Add a switch to toggle the feature on/off

doc/man/tor.1.txt

@@ -1749,6 +1749,13 @@ The following options are useful only for clients (that is, if
     the guard-n-primary-guards consensus parameter, and default to 3 if the
     consensus parameter isn't set. (Default: 0)
 
+[[VanguardsLiteEnabled]] **VanguardsLiteEnabled** **0**|**1**|**auto**::
+    This option specifies whether clients should use the vanguards-lite
+    subsystem to protect against guard discovery attacks. If it's set to
+    'auto', clients will do what the vanguards-lite-enabled consensus parameter
+    tells them to do, and will default to enable the subsystem if the consensus
+    parameter isn't set. (Default: auto)
+
 [[UseMicrodescriptors]] **UseMicrodescriptors** **0**|**1**|**auto**::
     Microdescriptors are a smaller version of the information that Tor needs
     in order to build its circuits.  Using microdescriptors makes Tor clients

src/app/config/config.c

@@ -669,6 +669,7 @@ static const config_var_t option_vars_[] = {
   VAR("UseEntryGuards",          BOOL,     UseEntryGuards_option, "1"),
   OBSOLETE("UseEntryGuardsAsDirGuards"),
   V(UseGuardFraction,            AUTOBOOL, "auto"),
+  V(VanguardsLiteEnabled,        AUTOBOOL, "auto"),
   V(UseMicrodescriptors,         AUTOBOOL, "auto"),
   OBSOLETE("UseNTorHandshake"),
   V_IMMUTABLE(User,              STRING,   NULL),

src/app/config/or_options_st.h

@@ -594,6 +594,9 @@ struct or_options_t {
                            * If 0, use value from NumEntryGuards. */
   int NumPrimaryGuards; /**< How many primary guards do we want? */
 
+  /** Boolean: Switch to toggle the vanguards-lite subsystem */
+  int VanguardsLiteEnabled;
+
   int RephistTrackTime; /**< How many seconds do we keep rephist info? */
   /** Should we always fetch our dir info on the mirror schedule (which
    * means directly from the authorities) no matter our other config? */

src/core/or/circuitbuild.c

@@ -2254,6 +2254,11 @@ middle_node_must_be_vanguard(const or_options_t *options,
     return 0;
   }
 
+  /* Don't even bother if the feature is disabled */
+  if (!vanguards_lite_is_enabled()) {
+    return 0;
+  }
+
   /* If we are a hidden service circuit, always use either vanguards-lite
    * or HSLayer2Nodes for 2nd hop. */
   if (cur_len == 1) {

src/feature/client/entrynodes.c

@@ -3932,7 +3932,7 @@ guard_selection_free_(guard_selection_t *gs)
 
 /**********************************************************************/
 
-/** Layer2 guard subsystem used for onion service circuits. */
+/** Layer2 guard subsystem (vanguards-lite) used for onion service circuits */
 
 /** A simple representation of a layer2 guard. We just need its identity so
  *  that we feed it into a routerset, and a sampled timestamp to do expiration
@@ -3947,6 +3947,30 @@ typedef struct layer2_guard_t {
 #define layer2_guard_free(val) \
   FREE_AND_NULL(layer2_guard_t, layer2_guard_free_, (val))
 
+/** Return true if the vanguards-lite subsystem is enabled */
+bool
+vanguards_lite_is_enabled(void)
+{
+  /* First check torrc option and then maybe also the consensus parameter. */
+  const or_options_t *options = get_options();
+
+  /* If the option is explicitly disabled, that's the final word here */
+  if (options->VanguardsLiteEnabled == 0) {
+    return false;
+  }
+
+  /* If the option is set to auto, then check the consensus parameter */
+  if (options->VanguardsLiteEnabled == -1) {
+    return networkstatus_get_param(NULL, "vanguards-lite-enabled",
+                                   1, /* default to "on" */
+                                   0, 1);
+  }
+
+  /* else it's enabled */
+  tor_assert_nonfatal(options->VanguardsLiteEnabled == 1);
+  return options->VanguardsLiteEnabled;
+}
+
 static void
 layer2_guard_free_(layer2_guard_t *l2)
 {

src/feature/client/entrynodes.h

@@ -651,6 +651,7 @@ guard_get_guardfraction_bandwidth(guardfraction_bandwidth_t *guardfraction_bw,
                                   int orig_bandwidth,
                                   uint32_t guardfraction_percentage);
 
+bool vanguards_lite_is_enabled(void);
 const routerset_t *get_layer2_guards(void);
 void maintain_layer2_guards(void);
 void purge_vanguards_lite(void);

src/test/test_entrynodes.c

@@ -3099,7 +3099,22 @@ test_entry_guard_layer2_guards(void *arg)
   (void) arg;
   MOCK(router_have_minimum_dir_info, mock_router_have_minimum_dir_info);
 
-  /* Create the guardset */
+  /* First check the enable/disable switch */
+  get_options_mutable()->VanguardsLiteEnabled = 0;
+  tt_int_op(vanguards_lite_is_enabled(), OP_EQ, 0);
+
+  get_options_mutable()->VanguardsLiteEnabled = 1;
+  tt_int_op(vanguards_lite_is_enabled(), OP_EQ, 1);
+
+  get_options_mutable()->VanguardsLiteEnabled = -1;
+  tt_int_op(vanguards_lite_is_enabled(), OP_EQ, 1);
+
+  /* OK now let's move to actual testing */
+
+  /* Remove restrictions to route around Big Fake Network restrictions */
+  get_options_mutable()->EnforceDistinctSubnets = 0;
+
+  /* Create the L2 guardset */
   maintain_layer2_guards();
 
   const routerset_t *l2_guards = get_layer2_guards();