Opened 8 months ago

Closed 4 months ago

#22030 closed defect (fixed)

Onionoo shows old IPv6 Exit ports

Reported by: teor Owned by: metrics-team
Priority: Medium Milestone: Onionoo-1.4.0
Component: Metrics/Onionoo Version:
Severity: Normal Keywords:
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description

I have an exit policy that looks like this on a relay running tor-0.2.9.9:

ExitPolicy reject *:*
ExitPolicy reject (IPv4 Blocks):*
ExitPolicy reject (IPv6 Blocks):*
ExitPolicy accept *:(Ports)
ExitPolicy reject *:*
ExitRelay 1
IPv6Exit 1

Even though the policy starts with 'reject *:*', atlas reports that the accepted ports are allowed over IPv6. All ports are rejected over IPv4.

This was a big surprise to me.

Child Tickets

Change History (7)

comment:1 Changed 8 months ago by teor

Component: Core Tor/TorMetrics/Onionoo
Keywords: ipv6 tor-exit removed
Milestone: Tor: 0.3.2.x-final
Owner: set to metrics-team
Points: 1
Summary: Exit Policy reject * does not reject IPv6 portsOnionoo shows old IPv6 ports
Version: Tor: 0.2.9.9

Turns out this is a bug in Onionoo.

The relay descriptor says:

reject *:*

http://91.121.230.208:9030/tor/server/authority

But onionoo says:

"exit_policy":["reject *:*"],
"exit_policy_summary":{"reject":["1-65535"]},
"exit_policy_v6_summary":{"accept":["20-21","43","53","80","443","873","989-993","995","1194","1293","3690","4321","5222-5223","5228","6660-6669","6697","9418","11371","64738"]}

https://onionoo.torproject.org/details?fingerprint=068308AD070849A71B8C1DB06C2509E82C40B908

This is the old policy from when the relay used to be an exit.

comment:2 Changed 7 months ago by teor

Summary: Onionoo shows old IPv6 portsOnionoo shows old IPv6 Exit ports

comment:3 Changed 7 months ago by karsten

Status: newneeds_review

Indeed, looks like a bug in Onionoo. Here's a potential fix that is yet untested.

comment:4 Changed 5 months ago by iwakeh

Milestone: Onionoo-1.3.0

comment:5 Changed 4 months ago by iwakeh

Milestone: Onionoo-1.3.0Onionoo-1.4.0

comment:6 Changed 4 months ago by iwakeh

Status: needs_reviewmerge_ready

Looks like the correct solution (cf. spec); checks and tests pass. Merge ready.

I rebased your branch on the current master and added a junit test, that would fail without the fix. Please review this branch.

comment:7 Changed 4 months ago by karsten

Resolution: fixed
Status: merge_readyclosed

Thanks for the review and the test! Merged with a fix to the change log. Closing.

Note: See TracTickets for help on using tickets.