[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] Re: #1094 [Tor - Tor client]: No way to specify a GeoIP country code miss in ExcludeNodes etc.

To: undisclosed-recipients:;
Subject: [tor-bugs] Re: #1094 [Tor - Tor client]: No way to specify a GeoIP country code miss in ExcludeNodes etc.
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Sat, 10 Jul 2010 02:44:02 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivered-to: tor-bugs-outgoing@xxxxxxxx
Delivered-to: tor-bugs@xxxxxxxxxxxxxx
Delivery-date: Fri, 09 Jul 2010 22:44:10 -0400
In-reply-to: <049.ba5e516e1dde50d1b96fc02b45e96e7a@xxxxxxxxxxxxxx>
References: <049.ba5e516e1dde50d1b96fc02b45e96e7a@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: owner-tor-bugs@xxxxxxxxxxxxxx

#1094: No way to specify a GeoIP country code miss in ExcludeNodes etc.
-------------------------------+--------------------------------------------
  Reporter:  flyposted         |       Owner:  nickm             
      Type:  enhancement       |      Status:  assigned          
  Priority:  minor             |   Milestone:  Tor: 0.2.2.x-final
 Component:  Tor - Tor client  |     Version:  0.2.1.19          
Resolution:  None              |    Keywords:                    
    Parent:                    |  
-------------------------------+--------------------------------------------

Old description:

> Tor 0.2.1.19 currently lacks a way to specify a country that doesn't
> match
> a GeoIP, even though the src/or/geoip.c module provides a country code
> '??' that could be used to match a GeoIP miss.  This GeoIP miss code
> would let Tor administrators block traffic to exit nodes that lack proper
> GeoIP matches if in doubt about the true exit country.  This seems more
> like an implementation oversight than a feature, so I'm filing this as
> a bug report.
>
> I was able to produce a test case for this with:
>
>     -- The latest ip-to-country table from ip-to-country.webhosting.info
>        converted to Tor GeoIP format
>     -- Running Tor from the US
>     -- ExcludeNodes set to "{US},{??}"
>     -- An ExcludeNodes GeoIP miss on 66.230.230.230 (node
> AmericanProgress)
>        which shows up as in the US on MaxMind but is a total miss on the
> table
>     -- WebHosting.info: "IP Address 66.230.230.230 belongs to Some Place
> We Dont Know About."
>        (just to confirm that the table conversion worked OK)
>
> After looking through the source code it looks like there's not enough
> logging going on, even at the log_debug level, to see what is happening
> exactly to the '??' match that pops out of the function
> geoip_get_country_name().
>
> The routerset_refresh_countries() function appears to kick the '??'
> country
> out of the list if there's no match.  I dummied up a GeoIP entry set like
> this based on the last current entry of the GeoIP file:
>
>     4278190080,4294967294,US
>     4294967295,4294967295,??
>
> That appears to be enough to satisfy the routerset functions in
> src/or/routerlist.c so there's no complaint there, but this kludge
> is useless for trying to get a match on a GeoIP miss.  I suppose I
> could write a script to patch gaps in the GeoIP file to kludge around
> it yet another way and I could use one of the XX psuedo-countries
> to work through this (which is what I'll probably do for now), but
> it seems like there should be a well-known way to get this to work
> without having to do that.
>
> Any ideas?
>

> [Automatically added by flyspray2trac: Operating System: Fedora Core
> Linux]

New description:

 Tor 0.2.1.19 currently lacks a way to specify a country that doesn't match
 a GeoIP, even though the src/or/geoip.c module provides a country code
 '??' that could be used to match a GeoIP miss.  This GeoIP miss code
 would let Tor administrators block traffic to exit nodes that lack proper
 GeoIP matches if in doubt about the true exit country.  This seems more
 like an implementation oversight than a feature, so I'm filing this as
 a bug report.

 I was able to produce a test case for this with:

     -- The latest ip-to-country table from ip-to-country.webhosting.info
        converted to Tor GeoIP format
     -- Running Tor from the US
     -- ExcludeNodes set to "{US},{??}"
     -- An ExcludeNodes GeoIP miss on 66.230.230.230 (node
 AmericanProgress)
        which shows up as in the US on MaxMind but is a total miss on the
 table
     -- WebHosting.info: "IP Address 66.230.230.230 belongs to Some Place
 We Dont Know About."
        (just to confirm that the table conversion worked OK)

 After looking through the source code it looks like there's not enough
 logging going on, even at the log_debug level, to see what is happening
 exactly to the '??' match that pops out of the function
 geoip_get_country_name().

 The routerset_refresh_countries() function appears to kick the '??'
 country
 out of the list if there's no match.  I dummied up a GeoIP entry set like
 this based on the last current entry of the GeoIP file:

     4278190080,4294967294,US
     4294967295,4294967295,??

 That appears to be enough to satisfy the routerset functions in
 src/or/routerlist.c so there's no complaint there, but this kludge
 is useless for trying to get a match on a GeoIP miss.  I suppose I
 could write a script to patch gaps in the GeoIP file to kludge around
 it yet another way and I could use one of the XX psuedo-countries
 to work through this (which is what I'll probably do for now), but
 it seems like there should be a well-known way to get this to work
 without having to do that.

 Any ideas?


 [Automatically added by flyspray2trac: Operating System: Fedora Core
 Linux]

--

Comment(by nickm):

 velope from IRC rightly points out that this behavior is counterintuitive,
 and users rarely want to name '??' explicitly:

 03:04 < velope> if the user wants to exclude a country badly enough to use
 the torrc option, the last thing he wants is for tor to use a node in that
 country just because geoip is incomplete or defective.
 03:57 < nickm> Hm.  So you think that nodes in Nowhere should count as
 belonging to every country for Exclude*Nodes, but count as belonging to no
 country for ExitNodes ?
 03:57 < nickm> Seems plausible to me

 To expand: This interpretation seems plausible to me because if you want
 to exclude *any* country, there's no way to tell whether an unknown-
 country router is there or not... and if you want to include only certain
 countries, there's no way to tell whether an unknown-country belongs to
 any of them.


 This wouldn't be so hard to implement, in fact.  We would just add a flag
 to each routerstatus_t when we created it to indicate whether unknown-
 country nodes should be considered members of *every* country (as for
 ExcludeNodes) or whether they should be considered members of *no* country
 (as for ExitNodes).  This flag could be passed in as part of
 routerset_new(), and it would only need to be interpreted, I think, in
 routerset_contains().

 This might even be a good newbie project; the code changes are small and
 isolated to:
  * struct routerset_t
  * routerset_new()
  * everywhere that calls routerset_new()
  * routerset_contains()

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1094#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

Prev by Author: [tor-bugs] Re: #916 [Tor - Tor client]: 0.2.0.33 doesn't compile on FC8 64-bit
Next by Author: [tor-bugs] Re: #1682 [Trac]: wikipedia
Previous by thread: [tor-bugs] Re: #1685 [EFF-HTTPS Everywhere]: HTTPS Everywhere: Aborting possible favicon [IMAGE], should be HTTPS!
Next by thread: [tor-bugs] Re: #1094 [Tor - Tor client]: No way to specify a GeoIP country code miss in ExcludeNodes etc.
Index(es):
- Author
- Thread