|
|
@@ -1384,6 +1384,8 @@ entry_guards_note_guard_success(guard_selection_t *gs,
|
|
|
|
|
|
if (guard->confirmed_idx < 0) {
|
|
|
make_guard_confirmed(gs, guard);
|
|
|
+ if (!gs->primary_guards_up_to_date)
|
|
|
+ entry_guards_update_primary(gs);
|
|
|
}
|
|
|
|
|
|
unsigned new_state;
|
|
|
@@ -1392,7 +1394,19 @@ entry_guards_note_guard_success(guard_selection_t *gs,
|
|
|
} else {
|
|
|
tor_assert_nonfatal(
|
|
|
old_state == GUARD_CIRC_STATE_USABLE_IF_NO_BETTER_GUARD);
|
|
|
- new_state = GUARD_CIRC_STATE_WAITING_FOR_BETTER_GUARD;
|
|
|
+
|
|
|
+ if (guard->is_primary) {
|
|
|
+ /* XXXX prop271 -- I don't actually like this logic. It seems to make us
|
|
|
+ * a little more susceptible to evil-ISP attacks. The mitigations I'm
|
|
|
+ * thinking of, however, aren't local to this point, so I'll leave it
|
|
|
+ * alone. */
|
|
|
+ /* This guard may have become primary by virtue of being confirmed.
|
|
|
+ If so, the circuit for it is now complete.
|
|
|
+ */
|
|
|
+ new_state = GUARD_CIRC_STATE_COMPLETE;
|
|
|
+ } else {
|
|
|
+ new_state = GUARD_CIRC_STATE_WAITING_FOR_BETTER_GUARD;
|
|
|
+ }
|
|
|
|
|
|
if (last_time_on_internet + get_internet_likely_down_interval()
|
|
|
< approx_time()) {
|
Nick Mathewson