diff options
Diffstat (limited to 'src/feature/rend')
| -rw-r--r-- | src/feature/rend/rendmid.c | 3 | ||||
| -rw-r--r-- | src/feature/rend/rendservice.c | 19 |
2 files changed, 17 insertions, 5 deletions
diff --git a/src/feature/rend/rendmid.c b/src/feature/rend/rendmid.c index ef2a44c40d..bc86df632c 100644 --- a/src/feature/rend/rendmid.c +++ b/src/feature/rend/rendmid.c @@ -71,7 +71,8 @@ rend_mid_establish_intro_legacy(or_circuit_t *circ, const uint8_t *request, goto err; } if (tor_memneq(expected_digest, request+2+asn1len, DIGEST_LEN)) { - log_warn(LD_PROTOCOL, "Hash of session info was not as expected."); + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + "Hash of session info was not as expected."); reason = END_CIRC_REASON_TORPROTOCOL; goto err; } diff --git a/src/feature/rend/rendservice.c b/src/feature/rend/rendservice.c index 98c7253bcc..119a6f9c89 100644 --- a/src/feature/rend/rendservice.c +++ b/src/feature/rend/rendservice.c @@ -2123,8 +2123,12 @@ rend_service_receive_introduction(origin_circuit_t *circuit, int flags = CIRCLAUNCH_NEED_CAPACITY | CIRCLAUNCH_IS_INTERNAL; if (circ_needs_uptime) flags |= CIRCLAUNCH_NEED_UPTIME; /* A Single Onion Service only uses a direct connection if its - * firewall rules permit direct connections to the address. */ - if (rend_service_use_direct_connection(options, rp)) { + * firewall rules permit direct connections to the address. + * + * We only use a one-hop path on the first attempt. If the first attempt + * fails, we use a 3-hop path for reachability / reliability. + * See the comment in rend_service_relauch_rendezvous() for details. */ + if (rend_service_use_direct_connection(options, rp) && i == 0) { flags = flags | CIRCLAUNCH_ONEHOP_TUNNEL; } launched = circuit_launch_by_extend_info( @@ -3086,8 +3090,15 @@ rend_service_launch_establish_intro(rend_service_t *service, extend_info_t *launch_ei = intro->extend_info; extend_info_t *direct_ei = NULL; - /* Are we in single onion mode? */ - if (rend_service_allow_non_anonymous_connection(options)) { + /* Are we in single onion mode? + * + * We only use a one-hop path on the first attempt. If the first attempt + * fails, we use a 3-hop path for reachability / reliability. + * (Unlike v3, retries is incremented by the caller after it calls this + * function.) + */ + if (rend_service_allow_non_anonymous_connection(options) && + intro->circuit_retries == 0) { /* Do we have a descriptor for the node? * We've either just chosen it from the consensus, or we've just reviewed * our intro points to see which ones are still valid, and deleted the ones |