Managing streams
Sending BEGIN messages
In order to open a new stream to an onion service, the client sends a BEGIN message on an established rendezvous circuit.
When sending a BEGIN message to an onion service, a client should use an empty string as the target address, and not set any flags on the begin message.
For example, to open a connection to
<some_addr>.onion
on port 443, a client would send a BEGIN message with the address:port string of":443"
, and aFLAGS
value of 0. The 0-valuesFLAGS
would not be encoded, according to the instructions for encoding BEGIN messages.
Receiving BEGIN messages
When a service receives a BEGIN message, it should check its port, and ignore all other fields in the begin message, including its address and flags.
If a service chooses to reject a BEGIN message, it should typically
destroy the circuit entirely to prevent port scanning,
resource exhaustion, and other undesirable behaviors.
But if it rejects the BEGIN without destroy the circuit,
it should send back an END
message with the DONE
reason,
to avoid leaking any further information.
If the service chooses to accept the BEGIN message, it should send back a CONNECTED message with an empty body.