.4. Maximum overhead bounds
@@ -253,6 +262,13 @@ Table of Contents
CELL_PADDING_NEGOTIATE to instruct the relay not to pad, and then does not
send any further padding itself.
+ Currently, clients negotiate padding only when a channel is created,
+ immediately after sending their NETINFO cell. Recipients SHOULD, however,
+ accept padding negotiation messages at any time.
+
+ Clients and bridges MUST reject padding negotiation messages from relays,
+ and close the channel if they receive one.
+
2.6. Consensus Parameters Governing Behavior
Connection-level padding is controlled by the following consensus parameters:
@@ -277,11 +293,22 @@ Table of Contents
- Default: 14000
* nf_conntimeout_clients
- - The number of seconds to keep circuits opened and available for
- clients to use. Note that the actual client timeout is randomized
- uniformly from this value to twice this value. This governs client
- OR conn lifespan. Reduced padding clients use half the consensus
+ - The number of seconds to keep never-used circuits opened and
+ available for clients to use. Note that the actual client timeout is
+ randomized uniformly from this value to twice this value.
+ - The number of seconds to keep idle (not currently used) canonical
+ channels are open and available. (We do this to ensure a sufficient
+ time duration of padding, which is the ultimate goal.)
+ - This value is also used to determine how long, after a port has been
+ used, we should attempt to keep building predicted circuits for that
+ port. (See path-spec.txt section 2.1.1.) This behavior was
+ originally added to work around implementation limitations, but it
+ serves as a reasonable default regardless of implementation.
+ - For all use cases, reduced padding clients use half the consensus
value.
+ - Implementations MAY mark circuits held open past the reduced padding
+ quantity (half the consensus value) as "not to be used for streams",
+ to prevent their use from becoming a distinguisher.
- Default: 1800
* nf_pad_before_usage
diff --git a/proposals/000-index.txt b/proposals/000-index.txt
index bdb5203..c2cc6a9 100644
--- a/proposals/000-index.txt
+++ b/proposals/000-index.txt
@@ -259,7 +259,7 @@ Proposals by number:
336 Randomized schedule for guard retries [ACCEPTED]
337 A simpler way to decide, "Is this guard usable?" [ACCEPTED]
338 Use an 8-byte timestamp in NETINFO cells [ACCEPTED]
-339 UDP traffic over Tor [DRAFT]
+339 UDP traffic over Tor [ACCEPTED]
Proposals by status:
@@ -270,7 +270,6 @@ Proposals by status:
327 A First Take at PoW Over Introduction Circuits
329 Overcoming Tor's Bottlenecks with Traffic Splitting
331 Res tokens: Anonymous Credentials for Onion Service DoS Resilience
- 339 UDP traffic over Tor
NEEDS-REVISION:
212 Increase Acceptable Consensus Age [for 0.2.4.x+]
219 Support for full DNS and DNSSEC resolution in Tor [for 0.2.5.x]
@@ -312,6 +311,7 @@ Proposals by status:
336 Randomized schedule for guard retries
337 A simpler way to decide, "Is this guard usable?"
338 Use an 8-byte timestamp in NETINFO cells
+ 339 UDP traffic over Tor
META:
000 Index of Tor Proposals
001 The Tor Proposal Process
diff --git a/proposals/339-udp-over-tor.md b/proposals/339-udp-over-tor.md
index 2dbe3b5..3c1a1d4 100644
--- a/proposals/339-udp-over-tor.md
+++ b/proposals/339-udp-over-tor.md
@@ -3,7 +3,7 @@ Filename: 339-udp-over-tor.md
Title: UDP traffic over Tor
Author: Nick Mathewson
Created: 11 May 2020
-Status: Draft
+Status: Accepted
```
# Introduction
@@ -198,12 +198,6 @@ format.
```
struct udp_connected_body {
- /* 5 bytes to distinguish from other CONNECTED_UDP cells. This is not
- * strictly necessary, since we can distinguish by context, but
- * it's nice to have a way to tell them apart at the parsing stage.
- */
- u32 zero IN [0];
- u8 ff IN [0xFF];
/* The address that the relay has bound locally. This might not
* be an address that is advertised in the relay's descriptor. */
struct address our_address;
@@ -216,7 +210,7 @@ struct udp_connected_body {
}
/* Note that this is a subset of the allowable address parts of a CONNECT_UDP
- message */
+ * message */
struct address {
u8 tag IN [T_IPV4, T_IPV6];
u8 len;
@@ -233,8 +227,7 @@ struct address {
```
struct datagram_body {
/* The datagram body is the entire body of the message.
- This length is in the relay message header.
- */
+ * This length is in the relay message header. */
u8 body[..];
}
```
diff --git a/proposals/BY_INDEX.md b/proposals/BY_INDEX.md
index 0e9aa1d..f55bc61 100644
--- a/proposals/BY_INDEX.md
+++ b/proposals/BY_INDEX.md
@@ -256,5 +256,5 @@ Below are a list of proposals sorted by their proposal number. See
* [`336-randomize-guard-retries.md`](/proposals/336-randomize-guard-retries.md): Randomized schedule for guard retries [ACCEPTED]
* [`337-simpler-guard-usability.md`](/proposals/337-simpler-guard-usability.md): A simpler way to decide, "Is this guard usable?" [ACCEPTED]
* [`338-netinfo-y2038.md`](/proposals/338-netinfo-y2038.md): Use an 8-byte timestamp in NETINFO cells [ACCEPTED]
-* [`339-udp-over-tor.md`](/proposals/339-udp-over-tor.md): UDP traffic over Tor [DRAFT]
+* [`339-udp-over-tor.md`](/proposals/339-udp-over-tor.md): UDP traffic over Tor [ACCEPTED]
diff --git a/proposals/README.md b/proposals/README.md
index 643cf53..b49573b 100644
--- a/proposals/README.md
+++ b/proposals/README.md
@@ -58,6 +58,7 @@ implementation.
* [`336-randomize-guard-retries.md`](/proposals/336-randomize-guard-retries.md): Randomized schedule for guard retries
* [`337-simpler-guard-usability.md`](/proposals/337-simpler-guard-usability.md): A simpler way to decide, "Is this guard usable?"
* [`338-netinfo-y2038.md`](/proposals/338-netinfo-y2038.md): Use an 8-byte timestamp in NETINFO cells
+* [`339-udp-over-tor.md`](/proposals/339-udp-over-tor.md): UDP traffic over Tor
## FINISHED proposals: implemented, specs not merged
@@ -106,7 +107,6 @@ discussion.
* [`327-pow-over-intro.txt`](/proposals/327-pow-over-intro.txt): A First Take at PoW Over Introduction Circuits
* [`329-traffic-splitting.txt`](/proposals/329-traffic-splitting.txt): Overcoming Tor's Bottlenecks with Traffic Splitting
* [`331-res-tokens-for-anti-dos.md`](/proposals/331-res-tokens-for-anti-dos.md): Res tokens: Anonymous Credentials for Onion Service DoS Resilience
-* [`339-udp-over-tor.md`](/proposals/339-udp-over-tor.md): UDP traffic over Tor
## NEEDS-REVISION proposals: ideas that we can't implement as-is
diff --git a/tor-spec.txt b/tor-spec.txt
index 49516f4..234d209 100644
--- a/tor-spec.txt
+++ b/tor-spec.txt
@@ -1684,6 +1684,8 @@ see tor-design.pdf.
14 -- RELAY_EXTEND2 [forward] [control]
15 -- RELAY_EXTENDED2 [backward] [control]
+ 16..18 -- Reserved for UDP; Not yet in use, see prop339.
+
32..40 -- Used for hidden services; see rend-spec-{v2,v3}.txt.
41..42 -- Used for circuit padding; see Section 3 of padding-spec.txt.
@@ -2435,3 +2437,11 @@ see tor-design.pdf.
"2" -- supports congestion control by the Exits which implies a new SENDME
format and algorithm. See proposal 324 for more details. Advertised
in tor 0.4.7.3-alpha.
+
+9.13. "Datagram"
+
+ Describes the UDP protocol capabilities of a relay.
+
+ "1" -- [RESERVED] supports UDP by an Exit as in the relay command
+ CONNECT_UDP, CONNECTED_UDP and DATAGRAM. See proposal
+ 339 for more details. (Not yet advertised, reserved)
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion