If we are using an exit enclave and we can't connect, e.g. because

its webserver is misconfigured to not listen on localhost, then back
off and try connecting from somewhere else before we fail.


svn:r6783

doc/TODO

@@ -108,7 +108,7 @@ R   - remember the last time we saw one of our entry guards labelled with
     - If the client's clock is too far in the past, it will drop (or
       just not try to get) descriptors, so it'll never build circuits.
 R   - Failed rend desc fetches sometimes don't get retried.
-    - If we fail to connect via an exit enclave, (warn and) try again
+    o If we fail to connect via an exit enclave, (warn and) try again
       without demanding that exit node.
 R   - non-v1 authorities should not accept rend descs.
     - We need a separate list of "hidserv authorities" if we want to

src/or/circuituse.c

@@ -963,10 +963,16 @@ circuit_get_open_circ_or_launch(connection_t *conn,
     if (desired_circuit_purpose == CIRCUIT_PURPOSE_C_GENERAL) {
       if (conn->chosen_exit_name) {
         routerinfo_t *r;
+        int opt = conn->chosen_exit_optional;
         if (!(r = router_get_by_nickname(conn->chosen_exit_name, 1))) {
-          log_notice(LD_APP,
-                     "Requested exit point '%s' is not known. Closing.",
-                     conn->chosen_exit_name);
+          log_fn(opt ? LOG_INFO : LOG_WARN, LD_APP,
+                 "Requested exit point '%s' is not known. %s.",
+                 conn->chosen_exit_name, opt ? "Trying others" : "Closing");
+          if (opt) {
+            conn->chosen_exit_optional = 0;
+            tor_free(conn->chosen_exit_name);
+            return 0;
+          }
           return -1;
         }
         extend_info = extend_info_from_router(r);
@@ -1151,16 +1157,27 @@ connection_ap_handshake_attach_circuit(connection_t *conn)
 
     if (conn->chosen_exit_name) {
       routerinfo_t *router = router_get_by_nickname(conn->chosen_exit_name, 1);
+      int opt = conn->chosen_exit_optional;
       if (!router) {
-        log_warn(LD_APP,
-                 "Requested exit point '%s' is not known. Closing.",
-                 conn->chosen_exit_name);
+        log_fn(opt ? LOG_INFO : LOG_WARN, LD_APP,
+               "Requested exit point '%s' is not known. %s.",
+               conn->chosen_exit_name, opt ? "Trying others" : "Closing");
+        if (opt) {
+          conn->chosen_exit_optional = 0;
+          tor_free(conn->chosen_exit_name);
+          return 0;
+        }
         return -1;
       }
       if (!connection_ap_can_use_exit(conn, router)) {
-        log_warn(LD_APP,
-                 "Requested exit point '%s' would refuse request. Closing.",
-                 conn->chosen_exit_name);
+        log_fn(opt ? LOG_INFO : LOG_WARN, LD_APP,
+               "Requested exit point '%s' would refuse request. %s.",
+               conn->chosen_exit_name, opt ? "Trying others" : "Closing");
+        if (opt) {
+          conn->chosen_exit_optional = 0;
+          tor_free(conn->chosen_exit_name);
+          return 0;
+        }
         return -1;
       }
     }

src/or/connection_edge.c

@@ -1126,6 +1126,7 @@ connection_ap_handshake_rewrite_and_attach(connection_t *conn,
              routers with this nickname */
           conn->chosen_exit_name =
             tor_strdup(hex_str(r->cache_info.identity_digest, DIGEST_LEN));
+          conn->chosen_exit_optional = 1;
         }
       }
 

src/or/or.h

@@ -656,6 +656,8 @@ struct connection_t {
 
   /** Nickname of planned exit node -- used with .exit support. */
   char *chosen_exit_name;
+  /** If 1, and we fail to reach the chosen exit, stop requiring it. */
+  unsigned int chosen_exit_optional:1;
 
 /* Used only by OR connections: */
   tor_tls_t *tls; /**< TLS connection state (OR only.) */

src/or/relay.c

@@ -696,11 +696,21 @@ connection_edge_process_end_not_open(
         /* rewrite it to an IP if we learned one. */
         addressmap_rewrite(conn->socks_request->address,
                            sizeof(conn->socks_request->address));
+        if (conn->chosen_exit_optional) { /* stop wanting a specific exit */
+          conn->chosen_exit_optional = 0;
+          tor_free(conn->chosen_exit_name);
+        }
         if (connection_ap_detach_retriable(conn, circ) >= 0)
           return 0;
         /* else, conn will get closed below */
         break;
+      case END_STREAM_REASON_CONNECTREFUSED:
+        if (!conn->chosen_exit_optional)
+          break; /* break means it'll close, below */
+        /* Else fall through: expire this circuit, clear the
+         * chosen_exit_name field, and try again. */
       case END_STREAM_REASON_RESOLVEFAILED:
+      case END_STREAM_REASON_TIMEOUT:
       case END_STREAM_REASON_MISC:
         if (client_dns_incr_failures(conn->socks_request->address)
             < MAX_RESOLVE_FAILURES) {
@@ -709,6 +719,10 @@ connection_edge_process_end_not_open(
           tor_assert(circ->timestamp_dirty);
           circ->timestamp_dirty -= get_options()->MaxCircuitDirtiness;
 
+          if (conn->chosen_exit_optional) { /* stop wanting a specific exit */
+            conn->chosen_exit_optional = 0;
+            tor_free(conn->chosen_exit_name);
+          }
           if (connection_ap_detach_retriable(conn, circ) >= 0)
             return 0;
           /* else, conn will get closed below */
@@ -729,6 +743,10 @@ connection_edge_process_end_not_open(
           exitrouter->exit_policy =
             router_parse_addr_policy_from_string("reject *:*", -1);
         }
+        if (conn->chosen_exit_optional) { /* stop wanting a specific exit */
+          conn->chosen_exit_optional = 0;
+          tor_free(conn->chosen_exit_name);
+        }
         if (connection_ap_detach_retriable(conn, circ) >= 0)
           return 0;
         /* else, will close below */