Skip to content

Specify and ENDED cell and timeouts for closing circuits.

In tor#40623 (closed), we changed the DESTROY propogation to ensure memory was freed quickly at relays. This was a good move, but it exacerbates the condition where a stream is closed on a circuit, and then it is immediately closed because it is dirty or destroyed. This creates a race between the DESTROY and the last data sent on the stream. This race is visible in shadow, and does happen.

In C-Tor, we now hold dirty circuits opened until after the half-closed timeout has expired. If we had an ENDED cell, we could avoid closing any circuits until the ENDED is received. However, because the ENDED cell could get lost if the circuit is also lost, we will still need some timeout here.

Such an implementation will also need to consider dropped cells during this time period, for S112-O3. This might reduce the time period available for injected cells, in normal operation.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information