Implement the 0x20-hack to make DNS poisoning harder against us, especially when resolving large names. Add a cfg option to disable it, since apparently 3/10 of a percent of servers get it wrong.

svn:r17171
author: Nick Mathewson <nickm@torproject.org> 2008-10-29 19:20:02 +0000
committer: Nick Mathewson <nickm@torproject.org> 2008-10-29 19:20:02 +0000
commit: 0c9dfffe5a19da330f3c2b6daa33c40aa786ba06 (patch)
tree: 6753fc75a167c7ed8b79271618232d79e10bca98 /src/or/or.h
parent: c8a5e2d588e0d91fd13070dc0ee4d6b19de779c3 (diff)
download: tor-0c9dfffe5a19da330f3c2b6daa33c40aa786ba06.tar.gz
tor-0c9dfffe5a19da330f3c2b6daa33c40aa786ba06.zip
1 files changed, 2 insertions, 0 deletions
diff --git a/src/or/or.h b/src/or/or.h
index 147cffca76..4d1b7de2fe 100644
--- a/src/or/or.h
+++ b/src/or/or.h
@@ -2397,6 +2397,8 @@ typedef struct {
                       * the local domains. */
   int ServerDNSDetectHijacking; /**< Boolean: If true, check for DNS failure
                                  * hijacking. */
+  int ServerDNSRandomizeCase; /**< Boolean: Use the 0x20-hack to prevent
+                               * DNS poisoning attacks. */
   char *ServerDNSResolvConfFile; /**< If provided, we configure our internal
                      * resolver from the file here rather than from
                      * /etc/resolv.conf (Unix) or the registry (Windows). */
author	Nick Mathewson <nickm@torproject.org>	2008-10-29 19:20:02 +0000
committer	Nick Mathewson <nickm@torproject.org>	2008-10-29 19:20:02 +0000
commit	0c9dfffe5a19da330f3c2b6daa33c40aa786ba06 (patch)
tree	6753fc75a167c7ed8b79271618232d79e10bca98 /src/or/or.h
parent	c8a5e2d588e0d91fd13070dc0ee4d6b19de779c3 (diff)
download	tor-0c9dfffe5a19da330f3c2b6daa33c40aa786ba06.tar.gz tor-0c9dfffe5a19da330f3c2b6daa33c40aa786ba06.zip