summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorNick Mathewson <nickm@torproject.org>2016-12-07 12:36:13 -0500
committerNick Mathewson <nickm@torproject.org>2016-12-16 11:06:22 -0500
commit68679504323b0a676a446b8fb34b976c9dc66b4f (patch)
tree89a6a9621fae80e4c41114aee2d0f12aed437dcb /src
parent2b4bfe62ee74b927d65923f5d07fe04f51f8779a (diff)
downloadtor-68679504323b0a676a446b8fb34b976c9dc66b4f.tar.gz
tor-68679504323b0a676a446b8fb34b976c9dc66b4f.zip
Wrap all of the legacy guard code, and its users, in #ifdefs
This will make it easier to see what we remove down the line.
Diffstat (limited to 'src')
-rw-r--r--src/or/bridges.c8
-rw-r--r--src/or/channel.c2
-rw-r--r--src/or/circpathbias.c6
-rw-r--r--src/or/circuitbuild.c2
-rw-r--r--src/or/circuituse.c16
-rw-r--r--src/or/config.c9
-rw-r--r--src/or/connection_or.c4
-rw-r--r--src/or/control.c5
-rw-r--r--src/or/entrynodes.c91
-rw-r--r--src/or/entrynodes.h26
-rw-r--r--src/or/routerlist.c6
-rw-r--r--src/test/test_entrynodes.c20
-rw-r--r--src/test/test_routerlist.c10
13 files changed, 188 insertions, 17 deletions
diff --git a/src/or/bridges.c b/src/or/bridges.c
index c480e3fb7b..4058979bfb 100644
--- a/src/or/bridges.c
+++ b/src/or/bridges.c
@@ -743,7 +743,11 @@ learned_bridge_descriptor(routerinfo_t *ri, int from_cache)
(int) bridge->port);
}
if (get_options()->UseDeprecatedGuardAlgorithm) {
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
add_bridge_as_entry_guard(get_guard_selection_info(), node);
+#else
+ tor_assert_nonfatal_unreached();
+#endif
} else {
entry_guard_learned_bridge_identity(&bridge->addrport_configured,
(const uint8_t*)ri->cache_info.identity_digest);
@@ -754,8 +758,12 @@ learned_bridge_descriptor(routerinfo_t *ri, int from_cache)
/* set entry->made_contact so if it goes down we don't drop it from
* our entry node list */
if (get_options()->UseDeprecatedGuardAlgorithm) {
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
entry_guard_register_connect_status(ri->cache_info.identity_digest,
1, 0, now);
+#else
+ tor_assert_nonfatal_unreached();
+#endif
}
if (first) {
routerlist_retry_directory_downloads(now);
diff --git a/src/or/channel.c b/src/or/channel.c
index 1e3e99c51d..9898148dde 100644
--- a/src/or/channel.c
+++ b/src/or/channel.c
@@ -2538,6 +2538,7 @@ channel_do_open_actions(channel_t *chan)
if (started_here) {
circuit_build_times_network_is_live(get_circuit_build_times_mutable());
rep_hist_note_connect_succeeded(chan->identity_digest, now);
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
// XXXX prop271 this call is no longer useful with the new algorithm.
if (entry_guard_register_connect_status(
chan->identity_digest, 1, 0, now) < 0) {
@@ -2549,6 +2550,7 @@ channel_do_open_actions(channel_t *chan)
"connection so we can retry the earlier entry guards.");
close_origin_circuits = 1;
}
+#endif
router_set_status(chan->identity_digest, 1);
} else {
/* only report it to the geoip module if it's not a known router */
diff --git a/src/or/circpathbias.c b/src/or/circpathbias.c
index be1146513e..d86d70f1ff 100644
--- a/src/or/circpathbias.c
+++ b/src/or/circpathbias.c
@@ -1279,7 +1279,10 @@ pathbias_measure_use_rate(entry_guard_t *guard)
tor_lround(pb->timeouts),
tor_lround(get_circuit_build_close_time_ms()/1000));
pb->path_bias_disabled = 1;
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
+ // XXXX
entry_guard_mark_bad(guard);
+#endif
return;
}
} else if (!pb->path_bias_use_extreme) {
@@ -1385,7 +1388,10 @@ pathbias_measure_close_rate(entry_guard_t *guard)
tor_lround(pb->timeouts),
tor_lround(get_circuit_build_close_time_ms()/1000));
pb->path_bias_disabled = 1;
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
+ // XXXX
entry_guard_mark_bad(guard);
+#endif
return;
}
} else if (!pb->path_bias_extreme) {
diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
index 07903092b5..bf52b90730 100644
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -2277,6 +2277,7 @@ choose_good_entry_server(uint8_t purpose, cpath_build_state_t *state,
* family. */
nodelist_add_node_and_family(excluded, node);
}
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
/* and exclude current entry guards and their families,
* unless we're in a test network, and excluding guards
* would exclude all nodes (i.e. we're in an incredibly small tor network,
@@ -2295,6 +2296,7 @@ choose_good_entry_server(uint8_t purpose, cpath_build_state_t *state,
}
});
}
+#endif
if (state) {
if (state->need_uptime)
diff --git a/src/or/circuituse.c b/src/or/circuituse.c
index 787c490387..8e0fbd1d39 100644
--- a/src/or/circuituse.c
+++ b/src/or/circuituse.c
@@ -550,16 +550,14 @@ circuit_expire_building(void)
== CPATH_STATE_OPEN;
log_info(LD_CIRC,
"No circuits are opened. Relaxing timeout for circuit %d "
- "(a %s %d-hop circuit in state %s with channel state %s). "
- "%d guards are live.",
+ "(a %s %d-hop circuit in state %s with channel state %s).",
TO_ORIGIN_CIRCUIT(victim)->global_identifier,
circuit_purpose_to_string(victim->purpose),
TO_ORIGIN_CIRCUIT(victim)->build_state ?
TO_ORIGIN_CIRCUIT(victim)->build_state->desired_path_len :
-1,
circuit_state_to_string(victim->state),
- channel_state_to_string(victim->n_chan->state),
- num_live_entry_guards(0));
+ channel_state_to_string(victim->n_chan->state));
/* We count the timeout here for CBT, because technically this
* was a timeout, and the timeout value needs to reset if we
@@ -577,7 +575,7 @@ circuit_expire_building(void)
"No circuits are opened. Relaxed timeout for circuit %d "
"(a %s %d-hop circuit in state %s with channel state %s) to "
"%ldms. However, it appears the circuit has timed out "
- "anyway. %d guards are live.",
+ "anyway.",
TO_ORIGIN_CIRCUIT(victim)->global_identifier,
circuit_purpose_to_string(victim->purpose),
TO_ORIGIN_CIRCUIT(victim)->build_state ?
@@ -585,8 +583,7 @@ circuit_expire_building(void)
-1,
circuit_state_to_string(victim->state),
channel_state_to_string(victim->n_chan->state),
- (long)build_close_ms,
- num_live_entry_guards(0));
+ (long)build_close_ms);
}
}
@@ -1655,8 +1652,10 @@ circuit_build_failed(origin_circuit_t *circ)
/* New guard API: we failed. */
if (circ->guard_state)
entry_guard_failed(&circ->guard_state);
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
/* Old guard API: we failed. */
entry_guard_register_connect_status(n_chan_id, 0, 1, time(NULL));
+#endif
/* if there are any one-hop streams waiting on this circuit, fail
* them now so they can retry elsewhere. */
connection_ap_fail_onehop(n_chan_id, circ->build_state);
@@ -1966,7 +1965,7 @@ circuit_get_open_circ_or_launch(entry_connection_t *conn,
int severity = LOG_NOTICE;
/* Retry some stuff that might help the connection work. */
if (entry_list_is_constrained(options) &&
- entries_known_but_down(options)) {
+ guards_retry_optimistic(options)) {
log_fn(severity, LD_APP|LD_DIR,
"Application request when we haven't %s. "
"Optimistically trying known %s again.",
@@ -1974,7 +1973,6 @@ circuit_get_open_circ_or_launch(entry_connection_t *conn,
"used client functionality lately" :
"received a consensus with exits",
options->UseBridges ? "bridges" : "entrynodes");
- entries_retry_all(options);
} else if (!options->UseBridges || any_bridge_descriptors_known()) {
log_fn(severity, LD_APP|LD_DIR,
"Application request when we haven't %s. "
diff --git a/src/or/config.c b/src/or/config.c
index 22e5dfdaa0..2ec96d39e9 100644
--- a/src/or/config.c
+++ b/src/or/config.c
@@ -2116,11 +2116,13 @@ options_act(const or_options_t *old_options)
rep_hist_desc_stats_term();
/* Check if we need to parse and add the EntryNodes config option. */
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
if (options->EntryNodes &&
(!old_options ||
!routerset_equal(old_options->EntryNodes,options->EntryNodes) ||
!routerset_equal(old_options->ExcludeNodes,options->ExcludeNodes)))
entry_nodes_should_be_added();
+#endif
/* Since our options changed, we might need to regenerate and upload our
* server descriptor.
@@ -3040,6 +3042,13 @@ options_validate(or_options_t *old_options, or_options_t *options,
warn_about_relative_paths(options);
+#ifndef ENABLE_LEGACY_GUARD_ALGORITHM
+ if (options->UseDeprecatedGuardAlgorithm) {
+ log_warn(LD_CONFIG, "DeprecatedGuardAlgorithm not supported.");
+ return -1;
+ }
+#endif
+
if (server_mode(options) &&
(!strcmpstart(uname, "Windows 95") ||
!strcmpstart(uname, "Windows 98") ||
diff --git a/src/or/connection_or.c b/src/or/connection_or.c
index 3b6f82c904..6233fb7669 100644
--- a/src/or/connection_or.c
+++ b/src/or/connection_or.c
@@ -737,9 +737,11 @@ connection_or_about_to_close(or_connection_t *or_conn)
rep_hist_note_connect_failed(or_conn->identity_digest, now);
/* Tell the new guard API about the channel failure */
entry_guard_chan_failed(TLS_CHAN_TO_BASE(or_conn->chan));
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
/* Tell the old guard API about the channel failure */
entry_guard_register_connect_status(or_conn->identity_digest,0,
!options->HTTPSProxy, now);
+#endif
if (conn->state >= OR_CONN_STATE_TLS_HANDSHAKING) {
int reason = tls_error_to_orconn_end_reason(or_conn->tls_error);
control_event_or_conn_status(or_conn, OR_CONN_EVENT_FAILED,
@@ -1678,9 +1680,11 @@ connection_or_client_learned_peer_id(or_connection_t *conn,
conn->base_.address, conn->base_.port, expected, seen, extra_log);
/* Tell the new guard API about the channel failure */
entry_guard_chan_failed(TLS_CHAN_TO_BASE(conn->chan));
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
/* Tell the old guard API about the channel failure */
entry_guard_register_connect_status(conn->identity_digest, 0, 1,
time(NULL));
+#endif
control_event_or_conn_status(conn, OR_CONN_EVENT_FAILED,
END_OR_CONN_REASON_OR_IDENTITY);
if (!authdir_mode_tests_reachability(options))
diff --git a/src/or/control.c b/src/or/control.c
index 03742e8731..9a8845a0d3 100644
--- a/src/or/control.c
+++ b/src/or/control.c
@@ -4041,12 +4041,17 @@ handle_control_dropguards(control_connection_t *conn,
smartlist_split_string(args, body, " ",
SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
if (smartlist_len(args)) {
connection_printf_to_buf(conn, "512 Too many arguments to DROPGUARDS\r\n");
} else {
remove_all_entry_guards();
send_control_done(conn);
}
+#else
+ // XXXX
+ connection_printf_to_buf(conn, "512 not supported\r\n");
+#endif
SMARTLIST_FOREACH(args, char *, cp, tor_free(cp));
smartlist_free(args);
diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c
index ac621552ed..76070a3b7d 100644
--- a/src/or/entrynodes.c
+++ b/src/or/entrynodes.c
@@ -149,11 +149,13 @@ static guard_selection_t *curr_guard_context = NULL;
* and those changes need to be flushed to disk. */
static int entry_guards_dirty = 0;
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
static const node_t *choose_random_entry_impl(guard_selection_t *gs,
cpath_build_state_t *state,
int for_directory,
dirinfo_type_t dirtype,
int *n_options_out);
+#endif
static void entry_guard_set_filtered_flags(const or_options_t *options,
guard_selection_t *gs,
entry_guard_t *guard);
@@ -228,7 +230,9 @@ guard_selection_new(const char *name,
gs = tor_malloc_zero(sizeof(*gs));
gs->name = tor_strdup(name);
gs->type = type;
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
gs->chosen_entry_guards = smartlist_new();
+#endif
gs->sampled_entry_guards = smartlist_new();
gs->confirmed_entry_guards = smartlist_new();
gs->primary_entry_guards = smartlist_new();
@@ -298,6 +302,7 @@ get_guard_selection_info(void)
return curr_guard_context;
}
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
/** Return the list of entry guards for a guard_selection_t, creating it
* if necessary. */
const smartlist_t *
@@ -324,6 +329,7 @@ entry_guard_mark_bad(entry_guard_t *guard)
guard->bad_since = approx_time();
entry_guards_changed();
}
+#endif
/** Return a statically allocated human-readable description of <b>guard</b>
*/
@@ -2831,6 +2837,7 @@ entry_guards_load_guards_from_state(or_state_t *state, int set)
/* XXXXX prop271 ----- end of new-for-prop271 code ----- */
/* XXXXX ----------------------------------------------- */
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
/**
* @name Constants for old (pre-prop271) guard selection algorithm.
*/
@@ -3109,6 +3116,7 @@ num_live_entry_guards(int for_directory)
return num_live_entry_guards_for_guard_selection(
get_guard_selection_info(), for_directory);
}
+#endif
/** If <b>digest</b> matches the identity of any node in the
* entry_guards list for the provided guard selection state,
@@ -3123,11 +3131,12 @@ entry_guard_get_by_id_digest_for_guard_selection(guard_selection_t *gs,
if (tor_memeq(digest, entry->identity, DIGEST_LEN))
return entry;
);
-
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
SMARTLIST_FOREACH(gs->chosen_entry_guards, entry_guard_t *, entry,
if (tor_memeq(digest, entry->identity, DIGEST_LEN))
return entry;
);
+#endif
return NULL;
}
@@ -3150,6 +3159,7 @@ entry_guard_get_by_id_digest(const char *digest)
get_guard_selection_info(), digest);
}
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
/** Dump a description of our list of entry guards in the given guard
* selection context to the log at level <b>severity</b>. */
static void
@@ -3375,6 +3385,7 @@ pick_entry_guards(guard_selection_t *gs,
if (changed)
entry_guards_changed_for_guard_selection(gs);
}
+#endif
/** Release all storage held by <b>e</b>. */
STATIC void
@@ -3383,7 +3394,9 @@ entry_guard_free(entry_guard_t *e)
if (!e)
return;
entry_guard_handles_clear(e);
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
tor_free(e->chosen_by_version);
+#endif
tor_free(e->sampled_by_version);
tor_free(e->extra_state_fields);
tor_free(e->selection_name);
@@ -3391,6 +3404,7 @@ entry_guard_free(entry_guard_t *e)
tor_free(e);
}
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
/** Remove from a guard selection context any entry guard which was selected
* by an unknown version of Tor, or which was selected by a version of Tor
* that's known to select entry guards badly, or which was selected more 2
@@ -3869,6 +3883,7 @@ entry_guards_set_from_config(guard_selection_t *gs,
smartlist_free(old_entry_guards_not_on_list);
entry_guards_changed_for_guard_selection(gs);
}
+#endif
/** Return 0 if we're fine adding arbitrary routers out of the
* directory to our entry guard list, or return 1 if we have a
@@ -3877,6 +3892,7 @@ entry_guards_set_from_config(guard_selection_t *gs,
int
entry_list_is_constrained(const or_options_t *options)
{
+ // XXXX prop271 look at the current selection.
if (options->EntryNodes)
return 1;
if (options->UseBridges)
@@ -3884,6 +3900,7 @@ entry_list_is_constrained(const or_options_t *options)
return 0;
}
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
/** Pick a live (up and listed) entry guard from entry_guards. If
* <b>state</b> is non-NULL, this is for a specific circuit --
* make sure not to pick this circuit's exit or any node in the
@@ -3910,6 +3927,7 @@ choose_random_dirguard(dirinfo_type_t type)
return choose_random_entry_impl(get_guard_selection_info(),
NULL, 1, type, NULL);
}
+#endif
/** Return the number of bridges that have descriptors that are marked with
* purpose 'bridge' and are running.
@@ -3920,10 +3938,13 @@ num_bridges_usable(void)
int n_options = 0;
if (get_options()->UseDeprecatedGuardAlgorithm) {
-
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
tor_assert(get_options()->UseBridges);
(void) choose_random_entry_impl(get_guard_selection_info(),
NULL, 0, 0, &n_options);
+#else
+ tor_assert_nonfatal_unreached();
+#endif
} else {
/* XXXX prop271 Is this quite right? */
tor_assert(get_options()->UseBridges);
@@ -3944,6 +3965,7 @@ num_bridges_usable(void)
return n_options;
}
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
/** Filter <b>all_entry_guards</b> for usable entry guards and put them
* in <b>live_entry_guards</b>. We filter based on whether the node is
* currently alive, and on whether it satisfies the restrictions
@@ -4156,6 +4178,7 @@ choose_random_entry_impl(guard_selection_t *gs,
smartlist_free(live_entry_guards);
return node;
}
+#endif
static void
pathbias_check_use_success_count(entry_guard_t *node)
@@ -4199,6 +4222,7 @@ pathbias_check_close_success_count(entry_guard_t *node)
}
}
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
/** Parse <b>state</b> and learn about the entry guards it describes.
* If <b>set</b> is true, and there are no errors, replace the guard
* list in the provided guard selection context with what we find.
@@ -4452,6 +4476,7 @@ entry_guards_parse_state_for_guard_selection(
digestmap_free(added_by, tor_free_);
return *msg ? -1 : 0;
}
+#endif
/** Parse <b>state</b> and learn about the entry guards it describes.
* If <b>set</b> is true, and there are no errors, replace the guard
@@ -4466,9 +4491,13 @@ entry_guards_parse_state(or_state_t *state, int set, char **msg)
int r1 = entry_guards_load_guards_from_state(state, set);
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
int r2 = entry_guards_parse_state_for_guard_selection(
get_guard_selection_by_name("legacy", GS_TYPE_LEGACY, 1),
state, set, msg);
+#else
+ int r2 = 0;
+#endif
entry_guards_dirty = 0;
@@ -4530,8 +4559,6 @@ entry_guards_changed(void)
void
entry_guards_update_state(or_state_t *state)
{
- config_line_t **next, *line;
-
entry_guards_dirty = 0;
// Handles all non-legacy guard info.
@@ -4539,6 +4566,9 @@ entry_guards_update_state(or_state_t *state)
entry_guards_dirty = 0;
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
+ config_line_t **next, *line;
+
guard_selection_t *gs;
gs = get_guard_selection_by_name("legacy", GS_TYPE_LEGACY, 0);
if (!gs)
@@ -4612,6 +4642,7 @@ entry_guards_update_state(or_state_t *state)
}
} SMARTLIST_FOREACH_END(e);
+#endif
if (!get_options()->AvoidDiskWrites)
or_state_mark_dirty(get_or_state(), 0);
entry_guards_dirty = 0;
@@ -4634,11 +4665,18 @@ getinfo_helper_entry_guards(control_connection_t *conn,
guard_selection_t *gs = get_guard_selection_info();
tor_assert(gs != NULL);
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
tor_assert(gs->chosen_entry_guards != NULL);
+#else
+ // XXXX
+ (void)question;
+ (void)answer;
+#endif
(void) conn;
(void) errmsg;
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
if (!strcmp(question,"entry-guards") ||
!strcmp(question,"helper-nodes")) {
smartlist_t *sl = smartlist_new();
@@ -4683,6 +4721,7 @@ getinfo_helper_entry_guards(control_connection_t *conn,
SMARTLIST_FOREACH(sl, char *, c, tor_free(c));
smartlist_free(sl);
}
+#endif
return 0;
}
@@ -4721,6 +4760,7 @@ guard_get_guardfraction_bandwidth(guardfraction_bandwidth_t *guardfraction_bw,
guardfraction_bw->non_guard_bw = orig_bandwidth - (int) guard_bw;
}
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
/** Returns true iff the node is used as a guard in the specified guard
* context */
int
@@ -4819,6 +4859,7 @@ entries_retry_all(const or_options_t *options)
tor_assert(entry_list_is_constrained(options));
entries_retry_helper(options, 1);
}
+#endif
/** Helper: Update the status of all entry guards, in whatever algorithm
* is used. Return true if we should stop using all previously generated
@@ -4833,7 +4874,11 @@ guards_update_all(void)
tor_assert(curr_guard_context);
if (curr_guard_context->type == GS_TYPE_LEGACY) {
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
entry_guards_compute_status(get_options(), approx_time());
+#else
+ tor_assert_nonfatal_unreached();
+#endif
} else {
if (entry_guards_update_all(curr_guard_context))
mark_circuits = 1;
@@ -4849,7 +4894,12 @@ guards_choose_guard(cpath_build_state_t *state,
circuit_guard_state_t **guard_state_out)
{
if (get_options()->UseDeprecatedGuardAlgorithm) {
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
return choose_random_entry(state);
+#else
+ tor_assert_nonfatal_unreached();
+ return NULL;
+#endif
} else {
const node_t *r = NULL;
const uint8_t *exit_id = NULL;
@@ -4877,7 +4927,13 @@ guards_choose_dirguard(dirinfo_type_t info,
circuit_guard_state_t **guard_state_out)
{
if (get_options()->UseDeprecatedGuardAlgorithm) {
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
return choose_random_dirguard(info);
+#else
+ (void)info;
+ tor_assert_nonfatal_unreached();
+ return NULL;
+#endif
} else {
/* XXXX prop271 We don't need to look at the dirinfo_type_t here,
* apparently. If you look at the old implementation, and you follow info
@@ -4897,6 +4953,31 @@ guards_choose_dirguard(dirinfo_type_t info,
}
}
+/**
+ * If we're running with a constrained guard set, then maybe mark our guards
+ * usable. Return 1 if we do; 0 if we don't.
+ */
+int
+guards_retry_optimistic(const or_options_t *options)
+{
+ if (! entry_list_is_constrained(options))
+ return 0;
+
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
+ if (options->UseDeprecatedGuardAlgorithm) {
+ if (entries_known_but_down(options)) {
+ entries_retry_all(options);
+ return 1;
+ }
+ }
+#endif
+
+ // XXXX prop271 -- is this correct?
+ mark_primary_guards_maybe_reachable(get_guard_selection_info());
+
+ return 1;
+}
+
/** Free one guard selection context */
STATIC void
guard_selection_free(guard_selection_t *gs)
@@ -4905,12 +4986,14 @@ guard_selection_free(guard_selection_t *gs)
tor_free(gs->name);
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
if (gs->chosen_entry_guards) {
SMARTLIST_FOREACH(gs->chosen_entry_guards, entry_guard_t *, e,
entry_guard_free(e));
smartlist_free(gs->chosen_entry_guards);
gs->chosen_entry_guards = NULL;
}
+#endif
if (gs->sampled_entry_guards) {
SMARTLIST_FOREACH(gs->sampled_entry_guards, entry_guard_t *, e,
diff --git a/src/or/entrynodes.h b/src/or/entrynodes.h
index c05a3e3a2c..3250be1222 100644
--- a/src/or/entrynodes.h
+++ b/src/or/entrynodes.h
@@ -28,6 +28,11 @@ typedef struct circuit_guard_state_t circuit_guard_state_t;
private. */
typedef struct entry_guard_restriction_t entry_guard_restriction_t;
+/*
+ XXXX Prop271 undefine this in order to disable all legacy guard functions.
+*/
+#define ENABLE_LEGACY_GUARD_ALGORITHM
+
/* Information about a guard's pathbias status.
* These fields are used in circpathbias.c to try to detect entry
* nodes that are failing circuits at a suspicious frequency.
@@ -174,6 +179,7 @@ struct entry_guard_t {
guard_selection_t *in_selection;
/**@}*/
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
/**
* @name legacy guard selection algorithm fields
*
@@ -202,6 +208,7 @@ struct entry_guard_t {
* at which we last failed to connect to it. */
/**}@*/
+#endif
/** Path bias information for this guard. */
guard_pathbias_t pb;
@@ -298,6 +305,7 @@ struct guard_selection_s {
* confirmed_entry_guards receive? */
int next_confirmed_idx;
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
/**
* A list of our chosen entry guards, as entry_guard_t structures; this
* preserves the pre-Prop271 behavior.
@@ -310,6 +318,7 @@ struct guard_selection_s {
* preserves the pre-Prop271 behavior.
*/
int should_add_entry_nodes;
+#endif
};
struct entry_guard_handle_t;
@@ -369,9 +378,11 @@ entry_guard_t *entry_guard_get_by_id_digest(const char *digest);
void entry_guards_changed_for_guard_selection(guard_selection_t *gs);
void entry_guards_changed(void);
guard_selection_t * get_guard_selection_info(void);
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
const smartlist_t *get_entry_guards_for_guard_selection(
guard_selection_t *gs);
const smartlist_t *get_entry_guards(void);
+#endif
int num_live_entry_guards_for_guard_selection(
guard_selection_t *gs,
int for_directory);
@@ -379,7 +390,9 @@ int num_live_entry_guards(int for_directory);
#endif
const node_t *entry_guard_find_node(const entry_guard_t *guard);
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
void entry_guard_mark_bad(entry_guard_t *guard);
+#endif
const char *entry_guard_get_rsa_id_digest(const entry_guard_t *guard);
const char *entry_guard_describe(const entry_guard_t *guard);
guard_pathbias_t *entry_guard_get_pathbias_state(entry_guard_t *guard);
@@ -408,8 +421,10 @@ void entry_guards_note_internet_connectivity(guard_selection_t *gs);
int update_guard_selection_choice(const or_options_t *options);
/* Used by bridges.c only. */
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
void add_bridge_as_entry_guard(guard_selection_t *gs,
const node_t *chosen);
+#endif
int num_bridges_usable(void);
#ifdef ENTRYNODES_PRIVATE
@@ -568,6 +583,7 @@ STATIC unsigned entry_guards_note_guard_success(guard_selection_t *gs,
unsigned old_state);
STATIC int entry_guard_has_higher_priority(entry_guard_t *a, entry_guard_t *b);
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
// ---------- XXXX this stuff is pre-prop271.
STATIC const node_t *add_an_entry_guard(guard_selection_t *gs,
@@ -599,16 +615,20 @@ STATIC const node_t *entry_is_live(const entry_guard_t *e,
const char **msg);
STATIC int entry_is_time_to_retry(const entry_guard_t *e, time_t now);
+#endif
#endif
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
void remove_all_entry_guards_for_guard_selection(guard_selection_t *gs);
void remove_all_entry_guards(void);
+#endif
struct bridge_info_t;
void entry_guard_learned_bridge_identity(const tor_addr_port_t *addrport,
const uint8_t *rsa_id_digest);
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
void entry_guards_compute_status_for_guard_selection(
guard_selection_t *gs, const or_options_t *options, time_t now);
void entry_guards_compute_status(const or_options_t *options, time_t now);
@@ -619,9 +639,13 @@ int entry_guard_register_connect_status(const char *digest, int succeeded,
int mark_relay_status, time_t now);
void entry_nodes_should_be_added_for_guard_selection(guard_selection_t *gs);
void entry_nodes_should_be_added(void);
+#endif
int entry_list_is_constrained(const or_options_t *options);
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
const node_t *choose_random_entry(cpath_build_state_t *state);
const node_t *choose_random_dirguard(dirinfo_type_t t);
+#endif
+int guards_retry_optimistic(const or_options_t *options);
int entry_guards_parse_state_for_guard_selection(
guard_selection_t *gs, or_state_t *state, int set, char **msg);
int entry_guards_parse_state(or_state_t *state, int set, char **msg);
@@ -629,9 +653,11 @@ void entry_guards_update_state(or_state_t *state);
int getinfo_helper_entry_guards(control_connection_t *conn,
const char *question, char **answer,
const char **errmsg);
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
int is_node_used_as_guard_for_guard_selection(guard_selection_t *gs,
const node_t *node);
MOCK_DECL(int, is_node_used_as_guard, (const node_t *node));
+#endif
int entries_known_but_down(const or_options_t *options);
void entries_retry_all(const or_options_t *options);
diff --git a/src/or/routerlist.c b/src/or/routerlist.c
index d2f360a63f..cfa570c4a0 100644
--- a/src/or/routerlist.c
+++ b/src/or/routerlist.c
@@ -2003,6 +2003,10 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags,
int try_excluding = 1, n_excluded = 0, n_busy = 0;
int try_ip_pref = 1;
+#ifndef ENABLE_LEGACY_GUARD_ALGORITHM
+ tor_assert_nonfatal(! for_guard);
+#endif
+
if (!consensus)
return NULL;
@@ -2038,10 +2042,12 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags,
if ((type & EXTRAINFO_DIRINFO) &&
!router_supports_extrainfo(node->identity, is_trusted_extrainfo))
continue;
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
/* Don't make the same node a guard twice */
if (for_guard && is_node_used_as_guard(node)) {
continue;
}
+#endif
/* Ensure that a directory guard is actually a guard node. */
if (for_guard && !node->is_possible_guard) {
continue;
diff --git a/src/test/test_entrynodes.c b/src/test/test_entrynodes.c
index fbb3b13448..594708a12b 100644
--- a/src/test/test_entrynodes.c
+++ b/src/test/test_entrynodes.c
@@ -45,6 +45,7 @@ get_or_state_replacement(void)
return dummy_state;
}
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
/* Unittest cleanup function: Cleanup the fake network. */
static int
fake_network_cleanup(const struct testcase_t *testcase, void *ptr)
@@ -77,6 +78,7 @@ fake_network_setup(const struct testcase_t *testcase)
/* Return anything but NULL (it's interpreted as test fail) */
return dummy_state;
}
+#endif
static networkstatus_t *dummy_consensus = NULL;
@@ -200,6 +202,7 @@ mock_get_options(void)
return &mocked_options;
}
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
/** Test choose_random_entry() with none of our routers being guard nodes. */
static void
test_choose_random_entry_no_guards(void *arg)
@@ -888,6 +891,7 @@ test_entry_is_live(void *arg)
done:
; /* XXX */
}
+#endif
#define TEST_IPV4_ADDR "123.45.67.89"
#define TEST_IPV6_ADDR "[1234:5678:90ab:cdef::]"
@@ -1471,8 +1475,12 @@ test_entry_guard_parse_from_state_broken(void *arg)
tt_int_op(smartlist_len(gs_df->sampled_entry_guards), OP_EQ, 1);
guard_selection_t *gs_legacy =
get_guard_selection_by_name("legacy", GS_TYPE_LEGACY, 0);
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
tt_assert(gs_legacy != NULL);
tt_int_op(smartlist_len(gs_legacy->chosen_entry_guards), OP_EQ, 0);
+#else
+ tt_assert(gs_legacy == NULL);
+#endif
done:
config_free_lines(lines);
@@ -2455,7 +2463,7 @@ test_entry_guard_select_for_circuit_no_confirmed(void *arg)
// if we mark that guard down, we should get a different primary guard.
// auto-retry it.
g->is_reachable = GUARD_REACHABLE_NO;
- g->unreachable_since = approx_time() - 10;
+ g->failing_since = approx_time() - 10;
g->last_tried_to_connect = approx_time() - 10;
state = 9999;
g2 = select_entry_guard_for_circuit(gs, NULL, &state);
@@ -2469,7 +2477,7 @@ test_entry_guard_select_for_circuit_no_confirmed(void *arg)
// If we say that the first primary guard was last tried a long time ago, we
// should get an automatic retry on it.
- g->unreachable_since = approx_time() - 72*60*60;
+ g->failing_since = approx_time() - 72*60*60;
g->last_tried_to_connect = approx_time() - 72*60*60;
state = 9999;
g2 = select_entry_guard_for_circuit(gs, NULL, &state);
@@ -2484,7 +2492,7 @@ test_entry_guard_select_for_circuit_no_confirmed(void *arg)
SMARTLIST_FOREACH(gs->primary_entry_guards, entry_guard_t *, guard, {
guard->is_reachable = GUARD_REACHABLE_NO;
guard->last_tried_to_connect = approx_time() - 5;
- guard->unreachable_since = approx_time() - 30;
+ guard->failing_since = approx_time() - 30;
});
state = 9999;
g2 = select_entry_guard_for_circuit(gs, NULL, &state);
@@ -2503,7 +2511,7 @@ test_entry_guard_select_for_circuit_no_confirmed(void *arg)
tt_assert(guard->is_usable_filtered_guard == 1);
// no change to these fields.
tt_i64_op(guard->last_tried_to_connect, OP_EQ, approx_time() - 5);
- tt_i64_op(guard->unreachable_since, OP_EQ, approx_time() - 30);
+ tt_i64_op(guard->failing_since, OP_EQ, approx_time() - 30);
});
/* Let's try again and we should get the first primary guard again */
@@ -3334,9 +3342,11 @@ test_enty_guard_should_expire_waiting(void *arg)
tor_free(fake_state);
}
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
static const struct testcase_setup_t fake_network = {
fake_network_setup, fake_network_cleanup
};
+#endif
static const struct testcase_setup_t big_fake_network = {
big_fake_network_setup, big_fake_network_cleanup
@@ -3354,6 +3364,7 @@ static const struct testcase_setup_t upgrade_circuits = {
(void*)(arg) }
struct testcase_t entrynodes_tests[] = {
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
{ "entry_is_time_to_retry", test_entry_is_time_to_retry,
TT_FORK, NULL, NULL },
{ "choose_random_entry_no_guards", test_choose_random_entry_no_guards,
@@ -3379,6 +3390,7 @@ struct testcase_t entrynodes_tests[] = {
{ "entry_is_live",
test_entry_is_live,
TT_FORK, &fake_network, NULL },
+#endif
{ "node_preferred_orport",
test_node_preferred_orport,
0, NULL, NULL },
diff --git a/src/test/test_routerlist.c b/src/test/test_routerlist.c
index af5c121ce2..73e8d1047c 100644
--- a/src/test/test_routerlist.c
+++ b/src/test/test_routerlist.c
@@ -204,6 +204,7 @@ mock_usable_consensus_flavor(void)
return mock_usable_consensus_flavor_value;
}
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
static smartlist_t *mock_is_guard_list = NULL;
static int
@@ -250,6 +251,7 @@ clear_mock_guard_list(void)
mock_is_guard_list = NULL;
}
}
+#endif
static void
test_router_pick_directory_server_impl(void *arg)
@@ -271,7 +273,9 @@ test_router_pick_directory_server_impl(void *arg)
(void)arg;
MOCK(usable_consensus_flavor, mock_usable_consensus_flavor);
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
MOCK(is_node_used_as_guard, mock_is_node_used_as_guard);
+#endif
/* With no consensus, we must be bootstrapping, regardless of time or flavor
*/
@@ -384,6 +388,7 @@ test_router_pick_directory_server_impl(void *arg)
node_router1->is_valid = 1;
node_router3->is_valid = 1;
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
flags |= PDS_FOR_GUARD;
mark_node_used_as_guard(node_router1);
mark_node_used_as_guard(node_router2);
@@ -397,8 +402,10 @@ test_router_pick_directory_server_impl(void *arg)
rs = NULL;
mark_node_unused_as_guard(node_router2);
mark_node_unused_as_guard(node_router3);
+#endif
/* One not valid, one guard. This should leave one remaining */
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
node_router1->is_valid = 0;
mark_node_used_as_guard(node_router2);
rs = router_pick_directory_server_impl(V3_DIRINFO, flags, NULL);
@@ -407,6 +414,7 @@ test_router_pick_directory_server_impl(void *arg)
rs = NULL;
node_router1->is_valid = 1;
mark_node_unused_as_guard(node_router2);
+#endif
/* Manipulate overloaded */
@@ -469,8 +477,10 @@ test_router_pick_directory_server_impl(void *arg)
done:
UNMOCK(usable_consensus_flavor);
+#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
UNMOCK(is_node_used_as_guard);
clear_mock_guard_list();
+#endif
if (router1_id)
tor_free(router1_id);