Opened 9 years ago

Closed 7 years ago

Last modified 7 years ago

#1924 closed enhancement (wontfix)

Allow regular expression matching for ExcludeNodes/ExcludeExitNodes/EntryNodes/ExitNodes

Reported by: aa138346 Owned by:
Priority: Medium Milestone: Tor: unspecified
Component: Core Tor/Tor Version:
Severity: Keywords: needs-proposal
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

Allow regular expression matching for ExcludeNodes/ExcludeExitNodes/EntryNodes/ExitNodes, for both node name and hostname.

I understand that such a feature may not be secure.

Child Tickets

Change History (6)

comment:1 Changed 9 years ago by nickm

Milestone: Tor: unspecified

comment:2 Changed 8 years ago by arma

I can't imagine we'd want to build this for hostname (we don't resolve relay IPs to hostnames and don't really want to start). But I can see some edge cases where regexps (or just wildcards) on nicknames would be useful. The main example I'm thinking of is when some idiot signs up thousands of Tor relays with similar names.

Sounds like a "submit a patch if you want it enough, and make sure it's convincingly clean, else this feature will never be added" situation.

comment:3 Changed 8 years ago by aa138346

I was more interested in this functionality so I could *exclude* certain nodes/exit nodes by hostname, domain, etc., which wouldn't be terribly inefficient.

However, I see how it would raise all sorts of performance issues for the inclusion directives (EntryNode, ExitNode).

Would this sort of functionality be desirable for the exclude directives?

comment:4 in reply to:  3 Changed 8 years ago by rransom

Replying to aa138346:

I was more interested in this functionality so I could *exclude* certain nodes/exit nodes by hostname, domain, etc., which wouldn't be terribly inefficient.

Yes, it would be inefficient. Your Tor client would need to perform a DNS reverse lookup on every relay it knows about before it could build any circuits at all.

However, I see how it would raise all sorts of performance issues for the inclusion directives (EntryNode, ExitNode).

Would this sort of functionality be desirable for the exclude directives?

No.

comment:5 Changed 7 years ago by nickm

Keywords: needs-proposal added
Resolution: wontfix
Status: newclosed

This is really not implementable securely or efficiently, and it would be way easy to spoof.

I'm closing this as wontfix; if I'm wrong, please reopen, but it's going to need a design proposal to show how it could make sense.

comment:6 Changed 7 years ago by nickm

Component: Tor ClientTor
Note: See TracTickets for help on using tickets.