[tor-commits] [tor/master] Make NumEntryGuards work as expected again.

[nickm at torproject.org]

commit d9200d853d5b9125ebcb47ae5a02ef0cd52f436a
Author: Nick Mathewson <nickm at torproject.org>
Date:   Thu Dec 8 12:59:58 2016 -0500

    Make NumEntryGuards work as expected again.
    
    Further, add a "guard-n-primary-guards-to-use" parameter, defaulting
    to 1, for NumEntryGuards to override.
---
 src/or/entrynodes.c | 26 ++++++++++++++++++++++++--
 src/or/entrynodes.h |  6 ++++++
 2 files changed, 30 insertions(+), 2 deletions(-)

diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c
index 5c64dfd..9defd11 100644
--- a/src/or/entrynodes.c
+++ b/src/or/entrynodes.c
@@ -471,10 +471,32 @@ get_guard_confirmed_min_lifetime(void)
 STATIC int
 get_n_primary_guards(void)
 {
-  return networkstatus_get_param(NULL, "guard-n-primary-guards",
+  const int n = get_options()->NumEntryGuards;
+  if (n > 5) {
+    return n + n / 2;
+  } else if (n > 1) {
+    return n * 2;
+  }
+
+  return networkstatus_get_param(NULL,
+                                 "guard-n-primary-guards",
                                  DFLT_N_PRIMARY_GUARDS, 1, INT32_MAX);
 }
 /**
+ * Return the number of the live primary guards we should look at when
+ * making a circuit.
+ */
+STATIC int
+get_n_primary_guards_to_use(void)
+{
+  if (get_options()->NumEntryGuards > 1) {
+    return get_options()->NumEntryGuards;
+  }
+  return networkstatus_get_param(NULL,
+                                 "guard-n-primary-guards-to-use",
+                                 DFLT_N_PRIMARY_GUARDS_TO_USE, 1, INT32_MAX);
+}
+/**
  * If we haven't successfully built or used a circuit in this long, then
  * consider that the internet is probably down.
  */
@@ -1795,7 +1817,7 @@ select_entry_guard_for_circuit(guard_selection_t *gs,
   if (!gs->primary_guards_up_to_date)
     entry_guards_update_primary(gs);
 
-  int num_entry_guards = 1;
+  int num_entry_guards = get_n_primary_guards_to_use();
   smartlist_t *usable_primary_guards = smartlist_new();
 
   /* "If any entry in PRIMARY_GUARDS has {is_reachable} status of
diff --git a/src/or/entrynodes.h b/src/or/entrynodes.h
index 827755a..e2ae256 100644
--- a/src/or/entrynodes.h
+++ b/src/or/entrynodes.h
@@ -472,6 +472,11 @@ int num_bridges_usable(void);
  */
 #define DFLT_N_PRIMARY_GUARDS 3
 /**
+ * Of the live guards on the primary guard list, how many do we consider when
+ * choosing a guard to use?
+ */
+#define DFLT_N_PRIMARY_GUARDS_TO_USE 1
+/**
  * If we haven't successfully built or used a circuit in this long, then
  * consider that the internet is probably down.
  */
@@ -506,6 +511,7 @@ STATIC int get_remove_unlisted_guards_after_days(void);
 STATIC int get_guard_lifetime(void);
 STATIC int get_guard_confirmed_min_lifetime(void);
 STATIC int get_n_primary_guards(void);
+STATIC int get_n_primary_guards_to_use(void);
 STATIC int get_internet_likely_down_interval(void);
 STATIC int get_nonprimary_guard_connect_timeout(void);
 STATIC int get_nonprimary_guard_idle_timeout(void);