Opened 3 years ago

Closed 3 years ago

#17762 closed defect (fixed)

Complaint of malformed IP/policy

Reported by: tmpname0901 Owned by:
Priority: Low Milestone: Tor: 0.2.8.x-final
Component: Core Tor/Tor Version: Tor: 0.2.7.5
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

While using the ReducedExitPolicy and

ExitRelay 1
IPv6Exit 1

I occasional get these warnings in my log file:

Dec 06 07:27:56.000 [warn] Malformed IP "???" in address pattern; rejecting.
Dec 06 07:27:56.000 [warn] Couldn't parse line "???:*". Dropping
Dec 06 07:27:56.000 [warn] Malformed policy 'reject ???:*'. Discarding entire policy list.
Dec 06 07:27:56.000 [warn] append_exit_policy_string(): Bug: Unable to parse internally generated policy reject ???:* (on Tor 0.2.7.5 )

No problems seen with v0.2.6.10 while using the same config file.

I'm setting the Priority and Severity here to moderate settings, because I don't know if the warnings are anything more than clutter. If the complaints are indicating a problem that hinders the relay as an exit node, then the urgency should be bumped up.

Child Tickets

Change History (8)

comment:1 Changed 3 years ago by teor

Priority: MediumVery High
Severity: NormalCritical
Status: newneeds_information

This bug may mean that your exit policy is being discarded or truncated.
It's related to the 0.2.7 implementation of #17027.
0.2.6 doesn't have this feature; 0.2.8 has a more robust implementation.

Can you please check your descriptor and see if the exit policy there matches the one in your torrc?
That will help us find out how critical this bug is.

comment:2 Changed 3 years ago by teor

Status: needs_informationneeds_review

This issue is already fixed in master as a result of refactoring.

Please see my branch avoid-fmt-addr-policy on https://github.com/teor2345/tor.git , which cherry-picks this commit, and adds a changes file.

The previous code relied on fmt_addr, which sometimes returns "???". This can cause an error parsing the exit policy, which could result in the entire exit policy being discarded.

This code directly copies the tor_addr_t into the exit policy structure, avoiding the fmt_addr/parsing steps.

comment:3 Changed 3 years ago by teor

(The branch avoid-fmt-addr-policy is based on maint-0.2.7. One commit is already in master, the other is a changes file which documents backporting that commit as a fix to 0.2.7.5.)

comment:4 Changed 3 years ago by teor

Keywords: TorCoreTeam201512 added

comment:5 Changed 3 years ago by nickm

Review: This backport looks good to me; let's let it cook a bit longer in master though. It's not a must-fix AFAICT; but please let me know if I'm wrong there.

comment:6 in reply to:  5 Changed 3 years ago by teor

Replying to nickm:

Review: This backport looks good to me; let's let it cook a bit longer in master though. It's not a must-fix AFAICT; but please let me know if I'm wrong there.

You're right, now that I've had a look at the maint-0.2.7 code again, append_exit_policy_string is only discarding the entire string we tried to append, not the entire policy up to that point.

So this just means that we're not adding an address we couldn't print to the policy.

The behaviour is ok, it would be nice to avoid the warning, but it's just a warning.

comment:7 Changed 3 years ago by nickm

Keywords: TorCoreTeam201512 removed

non-bug for 0.2.7, so non-december. :)

comment:8 Changed 3 years ago by nickm

Milestone: Tor: 0.2.7.x-finalTor: 0.2.8.x-final
Priority: Very HighLow
Resolution: fixed
Severity: CriticalNormal
Status: needs_reviewclosed

Deciding "non-backport" here since it's just an undesirable warning rather than a bug.

Note: See TracTickets for help on using tickets.