+371
−0
Loading
This adds new a `CircuitRxSender`/`CircuitRxReceiver` queue type. The corresponding (`Sink`-link) sender and `Stream` implementations prioritize the delivery of `DESTROY` messages, which get delivered immediately, even if there are other messages queued in the underlying MPSC message queue. We are okay with the resulting data loss, because inbound DESTROY can be indicative of malicious activity on the circuit. We choose to err on the safe side, and free up the resources associated with such circuits as soon as possible. DESTROY messages are also sent by relays when they're about to hibernate, and by clients once they've decided to stop using a circuit. In the latter case, the lack of an `RELAY_COMMAND_END_ACK` does mean that this prioritization can cause data loss in cases where the client closes the circuit immediately after END-ing a stream. However, this is a deficiency in the protocol, and not something we want to fix by implementing custom flushing logic in the reactor. See torspec#196 and the discussion in #2490. Part of #2490