rendservice: Always use a 3-hop path when a v2 single onion intro fails

Previously, we always used a 1-hop path, no matter how many times a v2
single onion intro failed.

Fixes bug 23818; bugfix on 0.2.9.3-alpha.

diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index f145e9d694ec139f40583f7135cae1254cbb28b1..ca1be5e5dec3a2d26ff90e87a8099d54838a5de7 100644 (file)
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -3041,8 +3041,15 @@ rend_service_launch_establish_intro(rend_service_t *service,
   extend_info_t *launch_ei = intro->extend_info;
   extend_info_t *direct_ei = NULL;
 
-  /* Are we in single onion mode? */
-  if (rend_service_allow_non_anonymous_connection(options)) {
+  /* Are we in single onion mode?
+   *
+   * We only use a one-hop path on the first attempt. If the first attempt
+   * fails, we use a 3-hop path for reachability / reliability.
+   * (Unlike v3, retries is incremented by the caller after it calls this
+   * function.)
+   */
+  if (rend_service_allow_non_anonymous_connection(options) &&
+      intro->circuit_retries == 0) {
     /* Do we have a descriptor for the node?
      * We've either just chosen it from the consensus, or we've just reviewed
      * our intro points to see which ones are still valid, and deleted the ones