Implement guard nodes
We should implement Tor's guard node algorithm for Arti.
(The time estimate here does not include work for developing a state mechanism.)
Backend steps:
-
Create a "guard manager" type with the necessary API. -
Implement a multi-sample API in tor-netdir. -
Implement consensus parameters needed for guards -
Extend NetDir with efficient ID-based accessors. -
Minimal working-ish good-enough-for-vanguards guard implementation: * Sample a little set. * Pick first hop from that set. * Persistence on that set. * Expire and re-sample into that set as needed. -
Implement filtered, confirmed, and primary set backends. -
Mpsc channel inside circmgr that gets informed when a circuit is done or when a circuit fails. -
Make sure not to use a consensus until we have descriptors for our primary guards. (Deferred) -
Documentation in tor-guardmgr
-
Test coverage in tor-guardmgr
-
Fix or defer all issues marked XXXX
-
Re-read guard-spec.txt
and audit for compliance -
Re-read entryguards.c
and audit for consistencyh -
Persistent state -
Add logging throughout.
Steps for integration:
-
Create a guard manager when starting up. -
Inform the guard manager whenever the directory changes. -
When creating a path, ask the guard manager for the first hop. -
When the circuit completes or fails, report the guard as working or not working. -
Do not use the circuit until the GuardUsability
future reportstrue
.
Edited by Nick Mathewson