TCP (and thus TLS) in general is a stream protocol. The fact that Tor or someone else writes to it in units of 512 does not guarantee anything about how the stream is segmented into IP packets. It usually gets fragmented the same (or multiples of it), since data is flushed fast, but you can easily get other sizes when your send rate is higher or some if TCP's widows gets clogged.
Csaba On 12/03/2010 11:37 PM, Xinwen Fu wrote:
This phenomenon was explored: http://www.cs.uml.edu/~xinwenfu/paper/CCS09_Fu.pdf <http://www.cs.uml.edu/%7Exinwenfu/paper/CCS09_Fu.pdf>. Equal-sized cells at the application layer does not mean equal-sized packets at the IP layer. Xinwen Fu On Fri, Dec 3, 2010 at 12:18 PM, Nick Mathewson <ni...@freehaven.net <mailto:ni...@freehaven.net>> wrote: On Fri, Dec 3, 2010 at 6:25 AM, Weidong Shao <weidongs...@gmail.com <mailto:weidongs...@gmail.com>> wrote: > Hi > I did a packet capture and found that the IP datagram size for TLS between > my browser and the first relay has different sizes, some of which are 638, > which corresponds to the fixed TOR cell size of 512. But I also see sizes > of 1500, and other values. > Does it mean that there are IP packets other than the 512-byte tor cell in > the same TLS connection? It's just as likely that the packets aren't always getting sent in multiples of one cell. The current code puts cells in a buffer as it's about to send them, and lets the buffers and ratelimiting backends decide how much to send at a time.
