Opened 2 years ago

Closed 22 months ago

#22321 closed enhancement (fixed)

Update fallback directory whitelist based on operator relay changes

Reported by: teor Owned by: teor
Priority: Medium Milestone: Tor: 0.3.3.x-final
Component: Core Tor/Fallback Scripts Version:
Severity: Normal Keywords:
Cc: Actual Points: 2
Parent ID: #22271 Points: 1
Reviewer: pastly Sponsor:

Description

We need to contact the operators to check if these changes are permanent.
(It's safe to ignore these warnings: we don't want fallbacks that change their details, particularly without telling us.)

WARNING::71AB4726D830FAE776D74AEF790CF04D8E0151B4 excluded: has it changed IPv4 from 163.172.35.247 to 51.15.53.134?
WARNING::BD552C165E2ED2887D3F1CCE9CFF155DDA2D86E6 excluded: has it changed IPv4 from 79.120.16.42 to 213.141.138.174?
WARNING::0C2C599AFCB26F5CFC2C7592435924C1D63D9484 excluded: has it lost its former IPv6 address [2001:41d0:a:fb7a::1]:9001?
WARNING::BC630CBBB518BE7E9F4E09712AB0269E9DC7D626 excluded: has it changed ORPort from 197.231.221.211:9001 to 197.231.221.211:443?
WARNING::0C1E7DD9ED0676C788933F68A9985ED853CA5812 excluded: has it lost its former IPv6 address [2a02:180:1:1::5b8f:538c]:993?
WARNING::CBD0D1BD110EC52963082D839AC6A89D0AE243E7 excluded: has it changed IPv4 from 37.59.46.159 to 176.31.103.150?
WARNING::50586E25BE067FD1F739998550EDDCB1A14CA5B2 excluded: has it lost its former IPv6 address [2a02:168:6e00:0:3a60:77ff:fe9c:8bd1]:9001?
WARNING::2EC0C66EA700C44670444280AABAB1EC78B722A0 excluded: has it changed ORPort from 167.114.113.48:403 to 167.114.113.48:443?
WARNING::DC163DDEF4B6F0C6BC226F9F6656A5A30C5C5686 excluded: has it changed IPv4 from 176.158.132.12 to 176.158.236.102?
WARNING::F4263275CF54A6836EE7BD527B1328836A6F06E1 excluded: has it changed DirPort from 37.187.102.108:9090 to 37.187.102.108:80?

From https://trac.torproject.org/projects/tor/attachment/ticket/21564/fallbacks_2017-05-16-0815-09cd78886.log

Child Tickets

Change History (33)

comment:1 Changed 2 years ago by teor

Points: 1

comment:2 Changed 2 years ago by teor

Parent ID: #22271

comment:3 Changed 2 years ago by teor

An operator contacted me with the following changes:

I had to move the current fallback Freebird31 to another ip:
old:
 178.254.13.126:80 orport=443
 id=F9246DEF2B653807236DA134F2AEAB103D58ABFE
new:
 ORPort 81.7.11.38:443, DirPort 81.7.11.38:80
 fp F9246DEF2B653807236DA134F2AEAB103D58ABFE

...
I would like to opt-in the following Ichotolot60 as an alternative:
 ORPort 81.7.14.253:443, DirPort 81.7.14.253:9001
 fp 1AE039EE0B11DB79E4B4B29CBA9F752864A0259E

----
The two current ones will stay:
 178.254.44.135:9030 orport=9001
 id=8FA37B93397015B2BC5A525C908485260BE9F422

 178.254.20.134:80 orport=443
 id=9F5068310818ED7C70B0BC4087AB55CB12CB4377

comment:4 Changed 2 years ago by teor

Type: enhancementtask

ln5 contacted tor-relays [1] with the following changes:

Fallback directory mirror DFRI7 [0] is down, due to multiple disk
krashes, since about 30h and will not come alive with the same key.

[0] 171.25.193.131:80 orport=443 id=79861CF8522FC637EF046F7688F5289E49D94576

A new DFRI7 will appear on the same address and port within a couple of
days.

We need to change to the new fingerprint once it's available.

[1]: https://lists.torproject.org/pipermail/tor-relays/2017-August/012885.html

comment:5 Changed 2 years ago by teor

An operator contacted me asking me to remove the old IPv6 addresses on these:

eriador - 6DE61A6F72C1E5418A66BFED80DFB63E4C77668F
[2001:41d0:1:8989::1]:4051

lindon - 9FBEB75E8BC142565F12CBBE078D63310236A334
91.121.84.137:4052,[2001:41d0:1:8989::1]:4052

I will add the new addresses if they have changed by the time I update the lists.

comment:6 Changed 2 years ago by teor

Milestone: Tor: 0.3.2.x-finalTor: 0.3.3.x-final

I'm not going to get time to do these in 0.3.2.
Moving them to 0.3.3.

comment:7 Changed 2 years ago by teor

The relay 2BA2C8E96B2590E1072AECE2BDB5C48921BF8510 is getting a new IP address and needs to be updated.

comment:8 Changed 2 years ago by teor

fluxe4 also needs an IPv6 address added, see #24135

comment:9 Changed 2 years ago by teor

These relays are moving or going away in March 2019, so we need to remove them in the next update:

janschejbalScaleWy2 - 2A4C448784F5A83AFE6C78DA357D5E31F7989DEB
janschejbalScaleWy3 - 72527E3242CB15AADE28374AE0D35833FC083F60
janschejbalScaleWy4 - AD253B49E303C6AB1E048B014392AC569E8A7DAE
janschejbalScaleWy5 - D5F3FB17504744FB7ECEF46F4B1D155258A6D942

comment:10 Changed 2 years ago by teor

This relay has moved:

217.79.190.25

comment:11 Changed 23 months ago by teor

The relay 99E246DB480B313A3012BC3363093CC26CD209C7 has moved from 81.7.10.93 to 173.212.254.192.

comment:12 in reply to:  10 ; Changed 22 months ago by pastly

Replying to teor:

This relay has moved:

217.79.190.25

There's still a relay there right now. Same fingerprint as in fallback.whitelist.

comment:13 in reply to:  4 ; Changed 22 months ago by pastly

Replying to teor:

ln5 contacted tor-relays [1] with the following changes:

Fallback directory mirror DFRI7 [0] is down, due to multiple disk
krashes, since about 30h and will not come alive with the same key.

[0] 171.25.193.131:80 orport=443 id=79861CF8522FC637EF046F7688F5289E49D94576

A new DFRI7 will appear on the same address and port within a couple of
days.

We need to change to the new fingerprint once it's available.

[1]: https://lists.torproject.org/pipermail/tor-relays/2017-August/012885.html

It never appeared or isn't currently running.

comment:14 in reply to:  12 Changed 22 months ago by teor

Replying to pastly:

Replying to teor:

This relay has moved:

217.79.190.25

There's still a relay there right now. Same fingerprint as in fallback.whitelist.

I just checked the email the operator sent to me.
They said "changed or removed".
Since they haven't moved it yet, let's remove it from the list, and I'll email them and ask them to tell us the new address when it moves. (It can go on the next list.)

comment:15 Changed 22 months ago by pastly

Status: newneeds_review

See branch fallback_whiteblack_changes

Handled everything in this ticket but

  • comment 13
  • The OP (I didn't email any operators.

comment:16 in reply to:  13 ; Changed 22 months ago by teor

Replying to pastly:

Replying to teor:

ln5 contacted tor-relays [1] with the following changes:

Fallback directory mirror DFRI7 [0] is down, due to multiple disk
krashes, since about 30h and will not come alive with the same key.

[0] 171.25.193.131:80 orport=443 id=79861CF8522FC637EF046F7688F5289E49D94576

A new DFRI7 will appear on the same address and port within a couple of
days.

We need to change to the new fingerprint once it's available.

[1]: https://lists.torproject.org/pipermail/tor-relays/2017-August/012885.html

It never appeared or isn't currently running.

Ok, please remove it from the list then. There are plenty of other DFRI relays on the list.

comment:17 in reply to:  16 Changed 22 months ago by pastly

Replying to teor:

[0] 171.25.193.131:80 orport=443 id=79861CF8522FC637EF046F7688F5289E49D94576

Ok, please remove it from the list then. There are plenty of other DFRI relays on the list.

Done already. The "remaining" part was to ask ln5 about what happened. Sounds like we'll skip that.

Overall remaining step is to contact people in the OP.

This branch also covers #22527

comment:18 Changed 22 months ago by teor

Summary: Update fallback directory whitelist based on relay changesUpdate fallback directory whitelist based on operator relay changes

comment:19 Changed 22 months ago by teor

Let's do the contacts after running the script with the new whitelist.
I split that off into #24678.

comment:20 Changed 22 months ago by nickm

I'm fine merging this branch once you say it's merge_ready?

comment:21 Changed 22 months ago by teor

There could be a bug in the whitelist or blacklist - they appear to be eliminating all relays.
Also, the list is incomplete, we still have to do a tor-relays opt-in, and check with operators whose relay details have changed, but they haven't told us.

comment:22 Changed 22 months ago by Sebastian

F8D27B163B9247B232A2EEE68DD8B698695C28DE has stable ipv6

comment:23 in reply to:  22 ; Changed 22 months ago by teor

Replying to Sebastian:

F8D27B163B9247B232A2EEE68DD8B698695C28DE has stable ipv6

Please see my branch fallback_whiteblack_changes, which contains all of pastly's changes, the opt-ins for the last day, including all tor-relays emails, emails direct to me, child tickets and the IPv6 fixup in comment 22.

I expect we'll get a few more opt-ins over the next few days.
That's ok, because we need to merge some code changes as well.

pastly, the script works for me, did you run it from the tor directory?
Because running it from tor/scripts/maint doesn't work with the file paths.

WHITELIST_FILE_NAME = 'scripts/maint/fallback.whitelist'
BLACKLIST_FILE_NAME = 'scripts/maint/fallback.blacklist'
FALLBACK_FILE_NAME  = 'src/or/fallback_dirs.inc'

comment:24 in reply to:  23 Changed 22 months ago by Sebastian

Replying to teor:

Replying to Sebastian:

F8D27B163B9247B232A2EEE68DD8B698695C28DE has stable ipv6

Please see my branch fallback_whiteblack_changes, which contains all of pastly's changes, the opt-ins for the last day, including all tor-relays emails, emails direct to me, child tickets and the IPv6 fixup in comment 22.

I expect we'll get a few more opt-ins over the next few days.
That's ok, because we need to merge some code changes as well.

thanks

comment:25 Changed 22 months ago by teor

(This branch will also need a changes file.)

comment:26 Changed 22 months ago by teor

Status: needs_reviewneeds_revision

comment:27 Changed 22 months ago by teor

Status: needs_revisionneeds_information

Still getting a few of these per day, and pushing them to the branch.
Still needs a squash and a changes file.

comment:28 Changed 22 months ago by teor

I added a changes file.
We're still taking updates, and then we'll do a final squash.
I think one commit for pastly and one for me should be fine.

comment:29 Changed 22 months ago by teor

One last reminder to the list, for those who were on holidays in December:

https://lists.torproject.org/pipermail/tor-relays/2018-January/014017.html

comment:30 Changed 22 months ago by teor

Actual Points: 2
Status: needs_informationneeds_review
Type: taskenhancement

Please see my branch fallback_whiteblack_changes_squashed on https://github.com/teor2345/tor.git

Any further changes can go in #24805, which is the ticket for the next rebuild.

comment:31 Changed 22 months ago by teor

This code is now in my branch fallback-code-2018-01 at https://github.com/teor2345/tor.git

comment:32 Changed 22 months ago by teor

Reviewer: pastly

pastly reviewed all of these

comment:33 Changed 22 months ago by teor

Resolution: fixed
Status: needs_reviewclosed

This branch has been merged, so these tickets are now implemented,

Note: See TracTickets for help on using tickets.