7 files changed, 61 insertions, 38 deletions
diff --git a/src/core/or/channel.c b/src/core/or/channel.c
index d082174dc8..c163f53488 100644
--- a/src/core/or/channel.c
+++ b/src/core/or/channel.c
@@ -2395,12 +2395,16 @@ channel_is_better(channel_t *a, channel_t *b)
  * *msg_out to a message describing the channel's state and our next action,
  * and set *launch_out to a boolean indicated whether the caller should try to
  * launch a new channel with channel_connect().
+ *
+ * If `for_origin_circ` is set, mark the channel as interesting for origin
+ * circuits, and therefore interesting for our bootstrapping reports.
  */
 MOCK_IMPL(channel_t *,
 channel_get_for_extend,(const char *rsa_id_digest,
                         const ed25519_public_key_t *ed_id,
                         const tor_addr_t *target_ipv4_addr,
                         const tor_addr_t *target_ipv6_addr,
+                        bool for_origin_circ,
                         const char **msg_out,
                         int *launch_out))
 {
@@ -2440,8 +2444,15 @@ channel_get_for_extend,(const char *rsa_id_digest,
     if (!CHANNEL_IS_OPEN(chan)) {
       /* If the address matches, don't launch a new connection for this
        * circuit. */
-      if (matches_target)
+      if (matches_target) {
         ++n_inprogress_goodaddr;
+        if (for_origin_circ) {
+          /* We were looking for a connection for an origin circuit; this one
+           * matches, so we'll note that we decided to use it for an origin
+           * circuit. */
+          channel_mark_as_used_for_origin_circuit(chan);
+        }
+      }
       continue;
     }
 
diff --git a/src/core/or/channel.h b/src/core/or/channel.h
index 606b0730b8..206d0fdc97 100644
--- a/src/core/or/channel.h
+++ b/src/core/or/channel.h
@@ -526,6 +526,7 @@ void channel_mark_for_close(channel_t *chan);
 int channel_write_packed_cell(channel_t *chan, packed_cell_t *cell);
 
 void channel_listener_mark_for_close(channel_listener_t *chan_l);
+void channel_mark_as_used_for_origin_circuit(channel_t *chan);
 
 /* Channel callback registrations */
 
@@ -661,6 +662,7 @@ MOCK_DECL(channel_t *, channel_get_for_extend,(
                                    const struct ed25519_public_key_t *ed_id,
                                    const tor_addr_t *target_ipv4_addr,
                                    const tor_addr_t *target_ipv6_addr,
+                                   bool for_origin_circ,
                                    const char **msg_out,
                                    int *launch_out));
 
diff --git a/src/core/or/channeltls.c b/src/core/or/channeltls.c
index a0debf8d22..32723fed1e 100644
--- a/src/core/or/channeltls.c
+++ b/src/core/or/channeltls.c
@@ -360,6 +360,31 @@ channel_tls_handle_incoming(or_connection_t *orconn)
   return chan;
 }
 
+/**
+ * Set the `potentially_used_for_bootstrapping` flag on the or_connection_t
+ * corresponding to the provided channel.
+ *
+ * This flag indicates that if the connection fails, it might be interesting
+ * to the bootstrapping subsystem.  (The bootstrapping system only cares about
+ * channels that we have tried to use for our own circuits.  Other channels
+ * may have been launched in response to EXTEND cells from somebody else, and
+ * if they fail, it won't necessarily indicate a bootstrapping problem.)
+ **/
+void
+channel_mark_as_used_for_origin_circuit(channel_t *chan)
+{
+  if (BUG(!chan))
+    return;
+  if (chan->magic != TLS_CHAN_MAGIC)
+    return;
+  channel_tls_t *tlschan = channel_tls_from_base(chan);
+  if (BUG(!tlschan))
+    return;
+
+  if (tlschan->conn)
+    tlschan->conn->potentially_used_for_bootstrapping = 1;
+}
+
 /*********
  * Casts *
  ********/
diff --git a/src/core/or/circuitbuild.c b/src/core/or/circuitbuild.c
index ab4ce9f784..a3a7a8cf58 100644
--- a/src/core/or/circuitbuild.c
+++ b/src/core/or/circuitbuild.c
@@ -574,6 +574,7 @@ circuit_handle_first_hop(origin_circuit_t *circ)
                           &firsthop->extend_info->ed_identity,
                           orport4 ? &orport4->addr : NULL,
                           orport6 ? &orport6->addr : NULL,
+                          true,
                           &msg,
                           &should_launch);
 
@@ -590,6 +591,11 @@ circuit_handle_first_hop(origin_circuit_t *circ)
         log_info(LD_CIRC,"connect to firsthop failed. Closing.");
         return -END_CIRC_REASON_CONNECTFAILED;
       }
+      /* We didn't find a channel, but we're launching one for an origin
+       * circuit.  (If we decided not to launch a channel, then we found at
+       * least one once good in-progress channel use for this circuit, and
+       * marked it in channel_get_for_extend().) */
+      channel_mark_as_used_for_origin_circuit(n_chan);
       circuit_chan_publish(circ, n_chan);
     }
 
@@ -602,6 +608,8 @@ circuit_handle_first_hop(origin_circuit_t *circ)
   } else { /* it's already open. use it. */
     tor_assert(!circ->base_.n_hop);
     circ->base_.n_chan = n_chan;
+    /* We found a channel, and we're using it for an origin circuit. */
+    channel_mark_as_used_for_origin_circuit(n_chan);
     circuit_chan_publish(circ, n_chan);
     log_debug(LD_CIRC,"Conn open for %s. Delivering first onion skin.",
               safe_str_client(extend_info_describe(firsthop->extend_info)));
@@ -770,27 +778,15 @@ circuit_deliver_create_cell,(circuit_t *circ,
   return -1;
 }
 
-/** Return true iff we should send a create_fast cell to start building a given
- * circuit */
-static inline int
+/** Return true iff we should send a create_fast cell to start building a
+ * given circuit */
+static inline bool
 should_use_create_fast_for_circuit(origin_circuit_t *circ)
 {
-  const or_options_t *options = get_options();
   tor_assert(circ->cpath);
   tor_assert(circ->cpath->extend_info);
 
-  if (!circuit_has_usable_onion_key(circ)) {
-    /* We don't have ntor, and we don't have or can't use TAP,
-     * so our hand is forced: only a create_fast will work. */
-    return 1;
-  }
-  if (public_server_mode(options)) {
-    /* We're a server, and we have a usable onion key. We can choose.
-     * Prefer to blend our circuit into the other circuits we are
-     * creating on behalf of others. */
-    return 0;
-  }
-  return networkstatus_get_param(NULL, "usecreatefast", 0, 0, 1);
+  return ! circuit_has_usable_onion_key(circ);
 }
 
 /**
diff --git a/src/core/or/circuitpadding.c b/src/core/or/circuitpadding.c
index 889ffb03f1..e6daba5469 100644
--- a/src/core/or/circuitpadding.c
+++ b/src/core/or/circuitpadding.c
@@ -1226,6 +1226,7 @@ circpad_send_padding_cell_for_callback(circpad_machine_runtime_t *mi)
   circuit_t *circ = mi->on_circ;
   int machine_idx = mi->machine_index;
   mi->padding_scheduled_at_usec = 0;
+  mi->is_padding_timer_scheduled = 0;
   circpad_statenum_t state = mi->current_state;
 
   /* Make sure circuit didn't close on us */
diff --git a/src/core/or/circuituse.c b/src/core/or/circuituse.c
index a0816fc73c..ace68cea53 100644
--- a/src/core/or/circuituse.c
+++ b/src/core/or/circuituse.c
@@ -2632,22 +2632,6 @@ cpath_is_on_circuit(origin_circuit_t *circ, crypt_path_t *crypt_path)
   return 0;
 }
 
-/** Return true iff client-side optimistic data is supported. */
-static int
-optimistic_data_enabled(void)
-{
-  const or_options_t *options = get_options();
-  if (options->OptimisticData < 0) {
-    /* Note: this default was 0 before #18815 was merged. We can't take the
-     * parameter out of the consensus until versions before that are all
-     * obsolete. */
-    const int32_t enabled =
-      networkstatus_get_param(NULL, "UseOptimisticData", /*default*/ 1, 0, 1);
-    return (int)enabled;
-  }
-  return options->OptimisticData;
-}
-
 /** Attach the AP stream <b>apconn</b> to circ's linked list of
  * p_streams. Also set apconn's cpath_layer to <b>cpath</b>, or to the last
  * hop in circ's cpath if <b>cpath</b> is NULL.
@@ -2700,11 +2684,10 @@ link_apconn_to_circ(entry_connection_t *apconn, origin_circuit_t *circ,
     exitnode = node_get_by_id(cpath->extend_info->identity_digest);
 
   /* See if we can use optimistic data on this circuit */
-  if (optimistic_data_enabled() &&
-      (circ->base_.purpose == CIRCUIT_PURPOSE_C_GENERAL ||
-       circ->base_.purpose == CIRCUIT_PURPOSE_C_HSDIR_GET ||
-       circ->base_.purpose == CIRCUIT_PURPOSE_S_HSDIR_POST ||
-       circ->base_.purpose == CIRCUIT_PURPOSE_C_REND_JOINED))
+  if (circ->base_.purpose == CIRCUIT_PURPOSE_C_GENERAL ||
+      circ->base_.purpose == CIRCUIT_PURPOSE_C_HSDIR_GET ||
+      circ->base_.purpose == CIRCUIT_PURPOSE_S_HSDIR_POST ||
+      circ->base_.purpose == CIRCUIT_PURPOSE_C_REND_JOINED)
     apconn->may_use_optimistic_data = 1;
   else
     apconn->may_use_optimistic_data = 0;
diff --git a/src/core/or/or_connection_st.h b/src/core/or/or_connection_st.h
index 8e012a6b85..253fe67020 100644
--- a/src/core/or/or_connection_st.h
+++ b/src/core/or/or_connection_st.h
@@ -74,6 +74,11 @@ struct or_connection_t {
   unsigned int is_outgoing:1;
   unsigned int proxy_type:3; /**< One of PROXY_NONE...PROXY_HAPROXY */
   unsigned int wide_circ_ids:1;
+  /** True iff a failure on this connection indicates a posssible
+   * bootstrapping problem.  We set this as true if we notice that this
+   * connection could handle a pending origin circuit, or if we launch it to
+   * handle an origin circuit. */
+  unsigned int potentially_used_for_bootstrapping:1;
   /** True iff this connection has had its bootstrap failure logged with
    * control_event_bootstrap_problem. */
   unsigned int have_noted_bootstrap_problem:1;