r14362@31-33-219: nickm | 2008-02-21 11:01:10 -0500

Change some of our log messages related to closed TLS connections in order to better reflect reality.


svn:r13657
This commit is contained in:
Nick Mathewson 2008-02-21 16:11:58 +00:00
parent e18ee2a2ab
commit e2f25558b9
4 changed files with 20 additions and 13 deletions

View File

@ -72,6 +72,10 @@ Changes in version 0.2.0.20-?? - 2008-02-??
- Alter the code that tries to recover from unhandled write - Alter the code that tries to recover from unhandled write
errors, to not try to flush onto a socket that's given us errors, to not try to flush onto a socket that's given us
unhandled errors. Bugfix on 0.1.2.x. unhandled errors. Bugfix on 0.1.2.x.
- Report TLS "zero return" case as a "clean close" and "IO error"
as a "close". Stop calling closes "unexpected closes": existing
Tors don't use SSL_close(), so having a connection close without
the TLS shutdown handshake is hardly unexpected.
o Code simplifications and refactoring: o Code simplifications and refactoring:
- Remove the tor_strpartition function: its logic was confused, - Remove the tor_strpartition function: its logic was confused,

View File

@ -282,12 +282,9 @@ tor_tls_get_error(tor_tls_t *tls, int r, int extra,
case SSL_ERROR_ZERO_RETURN: case SSL_ERROR_ZERO_RETURN:
if (extra&CATCH_ZERO) if (extra&CATCH_ZERO)
return _TOR_TLS_ZERORETURN; return _TOR_TLS_ZERORETURN;
log(severity, LD_NET, "TLS error: Zero return"); log(severity, LD_NET, "TLS connection closed while %s", doing);
tls_log_errors(tls, severity, doing); tls_log_errors(tls, severity, doing);
/* XXXX020rc Actually, a 'zero return' error has a pretty specific return TOR_TLS_CLOSE;
* meaning: the connection has been closed cleanly. -NM
* Great. Do something smart here then. :) -RD */
return TOR_TLS_ERROR_MISC;
default: default:
tls_log_errors(tls, severity, doing); tls_log_errors(tls, severity, doing);
return TOR_TLS_ERROR_MISC; return TOR_TLS_ERROR_MISC;
@ -858,7 +855,7 @@ tor_tls_read(tor_tls_t *tls, char *cp, size_t len)
return r; return r;
} }
err = tor_tls_get_error(tls, r, CATCH_ZERO, "reading", LOG_DEBUG); err = tor_tls_get_error(tls, r, CATCH_ZERO, "reading", LOG_DEBUG);
if (err == _TOR_TLS_ZERORETURN) { if (err == _TOR_TLS_ZERORETURN || err == TOR_TLS_CLOSE) {
log_debug(LD_NET,"read returned r=%d; TLS is closed",r); log_debug(LD_NET,"read returned r=%d; TLS is closed",r);
tls->state = TOR_TLS_ST_CLOSED; tls->state = TOR_TLS_ST_CLOSED;
return TOR_TLS_CLOSE; return TOR_TLS_CLOSE;

View File

@ -22,7 +22,7 @@ typedef struct tor_tls_t tor_tls_t;
/* Possible return values for most tor_tls_* functions. */ /* Possible return values for most tor_tls_* functions. */
#define _MIN_TOR_TLS_ERROR_VAL -9 #define _MIN_TOR_TLS_ERROR_VAL -9
#define TOR_TLS_ERROR_MISC -9 #define TOR_TLS_ERROR_MISC -9
/* Rename to unexpected close or something. XXXX */ /* Rename to unexpected close or something. XXXX021 */
#define TOR_TLS_ERROR_IO -8 #define TOR_TLS_ERROR_IO -8
#define TOR_TLS_ERROR_CONNREFUSED -7 #define TOR_TLS_ERROR_CONNREFUSED -7
#define TOR_TLS_ERROR_CONNRESET -6 #define TOR_TLS_ERROR_CONNRESET -6
@ -33,16 +33,20 @@ typedef struct tor_tls_t tor_tls_t;
#define TOR_TLS_WANTWRITE -1 #define TOR_TLS_WANTWRITE -1
#define TOR_TLS_DONE 0 #define TOR_TLS_DONE 0
/** Use this macro in a switch statement to catch _any_ TLS error. That way, /** DOCDOC XXXX021 also rename me. */
* if more errors are added, your switches will still work. */ #define CASE_TOR_TLS_ERROR_ANY_NONIO \
#define CASE_TOR_TLS_ERROR_ANY \
case TOR_TLS_ERROR_MISC: \ case TOR_TLS_ERROR_MISC: \
case TOR_TLS_ERROR_IO: \
case TOR_TLS_ERROR_CONNREFUSED: \ case TOR_TLS_ERROR_CONNREFUSED: \
case TOR_TLS_ERROR_CONNRESET: \ case TOR_TLS_ERROR_CONNRESET: \
case TOR_TLS_ERROR_NO_ROUTE: \ case TOR_TLS_ERROR_NO_ROUTE: \
case TOR_TLS_ERROR_TIMEOUT case TOR_TLS_ERROR_TIMEOUT
/** Use this macro in a switch statement to catch _any_ TLS error. That way,
* if more errors are added, your switches will still work. */
#define CASE_TOR_TLS_ERROR_ANY \
CASE_TOR_TLS_ERROR_ANY_NONIO: \
case TOR_TLS_ERROR_IO
#define TOR_TLS_IS_ERROR(rv) ((rv) < TOR_TLS_CLOSE) #define TOR_TLS_IS_ERROR(rv) ((rv) < TOR_TLS_CLOSE)
const char *tor_tls_err_to_string(int err); const char *tor_tls_err_to_string(int err);

View File

@ -1945,12 +1945,14 @@ connection_read_to_buf(connection_t *conn, int *max_to_read)
switch (result) { switch (result) {
case TOR_TLS_CLOSE: case TOR_TLS_CLOSE:
log_info(LD_NET,"TLS connection closed on read. Closing. " case TOR_TLS_ERROR_IO:
log_info(LD_NET,"TLS connection closed %son read. Closing. "
"(Nickname %s, address %s", "(Nickname %s, address %s",
result == TOR_TLS_CLOSE ? "cleanly " : "",
or_conn->nickname ? or_conn->nickname : "not set", or_conn->nickname ? or_conn->nickname : "not set",
conn->address); conn->address);
return result; return result;
CASE_TOR_TLS_ERROR_ANY: CASE_TOR_TLS_ERROR_ANY_NONIO:
log_info(LD_NET,"tls error [%s]. breaking (nickname %s, address %s).", log_info(LD_NET,"tls error [%s]. breaking (nickname %s, address %s).",
tor_tls_err_to_string(result), tor_tls_err_to_string(result),
or_conn->nickname ? or_conn->nickname : "not set", or_conn->nickname ? or_conn->nickname : "not set",