From 70c17134c79d9de05408748329c0918158d7deb0 Mon Sep 17 00:00:00 2001
From: Nick Mathewson <nickm@torproject.org>
Date: Wed, 28 Mar 2012 03:06:25 -0400
Subject: [PATCH] Rate-limit the warnings as a client when asked to connect a
 private addr

Partial fix for ticket 2822.
---
 changes/bug2822.1        |  5 +++++
 src/or/connection_edge.c | 28 +++++++++++++++++++++-------
 2 files changed, 26 insertions(+), 7 deletions(-)
 create mode 100644 changes/bug2822.1

diff --git a/changes/bug2822.1 b/changes/bug2822.1
new file mode 100644
index 0000000000..9c4016d059
--- /dev/null
+++ b/changes/bug2822.1
@@ -0,0 +1,5 @@
+  o Minor features:
+
+    - Rate-limit log messages when asked to connect anonymously to a private
+      address. When these hit, they tended to hit fast and often. Partial
+      fix for bug 2822.
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index dd772b22c6..e19d7f0774 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -2006,14 +2006,28 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
            * then we really don't want to try to connect to it.  That's
            * probably an error. */
           if (conn->is_transparent_ap) {
-            log_warn(LD_NET,
-                     "Rejecting request for anonymous connection to private "
-                     "address %s on a TransPort or NATDPort.  Possible loop "
-                     "in your NAT rules?", safe_str_client(socks->address));
+#define WARN_INTERVAL_LOOP 300
+            static ratelim_t loop_warn_limit = RATELIM_INIT(WARN_INTERVAL_LOOP);
+            char *m;
+            if ((m = rate_limit_log(&loop_warn_limit, approx_time()))) {
+              log_warn(LD_NET,
+                       "Rejecting request for anonymous connection to private "
+                       "address %s on a TransPort or NATDPort.  Possible loop "
+                       "in your NAT rules?%s", safe_str_client(socks->address),
+                       m);
+              tor_free(m);
+            }
           } else {
-            log_warn(LD_NET,
-                     "Rejecting SOCKS request for anonymous connection to "
-                     "private address %s", safe_str_client(socks->address));
+#define WARN_INTERVAL_PRIV 300
+            static ratelim_t priv_warn_limit = RATELIM_INIT(WARN_INTERVAL_PRIV);
+            char *m;
+            if ((m = rate_limit_log(&priv_warn_limit, approx_time()))) {
+              log_warn(LD_NET,
+                       "Rejecting SOCKS request for anonymous connection to "
+                       "private address %s.%s",
+                       safe_str_client(socks->address),m);
+              tor_free(m);
+            }
           }
           connection_mark_unattached_ap(conn, END_STREAM_REASON_PRIVATE_ADDR);
           return -1;