commit 9493711077a0de1a704657b9645f0127e77455ed Author: Nick Mathewson nickm@torproject.org Date: Sun Nov 27 13:19:54 2016 -0500
Mark confirmed guards primary as appropriate.
If a guard becomes primary as a result of confirming it, consider the circuit through that guard as a primary circuit.
Also, note open questions on behavior when confirming nonprimary guards --- src/or/entrynodes.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-)
diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index f1fe9f1..0650cbe 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -1384,6 +1384,8 @@ entry_guards_note_guard_success(guard_selection_t *gs,
if (guard->confirmed_idx < 0) { make_guard_confirmed(gs, guard); + if (!gs->primary_guards_up_to_date) + entry_guards_update_primary(gs); }
unsigned new_state; @@ -1392,7 +1394,19 @@ entry_guards_note_guard_success(guard_selection_t *gs, } else { tor_assert_nonfatal( old_state == GUARD_CIRC_STATE_USABLE_IF_NO_BETTER_GUARD); - new_state = GUARD_CIRC_STATE_WAITING_FOR_BETTER_GUARD; + + if (guard->is_primary) { + /* XXXX prop271 -- I don't actually like this logic. It seems to make us + * a little more susceptible to evil-ISP attacks. The mitigations I'm + * thinking of, however, aren't local to this point, so I'll leave it + * alone. */ + /* This guard may have become primary by virtue of being confirmed. + If so, the circuit for it is now complete. + */ + new_state = GUARD_CIRC_STATE_COMPLETE; + } else { + new_state = GUARD_CIRC_STATE_WAITING_FOR_BETTER_GUARD; + }
if (last_time_on_internet + get_internet_likely_down_interval() < approx_time()) {