Wrap all of the legacy guard code, and its users, in #ifdefs

                   (int) bridge->port);

      }

      if (get_options()->UseDeprecatedGuardAlgorithm) {

#ifdef ENABLE_LEGACY_GUARD_ALGORITHM

        add_bridge_as_entry_guard(get_guard_selection_info(), node);

#else

        tor_assert_nonfatal_unreached();

#endif

      } else {

        entry_guard_learned_bridge_identity(&bridge->addrport_configured,

                               (const uint8_t*)ri->cache_info.identity_digest);

      /* set entry->made_contact so if it goes down we don't drop it from

       * our entry node list */

      if (get_options()->UseDeprecatedGuardAlgorithm) {

#ifdef ENABLE_LEGACY_GUARD_ALGORITHM

        entry_guard_register_connect_status(ri->cache_info.identity_digest,

                                            1, 0, now);

#else

        tor_assert_nonfatal_unreached();

#endif

      }

      if (first) {

        routerlist_retry_directory_downloads(now);

  if (started_here) {

    circuit_build_times_network_is_live(get_circuit_build_times_mutable());

    rep_hist_note_connect_succeeded(chan->identity_digest, now);

#ifdef ENABLE_LEGACY_GUARD_ALGORITHM

    // XXXX prop271 this call is no longer useful with the new algorithm.

    if (entry_guard_register_connect_status(

          chan->identity_digest, 1, 0, now) < 0) {

                "connection so we can retry the earlier entry guards.");

      close_origin_circuits = 1;

    }

#endif

    router_set_status(chan->identity_digest, 1);

  } else {

    /* only report it to the geoip module if it's not a known router */

                 tor_lround(pb->timeouts),

                 tor_lround(get_circuit_build_close_time_ms()/1000));

          pb->path_bias_disabled = 1;

#ifdef ENABLE_LEGACY_GUARD_ALGORITHM

          // XXXX

          entry_guard_mark_bad(guard);

#endif

          return;

        }

      } else if (!pb->path_bias_use_extreme) {

                 tor_lround(pb->timeouts),

                 tor_lround(get_circuit_build_close_time_ms()/1000));

          pb->path_bias_disabled = 1;

#ifdef ENABLE_LEGACY_GUARD_ALGORITHM

          // XXXX

          entry_guard_mark_bad(guard);

#endif

          return;

        }

      } else if (!pb->path_bias_extreme) {

     * family. */

    nodelist_add_node_and_family(excluded, node);

  }

#ifdef ENABLE_LEGACY_GUARD_ALGORITHM

  /* and exclude current entry guards and their families,

   * unless we're in a test network, and excluding guards

   * would exclude all nodes (i.e. we're in an incredibly small tor network,

        }

      });

  }

#endif

  if (state) {

    if (state->need_uptime)

                                      == CPATH_STATE_OPEN;

          log_info(LD_CIRC,

                 "No circuits are opened. Relaxing timeout for circuit %d "

                 "(a %s %d-hop circuit in state %s with channel state %s). "

                 "%d guards are live.",

                 "(a %s %d-hop circuit in state %s with channel state %s).",

                 TO_ORIGIN_CIRCUIT(victim)->global_identifier,

                 circuit_purpose_to_string(victim->purpose),

                 TO_ORIGIN_CIRCUIT(victim)->build_state ?

                   TO_ORIGIN_CIRCUIT(victim)->build_state->desired_path_len :

                   -1,

                 circuit_state_to_string(victim->state),

                 channel_state_to_string(victim->n_chan->state),

                 num_live_entry_guards(0));

                 channel_state_to_string(victim->n_chan->state));

          /* We count the timeout here for CBT, because technically this

           * was a timeout, and the timeout value needs to reset if we

                 "No circuits are opened. Relaxed timeout for circuit %d "

                 "(a %s %d-hop circuit in state %s with channel state %s) to "

                 "%ldms. However, it appears the circuit has timed out "

                 "anyway. %d guards are live.",

                 "anyway.",

                 TO_ORIGIN_CIRCUIT(victim)->global_identifier,

                 circuit_purpose_to_string(victim->purpose),

                 TO_ORIGIN_CIRCUIT(victim)->build_state ?

                   -1,

                 circuit_state_to_string(victim->state),

                 channel_state_to_string(victim->n_chan->state),

                 (long)build_close_ms,

                 num_live_entry_guards(0));

                 (long)build_close_ms);

      }

    }

      /* New guard API: we failed. */

      if (circ->guard_state)

        entry_guard_failed(&circ->guard_state);

#ifdef ENABLE_LEGACY_GUARD_ALGORITHM

      /* Old guard API: we failed. */

      entry_guard_register_connect_status(n_chan_id, 0, 1, time(NULL));

#endif

      /* if there are any one-hop streams waiting on this circuit, fail

       * them now so they can retry elsewhere. */

      connection_ap_fail_onehop(n_chan_id, circ->build_state);

      int severity = LOG_NOTICE;

      /* Retry some stuff that might help the connection work. */

      if (entry_list_is_constrained(options) &&

          entries_known_but_down(options)) {

          guards_retry_optimistic(options)) {

        log_fn(severity, LD_APP|LD_DIR,

               "Application request when we haven't %s. "

               "Optimistically trying known %s again.",

               "used client functionality lately" :

               "received a consensus with exits",

               options->UseBridges ? "bridges" : "entrynodes");

        entries_retry_all(options);

      } else if (!options->UseBridges || any_bridge_descriptors_known()) {

        log_fn(severity, LD_APP|LD_DIR,

               "Application request when we haven't %s. "