On Mon, Aug 04, 2014 at 10:03:04PM +0000, Leif Ryge wrote:
Circuit 398 (tornodenl->Kaarli->CompSciR0x->FlappyBird) is EXTENDED for purpose "GENERAL" Circuit 398 (tornodenl->Kaarli->CompSciR0x->FlappyBird) is BUILT for purpose "GENERAL" Stream 2509 to 217.23.4.123.$EABB28C6030D78A98B0D8E3BF583463F49C04C59.exit:9001 attached via circuit 398
I've seen this happen several times: four hop circuits, followed by streams to the last hop using the .exit notation (that IP and fingerprint are for the relay FlappyBird, according to Atlas). I don't have AllowDotExit enabled in my torrc, fwiw.
Those sound like circuits for publishing or fetching hidden service descriptors.
See write_stream_target_to_buf() which appends .exit to the stream name when conn->chosen_exit_name is set.
And chosen_exit_name is populated in e.g. connection_ap_make_link() when we glue a local directory fetch to a local stream to handle it.
I'm also occassionally seeing single-hop circuits in the output of "circ -L", though I haven't noticed one being used yet.
Those are probably for fetching directory info over that relay's ORPort using begin_dir.
--Roger