[tor-bugs] #10067 [Tor]: Have `reject *` as the default exit policy

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Nov 5 15:55:26 UTC 2013 

#10067: Have `reject *` as the default exit policy
-----------------------------+--------------------------------
     Reporter:  lunar        |      Owner:
         Type:  enhancement  |     Status:  new
     Priority:  normal       |  Milestone:  Tor: 0.2.5.x-final
    Component:  Tor          |    Version:
   Resolution:               |   Keywords:  tor-relay
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+--------------------------------

Comment (by atagar):

 > Are there very many such nodes?

 Just realized working with the default policy via stem is a little clunky.
 I should fix that. Anyway, in practice policies seem to mostly stick to
 reject-all or the default...

 {{{
 % python default_exit_policy_count.py
 4705 reject *:*
 1417 default
 2 accept 173.213.78.126:443, reject *:*
 2 accept *:9980, accept *:9981, accept 192.0.2.80:*, accept 10.8.6.1:*,
 default
 2 accept 78.47.218.190:80, accept 5.9.28.163:80, accept 5.9.28.163:443,
 accept 5.9.28.186/30:80, accept 5.9.28.186/30:443, accept 5.9.30.12:80,
 accept 5.9.30.12:443, accept 5.9.236.224/28:80, accept 5.9.236.224/28:443,
 reject *:*
 2 accept 173.213.78.125:80, reject *:*
 2 accept 173.213.78.126:443, reject *:*
 ...
 }}}

 {{{
 from stem.descriptor import remote

 # prefix of the default policy that's static

 STATIC_DEFAULT = "reject 0.0.0.0/8:*, reject 169.254.0.0/16:*, reject
 127.0.0.0/8:*, reject 192.168.0.0/16:*, reject 10.0.0.0/8:*, reject
 172.16.0.0/12:*"

 def replace_default(policy):
   """
   Quick and dirty method to replace the default exit policy with
 'default'.
   Without this most policies are unique, since they include a reject
 clause for
   their own IP.
   """

   policy_str = str(policy)
   static_prefix = policy_str.find(STATIC_DEFAULT)

   if static_prefix == -1:
     return policy_str
   elif static_prefix == 0:
     return 'default'
   else:
     return policy_str[:static_prefix] + 'default'

 policy_counts = {}

 for desc in remote.DescriptorDownloader().get_server_descriptors():
   policy = replace_default(desc.exit_policy)
   policy_counts[policy] = policy_counts.setdefault(policy, 0) + 1

 # exit policies sorted by their count

 counts = sorted(policy_counts.values(), reverse = True)

 for count in counts:
   for policy, policy_count in policy_counts.items():
     if count == policy_count:
       print "%i %s" % (count, policy)
 }}}

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10067#comment:6>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list