1 /* Copyright (c) 2001 Matej Pfajfar.
2 * Copyright (c) 2001-2004, Roger Dingledine.
3 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
4 * Copyright (c) 2007-2017, The Tor Project, Inc. */
5 /* See LICENSE for licensing information */
9 * \brief Header file for circuitbuild.c.
12 #ifndef TOR_ENTRYNODES_H
13 #define TOR_ENTRYNODES_H
17 /* Forward declare for guard_selection_t; entrynodes.c has the real struct */
18 typedef struct guard_selection_s guard_selection_t
;
20 /* Forward declare for entry_guard_t; the real declaration is private. */
21 typedef struct entry_guard_t entry_guard_t
;
23 /* Forward declaration for circuit_guard_state_t; the real declaration is
25 typedef struct circuit_guard_state_t circuit_guard_state_t
;
27 /* Forward declaration for entry_guard_restriction_t; the real declaration is
29 typedef struct entry_guard_restriction_t entry_guard_restriction_t
;
31 /* Information about a guard's pathbias status.
32 * These fields are used in circpathbias.c to try to detect entry
33 * nodes that are failing circuits at a suspicious frequency.
35 typedef struct guard_pathbias_t
{
36 unsigned int path_bias_noticed
: 1; /**< Did we alert the user about path
37 * bias for this node already? */
38 unsigned int path_bias_warned
: 1; /**< Did we alert the user about path bias
39 * for this node already? */
40 unsigned int path_bias_extreme
: 1; /**< Did we alert the user about path
41 * bias for this node already? */
42 unsigned int path_bias_disabled
: 1; /**< Have we disabled this node because
43 * of path bias issues? */
44 unsigned int path_bias_use_noticed
: 1; /**< Did we alert the user about path
45 * use bias for this node already? */
46 unsigned int path_bias_use_extreme
: 1; /**< Did we alert the user about path
47 * use bias for this node already? */
49 double circ_attempts
; /**< Number of circuits this guard has "attempted" */
50 double circ_successes
; /**< Number of successfully built circuits using
51 * this guard as first hop. */
52 double successful_circuits_closed
; /**< Number of circuits that carried
53 * streams successfully. */
54 double collapsed_circuits
; /**< Number of fully built circuits that were
55 * remotely closed before any streams were
57 double unusable_circuits
; /**< Number of circuits for which streams were
58 * attempted, but none succeeded. */
59 double timeouts
; /**< Number of 'right-censored' circuit timeouts for this
61 double use_attempts
; /**< Number of circuits we tried to use with streams */
62 double use_successes
; /**< Number of successfully used circuits using
63 * this guard as first hop. */
66 #if defined(ENTRYNODES_PRIVATE)
68 * @name values for entry_guard_t.is_reachable.
70 * See entry_guard_t.is_reachable for more information.
73 #define GUARD_REACHABLE_NO 0
74 #define GUARD_REACHABLE_YES 1
75 #define GUARD_REACHABLE_MAYBE 2
78 /** An entry_guard_t represents our information about a chosen long-term
79 * first hop, known as a "helper" node in the literature. We can't just
80 * use a node_t, since we want to remember these even when we
81 * don't have any directory info. */
82 struct entry_guard_t
{
83 HANDLE_ENTRY(entry_guard
, entry_guard_t
);
85 char nickname
[MAX_HEX_NICKNAME_LEN
+1];
86 char identity
[DIGEST_LEN
];
87 ed25519_public_key_t ed_id
;
90 * @name new guard selection algorithm fields.
92 * Only the new (prop271) algorithm uses these. For a more full
93 * description of the algorithm, see the module documentation for
98 /* == Persistent fields, present for all sampled guards. */
99 /** When was this guard added to the sample? */
100 time_t sampled_on_date
;
101 /** Since what date has this guard been "unlisted"? A guard counts as
102 * unlisted if we have a live consensus that does not include it, or
103 * if we have a live consensus that does not include it as a usable
104 * guard. This field is zero when the guard is listed. */
105 time_t unlisted_since_date
; // can be zero
106 /** What version of Tor added this guard to the sample? */
107 char *sampled_by_version
;
108 /** Is this guard listed right now? If this is set, then
109 * unlisted_since_date should be set too. */
110 unsigned currently_listed
: 1;
112 /* == Persistent fields, for confirmed guards only */
113 /** When was this guard confirmed? (That is, when did we first use it
114 * successfully and decide to keep it?) This field is zero if this is not a
115 * confirmed guard. */
116 time_t confirmed_on_date
; /* 0 if not confirmed */
118 * In what order was this guard confirmed? Guards with lower indices
119 * appear earlier on the confirmed list. If the confirmed list is compacted,
120 * this field corresponds to the index of this guard on the confirmed list.
122 * This field is set to -1 if this guard is not confirmed.
124 int confirmed_idx
; /* -1 if not confirmed; otherwise the order that this
125 * item should occur in the CONFIRMED_GUARDS ordered
129 * Which selection does this guard belong to?
131 char *selection_name
;
133 /** Bridges only: address of the bridge. */
134 tor_addr_port_t
*bridge_addr
;
136 /* ==== Non-persistent fields. */
137 /* == These are used by sampled guards */
138 /** When did we last decide to try using this guard for a circuit? 0 for
139 * "not since we started up." */
140 time_t last_tried_to_connect
;
141 /** How reachable do we consider this guard to be? One of
142 * GUARD_REACHABLE_NO, GUARD_REACHABLE_YES, or GUARD_REACHABLE_MAYBE. */
143 unsigned is_reachable
: 2;
144 /** Boolean: true iff this guard is pending. A pending guard is one
145 * that we have an in-progress circuit through, and which we do not plan
146 * to try again until it either succeeds or fails. Primary guards can
147 * never be pending. */
148 unsigned is_pending
: 1;
149 /** If true, don't write this guard to disk. (Used for bridges with unknown
151 unsigned is_persistent
: 1;
152 /** When did we get the earliest connection failure for this guard?
153 * We clear this field on a successful connect. We do _not_ clear it
154 * when we mark the guard as "MAYBE" reachable.
156 time_t failing_since
;
158 /* == Set inclusion flags. */
159 /** If true, this guard is in the filtered set. The filtered set includes
160 * all sampled guards that our configuration allows us to use. */
161 unsigned is_filtered_guard
: 1;
162 /** If true, this guard is in the usable filtered set. The usable filtered
163 * set includes all filtered guards that are not believed to be
164 * unreachable. (That is, those for which is_reachable is not
165 * GUARD_REACHABLE_NO) */
166 unsigned is_usable_filtered_guard
: 1;
167 unsigned is_primary
:1;
169 /** This string holds any fields that we are maintaining because
170 * we saw them in the state, even if we don't understand them. */
171 char *extra_state_fields
;
173 /** Backpointer to the guard selection that this guard belongs to.
174 * The entry_guard_t must never outlive its guard_selection. */
175 guard_selection_t
*in_selection
;
178 /** Path bias information for this guard. */
183 * Possible rules for a guard selection to follow
185 typedef enum guard_selection_type_t
{
186 /** Infer the type of this selection from its name. */
188 /** Use the normal guard selection algorithm, taking our sample from the
189 * complete list of guards in the consensus. */
191 /** Use the normal guard selection algorithm, taking our sample from the
192 * configured bridges, and allowing it to grow as large as all the configured
195 /** Use the normal guard selection algorithm, taking our sample from the
196 * set of filtered nodes. */
198 } guard_selection_type_t
;
201 * All of the the context for guard selection on a particular client.
203 * We maintain multiple guard selection contexts for a client, depending
204 * aspects on its current configuration -- whether an extremely
205 * restrictive EntryNodes is used, whether UseBridges is enabled, and so
208 * See the module documentation for entrynodes.c for more information
209 * about guard selection algorithms.
211 struct guard_selection_s
{
213 * The name for this guard-selection object. (Must not contain spaces).
218 * What rules does this guard-selection object follow?
220 guard_selection_type_t type
;
223 * A value of 1 means that primary_entry_guards is up-to-date with respect to
224 * the consensus and status info that we currently have; 0 means we need to
225 * recalculate it before using primary_entry_guards or the is_primary flag on
228 int primary_guards_up_to_date
;
231 * A list of the sampled entry guards, as entry_guard_t structures.
232 * Not in any particular order. When we 'sample' a guard, we are
233 * noting it as a possible guard to pick in the future. The use of
234 * sampling here prevents us from being forced by an attacker to try
235 * every guard on the network. This list is persistent.
237 smartlist_t
*sampled_entry_guards
;
240 * Ordered list (from highest to lowest priority) of guards that we
241 * have successfully contacted and decided to use. Every member of
242 * this list is a member of sampled_entry_guards. Every member should
243 * have confirmed_on_date set, and have confirmed_idx greater than
244 * any earlier member of the list.
246 * This list is persistent. It is a subset of the elements in
247 * sampled_entry_guards, and its pointers point to elements of
248 * sampled_entry_guards.
250 smartlist_t
*confirmed_entry_guards
;
253 * Ordered list (from highest to lowest priority) of guards that we
254 * are willing to use the most happily. These guards may or may not
255 * yet be confirmed yet. If we can use one of these guards, we are
256 * probably not on a network that is trying to restrict our guard
259 * This list is a subset of the elements in
260 * sampled_entry_guards, and its pointers point to elements of
261 * sampled_entry_guards.
263 smartlist_t
*primary_entry_guards
;
265 /** When did we last successfully build a circuit or use a circuit? */
266 time_t last_time_on_internet
;
268 /** What confirmed_idx value should the next-added member of
269 * confirmed_entry_guards receive? */
270 int next_confirmed_idx
;
274 struct entry_guard_handle_t
;
276 /** Types of restrictions we impose when picking guard nodes */
277 typedef enum guard_restriction_type_t
{
278 /* Don't pick the same guard node as our exit node (or its family) */
280 /* Don't pick dirguards that have previously shown to be outdated */
281 RST_OUTDATED_MD_DIRSERVER
= 1
282 } guard_restriction_type_t
;
285 * A restriction to remember which entry guards are off-limits for a given
288 * Note: This mechanism is NOT for recording which guards are never to be
289 * used: only which guards cannot be used on <em>one particular circuit</em>.
291 struct entry_guard_restriction_t
{
292 /* What type of restriction are we imposing? */
293 guard_restriction_type_t type
;
295 /* In case of restriction type RST_EXIT_NODE, the guard's RSA identity
296 * digest must not equal this; and it must not be in the same family as any
297 * node with this digest. */
298 uint8_t exclude_id
[DIGEST_LEN
];
302 * Per-circuit state to track whether we'll be able to use the circuit.
304 struct circuit_guard_state_t
{
305 /** Handle to the entry guard object for this circuit. */
306 struct entry_guard_handle_t
*guard
;
307 /** The time at which <b>state</b> last changed. */
309 /** One of GUARD_CIRC_STATE_* */
313 * A set of restrictions that were placed on this guard when we selected it
314 * for this particular circuit. We need to remember the restrictions here,
315 * since any guard that breaks these restrictions will not block this
316 * circuit from becoming COMPLETE.
318 entry_guard_restriction_t
*restrictions
;
320 #endif /* defined(ENTRYNODES_PRIVATE) */
322 /* Common entry points for old and new guard code */
323 int guards_update_all(void);
324 const node_t
*guards_choose_guard(cpath_build_state_t
*state
,
326 circuit_guard_state_t
**guard_state_out
);
327 const node_t
*guards_choose_dirguard(uint8_t dir_purpose
,
328 circuit_guard_state_t
**guard_state_out
);
331 /* XXXX NM I would prefer that all of this stuff be private to
333 entry_guard_t
*entry_guard_get_by_id_digest_for_guard_selection(
334 guard_selection_t
*gs
, const char *digest
);
335 entry_guard_t
*entry_guard_get_by_id_digest(const char *digest
);
337 circuit_guard_state_t
*
338 get_guard_state_for_bridge_desc_fetch(const char *digest
);
340 void entry_guards_changed_for_guard_selection(guard_selection_t
*gs
);
341 void entry_guards_changed(void);
342 guard_selection_t
* get_guard_selection_info(void);
343 int num_live_entry_guards_for_guard_selection(
344 guard_selection_t
*gs
,
346 int num_live_entry_guards(int for_directory
);
349 const node_t
*entry_guard_find_node(const entry_guard_t
*guard
);
350 const char *entry_guard_get_rsa_id_digest(const entry_guard_t
*guard
);
351 const char *entry_guard_describe(const entry_guard_t
*guard
);
352 guard_pathbias_t
*entry_guard_get_pathbias_state(entry_guard_t
*guard
);
354 /** Enum to specify how we're going to use a given guard, when we're picking
355 * one for immediate use. */
357 GUARD_USAGE_TRAFFIC
= 0,
358 GUARD_USAGE_DIRGUARD
= 1
361 #define circuit_guard_state_free(val) \
362 FREE_AND_NULL(circuit_guard_state_t, circuit_guard_state_free_, (val))
364 void circuit_guard_state_free_(circuit_guard_state_t
*state
);
365 int entry_guard_pick_for_circuit(guard_selection_t
*gs
,
367 entry_guard_restriction_t
*rst
,
368 const node_t
**chosen_node_out
,
369 circuit_guard_state_t
**guard_state_out
);
371 /* We just connected to an entry guard. What should we do with the circuit? */
373 GUARD_USABLE_NEVER
= -1, /* Never use the circuit */
374 GUARD_MAYBE_USABLE_LATER
= 0, /* Keep it. We might use it in the future */
375 GUARD_USABLE_NOW
= 1, /* Use it right now */
378 guard_usable_t
entry_guard_succeeded(circuit_guard_state_t
**guard_state_p
);
379 void entry_guard_failed(circuit_guard_state_t
**guard_state_p
);
380 void entry_guard_cancel(circuit_guard_state_t
**guard_state_p
);
381 void entry_guard_chan_failed(channel_t
*chan
);
382 int entry_guards_update_all(guard_selection_t
*gs
);
383 int entry_guards_upgrade_waiting_circuits(guard_selection_t
*gs
,
384 const smartlist_t
*all_circuits
,
385 smartlist_t
*newly_complete_out
);
386 int entry_guard_state_should_expire(circuit_guard_state_t
*guard_state
);
387 void entry_guards_note_internet_connectivity(guard_selection_t
*gs
);
389 int update_guard_selection_choice(const or_options_t
*options
);
391 int entry_guard_could_succeed(const circuit_guard_state_t
*guard_state
);
393 MOCK_DECL(int,num_bridges_usable
,(int use_maybe_reachable
));
395 #ifdef ENTRYNODES_PRIVATE
397 * @name Default values for the parameters for the new (prop271) entry guard
402 * We never let our sampled guard set grow larger than this percentage
403 * of the guards on the network.
405 #define DFLT_MAX_SAMPLE_THRESHOLD_PERCENT 20
407 * We never let our sampled guard set grow larger than this number of
410 #define DFLT_MAX_SAMPLE_SIZE 60
412 * We always try to make our sample contain at least this many guards.
414 #define DFLT_MIN_FILTERED_SAMPLE_SIZE 20
416 * If a guard is unlisted for this many days in a row, we remove it.
418 #define DFLT_REMOVE_UNLISTED_GUARDS_AFTER_DAYS 20
420 * We remove unconfirmed guards from the sample after this many days,
421 * regardless of whether they are listed or unlisted.
423 #define DFLT_GUARD_LIFETIME_DAYS 120
425 * We remove confirmed guards from the sample if they were sampled
426 * GUARD_LIFETIME_DAYS ago and confirmed this many days ago.
428 #define DFLT_GUARD_CONFIRMED_MIN_LIFETIME_DAYS 60
430 * How many guards do we try to keep on our primary guard list?
432 #define DFLT_N_PRIMARY_GUARDS 3
434 * Of the live guards on the primary guard list, how many do we consider when
435 * choosing a guard to use?
437 #define DFLT_N_PRIMARY_GUARDS_TO_USE 1
439 * As DFLT_N_PRIMARY_GUARDS, but for choosing which directory guard to use.
441 #define DFLT_N_PRIMARY_DIR_GUARDS_TO_USE 3
443 * If we haven't successfully built or used a circuit in this long, then
444 * consider that the internet is probably down.
446 #define DFLT_INTERNET_LIKELY_DOWN_INTERVAL (10*60)
448 * If we're trying to connect to a nonprimary guard for at least this
449 * many seconds, and we haven't gotten the connection to work, we will treat
450 * lower-priority guards as usable.
452 #define DFLT_NONPRIMARY_GUARD_CONNECT_TIMEOUT 15
454 * If a circuit has been sitting around in 'waiting for better guard' state
455 * for at least this long, we'll expire it.
457 #define DFLT_NONPRIMARY_GUARD_IDLE_TIMEOUT (10*60)
459 * If our configuration retains fewer than this fraction of guards from the
460 * torrc, we are in a restricted setting.
462 #define DFLT_MEANINGFUL_RESTRICTION_PERCENT 20
464 * If our configuration retains fewer than this fraction of guards from the
465 * torrc, we are in an extremely restricted setting, and should warn.
467 #define DFLT_EXTREME_RESTRICTION_PERCENT 1
470 STATIC
double get_max_sample_threshold(void);
471 STATIC
int get_max_sample_size_absolute(void);
472 STATIC
int get_min_filtered_sample_size(void);
473 STATIC
int get_remove_unlisted_guards_after_days(void);
474 STATIC
int get_guard_lifetime(void);
475 STATIC
int get_guard_confirmed_min_lifetime(void);
476 STATIC
int get_n_primary_guards(void);
477 STATIC
int get_n_primary_guards_to_use(guard_usage_t usage
);
478 STATIC
int get_internet_likely_down_interval(void);
479 STATIC
int get_nonprimary_guard_connect_timeout(void);
480 STATIC
int get_nonprimary_guard_idle_timeout(void);
481 STATIC
double get_meaningful_restriction_threshold(void);
482 STATIC
double get_extreme_restriction_threshold(void);
484 HANDLE_DECL(entry_guard
, entry_guard_t
, STATIC
)
485 #define entry_guard_handle_free(h) \
486 FREE_AND_NULL(entry_guard_handle_t, entry_guard_handle_free_, (h))
488 STATIC guard_selection_type_t
guard_selection_infer_type(
489 guard_selection_type_t type_in
,
491 STATIC guard_selection_t
*guard_selection_new(const char *name
,
492 guard_selection_type_t type
);
493 STATIC guard_selection_t
*get_guard_selection_by_name(
494 const char *name
, guard_selection_type_t type
, int create_if_absent
);
495 STATIC
void guard_selection_free_(guard_selection_t
*gs
);
496 #define guard_selection_free(gs) \
497 FREE_AND_NULL(guard_selection_t, guard_selection_free_, (gs))
498 MOCK_DECL(STATIC
int, entry_guard_is_listed
,
499 (guard_selection_t
*gs
, const entry_guard_t
*guard
));
500 STATIC
const char *choose_guard_selection(const or_options_t
*options
,
501 const networkstatus_t
*ns
,
502 const guard_selection_t
*old_selection
,
503 guard_selection_type_t
*type_out
);
504 STATIC entry_guard_t
*get_sampled_guard_with_id(guard_selection_t
*gs
,
505 const uint8_t *rsa_id
);
507 MOCK_DECL(STATIC
time_t, randomize_time
, (time_t now
, time_t max_backdate
));
509 MOCK_DECL(STATIC circuit_guard_state_t
*,
510 circuit_guard_state_new
,(entry_guard_t
*guard
, unsigned state
,
511 entry_guard_restriction_t
*rst
));
513 STATIC entry_guard_t
*entry_guard_add_to_sample(guard_selection_t
*gs
,
515 STATIC entry_guard_t
*entry_guards_expand_sample(guard_selection_t
*gs
);
516 STATIC
char *entry_guard_encode_for_state(entry_guard_t
*guard
);
517 STATIC entry_guard_t
*entry_guard_parse_from_state(const char *s
);
518 #define entry_guard_free(e) \
519 FREE_AND_NULL(entry_guard_t, entry_guard_free_, (e))
520 STATIC
void entry_guard_free_(entry_guard_t
*e
);
521 STATIC
void entry_guards_update_filtered_sets(guard_selection_t
*gs
);
522 STATIC
int entry_guards_all_primary_guards_are_down(guard_selection_t
*gs
);
524 * @name Flags for sample_reachable_filtered_entry_guards()
527 #define SAMPLE_EXCLUDE_CONFIRMED (1u<<0)
528 #define SAMPLE_EXCLUDE_PRIMARY (1u<<1)
529 #define SAMPLE_EXCLUDE_PENDING (1u<<2)
530 #define SAMPLE_NO_UPDATE_PRIMARY (1u<<3)
531 #define SAMPLE_EXCLUDE_NO_DESCRIPTOR (1u<<4)
533 STATIC entry_guard_t
*sample_reachable_filtered_entry_guards(
534 guard_selection_t
*gs
,
535 const entry_guard_restriction_t
*rst
,
537 STATIC
void entry_guard_consider_retry(entry_guard_t
*guard
);
538 STATIC
void make_guard_confirmed(guard_selection_t
*gs
, entry_guard_t
*guard
);
539 STATIC
void entry_guards_update_confirmed(guard_selection_t
*gs
);
540 STATIC
void entry_guards_update_primary(guard_selection_t
*gs
);
541 STATIC
int num_reachable_filtered_guards(const guard_selection_t
*gs
,
542 const entry_guard_restriction_t
*rst
);
543 STATIC
void sampled_guards_update_from_consensus(guard_selection_t
*gs
);
545 * @name Possible guard-states for a circuit.
548 /** State for a circuit that can (so far as the guard subsystem is
549 * concerned) be used for actual traffic as soon as it is successfully
551 #define GUARD_CIRC_STATE_USABLE_ON_COMPLETION 1
552 /** State for an non-open circuit that we shouldn't use for actual
553 * traffic, when it completes, unless other circuits to preferable
555 #define GUARD_CIRC_STATE_USABLE_IF_NO_BETTER_GUARD 2
556 /** State for an open circuit that we shouldn't use for actual traffic
557 * unless other circuits to preferable guards fail. */
558 #define GUARD_CIRC_STATE_WAITING_FOR_BETTER_GUARD 3
559 /** State for a circuit that can (so far as the guard subsystem is
560 * concerned) be used for actual traffic. */
561 #define GUARD_CIRC_STATE_COMPLETE 4
562 /** State for a circuit that is unusable, and will not become usable. */
563 #define GUARD_CIRC_STATE_DEAD 5
565 STATIC
void entry_guards_note_guard_failure(guard_selection_t
*gs
,
566 entry_guard_t
*guard
);
567 STATIC entry_guard_t
*select_entry_guard_for_circuit(guard_selection_t
*gs
,
569 const entry_guard_restriction_t
*rst
,
570 unsigned *state_out
);
571 STATIC
void mark_primary_guards_maybe_reachable(guard_selection_t
*gs
);
572 STATIC
unsigned entry_guards_note_guard_success(guard_selection_t
*gs
,
573 entry_guard_t
*guard
,
575 STATIC
int entry_guard_has_higher_priority(entry_guard_t
*a
, entry_guard_t
*b
);
576 STATIC
char *getinfo_helper_format_single_entry_guard(const entry_guard_t
*e
);
578 STATIC entry_guard_restriction_t
*guard_create_exit_restriction(
579 const uint8_t *exit_id
);
581 STATIC entry_guard_restriction_t
*guard_create_dirserver_md_restriction(void);
583 STATIC
void entry_guard_restriction_free_(entry_guard_restriction_t
*rst
);
584 #define entry_guard_restriction_free(rst) \
585 FREE_AND_NULL(entry_guard_restriction_t, \
586 entry_guard_restriction_free_, (rst))
588 #endif /* defined(ENTRYNODES_PRIVATE) */
590 void remove_all_entry_guards_for_guard_selection(guard_selection_t
*gs
);
591 void remove_all_entry_guards(void);
593 struct bridge_info_t
;
594 void entry_guard_learned_bridge_identity(const tor_addr_port_t
*addrport
,
595 const uint8_t *rsa_id_digest
);
597 int entry_list_is_constrained(const or_options_t
*options
);
598 int guards_retry_optimistic(const or_options_t
*options
);
599 int entry_guards_parse_state_for_guard_selection(
600 guard_selection_t
*gs
, or_state_t
*state
, int set
, char **msg
);
601 int entry_guards_parse_state(or_state_t
*state
, int set
, char **msg
);
602 void entry_guards_update_state(or_state_t
*state
);
603 int getinfo_helper_entry_guards(control_connection_t
*conn
,
604 const char *question
, char **answer
,
605 const char **errmsg
);
607 int entries_known_but_down(const or_options_t
*options
);
608 void entries_retry_all(const or_options_t
*options
);
610 char *entry_guards_get_err_str_if_dir_info_missing(int using_mds
,
611 int num_present
, int num_usable
);
612 char *guard_selection_get_err_str_if_dir_info_missing(guard_selection_t
*gs
,
614 int num_present
, int num_usable
);
616 void entry_guards_free_all(void);
618 double pathbias_get_close_success_count(entry_guard_t
*guard
);
619 double pathbias_get_use_success_count(entry_guard_t
*guard
);
621 /** Contains the bandwidth of a relay as a guard and as a non-guard
622 * after the guardfraction has been considered. */
623 typedef struct guardfraction_bandwidth_t
{
624 /** Bandwidth as a guard after guardfraction has been considered. */
626 /** Bandwidth as a non-guard after guardfraction has been considered. */
628 } guardfraction_bandwidth_t
;
630 int should_apply_guardfraction(const networkstatus_t
*ns
);
633 guard_get_guardfraction_bandwidth(guardfraction_bandwidth_t
*guardfraction_bw
,
635 uint32_t guardfraction_percentage
);
637 #endif /* !defined(TOR_ENTRYNODES_H) */