commit 952024f5c354d59d0df51b6c2fe94045fa9cb926 Author: Nick Mathewson nickm@torproject.org Date: Wed Mar 3 14:13:48 2021 -0500

Describe handling of END cells and half-open streams.

Originally designed in tor#25573 as part of a defense for the DropMark attack by Rochet and Pereira.

Closes torspec#33. --- tor-spec.txt | 10 ++++++++++ 1 file changed, 10 insertions(+)

diff --git a/tor-spec.txt b/tor-spec.txt index 11a991a..62b7d5d 100644 --- a/tor-spec.txt +++ b/tor-spec.txt @@ -1822,6 +1822,16 @@ see tor-design.pdf. [*] Older versions of Tor also send this reason when connections are reset.

+ Upon receiving a RELAY_END cell, the recipient may be sure that no further + cells will arrive on that stream, and can treat such cells as a protocol + violation. + + After sending a RELAY_END cell, the sender needs to give the recipient + time to receive that cell. In the meantime, the sender SHOULD remember + how many cells of which types (CONNECTED, SENDME, DATA) that it would have + accepted on that stream, and SHOULD kill the circuit if it receives more + than permitted. + --- [The rest of this section describes unimplemented functionality.]

Because TCP connections can be half-open, we follow an equivalent