diff options
| author | Nick Mathewson <nickm@torproject.org> | 2012-03-28 03:06:25 -0400 |
|---|---|---|
| committer | Nick Mathewson <nickm@torproject.org> | 2012-03-28 03:06:25 -0400 |
| commit | 70c17134c79d9de05408748329c0918158d7deb0 (patch) | |
| tree | 1cba0ca8dc336500642cbf4ac7b5793c5f5360ea | |
| parent | 86f1630b36ec58ffd3a193ac4333ac572d4a8dca (diff) | |
| download | tor-70c17134c79d9de05408748329c0918158d7deb0.tar tor-70c17134c79d9de05408748329c0918158d7deb0.tar.gz | |
Rate-limit the warnings as a client when asked to connect a private addr
Partial fix for ticket 2822.
| -rw-r--r-- | changes/bug2822.1 | 5 | ||||
| -rw-r--r-- | src/or/connection_edge.c | 28 |
2 files changed, 26 insertions, 7 deletions
diff --git a/changes/bug2822.1 b/changes/bug2822.1 new file mode 100644 index 000000000..9c4016d05 --- /dev/null +++ b/changes/bug2822.1 @@ -0,0 +1,5 @@ + o Minor features: + + - Rate-limit log messages when asked to connect anonymously to a private + address. When these hit, they tended to hit fast and often. Partial + fix for bug 2822. diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index dd772b22c..e19d7f077 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -2006,14 +2006,28 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn, * then we really don't want to try to connect to it. That's * probably an error. */ if (conn->is_transparent_ap) { - log_warn(LD_NET, - "Rejecting request for anonymous connection to private " - "address %s on a TransPort or NATDPort. Possible loop " - "in your NAT rules?", safe_str_client(socks->address)); +#define WARN_INTERVAL_LOOP 300 + static ratelim_t loop_warn_limit = RATELIM_INIT(WARN_INTERVAL_LOOP); + char *m; + if ((m = rate_limit_log(&loop_warn_limit, approx_time()))) { + log_warn(LD_NET, + "Rejecting request for anonymous connection to private " + "address %s on a TransPort or NATDPort. Possible loop " + "in your NAT rules?%s", safe_str_client(socks->address), + m); + tor_free(m); + } } else { - log_warn(LD_NET, - "Rejecting SOCKS request for anonymous connection to " - "private address %s", safe_str_client(socks->address)); +#define WARN_INTERVAL_PRIV 300 + static ratelim_t priv_warn_limit = RATELIM_INIT(WARN_INTERVAL_PRIV); + char *m; + if ((m = rate_limit_log(&priv_warn_limit, approx_time()))) { + log_warn(LD_NET, + "Rejecting SOCKS request for anonymous connection to " + "private address %s.%s", + safe_str_client(socks->address),m); + tor_free(m); + } } connection_mark_unattached_ap(conn, END_STREAM_REASON_PRIVATE_ADDR); return -1; |