diff options
| author | Roger Dingledine <arma@torproject.org> | 2010-03-10 22:43:23 -0500 |
|---|---|---|
| committer | Roger Dingledine <arma@torproject.org> | 2010-03-10 22:43:23 -0500 |
| commit | 1108358e96e818f1d433a3025310c81e55891df9 (patch) | |
| tree | 5e37b71b513f00a1a7d4a2ca59c939a21c0b556d /src/or/connection_edge.c | |
| parent | 2d29c7be2db2b944f9a19d44c556cc070ec87a77 (diff) | |
| download | tor-1108358e96e818f1d433a3025310c81e55891df9.tar.gz tor-1108358e96e818f1d433a3025310c81e55891df9.zip | |
let people test the RefuseUnknownExits idea
Diffstat (limited to 'src/or/connection_edge.c')
| -rw-r--r-- | src/or/connection_edge.c | 24 |
1 files changed, 18 insertions, 6 deletions
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index 861482d2af..a173dc1226 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -2505,16 +2505,28 @@ connection_exit_begin_conn(cell_t *cell, circuit_t *circ) tor_free(address); return 0; } - if (or_circ && or_circ->is_first_hop && - !get_options()->AllowSingleHopExits) { + if (or_circ && or_circ->p_conn && !get_options()->AllowSingleHopExits && + (or_circ->is_first_hop || + (!connection_or_digest_is_known_relay( + or_circ->p_conn->identity_digest) && +// XXX022 commented out so we can test it first in 0.2.2.11 -RD +// networkstatus_get_param(NULL, "refuseunknownexits", 1)))) { + get_options()->RefuseUnknownExits))) { /* Don't let clients use us as a single-hop proxy, unless the user - * has explicitly allowed that in the config. It attracts attackers + * has explicitly allowed that in the config. It attracts attackers * and users who'd be better off with, well, single-hop proxies. */ - log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, - "Attempt to open a stream on first hop of circuit. Closing."); +// log_fn(LOG_PROTOCOL_WARN, LD_PROTOCOL, + log_notice(LD_PROTOCOL, + "Attempt by %s to open a stream %s. Closing.", + safe_str(or_circ->p_conn->_base.address), + or_circ->is_first_hop ? "on first hop of circuit" : + "from unknown relay"); relay_send_end_cell_from_edge(rh.stream_id, circ, - END_STREAM_REASON_TORPROTOCOL, NULL); + or_circ->is_first_hop ? + END_STREAM_REASON_TORPROTOCOL : + END_STREAM_REASON_MISC, + NULL); tor_free(address); return 0; } |