[torspec/master] Padding spec update for Bug 30992's machine_ctr field. - tor-commits

11 Jun 2020

commit f26e739db4d6d330165efe72cee8812d99a49598
Author: Mike Perry mikeperry-git@torproject.org
Date:   Wed Jun 10 17:39:13 2020 -0500
Padding spec update for Bug 30992's machine_ctr field.
---
 padding-spec.txt | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/padding-spec.txt b/padding-spec.txt
index 22ed171..b9d99b7 100644
--- a/padding-spec.txt
+++ b/padding-spec.txt
@@ -325,13 +325,19 @@ the anonymity and load-balancing implications of their choices.
        u8 command IN [CIRCPAD_COMMAND_START, CIRCPAD_COMMAND_STOP];
u8 machine_type IN [CIRCPAD_MACHINE_CIRC_SETUP];
+
+       u8 unused; // Formerly echo_request
+
+       u32 machine_ctr;
      };
When a client wants to start a circuit padding machine, it first checks that
   the desired destination hop advertises the appropriate subprotocol version for
   that machine. It then sends a circpad_negotiate cell to that hop with
   command=CIRCPAD_COMMAND_START, and machine_type=CIRCPAD_MACHINE_CIRC_SETUP (for
-  the circ setup machine, the destination hop is the second hop in the circuit).
+  the circ setup machine, the destination hop is the second hop in the
+  circuit). The machine_ctr is the count of which machine instance this is on
+  the circuit. It is used to disambiguate shutdown requests.
When a relay receives a circpad_negotiate cell, it checks that it supports
   the requested machine, and sends a circpad_negotiated cell, which is formatted
@@ -343,6 +349,8 @@ the anonymity and load-balancing implications of their choices.
        u8 response IN [CIRCPAD_RESPONSE_OK, CIRCPAD_RESPONSE_ERR];
u8 machine_type IN [CIRCPAD_MACHINE_CIRC_SETUP];
+
+       u32 machine_ctr;
      };
If the machine is supported, the response field will contain
@@ -352,6 +360,9 @@ the anonymity and load-balancing implications of their choices.
   (clients MUST only send circpad_negotiate, and relays MUST only send
   circpad_negotiated for this purpose).
+  If the machine_ctr does not match the current machine instance count
+  on the circuit, the command is ignored.
+
 3.2. Circuit Padding Machine Message Management
Clients MAY send padding cells towards the relay before receiving the

    