I have my torrc file configured to block everything but Iran, I may open it up in the future, but I stood it up just to help them out, since it’s so bad over there.
I was hoping there would be an variable, but the manual didn’t have anything, I found.
I want to include all the Starlink IP blocks, now that Elon opened up free internet for Iran.
The only thing I could think of was modifying the geoip file, as a one-off, and whitelisting them that way.
Anyone have any ideas how I can get this done, and Thanks!!
“However, Starlink users—especially in restricted regions like Iran—often appear with IPs from other countries (e.g., US, neighboring POPs), since Starlink isn’t officially licensed there and routes through global ground stations.” (POP There is Point of Presence)
I decided to white list the surrounding countries, but removing them from the list:
I am looking to edit the geoip file, with IP assigned to the AS14593 being listed as {IR}.
I don’t know if placing the starlink CIRD blocks higher in the file would be sufficient (I am not sure if the Tor Engine processes them in order, or alphabetically).
I tried converting the entries on Windows calc, and it seemed like they were rounded down?
Here is the list (partial) of currently assigned Starlink IP blocks:
If Iran is blocking all traffic to the exterior, I wonder if what you are doing is really working. Are there really Tor relays in IR?? They would know them. Also how would letting in the surrounding areas work, like KW, if they block all traffic outside of IR.
I tested some of those /32 blocks and a lot of them are in FR, NL, DE, and others.
Remember that the geoip files are local to you and faking those blocks to point to IR should not fool the censor gang.
In any case I’m sure I can convert the /32 blocks to the geoip format. I know the formula but would they clash with what is there already.
Will get back on that later.
I still see traffic from IR and RU and TM (but less) on the Snowflake proxy I operate.
What exactly is your goal? The way i understand your post is that you are trying to limit the users connecting to your relay to Iran and users coming from starlink.
And my question is what format do you need for the whitelist. Since you mentioned geoip I’m assuming something like the following for the first 3 blocks you gave above. I’m validating the code I used. It’s a 9 line awk file. I assume you run a relay and assume it is Linux and AWK is on Linux. I can post the file here after my validations.
37369891,37369891,IR
37369899,37369899,IR
37370076,37370076,IR
ExcludeNodes node,node,...
A list of identity fingerprints, country codes, and address patterns of nodes
to avoid when building a circuit. Country codes are 2-letter ISO3166 codes, and
must be wrapped in braces; fingerprints may be preceded by a dollar
Note also that if you are a relay, this (and the other node selection options below)
only affects your own circuits that Tor builds for you.
Clients can still build circuits through you to any node.
Controllers can tell Tor to build circuits through any node.
The ExcludeNodes option only affects the circuits build for your own use. You can’t limit users of your relay this way. So if you manage to build your modified geoip file you limit the circuits build for your use to relays from Iran and starlink.
If you want to help users from Iran specifically maybe research which circumvention method currently works best for them and run a standalone snowflake proxy with open nat or a bridge.
So am I. I did not know you could run a relay in Windows.
Then you will need a copy of AWK. It’s a standalone Win32 program with no dependencies.
Reassemble this link. Just get the binaries and extract awk.exe https : // gnuwin32 . sourceforge . net / packages/gawk.htm
• Binaries Zip 1448542 10 February 2008 f875bfac137f5d24b38dd9fdc9408b5a
It makes no sense for me to run it and then post the results here. awk -f cidr.awk starlink.txt >starlink.geoip.txt
Now which entry will take precedence. The first 3 entries you gave
2.58.56.35/32
2.58.56.43/32
2.58.56.220/32
are part of this block in geoip which translates to 2.58.56.0/24
37369856,37370879,NL
If before will it override the geoip because it is first or because it is more specific /32 or wiil the general /24 entry be used.
Same logic if at the end.
The script is not dummy proof. It does no validation nor does error checking so no leading or trailing whitespace. I call it cidr.awk
The last time I posted a script the forum screwed it up a bit. So I will wait until it is approved and copy it back to see.
# https://forum.torproject.org/t/bypassing-the-excludenodes-list-for-specific-ip-blocks/21069/9
# awk -f cidr.awk inputfile >outputfile
# will only work with cidr values /31 and /32
# 45.66.35.20/31
# 45.66.35.22/32
#
BEGIN {
#RS = "\r\n" #comment out if running on Linux and processing Windows-style line endings (CRLF). Windows does not care.
}
{
cidrblock = $0 #whole input line
n = split(cidrblock, ip4, "/") #you could check if n returns 2
cidrvalue = ip4[2]
n = split(ip4[1], parts, ".") #you could check if n returns 4
hexstring = sprintf("%02x%02x%02x%02x", parts[1], parts[2], parts[3], parts[4])
if (cidrvalue == "32") print strtonum("0x" hexstring) "," strtonum("0x" hexstring) ",IR"
if (cidrvalue == "31") print strtonum("0x" hexstring) "," (1 + strtonum("0x" hexstring)) ",IR"
}