Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 8e242d9b87
Branches Tags
tor
/
doc
/
HACKING

HACKING 5.3 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113 
  1. 

  2. 0. Intro.
    3. 

  3. Onion Routing is still very much in development stages. This document
    4. 

  4. aims to get you started in the right direction if you want to understand
    5. 

  5. the code, add features, fix bugs, etc.
    6. 

  6. 

  7. Read the README file first, so you can get familiar with the basics.
    8. 

  8. 

  9. 1. The programs.
    10. 

  10. 

  11. 1.1. "or". This is the main program here. It functions as either a server
    12. 

  12. or a client, depending on which config file you give it.
    13. 

  13. 

  14. 1.2. "orkeygen". Use "orkeygen file-for-privkey file-for-pubkey" to
    15. 

  15. generate key files for an onion router.
    16. 

  16. 

  17. 2. The pieces.
    18. 

  18. 

  19. 2.1. Routers. Onion routers, as far as the 'or' program is concerned,
    20. 

  20. are a bunch of data items that are loaded into the router_array when
    21. 

  21. the program starts. Periodically it downloads a new set of routers
    22. 

  22. from a directory server, and updates the router_array. When a new OR
    23. 

  23. connection is started (see below), the relevant information is copied
    24. 

  24. from the router struct to the connection struct.
    25. 

  25. 

  26. 2.2. Connections. A connection is a long-standing tcp socket between
    27. 

  27. nodes. A connection is named based on what it's connected to -- an "OR
    28. 

  28. connection" has an onion router on the other end, an "OP connection" has
    29. 

  29. an onion proxy on the other end, an "exit connection" has a website or
    30. 

  30. other server on the other end, and an "AP connection" has an application
    31. 

  31. proxy (and thus a user) on the other end.
    32. 

  32. 

  33. 2.3. Circuits. A circuit is a path over the onion routing
    34. 

  34. network. Applications can connect to one end of the circuit, and can
    35. 

  35. create exit connections at the other end of the circuit. AP and exit
    36. 

  36. connections have only one circuit associated with them (and thus these
    37. 

  37. connection types are closed when the circuit is closed), whereas OP and
    38. 

  38. OR connections multiplex many circuits at once, and stay standing even
    39. 

  39. when there are no circuits running over them.
    40. 

  40. 

  41. 2.4. Topics. Topics are specific conversations between an AP and an exit.
    42. 

  42. Topics are multiplexed over circuits.
    43. 

  43. 

  44. 2.4. Cells. Some connections, specifically OR and OP connections, speak
    45. 

  45. "cells". This means that data over that connection is bundled into 256
    46. 

  46. byte packets (8 bytes of header and 248 bytes of payload). Each cell has
    47. 

  47. a type, or "command", which indicates what it's for.
    48. 

  48. 

  49. 

  50. 3. Important parameters in the code.
    51. 

  51. 

  52. 

  53. 

  54. 4. Robustness features.
    55. 

  55. 

  56. 4.1. Bandwidth throttling. Each cell-speaking connection has a maximum
    57. 

  57. bandwidth it can use, as specified in the routers.or file. Bandwidth
    58. 

  58. throttling can occur on both the sender side and the receiving side. If
    59. 

  59. the LinkPadding option is on, the sending side sends cells at regularly
    60. 

  60. spaced intervals (e.g., a connection with a bandwidth of 25600B/s would
    61. 

  61. queue a cell every 10ms). The receiving side protects against misbehaving
    62. 

  62. servers that send cells more frequently, by using a simple token bucket:
    63. 

  63. 

  64. Each connection has a token bucket with a specified capacity. Tokens are
    65. 

  65. added to the bucket each second (when the bucket is full, new tokens
    66. 

  66. are discarded.) Each token represents permission to receive one byte
    67. 

  67. from the network --- to receive a byte, the connection must remove a
    68. 

  68. token from the bucket. Thus if the bucket is empty, that connection must
    69. 

  69. wait until more tokens arrive. The number of tokens we add enforces a
    70. 

  70. longterm average rate of incoming bytes, yet we still permit short-term
    71. 

  71. bursts above the allowed bandwidth. Currently bucket sizes are set to
    72. 

  72. ten seconds worth of traffic.
    73. 

  73. 

  74. The bandwidth throttling uses TCP to push back when we stop reading.
    75. 

  75. We extend it with token buckets to allow more flexibility for traffic
    76. 

  76. bursts.
    77. 

  77. 

  78. 4.2. Data congestion control. Even with the above bandwidth throttling,
    79. 

  79. we still need to worry about congestion, either accidental or intentional.
    80. 

  80. If a lot of people make circuits into same node, and they all come out
    81. 

  81. through the same connection, then that connection may become saturated
    82. 

  82. (be unable to send out data cells as quickly as it wants to). An adversary
    83. 

  83. can make a 'put' request through the onion routing network to a webserver
    84. 

  84. he owns, and then refuse to read any of the bytes at the webserver end
    85. 

  85. of the circuit. These bottlenecks can propagate back through the entire
    86. 

  86. network, mucking up everything.
    87. 

  87. 

  88. (See the tor-spec.txt document for details of how congestion control
    89. 

  89. works.)
    90. 

  90. 

  91. In practice, all the nodes in the circuit maintain a receive window
    92. 

  92. close to maximum except the exit node, which stays around 0, periodically
    93. 

  93. receiving a sendme and reading more data cells from the webserver.
    94. 

  94. In this way we can use pretty much all of the available bandwidth for
    95. 

  95. data, but gracefully back off when faced with multiple circuits (a new
    96. 

  96. sendme arrives only after some cells have traversed the entire network),
    97. 

  97. stalled network connections, or attacks.
    98. 

  98. 

  99. We don't need to reimplement full tcp windows, with sequence numbers,
    100. 

  100. the ability to drop cells when we're full etc, because the tcp streams
    101. 

  101. already guarantee in-order delivery of each cell. Rather than trying
    102. 

  102. to build some sort of tcp-on-tcp scheme, we implement this minimal data
    103. 

  103. congestion control; so far it's enough.
    104. 

  104. 

  105. 4.3. Router twins. In many cases when we ask for a router with a given
    106. 

  106. address and port, we really mean a router who knows a given key. Router
    107. 

  107. twins are two or more routers that share the same private key. We thus
    108. 

  108. give routers extra flexibility in choosing the next hop in the circuit: if
    109. 

  109. some of the twins are down or slow, it can choose the more available ones.
    110. 

  110. 

  111. Currently the code tries for the primary router first, and if it's down,
    112. 

  112. chooses the first available twin.
    113. 

  113.