diff options
author | Nick Mathewson <nickm@torproject.org> | 2023-10-23 11:43:03 -0400 |
---|---|---|
committer | Nick Mathewson <nickm@torproject.org> | 2023-11-01 20:10:12 -0400 |
commit | 1aea91632c6785f42fe045b7f3455d5924749337 (patch) | |
tree | fcbde3b56049e4ad03851e3e714ff09199e60fa7 /spec/rend-spec/managing-streams.md | |
parent | 8a1915d9a0d639cc88c3696e85250c879135b092 (diff) | |
download | torspec-1aea91632c6785f42fe045b7f3455d5924749337.tar.gz torspec-1aea91632c6785f42fe045b7f3455d5924749337.zip |
Add a new section to rend-spec about managing streams
We had not previous specified
* what should be in a BEGIN message sent to an onion service,
* or what exactly an onion service should check about a BEGIN,
* or how an onion service should respond to an unwanted BEGIN.
Diffstat (limited to 'spec/rend-spec/managing-streams.md')
-rw-r--r-- | spec/rend-spec/managing-streams.md | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/spec/rend-spec/managing-streams.md b/spec/rend-spec/managing-streams.md new file mode 100644 index 0000000..56f6f51 --- /dev/null +++ b/spec/rend-spec/managing-streams.md @@ -0,0 +1,31 @@ + +# Managing streams + +## Sending BEGIN messages { #send-begin } + +In order to open a new stream to an onion service, +the client sends a BEGIN message on an established rendezvous circuit. + +When sending a BEGIN message to an onion service, +a client should use an empty string as the target address, +and not set any flags on the begin message. + +> For example, to open a connection to `<some_addr>.onion` +> on port 443, a client would send a BEGIN message with +> the address:port string of `":443"`, and a `FLAGS` value of 0. +> The 0-values `FLAGS` would not be encoded, according to +> the instructions for [encoding BEGIN messages](../tor-spec/opening/streams#opening). + +## Receiving BEGIN messages { #receive-begin } + +When a service receives a BEGIN message, it should check its port, +_and ignore all other fields in the begin message_, including its +address and flags. + +If a service chooses to reject a BEGIN message, it should typically +destroy the circuit entirely to prevent port scanning, +resource exhaustion, and other undesirable behaviors. +If it does not, it should send back an `END` message with the `DONE` reason, +to avoid leaking any further information. + + |