[tor-bugs] #19317 [Metrics/CollecTor]: Sanitize TCP ports in bridge descriptors

Tor Bug Tracker & Wiki blackhole at torproject.org
Fri Jun 10 12:17:29 UTC 2016 

#19317: Sanitize TCP ports in bridge descriptors
-------------------------------+------------------------------
 Reporter:  karsten            |          Owner:
     Type:  enhancement        |         Status:  needs_review
 Priority:  Medium             |      Milestone:
Component:  Metrics/CollecTor  |        Version:
 Severity:  Normal             |     Resolution:
 Keywords:                     |  Actual Points:
Parent ID:                     |         Points:
 Reviewer:                     |        Sponsor:
-------------------------------+------------------------------
Changes (by karsten):

 * status:  new => needs_review


Comment:

 Alright, I came up with a slightly less dirty way to avoid producing 0 as
 sanitized ports: `H(...)[:2] / 2^2 + 2^15 + 2^15`.  That takes the most
 significant 14 bits and puts them in the range from 49152 to 65535 which
 is reserved for private services.  One might argue that this is similar to
 how we pick 10.x.x.x for sanitized IPv4 addresses, but really it's just
 less ugly than `H(...)[:2] % 65535 + 1`.  Yell if you dislike it.

 And I made another attempt to specify the network byte order thing.
 Though I realized that it doesn't really matter, because people cannot
 reproduce our results without having our secrets anyway, so they wouldn't
 even find out if they're running this code on a different architecture.
 Still good to be exact I guess.

 So, I wrote some code.  Please take a look at
 [https://gitweb.torproject.org/karsten/metrics-
 db.git/commit/?h=task-19317&id=c742c388da500b0f9b2df236f49d280aa2715c96
 this single commit] in my branch task-19317.  teor, please feel free to
 ignore the Java changes, but if you could take a look at the HTML near the
 end of the patch which contains the new specification, that would be
 grand.

 Please also find some sanitized bridge descriptors using the new code
 here: https://people.torproject.org/~karsten/volatile/sanitized-bridge-
 descriptors-sample-for-task-19317.tar.xz

 Thanks!

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/19317#comment:5>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list