[tor-bugs] #11264 [Tor]: Relay has Exit flag but short policy says reject *?
Tor Bug Tracker & Wiki
blackhole at torproject.org
Thu Jul 24 07:30:44 UTC 2014
#11264: Relay has Exit flag but short policy says reject *?
------------------------+--------------------------------
Reporter: arma | Owner:
Type: defect | Status: new
Priority: normal | Milestone: Tor: 0.2.6.x-final
Component: Tor | Version:
Resolution: | Keywords: tor-auth easy
Actual Points: | Parent ID:
Points: |
------------------------+--------------------------------
Comment (by karsten):
Replying to [comment:6 arma]:
> Maybe this is a fine introductory Tor ticket for TWN readers?
How about the following paragraph for TWN? (Feel free to tweak!)
{{{
Tor relays define an exit policy in the format "reject 0.0.0.0/8:*" that
says which addresses and ports are accepted or rejected for outgoing
connections. The directory authorities summarize this exit policy into
a list of rejected or accepted ports, like "reject 1-65535", and they
assign the "Exit" flag if two ports out of 80, 443, 6667 are permitted
for "most" addresses. Apparently, there are edge cases when the summary
is "reject 1-65535" but the relay still gets the "Exit" flag, which
seems inconsistent. An easy fix would be to not assign the "Exit" flag
in this specific case. Roger sketched out the relevant functions to
look at in the ticket (#12264). Ideally, this fix comes with a short
analysis what the edge cases are and with a specification update. This
is probably a one-line patch, the difficulty is just in finding out
which line that is.
}}}
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/11264#comment:7>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list