Routing relay cells
Circuit ID Checks
When a node wants to send a RELAY or RELAY_EARLY cell, it checks the cell's circID and determines whether the corresponding circuit along that connection is still open. If not, the node drops the cell.
When a node receives a RELAY or RELAY_EARLY cell, it checks the cell's circID and determines whether it has a corresponding circuit along that connection. If not, the node drops the cell.
Here and elsewhere, we refer to RELAY and RELAY_EARLY cells collectively as "relay cells".
Forward Direction
The forward direction is the direction that CREATE/CREATE2 cells are sent.
Routing from the Origin
When a relay cell is sent from a client, the client encrypts the cell's body with the stream cipher as follows:
Client sends relay cell:
For I=N...1, where N is the destination node:
Encrypt with Kf_I.
Transmit the encrypted cell to node 1.
Relaying Forward at Onion Routers
When a forward relay cell is received by a relay, it decrypts the cell's body with the stream cipher, as follows:
'Forward' relay cell:
Use Kf as key; decrypt.
The relay then decides whether it recognizes the relay cell, by inspecting the cell as described in Relay cells. If the relay recognizes the cell, it processes the contents of the relay cell. Otherwise, it passes the decrypted relay cell along the circuit if the circuit continues. If the relay at the end of the circuit encounters an unrecognized relay cell, an error has occurred: the relay sends a DESTROY cell to tear down the circuit.
For more information, see Application connections and stream management.
Backward Direction
The backward direction is the opposite direction from CREATE/CREATE2 cells.
Relaying Backward at Onion Routers
When a backward relay cell is received by a relay, it encrypts the cell's body with the stream cipher, as follows:
'Backward' relay cell:
Use Kb as key; encrypt.
Routing to the Origin
When a relay cell arrives at a client, the client decrypts the cell's body with the stream cipher as follows:
Client receives relay cell from node 1:
For I=1...N, where N is the final node on the circuit:
Decrypt with Kb_I.
If the cell is recognized (see [1]), then:
The sending node is I.
Stop and process the cell.
[1]: "Relay cells"