nickm@xxxxxxxx (Nick Mathewson) wrote: > Author: Roger Dingledine <arma@xxxxxxxxxxxxxx> > Date: Fri, 7 Aug 2009 19:26:41 -0400 > Subject: Disable .exit notation unless AllowDotExit is 1. > Commit: 3e4379c2e73bf458cf60c63df44a8d0ec761568c > > --- > doc/tor.1.in | 7 +++++++ > src/or/config.c | 1 + > src/or/connection_edge.c | 18 ++++++++++++------ > src/or/or.h | 9 ++++++++- > src/or/test.c | 8 ++++---- > 5 files changed, 32 insertions(+), 11 deletions(-) > > diff --git a/doc/tor.1.in b/doc/tor.1.in > index b6e2231..fa383cc 100644 > --- a/doc/tor.1.in > +++ b/doc/tor.1.in > @@ -690,6 +690,13 @@ resolved. This helps trap accidental attempts to resolve URLs and so on. > (Default: 0) > .LP > .TP > +\fBAllowDotOnion \fR\fB0\fR|\fB1\fR\fP > +If enabled, we convert "www.google.com.foo.exit" addresses on the > +SocksPort/TransPort/NatdPort into "www.google.com" addresses that exit > +from the node "foo". Disabled by default since attacking websites and > +exit relays can use it to manipulate your path selection. (Default: 0) Passing the exit notation through the TransPort or the NatdPort will be challenging given that Tor only gets the destination IP address. Fabian
Attachment:
signature.asc
Description: PGP signature