Check message types before decoding cells?
It would be lovely if we could reject unacceptable messages based on their message types before we even parse them into a ChanMsg
or RelayMsg
.
This change would reduce the some side-channel risks of our current eager parsing strategy. (For example, suppose that we want to make support for onion-service-only messages optional. If we do that, then an attacker could tell when the client has onion service support by sending an unexpected INTRODUCE2 cell, and trying to figure out whether the bad cell was treated as an unrecognized message or a misformatted one.)