[tor-commits] [tor/release-0.2.8] Report fallback directory detail changes when rebuilding list

nickm at torproject.org nickm at torproject.org
Tue Apr 26 23:28:11 UTC 2016


commit ba7691071e284623cc0c6e3e8ca8ff94d4be7ded
Author: teor (Tim Wilson-Brown) <teor2345 at gmail.com>
Date:   Sat Apr 16 01:43:11 2016 +1000

    Report fallback directory detail changes when rebuilding list
    
    As well as the existing reports of IPv6 address additions or removals,
    the script now warns when keys change but IPv4:ORPort or
    IPv6:IPv6ORPort remain the same.
    
    Existing checks for other whitelist detail changes have also
    been re-worded and upgraded to warnings.
    
    This makes it easier for changes to be identified so operators can
    be contacted to confirm whether the change is stable.
---
 changes/fallbacks-201604            |  5 ++--
 scripts/maint/updateFallbackDirs.py | 46 ++++++++++++++++++-------------------
 2 files changed, 26 insertions(+), 25 deletions(-)

diff --git a/changes/fallbacks-201604 b/changes/fallbacks-201604
index f88d5c6..d61615a 100644
--- a/changes/fallbacks-201604
+++ b/changes/fallbacks-201604
@@ -1,8 +1,9 @@
   o Minor enhancements (fallback directory mirrors):
     - Give each fallback the same weight for client selection.
       Restrict fallbacks to one per operator.
+      Report fallback directory detail changes when rebuilding list.
       Add new fallback directory mirrors to the whitelist.
       Update fallback directories based on the latest OnionOO data.
       Many other minor simplifications and fixes.
-      Closes tasks 17158, 17905, 18749, and bug 18689 on
-      tor 0.2.8.1-alpha; patch by "teor".
+      Closes tasks 17158, 17905, 18749, bug 18689, and fixes part of
+      bug 18812 on tor 0.2.8.1-alpha; patch by "teor".
diff --git a/scripts/maint/updateFallbackDirs.py b/scripts/maint/updateFallbackDirs.py
index 4cfee5d..d27c144 100755
--- a/scripts/maint/updateFallbackDirs.py
+++ b/scripts/maint/updateFallbackDirs.py
@@ -806,48 +806,48 @@ class Candidate(object):
           ipv6 address and port (if present)
         If the fallback has an ipv6 key, the whitelist line must also have
         it, and vice versa, otherwise they don't match. """
+    ipv6 = None
+    if self.has_ipv6():
+      ipv6 = '%s:%d'%(self.ipv6addr, self.ipv6orport)
     for entry in relaylist:
-      if  entry['id'] != self._fpr:
-        # can't log here, every relay's fingerprint is compared to the entry
+      if entry['id'] != self._fpr:
+        # can't log here unless we match an IP and port, because every relay's
+        # fingerprint is compared to every entry's fingerprint
+        if entry['ipv4'] == self.dirip and int(entry['orport']) == self.orport:
+          logging.warning('%s excluded: has OR %s:%d changed fingerprint to ' +
+                          '%s?', entry['id'], self.dirip, self.orport,
+                          self._fpr)
+        if self.has_ipv6() and entry.has_key('ipv6') and entry['ipv6'] == ipv6:
+          logging.warning('%s excluded: has OR %s changed fingerprint to ' +
+                          '%s?', entry['id'], ipv6, self._fpr)
         continue
       if entry['ipv4'] != self.dirip:
-        logging.info('%s is not in the whitelist: fingerprint matches, but ' +
-                     'IPv4 (%s) does not match entry IPv4 (%s)',
-                     self._fpr, self.dirip, entry['ipv4'])
+        logging.warning('%s excluded: has it changed IPv4 from %s to %s?',
+                        self._fpr, entry['ipv4'], self.dirip)
         continue
       if int(entry['dirport']) != self.dirport:
-        logging.info('%s is not in the whitelist: fingerprint matches, but ' +
-                     'DirPort (%d) does not match entry DirPort (%d)',
-                     self._fpr, self.dirport, int(entry['dirport']))
+        logging.warning('%s excluded: has it changed DirPort from %s:%d to ' +
+                        '%s:%d?', self._fpr, self.dirip, int(entry['dirport']),
+                        self.dirip, self.dirport)
         continue
       if int(entry['orport']) != self.orport:
-        logging.info('%s is not in the whitelist: fingerprint matches, but ' +
-                     'ORPort (%d) does not match entry ORPort (%d)',
-                     self._fpr, self.orport, int(entry['orport']))
+        logging.warning('%s excluded: has it changed ORPort from %s:%d to ' +
+                        '%s:%d?', self._fpr, self.dirip, int(entry['orport']),
+                        self.dirip, self.orport)
         continue
-      ipv6 = None
-      if self.has_ipv6():
-        ipv6 = '%s:%d'%(self.ipv6addr, self.ipv6orport)
       if entry.has_key('ipv6') and self.has_ipv6():
         # if both entry and fallback have an ipv6 address, compare them
         if entry['ipv6'] != ipv6:
-          logging.info('%s is not in the whitelist: fingerprint matches, ' +
-                       'but IPv6 (%s) does not match entry IPv6 (%s)',
-                       self._fpr, ipv6, entry['ipv6'])
+          logging.warning('%s excluded: has it changed IPv6 ORPort from %s ' +
+                          'to %s?', self._fpr, entry['ipv6'], ipv6)
           continue
       # if the fallback has an IPv6 address but the whitelist entry
       # doesn't, or vice versa, the whitelist entry doesn't match
       elif entry.has_key('ipv6') and not self.has_ipv6():
-        logging.info('%s is not in the whitelist: fingerprint matches, but ' +
-                     'it has no IPv6, and entry has IPv6 (%s)', self._fpr,
-                     entry['ipv6'])
         logging.warning('%s excluded: has it lost its former IPv6 address %s?',
                         self._fpr, entry['ipv6'])
         continue
       elif not entry.has_key('ipv6') and self.has_ipv6():
-        logging.info('%s is not in the whitelist: fingerprint matches, but ' +
-                     'it has IPv6 (%s), and entry has no IPv6', self._fpr,
-                     ipv6)
         logging.warning('%s excluded: has it gained an IPv6 address %s?',
                         self._fpr, ipv6)
         continue





More information about the tor-commits mailing list