Drop the minimum guard lifetime back down to one month

Mike believes that raising the default to 2 months with no way to lower
it may create horrible load-balancing issues.

diff --git a/doc/tor.1.txt b/doc/tor.1.txt
index 5639ad26d48929970a99a58047d315bf2d0a238c..0c13a5c7d6a170bb4824313b473690a9783a18b3 100644 (file)
--- a/doc/tor.1.txt
+++ b/doc/tor.1.txt
@@ -962,7 +962,7 @@ The following options are useful only for clients (that is, if
 **GuardLifetime**  __N__ **days**|**weeks**|**months**::
     If nonzero, and UseEntryGuards is set, minimum time to keep a guard before
     picking a new one. If zero, we use the GuardLifetime parameter from the
-    consensus directory.  No value here may  be less than 2 months or greater
+    consensus directory.  No value here may  be less than 1 month or greater
     than 5 years; out-of-range values are clamped. (Default: 0)
 
 **SafeSocks** **0**|**1**::

diff --git a/src/or/circuitbuild.c b/src/or/circuitbuild.c
index f07d428829832a813b4d336ab76afbea5e88215a..d3a29fd0e32d8b01ceac1f19fe3e926bb681f434 100644 (file)
--- a/src/or/circuitbuild.c
+++ b/src/or/circuitbuild.c
@@ -4290,13 +4290,15 @@ entry_guard_free(entry_guard_t *e)
 
 /**
  * Return the minimum lifetime of working entry guard, in seconds,
- * as given in the consensus networkstatus.
+ * as given in the consensus networkstatus.  (Plus CHOSEN_ON_DATE_SLOP,
+ * so that we can do the chosen_on_date randomization while achieving the
+ * desired minimum lifetime.)
  */
 static int32_t
 guards_get_lifetime(void)
 {
   const or_options_t *options = get_options();
-#define DFLT_GUARD_LIFETIME (86400 * 60)   /* Two months. */
+#define DFLT_GUARD_LIFETIME (86400 * 30)   /* One month. */
 #define MIN_GUARD_LIFETIME  (86400 * 60)   /* Two months. */
 #define MAX_GUARD_LIFETIME  (86400 * 1826) /* Five years. */