make L2 vanguards actually independent

We had omitted some checks for whether our vanguards (second layer
guards from proposal 333) overlapped or came from the same family.
Now make sure to pick each of them to be independent.

Fixes bug 40639; bugfix on 0.4.7.1-alpha.

2 files changed, 14 insertions, 1 deletions

diff --git a/changes/bug40639 b/changes/bug40639
new file mode 100644
index 0000000000..d5ab2e0cb3
--- /dev/null
+++ b/changes/bug40639
@@ -0,0 +1,5 @@
+  o Major bugfixes (vanguards):
+    - We had omitted some checks for whether our vanguards (second layer
+      guards from proposal 333) overlapped or came from the same family.
+      Now make sure to pick each of them to be independent. Fixes bug
+      40639; bugfix on 0.4.7.1-alpha.
diff --git a/src/feature/client/entrynodes.c b/src/feature/client/entrynodes.c
index 15f29d1c3e..493571173e 100644
--- a/src/feature/client/entrynodes.c
+++ b/src/feature/client/entrynodes.c
@@ -4136,8 +4136,16 @@ maintain_layer2_guards(void)
   log_info(LD_GENERAL, "Adding %d guards to Layer2 routerset",
            new_guards_needed_n);
 
-  /* Add required guards to the list */
+  /* First gather the exclusions based on our current L2 guards */
   smartlist_t *excluded = smartlist_new();
+  SMARTLIST_FOREACH_BEGIN(layer2_guards, layer2_guard_t *, g) {
+    /* Exclude existing L2 guard + family so that we don't double-pick. */
+    const node_t *existing = node_get_by_id(g->identity);
+    if (existing)
+      nodelist_add_node_and_family(excluded, existing);
+  } SMARTLIST_FOREACH_END(g);
+
+  /* Add required guards to the list */
   for (int i = 0; i < new_guards_needed_n; i++) {
     const node_t *choice = NULL;
     const or_options_t *options = get_options();