[tor-commits] [bridgedb/develop] Add version filters for IPv6 vanilla bridges.
phw at torproject.org
phw at torproject.org
Mon Aug 12 02:35:57 UTC 2019
commit 594589ec2e7e1893c5e4dc48385f573c09de6f0d
Author: Philipp Winter <phw at nymity.ch>
Date: Tue Aug 6 11:19:41 2019 -0700
Add version filters for IPv6 vanilla bridges.
So far, BridgeDB's distribution of vanilla IPv6 bridges was broken.
When a user would request one, BridgeDB would use the following two
filters to select bridges:
* byTransportNotBlockedIn(None,us,6)
* byProbingResistance(vanilla,6)
Neither filter (correctly) filtered for IPv6. It is not enough to check
bridge.address because it's the bridge's IPv4 address. We need to check
bridge.allVanillaAddresses because a bridge's IPv6 address is advertised
in its "a" consensus line.
Note that this patch only fixes IPv6 distribution for *vanilla* bridges.
Pluggable transports bridges are currently unable to have dual-stack
support for both IPv4 and IPv6. See the following ticket for more
details: <https://bugs.torproject.org/11211>
This fixes <https://bugs.torproject.org/26542>.
---
CHANGELOG | 5 +++++
bridgedb/bridgerequest.py | 2 +-
bridgedb/filters.py | 10 +++++++++-
bridgedb/test/test_distributors_moat_request.py | 6 +++---
4 files changed, 18 insertions(+), 5 deletions(-)
diff --git a/CHANGELOG b/CHANGELOG
index 1ebd47e..1229578 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,8 @@
+Changes in version 0.7.2 - YYYY-MM-DD
+
+ * FIXES #26542 https://bugs.torproject.org/26542
+ Make BridgeDB distribute vanilla IPv6 bridges again.
+
Changes in version 0.7.1 - 2019-06-07
* FIXES #28496 https://bugs.torproject.org/28496
diff --git a/bridgedb/bridgerequest.py b/bridgedb/bridgerequest.py
index bf64069..7bd7b64 100644
--- a/bridgedb/bridgerequest.py
+++ b/bridgedb/bridgerequest.py
@@ -249,7 +249,7 @@ class BridgeRequestBase(object):
for country in self.notBlockedIn:
logging.info("%s %s bridges not blocked in %s..." %
(msg, pt or "vanilla", country))
- self.addFilter(byNotBlockedIn(country, pt, self.ipVersion))
+ self.addFilter(byNotBlockedIn(country, pt or "vanilla", self.ipVersion))
elif pt:
logging.info("%s %s bridges..." % (msg, pt))
self.addFilter(byTransport(pt, self.ipVersion))
diff --git a/bridgedb/filters.py b/bridgedb/filters.py
index f268c83..a02661e 100644
--- a/bridgedb/filters.py
+++ b/bridgedb/filters.py
@@ -151,6 +151,13 @@ def byProbingResistance(methodname=None, ipVersion=None):
return _cache[name]
except KeyError:
def _byProbingResistance(bridge):
+ # If we're dealing with a vanilla bridge, make sure that the bridge
+ # has the correct IP version.
+ if methodname == "vanilla":
+ validVersion = byIPv(ipVersion)
+ if not validVersion(bridge):
+ return False
+
if bridge.hasProbingResistantPT():
return methodname in ('scramblesuit', 'obfs4')
return True
@@ -262,7 +269,8 @@ def byNotBlockedIn(countryCode=None, methodname=None, ipVersion=4):
if not methodname:
return not bridge.isBlockedIn(countryCode)
elif methodname == "vanilla":
- if bridge.address.version == ipVersion:
+ validVersion = byIPv(ipVersion)
+ if validVersion(bridge):
if not bridge.addressIsBlockedIn(countryCode,
bridge.address,
bridge.orPort):
diff --git a/bridgedb/test/test_distributors_moat_request.py b/bridgedb/test/test_distributors_moat_request.py
index 3c6ff51..555b3eb 100644
--- a/bridgedb/test/test_distributors_moat_request.py
+++ b/bridgedb/test/test_distributors_moat_request.py
@@ -30,9 +30,9 @@ class MoatBridgeRequest(unittest.TestCase):
self.bridgeRequest.withoutBlockInCountry(data)
self.bridgeRequest.generateFilters()
- self.assertItemsEqual(['byTransportNotBlockedIn(None,us,4)',
- 'byTransportNotBlockedIn(None,ir,4)',
- 'byTransportNotBlockedIn(None,sy,4)',
+ self.assertItemsEqual(['byTransportNotBlockedIn(vanilla,us,4)',
+ 'byTransportNotBlockedIn(vanilla,ir,4)',
+ 'byTransportNotBlockedIn(vanilla,sy,4)',
'byProbingResistance(vanilla,4)'],
[x.__name__ for x in self.bridgeRequest.filters])
More information about the tor-commits
mailing list