From Whonix
< Dev
Jump to navigation Jump to search

This page is Obsolete since not needed. See Advanced_Deanonymization_Attacks for explanation.

Info This page is archived.



This package is supposed to implement the mitigation discussed in using tc netem. Package WIP at

Packet latency (as observed by an adversary outside Tor) drops significantly when the CPU is stressed as can be observed in ICMP and TCP traffic. This is caused by c-state transitions. Non-solutions: Running a stress process with a high nice-level or disabling c-state because both solutions would heavily impact battery life and CPU temperature.

The chosen solution is to add a random delay per packet to mask the this effect for best results.

Implementation Details[edit]

  • Interface names must be filtered to exclude lo virbr* devices or virtual environments and local daemons will incur a needless penalty.
  • No need to react to "down" events because tc remains running in cases where the NIC goes down then up again. It declares "Error: Exclusivity flag on, cannot modify." in that situation when the command is re-run again.
  • The limit parameter must be from the default of 1000 or else packets get dropped as traffic demand increases. 12500 covers connection speeds of up to 1Gbps.
  • sudo tc qdisc indicates all the default queues setup for interfaces on Linux

Relevant Commands and Testing[edit]

  • Setup a VPN connection in Whonix WS then run ping <foo>.com
  • Simulate CPU load with stress ctrl + c to stop:

sudo apt install stress stress -c 4 You will notice latency markedly dropping and staying there.

  • Run this command for mitigation. It will mask the latency patterns induced by the stress command:

sudo tc qdisc add dev eth0 root netem limit 12500 slot 75ms 200ms packets 1

sudo apt install hping3 sudo hping3 -S -p 80

sudo tc qdisc sudo tc -s qdisc ls dev eth0

  • To detach tc from the interface

sudo tc qdisc delete dev eth0 root