start the process of reducing clutter in server logs

svn:r5253

src/common/tortls.c

@@ -724,10 +724,10 @@ log_cert_lifetime(X509 *cert, const char *problem)
 /** If the provided tls connection is authenticated and has a
  * certificate that is currently valid and signed, then set
  * *<b>identity_key</b> to the identity certificate's key and return
- * 0.  Else, return -1.
+ * 0.  Else, return -1 and log complaints with log-level <b>severity</b>.
  */
 int
-tor_tls_verify(tor_tls_t *tls, crypto_pk_env_t **identity_key)
+tor_tls_verify(int severity, tor_tls_t *tls, crypto_pk_env_t **identity_key)
 {
   X509 *cert = NULL, *id_cert = NULL;
   STACK_OF(X509) *chain = NULL;
@@ -748,7 +748,7 @@ tor_tls_verify(tor_tls_t *tls, crypto_pk_env_t **identity_key)
    * cert and the id_cert.
    */
   if (num_in_chain < 1) {
-    log_fn(LOG_WARN,"Unexpected number of certificates in chain (%d)",
+    log_fn(severity,"Unexpected number of certificates in chain (%d)",
            num_in_chain);
     goto done;
   }
@@ -758,14 +758,14 @@ tor_tls_verify(tor_tls_t *tls, crypto_pk_env_t **identity_key)
       break;
   }
   if (!id_cert) {
-    log_fn(LOG_WARN,"No distinct identity certificate found");
+    log_fn(severity,"No distinct identity certificate found");
     goto done;
   }
 
   if (!(id_pkey = X509_get_pubkey(id_cert)) ||
       X509_verify(cert, id_pkey) <= 0) {
-    log_fn(LOG_WARN,"X509_verify on cert and pkey returned <= 0");
-    tls_log_errors(LOG_WARN,"verifying certificate");
+    log_fn(severity,"X509_verify on cert and pkey returned <= 0");
+    tls_log_errors(severity,"verifying certificate");
     goto done;
   }
 

src/common/tortls.h

@@ -33,7 +33,7 @@ int tor_tls_is_server(tor_tls_t *tls);
 void tor_tls_free(tor_tls_t *tls);
 int tor_tls_peer_has_cert(tor_tls_t *tls);
 int tor_tls_get_peer_cert_nickname(tor_tls_t *tls, char *buf, size_t buflen);
-int tor_tls_verify(tor_tls_t *tls, crypto_pk_env_t **identity);
+int tor_tls_verify(int severity, tor_tls_t *tls, crypto_pk_env_t **identity);
 int tor_tls_check_lifetime(tor_tls_t *tls, int tolerance);
 int tor_tls_read(tor_tls_t *tls, char *cp, size_t len);
 int tor_tls_write(tor_tls_t *tls, char *cp, size_t n);

src/or/command.c

@@ -144,7 +144,8 @@ command_process_cell(cell_t *cell, connection_t *conn)
 #endif
       break;
     default:
-      log_fn(LOG_WARN,"Cell of unknown type (%d) received. Dropping.", cell->command);
+      log_fn(LOG_PROTOCOL_WARN,
+             "Cell of unknown type (%d) received. Dropping.", cell->command);
       break;
   }
 }
@@ -184,7 +185,9 @@ command_process_create_cell(cell_t *cell, connection_t *conn)
   circ = circuit_get_by_circid_orconn(cell->circ_id, conn);
 
   if (circ) {
-    log_fn(LOG_WARN,"received CREATE cell (circID %d) for known circ. Dropping.", cell->circ_id);
+    log_fn(LOG_PROTOCOL_WARN,
+           "received CREATE cell (circID %d) for known circ. Dropping.",
+           cell->circ_id);
     return;
   }
 
@@ -238,7 +241,7 @@ command_process_created_cell(cell_t *cell, connection_t *conn)
   }
 
   if (circ->n_circ_id != cell->circ_id) {
-    log_fn(LOG_WARN,"got created cell from OPward? Closing.");
+    log_fn(LOG_PROTOCOL_WARN,"got created cell from OPward? Closing.");
     circuit_mark_for_close(circ);
     return;
   }
@@ -281,20 +284,20 @@ command_process_relay_cell(cell_t *cell, connection_t *conn)
   }
 
   if (circ->state == CIRCUIT_STATE_ONIONSKIN_PENDING) {
-    log_fn(LOG_WARN,"circuit in create_wait. Closing.");
+    log_fn(LOG_PROTOCOL_WARN,"circuit in create_wait. Closing.");
     circuit_mark_for_close(circ);
     return;
   }
 
   if (cell->circ_id == circ->p_circ_id) { /* it's an outgoing cell */
     if (circuit_receive_relay_cell(cell, circ, CELL_DIRECTION_OUT) < 0) {
-      log_fn(LOG_WARN,"circuit_receive_relay_cell (forward) failed. Closing.");
+      log_fn(LOG_PROTOCOL_WARN,"circuit_receive_relay_cell (forward) failed. Closing.");
       circuit_mark_for_close(circ);
       return;
     }
   } else { /* it's an ingoing cell */
     if (circuit_receive_relay_cell(cell, circ, CELL_DIRECTION_IN) < 0) {
-      log_fn(LOG_WARN,"circuit_receive_relay_cell (backward) failed. Closing.");
+      log_fn(LOG_PROTOCOL_WARN,"circuit_receive_relay_cell (backward) failed. Closing.");
       circuit_mark_for_close(circ);
       return;
     }

src/or/config.c

@@ -163,6 +163,7 @@ static config_var_t _option_vars[] = {
   VAR("OutboundBindAddress", STRING,   OutboundBindAddress,  NULL),
   VAR("PathlenCoinWeight",   DOUBLE,   PathlenCoinWeight,    "0.3"),
   VAR("PidFile",             STRING,   PidFile,              NULL),
+  VAR("ProtocolWarnings",    BOOL,     ProtocolWarnings,     "0"),
   VAR("ReachableAddresses",  LINELIST, ReachableAddresses,   NULL),
   VAR("RecommendedVersions", LINELIST, RecommendedVersions,  NULL),
   VAR("RecommendedClientVersions", LINELIST, RecommendedClientVersions,  NULL),

src/or/connection_or.c

@@ -481,7 +481,7 @@ connection_or_check_valid_handshake(connection_t *conn, char *digest_rcvd)
   log_fn(LOG_DEBUG, "Other side (%s:%d) claims to be router '%s'",
          conn->address, conn->port, nickname);
 
-  if (tor_tls_verify(conn->tls, &identity_rcvd) < 0) {
+  if (tor_tls_verify(severity, conn->tls, &identity_rcvd) < 0) {
     log_fn(LOG_WARN,"Other side, which claims to be router '%s' (%s:%d), has a cert but it's invalid. Closing.",
            nickname, conn->address, conn->port);
     return -1;

src/or/main.c

@@ -463,7 +463,13 @@ conn_close_if_marked(int i)
       return 0;
     }
     if (connection_wants_to_flush(conn)) {
-      log_fn(LOG_NOTICE,"Something wrong with your network connection? Conn (addr %s, fd %d, type %s, state %d) tried to write %d bytes but timed out. (Marked at %s:%d)",
+      int severity;
+      if (conn->type == CONN_TYPE_EXIT ||
+          (conn->type == CONN_TYPE_DIR && conn->purpose == DIR_PURPOSE_SERVER))
+        severity = LOG_INFO;
+      else
+        severity = LOG_NOTICE;
+      log_fn(severity, "Something wrong with your network connection? Conn (addr %s, fd %d, type %s, state %d) tried to write %d bytes but timed out. (Marked at %s:%d)",
              safe_str(conn->address), conn->s, conn_type_to_string(conn->type),
              conn->state,
              (int)buf_datalen(conn->outbuf), conn->marked_for_close_file,

src/or/or.h

@@ -1290,6 +1290,9 @@ typedef struct {
                            * long do we wait before exiting? */
   int SafeLogging; /**< Boolean: are we allowed to log sensitive strings
                     * such as addresses (0), or do we scrub them first (1)? */
+#define LOG_PROTOCOL_WARN (get_options()->ProtocolWarnings ? LOG_WARN : LOG_INFO)
+  int ProtocolWarnings; /**< Boolean: when other parties screw up the Tor
+                         * protocol, is it a warn or an info in our logs? */
   int HardwareAccel; /**< Boolean: Should we enable OpenSSL hardware
                       * acceleration where available? */
   int UseHelperNodes; /**< Boolean: Do we try to enter from a smallish number

src/or/relay.c

@@ -193,7 +193,7 @@ circuit_receive_relay_cell(cell_t *cell, circuit_t *circ, int cell_direction)
       }
       return 0;
     }
-    log_fn(LOG_WARN,"Didn't recognize cell, but circ stops here! Closing circ.");
+    log_fn(LOG_PROTOCOL_WARN,"Didn't recognize cell, but circ stops here! Closing circ.");
     return -1;
   }
 
@@ -429,7 +429,7 @@ connection_edge_send_command(connection_t *fromconn, circuit_t *circ,
   }
 
   if (!circ) {
-    log_fn(LOG_WARN,"no circ. Closing conn.");
+    log_fn(LOG_INFO,"no circ. Closing conn.");
     tor_assert(fromconn);
     if (fromconn->type == CONN_TYPE_AP) {
       connection_mark_unattached_ap(fromconn, END_STREAM_REASON_INTERNAL);