In the current implementation, the persistent storage service (file offload) is invoked last after all of the custody operations have taken place. Specifically, the order of operations ends up as:
Find custody tracking block from previous custodian
Generate or append DACS bundle based on custody tracking block
Insert or update custody tracking block to reflect updated custodian (this node)
Send the bundle to persistent storage service (offload)
Notably, this means the ACK is generated (step 2) before the bundle is actually stored (step 4) meaning there is a window of opportunity for an acknowledgement to be sent but the bundle not actually stored.
However it was done this way for a reason, such that the bundle is stored with the correct custody tracking block - thus when forwarded it will already have the correct custody info, without needed an update for every (re)transmit.
To make this correct, the process needs to be adjusted:
Find custody tracking block from previous custodian and mark it as PENDING (i.e. save it, but don't ack)
Insert a new custody tracking block for THIS node
Send the bundle to persistent storage service (offload)
Generate or append DACS bundle only if above was successful
In the current implementation, the persistent storage service (file offload) is invoked last after all of the custody operations have taken place. Specifically, the order of operations ends up as:
Notably, this means the ACK is generated (step 2) before the bundle is actually stored (step 4) meaning there is a window of opportunity for an acknowledgement to be sent but the bundle not actually stored.
However it was done this way for a reason, such that the bundle is stored with the correct custody tracking block - thus when forwarded it will already have the correct custody info, without needed an update for every (re)transmit.
To make this correct, the process needs to be adjusted: