a dir-spec entry for refuseunknownexits

plus quiet a log line
2024-11-24 12:23:32 +01:00 · 2010-09-27 18:32:09 -04:00 · 2010-09-27 18:32:09 -04:00 · a467bf5fbb
commit a467bf5fbb
parent 8df3a90946
2 changed files with 7 additions and 2 deletions
--- a/doc/spec/dir-spec.txt
+++ b/doc/spec/dir-spec.txt
@ -1177,6 +1177,12 @@
        0.2.2.14-alpha looked for bwconnrate and bwconnburst, but then
        did the wrong thing with them; see bug 1830 for details.)

+        "refuseunknownexits" -- if set and non-zero, exit relays look at
+        the previous hop of circuits that ask to open an exit stream,
+        and refuse to exit if they don't recognize it as a relay. The
+        goal is to make it harder for people to use them as one-hop
+        proxies. See trac entry 1751 for details.
+
        See also "2.4.5. Consensus parameters governing behavior"
        in path-spec.txt for a series of circuit build time related
        consensus params.
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@ -2543,8 +2543,7 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
       * has explicitly allowed that in the config. It attracts attackers
       * and users who'd be better off with, well, single-hop proxies.
       */
-//    log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
-      log_notice(LD_PROTOCOL,
+      log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
             "Attempt by %s to open a stream %s. Closing.",
             safe_str(or_circ->p_conn->_base.address),
             or_circ->is_first_hop ? "on first hop of circuit" :