Check number of usable guards when applying md restrictions.

We used to check whether we have enough filtered guards (guard set when
torrc is applied) but that's not good enough, since that might be bad in
some cases where many guards are not reachable (might cause overblocking
and hence reacahbility issues).

We now check if we have enough reachable filtered guards before applying
md restrictions which should prevent overblocking.

diff --git a/src/or/entrynodes.c b/src/or/entrynodes.c
index dc02557b53cc3e3d76ccc05189a9fc3d87853ae8..d63d9291b3b7a9cd02e0cff13d708b182d8d973b 100644 (file)
--- a/src/or/entrynodes.c
+++ b/src/or/entrynodes.c
@@ -966,7 +966,7 @@ entry_guard_learned_bridge_identity(const tor_addr_port_t *addrport,
  * violate it.
  */
 STATIC int
-num_reachable_filtered_guards(guard_selection_t *gs,
+num_reachable_filtered_guards(const guard_selection_t *gs,
                               const entry_guard_restriction_t *rst)
 {
   int n_reachable_filtered_guards = 0;
@@ -1472,30 +1472,28 @@ guard_create_exit_restriction(const uint8_t *exit_id)
   return rst;
 }
 
-/** If we have fewer than this many possible guards, don't set
- * MD-availability-based restrictions: we might blacklist all of
- * them. */
+/** If we have fewer than this many possible usable guards, don't set
+ * MD-availability-based restrictions: we might blacklist all of them. */
 #define MIN_GUARDS_FOR_MD_RESTRICTION 10
 
 /** Return true if we should set md dirserver restrictions. We might not want
- *  to set those if our network is too restricted, since we don't want to
- *  blacklist all our nodes. */
+ *  to set those if our guard options are too restricted, since we don't want
+ *  to blacklist all of them. */
 static int
 should_set_md_dirserver_restriction(void)
 {
   const guard_selection_t *gs = get_guard_selection_info();
+  int num_usable_guards = num_reachable_filtered_guards(gs, NULL);
 
-  /* Compute the number of filtered guards */
-  int n_filtered_guards = 0;
-  SMARTLIST_FOREACH_BEGIN(gs->sampled_entry_guards, entry_guard_t *, guard) {
-    if (guard->is_filtered_guard) {
-      ++n_filtered_guards;
-    }
-  } SMARTLIST_FOREACH_END(guard);
+  /* Don't set restriction if too few reachable filtered guards. */
+  if (num_usable_guards < MIN_GUARDS_FOR_MD_RESTRICTION) {
+    log_info(LD_GUARD, "Not setting md restriction: only %d"
+             " usable guards.", num_usable_guards);
+    return 0;
+  }
 
-  /* Do we have enough filtered guards that we feel okay about blacklisting
-   * some for MD restriction? */
-  return (n_filtered_guards >= MIN_GUARDS_FOR_MD_RESTRICTION);
+  /* We have enough usable guards: set MD restriction */
+  return 1;
 }
 
 /** Allocate and return an outdated md guard restriction. Return NULL if no

diff --git a/src/or/entrynodes.h b/src/or/entrynodes.h
index 29de627de0eb3e3c54a2fa8c2051ffcf95717be7..39bff143818105703e022d0a848256458142cb60 100644 (file)
--- a/src/or/entrynodes.h
+++ b/src/or/entrynodes.h
@@ -521,7 +521,7 @@ STATIC void entry_guard_consider_retry(entry_guard_t *guard);
 STATIC void make_guard_confirmed(guard_selection_t *gs, entry_guard_t *guard);
 STATIC void entry_guards_update_confirmed(guard_selection_t *gs);
 STATIC void entry_guards_update_primary(guard_selection_t *gs);
-STATIC int num_reachable_filtered_guards(guard_selection_t *gs,
+STATIC int num_reachable_filtered_guards(const guard_selection_t *gs,
                                          const entry_guard_restriction_t *rst);
 STATIC void sampled_guards_update_from_consensus(guard_selection_t *gs);
 /**