Commit ca20d828 authored by juga's avatar juga
Browse files

fix: relaylist: filter out private networks

when checking exit policies to know whether an exit can exit to a port.

Closes: #40010
parent 3fcc5892
Pipeline #726 failed with stage
in 31 minutes and 48 seconds
......@@ -181,6 +181,10 @@ class Relay:
Returns True if the relay has an exit policy and the policy accepts
exiting to the given portself or False otherwise.
The exits that are IPv6 only or IPv4 but rejecting some public networks
will return false.
On July 2020, there were 67 out of 1095 exits like this.
assert isinstance(port, int)
# if dind't get the descriptor, there isn't exit policy
......@@ -199,7 +203,12 @@ class Relay:
if self.exit_policy:
# Using `strict` to ensure it can exit to ALL domains
# and ips and that port. See #40006.
return self.exit_policy.can_exit_to(port=port, strict=True)
# Using `strip_private` to ignore reject rules to private
# networks.
return (
.can_exit_to(port=port, strict=True)
except TypeError:
return False
return False
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment