[or-cvs] r20736: {projects} Use Python module IPy for matching IP addresses with exit po (projects/archives/trunk/exonerator)
kloesing at seul.org
kloesing at seul.org
Sat Oct 3 18:02:37 UTC 2009
Author: kloesing
Date: 2009-10-03 14:02:37 -0400 (Sat, 03 Oct 2009)
New Revision: 20736
Modified:
projects/archives/trunk/exonerator/HOWTO
projects/archives/trunk/exonerator/exonerator.py
Log:
Use Python module IPy for matching IP addresses with exit policies.
Modified: projects/archives/trunk/exonerator/HOWTO
===================================================================
--- projects/archives/trunk/exonerator/HOWTO 2009-10-03 17:23:59 UTC (rev 20735)
+++ projects/archives/trunk/exonerator/HOWTO 2009-10-03 18:02:37 UTC (rev 20736)
@@ -38,6 +38,10 @@
- Install Python 2.6.2 or higher. (Previous Python versions might work,
too, but have not been tested.)
+- Install the Python module IPy 0.62 or higher either from
+ http://pypi.python.org/pypi/IPy/ or using "apt-get install python-ipy" on
+ Debian-based systems.
+
- Copy the consensuses-* and server-descriptors-* files of the relevant
time from http://archive.torproject.org/tor-directory-authority-archive/
and extract them to a directory in your working directory, e.g.
Modified: projects/archives/trunk/exonerator/exonerator.py
===================================================================
--- projects/archives/trunk/exonerator/exonerator.py 2009-10-03 17:23:59 UTC (rev 20735)
+++ projects/archives/trunk/exonerator/exonerator.py 2009-10-03 18:02:37 UTC (rev 20736)
@@ -6,6 +6,7 @@
import sys
import time
from optparse import OptionParser
+from IPy import IP
# check parameters
usage = "usage: %prog [options] <IP address in question> " \
@@ -21,7 +22,10 @@
parser.error("descriptor archive directory %s does not exist or is " \
"not a directory." % os.path.abspath(archiveDirectory))
archiveDirectory = os.path.dirname(options.archive)
-relayIP = args[0]
+try:
+ relayIP = IP(args[0])
+except ValueError:
+ parser.error("invalid IP address in question: '%s'" % args[0])
timestampStr = "%s %s" % (args[1], args[2])
os.environ['TZ'] = 'UTC'
time.tzset()
@@ -36,10 +40,20 @@
if len(args) == 4:
target = args[3]
targetParts = target.split(":")
- targetIP = targetParts[0]
- if len(targetParts) == 2:
+ try:
+ targetIP = IP(targetParts[0])
+ except ValueError:
+ parser.error("invalid target IP address in: '%s'" % args[3])
+ if len(targetParts) > 2:
+ parser.error("invalid target format: '%s'" % args[3])
+ if len(targetParts) > 1:
+ try:
+ targetPortTest = int(targetParts[1])
+ except ValueError:
+ parser.error("invalid target port number in: '%s'" % args[3])
+ if targetPortTest not in range(1, 65535):
+ parser.error("invalid target port number in: '%s'" % args[3])
targetPort = targetParts[1]
- targetIPParts = targetIP.split(".")
DELIMITER = "-----------------------------------------------------------" \
"----------------"
@@ -172,7 +186,7 @@
line = file.readline()
while line:
if line.startswith("r "):
- address = line.split(" ")[6]
+ address = IP(line.split(" ")[6])
if address == relayIP:
hexDesc = binascii.b2a_hex(binascii.a2b_base64(
line.split(" ")[3] + "=="))
@@ -183,7 +197,7 @@
if consensus in relevantConsensuses:
print " \"%s\" references descriptor %s" % \
(line.rstrip(), hexDesc)
- elif relayIP.startswith(address[0:address.rfind(".")]):
+ elif relayIP.overlaps(IP("%s/24" % address, make_net=True)):
addressesInSameNetwork.add(address)
line = file.readline()
file.close()
@@ -236,35 +250,11 @@
line.startswith("accept "):
ruleAccept = line.split()[0] == "accept"
ruleAddress = line.split()[1].split(":")[0]
- if ruleAddress != "*":
- if '/' not in ruleAddress and \
- ruleAddress != targetIP:
- # IP address does not match
- line = file.readline()
- continue
- ruleIPParts = ruleAddress.split("/")[0]. \
- split(".")
- ruleNetwork = int(ruleAddress. \
- split("/")[1])
- for i in range(0, 4):
- if ruleNetwork == 0:
- break
- elif ruleNetwork >= 8:
- if ruleIPParts[i] == \
- targetIPParts[i]:
- ruleNetwork -= 8
- else:
- break
- else:
- mask = 255 ^ 255 >> ruleNetwork
- if int(ruleIPParts[i]) & mask == \
- int(targetIPParts[i]) & mask:
- ruleNetwork = 0
- break
- if ruleNetwork > 0:
- # IP address does not match
- line = file.readline()
- continue
+ if ruleAddress != "*" and not \
+ IP(ruleAddress).overlaps(targetIP):
+ # IP address does not match
+ line = file.readline()
+ continue
rulePort = line.split()[1].split(":")[1]
if targetPort is None and not ruleAccept and \
rulePort != "*":
More information about the tor-commits
mailing list