mirror of
https://gitlab.torproject.org/tpo/core/tor.git
synced 2024-11-24 12:23:32 +01:00
Rate-limit the warnings as a client when asked to connect a private addr
Partial fix for ticket 2822.
This commit is contained in:
parent
86f1630b36
commit
70c17134c7
5
changes/bug2822.1
Normal file
5
changes/bug2822.1
Normal file
@ -0,0 +1,5 @@
|
||||
o Minor features:
|
||||
|
||||
- Rate-limit log messages when asked to connect anonymously to a private
|
||||
address. When these hit, they tended to hit fast and often. Partial
|
||||
fix for bug 2822.
|
@ -2006,14 +2006,28 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
|
||||
* then we really don't want to try to connect to it. That's
|
||||
* probably an error. */
|
||||
if (conn->is_transparent_ap) {
|
||||
log_warn(LD_NET,
|
||||
"Rejecting request for anonymous connection to private "
|
||||
"address %s on a TransPort or NATDPort. Possible loop "
|
||||
"in your NAT rules?", safe_str_client(socks->address));
|
||||
#define WARN_INTERVAL_LOOP 300
|
||||
static ratelim_t loop_warn_limit = RATELIM_INIT(WARN_INTERVAL_LOOP);
|
||||
char *m;
|
||||
if ((m = rate_limit_log(&loop_warn_limit, approx_time()))) {
|
||||
log_warn(LD_NET,
|
||||
"Rejecting request for anonymous connection to private "
|
||||
"address %s on a TransPort or NATDPort. Possible loop "
|
||||
"in your NAT rules?%s", safe_str_client(socks->address),
|
||||
m);
|
||||
tor_free(m);
|
||||
}
|
||||
} else {
|
||||
log_warn(LD_NET,
|
||||
"Rejecting SOCKS request for anonymous connection to "
|
||||
"private address %s", safe_str_client(socks->address));
|
||||
#define WARN_INTERVAL_PRIV 300
|
||||
static ratelim_t priv_warn_limit = RATELIM_INIT(WARN_INTERVAL_PRIV);
|
||||
char *m;
|
||||
if ((m = rate_limit_log(&priv_warn_limit, approx_time()))) {
|
||||
log_warn(LD_NET,
|
||||
"Rejecting SOCKS request for anonymous connection to "
|
||||
"private address %s.%s",
|
||||
safe_str_client(socks->address),m);
|
||||
tor_free(m);
|
||||
}
|
||||
}
|
||||
connection_mark_unattached_ap(conn, END_STREAM_REASON_PRIVATE_ADDR);
|
||||
return -1;
|
||||
|
Loading…
Reference in New Issue
Block a user