|
|
@@ -2122,8 +2122,12 @@ rend_service_receive_introduction(origin_circuit_t *circuit,
|
|
|
int flags = CIRCLAUNCH_NEED_CAPACITY | CIRCLAUNCH_IS_INTERNAL;
|
|
|
if (circ_needs_uptime) flags |= CIRCLAUNCH_NEED_UPTIME;
|
|
|
/* A Single Onion Service only uses a direct connection if its
|
|
|
- * firewall rules permit direct connections to the address. */
|
|
|
- if (rend_service_use_direct_connection(options, rp)) {
|
|
|
+ * firewall rules permit direct connections to the address.
|
|
|
+ *
|
|
|
+ * We only use a one-hop path on the first attempt. If the first attempt
|
|
|
+ * fails, we use a 3-hop path for reachability / reliability.
|
|
|
+ * See the comment in rend_service_relauch_rendezvous() for details. */
|
|
|
+ if (rend_service_use_direct_connection(options, rp) && i == 0) {
|
|
|
flags = flags | CIRCLAUNCH_ONEHOP_TUNNEL;
|
|
|
}
|
|
|
launched = circuit_launch_by_extend_info(
|
|
|
@@ -3063,8 +3067,15 @@ rend_service_launch_establish_intro(rend_service_t *service,
|
|
|
extend_info_t *launch_ei = intro->extend_info;
|
|
|
extend_info_t *direct_ei = NULL;
|
|
|
|
|
|
- /* Are we in single onion mode? */
|
|
|
- if (rend_service_allow_non_anonymous_connection(options)) {
|
|
|
+ /* Are we in single onion mode?
|
|
|
+ *
|
|
|
+ * We only use a one-hop path on the first attempt. If the first attempt
|
|
|
+ * fails, we use a 3-hop path for reachability / reliability.
|
|
|
+ * (Unlike v3, retries is incremented by the caller after it calls this
|
|
|
+ * function.)
|
|
|
+ */
|
|
|
+ if (rend_service_allow_non_anonymous_connection(options) &&
|
|
|
+ intro->circuit_retries == 0) {
|
|
|
/* Do we have a descriptor for the node?
|
|
|
* We've either just chosen it from the consensus, or we've just reviewed
|
|
|
* our intro points to see which ones are still valid, and deleted the ones
|
teor