[tor-talk] The reasoning behind the 'exit' flag definition

[Roger Dingledine]

On Mon, Sep 09, 2013 at 07:25:06PM +0000, tagnaq wrote:
> I'd like to understand why the exit flag is defined as it is.
> 
> The current definition can be found in the directory spec [1]:
> 
> "
> "Exit" -- A router is called an 'Exit' iff it allows exits to at
>    least two of the ports 80, 443, and 6667 and allows exits to at
>    least one /8 address space.
> "

The Exit flag used to not matter at all.

Now it matters because clients use it for load balancing. (If you have
the Exit flag then it's likely that other clients are using you as their
exit, so we should avoid using you for non-exit positions in our path.)

> I assume the exit flag was meant to be used by tor clients only [2]
> because destination port 80/443 are probably amongst the most
> frequently accessed services, but was than (mis)used to generate
> (inaccurate) 'Tor exit IP address lists' (?).

Does anybody actually do that?

My experience is that people make a list of all Tor relays at all, and
think of all of them as exiting anywhere, because they've never heard
of exit policies at all.

> This means that there is no way to tell if a relay actually allows
> exiting (any) traffic simply by looking at relay flags. To actually
> tell you would have to parse exit policies.

Correct. Consensus flags aren't meant for that.

> Which one of the following proposals would be more likely too be
> accepted by the Tor Project (if any at all):
> 
> - change the definition of the 'exit' flag to include all nodes that
> allow *any* exiting traffic.

This one is a poor idea, since it will ruin the load balancing which
is the only thing it's used for.

> - introduce a new flag that is set on all relays allowing *any* exit
> traffic (leaving the current definition of the 'exit' flag unchanged)

I guess we could do that. But I think it would be a burden on the network,
to say something that doesn't matter in any way and have every client
download it every few hours.

> As an alternative, better tools to create 'tor exit lists' as
> suggested in [4] and [5], might also do the job. Is someone aware of a
> tool that implements something like that already?

You don't like https://check.torproject.org/cgi-bin/TorBulkExitList.py ?

--Roger

> Something along the lines of:
> 
> ./get-tor-exits [relay-IP] target-service-IP[/mask][:port],...
> 
> output: boolean if relay-IP is given,
> if no relay IP was given: print a list of all relay IP addresses that
> would allow accessing (any) service in the target IP (range).

https://www.torproject.org/tordnsel/exitlist-spec.txt

This is up and running now (exitlist.torproject.org answers these dns
queries), but unmaintained.

See also
https://trac.torproject.org/projects/tor/ticket/9204
and
https://trac.torproject.org/projects/tor/ticket/9529

--Roger