Dir auths should only give Guard if Stable
$ grep "^s " cached-consensus |grep Guard|wc -l
2074
$ grep "^s " cached-consensus |grep Guard|grep -v Stable|wc -l
18
$ grep "^s " cached-consensus |grep Guard|grep -v Fast|wc -l
0
So right now, out of the 2074 Guards that we have, every one of them has the Fast flag, and all but 18 of them have the Stable flag.
At the same time, we have some complicated logic in choose_random_entry_impl() and populate_live_entry_guards() that looks at need_uptime (aka Stable) and need_capacity (aka Fast), including ugly code like
if (!node && need_uptime) {
need_uptime = 0; /* try without that requirement */
goto retry;
}
if (!node && need_capacity) {
/* still no? last attempt, try without requiring capacity */
need_capacity = 0;
goto retry;
}
But worst of all, it produces this weird edge case for the small fraction of unlucky clients who picked a non-Stable Guard, since when they build circuits that require the Stable flag, they will always use their second Guard for those circuits.
In short, this is complexity that is cheap to get rid of. Let's do it.