diff options
| author | teor <teor@torproject.org> | 2019-08-23 14:38:54 +1000 |
|---|---|---|
| committer | teor <teor@torproject.org> | 2019-08-23 15:01:48 +1000 |
| commit | dc08f8ac70e95b9a76f86a5e15dfcabd7ada25b9 (patch) | |
| tree | 3322c86c349ed593ad30a25dcba533ea4b707013 | |
| parent | 5a1c3e44f758cda18bb0a0a8ef7c94a0122c85e4 (diff) | |
| download | tor-dc08f8ac70e95b9a76f86a5e15dfcabd7ada25b9.tar.gz tor-dc08f8ac70e95b9a76f86a5e15dfcabd7ada25b9.zip | |
rendservice: Always use a 3-hop path when a v2 single onion rend fails
Previously, we used a 1-hop path when a single onion rend failed
immediately, and a 3-hop path when it failed after trying to build
a circuit.
Fixes bug 23818; bugfix on 0.2.9.3-alpha.
| -rw-r--r-- | src/or/rendservice.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/src/or/rendservice.c b/src/or/rendservice.c index 32b856452d..f145e9d694 100644 --- a/src/or/rendservice.c +++ b/src/or/rendservice.c @@ -2073,8 +2073,12 @@ rend_service_receive_introduction(origin_circuit_t *circuit, int flags = CIRCLAUNCH_NEED_CAPACITY | CIRCLAUNCH_IS_INTERNAL; if (circ_needs_uptime) flags |= CIRCLAUNCH_NEED_UPTIME; /* A Single Onion Service only uses a direct connection if its - * firewall rules permit direct connections to the address. */ - if (rend_service_use_direct_connection(options, rp)) { + * firewall rules permit direct connections to the address. + * + * We only use a one-hop path on the first attempt. If the first attempt + * fails, we use a 3-hop path for reachability / reliability. + * See the comment in rend_service_relauch_rendezvous() for details. */ + if (rend_service_use_direct_connection(options, rp) && i == 0) { flags = flags | CIRCLAUNCH_ONEHOP_TUNNEL; } launched = circuit_launch_by_extend_info( |