commit 68679504323b0a676a446b8fb34b976c9dc66b4f Author: Nick Mathewson nickm@torproject.org Date: Wed Dec 7 12:36:13 2016 -0500
Wrap all of the legacy guard code, and its users, in #ifdefs
This will make it easier to see what we remove down the line. --- src/or/bridges.c | 8 ++++ src/or/channel.c | 2 + src/or/circpathbias.c | 6 +++ src/or/circuitbuild.c | 2 + src/or/circuituse.c | 16 ++++---- src/or/config.c | 9 +++++ src/or/connection_or.c | 4 ++ src/or/control.c | 5 +++ src/or/entrynodes.c | 91 ++++++++++++++++++++++++++++++++++++++++++++-- src/or/entrynodes.h | 26 +++++++++++++ src/or/routerlist.c | 6 +++ src/test/test_entrynodes.c | 20 ++++++++-- src/test/test_routerlist.c | 10 +++++ 13 files changed, 188 insertions(+), 17 deletions(-)
diff --git a/src/or/bridges.c b/src/or/bridges.c index c480e3f..4058979 100644 --- a/src/or/bridges.c +++ b/src/or/bridges.c @@ -743,7 +743,11 @@ learned_bridge_descriptor(routerinfo_t *ri, int from_cache) (int) bridge->port); } if (get_options()->UseDeprecatedGuardAlgorithm) { +#ifdef ENABLE_LEGACY_GUARD_ALGORITHM add_bridge_as_entry_guard(get_guard_selection_info(), node); +#else + tor_assert_nonfatal_unreached(); +#endif } else { entry_guard_learned_bridge_identity(&bridge->addrport_configured, (const uint8_t*)ri->cache_info.identity_digest); @@ -754,8 +758,12 @@ learned_bridge_descriptor(routerinfo_t *ri, int from_cache) /* set entry->made_contact so if it goes down we don't drop it from * our entry node list */ if (get_options()->UseDeprecatedGuardAlgorithm) { +#ifdef ENABLE_LEGACY_GUARD_ALGORITHM entry_guard_register_connect_status(ri->cache_info.identity_digest, 1, 0, now); +#else + tor_assert_nonfatal_unreached(); +#endif } if (first) { routerlist_retry_directory_downloads(now); diff --git a/src/or/channel.c b/src/or/channel.c index 1e3e99c..9898148 100644 --- a/src/or/channel.c +++ b/src/or/channel.c @@ -2538,6 +2538,7 @@ channel_do_open_actions(channel_t *chan) if (started_here) { circuit_build_times_network_is_live(get_circuit_build_times_mutable()); rep_hist_note_connect_succeeded(chan->identity_digest, now); +#ifdef ENABLE_LEGACY_GUARD_ALGORITHM // XXXX prop271 this call is no longer useful with the new algorithm. if (entry_guard_register_connect_status( chan->identity_digest, 1, 0, now) < 0) { @@ -2549,6 +2550,7 @@ channel_do_open_actions(channel_t *chan) "connection so we can retry the earlier entry guards."); close_origin_circuits = 1; } +#endif router_set_status(chan->identity_digest, 1); } else { /* only report it to the geoip module if it's not a known router */ diff --git a/src/or/circpathbias.c b/src/or/circpathbias.c index be11465..d86d70f 100644 --- a/src/or/circpathbias.c +++ b/src/or/circpathbias.c @@ -1279,7 +1279,10 @@ pathbias_measure_use_rate(entry_guard_t *guard) tor_lround(pb->timeouts), tor_lround(get_circuit_build_close_time_ms()/1000)); pb->path_bias_disabled = 1; +#ifdef ENABLE_LEGACY_GUARD_ALGORITHM + // XXXX entry_guard_mark_bad(guard); +#endif return; } } else if (!pb->path_bias_use_extreme) { @@ -1385,7 +1388,10 @@ pathbias_measure_close_rate(entry_guard_t *guard) tor_lround(pb->timeouts), tor_lround(get_circuit_build_close_time_ms()/1000)); pb->path_bias_disabled = 1; +#ifdef ENABLE_LEGACY_GUARD_ALGORITHM + // XXXX entry_guard_mark_bad(guard); +#endif return; } } else if (!pb->path_bias_extreme) { diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c index 0790309..bf52b90 100644 --- a/src/or/circuitbuild.c +++ b/src/or/circuitbuild.c @@ -2277,6 +2277,7 @@ choose_good_entry_server(uint8_t purpose, cpath_build_state_t *state, * family. */ nodelist_add_node_and_family(excluded, node); } +#ifdef ENABLE_LEGACY_GUARD_ALGORITHM /* and exclude current entry guards and their families, * unless we're in a test network, and excluding guards * would exclude all nodes (i.e. we're in an incredibly small tor network, @@ -2295,6 +2296,7 @@ choose_good_entry_server(uint8_t purpose, cpath_build_state_t *state, } }); } +#endif
if (state) { if (state->need_uptime) diff --git a/src/or/circuituse.c b/src/or/circuituse.c index 787c490..8e0fbd1 100644 --- a/src/or/circuituse.c +++ b/src/or/circuituse.c @@ -550,16 +550,14 @@ circuit_expire_building(void) == CPATH_STATE_OPEN; log_info(LD_CIRC, "No circuits are opened. Relaxing timeout for circuit %d " - "(a %s %d-hop circuit in state %s with channel state %s). " - "%d guards are live.", + "(a %s %d-hop circuit in state %s with channel state %s).", TO_ORIGIN_CIRCUIT(victim)->global_identifier, circuit_purpose_to_string(victim->purpose), TO_ORIGIN_CIRCUIT(victim)->build_state ? TO_ORIGIN_CIRCUIT(victim)->build_state->desired_path_len : -1, circuit_state_to_string(victim->state), - channel_state_to_string(victim->n_chan->state), - num_live_entry_guards(0)); + channel_state_to_string(victim->n_chan->state));
/* We count the timeout here for CBT, because technically this * was a timeout, and the timeout value needs to reset if we @@ -577,7 +575,7 @@ circuit_expire_building(void) "No circuits are opened. Relaxed timeout for circuit %d " "(a %s %d-hop circuit in state %s with channel state %s) to " "%ldms. However, it appears the circuit has timed out " - "anyway. %d guards are live.", + "anyway.", TO_ORIGIN_CIRCUIT(victim)->global_identifier, circuit_purpose_to_string(victim->purpose), TO_ORIGIN_CIRCUIT(victim)->build_state ? @@ -585,8 +583,7 @@ circuit_expire_building(void) -1, circuit_state_to_string(victim->state), channel_state_to_string(victim->n_chan->state), - (long)build_close_ms, - num_live_entry_guards(0)); + (long)build_close_ms); } }
@@ -1655,8 +1652,10 @@ circuit_build_failed(origin_circuit_t *circ) /* New guard API: we failed. */ if (circ->guard_state) entry_guard_failed(&circ->guard_state); +#ifdef ENABLE_LEGACY_GUARD_ALGORITHM /* Old guard API: we failed. */ entry_guard_register_connect_status(n_chan_id, 0, 1, time(NULL)); +#endif /* if there are any one-hop streams waiting on this circuit, fail * them now so they can retry elsewhere. */ connection_ap_fail_onehop(n_chan_id, circ->build_state); @@ -1966,7 +1965,7 @@ circuit_get_open_circ_or_launch(entry_connection_t *conn, int severity = LOG_NOTICE; /* Retry some stuff that might help the connection work. */ if (entry_list_is_constrained(options) && - entries_known_but_down(options)) { + guards_retry_optimistic(options)) { log_fn(severity, LD_APP|LD_DIR, "Application request when we haven't %s. " "Optimistically trying known %s again.", @@ -1974,7 +1973,6 @@ circuit_get_open_circ_or_launch(entry_connection_t *conn, "used client functionality lately" : "received a consensus with exits", options->UseBridges ? "bridges" : "entrynodes"); - entries_retry_all(options); } else if (!options->UseBridges || any_bridge_descriptors_known()) { log_fn(severity, LD_APP|LD_DIR, "Application request when we haven't %s. " diff --git a/src/or/config.c b/src/or/config.c index 22e5dfd..2ec96d3 100644 --- a/src/or/config.c +++ b/src/or/config.c @@ -2116,11 +2116,13 @@ options_act(const or_options_t *old_options) rep_hist_desc_stats_term();
/* Check if we need to parse and add the EntryNodes config option. */ +#ifdef ENABLE_LEGACY_GUARD_ALGORITHM if (options->EntryNodes && (!old_options || !routerset_equal(old_options->EntryNodes,options->EntryNodes) || !routerset_equal(old_options->ExcludeNodes,options->ExcludeNodes))) entry_nodes_should_be_added(); +#endif
/* Since our options changed, we might need to regenerate and upload our * server descriptor. @@ -3040,6 +3042,13 @@ options_validate(or_options_t *old_options, or_options_t *options,
warn_about_relative_paths(options);
+#ifndef ENABLE_LEGACY_GUARD_ALGORITHM + if (options->UseDeprecatedGuardAlgorithm) { + log_warn(LD_CONFIG, "DeprecatedGuardAlgorithm not supported."); + return -1; + } +#endif + if (server_mode(options) && (!strcmpstart(uname, "Windows 95") || !strcmpstart(uname, "Windows 98") || diff --git a/src/or/connection_or.c b/src/or/connection_or.c index 3b6f82c..6233fb7 100644 --- a/src/or/connection_or.c +++ b/src/or/connection_or.c @@ -737,9 +737,11 @@ connection_or_about_to_close(or_connection_t *or_conn) rep_hist_note_connect_failed(or_conn->identity_digest, now); /* Tell the new guard API about the channel failure */ entry_guard_chan_failed(TLS_CHAN_TO_BASE(or_conn->chan)); +#ifdef ENABLE_LEGACY_GUARD_ALGORITHM /* Tell the old guard API about the channel failure */ entry_guard_register_connect_status(or_conn->identity_digest,0, !options->HTTPSProxy, now); +#endif if (conn->state >= OR_CONN_STATE_TLS_HANDSHAKING) { int reason = tls_error_to_orconn_end_reason(or_conn->tls_error); control_event_or_conn_status(or_conn, OR_CONN_EVENT_FAILED, @@ -1678,9 +1680,11 @@ connection_or_client_learned_peer_id(or_connection_t *conn, conn->base_.address, conn->base_.port, expected, seen, extra_log); /* Tell the new guard API about the channel failure */ entry_guard_chan_failed(TLS_CHAN_TO_BASE(conn->chan)); +#ifdef ENABLE_LEGACY_GUARD_ALGORITHM /* Tell the old guard API about the channel failure */ entry_guard_register_connect_status(conn->identity_digest, 0, 1, time(NULL)); +#endif control_event_or_conn_status(conn, OR_CONN_EVENT_FAILED, END_OR_CONN_REASON_OR_IDENTITY); if (!authdir_mode_tests_reachability(options)) diff --git a/src/or/control.c b/src/or/control.c index 03742e8..9a8845a 100644 --- a/src/or/control.c +++ b/src/or/control.c @@ -4041,12 +4041,17 @@ handle_control_dropguards(control_connection_t *conn, smartlist_split_string(args, body, " ", SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM if (smartlist_len(args)) { connection_printf_to_buf(conn, "512 Too many arguments to DROPGUARDS\r\n"); } else { remove_all_entry_guards(); send_control_done(conn); } +#else + // XXXX + connection_printf_to_buf(conn, "512 not supported\r\n"); +#endif
SMARTLIST_FOREACH(args, char *, cp, tor_free(cp)); smartlist_free(args); diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index ac62155..76070a3 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -149,11 +149,13 @@ static guard_selection_t *curr_guard_context = NULL; * and those changes need to be flushed to disk. */ static int entry_guards_dirty = 0;
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM static const node_t *choose_random_entry_impl(guard_selection_t *gs, cpath_build_state_t *state, int for_directory, dirinfo_type_t dirtype, int *n_options_out); +#endif static void entry_guard_set_filtered_flags(const or_options_t *options, guard_selection_t *gs, entry_guard_t *guard); @@ -228,7 +230,9 @@ guard_selection_new(const char *name, gs = tor_malloc_zero(sizeof(*gs)); gs->name = tor_strdup(name); gs->type = type; +#ifdef ENABLE_LEGACY_GUARD_ALGORITHM gs->chosen_entry_guards = smartlist_new(); +#endif gs->sampled_entry_guards = smartlist_new(); gs->confirmed_entry_guards = smartlist_new(); gs->primary_entry_guards = smartlist_new(); @@ -298,6 +302,7 @@ get_guard_selection_info(void) return curr_guard_context; }
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM /** Return the list of entry guards for a guard_selection_t, creating it * if necessary. */ const smartlist_t * @@ -324,6 +329,7 @@ entry_guard_mark_bad(entry_guard_t *guard) guard->bad_since = approx_time(); entry_guards_changed(); } +#endif
/** Return a statically allocated human-readable description of <b>guard</b> */ @@ -2831,6 +2837,7 @@ entry_guards_load_guards_from_state(or_state_t *state, int set) /* XXXXX prop271 ----- end of new-for-prop271 code ----- */ /* XXXXX ----------------------------------------------- */
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM /** * @name Constants for old (pre-prop271) guard selection algorithm. */ @@ -3109,6 +3116,7 @@ num_live_entry_guards(int for_directory) return num_live_entry_guards_for_guard_selection( get_guard_selection_info(), for_directory); } +#endif
/** If <b>digest</b> matches the identity of any node in the * entry_guards list for the provided guard selection state, @@ -3123,11 +3131,12 @@ entry_guard_get_by_id_digest_for_guard_selection(guard_selection_t *gs, if (tor_memeq(digest, entry->identity, DIGEST_LEN)) return entry; ); - +#ifdef ENABLE_LEGACY_GUARD_ALGORITHM SMARTLIST_FOREACH(gs->chosen_entry_guards, entry_guard_t *, entry, if (tor_memeq(digest, entry->identity, DIGEST_LEN)) return entry; ); +#endif return NULL; }
@@ -3150,6 +3159,7 @@ entry_guard_get_by_id_digest(const char *digest) get_guard_selection_info(), digest); }
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM /** Dump a description of our list of entry guards in the given guard * selection context to the log at level <b>severity</b>. */ static void @@ -3375,6 +3385,7 @@ pick_entry_guards(guard_selection_t *gs, if (changed) entry_guards_changed_for_guard_selection(gs); } +#endif
/** Release all storage held by <b>e</b>. */ STATIC void @@ -3383,7 +3394,9 @@ entry_guard_free(entry_guard_t *e) if (!e) return; entry_guard_handles_clear(e); +#ifdef ENABLE_LEGACY_GUARD_ALGORITHM tor_free(e->chosen_by_version); +#endif tor_free(e->sampled_by_version); tor_free(e->extra_state_fields); tor_free(e->selection_name); @@ -3391,6 +3404,7 @@ entry_guard_free(entry_guard_t *e) tor_free(e); }
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM /** Remove from a guard selection context any entry guard which was selected * by an unknown version of Tor, or which was selected by a version of Tor * that's known to select entry guards badly, or which was selected more 2 @@ -3869,6 +3883,7 @@ entry_guards_set_from_config(guard_selection_t *gs, smartlist_free(old_entry_guards_not_on_list); entry_guards_changed_for_guard_selection(gs); } +#endif
/** Return 0 if we're fine adding arbitrary routers out of the * directory to our entry guard list, or return 1 if we have a @@ -3877,6 +3892,7 @@ entry_guards_set_from_config(guard_selection_t *gs, int entry_list_is_constrained(const or_options_t *options) { + // XXXX prop271 look at the current selection. if (options->EntryNodes) return 1; if (options->UseBridges) @@ -3884,6 +3900,7 @@ entry_list_is_constrained(const or_options_t *options) return 0; }
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM /** Pick a live (up and listed) entry guard from entry_guards. If * <b>state</b> is non-NULL, this is for a specific circuit -- * make sure not to pick this circuit's exit or any node in the @@ -3910,6 +3927,7 @@ choose_random_dirguard(dirinfo_type_t type) return choose_random_entry_impl(get_guard_selection_info(), NULL, 1, type, NULL); } +#endif
/** Return the number of bridges that have descriptors that are marked with * purpose 'bridge' and are running. @@ -3920,10 +3938,13 @@ num_bridges_usable(void) int n_options = 0;
if (get_options()->UseDeprecatedGuardAlgorithm) { - +#ifdef ENABLE_LEGACY_GUARD_ALGORITHM tor_assert(get_options()->UseBridges); (void) choose_random_entry_impl(get_guard_selection_info(), NULL, 0, 0, &n_options); +#else + tor_assert_nonfatal_unreached(); +#endif } else { /* XXXX prop271 Is this quite right? */ tor_assert(get_options()->UseBridges); @@ -3944,6 +3965,7 @@ num_bridges_usable(void) return n_options; }
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM /** Filter <b>all_entry_guards</b> for usable entry guards and put them * in <b>live_entry_guards</b>. We filter based on whether the node is * currently alive, and on whether it satisfies the restrictions @@ -4156,6 +4178,7 @@ choose_random_entry_impl(guard_selection_t *gs, smartlist_free(live_entry_guards); return node; } +#endif
static void pathbias_check_use_success_count(entry_guard_t *node) @@ -4199,6 +4222,7 @@ pathbias_check_close_success_count(entry_guard_t *node) } }
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM /** Parse <b>state</b> and learn about the entry guards it describes. * If <b>set</b> is true, and there are no errors, replace the guard * list in the provided guard selection context with what we find. @@ -4452,6 +4476,7 @@ entry_guards_parse_state_for_guard_selection( digestmap_free(added_by, tor_free_); return *msg ? -1 : 0; } +#endif
/** Parse <b>state</b> and learn about the entry guards it describes. * If <b>set</b> is true, and there are no errors, replace the guard @@ -4466,9 +4491,13 @@ entry_guards_parse_state(or_state_t *state, int set, char **msg)
int r1 = entry_guards_load_guards_from_state(state, set);
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM int r2 = entry_guards_parse_state_for_guard_selection( get_guard_selection_by_name("legacy", GS_TYPE_LEGACY, 1), state, set, msg); +#else + int r2 = 0; +#endif
entry_guards_dirty = 0;
@@ -4530,8 +4559,6 @@ entry_guards_changed(void) void entry_guards_update_state(or_state_t *state) { - config_line_t **next, *line; - entry_guards_dirty = 0;
// Handles all non-legacy guard info. @@ -4539,6 +4566,9 @@ entry_guards_update_state(or_state_t *state)
entry_guards_dirty = 0;
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM + config_line_t **next, *line; + guard_selection_t *gs; gs = get_guard_selection_by_name("legacy", GS_TYPE_LEGACY, 0); if (!gs) @@ -4612,6 +4642,7 @@ entry_guards_update_state(or_state_t *state) }
} SMARTLIST_FOREACH_END(e); +#endif if (!get_options()->AvoidDiskWrites) or_state_mark_dirty(get_or_state(), 0); entry_guards_dirty = 0; @@ -4634,11 +4665,18 @@ getinfo_helper_entry_guards(control_connection_t *conn, guard_selection_t *gs = get_guard_selection_info();
tor_assert(gs != NULL); +#ifdef ENABLE_LEGACY_GUARD_ALGORITHM tor_assert(gs->chosen_entry_guards != NULL); +#else + // XXXX + (void)question; + (void)answer; +#endif
(void) conn; (void) errmsg;
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM if (!strcmp(question,"entry-guards") || !strcmp(question,"helper-nodes")) { smartlist_t *sl = smartlist_new(); @@ -4683,6 +4721,7 @@ getinfo_helper_entry_guards(control_connection_t *conn, SMARTLIST_FOREACH(sl, char *, c, tor_free(c)); smartlist_free(sl); } +#endif return 0; }
@@ -4721,6 +4760,7 @@ guard_get_guardfraction_bandwidth(guardfraction_bandwidth_t *guardfraction_bw, guardfraction_bw->non_guard_bw = orig_bandwidth - (int) guard_bw; }
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM /** Returns true iff the node is used as a guard in the specified guard * context */ int @@ -4819,6 +4859,7 @@ entries_retry_all(const or_options_t *options) tor_assert(entry_list_is_constrained(options)); entries_retry_helper(options, 1); } +#endif
/** Helper: Update the status of all entry guards, in whatever algorithm * is used. Return true if we should stop using all previously generated @@ -4833,7 +4874,11 @@ guards_update_all(void) tor_assert(curr_guard_context);
if (curr_guard_context->type == GS_TYPE_LEGACY) { +#ifdef ENABLE_LEGACY_GUARD_ALGORITHM entry_guards_compute_status(get_options(), approx_time()); +#else + tor_assert_nonfatal_unreached(); +#endif } else { if (entry_guards_update_all(curr_guard_context)) mark_circuits = 1; @@ -4849,7 +4894,12 @@ guards_choose_guard(cpath_build_state_t *state, circuit_guard_state_t **guard_state_out) { if (get_options()->UseDeprecatedGuardAlgorithm) { +#ifdef ENABLE_LEGACY_GUARD_ALGORITHM return choose_random_entry(state); +#else + tor_assert_nonfatal_unreached(); + return NULL; +#endif } else { const node_t *r = NULL; const uint8_t *exit_id = NULL; @@ -4877,7 +4927,13 @@ guards_choose_dirguard(dirinfo_type_t info, circuit_guard_state_t **guard_state_out) { if (get_options()->UseDeprecatedGuardAlgorithm) { +#ifdef ENABLE_LEGACY_GUARD_ALGORITHM return choose_random_dirguard(info); +#else + (void)info; + tor_assert_nonfatal_unreached(); + return NULL; +#endif } else { /* XXXX prop271 We don't need to look at the dirinfo_type_t here, * apparently. If you look at the old implementation, and you follow info @@ -4897,6 +4953,31 @@ guards_choose_dirguard(dirinfo_type_t info, } }
+/** + * If we're running with a constrained guard set, then maybe mark our guards + * usable. Return 1 if we do; 0 if we don't. + */ +int +guards_retry_optimistic(const or_options_t *options) +{ + if (! entry_list_is_constrained(options)) + return 0; + +#ifdef ENABLE_LEGACY_GUARD_ALGORITHM + if (options->UseDeprecatedGuardAlgorithm) { + if (entries_known_but_down(options)) { + entries_retry_all(options); + return 1; + } + } +#endif + + // XXXX prop271 -- is this correct? + mark_primary_guards_maybe_reachable(get_guard_selection_info()); + + return 1; +} + /** Free one guard selection context */ STATIC void guard_selection_free(guard_selection_t *gs) @@ -4905,12 +4986,14 @@ guard_selection_free(guard_selection_t *gs)
tor_free(gs->name);
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM if (gs->chosen_entry_guards) { SMARTLIST_FOREACH(gs->chosen_entry_guards, entry_guard_t *, e, entry_guard_free(e)); smartlist_free(gs->chosen_entry_guards); gs->chosen_entry_guards = NULL; } +#endif
if (gs->sampled_entry_guards) { SMARTLIST_FOREACH(gs->sampled_entry_guards, entry_guard_t *, e, diff --git a/src/or/entrynodes.h b/src/or/entrynodes.h index c05a3e3..3250be1 100644 --- a/src/or/entrynodes.h +++ b/src/or/entrynodes.h @@ -28,6 +28,11 @@ typedef struct circuit_guard_state_t circuit_guard_state_t; private. */ typedef struct entry_guard_restriction_t entry_guard_restriction_t;
+/* + XXXX Prop271 undefine this in order to disable all legacy guard functions. +*/ +#define ENABLE_LEGACY_GUARD_ALGORITHM + /* Information about a guard's pathbias status. * These fields are used in circpathbias.c to try to detect entry * nodes that are failing circuits at a suspicious frequency. @@ -174,6 +179,7 @@ struct entry_guard_t { guard_selection_t *in_selection; /**@}*/
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM /** * @name legacy guard selection algorithm fields * @@ -202,6 +208,7 @@ struct entry_guard_t { * at which we last failed to connect to it. */
/**}@*/ +#endif
/** Path bias information for this guard. */ guard_pathbias_t pb; @@ -298,6 +305,7 @@ struct guard_selection_s { * confirmed_entry_guards receive? */ int next_confirmed_idx;
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM /** * A list of our chosen entry guards, as entry_guard_t structures; this * preserves the pre-Prop271 behavior. @@ -310,6 +318,7 @@ struct guard_selection_s { * preserves the pre-Prop271 behavior. */ int should_add_entry_nodes; +#endif };
struct entry_guard_handle_t; @@ -369,9 +378,11 @@ entry_guard_t *entry_guard_get_by_id_digest(const char *digest); void entry_guards_changed_for_guard_selection(guard_selection_t *gs); void entry_guards_changed(void); guard_selection_t * get_guard_selection_info(void); +#ifdef ENABLE_LEGACY_GUARD_ALGORITHM const smartlist_t *get_entry_guards_for_guard_selection( guard_selection_t *gs); const smartlist_t *get_entry_guards(void); +#endif int num_live_entry_guards_for_guard_selection( guard_selection_t *gs, int for_directory); @@ -379,7 +390,9 @@ int num_live_entry_guards(int for_directory); #endif
const node_t *entry_guard_find_node(const entry_guard_t *guard); +#ifdef ENABLE_LEGACY_GUARD_ALGORITHM void entry_guard_mark_bad(entry_guard_t *guard); +#endif const char *entry_guard_get_rsa_id_digest(const entry_guard_t *guard); const char *entry_guard_describe(const entry_guard_t *guard); guard_pathbias_t *entry_guard_get_pathbias_state(entry_guard_t *guard); @@ -408,8 +421,10 @@ void entry_guards_note_internet_connectivity(guard_selection_t *gs); int update_guard_selection_choice(const or_options_t *options);
/* Used by bridges.c only. */ +#ifdef ENABLE_LEGACY_GUARD_ALGORITHM void add_bridge_as_entry_guard(guard_selection_t *gs, const node_t *chosen); +#endif int num_bridges_usable(void);
#ifdef ENTRYNODES_PRIVATE @@ -568,6 +583,7 @@ STATIC unsigned entry_guards_note_guard_success(guard_selection_t *gs, unsigned old_state); STATIC int entry_guard_has_higher_priority(entry_guard_t *a, entry_guard_t *b);
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM // ---------- XXXX this stuff is pre-prop271.
STATIC const node_t *add_an_entry_guard(guard_selection_t *gs, @@ -599,16 +615,20 @@ STATIC const node_t *entry_is_live(const entry_guard_t *e, const char **msg);
STATIC int entry_is_time_to_retry(const entry_guard_t *e, time_t now); +#endif
#endif
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM void remove_all_entry_guards_for_guard_selection(guard_selection_t *gs); void remove_all_entry_guards(void); +#endif
struct bridge_info_t; void entry_guard_learned_bridge_identity(const tor_addr_port_t *addrport, const uint8_t *rsa_id_digest);
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM void entry_guards_compute_status_for_guard_selection( guard_selection_t *gs, const or_options_t *options, time_t now); void entry_guards_compute_status(const or_options_t *options, time_t now); @@ -619,9 +639,13 @@ int entry_guard_register_connect_status(const char *digest, int succeeded, int mark_relay_status, time_t now); void entry_nodes_should_be_added_for_guard_selection(guard_selection_t *gs); void entry_nodes_should_be_added(void); +#endif int entry_list_is_constrained(const or_options_t *options); +#ifdef ENABLE_LEGACY_GUARD_ALGORITHM const node_t *choose_random_entry(cpath_build_state_t *state); const node_t *choose_random_dirguard(dirinfo_type_t t); +#endif +int guards_retry_optimistic(const or_options_t *options); int entry_guards_parse_state_for_guard_selection( guard_selection_t *gs, or_state_t *state, int set, char **msg); int entry_guards_parse_state(or_state_t *state, int set, char **msg); @@ -629,9 +653,11 @@ void entry_guards_update_state(or_state_t *state); int getinfo_helper_entry_guards(control_connection_t *conn, const char *question, char **answer, const char **errmsg); +#ifdef ENABLE_LEGACY_GUARD_ALGORITHM int is_node_used_as_guard_for_guard_selection(guard_selection_t *gs, const node_t *node); MOCK_DECL(int, is_node_used_as_guard, (const node_t *node)); +#endif
int entries_known_but_down(const or_options_t *options); void entries_retry_all(const or_options_t *options); diff --git a/src/or/routerlist.c b/src/or/routerlist.c index d2f360a..cfa570c 100644 --- a/src/or/routerlist.c +++ b/src/or/routerlist.c @@ -2003,6 +2003,10 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags, int try_excluding = 1, n_excluded = 0, n_busy = 0; int try_ip_pref = 1;
+#ifndef ENABLE_LEGACY_GUARD_ALGORITHM + tor_assert_nonfatal(! for_guard); +#endif + if (!consensus) return NULL;
@@ -2038,10 +2042,12 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags, if ((type & EXTRAINFO_DIRINFO) && !router_supports_extrainfo(node->identity, is_trusted_extrainfo)) continue; +#ifdef ENABLE_LEGACY_GUARD_ALGORITHM /* Don't make the same node a guard twice */ if (for_guard && is_node_used_as_guard(node)) { continue; } +#endif /* Ensure that a directory guard is actually a guard node. */ if (for_guard && !node->is_possible_guard) { continue; diff --git a/src/test/test_entrynodes.c b/src/test/test_entrynodes.c index fbb3b13..594708a 100644 --- a/src/test/test_entrynodes.c +++ b/src/test/test_entrynodes.c @@ -45,6 +45,7 @@ get_or_state_replacement(void) return dummy_state; }
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM /* Unittest cleanup function: Cleanup the fake network. */ static int fake_network_cleanup(const struct testcase_t *testcase, void *ptr) @@ -77,6 +78,7 @@ fake_network_setup(const struct testcase_t *testcase) /* Return anything but NULL (it's interpreted as test fail) */ return dummy_state; } +#endif
static networkstatus_t *dummy_consensus = NULL;
@@ -200,6 +202,7 @@ mock_get_options(void) return &mocked_options; }
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM /** Test choose_random_entry() with none of our routers being guard nodes. */ static void test_choose_random_entry_no_guards(void *arg) @@ -888,6 +891,7 @@ test_entry_is_live(void *arg) done: ; /* XXX */ } +#endif
#define TEST_IPV4_ADDR "123.45.67.89" #define TEST_IPV6_ADDR "[1234:5678:90ab:cdef::]" @@ -1471,8 +1475,12 @@ test_entry_guard_parse_from_state_broken(void *arg) tt_int_op(smartlist_len(gs_df->sampled_entry_guards), OP_EQ, 1); guard_selection_t *gs_legacy = get_guard_selection_by_name("legacy", GS_TYPE_LEGACY, 0); +#ifdef ENABLE_LEGACY_GUARD_ALGORITHM tt_assert(gs_legacy != NULL); tt_int_op(smartlist_len(gs_legacy->chosen_entry_guards), OP_EQ, 0); +#else + tt_assert(gs_legacy == NULL); +#endif
done: config_free_lines(lines); @@ -2455,7 +2463,7 @@ test_entry_guard_select_for_circuit_no_confirmed(void *arg) // if we mark that guard down, we should get a different primary guard. // auto-retry it. g->is_reachable = GUARD_REACHABLE_NO; - g->unreachable_since = approx_time() - 10; + g->failing_since = approx_time() - 10; g->last_tried_to_connect = approx_time() - 10; state = 9999; g2 = select_entry_guard_for_circuit(gs, NULL, &state); @@ -2469,7 +2477,7 @@ test_entry_guard_select_for_circuit_no_confirmed(void *arg)
// If we say that the first primary guard was last tried a long time ago, we // should get an automatic retry on it. - g->unreachable_since = approx_time() - 72*60*60; + g->failing_since = approx_time() - 72*60*60; g->last_tried_to_connect = approx_time() - 72*60*60; state = 9999; g2 = select_entry_guard_for_circuit(gs, NULL, &state); @@ -2484,7 +2492,7 @@ test_entry_guard_select_for_circuit_no_confirmed(void *arg) SMARTLIST_FOREACH(gs->primary_entry_guards, entry_guard_t *, guard, { guard->is_reachable = GUARD_REACHABLE_NO; guard->last_tried_to_connect = approx_time() - 5; - guard->unreachable_since = approx_time() - 30; + guard->failing_since = approx_time() - 30; }); state = 9999; g2 = select_entry_guard_for_circuit(gs, NULL, &state); @@ -2503,7 +2511,7 @@ test_entry_guard_select_for_circuit_no_confirmed(void *arg) tt_assert(guard->is_usable_filtered_guard == 1); // no change to these fields. tt_i64_op(guard->last_tried_to_connect, OP_EQ, approx_time() - 5); - tt_i64_op(guard->unreachable_since, OP_EQ, approx_time() - 30); + tt_i64_op(guard->failing_since, OP_EQ, approx_time() - 30); });
/* Let's try again and we should get the first primary guard again */ @@ -3334,9 +3342,11 @@ test_enty_guard_should_expire_waiting(void *arg) tor_free(fake_state); }
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM static const struct testcase_setup_t fake_network = { fake_network_setup, fake_network_cleanup }; +#endif
static const struct testcase_setup_t big_fake_network = { big_fake_network_setup, big_fake_network_cleanup @@ -3354,6 +3364,7 @@ static const struct testcase_setup_t upgrade_circuits = { (void*)(arg) }
struct testcase_t entrynodes_tests[] = { +#ifdef ENABLE_LEGACY_GUARD_ALGORITHM { "entry_is_time_to_retry", test_entry_is_time_to_retry, TT_FORK, NULL, NULL }, { "choose_random_entry_no_guards", test_choose_random_entry_no_guards, @@ -3379,6 +3390,7 @@ struct testcase_t entrynodes_tests[] = { { "entry_is_live", test_entry_is_live, TT_FORK, &fake_network, NULL }, +#endif { "node_preferred_orport", test_node_preferred_orport, 0, NULL, NULL }, diff --git a/src/test/test_routerlist.c b/src/test/test_routerlist.c index af5c121..73e8d10 100644 --- a/src/test/test_routerlist.c +++ b/src/test/test_routerlist.c @@ -204,6 +204,7 @@ mock_usable_consensus_flavor(void) return mock_usable_consensus_flavor_value; }
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM static smartlist_t *mock_is_guard_list = NULL;
static int @@ -250,6 +251,7 @@ clear_mock_guard_list(void) mock_is_guard_list = NULL; } } +#endif
static void test_router_pick_directory_server_impl(void *arg) @@ -271,7 +273,9 @@ test_router_pick_directory_server_impl(void *arg) (void)arg;
MOCK(usable_consensus_flavor, mock_usable_consensus_flavor); +#ifdef ENABLE_LEGACY_GUARD_ALGORITHM MOCK(is_node_used_as_guard, mock_is_node_used_as_guard); +#endif
/* With no consensus, we must be bootstrapping, regardless of time or flavor */ @@ -384,6 +388,7 @@ test_router_pick_directory_server_impl(void *arg) node_router1->is_valid = 1; node_router3->is_valid = 1;
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM flags |= PDS_FOR_GUARD; mark_node_used_as_guard(node_router1); mark_node_used_as_guard(node_router2); @@ -397,8 +402,10 @@ test_router_pick_directory_server_impl(void *arg) rs = NULL; mark_node_unused_as_guard(node_router2); mark_node_unused_as_guard(node_router3); +#endif
/* One not valid, one guard. This should leave one remaining */ +#ifdef ENABLE_LEGACY_GUARD_ALGORITHM node_router1->is_valid = 0; mark_node_used_as_guard(node_router2); rs = router_pick_directory_server_impl(V3_DIRINFO, flags, NULL); @@ -407,6 +414,7 @@ test_router_pick_directory_server_impl(void *arg) rs = NULL; node_router1->is_valid = 1; mark_node_unused_as_guard(node_router2); +#endif
/* Manipulate overloaded */
@@ -469,8 +477,10 @@ test_router_pick_directory_server_impl(void *arg)
done: UNMOCK(usable_consensus_flavor); +#ifdef ENABLE_LEGACY_GUARD_ALGORITHM UNMOCK(is_node_used_as_guard); clear_mock_guard_list(); +#endif
if (router1_id) tor_free(router1_id);
tor-commits@lists.torproject.org