We're currently just relying TCP as a reliability layer. This is good enough for Shadow experiments, since Shadow networks only implement packet loss, not corruption, and will mostly work on real networks, but with enough real traffic it could cause issues. It's possible we should add our own checksum. (This could also detect implementation bugs, though unless the bug is moderately likely, it would be difficult to distinguish from corruption on real networks.)
We're currently just relying TCP as a reliability layer. This is good enough for Shadow experiments, since Shadow networks only implement packet loss, not corruption, and will mostly work on real networks, but with enough real traffic it could cause issues. It's possible we should add our own checksum. (This could also detect implementation bugs, though unless the bug is moderately likely, it would be difficult to distinguish from corruption on real networks.)
This was implicitly fixed as part of #25 (TLS) for the client, and as part of Tor for peers. Unless we were trying to protect against cosmic bit flips in server memory or something, there's nothing that wouldn't be caught by the link's cryptographic integrity layer.
This was implicitly fixed as part of #25 (TLS) for the client, and as part of Tor for peers. Unless we were trying to protect against cosmic bit flips in server memory or something, there's nothing that wouldn't be caught by the link's cryptographic integrity layer.
We're currently just relying TCP as a reliability layer. This is good enough for Shadow experiments, since Shadow networks only implement packet loss, not corruption, and will mostly work on real networks, but with enough real traffic it could cause issues. It's possible we should add our own checksum. (This could also detect implementation bugs, though unless the bug is moderately likely, it would be difficult to distinguish from corruption on real networks.)
This was implicitly fixed as part of #25 (TLS) for the client, and as part of Tor for peers. Unless we were trying to protect against cosmic bit flips in server memory or something, there's nothing that wouldn't be caught by the link's cryptographic integrity layer.