aboutsummaryrefslogtreecommitdiff
path: root/spec/control-spec/protocol-outline.md
diff options
context:
space:
mode:
Diffstat (limited to 'spec/control-spec/protocol-outline.md')
-rw-r--r--spec/control-spec/protocol-outline.md71
1 files changed, 71 insertions, 0 deletions
diff --git a/spec/control-spec/protocol-outline.md b/spec/control-spec/protocol-outline.md
new file mode 100644
index 0000000..0329b1d
--- /dev/null
+++ b/spec/control-spec/protocol-outline.md
@@ -0,0 +1,71 @@
+<a id="control-spec.txt-1"></a>
+
+# Protocol outline
+
+TC is a bidirectional message-based protocol. It assumes an underlying
+stream for communication between a controlling process (the "client"
+or "controller") and a Tor process (or "server"). The stream may be
+implemented via TCP, TLS-over-TCP, a Unix-domain socket, or so on,
+but it must provide reliable in-order delivery. For security, the
+stream should not be accessible by untrusted parties.
+
+In TC, the client and server send typed messages to each other over the
+underlying stream. The client sends "commands" and the server sends
+"replies".
+
+By default, all messages from the server are in response to messages from
+the client. Some client requests, however, will cause the server to send
+messages to the client indefinitely far into the future. Such
+"asynchronous" replies are marked as such.
+
+Servers respond to messages in the order messages are received.
+
+<a id="control-spec.txt-1.1"></a>
+
+## Forward-compatibility
+
+This is an evolving protocol; new client and server behavior will be
+allowed in future versions. To allow new backward-compatible behavior
+on behalf of the client, we may add new commands and allow existing
+commands to take new arguments in future versions. To allow new
+backward-compatible server behavior, we note various places below
+where servers speaking a future version of this protocol may insert
+new data, and note that clients should/must "tolerate" unexpected
+elements in these places. There are two ways that we do this:
+
+- Adding a new field to a message:
+
+```text
+ For example, we might say "This message has three space-separated
+ fields; clients MUST tolerate more fields." This means that a
+ client MUST NOT crash or otherwise fail to parse the message or
+ other subsequent messages when there are more than three fields, and
+ that it SHOULD function at least as well when more fields are
+ provided as it does when it only gets the fields it accepts. The
+ most obvious way to do this is by ignoring additional fields; the
+ next-most-obvious way is to report additional fields verbatim to the
+ user, perhaps as part of an expert UI.
+
+ * Adding a new possible value to a list of alternatives:
+
+ For example, we might say "This field will be OPEN, CLOSED, or
+ CONNECTED. Clients MUST tolerate unexpected values." This means
+ that a client MUST NOT crash or otherwise fail to parse the message
+ or other subsequent messages when there are unexpected values, and
+ that it SHOULD try to handle the rest of the message as well as it
+ can. The most obvious way to do this is by pretending that each
+ list of alternatives has an additional "unrecognized value" element,
+ and mapping any unrecognized values to that element; the
+ next-most-obvious way is to create a separate "unrecognized value"
+ element for each unrecognized value.
+
+ Clients SHOULD NOT "tolerate" unrecognized alternatives by
+ pretending that the message containing them is absent. For example,
+ a stream closed for an unrecognized reason is nevertheless closed,
+ and should be reported as such.
+
+ (If some list of alternatives is given, and there isn't an explicit
+ statement that clients must tolerate unexpected values, clients still
+ must tolerate unexpected values. The only exception would be if there
+ were an explicit statement that no future values will ever be added.)
+```
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion