diff options
Diffstat (limited to 'spec/path-spec/handling-failure.md')
| -rw-r--r-- | spec/path-spec/handling-failure.md | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/spec/path-spec/handling-failure.md b/spec/path-spec/handling-failure.md new file mode 100644 index 0000000..8db9245 --- /dev/null +++ b/spec/path-spec/handling-failure.md @@ -0,0 +1,19 @@ +<a id="path-spec.txt-2.5"></a> + +# Handling failure + +If an attempt to extend a circuit fails (either because the first create +failed or a subsequent extend failed) then the circuit is torn down and is +no longer pending. (XXXX really?) Requests that might have been +supported by the pending circuit thus become unsupported, and a new +circuit needs to be constructed. + +If a stream "begin" attempt fails with an EXITPOLICY error, we +decide that the exit node's exit policy is not correctly advertised, +so we treat the exit node as if it were a non-exit until we retrieve +a fresh descriptor for it. + +Excessive amounts of either type of failure can indicate an +attack on anonymity. +See [discussion of path bias detection](./detecting-route-manipulation.md) +for how excessive failure is handled. |