commit bad22915444fbd647acc40f73ea4dab1615a7f1d Author: juga0 juga@riseup.net Date: Mon Dec 3 21:37:02 2018 +0000

globals: remove unused resolve and can_exit_to functions

They were used to resolve the IP of the destination and check whether an exit policy allows to exit to that IP, but when the destination is a CDN, the IP locally resolved would be different to the IP resolved in the exit, and when the IP resolved to IPv6, it was possible that the scanner didn't have IPv6. The correct method to check whether an exit policy allows to exit to an IP, would be to resolve the domain via Tor itself using RESOLVE and ADDRMAP events with that exit. --- sbws/globals.py | 23 ----------------------- sbws/lib/relaylist.py | 29 ----------------------------- 2 files changed, 52 deletions(-)

diff --git a/sbws/globals.py b/sbws/globals.py index 217e1a7..a621b5f 100644 --- a/sbws/globals.py +++ b/sbws/globals.py @@ -1,6 +1,5 @@ import os import logging -import socket

log = logging.getLogger(__name__)

@@ -70,25 +69,3 @@ def touch_file(fname, times=None): log.debug('Touching %s', fname) with open(fname, 'a') as fd: os.utime(fd.fileno(), times=times) - - -def resolve(hostname, ipv4_only=False, ipv6_only=False): - assert not (ipv4_only and ipv6_only) - results = [] - try: - results = socket.getaddrinfo(hostname, 0) - except socket.gaierror: - log.warn( - 'Unable to resolve %s hostname. Returning empty list of addresses', - hostname) - return [] - ret = set() - for result in results: - fam, _, _, _, addr = result - if fam == socket.AddressFamily.AF_INET6 and not ipv4_only: - ret.add(addr[0]) - elif fam == socket.AddressFamily.AF_INET and not ipv6_only: - ret.add(addr[0]) - else: - assert None, 'Unknown address family {}'.format(fam) - return list(ret) diff --git a/sbws/lib/relaylist.py b/sbws/lib/relaylist.py index 17761a6..00e67ed 100644 --- a/sbws/lib/relaylist.py +++ b/sbws/lib/relaylist.py @@ -1,12 +1,9 @@ from stem.descriptor.router_status_entry import RouterStatusEntryV3 from stem.descriptor.server_descriptor import ServerDescriptor from stem import Flag, DescriptorUnavailable, ControllerError -from stem.util.connection import is_valid_ipv4_address -from stem.util.connection import is_valid_ipv6_address import random import time import logging -from sbws.globals import resolve from threading import Lock

log = logging.getLogger(__name__) @@ -101,32 +98,6 @@ class Relay: return None return key.rstrip('=')

- def can_exit_to(self, host, port): - ''' - Returns if this relay can MOST LIKELY exit to the given host:port. - **host** can be a hostname, but be warned that we will resolve it - locally and use the first (arbitrary/unknown order) result when - checking exit policies, which is different than what other parts of the - code may do (leaving it up to the exit to resolve the name). - ''' - if not self.exit_policy: - return False - assert isinstance(host, str) - assert isinstance(port, int) - if not is_valid_ipv4_address(host) and not is_valid_ipv6_address(host): - # It certainly isn't perfect trying to guess if an exit can connect - # to an ipv4/6 address based on the DNS result we got locally. But - # it's the best we can do. - # - # Also, only use the first ipv4/6 we get even if there is more than - # one. - results = resolve(host) - if not len(results): - return False - host = results[0] - assert is_valid_ipv4_address(host) or is_valid_ipv6_address(host) - return self.exit_policy.can_exit_to(host, port) - def can_exit_to_port(self, port): """ Returns True if the relay has an exit policy and the policy accepts