nihilist/tor
1
0
Fork 0
mirror of https://gitlab.torproject.org/tpo/core/tor.git synced 2024-11-11 05:33:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

Wrap all of the legacy guard code, and its users, in #ifdefs

Browse Source 
This will make it easier to see what we remove down the line.
This commit is contained in:
Nick Mathewson 2016-12-07 12:36:13 -05:00
parent 2b4bfe62ee
commit 6867950432
13 changed files with 188 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/or/bridges.c
View File

@ -743,7 +743,11 @@ learned_bridge_descriptor(routerinfo_t *ri, int from_cache)
(int) bridge->port);
}
if (get_options()->UseDeprecatedGuardAlgorithm) {
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
add_bridge_as_entry_guard(get_guard_selection_info(), node);
#else
tor_assert_nonfatal_unreached();
#endif
} else {
entry_guard_learned_bridge_identity(&bridge->addrport_configured,
(const uint8_t*)ri->cache_info.identity_digest);
@ -754,8 +758,12 @@ learned_bridge_descriptor(routerinfo_t *ri, int from_cache)
/* set entry->made_contact so if it goes down we don't drop it from
* our entry node list */
if (get_options()->UseDeprecatedGuardAlgorithm) {
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
entry_guard_register_connect_status(ri->cache_info.identity_digest,
1, 0, now);
#else
tor_assert_nonfatal_unreached();
#endif
}
if (first) {
routerlist_retry_directory_downloads(now);

2
src/or/channel.c
View File

@ -2538,6 +2538,7 @@ channel_do_open_actions(channel_t *chan)
if (started_here) {
circuit_build_times_network_is_live(get_circuit_build_times_mutable());
rep_hist_note_connect_succeeded(chan->identity_digest, now);
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
// XXXX prop271 this call is no longer useful with the new algorithm.
if (entry_guard_register_connect_status(
chan->identity_digest, 1, 0, now) < 0) {
@ -2549,6 +2550,7 @@ channel_do_open_actions(channel_t *chan)
"connection so we can retry the earlier entry guards.");
close_origin_circuits = 1;
}
#endif
router_set_status(chan->identity_digest, 1);
} else {
/* only report it to the geoip module if it's not a known router */

6
src/or/circpathbias.c
View File

@ -1279,7 +1279,10 @@ pathbias_measure_use_rate(entry_guard_t *guard)
tor_lround(pb->timeouts),
tor_lround(get_circuit_build_close_time_ms()/1000));
pb->path_bias_disabled = 1;
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
// XXXX
entry_guard_mark_bad(guard);
#endif
return;
}
} else if (!pb->path_bias_use_extreme) {
@ -1385,7 +1388,10 @@ pathbias_measure_close_rate(entry_guard_t *guard)
tor_lround(pb->timeouts),
tor_lround(get_circuit_build_close_time_ms()/1000));
pb->path_bias_disabled = 1;
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
// XXXX
entry_guard_mark_bad(guard);
#endif
return;
}
} else if (!pb->path_bias_extreme) {

2
src/or/circuitbuild.c
View File

@ -2277,6 +2277,7 @@ choose_good_entry_server(uint8_t purpose, cpath_build_state_t *state,
* family. */
nodelist_add_node_and_family(excluded, node);
}
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
/* and exclude current entry guards and their families,
* unless we're in a test network, and excluding guards
* would exclude all nodes (i.e. we're in an incredibly small tor network,
@ -2295,6 +2296,7 @@ choose_good_entry_server(uint8_t purpose, cpath_build_state_t *state,
}
});
}
#endif
if (state) {
if (state->need_uptime)

16
src/or/circuituse.c
View File

@ -550,16 +550,14 @@ circuit_expire_building(void)
== CPATH_STATE_OPEN;
log_info(LD_CIRC,
"No circuits are opened. Relaxing timeout for circuit %d "
"(a %s %d-hop circuit in state %s with channel state %s). "
"%d guards are live.",
"(a %s %d-hop circuit in state %s with channel state %s).",
TO_ORIGIN_CIRCUIT(victim)->global_identifier,
circuit_purpose_to_string(victim->purpose),
TO_ORIGIN_CIRCUIT(victim)->build_state ?
TO_ORIGIN_CIRCUIT(victim)->build_state->desired_path_len :
-1,
circuit_state_to_string(victim->state),
channel_state_to_string(victim->n_chan->state),
num_live_entry_guards(0));
channel_state_to_string(victim->n_chan->state));
/* We count the timeout here for CBT, because technically this
* was a timeout, and the timeout value needs to reset if we
@ -577,7 +575,7 @@ circuit_expire_building(void)
"No circuits are opened. Relaxed timeout for circuit %d "
"(a %s %d-hop circuit in state %s with channel state %s) to "
"%ldms. However, it appears the circuit has timed out "
"anyway. %d guards are live.",
"anyway.",
TO_ORIGIN_CIRCUIT(victim)->global_identifier,
circuit_purpose_to_string(victim->purpose),
TO_ORIGIN_CIRCUIT(victim)->build_state ?
@ -585,8 +583,7 @@ circuit_expire_building(void)
-1,
circuit_state_to_string(victim->state),
channel_state_to_string(victim->n_chan->state),
(long)build_close_ms,
num_live_entry_guards(0));
(long)build_close_ms);
}
}
@ -1655,8 +1652,10 @@ circuit_build_failed(origin_circuit_t *circ)
/* New guard API: we failed. */
if (circ->guard_state)
entry_guard_failed(&circ->guard_state);
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
/* Old guard API: we failed. */
entry_guard_register_connect_status(n_chan_id, 0, 1, time(NULL));
#endif
/* if there are any one-hop streams waiting on this circuit, fail
* them now so they can retry elsewhere. */
connection_ap_fail_onehop(n_chan_id, circ->build_state);
@ -1966,7 +1965,7 @@ circuit_get_open_circ_or_launch(entry_connection_t *conn,
int severity = LOG_NOTICE;
/* Retry some stuff that might help the connection work. */
if (entry_list_is_constrained(options) &&
entries_known_but_down(options)) {
guards_retry_optimistic(options)) {
log_fn(severity, LD_APP|LD_DIR,
"Application request when we haven't %s. "
"Optimistically trying known %s again.",
@ -1974,7 +1973,6 @@ circuit_get_open_circ_or_launch(entry_connection_t *conn,
"used client functionality lately" :
"received a consensus with exits",
options->UseBridges ? "bridges" : "entrynodes");
entries_retry_all(options);
} else if (!options->UseBridges || any_bridge_descriptors_known()) {
log_fn(severity, LD_APP|LD_DIR,
"Application request when we haven't %s. "

9
src/or/config.c
View File

@ -2116,11 +2116,13 @@ options_act(const or_options_t *old_options)
rep_hist_desc_stats_term();
/* Check if we need to parse and add the EntryNodes config option. */
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
if (options->EntryNodes &&
(!old_options ||
!routerset_equal(old_options->EntryNodes,options->EntryNodes) ||
!routerset_equal(old_options->ExcludeNodes,options->ExcludeNodes)))
entry_nodes_should_be_added();
#endif
/* Since our options changed, we might need to regenerate and upload our
* server descriptor.
@ -3040,6 +3042,13 @@ options_validate(or_options_t *old_options, or_options_t *options,
warn_about_relative_paths(options);
#ifndef ENABLE_LEGACY_GUARD_ALGORITHM
if (options->UseDeprecatedGuardAlgorithm) {
log_warn(LD_CONFIG, "DeprecatedGuardAlgorithm not supported.");
return -1;
}
#endif
if (server_mode(options) &&
(!strcmpstart(uname, "Windows 95") ||
!strcmpstart(uname, "Windows 98") ||

4
src/or/connection_or.c
View File

@ -737,9 +737,11 @@ connection_or_about_to_close(or_connection_t *or_conn)
rep_hist_note_connect_failed(or_conn->identity_digest, now);
/* Tell the new guard API about the channel failure */
entry_guard_chan_failed(TLS_CHAN_TO_BASE(or_conn->chan));
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
/* Tell the old guard API about the channel failure */
entry_guard_register_connect_status(or_conn->identity_digest,0,
!options->HTTPSProxy, now);
#endif
if (conn->state >= OR_CONN_STATE_TLS_HANDSHAKING) {
int reason = tls_error_to_orconn_end_reason(or_conn->tls_error);
control_event_or_conn_status(or_conn, OR_CONN_EVENT_FAILED,
@ -1678,9 +1680,11 @@ connection_or_client_learned_peer_id(or_connection_t *conn,
conn->base_.address, conn->base_.port, expected, seen, extra_log);
/* Tell the new guard API about the channel failure */
entry_guard_chan_failed(TLS_CHAN_TO_BASE(conn->chan));
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
/* Tell the old guard API about the channel failure */
entry_guard_register_connect_status(conn->identity_digest, 0, 1,
time(NULL));
#endif
control_event_or_conn_status(conn, OR_CONN_EVENT_FAILED,
END_OR_CONN_REASON_OR_IDENTITY);
if (!authdir_mode_tests_reachability(options))

5
src/or/control.c
View File

@ -4041,12 +4041,17 @@ handle_control_dropguards(control_connection_t *conn,
smartlist_split_string(args, body, " ",
SPLIT_SKIP_SPACE|SPLIT_IGNORE_BLANK, 0);
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
if (smartlist_len(args)) {
connection_printf_to_buf(conn, "512 Too many arguments to DROPGUARDS\r\n");
} else {
remove_all_entry_guards();
send_control_done(conn);
}
#else
// XXXX
connection_printf_to_buf(conn, "512 not supported\r\n");
#endif
SMARTLIST_FOREACH(args, char *, cp, tor_free(cp));
smartlist_free(args);

91
src/or/entrynodes.c
View File

@ -149,11 +149,13 @@ static guard_selection_t *curr_guard_context = NULL;
* and those changes need to be flushed to disk. */
static int entry_guards_dirty = 0;
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
static const node_t *choose_random_entry_impl(guard_selection_t *gs,
cpath_build_state_t *state,
int for_directory,
dirinfo_type_t dirtype,
int *n_options_out);
#endif
static void entry_guard_set_filtered_flags(const or_options_t *options,
guard_selection_t *gs,
entry_guard_t *guard);
@ -228,7 +230,9 @@ guard_selection_new(const char *name,
gs = tor_malloc_zero(sizeof(*gs));
gs->name = tor_strdup(name);
gs->type = type;
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
gs->chosen_entry_guards = smartlist_new();
#endif
gs->sampled_entry_guards = smartlist_new();
gs->confirmed_entry_guards = smartlist_new();
gs->primary_entry_guards = smartlist_new();
@ -298,6 +302,7 @@ get_guard_selection_info(void)
return curr_guard_context;
}
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
/** Return the list of entry guards for a guard_selection_t, creating it
* if necessary. */
const smartlist_t *
@ -324,6 +329,7 @@ entry_guard_mark_bad(entry_guard_t *guard)
guard->bad_since = approx_time();
entry_guards_changed();
}
#endif
/** Return a statically allocated human-readable description of <b>guard</b>
*/
@ -2831,6 +2837,7 @@ entry_guards_load_guards_from_state(or_state_t *state, int set)
/* XXXXX prop271 ----- end of new-for-prop271 code ----- */
/* XXXXX ----------------------------------------------- */
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
/**
* @name Constants for old (pre-prop271) guard selection algorithm.
*/
@ -3109,6 +3116,7 @@ num_live_entry_guards(int for_directory)
return num_live_entry_guards_for_guard_selection(
get_guard_selection_info(), for_directory);
}
#endif
/** If <b>digest</b> matches the identity of any node in the
* entry_guards list for the provided guard selection state,
@ -3123,11 +3131,12 @@ entry_guard_get_by_id_digest_for_guard_selection(guard_selection_t *gs,
if (tor_memeq(digest, entry->identity, DIGEST_LEN))
return entry;
);
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
SMARTLIST_FOREACH(gs->chosen_entry_guards, entry_guard_t *, entry,
if (tor_memeq(digest, entry->identity, DIGEST_LEN))
return entry;
);
#endif
return NULL;
}
@ -3150,6 +3159,7 @@ entry_guard_get_by_id_digest(const char *digest)
get_guard_selection_info(), digest);
}
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
/** Dump a description of our list of entry guards in the given guard
* selection context to the log at level <b>severity</b>. */
static void
@ -3375,6 +3385,7 @@ pick_entry_guards(guard_selection_t *gs,
if (changed)
entry_guards_changed_for_guard_selection(gs);
}
#endif
/** Release all storage held by <b>e</b>. */
STATIC void
@ -3383,7 +3394,9 @@ entry_guard_free(entry_guard_t *e)
if (!e)
return;
entry_guard_handles_clear(e);
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
tor_free(e->chosen_by_version);
#endif
tor_free(e->sampled_by_version);
tor_free(e->extra_state_fields);
tor_free(e->selection_name);
@ -3391,6 +3404,7 @@ entry_guard_free(entry_guard_t *e)
tor_free(e);
}
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
/** Remove from a guard selection context any entry guard which was selected
* by an unknown version of Tor, or which was selected by a version of Tor
* that's known to select entry guards badly, or which was selected more 2
@ -3869,6 +3883,7 @@ entry_guards_set_from_config(guard_selection_t *gs,
smartlist_free(old_entry_guards_not_on_list);
entry_guards_changed_for_guard_selection(gs);
}
#endif
/** Return 0 if we're fine adding arbitrary routers out of the
* directory to our entry guard list, or return 1 if we have a
@ -3877,6 +3892,7 @@ entry_guards_set_from_config(guard_selection_t *gs,
int
entry_list_is_constrained(const or_options_t *options)
{
// XXXX prop271 look at the current selection.
if (options->EntryNodes)
return 1;
if (options->UseBridges)
@ -3884,6 +3900,7 @@ entry_list_is_constrained(const or_options_t *options)
return 0;
}
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
/** Pick a live (up and listed) entry guard from entry_guards. If
* <b>state</b> is non-NULL, this is for a specific circuit --
* make sure not to pick this circuit's exit or any node in the
@ -3910,6 +3927,7 @@ choose_random_dirguard(dirinfo_type_t type)
return choose_random_entry_impl(get_guard_selection_info(),
NULL, 1, type, NULL);
}
#endif
/** Return the number of bridges that have descriptors that are marked with
* purpose 'bridge' and are running.
@ -3920,10 +3938,13 @@ num_bridges_usable(void)
int n_options = 0;
if (get_options()->UseDeprecatedGuardAlgorithm) {
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
tor_assert(get_options()->UseBridges);
(void) choose_random_entry_impl(get_guard_selection_info(),
NULL, 0, 0, &n_options);
#else
tor_assert_nonfatal_unreached();
#endif
} else {
/* XXXX prop271 Is this quite right? */
tor_assert(get_options()->UseBridges);
@ -3944,6 +3965,7 @@ num_bridges_usable(void)
return n_options;
}
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
/** Filter <b>all_entry_guards</b> for usable entry guards and put them
* in <b>live_entry_guards</b>. We filter based on whether the node is
* currently alive, and on whether it satisfies the restrictions
@ -4156,6 +4178,7 @@ choose_random_entry_impl(guard_selection_t *gs,
smartlist_free(live_entry_guards);
return node;
}
#endif
static void
pathbias_check_use_success_count(entry_guard_t *node)
@ -4199,6 +4222,7 @@ pathbias_check_close_success_count(entry_guard_t *node)
}
}
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
/** Parse <b>state</b> and learn about the entry guards it describes.
* If <b>set</b> is true, and there are no errors, replace the guard
* list in the provided guard selection context with what we find.
@ -4452,6 +4476,7 @@ entry_guards_parse_state_for_guard_selection(
digestmap_free(added_by, tor_free_);
return *msg ? -1 : 0;
}
#endif
/** Parse <b>state</b> and learn about the entry guards it describes.
* If <b>set</b> is true, and there are no errors, replace the guard
@ -4466,9 +4491,13 @@ entry_guards_parse_state(or_state_t *state, int set, char **msg)
int r1 = entry_guards_load_guards_from_state(state, set);
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
int r2 = entry_guards_parse_state_for_guard_selection(
get_guard_selection_by_name("legacy", GS_TYPE_LEGACY, 1),
state, set, msg);
#else
int r2 = 0;
#endif
entry_guards_dirty = 0;
@ -4530,8 +4559,6 @@ entry_guards_changed(void)
void
entry_guards_update_state(or_state_t *state)
{
config_line_t **next, *line;
entry_guards_dirty = 0;
// Handles all non-legacy guard info.
@ -4539,6 +4566,9 @@ entry_guards_update_state(or_state_t *state)
entry_guards_dirty = 0;
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
config_line_t **next, *line;
guard_selection_t *gs;
gs = get_guard_selection_by_name("legacy", GS_TYPE_LEGACY, 0);
if (!gs)
@ -4612,6 +4642,7 @@ entry_guards_update_state(or_state_t *state)
}
} SMARTLIST_FOREACH_END(e);
#endif
if (!get_options()->AvoidDiskWrites)
or_state_mark_dirty(get_or_state(), 0);
entry_guards_dirty = 0;
@ -4634,11 +4665,18 @@ getinfo_helper_entry_guards(control_connection_t *conn,
guard_selection_t *gs = get_guard_selection_info();
tor_assert(gs != NULL);
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
tor_assert(gs->chosen_entry_guards != NULL);
#else
// XXXX
(void)question;
(void)answer;
#endif
(void) conn;
(void) errmsg;
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
if (!strcmp(question,"entry-guards") ||
!strcmp(question,"helper-nodes")) {
smartlist_t *sl = smartlist_new();
@ -4683,6 +4721,7 @@ getinfo_helper_entry_guards(control_connection_t *conn,
SMARTLIST_FOREACH(sl, char *, c, tor_free(c));
smartlist_free(sl);
}
#endif
return 0;
}
@ -4721,6 +4760,7 @@ guard_get_guardfraction_bandwidth(guardfraction_bandwidth_t *guardfraction_bw,
guardfraction_bw->non_guard_bw = orig_bandwidth - (int) guard_bw;
}
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
/** Returns true iff the node is used as a guard in the specified guard
* context */
int
@ -4819,6 +4859,7 @@ entries_retry_all(const or_options_t *options)
tor_assert(entry_list_is_constrained(options));
entries_retry_helper(options, 1);
}
#endif
/** Helper: Update the status of all entry guards, in whatever algorithm
* is used. Return true if we should stop using all previously generated
@ -4833,7 +4874,11 @@ guards_update_all(void)
tor_assert(curr_guard_context);
if (curr_guard_context->type == GS_TYPE_LEGACY) {
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
entry_guards_compute_status(get_options(), approx_time());
#else
tor_assert_nonfatal_unreached();
#endif
} else {
if (entry_guards_update_all(curr_guard_context))
mark_circuits = 1;
@ -4849,7 +4894,12 @@ guards_choose_guard(cpath_build_state_t *state,
circuit_guard_state_t **guard_state_out)
{
if (get_options()->UseDeprecatedGuardAlgorithm) {
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
return choose_random_entry(state);
#else
tor_assert_nonfatal_unreached();
return NULL;
#endif
} else {
const node_t *r = NULL;
const uint8_t *exit_id = NULL;
@ -4877,7 +4927,13 @@ guards_choose_dirguard(dirinfo_type_t info,
circuit_guard_state_t **guard_state_out)
{
if (get_options()->UseDeprecatedGuardAlgorithm) {
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
return choose_random_dirguard(info);
#else
(void)info;
tor_assert_nonfatal_unreached();
return NULL;
#endif
} else {
/* XXXX prop271 We don't need to look at the dirinfo_type_t here,
* apparently. If you look at the old implementation, and you follow info
@ -4897,6 +4953,31 @@ guards_choose_dirguard(dirinfo_type_t info,
}
}
/**
* If we're running with a constrained guard set, then maybe mark our guards
* usable. Return 1 if we do; 0 if we don't.
*/
int
guards_retry_optimistic(const or_options_t *options)
{
if (! entry_list_is_constrained(options))
return 0;
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
if (options->UseDeprecatedGuardAlgorithm) {
if (entries_known_but_down(options)) {
entries_retry_all(options);
return 1;
}
}
#endif
// XXXX prop271 -- is this correct?
mark_primary_guards_maybe_reachable(get_guard_selection_info());
return 1;
}
/** Free one guard selection context */
STATIC void
guard_selection_free(guard_selection_t *gs)
@ -4905,12 +4986,14 @@ guard_selection_free(guard_selection_t *gs)
tor_free(gs->name);
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
if (gs->chosen_entry_guards) {
SMARTLIST_FOREACH(gs->chosen_entry_guards, entry_guard_t *, e,
entry_guard_free(e));
smartlist_free(gs->chosen_entry_guards);
gs->chosen_entry_guards = NULL;
}
#endif
if (gs->sampled_entry_guards) {
SMARTLIST_FOREACH(gs->sampled_entry_guards, entry_guard_t *, e,

26
src/or/entrynodes.h
View File

@ -28,6 +28,11 @@ typedef struct circuit_guard_state_t circuit_guard_state_t;
private. */
typedef struct entry_guard_restriction_t entry_guard_restriction_t;
/*
XXXX Prop271 undefine this in order to disable all legacy guard functions.
*/
#define ENABLE_LEGACY_GUARD_ALGORITHM
/* Information about a guard's pathbias status.
* These fields are used in circpathbias.c to try to detect entry
* nodes that are failing circuits at a suspicious frequency.
@ -174,6 +179,7 @@ struct entry_guard_t {
guard_selection_t *in_selection;
/**@}*/
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
/**
* @name legacy guard selection algorithm fields
*
@ -202,6 +208,7 @@ struct entry_guard_t {
* at which we last failed to connect to it. */
/**}@*/
#endif
/** Path bias information for this guard. */
guard_pathbias_t pb;
@ -298,6 +305,7 @@ struct guard_selection_s {
* confirmed_entry_guards receive? */
int next_confirmed_idx;
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
/**
* A list of our chosen entry guards, as entry_guard_t structures; this
* preserves the pre-Prop271 behavior.
@ -310,6 +318,7 @@ struct guard_selection_s {
* preserves the pre-Prop271 behavior.
*/
int should_add_entry_nodes;
#endif
};
struct entry_guard_handle_t;
@ -369,9 +378,11 @@ entry_guard_t *entry_guard_get_by_id_digest(const char *digest);
void entry_guards_changed_for_guard_selection(guard_selection_t *gs);
void entry_guards_changed(void);
guard_selection_t * get_guard_selection_info(void);
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
const smartlist_t *get_entry_guards_for_guard_selection(
guard_selection_t *gs);
const smartlist_t *get_entry_guards(void);
#endif
int num_live_entry_guards_for_guard_selection(
guard_selection_t *gs,
int for_directory);
@ -379,7 +390,9 @@ int num_live_entry_guards(int for_directory);
#endif
const node_t *entry_guard_find_node(const entry_guard_t *guard);
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
void entry_guard_mark_bad(entry_guard_t *guard);
#endif
const char *entry_guard_get_rsa_id_digest(const entry_guard_t *guard);
const char *entry_guard_describe(const entry_guard_t *guard);
guard_pathbias_t *entry_guard_get_pathbias_state(entry_guard_t *guard);
@ -408,8 +421,10 @@ void entry_guards_note_internet_connectivity(guard_selection_t *gs);
int update_guard_selection_choice(const or_options_t *options);
/* Used by bridges.c only. */
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
void add_bridge_as_entry_guard(guard_selection_t *gs,
const node_t *chosen);
#endif
int num_bridges_usable(void);
#ifdef ENTRYNODES_PRIVATE
@ -568,6 +583,7 @@ STATIC unsigned entry_guards_note_guard_success(guard_selection_t *gs,
unsigned old_state);
STATIC int entry_guard_has_higher_priority(entry_guard_t *a, entry_guard_t *b);
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
// ---------- XXXX this stuff is pre-prop271.
STATIC const node_t *add_an_entry_guard(guard_selection_t *gs,
@ -599,16 +615,20 @@ STATIC const node_t *entry_is_live(const entry_guard_t *e,
const char **msg);
STATIC int entry_is_time_to_retry(const entry_guard_t *e, time_t now);
#endif
#endif
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
void remove_all_entry_guards_for_guard_selection(guard_selection_t *gs);
void remove_all_entry_guards(void);
#endif
struct bridge_info_t;
void entry_guard_learned_bridge_identity(const tor_addr_port_t *addrport,
const uint8_t *rsa_id_digest);
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
void entry_guards_compute_status_for_guard_selection(
guard_selection_t *gs, const or_options_t *options, time_t now);
void entry_guards_compute_status(const or_options_t *options, time_t now);
@ -619,9 +639,13 @@ int entry_guard_register_connect_status(const char *digest, int succeeded,
int mark_relay_status, time_t now);
void entry_nodes_should_be_added_for_guard_selection(guard_selection_t *gs);
void entry_nodes_should_be_added(void);
#endif
int entry_list_is_constrained(const or_options_t *options);
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
const node_t *choose_random_entry(cpath_build_state_t *state);
const node_t *choose_random_dirguard(dirinfo_type_t t);
#endif
int guards_retry_optimistic(const or_options_t *options);
int entry_guards_parse_state_for_guard_selection(
guard_selection_t *gs, or_state_t *state, int set, char **msg);
int entry_guards_parse_state(or_state_t *state, int set, char **msg);
@ -629,9 +653,11 @@ void entry_guards_update_state(or_state_t *state);
int getinfo_helper_entry_guards(control_connection_t *conn,
const char *question, char **answer,
const char **errmsg);
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
int is_node_used_as_guard_for_guard_selection(guard_selection_t *gs,
const node_t *node);
MOCK_DECL(int, is_node_used_as_guard, (const node_t *node));
#endif
int entries_known_but_down(const or_options_t *options);
void entries_retry_all(const or_options_t *options);

6
src/or/routerlist.c
View File

@ -2003,6 +2003,10 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags,
int try_excluding = 1, n_excluded = 0, n_busy = 0;
int try_ip_pref = 1;
#ifndef ENABLE_LEGACY_GUARD_ALGORITHM
tor_assert_nonfatal(! for_guard);
#endif
if (!consensus)
return NULL;
@ -2038,10 +2042,12 @@ router_pick_directory_server_impl(dirinfo_type_t type, int flags,
if ((type & EXTRAINFO_DIRINFO) &&
!router_supports_extrainfo(node->identity, is_trusted_extrainfo))
continue;
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
/* Don't make the same node a guard twice */
if (for_guard && is_node_used_as_guard(node)) {
continue;
}
#endif
/* Ensure that a directory guard is actually a guard node. */
if (for_guard && !node->is_possible_guard) {
continue;

20
src/test/test_entrynodes.c
View File

@ -45,6 +45,7 @@ get_or_state_replacement(void)
return dummy_state;
}
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
/* Unittest cleanup function: Cleanup the fake network. */
static int
fake_network_cleanup(const struct testcase_t *testcase, void *ptr)
@ -77,6 +78,7 @@ fake_network_setup(const struct testcase_t *testcase)
/* Return anything but NULL (it's interpreted as test fail) */
return dummy_state;
}
#endif
static networkstatus_t *dummy_consensus = NULL;
@ -200,6 +202,7 @@ mock_get_options(void)
return &mocked_options;
}
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
/** Test choose_random_entry() with none of our routers being guard nodes. */
static void
test_choose_random_entry_no_guards(void *arg)
@ -888,6 +891,7 @@ test_entry_is_live(void *arg)
done:
; /* XXX */
}
#endif
#define TEST_IPV4_ADDR "123.45.67.89"
#define TEST_IPV6_ADDR "[1234:5678:90ab:cdef::]"
@ -1471,8 +1475,12 @@ test_entry_guard_parse_from_state_broken(void *arg)
tt_int_op(smartlist_len(gs_df->sampled_entry_guards), OP_EQ, 1);
guard_selection_t *gs_legacy =
get_guard_selection_by_name("legacy", GS_TYPE_LEGACY, 0);
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
tt_assert(gs_legacy != NULL);
tt_int_op(smartlist_len(gs_legacy->chosen_entry_guards), OP_EQ, 0);
#else
tt_assert(gs_legacy == NULL);
#endif
done:
config_free_lines(lines);
@ -2455,7 +2463,7 @@ test_entry_guard_select_for_circuit_no_confirmed(void *arg)
// if we mark that guard down, we should get a different primary guard.
// auto-retry it.
g->is_reachable = GUARD_REACHABLE_NO;
g->unreachable_since = approx_time() - 10;
g->failing_since = approx_time() - 10;
g->last_tried_to_connect = approx_time() - 10;
state = 9999;
g2 = select_entry_guard_for_circuit(gs, NULL, &state);
@ -2469,7 +2477,7 @@ test_entry_guard_select_for_circuit_no_confirmed(void *arg)
// If we say that the first primary guard was last tried a long time ago, we
// should get an automatic retry on it.
g->unreachable_since = approx_time() - 72*60*60;
g->failing_since = approx_time() - 72*60*60;
g->last_tried_to_connect = approx_time() - 72*60*60;
state = 9999;
g2 = select_entry_guard_for_circuit(gs, NULL, &state);
@ -2484,7 +2492,7 @@ test_entry_guard_select_for_circuit_no_confirmed(void *arg)
SMARTLIST_FOREACH(gs->primary_entry_guards, entry_guard_t *, guard, {
guard->is_reachable = GUARD_REACHABLE_NO;
guard->last_tried_to_connect = approx_time() - 5;
guard->unreachable_since = approx_time() - 30;
guard->failing_since = approx_time() - 30;
});
state = 9999;
g2 = select_entry_guard_for_circuit(gs, NULL, &state);
@ -2503,7 +2511,7 @@ test_entry_guard_select_for_circuit_no_confirmed(void *arg)
tt_assert(guard->is_usable_filtered_guard == 1);
// no change to these fields.
tt_i64_op(guard->last_tried_to_connect, OP_EQ, approx_time() - 5);
tt_i64_op(guard->unreachable_since, OP_EQ, approx_time() - 30);
tt_i64_op(guard->failing_since, OP_EQ, approx_time() - 30);
});
/* Let's try again and we should get the first primary guard again */
@ -3334,9 +3342,11 @@ test_enty_guard_should_expire_waiting(void *arg)
tor_free(fake_state);
}
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
static const struct testcase_setup_t fake_network = {
fake_network_setup, fake_network_cleanup
};
#endif
static const struct testcase_setup_t big_fake_network = {
big_fake_network_setup, big_fake_network_cleanup
@ -3354,6 +3364,7 @@ static const struct testcase_setup_t upgrade_circuits = {
(void*)(arg) }
struct testcase_t entrynodes_tests[] = {
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
{ "entry_is_time_to_retry", test_entry_is_time_to_retry,
TT_FORK, NULL, NULL },
{ "choose_random_entry_no_guards", test_choose_random_entry_no_guards,
@ -3379,6 +3390,7 @@ struct testcase_t entrynodes_tests[] = {
{ "entry_is_live",
test_entry_is_live,
TT_FORK, &fake_network, NULL },
#endif
{ "node_preferred_orport",
test_node_preferred_orport,
0, NULL, NULL },

10
src/test/test_routerlist.c
View File

@ -204,6 +204,7 @@ mock_usable_consensus_flavor(void)
return mock_usable_consensus_flavor_value;
}
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
static smartlist_t *mock_is_guard_list = NULL;
static int
@ -250,6 +251,7 @@ clear_mock_guard_list(void)
mock_is_guard_list = NULL;
}
}
#endif
static void
test_router_pick_directory_server_impl(void *arg)
@ -271,7 +273,9 @@ test_router_pick_directory_server_impl(void *arg)
(void)arg;
MOCK(usable_consensus_flavor, mock_usable_consensus_flavor);
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
MOCK(is_node_used_as_guard, mock_is_node_used_as_guard);
#endif
/* With no consensus, we must be bootstrapping, regardless of time or flavor
*/
@ -384,6 +388,7 @@ test_router_pick_directory_server_impl(void *arg)
node_router1->is_valid = 1;
node_router3->is_valid = 1;
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
flags |= PDS_FOR_GUARD;
mark_node_used_as_guard(node_router1);
mark_node_used_as_guard(node_router2);
@ -397,8 +402,10 @@ test_router_pick_directory_server_impl(void *arg)
rs = NULL;
mark_node_unused_as_guard(node_router2);
mark_node_unused_as_guard(node_router3);
#endif
/* One not valid, one guard. This should leave one remaining */
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
node_router1->is_valid = 0;
mark_node_used_as_guard(node_router2);
rs = router_pick_directory_server_impl(V3_DIRINFO, flags, NULL);
@ -407,6 +414,7 @@ test_router_pick_directory_server_impl(void *arg)
rs = NULL;
node_router1->is_valid = 1;
mark_node_unused_as_guard(node_router2);
#endif
/* Manipulate overloaded */
@ -469,8 +477,10 @@ test_router_pick_directory_server_impl(void *arg)
done:
UNMOCK(usable_consensus_flavor);
#ifdef ENABLE_LEGACY_GUARD_ALGORITHM
UNMOCK(is_node_used_as_guard);
clear_mock_guard_list();
#endif
if (router1_id)
tor_free(router1_id);