[tor-bugs] #10067 [Tor]: Have `reject *` as the default exit policy

Tor Bug Tracker & Wiki blackhole at torproject.org
Tue Nov 5 16:44:33 UTC 2013 

#10067: Have `reject *` as the default exit policy
-----------------------------+--------------------------------
     Reporter:  lunar        |      Owner:
         Type:  enhancement  |     Status:  new
     Priority:  normal       |  Milestone:  Tor: 0.2.5.x-final
    Component:  Tor          |    Version:
   Resolution:               |   Keywords:  tor-relay
Actual Points:               |  Parent ID:
       Points:               |
-----------------------------+--------------------------------

Comment (by atagar):

 There, that gives a much more even distribution. Thanks!

 {{{
 % python default_exit_policy_count.py
 4696 reject *:*
 516 default
 70 accept *:20-23, accept *:43, accept *:53, accept *:79-81, accept *:88,
 accept *:110, accept *:143, accept *:194, accept *:220, accept *:389,
 accept *:443, accept *:464, accept *:531, accept *:543-544, accept *:554,
 accept *:563, accept *:636, accept *:706, accept *:749, accept *:873,
 accept *:902-904, accept *:981, accept *:989-995, accept *:1194, accept
 *:1220, accept *:1293, accept *:1500, accept *:1533, accept *:1677, accept
 *:1723, accept *:1755, accept *:1863, accept *:2082, accept *:2083, accept
 *:2086-2087, accept *:2095-2096, accept *:2102-2104, accept *:3128, accept
 *:3389, accept *:3690, accept *:4321, accept *:4643, accept *:5050, accept
 *:5190, accept *:5222-5223, accept *:5228, accept *:5900, accept
 *:6660-6669, accept *:6679, accept *:6697, accept *:8000, accept *:8008,
 accept *:8074, accept *:8080, accept *:8087-8088, accept *:8332-8333,
 accept *:8443, accept *:8888, accept *:9418, accept *:9999, accept
 *:10000, accept *:11371, accept *:12350, accept *:19294, accept *:19638,
 accept *:23456, accept *:33033, accept *:64738, reject *:*
 51 accept *:20-23, accept *:43, accept *:53, accept *:79-81, accept *:88,
 accept *:110, accept *:143, accept *:194, accept *:220, accept *:389,
 accept *:443, accept *:464, accept *:531, accept *:543-544, accept *:554,
 accept *:563, accept *:636, accept *:706, accept *:749, accept *:873,
 accept *:902-904, accept *:981, accept *:989-995, accept *:1194, accept
 *:1220, accept *:1293, accept *:1500, accept *:1533, accept *:1677, accept
 *:1723, accept *:1755, accept *:1863, accept *:2082, accept *:2083, accept
 *:2086-2087, accept *:2095-2096, accept *:2102-2104, accept *:3128, accept
 *:3389, accept *:3690, accept *:4321, accept *:4643, accept *:5050, accept
 *:5190, accept *:5222-5223, accept *:5228, accept *:5900, accept
 *:6660-6669, accept *:6679, accept *:6697, accept *:8000, accept *:8008,
 accept *:8074, accept *:8080, accept *:8087-8088, accept *:8332-8333,
 accept *:8443, accept *:8888, accept *:9418, accept *:9999, accept
 *:10000, accept *:11371, accept *:19294, accept *:19638, reject *:*
 38 accept *:20-23, accept *:43, accept *:53, accept *:79-81, accept *:88,
 accept *:110, accept *:143, accept *:194, accept *:220, accept *:389,
 accept *:443, accept *:464, accept *:531, accept *:543-544, accept *:554,
 accept *:563, accept *:636, accept *:706, accept *:749, accept *:873,
 accept *:902-904, accept *:981, accept *:989-995, accept *:1194, accept
 *:1220, accept *:1293, accept *:1500, accept *:1533, accept *:1677, accept
 *:1723, accept *:1755, accept *:1863, accept *:2082, accept *:2083, accept
 *:2086-2087, accept *:2095-2096, accept *:2102-2104, accept *:3128, accept
 *:3389, accept *:3690, accept *:4321, accept *:4643, accept *:5050, accept
 *:5190, accept *:5222-5223, accept *:5228, accept *:5900, accept
 *:6660-6669, accept *:6679, accept *:6697, accept *:8000, accept *:8008,
 accept *:8074, accept *:8080, accept *:8087-8088, accept *:8332-8333,
 accept *:8443, accept *:8888, accept *:9418, accept *:9999, accept
 *:10000, accept *:11371, accept *:12350, accept *:19294, accept *:19638,
 accept *:23456, accept *:33033, reject *:*
 38 accept *:80, accept *:443, accept *:110, accept *:143, accept *:993,
 accept *:995, accept *:6660-6669, accept *:6697, accept *:7000-7001,
 accept *:706, accept *:1863, accept *:5050, accept *:5190, accept *:5222,
 accept *:5223, accept *:8300, accept *:8888, reject *:*
 38 accept *:20-23, accept *:43, accept *:53, accept *:79-81, accept *:88,
 accept *:110, accept *:143, accept *:194, accept *:220, accept *:389,
 accept *:443, accept *:464, accept *:531, accept *:543-544, accept *:554,
 accept *:563, accept *:636, accept *:706, accept *:749, accept *:873,
 accept *:902-904, accept *:981, accept *:989-995, accept *:1194, accept
 *:1220, accept *:1293, accept *:1500, accept *:1533, accept *:1677, accept
 *:1723, accept *:1755, accept *:1863, accept *:2082, accept *:2083, accept
 *:2086-2087, accept *:2095-2096, accept *:2102-2104, accept *:3128, accept
 *:3389, accept *:3690, accept *:4321, accept *:4643, accept *:5050, accept
 *:5190, accept *:5222-5223, accept *:5228, accept *:5900, accept
 *:6660-6669, accept *:6679, accept *:6697, accept *:8000, accept *:8008,
 accept *:8074, accept *:8080, accept *:8087-8088, accept *:8332-8333,
 accept *:8443, accept *:8888, accept *:9418, accept *:9999, accept
 *:10000, accept *:11371, accept *:12350, accept *:19294, accept *:19638,
 accept *:23456, accept *:33033, reject *:*
 38 accept *:80, accept *:443, accept *:110, accept *:143, accept *:993,
 accept *:995, accept *:6660-6669, accept *:6697, accept *:7000-7001,
 accept *:706, accept *:1863, accept *:5050, accept *:5190, accept *:5222,
 accept *:5223, accept *:8300, accept *:8888, reject *:*
 35 accept *:80, accept *:443, reject *:*
 26 accept *:6660-6667, reject *:*
 24 accept *:*
 23 accept *:80, accept *:443, accept *:110, accept *:143, accept *:993,
 accept *:995, reject *:*
 19 accept *:80, reject *:*
 16 accept *:443, reject *:*
 13 accept *:53, reject *:*
 11 reject *:25, accept *:*
 ...
 }}}

 {{{
 import re

 from stem.descriptor import remote

 PRIVATE_PREFIX = re.compile(r"^(reject 0.0.0.0/8:\*, reject
 169.254.0.0/16:\*, .* 172.16.0.0/12:\*, reject .*:\*, )(.*)")
 DEFAULT_POLICY = "reject *:25, reject *:119, reject *:135-139, reject
 *:445, reject *:563, reject *:1214, reject *:4661-4666, reject
 *:6346-6429, reject *:6699, reject *:6881- 6999, accept *:*"

 def strip_private_prefix(policy):
   """
   Quick and dirty method to strip the exit policy's 'reject private'
 prefix.
   Without this most policies are unique, since they include a reject
 clause for
   their own IP.
   """

   policy_str = str(policy)
   match = PRIVATE_PREFIX.match(policy_str)

   if match:
     return match.group(2)
   else:
     return policy_str

 policy_counts = {}

 for desc in remote.DescriptorDownloader().get_server_descriptors():
   policy = strip_private_prefix(desc.exit_policy).replace(DEFAULT_POLICY,
 'default')
   policy_counts[policy] = policy_counts.setdefault(policy, 0) + 1

 # exit policies sorted by their count

 counts = sorted(policy_counts.values(), reverse = True)

 for count in counts:
   for policy, policy_count in policy_counts.items():
     if count == policy_count:
       print "%i %s" % (count, policy)
 }}}

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/10067#comment:9>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list