[tor-commits] [tor/master] relay: Double the size of the relay reentry set

dgoulet at torproject.org dgoulet at torproject.org
Mon Feb 1 14:30:59 UTC 2021


commit 838e07be9dc88d41da39a1b4b6b445f67309b108
Author: David Goulet <dgoulet at torproject.org>
Date:   Mon Feb 1 09:04:50 2021 -0500

    relay: Double the size of the relay reentry set
    
    This is to minimize false positive and thus deny reentry to Exit connections
    that were in reality not re-entering. Helps with overall UX.
    
    Signed-off-by: David Goulet <dgoulet at torproject.org>
---
 src/feature/nodelist/nodelist.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/src/feature/nodelist/nodelist.c b/src/feature/nodelist/nodelist.c
index 0c9bdb3c0e..6a6f277849 100644
--- a/src/feature/nodelist/nodelist.c
+++ b/src/feature/nodelist/nodelist.c
@@ -670,8 +670,12 @@ nodelist_set_consensus(const networkstatus_t *ns)
   address_set_free(the_nodelist->node_addrs);
   addr_port_set_free(the_nodelist->reentry_set);
   the_nodelist->node_addrs = address_set_new(estimated_addresses);
-  /* Times two here is for both the ORPort and DirPort. */
-  the_nodelist->reentry_set = addr_port_set_new(estimated_addresses * 2);
+  /* Times two here is for both the ORPort and DirPort. We double it again in
+   * order to minimize as much as possible the false positive when looking up
+   * this set. Reason is that Exit streams that are legitimate but end up a
+   * false positive against this set will thus be considered reentry and be
+   * rejected which means a bad UX. */
+  the_nodelist->reentry_set = addr_port_set_new(estimated_addresses * 2 * 2);
 
   SMARTLIST_FOREACH_BEGIN(ns->routerstatus_list, routerstatus_t *, rs) {
     node_t *node = node_get_or_create(rs->identity_digest);





More information about the tor-commits mailing list