[tor-commits] [bridgedb/develop] Serve Tor clients a more restricted set of bridges per period.
isis at torproject.org
isis at torproject.org
Tue Mar 31 11:55:45 UTC 2015
commit 7fa64bca8f132e599fc0355dfb1673cabaaf6ba2
Author: Isis Lovecruft <isis at torproject.org>
Date: Mon Mar 30 01:15:35 2015 +0000
Serve Tor clients a more restricted set of bridges per period.
See https://trac.torproject.org/projects/tor/ticket/4771#comment:14 for
more information.
Essentially, by using the `area` (which is the client's IP address,
truncated to the /24, i.e. if the client's IP is 1.2.3.4, then the
`area` would be 1.2.3) in the HMAC for placing the client into the
hashring, the resulting HMAC would be different for each Tor Exit (but
not for Exits in the same /24). This would enable clients who changed
their Exit relay to get new bridges.
Instead, we now group Tor/proxy users into four groups, based on their
Exit relay's or proxy's IP address. Regardless of how many times a
client changes their Exit or proxy, they will only get up to four sets
of bridge lines (per period).
---
lib/bridgedb/Dist.py | 10 +++++++++-
1 file changed, 9 insertions(+), 1 deletion(-)
diff --git a/lib/bridgedb/Dist.py b/lib/bridgedb/Dist.py
index 961d2ca..9a2b051 100644
--- a/lib/bridgedb/Dist.py
+++ b/lib/bridgedb/Dist.py
@@ -12,6 +12,7 @@
"""This module has functions to decide which bridges to hand out to whom."""
+import ipaddr
import logging
import re
import time
@@ -302,7 +303,14 @@ class IPBasedDistributor(Distributor):
len(self.categories),
n)
bridgeFilterRules.append(g)
- pos = self.areaOrderHmac("category<%s>%s" % (epoch, area))
+ # Cluster Tor/proxy users into four groups. This means that
+ # no matter how many different Tor Exits or proxies a client
+ # uses, the most they can ever get is four different sets of
+ # bridge lines (per period).
+ group = (int(ipaddr.IPAddress(ip)) % 4) + 1
+ logging.debug(("Assigning client hashring position based on: "
+ "known-proxy<%s>%s") % (epoch, group))
+ pos = self.areaOrderHmac("known-proxy<%s>%s" % (epoch, group))
key1 = getHMAC(self.splitter.key,
"Order-Bridges-In-Ring-%d" % n)
break
More information about the tor-commits
mailing list