They broke stem, and breaking application compatibility is usually a
bad idea.

This reverts commit 6e10130e,
commit 78a13df1, and
commit 62f52a88.

We might re-apply this later, if all the downstream tools can handle
it, and it turns out to be useful for some reason.

I got confused when I saw my Tor saying it was opening a file
that doesn't exist. It turns out it isn't opening it, it's just
calling open() on it and then moving on when it's not there.

This is the same as we fixed in 39f45546.

This reverts commit 954eeda6.

Apparently, OpenBSD is what expects you to declare environ
yourself.  So 19142 is a wontfix.

I broke this with 20292ec4 when I
changed the primary guard retry schedule.

(Keeping the code around in case I broke Tor in some unexpected
way.)

Now that we support NumEntryGuards, NumDirectoryGuards is pretty
easy to put back in.

Further, add a "guard-n-primary-guards-to-use" parameter, defaulting
to 1, for NumEntryGuards to override.

Previously, we had NumEntryGuards kind of hardwired to 1.  Now we
have the code (but not the configuarability) to choose randomly from
among the first N primary guards that would work, where N defaults
to 1.

Part of 20831 support for making NumEntryGuards work again.

It overrides both the GUARD_LIFETIME and the
GUARD_CONFIRMED_MIN_LIFETIME options.

It is obsoleted in an always-on direction by prop271.

Since we already had a separate function for getting the universe of
possible guards, all we had to do was tweak it to handle very the
GS_TYPE_RESTRICTED case.

asn found while testing that this function can be reached with
GUARD_STATE_COMPLETE circuits; I believe this happens when
cannibalization occurs.

The added complexity of handling one more state made it reasonable
to turn the main logic here into a switch statement.

Letting the maximum sample size grow proportionally to the number of
guards defeats its purpose to a certain extent.  Noted by asn during
code review.

Fixes bug 20920; bug not in any released (or merged) version of Tor.

The valid_until check was redundant.

George Kadianakis authored 8 years ago and Nick Mathewson committed 8 years ago

- Correctly maintain the previous guard selection in choose_guard_selection().
- Print bridge identifier instead of nothing in entry_guard_describe()._

This will make it easier to see what we remove down the line.

(That's asking for trouble, and also totally completely redundant.)

The test assumed that the old rules about handling small max_sample
were in effect, and didn't actually handle that case very well
anyway.

If a complete circuit C2 doesn't obey the restrictions of C1, then
C2 cannot block C1.

The patch here is a little big-ish, since we can no longer look
through all the complete circuits and all the waiting circuits on a
single pass: we have to find the best waiting circuit first.