Skip to content

v3 onion services don't respect MAX_REND_FAILURES

In can_relaunch_service_rendezvous_point() we check

  if (circ->build_state->failure_count > MAX_REND_FAILURES ||
      circ->build_state->expiry_time <= time(NULL)) {

for whether to abort the relaunch.

But in retry_service_rendezvous_point(), we do this:

  /* Transfer build state information to the new circuit state in part to
   * catch any other failures. */
  new_circ->build_state->failure_count = bstate->failure_count++;

That ++ increments the failure_count for the old circuit, which means the new circuit gets a failure_count of 0. No new circuits ever have a failure count of anything other than 0.

The legacy onion services handle it better, by doing

  newstate->failure_count = oldstate->failure_count+1;
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information