Report fallback directory detail changes when rebuilding list

As well as the existing reports of IPv6 address additions or removals, the script now warns when keys change but IPv4:ORPort or IPv6:IPv6ORPort remain the same. Existing checks for other whitelist detail changes have also been re-worded and upgraded to warnings. This makes it easier for changes to be identified so operators can be contacted to confirm whether the change is stable.
author: teor (Tim Wilson-Brown) <teor2345@gmail.com> 2016-04-16 01:43:11 +1000
committer: Nick Mathewson <nickm@torproject.org> 2016-04-26 19:26:22 -0400
commit: ba7691071e284623cc0c6e3e8ca8ff94d4be7ded (patch)
tree: 2d242bb9a61aaf6decfa118a185fe3023d3cdd5d /scripts
parent: de5def32a1dbe35d773219a11bfcf9dac3fe96f2 (diff)
download: tor-ba7691071e284623cc0c6e3e8ca8ff94d4be7ded.tar.gz
tor-ba7691071e284623cc0c6e3e8ca8ff94d4be7ded.zip
1 files changed, 23 insertions, 23 deletions
diff --git a/scripts/maint/updateFallbackDirs.py b/scripts/maint/updateFallbackDirs.py
index 4cfee5ddb5..d27c1449ee 100755
--- a/scripts/maint/updateFallbackDirs.py
+++ b/scripts/maint/updateFallbackDirs.py
@@ -806,48 +806,48 @@ class Candidate(object):
           ipv6 address and port (if present)
         If the fallback has an ipv6 key, the whitelist line must also have
         it, and vice versa, otherwise they don't match. """
+    ipv6 = None
+    if self.has_ipv6():
+      ipv6 = '%s:%d'%(self.ipv6addr, self.ipv6orport)
     for entry in relaylist:
-      if  entry['id'] != self._fpr:
-        # can't log here, every relay's fingerprint is compared to the entry
+      if entry['id'] != self._fpr:
+        # can't log here unless we match an IP and port, because every relay's
+        # fingerprint is compared to every entry's fingerprint
+        if entry['ipv4'] == self.dirip and int(entry['orport']) == self.orport:
+          logging.warning('%s excluded: has OR %s:%d changed fingerprint to ' +
+                          '%s?', entry['id'], self.dirip, self.orport,
+                          self._fpr)
+        if self.has_ipv6() and entry.has_key('ipv6') and entry['ipv6'] == ipv6:
+          logging.warning('%s excluded: has OR %s changed fingerprint to ' +
+                          '%s?', entry['id'], ipv6, self._fpr)
         continue
       if entry['ipv4'] != self.dirip:
-        logging.info('%s is not in the whitelist: fingerprint matches, but ' +
-                     'IPv4 (%s) does not match entry IPv4 (%s)',
-                     self._fpr, self.dirip, entry['ipv4'])
+        logging.warning('%s excluded: has it changed IPv4 from %s to %s?',
+                        self._fpr, entry['ipv4'], self.dirip)
         continue
       if int(entry['dirport']) != self.dirport:
-        logging.info('%s is not in the whitelist: fingerprint matches, but ' +
-                     'DirPort (%d) does not match entry DirPort (%d)',
-                     self._fpr, self.dirport, int(entry['dirport']))
+        logging.warning('%s excluded: has it changed DirPort from %s:%d to ' +
+                        '%s:%d?', self._fpr, self.dirip, int(entry['dirport']),
+                        self.dirip, self.dirport)
         continue
       if int(entry['orport']) != self.orport:
-        logging.info('%s is not in the whitelist: fingerprint matches, but ' +
-                     'ORPort (%d) does not match entry ORPort (%d)',
-                     self._fpr, self.orport, int(entry['orport']))
+        logging.warning('%s excluded: has it changed ORPort from %s:%d to ' +
+                        '%s:%d?', self._fpr, self.dirip, int(entry['orport']),
+                        self.dirip, self.orport)
         continue
-      ipv6 = None
-      if self.has_ipv6():
-        ipv6 = '%s:%d'%(self.ipv6addr, self.ipv6orport)
       if entry.has_key('ipv6') and self.has_ipv6():
         # if both entry and fallback have an ipv6 address, compare them
         if entry['ipv6'] != ipv6:
-          logging.info('%s is not in the whitelist: fingerprint matches, ' +
-                       'but IPv6 (%s) does not match entry IPv6 (%s)',
-                       self._fpr, ipv6, entry['ipv6'])
+          logging.warning('%s excluded: has it changed IPv6 ORPort from %s ' +
+                          'to %s?', self._fpr, entry['ipv6'], ipv6)
           continue
       # if the fallback has an IPv6 address but the whitelist entry
       # doesn't, or vice versa, the whitelist entry doesn't match
       elif entry.has_key('ipv6') and not self.has_ipv6():
-        logging.info('%s is not in the whitelist: fingerprint matches, but ' +
-                     'it has no IPv6, and entry has IPv6 (%s)', self._fpr,
-                     entry['ipv6'])
         logging.warning('%s excluded: has it lost its former IPv6 address %s?',
                         self._fpr, entry['ipv6'])
         continue
       elif not entry.has_key('ipv6') and self.has_ipv6():
-        logging.info('%s is not in the whitelist: fingerprint matches, but ' +
-                     'it has IPv6 (%s), and entry has no IPv6', self._fpr,
-                     ipv6)
         logging.warning('%s excluded: has it gained an IPv6 address %s?',
                         self._fpr, ipv6)
         continue
author	teor (Tim Wilson-Brown) <teor2345@gmail.com>	2016-04-16 01:43:11 +1000
committer	Nick Mathewson <nickm@torproject.org>	2016-04-26 19:26:22 -0400
commit	ba7691071e284623cc0c6e3e8ca8ff94d4be7ded (patch)
tree	2d242bb9a61aaf6decfa118a185fe3023d3cdd5d /scripts
parent	de5def32a1dbe35d773219a11bfcf9dac3fe96f2 (diff)
download	tor-ba7691071e284623cc0c6e3e8ca8ff94d4be7ded.tar.gz tor-ba7691071e284623cc0c6e3e8ca8ff94d4be7ded.zip