We need to split streamid into recognized and streamid

Roger Dingledine arma at mit.edu
Wed Dec 17 07:59:55 UTC 2003

I implemented end-to-end integrity checking for the payloads of relay
cells. Turns out it doesn't work.

To do end-to-end integrity checking, we must take into account every relay
cell sent to or received on each hop in the circuit. Each stream has a
streamid specific to it, which is used to address relay cells to that
stream. A given hop can know a relay cell is addressed to it if a) the
streamID is the control value "0", or b) the streamID is a known streamid
for an already established stream at that hop. When a stream ends, that
streamid is no longer recognized by that hop (which is reasonable),
so that hop will pass the relay cell on to the next hop, or drop it if
it's the last hop on the circ. But since it doesn't know it was supposed
to get it, it doesn't know it should add those bytes to the sha1.

So the sequence gets out of whack.

I think the proper fix is to separate 'is this relay cell destined for
this hop' from 'which stream is this relay cell destined for'. We can
probably make do with two bytes for each, assuming the "send a dummy
instead if the encryption happens to make recognized='00' prematurely"
idea (also not implemented yet) works.

The semantics of the begin relay cell can change now too, since we can
simply start using the new streamid directly.


More information about the tor-dev mailing list