a dir-spec entry for refuseunknownexits

plus quiet a log line

2 files changed, 7 insertions, 2 deletions

diff --git a/doc/spec/dir-spec.txt b/doc/spec/dir-spec.txt
index 585ae5a233..6e35deb00e 100644
--- a/doc/spec/dir-spec.txt
+++ b/doc/spec/dir-spec.txt
@@ -1177,6 +1177,12 @@
         0.2.2.14-alpha looked for bwconnrate and bwconnburst, but then
         did the wrong thing with them; see bug 1830 for details.)
 
+        "refuseunknownexits" -- if set and non-zero, exit relays look at
+        the previous hop of circuits that ask to open an exit stream,
+        and refuse to exit if they don't recognize it as a relay. The
+        goal is to make it harder for people to use them as one-hop
+        proxies. See trac entry 1751 for details.
+
         See also "2.4.5. Consensus parameters governing behavior"
         in path-spec.txt for a series of circuit build time related
         consensus params.
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index 361f910172..da0fc1856c 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -2543,8 +2543,7 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ)
        * has explicitly allowed that in the config. It attracts attackers
        * and users who'd be better off with, well, single-hop proxies.
        */
-//    log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
-      log_notice(LD_PROTOCOL,
+      log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL,
              "Attempt by %s to open a stream %s. Closing.",
              safe_str(or_circ->p_conn->_base.address),
              or_circ->is_first_hop ? "on first hop of circuit" :