diff options
| author | David Goulet <dgoulet@torproject.org> | 2019-08-29 08:55:58 -0400 |
|---|---|---|
| committer | David Goulet <dgoulet@torproject.org> | 2019-08-29 08:55:58 -0400 |
| commit | 7c99a4dddee8350a4997ed2e2033dc9c20242da1 (patch) | |
| tree | 047acd813ed2f0907eb231f26905dce60ba395bb /src/feature/hs/hs_circuit.c | |
| parent | 04ab357df80582d3d9e7a78471e051f8f774d27b (diff) | |
| parent | ff905f8e1e3a9df9349a82cfa2724cc50b1523f4 (diff) | |
| download | tor-7c99a4dddee8350a4997ed2e2033dc9c20242da1.tar.gz tor-7c99a4dddee8350a4997ed2e2033dc9c20242da1.zip | |
Merge branch 'maint-0.4.1'
Diffstat (limited to 'src/feature/hs/hs_circuit.c')
| -rw-r--r-- | src/feature/hs/hs_circuit.c | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/src/feature/hs/hs_circuit.c b/src/feature/hs/hs_circuit.c index 259ffb1441..2419d19f75 100644 --- a/src/feature/hs/hs_circuit.c +++ b/src/feature/hs/hs_circuit.c @@ -404,8 +404,12 @@ launch_rendezvous_point_circuit(const hs_service_t *service, if (circ_needs_uptime) { circ_flags |= CIRCLAUNCH_NEED_UPTIME; } - /* Firewall and policies are checked when getting the extend info. */ - if (service->config.is_single_onion) { + /* Firewall and policies are checked when getting the extend info. + * + * We only use a one-hop path on the first attempt. If the first attempt + * fails, we use a 3-hop path for reachability / reliability. + * See the comment in retry_service_rendezvous_point() for details. */ + if (service->config.is_single_onion && i == 0) { circ_flags |= CIRCLAUNCH_ONEHOP_TUNNEL; } @@ -677,13 +681,16 @@ hs_circ_retry_service_rendezvous_point(origin_circuit_t *circ) } /* For a given service and a service intro point, launch a circuit to the - * extend info ei. If the service is a single onion, a one-hop circuit will be - * requested. Return 0 if the circuit was successfully launched and tagged + * extend info ei. If the service is a single onion, and direct_conn is true, + * a one-hop circuit will be requested. + * + * Return 0 if the circuit was successfully launched and tagged * with the correct identifier. On error, a negative value is returned. */ int hs_circ_launch_intro_point(hs_service_t *service, const hs_service_intro_point_t *ip, - extend_info_t *ei) + extend_info_t *ei, + bool direct_conn) { /* Standard flags for introduction circuit. */ int ret = -1, circ_flags = CIRCLAUNCH_NEED_UPTIME | CIRCLAUNCH_IS_INTERNAL; @@ -695,7 +702,16 @@ hs_circ_launch_intro_point(hs_service_t *service, /* Update circuit flags in case of a single onion service that requires a * direct connection. */ - if (service->config.is_single_onion) { + tor_assert_nonfatal(ip->circuit_retries > 0); + /* Only single onion services can make direct conns */ + if (BUG(!service->config.is_single_onion && direct_conn)) { + goto end; + } + /* We only use a one-hop path on the first attempt. If the first attempt + * fails, we use a 3-hop path for reachability / reliability. + * (Unlike v2, retries is incremented by the caller before it calls this + * function.) */ + if (direct_conn && ip->circuit_retries == 1) { circ_flags |= CIRCLAUNCH_ONEHOP_TUNNEL; } |