From d9200d853d5b9125ebcb47ae5a02ef0cd52f436a Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Thu, 8 Dec 2016 12:59:58 -0500
Subject: Make NumEntryGuards work as expected again.

Further, add a "guard-n-primary-guards-to-use" parameter, defaulting
to 1, for NumEntryGuards to override.
---
 src/or/entrynodes.c | 26 ++++++++++++++++++++++++--
 src/or/entrynodes.h |  6 ++++++
 2 files changed, 30 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c
index 5c64dfdc43..9defd11656 100644
--- a/src/or/entrynodes.c
+++ b/src/or/entrynodes.c
@@ -471,9 +471,31 @@ get_guard_confirmed_min_lifetime(void)
 STATIC int
 get_n_primary_guards(void)
 {
-  return networkstatus_get_param(NULL, "guard-n-primary-guards",
+  const int n = get_options()->NumEntryGuards;
+  if (n > 5) {
+    return n + n / 2;
+  } else if (n > 1) {
+    return n * 2;
+  }
+
+  return networkstatus_get_param(NULL,
+                                 "guard-n-primary-guards",
                                  DFLT_N_PRIMARY_GUARDS, 1, INT32_MAX);
 }
+/**
+ * Return the number of the live primary guards we should look at when
+ * making a circuit.
+ */
+STATIC int
+get_n_primary_guards_to_use(void)
+{
+  if (get_options()->NumEntryGuards > 1) {
+    return get_options()->NumEntryGuards;
+  }
+  return networkstatus_get_param(NULL,
+                                 "guard-n-primary-guards-to-use",
+                                 DFLT_N_PRIMARY_GUARDS_TO_USE, 1, INT32_MAX);
+}
 /**
  * If we haven't successfully built or used a circuit in this long, then
  * consider that the internet is probably down.
@@ -1795,7 +1817,7 @@ select_entry_guard_for_circuit(guard_selection_t *gs,
   if (!gs->primary_guards_up_to_date)
     entry_guards_update_primary(gs);
 
-  int num_entry_guards = 1;
+  int num_entry_guards = get_n_primary_guards_to_use();
   smartlist_t *usable_primary_guards = smartlist_new();
 
   /* "If any entry in PRIMARY_GUARDS has {is_reachable} status of
diff --git a/src/or/entrynodes.h b/src/or/entrynodes.h
index 827755ab11..e2ae2561f3 100644
--- a/src/or/entrynodes.h
+++ b/src/or/entrynodes.h
@@ -471,6 +471,11 @@ int num_bridges_usable(void);
  * How many guards do we try to keep on our primary guard list?
  */
 #define DFLT_N_PRIMARY_GUARDS 3
+/**
+ * Of the live guards on the primary guard list, how many do we consider when
+ * choosing a guard to use?
+ */
+#define DFLT_N_PRIMARY_GUARDS_TO_USE 1
 /**
  * If we haven't successfully built or used a circuit in this long, then
  * consider that the internet is probably down.
@@ -506,6 +511,7 @@ STATIC int get_remove_unlisted_guards_after_days(void);
 STATIC int get_guard_lifetime(void);
 STATIC int get_guard_confirmed_min_lifetime(void);
 STATIC int get_n_primary_guards(void);
+STATIC int get_n_primary_guards_to_use(void);
 STATIC int get_internet_likely_down_interval(void);
 STATIC int get_nonprimary_guard_connect_timeout(void);
 STATIC int get_nonprimary_guard_idle_timeout(void);
-- 
cgit v1.2.3-54-g00ecf