[tor-commits] [bridgedb/master] Serve Tor clients a more restricted set of bridges per period.

isis at torproject.org isis at torproject.org
Fri May 1 07:10:58 UTC 2015


commit 7fa64bca8f132e599fc0355dfb1673cabaaf6ba2
Author: Isis Lovecruft <isis at torproject.org>
Date:   Mon Mar 30 01:15:35 2015 +0000

    Serve Tor clients a more restricted set of bridges per period.
    
    See https://trac.torproject.org/projects/tor/ticket/4771#comment:14 for
    more information.
    
    Essentially, by using the `area` (which is the client's IP address,
    truncated to the /24, i.e. if the client's IP is 1.2.3.4, then the
    `area` would be 1.2.3) in the HMAC for placing the client into the
    hashring, the resulting HMAC would be different for each Tor Exit (but
    not for Exits in the same /24). This would enable clients who changed
    their Exit relay to get new bridges.
    
    Instead, we now group Tor/proxy users into four groups, based on their
    Exit relay's or proxy's IP address.  Regardless of how many times a
    client changes their Exit or proxy, they will only get up to four sets
    of bridge lines (per period).
---
 lib/bridgedb/Dist.py |   10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/lib/bridgedb/Dist.py b/lib/bridgedb/Dist.py
index 961d2ca..9a2b051 100644
--- a/lib/bridgedb/Dist.py
+++ b/lib/bridgedb/Dist.py
@@ -12,6 +12,7 @@
 
 """This module has functions to decide which bridges to hand out to whom."""
 
+import ipaddr
 import logging
 import re
 import time
@@ -302,7 +303,14 @@ class IPBasedDistributor(Distributor):
                                               len(self.categories),
                                               n)
                 bridgeFilterRules.append(g)
-                pos = self.areaOrderHmac("category<%s>%s" % (epoch, area))
+                # Cluster Tor/proxy users into four groups.  This means that
+                # no matter how many different Tor Exits or proxies a client
+                # uses, the most they can ever get is four different sets of
+                # bridge lines (per period).
+                group = (int(ipaddr.IPAddress(ip)) % 4) + 1
+                logging.debug(("Assigning client hashring position based on: "
+                               "known-proxy<%s>%s") % (epoch, group))
+                pos = self.areaOrderHmac("known-proxy<%s>%s" % (epoch, group))
                 key1 = getHMAC(self.splitter.key,
                                "Order-Bridges-In-Ring-%d" % n)
                 break





More information about the tor-commits mailing list