From 98590621bb49cbecd601085f7e03697f8783ff7b Mon Sep 17 00:00:00 2001 From: David Goulet Date: Mon, 1 Feb 2021 09:04:50 -0500 Subject: relay: Double the size of the relay reentry set This is to minimize false positive and thus deny reentry to Exit connections that were in reality not re-entering. Helps with overall UX. Signed-off-by: David Goulet --- src/feature/nodelist/nodelist.c | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/src/feature/nodelist/nodelist.c b/src/feature/nodelist/nodelist.c index 9d553ce1f5..22b93762e7 100644 --- a/src/feature/nodelist/nodelist.c +++ b/src/feature/nodelist/nodelist.c @@ -672,8 +672,12 @@ nodelist_set_consensus(networkstatus_t *ns) address_set_free(the_nodelist->node_addrs); addr_port_set_free(the_nodelist->reentry_set); the_nodelist->node_addrs = address_set_new(estimated_addresses); - /* Times two here is for both the ORPort and DirPort. */ - the_nodelist->reentry_set = addr_port_set_new(estimated_addresses * 2); + /* Times two here is for both the ORPort and DirPort. We double it again in + * order to minimize as much as possible the false positive when looking up + * this set. Reason is that Exit streams that are legitimate but end up a + * false positive against this set will thus be considered reentry and be + * rejected which means a bad UX. */ + the_nodelist->reentry_set = addr_port_set_new(estimated_addresses * 2 * 2); SMARTLIST_FOREACH_BEGIN(ns->routerstatus_list, routerstatus_t *, rs) { node_t *node = node_get_or_create(rs->identity_digest); -- cgit v1.2.3-54-g00ecf