Rate-limit the warnings as a client when asked to connect a private addr

Partial fix for ticket 2822.
2024-11-28 14:23:30 +01:00 · 2012-03-28 03:06:25 -04:00 · 2012-03-28 03:06:25 -04:00 · 70c17134c7
commit 70c17134c7
parent 86f1630b36
2 changed files with 26 additions and 7 deletions
--- a/changes/bug2822.1
+++ b/changes/bug2822.1
@ -0,0 +1,5 @@
  o Minor features:
    - Rate-limit log messages when asked to connect anonymously to a private
      address. When these hit, they tended to hit fast and often. Partial
      fix for bug 2822.
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@ -2006,14 +2006,28 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
           * then we really don't want to try to connect to it.  That's
           * probably an error. */
          if (conn->is_transparent_ap) {
-            log_warn(LD_NET,
+#define WARN_INTERVAL_LOOP 300
-                     "Rejecting request for anonymous connection to private "
+            static ratelim_t loop_warn_limit = RATELIM_INIT(WARN_INTERVAL_LOOP);
-                     "address %s on a TransPort or NATDPort.  Possible loop "
+            char *m;
-                     "in your NAT rules?", safe_str_client(socks->address));
+            if ((m = rate_limit_log(&loop_warn_limit, approx_time()))) {
              log_warn(LD_NET,
                       "Rejecting request for anonymous connection to private "
                       "address %s on a TransPort or NATDPort.  Possible loop "
                       "in your NAT rules?%s", safe_str_client(socks->address),
                       m);
              tor_free(m);
            }
          } else {
-            log_warn(LD_NET,
+#define WARN_INTERVAL_PRIV 300
-                     "Rejecting SOCKS request for anonymous connection to "
+            static ratelim_t priv_warn_limit = RATELIM_INIT(WARN_INTERVAL_PRIV);
-                     "private address %s", safe_str_client(socks->address));
+            char *m;
            if ((m = rate_limit_log(&priv_warn_limit, approx_time()))) {
              log_warn(LD_NET,
                       "Rejecting SOCKS request for anonymous connection to "
                       "private address %s.%s",
                       safe_str_client(socks->address),m);
              tor_free(m);
            }
          }
          connection_mark_unattached_ap(conn, END_STREAM_REASON_PRIVATE_ADDR);
          return -1;