mirrors/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2025-02-27 07:59:35 +01:00
Code Issues Projects Releases Wiki Activity
tor/src/trunnel
History
Mike Perry b0e92634d8 Netflow record collapsing defense. 
This defense will cause Cisco, Juniper, Fortinet, and other routers operating
in the default configuration to collapse netflow records that would normally
be split due to the 15 second flow idle timeout.

Collapsing these records should greatly reduce the utility of default netflow
data for correlation attacks, since all client-side records should become 30
minute chunks of total bytes sent/received, rather than creating multiple
separate records for every webpage load/ssh command interaction/XMPP chat/whatever
else happens to be inactive for more than 15 seconds.

The defense adds consensus parameters to govern the range of timeout values
for sending padding packets, as well as for keeping connections open.

The defense only sends padding when connections are otherwise inactive, and it
does not pad connections used solely for directory traffic at all. By default
it also doesn't pad inter-relay connections.

Statistics on the total padding in the last 24 hours are exported to the
extra-info descriptors.
2017-05-08 13:49:21 -04:00
..
hs trunnel: Move ESTABLISH_INTRO cell sig_len after the end_sig_fields 2016-12-16 12:21:07 -05:00
channelpadding_negotiation.c Netflow record collapsing defense. 2017-05-08 13:49:21 -04:00
channelpadding_negotiation.h Netflow record collapsing defense. 2017-05-08 13:49:21 -04:00
channelpadding_negotiation.trunnel Netflow record collapsing defense. 2017-05-08 13:49:21 -04:00
ed25519_cert.c Update to trunnel 1.5.1 2016-12-08 16:59:25 -05:00
ed25519_cert.h Update to trunnel 1.5.1 2016-12-08 16:59:25 -05:00
ed25519_cert.trunnel Trunnel-side: start migrating extend/extend2 to trunnel 2016-11-10 09:43:27 -05:00
include.am Netflow record collapsing defense. 2017-05-08 13:49:21 -04:00
link_handshake.c Update to trunnel 1.5.1 2016-12-08 16:59:25 -05:00
link_handshake.h Update to trunnel 1.5.1 2016-12-08 16:59:25 -05:00
link_handshake.trunnel Add trunnel-generated items for link handshake code. 2015-05-28 10:41:49 -04:00
pwbox.c Update to trunnel 1.5.1 2016-12-08 16:59:25 -05:00
pwbox.h Update to trunnel 1.5.1 2016-12-08 16:59:25 -05:00
pwbox.trunnel Use trunnel for crypto_pwbox encoding/decoding. 2014-09-25 11:58:14 -04:00
README Mention trunnel in CodingStandards; describe how in trunnel/README 2015-10-14 10:40:27 -04:00
trunnel-local.h Use trunnel for crypto_pwbox encoding/decoding. 2014-09-25 11:58:14 -04:00

README 

This directory contains code for use with, and code made by, the
automatic code generation tool "Trunnel".

Trunnel generates binary parsers and formatters for simple data
structures. It aims for human-readable, obviously-correct outputs over
maximum efficiency or flexibility.

The .trunnel files are the inputs here; the .c and .h files are the outputs.

To add a new structure:
   - Add a new .trunnel file or expand an existing one to describe the format
     of the structure.
   - Regenerate the .c and .h files.  To do this, you run
     "scripts/codegen/run_trunnel.sh".  You'll need trunnel installed.
   - Add the .trunnel, .c, and .h files to include.am

For the Trunnel source code, and more documentation about using Trunnel,
see https://gitweb.torproject.org/trunnel.git , especially
    https://gitweb.torproject.org/trunnel.git/tree/README
and https://gitweb.torproject.org/trunnel.git/tree/doc/trunnel.md