diff options
Diffstat (limited to 'src/or/entrynodes.c')
| -rw-r--r-- | src/or/entrynodes.c | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c index f1fe9f13c1..0650cbe963 100644 --- a/src/or/entrynodes.c +++ b/src/or/entrynodes.c @@ -1384,6 +1384,8 @@ entry_guards_note_guard_success(guard_selection_t *gs, if (guard->confirmed_idx < 0) { make_guard_confirmed(gs, guard); + if (!gs->primary_guards_up_to_date) + entry_guards_update_primary(gs); } unsigned new_state; @@ -1392,7 +1394,19 @@ entry_guards_note_guard_success(guard_selection_t *gs, } else { tor_assert_nonfatal( old_state == GUARD_CIRC_STATE_USABLE_IF_NO_BETTER_GUARD); - new_state = GUARD_CIRC_STATE_WAITING_FOR_BETTER_GUARD; + + if (guard->is_primary) { + /* XXXX prop271 -- I don't actually like this logic. It seems to make us + * a little more susceptible to evil-ISP attacks. The mitigations I'm + * thinking of, however, aren't local to this point, so I'll leave it + * alone. */ + /* This guard may have become primary by virtue of being confirmed. + If so, the circuit for it is now complete. + */ + new_state = GUARD_CIRC_STATE_COMPLETE; + } else { + new_state = GUARD_CIRC_STATE_WAITING_FOR_BETTER_GUARD; + } if (last_time_on_internet + get_internet_likely_down_interval() < approx_time()) { |