|
@@ -2006,14 +2006,28 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
|
|
|
* then we really don't want to try to connect to it. That's
|
|
|
* probably an error. */
|
|
|
if (conn->is_transparent_ap) {
|
|
|
- log_warn(LD_NET,
|
|
|
- "Rejecting request for anonymous connection to private "
|
|
|
- "address %s on a TransPort or NATDPort. Possible loop "
|
|
|
- "in your NAT rules?", safe_str_client(socks->address));
|
|
|
+#define WARN_INTERVAL_LOOP 300
|
|
|
+ static ratelim_t loop_warn_limit = RATELIM_INIT(WARN_INTERVAL_LOOP);
|
|
|
+ char *m;
|
|
|
+ if ((m = rate_limit_log(&loop_warn_limit, approx_time()))) {
|
|
|
+ log_warn(LD_NET,
|
|
|
+ "Rejecting request for anonymous connection to private "
|
|
|
+ "address %s on a TransPort or NATDPort. Possible loop "
|
|
|
+ "in your NAT rules?%s", safe_str_client(socks->address),
|
|
|
+ m);
|
|
|
+ tor_free(m);
|
|
|
+ }
|
|
|
} else {
|
|
|
- log_warn(LD_NET,
|
|
|
- "Rejecting SOCKS request for anonymous connection to "
|
|
|
- "private address %s", safe_str_client(socks->address));
|
|
|
+#define WARN_INTERVAL_PRIV 300
|
|
|
+ static ratelim_t priv_warn_limit = RATELIM_INIT(WARN_INTERVAL_PRIV);
|
|
|
+ char *m;
|
|
|
+ if ((m = rate_limit_log(&priv_warn_limit, approx_time()))) {
|
|
|
+ log_warn(LD_NET,
|
|
|
+ "Rejecting SOCKS request for anonymous connection to "
|
|
|
+ "private address %s.%s",
|
|
|
+ safe_str_client(socks->address),m);
|
|
|
+ tor_free(m);
|
|
|
+ }
|
|
|
}
|
|
|
connection_mark_unattached_ap(conn, END_STREAM_REASON_PRIVATE_ADDR);
|
|
|
return -1;
|