From Whonix

< Dev

This page is Obsolete since not needed. See Advanced_Deanonymization_Attacks for explanation.



This package is supposed to implement the mitigation discussed in [archive] using tc netem. Package WIP at [archive]

Packet latency (as observed by an adversary outside Tor) drops significantly when the CPU is stressed as can be observed in ICMP and TCP traffic. This is caused by c-state transitions. Non-solutions: Running a stress process with a high nice-level or disabling c-state because both solutions would heavily impact battery life and CPU temperature.

The chosen solution is to add a random delay per packet to mask the this effect for best results.

Implementation Details[edit]

  • Interface names must be filtered to exclude lo virbr* devices or virtual environments and local daemons will incur a needless penalty.
  • No need to react to "down" events because tc remains running in cases where the NIC goes down then up again. It declares "Error: Exclusivity flag on, cannot modify." in that situation when the command is re-run again.
  • The limit parameter must be raised [archive] from the default of 1000 or else packets get dropped as traffic demand increases. 12500 covers connection speeds of up to 1Gbps.
  • sudo tc qdisc indicates all the default queues setup for interfaces on Linux

Relevant Commands and Testing[edit]

  • Setup a VPN connection in Whonix WS then run ping <foo>.com
  • Simulate CPU load with stress ctrl + c to stop:

sudo apt install stress
stress -c 4

You will notice latency markedly dropping and staying there.

  • Run this command for mitigation. It will mask the latency patterns induced by the stress command:

sudo tc qdisc add dev eth0 root netem limit 12500 slot 75ms 200ms packets 1

sudo apt install hping3
sudo hping3 -S -p 80

sudo tc qdisc

sudo tc -s qdisc ls dev eth0

  • To detach tc from the interface

sudo tc qdisc delete dev eth0 root