diff options
| author | teor <teor@torproject.org> | 2019-08-23 16:17:47 +1000 |
|---|---|---|
| committer | teor <teor@torproject.org> | 2019-08-23 16:22:49 +1000 |
| commit | e2e1c07fd25c96a83b38f5d84d2c063b98ed8f46 (patch) | |
| tree | 4ee6679c81ae2ad862aa086d30909db6195e82f4 /src/feature/hs/hs_circuit.c | |
| parent | 084245134b022aa983c45aa3fc0ace9fd7ae21a9 (diff) | |
| download | tor-e2e1c07fd25c96a83b38f5d84d2c063b98ed8f46.tar.gz tor-e2e1c07fd25c96a83b38f5d84d2c063b98ed8f46.zip | |
hs: v3 single onion services fall back to 3-hop intro for unreachable nodes
Previously, v3 single onion services failed when all intro nodes were
unreachable via a 1-hop path. Now, we select intros that are only available
via a 3-hop path, and use a 3-hop path to connect to them.
Fixes bug 23507; bugfix on 0.3.2.1-alpha.
Diffstat (limited to 'src/feature/hs/hs_circuit.c')
| -rw-r--r-- | src/feature/hs/hs_circuit.c | 25 |
1 files changed, 15 insertions, 10 deletions
diff --git a/src/feature/hs/hs_circuit.c b/src/feature/hs/hs_circuit.c index d74b088f07..8acfcbd65b 100644 --- a/src/feature/hs/hs_circuit.c +++ b/src/feature/hs/hs_circuit.c @@ -758,13 +758,16 @@ hs_circ_retry_service_rendezvous_point(origin_circuit_t *circ) } /* For a given service and a service intro point, launch a circuit to the - * extend info ei. If the service is a single onion, a one-hop circuit will be - * requested. Return 0 if the circuit was successfully launched and tagged + * extend info ei. If the service is a single onion, and direct_conn is true, + * a one-hop circuit will be requested. + * + * Return 0 if the circuit was successfully launched and tagged * with the correct identifier. On error, a negative value is returned. */ int hs_circ_launch_intro_point(hs_service_t *service, const hs_service_intro_point_t *ip, - extend_info_t *ei) + extend_info_t *ei, + bool direct_conn) { /* Standard flags for introduction circuit. */ int ret = -1, circ_flags = CIRCLAUNCH_NEED_UPTIME | CIRCLAUNCH_IS_INTERNAL; @@ -775,15 +778,17 @@ hs_circ_launch_intro_point(hs_service_t *service, tor_assert(ei); /* Update circuit flags in case of a single onion service that requires a - * direct connection. - * - * We only use a one-hop path on the first attempt. If the first attempt + * direct connection. */ + tor_assert_nonfatal(ip->circuit_retries > 0); + /* Only single onion services can make direct conns */ + if (BUG(!service->config.is_single_onion && direct_conn)) { + goto end; + } + /* We only use a one-hop path on the first attempt. If the first attempt * fails, we use a 3-hop path for reachability / reliability. * (Unlike v2, retries is incremented by the caller before it calls this - * function.) - */ - tor_assert_nonfatal(ip->circuit_retries > 0); - if (service->config.is_single_onion && ip->circuit_retries == 1) { + * function.) */ + if (direct_conn && ip->circuit_retries == 1) { circ_flags |= CIRCLAUNCH_ONEHOP_TUNNEL; } |