diff options
| author | teor <teor@torproject.org> | 2019-08-23 16:26:32 +1000 |
|---|---|---|
| committer | teor <teor@torproject.org> | 2019-08-23 16:26:32 +1000 |
| commit | 65935f6da7ac9201c6197f4fc1b57527c8e3457a (patch) | |
| tree | 774e6cb25631b270461a8202a4e7da252a465344 /src/feature/hs/hs_circuit.c | |
| parent | d475d7c2fb3c0ed5120c50011b187f6957a4f52c (diff) | |
| parent | 41bc1fac8e77e399572e020c5ba59462afd75f4b (diff) | |
| download | tor-65935f6da7ac9201c6197f4fc1b57527c8e3457a.tar.gz tor-65935f6da7ac9201c6197f4fc1b57527c8e3457a.zip | |
Merge branch 'bug23818_035' into bug23818_master
Diffstat (limited to 'src/feature/hs/hs_circuit.c')
| -rw-r--r-- | src/feature/hs/hs_circuit.c | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/src/feature/hs/hs_circuit.c b/src/feature/hs/hs_circuit.c index a6e86c5ab3..716c4b1f17 100644 --- a/src/feature/hs/hs_circuit.c +++ b/src/feature/hs/hs_circuit.c @@ -406,8 +406,12 @@ launch_rendezvous_point_circuit(const hs_service_t *service, if (circ_needs_uptime) { circ_flags |= CIRCLAUNCH_NEED_UPTIME; } - /* Firewall and policies are checked when getting the extend info. */ - if (service->config.is_single_onion) { + /* Firewall and policies are checked when getting the extend info. + * + * We only use a one-hop path on the first attempt. If the first attempt + * fails, we use a 3-hop path for reachability / reliability. + * See the comment in retry_service_rendezvous_point() for details. */ + if (service->config.is_single_onion && i == 0) { circ_flags |= CIRCLAUNCH_ONEHOP_TUNNEL; } @@ -679,13 +683,16 @@ hs_circ_retry_service_rendezvous_point(origin_circuit_t *circ) } /* For a given service and a service intro point, launch a circuit to the - * extend info ei. If the service is a single onion, a one-hop circuit will be - * requested. Return 0 if the circuit was successfully launched and tagged + * extend info ei. If the service is a single onion, and direct_conn is true, + * a one-hop circuit will be requested. + * + * Return 0 if the circuit was successfully launched and tagged * with the correct identifier. On error, a negative value is returned. */ int hs_circ_launch_intro_point(hs_service_t *service, const hs_service_intro_point_t *ip, - extend_info_t *ei) + extend_info_t *ei, + bool direct_conn) { /* Standard flags for introduction circuit. */ int ret = -1, circ_flags = CIRCLAUNCH_NEED_UPTIME | CIRCLAUNCH_IS_INTERNAL; @@ -697,7 +704,16 @@ hs_circ_launch_intro_point(hs_service_t *service, /* Update circuit flags in case of a single onion service that requires a * direct connection. */ - if (service->config.is_single_onion) { + tor_assert_nonfatal(ip->circuit_retries > 0); + /* Only single onion services can make direct conns */ + if (BUG(!service->config.is_single_onion && direct_conn)) { + goto end; + } + /* We only use a one-hop path on the first attempt. If the first attempt + * fails, we use a 3-hop path for reachability / reliability. + * (Unlike v2, retries is incremented by the caller before it calls this + * function.) */ + if (direct_conn && ip->circuit_retries == 1) { circ_flags |= CIRCLAUNCH_ONEHOP_TUNNEL; } |