3

Relay setting in Vidalia has two options for relaying: "for the Tor network" and "inside the Tor network". The options enable relaying either just inside the Tor network or additionally out of the Tor network (exit).

How does the Tor relay recognize if the incoming/outgoing packets are going to leave the Tor network (exit)? Do non-exit packets have a special form different from the exit packets?

pabouk - Ukraine stay strong
  • 1,851
  • 1
  • 16
  • 44
roby
  • 31
  • 2

3 Answers3

2

The routing used in the Tor network is called onion routing because the mechanism for maintaining anonymity in it is based on multiple layers of encryption which resemble layers of an onion.

Inside the Tor client it is hard-coded that the traffic will pass through three relays: entry node, middle node and exit node. There are multiple layers of encryption because the relays are allowed to know only the preceding node, and the following node so that the anonymity from end to end is maintained.

How is the communication routed?

Simplified description:

  1. The Tor client selects the routing path consisting of three relays, and encrypts each packet with three nested layers of encryption (one layer for each of the three relays).
  2. The client sends the three times encrypted packet to the entry node which removes the first layer.
  3. The twice encrypted packet continues to the next node which removes the second layer.
  4. Then the packet with the last layer of encryption continues to the exit node which removes the last layer of encryption. Inside of the packet the exit node checks a field indicating that it was the last layer and the clear-text content should be sent to the Internet.
  5. If the destination conforms the exit policy of the relay the clear-text packet leaves the exit node and is normally delivered in the Internet.

Briefly said: The Tor client decides which node will be the exit relay. The exit relay recognizes its role for a packet after decrypting the last layer of encryption. It checks ID of the Tor stream and a field which indicates that the last layer of encryption was removed. The exit relay must be configured as an exit relay by its policy.

Aaron Miller
  • 198
  • 1
  • 3
pabouk - Ukraine stay strong
  • 1,851
  • 1
  • 16
  • 44
2

Here's a somewhat simplified description: When a relay receives an incoming packet, it first decrypts the outmost encryption layer of that packet to see what it's supposed to do with the packet. It finds a command, which can be, among other things, a) "send this still-encrypted packet along the circuit to the next relay" or b) "send this possibly-plain-text request to the following server". In case a the relay checks that the stated circuit exists and relays the packet. In case b the relay checks whether its own exit policy permits exiting to the server and then sends the request out to the server.

If you want to know all the details of the tor protocol, you might like the specification document: https://gitweb.torproject.org/torspec.git/blob/HEAD:/tor-spec.txt

karsten
  • 1,419
  • 1
  • 10
  • 16
0

Messages are encrypted with the exit, second then lastly the first relay's public key, when the first layer of the "onion skin" is decrypted, it reveals instruction for forwarding to the next relay.

dsfdfsfs In addition to that, there is such server called directory server, which is a compilation of guard, midpoint and exit relays.

php_coder_3809625
  • 354
  • 2
  • 6