Padding spec update for Bug 30992's machine_ctr field.

1 files changed, 12 insertions, 1 deletions

diff --git a/padding-spec.txt b/padding-spec.txt
index 22ed171..b9d99b7 100644
--- a/padding-spec.txt
+++ b/padding-spec.txt
@@ -325,13 +325,19 @@ the anonymity and load-balancing implications of their choices.
        u8 command IN [CIRCPAD_COMMAND_START, CIRCPAD_COMMAND_STOP];
 
        u8 machine_type IN [CIRCPAD_MACHINE_CIRC_SETUP];
+
+       u8 unused; // Formerly echo_request
+
+       u32 machine_ctr;
      };
 
   When a client wants to start a circuit padding machine, it first checks that
   the desired destination hop advertises the appropriate subprotocol version for
   that machine. It then sends a circpad_negotiate cell to that hop with
   command=CIRCPAD_COMMAND_START, and machine_type=CIRCPAD_MACHINE_CIRC_SETUP (for
-  the circ setup machine, the destination hop is the second hop in the circuit).
+  the circ setup machine, the destination hop is the second hop in the
+  circuit). The machine_ctr is the count of which machine instance this is on
+  the circuit. It is used to disambiguate shutdown requests.
 
   When a relay receives a circpad_negotiate cell, it checks that it supports
   the requested machine, and sends a circpad_negotiated cell, which is formatted
@@ -343,6 +349,8 @@ the anonymity and load-balancing implications of their choices.
        u8 response IN [CIRCPAD_RESPONSE_OK, CIRCPAD_RESPONSE_ERR];
 
        u8 machine_type IN [CIRCPAD_MACHINE_CIRC_SETUP];
+
+       u32 machine_ctr;
      };
 
   If the machine is supported, the response field will contain
@@ -352,6 +360,9 @@ the anonymity and load-balancing implications of their choices.
   (clients MUST only send circpad_negotiate, and relays MUST only send
   circpad_negotiated for this purpose).
 
+  If the machine_ctr does not match the current machine instance count
+  on the circuit, the command is ignored.
+
 3.2. Circuit Padding Machine Message Management
 
   Clients MAY send padding cells towards the relay before receiving the