Currently, the Tor Bulk Exit List python CGI script only supports creation of exit lists for port 80. For some services, such as IRC, port 80 may not be sufficient. Thus, I've done the light lifting and extended the prior handiwork of ioerror to support creating Bulk Exit Lists for ports other than port 80. The patch submitted doesn't expose this functionality outright, but adding a "port" query string parameter will give access to this feature. In doing so, I noticed two possible bugs whose fixes are included in this patch and described below: @@ -52,7 +53,7 @@ In this section of code, we've determined that the cashed file for the (IP,port) tuple has not expired, so we intend to return the cached file. Instead, the `parsedExitList` is being read, which includes every node that has any exit port open. This means that the first result would be correct, but, until the cache expires, subsequent requests will return the full list of exit nodes. @@ -170,10 +171,10 @@ In this section, we are figuring out what the DNSEL result means. If an exit is allowed for the given (exit,port,IP) tuple, then 127.0.0.2 is returned as an address result. For the question of "is this an allowed exit?" the deleted logic returns "no" if any DNS answer entry does not match 127.0.0.2. However, the predicate here should be "exists" rather than "all". The substitute logic returns yes if any DNS answer entry matches 127.0.0.2. Patch attached, comments welcome. -- Marcus Griep GPG Key ID: 0x070E3F2D —— https://torproj.xpdm.us Ακακια את.ψο´, 3°
Index: TorBulkExitList.py
===================================================================
--- TorBulkExitList.py (revision 19666)
+++ TorBulkExitList.py (working copy)
@@ -8,9 +8,10 @@
from mod_python import util
DNS.ParseResolvConf()
-def bulkCheck(RemoteServerIP):
+def bulkCheck(RemoteServerIP, RemotePort):
parsedExitList = "/tmp/TorBulkCheck/parsed-exit-list"
- cacheFile = parsedExitList + "-" + RemoteServerIP + ".cache"
+ cacheFile = parsedExitList + "-" + RemoteServerIP +\
+ "_" + RemotePort + ".cache"
confirmedExits = []
# Do we have a fresh exit cache?
@@ -34,7 +35,7 @@
# the list
for possibleExit in possibleExits:
try:
- if (isUsingTor(possibleExit, RemoteServerIP) == 0 ):
+ if (isUsingTor(possibleExit, RemoteServerIP, RemotePort) == 0 ):
confirmedExits.append(possibleExit)
except:
return None
@@ -52,7 +53,7 @@
else:
# Lets return the cache
- cachedExits = open(parsedExitList, 'r')
+ cachedExits = open(cacheFile, 'r')
cachedExitList = cachedExits.readlines()
return cachedExitList
@@ -170,10 +171,10 @@
# We're getting unexpected data - fail closed
return 2
for a in answer.answers:
- if a['data'] != "127.0.0.2":
- return 2
+ if a['data'] == "127.0.0.2":
+ return 0
# If we're here, we've had a positive exit answer
- return 0
+ return 2
def parseAddress(req):
# Get the ip from apache
@@ -199,16 +200,21 @@
req.content_type = 'text/plain; charset=utf-8'
RemoteServerIP = parseAddress(req)
- RemotePort = "80"
+ RemotePort = util.FieldStorage(req).getfirst("port", "80")
if RemoteServerIP is not None:
updateCache()
- TestedExits = bulkCheck(RemoteServerIP)
+ TestedExits = bulkCheck(RemoteServerIP, RemotePort)
req.write("# This is a list of all Tor exit nodes that can contact " + RemoteServerIP +
" on Port " + RemotePort + " #\n")
+
+ querystring = "ip=%s" % RemoteServerIP
+ if RemotePort != "80":
+ querystring += "&port=%s" % RemotePort
+
req.write("# You can update this list by visiting " + \
- "https://check.torproject.org/cgi-bin/TorBulkExitList.py?ip=%s #\n" % RemoteServerIP)
+ "https://check.torproject.org/cgi-bin/TorBulkExitList.py?%s #\n" % querystring)
dateOfAccess = time.asctime(time.gmtime())
req.write("# This file was generated on %s UTC #\n" % dateOfAccess)
Attachment:
signature.asc
Description: OpenPGP digital signature