[tor-commits] [sbws/master] globals: remove unused resolve and can_exit_to functions
juga at torproject.org
juga at torproject.org
Mon Dec 3 22:33:03 UTC 2018
commit bad22915444fbd647acc40f73ea4dab1615a7f1d
Author: juga0 <juga at riseup.net>
Date: Mon Dec 3 21:37:02 2018 +0000
globals: remove unused resolve and can_exit_to functions
They were used to resolve the IP of the destination and check
whether an exit policy allows to exit to that IP, but when the
destination is a CDN, the IP locally resolved would be different
to the IP resolved in the exit, and when the IP resolved to
IPv6, it was possible that the scanner didn't have IPv6.
The correct method to check whether an exit policy allows to exit
to an IP, would be to resolve the domain via Tor itself using
RESOLVE and ADDRMAP events with that exit.
---
sbws/globals.py | 23 -----------------------
sbws/lib/relaylist.py | 29 -----------------------------
2 files changed, 52 deletions(-)
diff --git a/sbws/globals.py b/sbws/globals.py
index 217e1a7..a621b5f 100644
--- a/sbws/globals.py
+++ b/sbws/globals.py
@@ -1,6 +1,5 @@
import os
import logging
-import socket
log = logging.getLogger(__name__)
@@ -70,25 +69,3 @@ def touch_file(fname, times=None):
log.debug('Touching %s', fname)
with open(fname, 'a') as fd:
os.utime(fd.fileno(), times=times)
-
-
-def resolve(hostname, ipv4_only=False, ipv6_only=False):
- assert not (ipv4_only and ipv6_only)
- results = []
- try:
- results = socket.getaddrinfo(hostname, 0)
- except socket.gaierror:
- log.warn(
- 'Unable to resolve %s hostname. Returning empty list of addresses',
- hostname)
- return []
- ret = set()
- for result in results:
- fam, _, _, _, addr = result
- if fam == socket.AddressFamily.AF_INET6 and not ipv4_only:
- ret.add(addr[0])
- elif fam == socket.AddressFamily.AF_INET and not ipv6_only:
- ret.add(addr[0])
- else:
- assert None, 'Unknown address family {}'.format(fam)
- return list(ret)
diff --git a/sbws/lib/relaylist.py b/sbws/lib/relaylist.py
index 17761a6..00e67ed 100644
--- a/sbws/lib/relaylist.py
+++ b/sbws/lib/relaylist.py
@@ -1,12 +1,9 @@
from stem.descriptor.router_status_entry import RouterStatusEntryV3
from stem.descriptor.server_descriptor import ServerDescriptor
from stem import Flag, DescriptorUnavailable, ControllerError
-from stem.util.connection import is_valid_ipv4_address
-from stem.util.connection import is_valid_ipv6_address
import random
import time
import logging
-from sbws.globals import resolve
from threading import Lock
log = logging.getLogger(__name__)
@@ -101,32 +98,6 @@ class Relay:
return None
return key.rstrip('=')
- def can_exit_to(self, host, port):
- '''
- Returns if this relay can MOST LIKELY exit to the given host:port.
- **host** can be a hostname, but be warned that we will resolve it
- locally and use the first (arbitrary/unknown order) result when
- checking exit policies, which is different than what other parts of the
- code may do (leaving it up to the exit to resolve the name).
- '''
- if not self.exit_policy:
- return False
- assert isinstance(host, str)
- assert isinstance(port, int)
- if not is_valid_ipv4_address(host) and not is_valid_ipv6_address(host):
- # It certainly isn't perfect trying to guess if an exit can connect
- # to an ipv4/6 address based on the DNS result we got locally. But
- # it's the best we can do.
- #
- # Also, only use the first ipv4/6 we get even if there is more than
- # one.
- results = resolve(host)
- if not len(results):
- return False
- host = results[0]
- assert is_valid_ipv4_address(host) or is_valid_ipv6_address(host)
- return self.exit_policy.can_exit_to(host, port)
-
def can_exit_to_port(self, port):
"""
Returns True if the relay has an exit policy and the policy accepts
More information about the tor-commits
mailing list