[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #25979 [Core Tor/Stem]: Stem, Tor LTS, broken exit policies, and maybe microdescriptor issues too
#25979: Stem, Tor LTS, broken exit policies, and maybe microdescriptor issues too
---------------------------+--------------------------
Reporter: pastly | Owner: atagar
Type: defect | Status: reopened
Priority: Medium | Milestone:
Component: Core Tor/Stem | Version:
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
---------------------------+--------------------------
Changes (by teor):
* status: closed => reopened
* resolution: worksforme =>
Comment:
This appears to be a sbws bug.
sbws assumes that the available consensus will contain exit policies.
There are two consensus flavours:
* the ns ("full") consensus contains exit policy port summaries
* the microdesc consensus does not contain any port summaries
The default consensus flavour is microdesc, and it does not contain exit
policies, as documented here:
https://stem.torproject.org/api/descriptor/router_status_entry.html#stem.descriptor.router_status_entry.RouterStatusEntryMicroV3
Here is a small tor-prompt test case that reproduces this issue:
{{{
>>> for r in controller.get_network_statuses():
... if r.exit_policy is not None:
... print r
...
>>>
}}}
No relay has an exit policy in the microdesc consensus.
sbws should use the microdescriptors instead, because they contain the
exit policy summaries.
Here is some sample tor-prompt code that demonstrates this technique:
{{{
>>> for r in controller.get_network_statuses():
... m = controller.get_microdescriptor(relay=r.fingerprint)
... if m.exit_policy is not None:
... print m.exit_policy
... break
...
reject 1-65535
>>>
}}}
Since Stem doesn't have an abstraction layer over descriptor flavours, I
suggest that sbws uses code that is compatible with either:
{{{
>>> for r in controller.get_network_statuses():
... e = r.exit_policy if r.exit_policy else
controller.get_microdescriptor(relay=r.fingerprint).exit_policy
... if e is not None and e.can_exit_to(port=443):
... print e
... break
...
accept
20-23,43,53,79-81,88,110,143,194,220,389,443,464,531,543-544,554,563,636,706,749,873,902-904,981,989-995,1194,1220,1293,1500,1533,1677,1723,1755,1863,2082-2083,2086-2087,2095-2096,2102-2104,3128,3389,3690,4321,4643,5050,5190,5222-5223,5228,5900,6660-6669,6679,6697,8000,8008,8074,8080,8087-8088,8332-8333,8443,8888,9418,9999-10000,11371,12350,19294,19638,23456,33033,64738
>>>
}}}
This code works with:
{{{
tor DataDirectory `mktemp -d`
tor DataDirectory `mktemp -d` UseMicrodescriptors 0
tor DataDirectory `mktemp -d` FetchUselessDescriptors 1
}}}
Which is good, because some bandwidth authorities will have set
UseMicrodescriptors or FetchUselessDescriptors from torflow.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25979#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs