On 13 Nov 2017, at 06:56, Roger Dingledine <a...@mit.edu> wrote: >> On Mon, Oct 30, 2017 at 03:57:04PM -0400, David Goulet wrote: >> 2. DESTROY cells handling >> ยท >> Within a circuitmux object, there is a "destroy cell queue" on which a >> DESTROY >> cell is put in for one of the circuit on the cmux. An important thing for tor >> is that when it needs to send a DESTROY, it needs to _stop_ sending any >> queued >> cell on that circuit, dump them and only send the DESTROY cell. > > Careful! I think this might be the opposite of what it needs to do. > > If Tor wants to tear down a circuit, in normal circumstances it ought > to finish flushing the currently queued cells first. If it discards > the queued cells and only sends the destroy cell, then we end up with > missing data.
Sending a DESTROY cell after dropping data still tears down a circuit, but (depending on the sender's position in the circuit) it tears it down with a digest error. Which is probably not what we want. That said, there may be no way to tell if the application-level data is complete or not, so an error teardown may be appropriate. T _______________________________________________ tor-dev mailing list tor-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-dev
