Quick fix #5 - TorDNSEL service changes

dapphp · dapphp · commit 7d2bc43a23c0 · 2020-04-29T23:52:47.000-07:00
Patch TorDNSEL::IpPort to function with newer Tor DNS exit list service that uses the format <reverse client ip>.dnsel.torproject.org. See https://lists.torproject.org/pipermail/tor-project/2020-March/002759.html for more details
diff --git a/examples/TorDNSEL.php b/examples/TorDNSEL.php
@@ -24,26 +24,27 @@
 // Third is the server port
 // Fourth is the DNS server to query
 $lookups = array(
-    array('208.111.35.21',   '1.2.3.4', 80, 'exitlist.torproject.org'),
-    array('208.111.35.21',   '1.2.3.4', 80, '8.8.8.8'),
-    array('208.113.166.5', '1.2.3.4', 80, 'exitlist.torproject.org'),
-    array('208.113.166.5', '1.2.3.4', 80, 'exitlist.torproject.org'),
-    array('197.231.221.211',  '1.2.3.4', 80, 'exitlist.torproject.org'),
-    array('208.111.35.21',   '1.2.3.4', 80, '10.11.12.13'), // should time out
+    array('195.176.3.20',    'check-01.torproject.org'), /* DigiGesTor4e3 */
+    array('185.220.103.4',   '1.1.1.1'), /* CalyxInstitute16 */
+    array('185.220.103.4',   '9.9.9.9'), /* CalyxInstitute16 */
+    array('185.220.101.220', 'check-01.torproject.org'), /* niftyguard */
+    array('89.34.27.59',     'check-01.torproject.org'), /* Hydra2 */
+    array('104.215.148.63',  'check-01.torproject.org'), /* not a relay */
+    array('208.111.35.21',   '10.11.12.13'), // should time out
 );
 
 foreach($lookups as $lookup) {
-    list($remoteIP, $myIp, $myPort, $server) = $lookup;
+    list($remoteIP, $server) = $lookup;
 
     try {
         // send DNS request to Tor DNS exit list service
-        // returns true if $remoteIP is a Tor exit node that permits connections to $myIp:$myPort
-        $isTor = TorDNSEL::IpPort($myIp, $myPort, $remoteIP, $server);
+        // returns true if $remoteIP is a Tor exit relay
+        $isTor = TorDNSEL::IpPort(null, null, $remoteIP, $server);
 
-        echo sprintf("Connection to %s:%d from %s *%s* coming from a Tor exit node.\n",
-            $myIp, $myPort, $remoteIP, ($isTor ? 'is' : 'is NOT'));
+        echo sprintf("Connection from %s *%s* a Tor exit relay.\n",
+            $remoteIP, ($isTor ? 'is' : 'is NOT'));
     } catch (\Exception $ex) {
-        echo sprintf("Lookup of %s:%s for %s failed with error '%s'\n",
-            $myIp, $myPort, $remoteIP, $ex->getMessage());
+        echo sprintf("Query for %s failed. Error: %s\n",
+            $remoteIP, $ex->getMessage());
     }
 }
diff --git a/src/TorDNSEL.php b/src/TorDNSEL.php
@@ -49,25 +49,27 @@ class TorDNSEL
      * This function determines if the remote IP address is a Tor exit node
      * that permits connections to the specified IP:Port combination.
      *
-     * @param string $ip IP address (dotted quad) of the local server
-     * @param string $port Numeric port the remote client is connecting to (e.g. 80, 443, 53)
-     * @param string $remoteIp IP address of the client (potential Tor exit) to look up
-     * @param string $dnsServer The DNS server to query (by default queries exitlist.torproject.org)
-     * @return boolean true if the $remoteIp is a Tor exit node that allows connections to $ip:$port
+     * @deprecated 1.1.14 Will be removed in future releases and replaced by a simpler interface
+     *
+     * @param string $ip No longer used. IP address (dotted quad) of the local server
+     * @param string $port No longer used. Numeric port the remote client is connecting to (e.g. 80, 443, 53)
+     * @param string $remoteIp IP address of the client (potential Tor exit relay) to check
+     * @param string $dnsServer The DNS server to query (by default queries check-01.torproject.org)
+     * @return boolean true if the $remoteIp is a Tor exit relay
      */
-    public static function IpPort($ip, $port, $remoteIp, $dnsServer = 'exitlist.torproject.org')
+    public static function IpPort($ip, $port, $remoteIp, $dnsServer = 'check-01.torproject.org')
     {
         $dnsel = new self();
 
         // construct a hostname in the format of {rip}.{port}.{ip}.ip-port.exitlist.torproject.org
         // where {ip} is the destination IP address and {port} is the destination port
         // and {rip} is the remote (user) IP address which may or may not be a Tor router exit address
 
-        $host  = implode('.', array_reverse(explode('.', $remoteIp))) .
-                 '.' . $port . '.' .
-                 implode('.', array_reverse(explode('.', $ip))) .
-                 '.ip-port' .
-                 '.exitlist.torproject.org';
+        $host = sprintf(
+            '%s.%s',
+            implode('.', array_reverse(explode('.', $remoteIp))),
+            'dnsel.torproject.org'
+        );
 
         return $dnsel->_dnsLookup($host, $dnsServer);
     }
