On 13 Nov 2017, at 06:56, Roger Dingledine arma@mit.edu wrote:
On Mon, Oct 30, 2017 at 03:57:04PM -0400, David Goulet wrote: 2. DESTROY cells handling ยท Within a circuitmux object, there is a "destroy cell queue" on which a DESTROY cell is put in for one of the circuit on the cmux. An important thing for tor is that when it needs to send a DESTROY, it needs to _stop_ sending any queued cell on that circuit, dump them and only send the DESTROY cell.
Careful! I think this might be the opposite of what it needs to do.
If Tor wants to tear down a circuit, in normal circumstances it ought to finish flushing the currently queued cells first. If it discards the queued cells and only sends the destroy cell, then we end up with missing data.
Sending a DESTROY cell after dropping data still tears down a circuit, but (depending on the sender's position in the circuit) it tears it down with a digest error. Which is probably not what we want.
That said, there may be no way to tell if the application-level data is complete or not, so an error teardown may be appropriate.
T