Implement guard nodes
We should implement Tor's guard node algorithm for Arti.
(The time estimate here does not include work for developing a state mechanism.)
Backend steps:
- Create a "guard manager" type with the necessary API.
- Implement a multi-sample API in tor-netdir.
- Implement consensus parameters needed for guards
- Extend NetDir with efficient ID-based accessors.
- Minimal working-ish good-enough-for-vanguards guard implementation: * Sample a little set. * Pick first hop from that set. * Persistence on that set. * Expire and re-sample into that set as needed.
- Implement filtered, confirmed, and primary set backends.
- Mpsc channel inside circmgr that gets informed when a circuit is done or when a circuit fails.
- Make sure not to use a consensus until we have descriptors for our primary guards. (Deferred)
-
Documentation in
tor-guardmgr
-
Test coverage in
tor-guardmgr
-
Fix or defer all issues marked
XXXX
-
Re-read
guard-spec.txt
and audit for compliance -
Re-read
entryguards.c
and audit for consistencyh - Persistent state
- Add logging throughout.
Steps for integration:
- Create a guard manager when starting up.
- Inform the guard manager whenever the directory changes.
- When creating a path, ask the guard manager for the first hop.
- When the circuit completes or fails, report the guard as working or not working.
-
Do not use the circuit until the
GuardUsability
future reportstrue
.