commit ca20d8287c956e5f8224133e225fb1c8b6c9754d Author: juga0 juga@riseup.net Date: Sat Aug 1 13:37:20 2020 +0000
fix: relaylist: filter out private networks
when checking exit policies to know whether an exit can exit to a port.
Closes: #40010 --- sbws/lib/relaylist.py | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/sbws/lib/relaylist.py b/sbws/lib/relaylist.py index ab7455e..dfd8b76 100644 --- a/sbws/lib/relaylist.py +++ b/sbws/lib/relaylist.py @@ -181,6 +181,10 @@ class Relay: """ Returns True if the relay has an exit policy and the policy accepts exiting to the given portself or False otherwise. + + The exits that are IPv6 only or IPv4 but rejecting some public networks + will return false. + On July 2020, there were 67 out of 1095 exits like this. """ assert isinstance(port, int) # if dind't get the descriptor, there isn't exit policy @@ -199,7 +203,12 @@ class Relay: if self.exit_policy: # Using `strict` to ensure it can exit to ALL domains # and ips and that port. See #40006. - return self.exit_policy.can_exit_to(port=port, strict=True) + # Using `strip_private` to ignore reject rules to private + # networks. + return ( + self.exit_policy.strip_private() + .can_exit_to(port=port, strict=True) + ) except TypeError: return False return False