Mark confirmed guards primary as appropriate.

If a guard becomes primary as a result of confirming it, consider
the circuit through that guard as a primary circuit.

Also, note open questions on behavior when confirming nonprimary guards

1 files changed, 15 insertions, 1 deletions

diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c
index f1fe9f13c1..0650cbe963 100644
--- a/src/or/entrynodes.c
+++ b/src/or/entrynodes.c
@@ -1384,6 +1384,8 @@ entry_guards_note_guard_success(guard_selection_t *gs,
 
   if (guard->confirmed_idx < 0) {
     make_guard_confirmed(gs, guard);
+    if (!gs->primary_guards_up_to_date)
+      entry_guards_update_primary(gs);
   }
 
   unsigned new_state;
@@ -1392,7 +1394,19 @@ entry_guards_note_guard_success(guard_selection_t *gs,
   } else {
     tor_assert_nonfatal(
                old_state == GUARD_CIRC_STATE_USABLE_IF_NO_BETTER_GUARD);
-    new_state = GUARD_CIRC_STATE_WAITING_FOR_BETTER_GUARD;
+
+    if (guard->is_primary) {
+      /* XXXX prop271 -- I don't actually like this logic. It seems to make us
+       * a little more susceptible to evil-ISP attacks.  The mitigations I'm
+       * thinking of, however, aren't local to this point, so I'll leave it
+       * alone. */
+      /* This guard may have become primary by virtue of being confirmed.
+        If so, the circuit for it is now complete.
+      */
+      new_state = GUARD_CIRC_STATE_COMPLETE;
+    } else {
+      new_state = GUARD_CIRC_STATE_WAITING_FOR_BETTER_GUARD;
+    }
 
     if (last_time_on_internet + get_internet_likely_down_interval()
         < approx_time()) {