circ: Get rid of hs_circ_has_timed_out

Logic is too convoluted and we can't efficiently apply a specific
timeout depending on the purpose.

Remove it and instead rely on the right circuit cutoff instead of
keeping this flagged circuit open forever.

Part of #40694

Signed-off-by: David Goulet <dgoulet@torproject.org>

src/core/or/circuituse.c

@@ -133,11 +133,6 @@ circuit_is_acceptable(const origin_circuit_t *origin_circ,
       return 0;
   }
 
-  /* If this is a timed-out hidden service circuit, skip it. */
-  if (origin_circ->hs_circ_has_timed_out) {
-    return 0;
-  }
-
   if (purpose == CIRCUIT_PURPOSE_C_GENERAL ||
       purpose == CIRCUIT_PURPOSE_C_HSDIR_GET ||
       purpose == CIRCUIT_PURPOSE_S_HSDIR_POST ||
@@ -334,7 +329,6 @@ circuit_get_best(const entry_connection_t *conn,
 {
   origin_circuit_t *best=NULL;
   struct timeval now;
-  int intro_going_on_but_too_old = 0;
 
   tor_assert(conn);
 
@@ -353,15 +347,6 @@ circuit_get_best(const entry_connection_t *conn,
       continue;
     origin_circ = TO_ORIGIN_CIRCUIT(circ);
 
-    /* Log an info message if we're going to launch a new intro circ in
-     * parallel */
-    if (purpose == CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT &&
-        !must_be_open && origin_circ->hs_circ_has_timed_out &&
-        !circ->marked_for_close) {
-        intro_going_on_but_too_old = 1;
-        continue;
-    }
-
     if (!circuit_is_acceptable(origin_circ,conn,must_be_open,purpose,
                                need_uptime,need_internal, (time_t)now.tv_sec))
       continue;
@@ -374,11 +359,6 @@ circuit_get_best(const entry_connection_t *conn,
   }
   SMARTLIST_FOREACH_END(circ);
 
-  if (!best && intro_going_on_but_too_old)
-    log_info(LD_REND|LD_CIRC, "There is an intro circuit being created "
-             "right now, but it has already taken quite a while. Starting "
-             "one in parallel.");
-
   return best;
 }
 
@@ -450,7 +430,7 @@ circuit_expire_building(void)
    * circuit_build_times_get_initial_timeout() if we haven't computed
    * custom timeouts yet */
   struct timeval general_cutoff, begindir_cutoff, fourhop_cutoff,
-    close_cutoff, extremely_old_cutoff, hs_extremely_old_cutoff,
+    close_cutoff, extremely_old_cutoff,
     cannibalized_cutoff, c_intro_cutoff, s_intro_cutoff, stream_cutoff,
     c_rend_ready_cutoff;
   const or_options_t *options = get_options();
@@ -545,10 +525,6 @@ circuit_expire_building(void)
   SET_CUTOFF(close_cutoff, get_circuit_build_close_time_ms());
   SET_CUTOFF(extremely_old_cutoff, get_circuit_build_close_time_ms()*2 + 1000);
 
-  SET_CUTOFF(hs_extremely_old_cutoff,
-             MAX(get_circuit_build_close_time_ms()*2 + 1000,
-                 options->SocksTimeout * 1000));
-
   bool fixed_time = circuit_build_times_disabled(get_options());
 
   SMARTLIST_FOREACH_BEGIN(circuit_get_global_list(), circuit_t *,victim) {
@@ -595,9 +571,6 @@ circuit_expire_building(void)
     else
       cutoff = general_cutoff;
 
-    if (TO_ORIGIN_CIRCUIT(victim)->hs_circ_has_timed_out)
-      cutoff = hs_extremely_old_cutoff;
-
     if (timercmp(&victim->timestamp_began, &cutoff, OP_GT))
       continue; /* it's still young, leave it alone */
 
@@ -769,52 +742,31 @@ circuit_expire_building(void)
       }
     }
 
-    /* If this is a hidden service client circuit which is far enough along in
+    /* Special checks for onion service circuits. */
-     * connecting to its destination, and we haven't already flagged it as
-     * 'timed out', flag it so we'll launch another intro or rend circ, but
-     * don't mark it for close yet.
-     *
-     * (Circs flagged as 'timed out' are given a much longer timeout
-     * period above, so we won't close them in the next call to
-     * circuit_expire_building.) */
-    if (!(TO_ORIGIN_CIRCUIT(victim)->hs_circ_has_timed_out)) {
     switch (victim->purpose) {
     case CIRCUIT_PURPOSE_C_REND_READY:
       /* We only want to spare a rend circ iff it has been specified in an
        * INTRODUCE1 cell sent to a hidden service. */
-        if (!hs_circ_is_rend_sent_in_intro1(CONST_TO_ORIGIN_CIRCUIT(victim))) {
+      if (hs_circ_is_rend_sent_in_intro1(CONST_TO_ORIGIN_CIRCUIT(victim))) {
-          break;
+        continue;
       }
-        FALLTHROUGH;
+      break;
-      case CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT:
+    case CIRCUIT_PURPOSE_S_CONNECT_REND:
-      case CIRCUIT_PURPOSE_C_REND_READY_INTRO_ACKED:
+      /* The connection to the rendezvous point has timed out, close it and
-        /* If we have reached this line, we want to spare the circ for now. */
+       * retry if possible. */
-        log_info(LD_CIRC,"Marking circ %u (state %d:%s, purpose %d) "
+      log_info(LD_CIRC,"Rendezvous circ %u (state %d:%s, purpose %d) "
-                 "as timed-out HS circ",
+               "as timed-out, closing it. Relaunching rendezvous attempt.",
                (unsigned)victim->n_circ_id,
                victim->state, circuit_state_to_string(victim->state),
                victim->purpose);
-        TO_ORIGIN_CIRCUIT(victim)->hs_circ_has_timed_out = 1;
+      hs_circ_retry_service_rendezvous_point(TO_ORIGIN_CIRCUIT(victim));
-        continue;
+      /* We'll close as a timeout the victim circuit. The rendezvous point
+       * won't keep both circuits, it only keeps the newest (for the same
+       * cookie). */
+      break;
     default:
       break;
     }
-    }
-
-    /* If this is a service-side rendezvous circuit which is far
-     * enough along in connecting to its destination, consider sparing
-     * it. */
-    if (!(TO_ORIGIN_CIRCUIT(victim)->hs_circ_has_timed_out) &&
-        victim->purpose == CIRCUIT_PURPOSE_S_CONNECT_REND) {
-      log_info(LD_CIRC,"Marking circ %u (state %d:%s, purpose %d) "
-               "as timed-out HS circ; relaunching rendezvous attempt.",
-               (unsigned)victim->n_circ_id,
-               victim->state, circuit_state_to_string(victim->state),
-               victim->purpose);
-      TO_ORIGIN_CIRCUIT(victim)->hs_circ_has_timed_out = 1;
-      hs_circ_retry_service_rendezvous_point(TO_ORIGIN_CIRCUIT(victim));
-      continue;
-    }
 
     if (victim->n_chan)
       log_info(LD_CIRC,

src/core/or/origin_circuit_st.h

@@ -205,22 +205,6 @@ struct origin_circuit_t {
    * (in host byte order) for response comparison. */
   uint32_t pathbias_probe_nonce;
 
-  /** Set iff this is a hidden-service circuit which has timed out
-   * according to our current circuit-build timeout, but which has
-   * been kept around because it might still succeed in connecting to
-   * its destination, and which is not a fully-connected rendezvous
-   * circuit.
-   *
-   * (We clear this flag for client-side rendezvous circuits when they
-   * are 'joined' to the other side's rendezvous circuit, so that
-   * connection_ap_handshake_attach_circuit can put client streams on
-   * the circuit.  We also clear this flag for service-side rendezvous
-   * circuits when they are 'joined' to a client's rend circ, but only
-   * for symmetry with the client case.  Client-side introduction
-   * circuits are closed when we get a joined rend circ, and
-   * service-side introduction circuits never have this flag set.) */
-  unsigned int hs_circ_has_timed_out : 1;
-
   /** Set iff this circuit has been given a relaxed timeout because
    * no circuits have opened. Used to prevent spamming logs. */
   unsigned int relaxed_timeout : 1;

src/feature/hs/hs_circuit.c

@@ -126,11 +126,6 @@ finalize_rend_circuit(origin_circuit_t *circ, crypt_path_t *hop,
   hop->package_window = circuit_initial_package_window();
   hop->deliver_window = CIRCWINDOW_START;
 
-  /* Now that this circuit has finished connecting to its destination,
-   * make sure circuit_get_open_circ_or_launch is willing to return it
-   * so we can actually use it. */
-  circ->hs_circ_has_timed_out = 0;
-
   /* If congestion control, transfer ccontrol onto the cpath. */
   if (TO_CIRCUIT(circ)->ccontrol) {
     hop->ccontrol = TO_CIRCUIT(circ)->ccontrol;