Loading doc/spec/dir-spec.txt +6 −0 Original line number Diff line number Diff line Loading @@ -1177,6 +1177,12 @@ 0.2.2.14-alpha looked for bwconnrate and bwconnburst, but then did the wrong thing with them; see bug 1830 for details.) "refuseunknownexits" -- if set and non-zero, exit relays look at the previous hop of circuits that ask to open an exit stream, and refuse to exit if they don't recognize it as a relay. The goal is to make it harder for people to use them as one-hop proxies. See trac entry 1751 for details. See also "2.4.5. Consensus parameters governing behavior" in path-spec.txt for a series of circuit build time related consensus params. Loading src/or/connection_edge.c +1 −2 Original line number Diff line number Diff line Loading @@ -2555,8 +2555,7 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ) * has explicitly allowed that in the config. It attracts attackers * and users who'd be better off with, well, single-hop proxies. */ // log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, log_notice(LD_PROTOCOL, log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Attempt by %s to open a stream %s. Closing.", safe_str(or_circ->p_conn->_base.address), or_circ->is_first_hop ? "on first hop of circuit" : Loading Loading
doc/spec/dir-spec.txt +6 −0 Original line number Diff line number Diff line Loading @@ -1177,6 +1177,12 @@ 0.2.2.14-alpha looked for bwconnrate and bwconnburst, but then did the wrong thing with them; see bug 1830 for details.) "refuseunknownexits" -- if set and non-zero, exit relays look at the previous hop of circuits that ask to open an exit stream, and refuse to exit if they don't recognize it as a relay. The goal is to make it harder for people to use them as one-hop proxies. See trac entry 1751 for details. See also "2.4.5. Consensus parameters governing behavior" in path-spec.txt for a series of circuit build time related consensus params. Loading
src/or/connection_edge.c +1 −2 Original line number Diff line number Diff line Loading @@ -2555,8 +2555,7 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ) * has explicitly allowed that in the config. It attracts attackers * and users who'd be better off with, well, single-hop proxies. */ // log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, log_notice(LD_PROTOCOL, log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, "Attempt by %s to open a stream %s. Closing.", safe_str(or_circ->p_conn->_base.address), or_circ->is_first_hop ? "on first hop of circuit" : Loading