Demote HS 'replay detected' log message for DH public keys to info level

2 files changed, 16 insertions, 1 deletions

diff --git a/changes/bug2442 b/changes/bug2442
new file mode 100644
index 0000000000..cbcc22bb80
--- /dev/null
+++ b/changes/bug2442
@@ -0,0 +1,8 @@
+  * Minor bugfixes:
+
+    - Demote the 'replay detected' log message emitted when a hidden
+      service receives the same Diffie-Hellman public key in two
+      different INTRODUCE2 cells to info level.  A normal Tor client
+      can cause that log message during its normal operation.  Bugfix
+      on 0.2.1.6-alpha; fixes part of bug 2442.
+
diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index 926f38070a..5f55537bc0 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -1123,7 +1123,14 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
    * part 1. */
   access_time = digestmap_get(service->accepted_intros, diffie_hellman_hash);
   if (access_time != NULL) {
-    log_warn(LD_REND, "Possible replay detected! We received an "
+    /* A Tor client will send a new INTRODUCE1 cell with the same rend
+     * cookie and DH public key as its previous one if its intro circ
+     * times out while in state CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT .
+     * If we received the first INTRODUCE1 cell (the intro-point relay
+     * converts it into an INTRODUCE2 cell), we are already trying to
+     * connect to that rend point (and may have already succeeded);
+     * drop this cell. */
+    log_info(LD_REND, "We received an "
              "INTRODUCE2 cell with same first part of "
              "Diffie-Hellman handshake %d seconds ago. Dropping "
              "cell.",