Improve clarity, safety, and rate of dns spoofing log msg

Closes ticket 3056.
This commit is contained in:
Nick Mathewson 2017-05-24 10:32:38 -04:00
parent 511c900686
commit 96fab4aaa6
2 changed files with 15 additions and 0 deletions

3
changes/bug3056 Normal file
View File

@ -0,0 +1,3 @@
o Minor features (exit relay, DNS):
- Improve the clarity and safety of the log message from evdns when
receiving an apparent spoofed DNS reply. Closes ticket 3056.

View File

@ -182,6 +182,18 @@ evdns_log_cb(int warn, const char *msg)
} else if (!strcmp(msg, "All nameservers have failed")) {
control_event_server_status(LOG_WARN, "NAMESERVER_ALL_DOWN");
all_down = 1;
} else if (!strcmpstart(msg, "Address mismatch on received DNS")) {
static ratelim_t mismatch_limit = RATELIM_INIT(3600);
const char *src = strstr(msg, " Apparent source");
if (!src || get_options()->SafeLogging) {
src = "";
}
log_fn_ratelim(&mismatch_limit, severity, LD_EXIT,
"eventdns: Received a DNS packet from "
"an IP address to which we did not send a request. This "
"could be a DNS spoofing attempt, or some kind of "
"misconfiguration.%s", src);
return;
}
tor_log(severity, LD_EXIT, "eventdns: %s", msg);
}