No way to specify a GeoIP country code miss in ExcludeNodes etc.
Tor 0.2.1.19 currently lacks a way to specify a country that doesn't match a GeoIP, even though the src/or/geoip.c module provides a country code '??' that could be used to match a GeoIP miss. This GeoIP miss code would let Tor administrators block traffic to exit nodes that lack proper GeoIP matches if in doubt about the true exit country. This seems more like an implementation oversight than a feature, so I'm filing this as a bug report.
I was able to produce a test case for this with:
-- The latest ip-to-country table from ip-to-country.webhosting.info
converted to Tor GeoIP format
-- Running Tor from the US
-- ExcludeNodes set to "{US},{??}"
-- An ExcludeNodes GeoIP miss on 66.230.230.230 (node AmericanProgress)
which shows up as in the US on MaxMind but is a total miss on the table
-- WebHosting.info: "IP Address 66.230.230.230 belongs to Some Place We Dont Know About."
(just to confirm that the table conversion worked OK)
After looking through the source code it looks like there's not enough logging going on, even at the log_debug level, to see what is happening exactly to the '??' match that pops out of the function geoip_get_country_name().
The routerset_refresh_countries() function appears to kick the '??' country out of the list if there's no match. I dummied up a GeoIP entry set like this based on the last current entry of the GeoIP file:
4278190080,4294967294,US
4294967295,4294967295,??
That appears to be enough to satisfy the routerset functions in src/or/routerlist.c so there's no complaint there, but this kludge is useless for trying to get a match on a GeoIP miss. I suppose I could write a script to patch gaps in the GeoIP file to kludge around it yet another way and I could use one of the XX psuedo-countries to work through this (which is what I'll probably do for now), but it seems like there should be a well-known way to get this to work without having to do that.
Any ideas?
[Automatically added by flyspray2trac: Operating System: Fedora Core Linux]
Trac:
Username: flyposted