relay: Double the size of the relay reentry set

This is to minimize false positive and thus deny reentry to Exit connections
that were in reality not re-entering. Helps with overall UX.

Signed-off-by: David Goulet <dgoulet@torproject.org>

diff --git a/src/feature/nodelist/nodelist.c b/src/feature/nodelist/nodelist.c
index 9d553ce1f5fe7015c00733e52911790736cf7cf9..22b93762e72532ed9b02c08388b4170c304eed5d 100644 (file)
--- a/src/feature/nodelist/nodelist.c
+++ b/src/feature/nodelist/nodelist.c
@@ -672,8 +672,12 @@ nodelist_set_consensus(networkstatus_t *ns)
   address_set_free(the_nodelist->node_addrs);
   addr_port_set_free(the_nodelist->reentry_set);
   the_nodelist->node_addrs = address_set_new(estimated_addresses);
-  /* Times two here is for both the ORPort and DirPort. */
-  the_nodelist->reentry_set = addr_port_set_new(estimated_addresses * 2);
+  /* Times two here is for both the ORPort and DirPort. We double it again in
+   * order to minimize as much as possible the false positive when looking up
+   * this set. Reason is that Exit streams that are legitimate but end up a
+   * false positive against this set will thus be considered reentry and be
+   * rejected which means a bad UX. */
+  the_nodelist->reentry_set = addr_port_set_new(estimated_addresses * 2 * 2);
 
   SMARTLIST_FOREACH_BEGIN(ns->routerstatus_list, routerstatus_t *, rs) {
     node_t *node = node_get_or_create(rs->identity_digest);