[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[or-cvs] [tor/master] a dir-spec entry for refuseunknownexits
Author: Roger Dingledine <arma@xxxxxxxxxxxxxx>
Date: Mon, 27 Sep 2010 18:32:09 -0400
Subject: a dir-spec entry for refuseunknownexits
Commit: a467bf5fbb0fd03ecf76864315cf1ca3c33f34e3
plus quiet a log line
---
doc/spec/dir-spec.txt | 6 ++++++
src/or/connection_edge.c | 3 +--
2 files changed, 7 insertions(+), 2 deletions(-)
diff --git a/doc/spec/dir-spec.txt b/doc/spec/dir-spec.txt
index 585ae5a..6e35deb 100644
--- a/doc/spec/dir-spec.txt
+++ b/doc/spec/dir-spec.txt
@@ -1177,6 +1177,12 @@
0.2.2.14-alpha looked for bwconnrate and bwconnburst, but then
did the wrong thing with them; see bug 1830 for details.)
+ "refuseunknownexits" -- if set and non-zero, exit relays look at
+ the previous hop of circuits that ask to open an exit stream,
+ and refuse to exit if they don't recognize it as a relay. The
+ goal is to make it harder for people to use them as one-hop
+ proxies. See trac entry 1751 for details.
+
See also "2.4.5. Consensus parameters governing behavior"
in path-spec.txt for a series of circuit build time related
consensus params.
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index 361f910..da0fc18 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -2543,8 +2543,7 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
* has explicitly allowed that in the config. It attracts attackers
* and users who'd be better off with, well, single-hop proxies.
*/
-// log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
- log_notice(LD_PROTOCOL,
+ log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
"Attempt by %s to open a stream %s. Closing.",
safe_str(or_circ->p_conn->_base.address),
or_circ->is_first_hop ? "on first hop of circuit" :
--
1.7.1