Merge remote-tracking branch 'tor-gitlab/mr/320'

author: Nick Mathewson <nickm@torproject.org> 2021-02-23 09:29:49 -0500
committer: Nick Mathewson <nickm@torproject.org> 2021-02-23 09:29:49 -0500
commit: bc799a1eaf85fc218156e014c83cc1d5c096e16a (patch)
tree: e4175a0e663e2ee30538e567bdbfce0edc7bd4ee
parent: 100221baac7e0c0533df009d5b65eae27af12123 (diff)
parent: c96465259a71741eb90486056a62376c3475007e (diff)
download: tor-bc799a1eaf85fc218156e014c83cc1d5c096e16a.tar.gz
tor-bc799a1eaf85fc218156e014c83cc1d5c096e16a.zip
3 files changed, 43 insertions, 40 deletions
diff --git a/changes/changes40308 b/changes/changes40308
new file mode 100644
index 0000000000..d2b91f9299
--- /dev/null
+++ b/changes/changes40308
@@ -0,0 +1,5 @@
+  o Minor feature (DoS log heartbeat):
+    - Change the DoS subsystem heartbeat line format so be more clear on what
+      has been detected/rejected and which option is disabled if any. Closes
+      ticket 40308.
+
diff --git a/src/core/or/dos.c b/src/core/or/dos.c
index ba4e5442d6..b00863c118 100644
--- a/src/core/or/dos.c
+++ b/src/core/or/dos.c
@@ -776,58 +776,54 @@ dos_should_refuse_single_hop_client(void)
 void
 dos_log_heartbeat(void)
 {
-  char *conn_msg = NULL;
-  char *cc_msg = NULL;
-  char *single_hop_client_msg = NULL;
-  char *circ_stats_msg = NULL;
-  char *hs_dos_intro2_msg = NULL;
+  smartlist_t *elems = smartlist_new();
 
   /* Stats number coming from relay.c append_cell_to_circuit_queue(). */
-  tor_asprintf(&circ_stats_msg,
-               " %" PRIu64 " circuits killed with too many cells.",
-               stats_n_circ_max_cell_reached);
+  smartlist_add_asprintf(elems,
+                         "%" PRIu64 " circuits killed with too many cells",
+                         stats_n_circ_max_cell_reached);
 
   if (dos_cc_enabled) {
-    tor_asprintf(&cc_msg,
-                 " %" PRIu64 " circuits rejected,"
-                 " %" PRIu32 " marked addresses.",
-                 cc_num_rejected_cells, cc_num_marked_addrs);
+    smartlist_add_asprintf(elems,
+                           "%" PRIu64 " circuits rejected, "
+                           "%" PRIu32 " marked addresses",
+                           cc_num_rejected_cells, cc_num_marked_addrs);
+  } else {
+    smartlist_add_asprintf(elems, "[DoSCircuitCreationEnabled disabled]");
   }
 
   if (dos_conn_enabled) {
-    tor_asprintf(&conn_msg,
-                 " %" PRIu64 " connections closed.",
-                 conn_num_addr_rejected);
-    tor_asprintf(&conn_msg,
-                 " %" PRIu64 " connect() connections closed.",
-                 conn_num_addr_connect_rejected);
+    smartlist_add_asprintf(elems,
+                           "%" PRIu64 " same address concurrent "
+                           "connections rejected", conn_num_addr_rejected);
+    smartlist_add_asprintf(elems,
+                           "%" PRIu64 " connections rejected",
+                           conn_num_addr_connect_rejected);
+  } else {
+    smartlist_add_asprintf(elems, "[DoSConnectionEnabled disabled]");
   }
 
   if (dos_should_refuse_single_hop_client()) {
-    tor_asprintf(&single_hop_client_msg,
-                 " %" PRIu64 " single hop clients refused.",
-                 num_single_hop_client_refused);
+    smartlist_add_asprintf(elems,
+                           "%" PRIu64 " single hop clients refused",
+                           num_single_hop_client_refused);
+  } else {
+    smartlist_add_asprintf(elems,
+                           "[DoSRefuseSingleHopClientRendezvous disabled]");
   }
 
   /* HS DoS stats. */
-  tor_asprintf(&hs_dos_intro2_msg,
-               " %" PRIu64 " INTRODUCE2 rejected.",
-               hs_dos_get_intro2_rejected_count());
-
-  log_notice(LD_HEARTBEAT,
-             "DoS mitigation since startup:%s%s%s%s%s",
-             circ_stats_msg,
-             (cc_msg != NULL) ? cc_msg : " [cc not enabled]",
-             (conn_msg != NULL) ? conn_msg : " [conn not enabled]",
-             (single_hop_client_msg != NULL) ? single_hop_client_msg : "",
-             (hs_dos_intro2_msg != NULL) ? hs_dos_intro2_msg : "");
-
-  tor_free(conn_msg);
-  tor_free(cc_msg);
-  tor_free(single_hop_client_msg);
-  tor_free(circ_stats_msg);
-  tor_free(hs_dos_intro2_msg);
-  return;
+  smartlist_add_asprintf(elems,
+                         "%" PRIu64 " INTRODUCE2 rejected",
+                         hs_dos_get_intro2_rejected_count());
+
+  char *msg = smartlist_join_strings(elems, ", ", 0, NULL);
+
+  log_notice(LD_HEARTBEAT, "DoS mitigation since startup: %s.", msg);
+
+  tor_free(msg);
+  SMARTLIST_FOREACH(elems, char *, e, tor_free(e));
+  smartlist_free(elems);
 }
 
 /* Called when a new client connection has been established on the given
diff --git a/src/test/test_status.c b/src/test/test_status.c
index b938b86326..223aeffb3b 100644
--- a/src/test/test_status.c
+++ b/src/test/test_status.c
@@ -360,7 +360,9 @@ test_status_hb_not_in_consensus(void *arg)
                  "initiated 0 and received 0 v4 connections; "
                  "initiated 0 and received 0 v5 connections.\n");
   expect_log_msg("DoS mitigation since startup: 0 circuits killed with "
-                 "too many cells. [cc not enabled] [conn not enabled] "
+                 "too many cells, [DoSCircuitCreationEnabled disabled], "
+                 "[DoSConnectionEnabled disabled], "
+                 "[DoSRefuseSingleHopClientRendezvous disabled], "
                  "0 INTRODUCE2 rejected.\n");
   tt_int_op(mock_saved_log_n_entries(), OP_EQ, 6);
author	Nick Mathewson <nickm@torproject.org>	2021-02-23 09:29:49 -0500
committer	Nick Mathewson <nickm@torproject.org>	2021-02-23 09:29:49 -0500
commit	bc799a1eaf85fc218156e014c83cc1d5c096e16a (patch)
tree	e4175a0e663e2ee30538e567bdbfce0edc7bd4ee
parent	100221baac7e0c0533df009d5b65eae27af12123 (diff)
parent	c96465259a71741eb90486056a62376c3475007e (diff)
download	tor-bc799a1eaf85fc218156e014c83cc1d5c096e16a.tar.gz tor-bc799a1eaf85fc218156e014c83cc1d5c096e16a.zip