[tor-commits] [sbws/master] fix: relaylist: filter out private networks
juga at torproject.org
juga at torproject.org
Tue Aug 11 13:52:52 UTC 2020
commit ca20d8287c956e5f8224133e225fb1c8b6c9754d
Author: juga0 <juga at riseup.net>
Date: Sat Aug 1 13:37:20 2020 +0000
fix: relaylist: filter out private networks
when checking exit policies to know whether an exit can exit to a port.
Closes: #40010
---
sbws/lib/relaylist.py | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/sbws/lib/relaylist.py b/sbws/lib/relaylist.py
index ab7455e..dfd8b76 100644
--- a/sbws/lib/relaylist.py
+++ b/sbws/lib/relaylist.py
@@ -181,6 +181,10 @@ class Relay:
"""
Returns True if the relay has an exit policy and the policy accepts
exiting to the given portself or False otherwise.
+
+ The exits that are IPv6 only or IPv4 but rejecting some public networks
+ will return false.
+ On July 2020, there were 67 out of 1095 exits like this.
"""
assert isinstance(port, int)
# if dind't get the descriptor, there isn't exit policy
@@ -199,7 +203,12 @@ class Relay:
if self.exit_policy:
# Using `strict` to ensure it can exit to ALL domains
# and ips and that port. See #40006.
- return self.exit_policy.can_exit_to(port=port, strict=True)
+ # Using `strip_private` to ignore reject rules to private
+ # networks.
+ return (
+ self.exit_policy.strip_private()
+ .can_exit_to(port=port, strict=True)
+ )
except TypeError:
return False
return False
More information about the tor-commits
mailing list