hs: Always use a 3-hop path when a v3 single onion intro fails

Previously, we always used a 1-hop path, no matter how many times a v3
single onion intro failed.

Fixes bug 23818; bugfix on 0.3.2.1-alpha.

diff --git a/src/feature/hs/hs_circuit.c b/src/feature/hs/hs_circuit.c
index f7996a24f5baba7f493ba998fea4d1f261c929c3..d74b088f078f3fc1547e8477f82448a9aa321732 100644 (file)
--- a/src/feature/hs/hs_circuit.c
+++ b/src/feature/hs/hs_circuit.c
@@ -775,8 +775,15 @@ hs_circ_launch_intro_point(hs_service_t *service,
   tor_assert(ei);
 
   /* Update circuit flags in case of a single onion service that requires a
-   * direct connection. */
-  if (service->config.is_single_onion) {
+   * direct connection.
+   *
+   * We only use a one-hop path on the first attempt. If the first attempt
+   * fails, we use a 3-hop path for reachability / reliability.
+   * (Unlike v2, retries is incremented by the caller before it calls this
+   * function.)
+   */
+  tor_assert_nonfatal(ip->circuit_retries > 0);
+  if (service->config.is_single_onion && ip->circuit_retries == 1) {
     circ_flags |= CIRCLAUNCH_ONEHOP_TUNNEL;
   }