search

torproject / stem

Python controller library for Tor
https://stem.torproject.org/
GNU Lesser General Public License v3.0
257 stars 75 forks source link

Update exit_used.py #111

Closed pragma31 closed 2 years ago

pragma31 commented 2 years ago

make sure it's a 3-hop circuit occasional streams going through one-hop tunnels have to be discarded, directory servers are not exits

atagar commented 2 years ago

Thanks pragma31. StreamEvents have purpose attribute...

https://stem.torproject.org/api/response.html#stem.response.events.StreamEvent https://stem.torproject.org/api/control.html#stem.StreamPurpose

Please see if that can be used to filter out the false positives instead. If so then lets add that to the conditional on line 21.

pragma31 commented 2 years ago

Hi atagar,

StreamPurpose can't be used because, quoting control-spec.txt :

The "PURPOSE" field is provided only for NEW and NEWRESOLVE events

... and we are precisely using the status SUCCEEDED here.

Please have a look at this snippet: https://gist.github.com/pragma31/fc4c2b472cb5234a4c4a10f8b499b7d2

I consistently get None for event.purpose. Also note that circ.purpose can't be used to filter out either. The tuple circ.build_flags could be used, actually.

Still, I think that testing for the length of circ.path is sufficient and unambiguous.

atagar commented 2 years ago

Oops, good point. Looking at your output the circuit flags look promising. If we filter out circuits with IS_INTERNAL will that do the trick?

pragma31 commented 2 years ago

It does, see follow-up snippet at https://gist.github.com/pragma31/fc4c2b472cb5234a4c4a10f8b499b7d2

To me, this solution is strictly equivalent to the one in my pull request.

Your reluctance to filtering by circuit length shows that there's something you know that I don't which ... makes sense :)

I'm curious though: will Tor evolve and allow user streams on circuits longer than 3 hops in the foreseeable future?

atagar commented 2 years ago

Your reluctance to filtering by circuit length shows that there's something you know that I don't which ... makes sense :)

As I recall your circuit length could previously be configured through the torrc but doing so was removed to discourage it. Nowadays you're right that the circuit length is three by default unless folks recompile tor from source or create custom circuits through the control port.

However, one caveat is that circuits are sometimes more than three. Your patch would cause us to omit those circuits.

I just pushed a patch that should do the trick. Feel free to reopen if you'd care to rejigger this or discuss anything further.

https://gitweb.torproject.org/stem.git/commit/?id=57364fa