[tor-bugs] #12843 [BridgeDB]: Bridgedb shouldn't handout bridges from .ir and .sy

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Feb 22 01:31:49 UTC 2015


#12843: Bridgedb shouldn't handout bridges from .ir and .sy
-------------------------+-------------------------------------------------
     Reporter:  mrphs    |      Owner:  isis
         Type:  defect   |     Status:  closed
     Priority:           |  Milestone:
  critical               |    Version:
    Component:           |   Keywords:  bridgedb-0.3.0, easy, isis2015Q1Q2,
  BridgeDB               |  isisExB, isisExC
   Resolution:  fixed    |  Parent ID:
Actual Points:           |
       Points:           |
-------------------------+-------------------------------------------------
Changes (by isis):

 * status:  accepted => closed
 * keywords:  bridgedb-0.2.x, easy, bridgedb-0.2.5, isis2015Q1Q2, isisExB,
     isisExC => bridgedb-0.3.0, easy, isis2015Q1Q2, isisExB, isisExC
 * resolution:   => fixed


Comment:

 There are patches which fix this in my `fix/12843-cc-spurning_r2`
 [https://gitweb.torproject.org/user/isis/bridgedb.git/log/?h=fix/12843-cc-
 spurning_r2 branch]. The primary changes are to
 [https://gitweb.torproject.org/user/isis/bridgedb.git/commit/?h=fix/12843
 -cc-spurning_r2&id=a92cf111584c296a5e589f7412bf5ea27bae5dcd add] a
 `NO_DISTRIBUTION_COUNTRIES` list option to `bridgedb.conf`, and the
 following minor
 [https://gitweb.torproject.org/user/isis/bridgedb.git/commit/?h=fix/12843
 -cc-spurning_r2&id=f80033f8496b8cda8f032932c0200a7c8f7fe825 changes] to
 the `bridgedb.Main.load()` function:

 {{{
 diff --git a/lib/bridgedb/Main.py b/lib/bridgedb/Main.py
 index 9317760..d0698c0 100644
 --- a/lib/bridgedb/Main.py
 +++ b/lib/bridgedb/Main.py
 @@ -198,10 +198,17 @@ def load(state, splitter, clear=False):
      inserted = 0
      logging.info("Inserting %d bridges into splitter..." % len(bridges))
      for fingerprint, bridge in bridges.items():
 -        # We attempt to insert all bridges. If the bridge is not running,
 then
 -        # it is skipped during the insertion process.
 -        splitter.insert(bridge)
 -        inserted += 1
 +        # Skip insertion of bridges which are geolocated to be in one of
 the
 +        # NO_DISTRIBUTION_COUNTRIES, a.k.a. the countries we don't
 distribute
 +        # bridges from:
 +        if bridge.country in state.NO_DISTRIBUTION_COUNTRIES:
 +            logging.warn("Not distributing Bridge %s %s:%s in country
 %s!" %
 +                         (bridge, bridge.address, bridge.orPort,
 bridge.country))
 +        else:
 +            # If the bridge is not running, then it is skipped during the
 +            # insertion process.
 +            splitter.insert(bridge)
 +            inserted += 1
      logging.info("Done inserting %d bridges into splitter." % inserted)

      if state.COLLECT_TIMESTAMPS:
 }}}

 Because this patch uses `bridge.country`, it relies upon the changes in
 #12872 to add geolocation for Bridge ORAddresses and PTs. This patch
 doesn't look at the geolocation results for PT addresses, however, it
 blocks distribution of the entire bridge and all of its PTs if the main
 ORAddress is in one of `NO_DISTRIBUTION_COUNTRIES`.

 Additionally, I added the `lib/bridgedb/test/test_Main.py`
 [https://gitweb.torproject.org/user/isis/bridgedb.git/commit/?h=fix/12843
 -cc-spurning_r2&id=2033d83393460d92c8315a9fd8b8b24a534456a9 file] with
 integration tests for [https://coveralls.io/builds/1971689 about 60%] of
 `bridgedb.Main`, which before had no tests at all. There is not yet,
 however, a specific regression test for this ticket to check that bridges
 from Iran and Syria are indeed blocked (mostly because I worry that the
 test would randomly break whenever the GeoIP database thinks an IP has
 been reallocated).

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/12843#comment:8>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list