streams should migrate to better circuits more aggressively
Assert: most streams that fail to transition from SENTCONNECT to SUCCEEDED on a given within five seconds never make that transition at all. So, to improve client performance in the vast majority of cases, we should migrate these streams to new circuits more quickly (retrying, for example, after five seconds).
At the same time, some Internet services are very slow, or are attached to slow networks, and it may not be unreasonable for a normal connection through even a fast Tor circuit to take more than fifteen seconds (the current timeout interval).
I suggest that we add a failure count to streams. Rather than making them all wait 15 seconds to timeout and move to a new circuit, there should be a progressive timeout schedule that allows streams to migrate more quickly if they take too long to enter the SUCCEEDED state, under the assumption that circuits for which the transition takes too long are almost always undesirable anyway. This approach provides a reactive mode of balancing load that complements the proactive method of selecting nodes proportionally to advertised bandwidth.
I recommend a timeout schedule of 5 seconds for the first try followed by 10 and 15 seconds, respectively, for the next two tries. This provides an (expected) 2-approximation of the current timeout schedule for streams that take longer than five seconds to succeed, and a potential improvement by a factor of three or better for all those streams that happen to become attached to circuits that simply do not work.
[Automatically added by flyspray2trac: Operating System: All]