Home Explore Help
Sign In
piros
/
tor
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Rate-limit the warnings as a client when asked to connect a private addr

Partial fix for ticket 2822.
Nick Mathewson 12 years ago
parent
86f1630b36
commit
70c17134c7
2 changed files with 26 additions and 7 deletions
Split View Show Diff Stats
  1. 5 0
      changes/bug2822.1
  2. 21 7
      src/or/connection_edge.c

+ 5 - 0
changes/bug2822.1
View File 

@@ -0,0 +1,5 @@
 
+  o Minor features:
 
+
 
+    - Rate-limit log messages when asked to connect anonymously to a private
 
+      address. When these hit, they tended to hit fast and often. Partial
 
+      fix for bug 2822.

+ 21 - 7
src/or/connection_edge.c
View File 

@@ -2006,14 +2006,28 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
 
            * then we really don't want to try to connect to it.  That's
 
            * probably an error. */
 
           if (conn->is_transparent_ap) {
 
-            log_warn(LD_NET,
 
-                     "Rejecting request for anonymous connection to private "
 
-                     "address %s on a TransPort or NATDPort.  Possible loop "
 
-                     "in your NAT rules?", safe_str_client(socks->address));
 
+#define WARN_INTERVAL_LOOP 300
 
+            static ratelim_t loop_warn_limit = RATELIM_INIT(WARN_INTERVAL_LOOP);
 
+            char *m;
 
+            if ((m = rate_limit_log(&loop_warn_limit, approx_time()))) {
 
+              log_warn(LD_NET,
 
+                       "Rejecting request for anonymous connection to private "
 
+                       "address %s on a TransPort or NATDPort.  Possible loop "
 
+                       "in your NAT rules?%s", safe_str_client(socks->address),
 
+                       m);
 
+              tor_free(m);
 
+            }
 
           } else {
 
-            log_warn(LD_NET,
 
-                     "Rejecting SOCKS request for anonymous connection to "
 
-                     "private address %s", safe_str_client(socks->address));
 
+#define WARN_INTERVAL_PRIV 300
 
+            static ratelim_t priv_warn_limit = RATELIM_INIT(WARN_INTERVAL_PRIV);
 
+            char *m;
 
+            if ((m = rate_limit_log(&priv_warn_limit, approx_time()))) {
 
+              log_warn(LD_NET,
 
+                       "Rejecting SOCKS request for anonymous connection to "
 
+                       "private address %s.%s",
 
+                       safe_str_client(socks->address),m);
 
+              tor_free(m);
 
+            }
 
           }
 
           connection_mark_unattached_ap(conn, END_STREAM_REASON_PRIVATE_ADDR);
 
           return -1;