[tor-bugs] #28458 [Core Tor/sbws]: Stop resolving domains locally and check same flags for the 2nd hop
Tor Bug Tracker & Wiki
blackhole at torproject.org
Mon Nov 19 15:03:51 UTC 2018
#28458: Stop resolving domains locally and check same flags for the 2nd hop
---------------------------+--------------------------------
Reporter: juga | Owner: juga
Type: defect | Status: needs_revision
Priority: Medium | Milestone:
Component: Core Tor/sbws | Version: sbws: 1.0.0
Severity: Normal | Resolution:
Keywords: | Actual Points:
Parent ID: | Points:
Reviewer: | Sponsor:
---------------------------+--------------------------------
Comment (by juga):
Replying to [comment:14 pastly]:
[...]
> Replying to [comment:10 juga]
> >> Do we need to give it a 50% chance of being measured like a non-exit?
> > i don't understand what you mean as "non-exit", all relays are
measured as non-exits (1st hop), the exits are chosen independently for
the 2nd hop.
>
> Right now when sbws measures an exit, it tries to measure it in the 2nd
hop position (ignoring DNS failures etc. etc)
>
> With your changes, all relays (exits and non-exits) are measured in the
1st hop position. Why?
>
It was confusing:
- what `_pick_ideal_second_hop` is doing, it is actually not second hop
what it picks, but a helper.
- `is_exit`, it can be intepreted as what the relay to measure is, not as
what the candidates must be.
- the criteria used to pick the 2nd hop (see below).
I'll change those names in other ticket, so i don't get confused again.
> I think there's two changes that should be made as part of this ticket,
and somehow that's exploded into a lot of little buggy revisions.
Solution:
When you feel like reviewing a ticket, put yourself as reviewer, otherwise
i'll assume nobody is going to review the ticket.
I won't put any ticket to `needs_review` unless it has a reviewer.
If it doesn't have reviewer, i might do the refactors that help me to
solve the ticket in the same branch (in different commits).
If you'd like to continue to review this ticket, please put yourself as
reviewer. If not, no need to read more.
> 2. When picking an exit helper (for measuring a non-exit or for
measuring an exit that can't exit to our destination port, *it doesn't
matter*), be sure to check that its exit policy allows exiting to our
destination port.
So, you're saying:
1. when the helper is in the 2nd hop, check the exit policy.
But currently, you're only checking that it has the exit flag
(https://gitweb.torproject.org/sbws.git/tree/sbws/core/scanner.py#n140)
2. it doesn't matter that the relay does *not* allow to exit to our
destination port or is not an exit
I agree, but currently as result of the else, it has to do *not* have
badexit flag and do *not* allow to exit to our destination port
(https://gitweb.torproject.org/sbws.git/tree/sbws/core/scanner.py#n186)
In the current code, why would you check the policy of an exit and the
badexit flag when you use the relay to measure in the 2nd hop and only
check the exit flag when the helper is in the 2nd position?
I think we should check that it allows to exit to our destination port in
all cases (and no need to check exit flag cause if it can exit, it's an
exit).
Would you stop checking that it has *not* the badexit flag?
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/28458#comment:15>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tor-bugs
mailing list