r9004@totoro: nickm | 2006-10-11 18:05:24 -0400

 Add client support for a 'BadExit' flag, so authorities can say "Server X is a poor choise for your nytimes.com connections, as it seems to direct them to HoorayForMao.com or (more likely) WouldYouLikeToBuyTheseFineEncyclopedias.com"
 


svn:r8690

ChangeLog

@@ -1,4 +1,8 @@
 Changes in version 0.1.2.3-alpha - 2006-10-??
+  o Minor features:
+    - If most authorities set a (newly defined) BadExit flag for a server, do
+      not consider it as a general-purpose exit.
+
   o Minor features, controller:
     - Add a REASON field to CIRC events; for backward compatibility, this
       field is sent only to controllers that have enabled the extended

doc/TODO

@@ -363,6 +363,10 @@ Minor items for 0.1.2.x as time permits:
 Future version:
   - Configuration format really wants sections.
   - Good RBL substitute.
+  - Authorities should try using exits for http to connect to some URLS
+    (specified in a configuration file, so as not to make the List Of Things
+    Not To Censor completely obvious) and ask them for results.  Exits that
+    don't give good answers should have the BadExit flag set.
   - Our current approach to block attempts to use Tor as a single-hop proxy
     is pretty lame; we should get a better one.
   . Update the hidden service stuff for the new dir approach.

doc/dir-spec.txt

@@ -355,6 +355,9 @@ $Id$
           - A directory port (or "0" for none")
       "s" -- A series of whitespace-separated status flags, in any order:
           "Authority" if the router is a directory authority.
+          "BadExit" if the router is believed to be useless as an exit node
+             (because its ISP censors it, because it is behind a restrictive
+             proxy, or for some similar reason).
           "Exit" if the router is useful for building general-purpose exit
              circuits.
           "Fast" if the router is suitable for high-bandwidth circuits.

doc/path-spec.txt

@@ -208,6 +208,9 @@ of their choices.
    such a connection if any clause that accepts any connections to that port
    precedes all clauses (if any) that reject all connections to that port.
 
+   Unless requested to do so by the user, we never choose a server flagged by
+   more than half of the authorities as BadExit for an exit server.
+
 2.2.2. User configuration
 
    Users can alter the default behavior for path selection with configuration

src/or/circuitbuild.c

@@ -1165,12 +1165,9 @@ choose_good_exit_server_general(routerlist_t *dir, int need_uptime,
        */
       continue;
     }
-    if (!router->is_running) {
+    if (!router->is_running || router->is_bad_exit) {
       n_supported[i] = -1;
-//      log_fn(LOG_DEBUG,
-//           "Skipping node %s (index %d) -- directory says it's not running.",
-//           router->nickname, i);
-      continue; /* skip routers that are known to be down */
+      continue; /* skip routers that are known to be down or bad exits */
     }
     if (router_is_unreliable(router, need_uptime, need_capacity, 0)) {
       n_supported[i] = -1;

src/or/or.h

@@ -925,6 +925,8 @@ typedef struct {
   unsigned int is_stable:1; /** Do we think this is a stable OR? */
   unsigned int is_possible_guard:1; /**< Do we think this is an OK guard? */
   unsigned int is_exit:1; /**< Do we think this is an OK exit? */
+  unsigned int is_bad_exit:1; /**< Do we think this exit is censored, borked,
+                               * or otherwise nasty? */
 
 /** Tor can use this desc for circuit-building. */
 #define ROUTER_PURPOSE_GENERAL 0
@@ -972,6 +974,8 @@ typedef struct routerstatus_t {
                              * directories.)  */
   unsigned int is_possible_guard:1; /**< True iff this router would be a good
                                      * choice as an entry guard. */
+  unsigned int is_bad_exit:1; /**< True iff this node is a bad choice for
+                               * an exit node. */
 
   /** True if we, as a directory mirror, want to download the corresponding
    * routerinfo from the authority who gave us this routerstatus.  (That is,

src/or/routerlist.c

@@ -3294,7 +3294,7 @@ routerstatus_list_update_from_networkstatus(time_t now)
    */
   while (1) {
     int n_running=0, n_named=0, n_valid=0, n_listing=0;
-    int n_v2_dir=0, n_fast=0, n_stable=0, n_exit=0, n_guard=0;
+    int n_v2_dir=0, n_fast=0, n_stable=0, n_exit=0, n_guard=0, n_bad_exit=0;
     int n_desc_digests=0, highest_count=0;
     const char *the_name = NULL;
     local_routerstatus_t *rs_out, *rs_old;
@@ -3380,6 +3380,8 @@ routerstatus_list_update_from_networkstatus(time_t now)
         ++n_stable;
       if (rs->is_v2_dir)
         ++n_v2_dir;
+      if (rs->is_bad_exit)
+        ++n_bad_exit;
     }
     /* Go over the descriptor digests and figure out which descriptor we
      * want. */
@@ -3428,6 +3430,7 @@ routerstatus_list_update_from_networkstatus(time_t now)
     rs_out->status.is_possible_guard = n_guard > n_statuses/2;
     rs_out->status.is_stable = n_stable > n_statuses/2;
     rs_out->status.is_v2_dir = n_v2_dir > n_statuses/2;
+    rs_out->status.is_bad_exit = n_bad_exit > n_statuses/2;
   }
   SMARTLIST_FOREACH(routerstatus_list, local_routerstatus_t *, rs,
                     local_routerstatus_free(rs));
@@ -3482,6 +3485,7 @@ routers_update_status_from_networkstatus(smartlist_t *routers,
       router->is_stable = rs->status.is_stable;
       router->is_possible_guard = rs->status.is_possible_guard;
       router->is_exit = rs->status.is_exit;
+      router->is_bad_exit = rs->status.is_bad_exit;
     }
     if (router->is_running && ds) {
       ds->n_networkstatus_failures = 0;

src/or/routerparse.c

@@ -1061,6 +1061,9 @@ routerstatus_parse_entry_from_string(const char **s, smartlist_t *tokens)
         rs->is_v2_dir = 1;
       else if (!strcmp(tok->args[i], "Guard"))
         rs->is_possible_guard = 1;
+      else if (!strcmp(tok->args[i], "BadExit"))
+        rs->is_bad_exit = 1;
+
     }
   }