hs: Always use a 3-hop path when a v3 single onion rend fails

Previously, we used a 1-hop path when a single onion rend failed immediately, and a 3-hop path when it failed after trying to build a circuit. Fixes bug 23818; bugfix on 0.3.2.1-alpha.
author: teor <teor@torproject.org> 2019-08-23 14:41:24 +1000
committer: teor <teor@torproject.org> 2019-08-23 15:09:43 +1000
commit: c94904b35982a73a652d9bed8b195ce625bbb962 (patch)
tree: 3157a2089aa36c9d63c064709709b241c5ef997f /src/feature/hs
parent: 14b5f40b54e41a2eb6cf73b2a4f42193b9f2d6d2 (diff)
download: tor-c94904b35982a73a652d9bed8b195ce625bbb962.tar.gz
tor-c94904b35982a73a652d9bed8b195ce625bbb962.zip
1 files changed, 6 insertions, 2 deletions
diff --git a/src/feature/hs/hs_circuit.c b/src/feature/hs/hs_circuit.c
index e3873d2f18..f7996a24f5 100644
--- a/src/feature/hs/hs_circuit.c
+++ b/src/feature/hs/hs_circuit.c
@@ -405,8 +405,12 @@ launch_rendezvous_point_circuit(const hs_service_t *service,
     if (circ_needs_uptime) {
       circ_flags |= CIRCLAUNCH_NEED_UPTIME;
     }
-    /* Firewall and policies are checked when getting the extend info. */
-    if (service->config.is_single_onion) {
+    /* Firewall and policies are checked when getting the extend info.
+     *
+     * We only use a one-hop path on the first attempt. If the first attempt
+     * fails, we use a 3-hop path for reachability / reliability.
+     * See the comment in retry_service_rendezvous_point() for details. */
+    if (service->config.is_single_onion && i == 0) {
       circ_flags |= CIRCLAUNCH_ONEHOP_TUNNEL;
     }
author	teor <teor@torproject.org>	2019-08-23 14:41:24 +1000
committer	teor <teor@torproject.org>	2019-08-23 15:09:43 +1000
commit	c94904b35982a73a652d9bed8b195ce625bbb962 (patch)
tree	3157a2089aa36c9d63c064709709b241c5ef997f /src/feature/hs
parent	14b5f40b54e41a2eb6cf73b2a4f42193b9f2d6d2 (diff)
download	tor-c94904b35982a73a652d9bed8b195ce625bbb962.tar.gz tor-c94904b35982a73a652d9bed8b195ce625bbb962.zip