From a467bf5fbb0fd03ecf76864315cf1ca3c33f34e3 Mon Sep 17 00:00:00 2001 From: Roger Dingledine Date: Mon, 27 Sep 2010 18:32:09 -0400 Subject: [PATCH] a dir-spec entry for refuseunknownexits plus quiet a log line --- doc/spec/dir-spec.txt | 6 ++++++ src/or/connection_edge.c | 3 +-- 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/doc/spec/dir-spec.txt b/doc/spec/dir-spec.txt index 585ae5a233..6e35deb00e 100644 --- a/doc/spec/dir-spec.txt +++ b/doc/spec/dir-spec.txt @@ -1177,6 +1177,12 @@ 0.2.2.14-alpha looked for bwconnrate and bwconnburst, but then did the wrong thing with them; see bug 1830 for details.) + "refuseunknownexits" -- if set and non-zero, exit relays look at + the previous hop of circuits that ask to open an exit stream, + and refuse to exit if they don't recognize it as a relay. The + goal is to make it harder for people to use them as one-hop + proxies. See trac entry 1751 for details. + See also "2.4.5. Consensus parameters governing behavior" in path-spec.txt for a series of circuit build time related consensus params. diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 361f910172..da0fc1856c 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -2543,8 +2543,7 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ) * has explicitly allowed that in the config. It attracts attackers * and users who'd be better off with, well, single-hop proxies. */ -// log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, - log_notice(LD_PROTOCOL, + log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Attempt by %s to open a stream %s. Closing.", safe_str(or_circ->p_conn->_base.address), or_circ->is_first_hop ? "on first hop of circuit" :