[tor-commits] [bridgedb/develop] Add version filters for IPv6 vanilla bridges.

phw at torproject.org phw at torproject.org
Mon Aug 12 02:35:57 UTC 2019


commit 594589ec2e7e1893c5e4dc48385f573c09de6f0d
Author: Philipp Winter <phw at nymity.ch>
Date:   Tue Aug 6 11:19:41 2019 -0700

    Add version filters for IPv6 vanilla bridges.
    
    So far, BridgeDB's distribution of vanilla IPv6 bridges was broken.
    When a user would request one, BridgeDB would use the following two
    filters to select bridges:
    * byTransportNotBlockedIn(None,us,6)
    * byProbingResistance(vanilla,6)
    
    Neither filter (correctly) filtered for IPv6.  It is not enough to check
    bridge.address because it's the bridge's IPv4 address.  We need to check
    bridge.allVanillaAddresses because a bridge's IPv6 address is advertised
    in its "a" consensus line.
    
    Note that this patch only fixes IPv6 distribution for *vanilla* bridges.
    Pluggable transports bridges are currently unable to have dual-stack
    support for both IPv4 and IPv6.  See the following ticket for more
    details: <https://bugs.torproject.org/11211>
    
    This fixes <https://bugs.torproject.org/26542>.
---
 CHANGELOG                                       |  5 +++++
 bridgedb/bridgerequest.py                       |  2 +-
 bridgedb/filters.py                             | 10 +++++++++-
 bridgedb/test/test_distributors_moat_request.py |  6 +++---
 4 files changed, 18 insertions(+), 5 deletions(-)

diff --git a/CHANGELOG b/CHANGELOG
index 1ebd47e..1229578 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -1,3 +1,8 @@
+Changes in version 0.7.2 - YYYY-MM-DD
+
+        * FIXES #26542 https://bugs.torproject.org/26542
+        Make BridgeDB distribute vanilla IPv6 bridges again.
+
 Changes in version 0.7.1 - 2019-06-07
 
         * FIXES #28496 https://bugs.torproject.org/28496
diff --git a/bridgedb/bridgerequest.py b/bridgedb/bridgerequest.py
index bf64069..7bd7b64 100644
--- a/bridgedb/bridgerequest.py
+++ b/bridgedb/bridgerequest.py
@@ -249,7 +249,7 @@ class BridgeRequestBase(object):
             for country in self.notBlockedIn:
                 logging.info("%s %s bridges not blocked in %s..." %
                              (msg, pt or "vanilla", country))
-                self.addFilter(byNotBlockedIn(country, pt, self.ipVersion))
+                self.addFilter(byNotBlockedIn(country, pt or "vanilla", self.ipVersion))
         elif pt:
             logging.info("%s %s bridges..." % (msg, pt))
             self.addFilter(byTransport(pt, self.ipVersion))
diff --git a/bridgedb/filters.py b/bridgedb/filters.py
index f268c83..a02661e 100644
--- a/bridgedb/filters.py
+++ b/bridgedb/filters.py
@@ -151,6 +151,13 @@ def byProbingResistance(methodname=None, ipVersion=None):
         return _cache[name]
     except KeyError:
         def _byProbingResistance(bridge):
+            # If we're dealing with a vanilla bridge, make sure that the bridge
+            # has the correct IP version.
+            if methodname == "vanilla":
+                validVersion = byIPv(ipVersion)
+                if not validVersion(bridge):
+                    return False
+
             if bridge.hasProbingResistantPT():
                 return methodname in ('scramblesuit', 'obfs4')
             return True
@@ -262,7 +269,8 @@ def byNotBlockedIn(countryCode=None, methodname=None, ipVersion=4):
             if not methodname:
                 return not bridge.isBlockedIn(countryCode)
             elif methodname == "vanilla":
-                if bridge.address.version == ipVersion:
+                validVersion = byIPv(ipVersion)
+                if validVersion(bridge):
                     if not bridge.addressIsBlockedIn(countryCode,
                                                      bridge.address,
                                                      bridge.orPort):
diff --git a/bridgedb/test/test_distributors_moat_request.py b/bridgedb/test/test_distributors_moat_request.py
index 3c6ff51..555b3eb 100644
--- a/bridgedb/test/test_distributors_moat_request.py
+++ b/bridgedb/test/test_distributors_moat_request.py
@@ -30,9 +30,9 @@ class MoatBridgeRequest(unittest.TestCase):
         self.bridgeRequest.withoutBlockInCountry(data)
         self.bridgeRequest.generateFilters()
 
-        self.assertItemsEqual(['byTransportNotBlockedIn(None,us,4)',
-                               'byTransportNotBlockedIn(None,ir,4)',
-                               'byTransportNotBlockedIn(None,sy,4)',
+        self.assertItemsEqual(['byTransportNotBlockedIn(vanilla,us,4)',
+                               'byTransportNotBlockedIn(vanilla,ir,4)',
+                               'byTransportNotBlockedIn(vanilla,sy,4)',
                                'byProbingResistance(vanilla,4)'],
                               [x.__name__ for x in self.bridgeRequest.filters])
 





More information about the tor-commits mailing list