Don't expand guard sample set unless consensus is "reasonably live"

Fixes what I think is the main root cause of 22400. Bugfix on 0.3.0.1-alpha.
2017-06-19 15:48:47 -04:00 · 2017-06-19 15:48:47 -04:00 · 32e486de97
parent 71c701927a
commit 32e486de97
2 changed files with 19 additions and 0 deletions
--- a/changes/bug22400_01
+++ b/changes/bug22400_01
@ -0,0 +1,4 @@
+  o Major bugfixes (entry guards):
+    - When starting with an old consensus, do not add new entry guards
+      unless the consensus is "reasonably live" (under 1 day old). Fixes
+      one root cause of bug 22400; bugfix on 0.3.0.1-alpha.
--- a/src/or/entrynodes.c
+++ b/src/or/entrynodes.c
@ -1104,6 +1104,21 @@ entry_guards_expand_sample(guard_selection_t *gs)
 {
  tor_assert(gs);
  const or_options_t *options = get_options();
+
+  if (gs->type != GS_TYPE_BRIDGE) {
+    networkstatus_t *consensus = networkstatus_get_latest_consensus();
+    time_t now = approx_time();
+    if (consensus == NULL) {
+      log_info(LD_GUARD, "Not expanding the sample guard set; we have "
+               "no consensus.");
+      return NULL;
+    } else if (!networkstatus_consensus_reasonably_live(consensus, now)) {
+      log_info(LD_GUARD, "Not expanding the sample guard set; we have "
+               "a consensus, but it is far too old.");
+      return NULL;
+    }
+  }
+
  int n_sampled = smartlist_len(gs->sampled_entry_guards);
  entry_guard_t *added_guard = NULL;
  int n_usable_filtered_guards = num_reachable_filtered_guards(gs, NULL);