mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-27 22:03:31 +01:00
Report fallback directory detail changes when rebuilding list
As well as the existing reports of IPv6 address additions or removals, the script now warns when keys change but IPv4:ORPort or IPv6:IPv6ORPort remain the same. Existing checks for other whitelist detail changes have also been re-worded and upgraded to warnings. This makes it easier for changes to be identified so operators can be contacted to confirm whether the change is stable.
This commit is contained in:
parent
de5def32a1
commit
ba7691071e
@ -1,8 +1,9 @@
|
||||
o Minor enhancements (fallback directory mirrors):
|
||||
- Give each fallback the same weight for client selection.
|
||||
Restrict fallbacks to one per operator.
|
||||
Report fallback directory detail changes when rebuilding list.
|
||||
Add new fallback directory mirrors to the whitelist.
|
||||
Update fallback directories based on the latest OnionOO data.
|
||||
Many other minor simplifications and fixes.
|
||||
Closes tasks 17158, 17905, 18749, and bug 18689 on
|
||||
tor 0.2.8.1-alpha; patch by "teor".
|
||||
Closes tasks 17158, 17905, 18749, bug 18689, and fixes part of
|
||||
bug 18812 on tor 0.2.8.1-alpha; patch by "teor".
|
||||
|
@ -806,48 +806,48 @@ class Candidate(object):
|
||||
ipv6 address and port (if present)
|
||||
If the fallback has an ipv6 key, the whitelist line must also have
|
||||
it, and vice versa, otherwise they don't match. """
|
||||
ipv6 = None
|
||||
if self.has_ipv6():
|
||||
ipv6 = '%s:%d'%(self.ipv6addr, self.ipv6orport)
|
||||
for entry in relaylist:
|
||||
if entry['id'] != self._fpr:
|
||||
# can't log here, every relay's fingerprint is compared to the entry
|
||||
if entry['id'] != self._fpr:
|
||||
# can't log here unless we match an IP and port, because every relay's
|
||||
# fingerprint is compared to every entry's fingerprint
|
||||
if entry['ipv4'] == self.dirip and int(entry['orport']) == self.orport:
|
||||
logging.warning('%s excluded: has OR %s:%d changed fingerprint to ' +
|
||||
'%s?', entry['id'], self.dirip, self.orport,
|
||||
self._fpr)
|
||||
if self.has_ipv6() and entry.has_key('ipv6') and entry['ipv6'] == ipv6:
|
||||
logging.warning('%s excluded: has OR %s changed fingerprint to ' +
|
||||
'%s?', entry['id'], ipv6, self._fpr)
|
||||
continue
|
||||
if entry['ipv4'] != self.dirip:
|
||||
logging.info('%s is not in the whitelist: fingerprint matches, but ' +
|
||||
'IPv4 (%s) does not match entry IPv4 (%s)',
|
||||
self._fpr, self.dirip, entry['ipv4'])
|
||||
logging.warning('%s excluded: has it changed IPv4 from %s to %s?',
|
||||
self._fpr, entry['ipv4'], self.dirip)
|
||||
continue
|
||||
if int(entry['dirport']) != self.dirport:
|
||||
logging.info('%s is not in the whitelist: fingerprint matches, but ' +
|
||||
'DirPort (%d) does not match entry DirPort (%d)',
|
||||
self._fpr, self.dirport, int(entry['dirport']))
|
||||
logging.warning('%s excluded: has it changed DirPort from %s:%d to ' +
|
||||
'%s:%d?', self._fpr, self.dirip, int(entry['dirport']),
|
||||
self.dirip, self.dirport)
|
||||
continue
|
||||
if int(entry['orport']) != self.orport:
|
||||
logging.info('%s is not in the whitelist: fingerprint matches, but ' +
|
||||
'ORPort (%d) does not match entry ORPort (%d)',
|
||||
self._fpr, self.orport, int(entry['orport']))
|
||||
logging.warning('%s excluded: has it changed ORPort from %s:%d to ' +
|
||||
'%s:%d?', self._fpr, self.dirip, int(entry['orport']),
|
||||
self.dirip, self.orport)
|
||||
continue
|
||||
ipv6 = None
|
||||
if self.has_ipv6():
|
||||
ipv6 = '%s:%d'%(self.ipv6addr, self.ipv6orport)
|
||||
if entry.has_key('ipv6') and self.has_ipv6():
|
||||
# if both entry and fallback have an ipv6 address, compare them
|
||||
if entry['ipv6'] != ipv6:
|
||||
logging.info('%s is not in the whitelist: fingerprint matches, ' +
|
||||
'but IPv6 (%s) does not match entry IPv6 (%s)',
|
||||
self._fpr, ipv6, entry['ipv6'])
|
||||
logging.warning('%s excluded: has it changed IPv6 ORPort from %s ' +
|
||||
'to %s?', self._fpr, entry['ipv6'], ipv6)
|
||||
continue
|
||||
# if the fallback has an IPv6 address but the whitelist entry
|
||||
# doesn't, or vice versa, the whitelist entry doesn't match
|
||||
elif entry.has_key('ipv6') and not self.has_ipv6():
|
||||
logging.info('%s is not in the whitelist: fingerprint matches, but ' +
|
||||
'it has no IPv6, and entry has IPv6 (%s)', self._fpr,
|
||||
entry['ipv6'])
|
||||
logging.warning('%s excluded: has it lost its former IPv6 address %s?',
|
||||
self._fpr, entry['ipv6'])
|
||||
continue
|
||||
elif not entry.has_key('ipv6') and self.has_ipv6():
|
||||
logging.info('%s is not in the whitelist: fingerprint matches, but ' +
|
||||
'it has IPv6 (%s), and entry has no IPv6', self._fpr,
|
||||
ipv6)
|
||||
logging.warning('%s excluded: has it gained an IPv6 address %s?',
|
||||
self._fpr, ipv6)
|
||||
continue
|
||||
|
Loading…
Reference in New Issue
Block a user