[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[or-cvs] [tor/release-0.2.2 015/162] a dir-spec entry for refuseunknownexits



Author: Roger Dingledine <arma@xxxxxxxxxxxxxx>
Date: Mon, 27 Sep 2010 18:32:09 -0400
Subject: a dir-spec entry for refuseunknownexits
Commit: a467bf5fbb0fd03ecf76864315cf1ca3c33f34e3

plus quiet a log line
---
 doc/spec/dir-spec.txt    |    6 ++++++
 src/or/connection_edge.c |    3 +--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/doc/spec/dir-spec.txt b/doc/spec/dir-spec.txt
index 585ae5a..6e35deb 100644
--- a/doc/spec/dir-spec.txt
+++ b/doc/spec/dir-spec.txt
@@ -1177,6 +1177,12 @@
         0.2.2.14-alpha looked for bwconnrate and bwconnburst, but then
         did the wrong thing with them; see bug 1830 for details.)
 
+        "refuseunknownexits" -- if set and non-zero, exit relays look at
+        the previous hop of circuits that ask to open an exit stream,
+        and refuse to exit if they don't recognize it as a relay. The
+        goal is to make it harder for people to use them as one-hop
+        proxies. See trac entry 1751 for details.
+
         See also "2.4.5. Consensus parameters governing behavior"
         in path-spec.txt for a series of circuit build time related
         consensus params.
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index 361f910..da0fc18 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -2543,8 +2543,7 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
        * has explicitly allowed that in the config. It attracts attackers
        * and users who'd be better off with, well, single-hop proxies.
        */
-//    log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
-      log_notice(LD_PROTOCOL,
+      log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
              "Attempt by %s to open a stream %s. Closing.",
              safe_str(or_circ->p_conn->_base.address),
              or_circ->is_first_hop ? "on first hop of circuit" :
-- 
1.7.1