commit 594589ec2e7e1893c5e4dc48385f573c09de6f0d Author: Philipp Winter phw@nymity.ch Date: Tue Aug 6 11:19:41 2019 -0700

Add version filters for IPv6 vanilla bridges.

So far, BridgeDB's distribution of vanilla IPv6 bridges was broken. When a user would request one, BridgeDB would use the following two filters to select bridges: * byTransportNotBlockedIn(None,us,6) * byProbingResistance(vanilla,6)

Neither filter (correctly) filtered for IPv6. It is not enough to check bridge.address because it's the bridge's IPv4 address. We need to check bridge.allVanillaAddresses because a bridge's IPv6 address is advertised in its "a" consensus line.

Note that this patch only fixes IPv6 distribution for *vanilla* bridges. Pluggable transports bridges are currently unable to have dual-stack support for both IPv4 and IPv6. See the following ticket for more details: https://bugs.torproject.org/11211

This fixes https://bugs.torproject.org/26542. --- CHANGELOG | 5 +++++ bridgedb/bridgerequest.py | 2 +- bridgedb/filters.py | 10 +++++++++- bridgedb/test/test_distributors_moat_request.py | 6 +++--- 4 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG index 1ebd47e..1229578 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,8 @@ +Changes in version 0.7.2 - YYYY-MM-DD + + * FIXES #26542 https://bugs.torproject.org/26542 + Make BridgeDB distribute vanilla IPv6 bridges again. + Changes in version 0.7.1 - 2019-06-07

* FIXES #28496 https://bugs.torproject.org/28496 diff --git a/bridgedb/bridgerequest.py b/bridgedb/bridgerequest.py index bf64069..7bd7b64 100644 --- a/bridgedb/bridgerequest.py +++ b/bridgedb/bridgerequest.py @@ -249,7 +249,7 @@ class BridgeRequestBase(object): for country in self.notBlockedIn: logging.info("%s %s bridges not blocked in %s..." % (msg, pt or "vanilla", country)) - self.addFilter(byNotBlockedIn(country, pt, self.ipVersion)) + self.addFilter(byNotBlockedIn(country, pt or "vanilla", self.ipVersion)) elif pt: logging.info("%s %s bridges..." % (msg, pt)) self.addFilter(byTransport(pt, self.ipVersion)) diff --git a/bridgedb/filters.py b/bridgedb/filters.py index f268c83..a02661e 100644 --- a/bridgedb/filters.py +++ b/bridgedb/filters.py @@ -151,6 +151,13 @@ def byProbingResistance(methodname=None, ipVersion=None): return _cache[name] except KeyError: def _byProbingResistance(bridge): + # If we're dealing with a vanilla bridge, make sure that the bridge + # has the correct IP version. + if methodname == "vanilla": + validVersion = byIPv(ipVersion) + if not validVersion(bridge): + return False + if bridge.hasProbingResistantPT(): return methodname in ('scramblesuit', 'obfs4') return True @@ -262,7 +269,8 @@ def byNotBlockedIn(countryCode=None, methodname=None, ipVersion=4): if not methodname: return not bridge.isBlockedIn(countryCode) elif methodname == "vanilla": - if bridge.address.version == ipVersion: + validVersion = byIPv(ipVersion) + if validVersion(bridge): if not bridge.addressIsBlockedIn(countryCode, bridge.address, bridge.orPort): diff --git a/bridgedb/test/test_distributors_moat_request.py b/bridgedb/test/test_distributors_moat_request.py index 3c6ff51..555b3eb 100644 --- a/bridgedb/test/test_distributors_moat_request.py +++ b/bridgedb/test/test_distributors_moat_request.py @@ -30,9 +30,9 @@ class MoatBridgeRequest(unittest.TestCase): self.bridgeRequest.withoutBlockInCountry(data) self.bridgeRequest.generateFilters()

- self.assertItemsEqual(['byTransportNotBlockedIn(None,us,4)', - 'byTransportNotBlockedIn(None,ir,4)', - 'byTransportNotBlockedIn(None,sy,4)', + self.assertItemsEqual(['byTransportNotBlockedIn(vanilla,us,4)', + 'byTransportNotBlockedIn(vanilla,ir,4)', + 'byTransportNotBlockedIn(vanilla,sy,4)', 'byProbingResistance(vanilla,4)'], [x.__name__ for x in self.bridgeRequest.filters])