[tor-bugs] #25979 [Core Tor/Stem]: Stem, Tor LTS, broken exit policies, and maybe microdescriptor issues too

Tor Bug Tracker & Wiki blackhole at torproject.org
Wed May 2 01:56:25 UTC 2018 

#25979: Stem, Tor LTS, broken exit policies, and maybe microdescriptor issues too
---------------------------+--------------------------
 Reporter:  pastly         |          Owner:  atagar
     Type:  defect         |         Status:  reopened
 Priority:  Medium         |      Milestone:
Component:  Core Tor/Stem  |        Version:
 Severity:  Normal         |     Resolution:
 Keywords:                 |  Actual Points:
Parent ID:                 |         Points:
 Reviewer:                 |        Sponsor:
---------------------------+--------------------------
Changes (by teor):

 * status:  closed => reopened
 * resolution:  worksforme =>


Comment:

 This appears to be a sbws bug.

 sbws assumes that the available consensus will contain exit policies.
 There are two consensus flavours:
 * the ns ("full") consensus contains exit policy port summaries
 * the microdesc consensus does not contain any port summaries

 The default consensus flavour is microdesc, and it does not contain exit
 policies, as documented here:
 https://stem.torproject.org/api/descriptor/router_status_entry.html#stem.descriptor.router_status_entry.RouterStatusEntryMicroV3

 Here is a small tor-prompt test case that reproduces this issue:
 {{{
 >>> for r in controller.get_network_statuses():
 ...   if r.exit_policy is not None:
 ...     print r
 ...
 >>>
 }}}
 No relay has an exit policy in the microdesc consensus.

 sbws should use the microdescriptors instead, because they contain the
 exit policy summaries.

 Here is some sample tor-prompt code that demonstrates this technique:
 {{{
 >>> for r in controller.get_network_statuses():
 ...   m = controller.get_microdescriptor(relay=r.fingerprint)
 ...   if m.exit_policy is not None:
 ...     print m.exit_policy
 ...     break
 ...
 reject 1-65535

 >>>
 }}}

 Since Stem doesn't have an abstraction layer over descriptor flavours, I
 suggest that sbws uses code that is compatible with either:

 {{{
 >>> for r in controller.get_network_statuses():
 ...   e = r.exit_policy if r.exit_policy else
 controller.get_microdescriptor(relay=r.fingerprint).exit_policy
 ...   if e is not None and e.can_exit_to(port=443):
 ...     print e
 ...     break
 ...
 accept
 20-23,43,53,79-81,88,110,143,194,220,389,443,464,531,543-544,554,563,636,706,749,873,902-904,981,989-995,1194,1220,1293,1500,1533,1677,1723,1755,1863,2082-2083,2086-2087,2095-2096,2102-2104,3128,3389,3690,4321,4643,5050,5190,5222-5223,5228,5900,6660-6669,6679,6697,8000,8008,8074,8080,8087-8088,8332-8333,8443,8888,9418,9999-10000,11371,12350,19294,19638,23456,33033,64738

 >>>
 }}}

 This code works with:
 {{{
 tor DataDirectory `mktemp -d`
 tor DataDirectory `mktemp -d` UseMicrodescriptors 0
 tor DataDirectory `mktemp -d` FetchUselessDescriptors 1
 }}}

 Which is good, because some bandwidth authorities will have set
 UseMicrodescriptors or FetchUselessDescriptors from torflow.

--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/25979#comment:4>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

More information about the tor-bugs mailing list