Merge remote-tracking branch 'public/bug2822'

author: Nick Mathewson <nickm@torproject.org> 2012-05-16 11:10:09 -0400
committer: Nick Mathewson <nickm@torproject.org> 2012-05-16 11:10:09 -0400
commit: a925fc918975fd62581d438eec0dc8a1d53ce127 (patch)
tree: b212cfbe77ccfcbeb0746d755c3725b923c0e459 /src/or/connection_edge.c
parent: a3046fd5e576bc7294374a8bbab1a80cd3fb3524 (diff)
parent: 433d7578465e04484d537810096512b5cc61246f (diff)
download: tor-a925fc918975fd62581d438eec0dc8a1d53ce127.tar.gz
tor-a925fc918975fd62581d438eec0dc8a1d53ce127.zip
1 files changed, 24 insertions, 9 deletions
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index 5ef56a63b0..3b053c7cc3 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -2000,20 +2000,35 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
       if (options->ClientRejectInternalAddresses &&
           !conn->use_begindir && !conn->chosen_exit_name && !circ) {
         tor_addr_t addr;
-        if (tor_addr_parse(&addr, socks->address) >= 0 &&
-            tor_addr_is_internal(&addr, 0)) {
+        if (tor_addr_hostname_is_local(socks->address) ||
+            (tor_addr_parse(&addr, socks->address) >= 0 &&
+             tor_addr_is_internal(&addr, 0))) {
           /* If this is an explicit private address with no chosen exit node,
            * then we really don't want to try to connect to it.  That's
            * probably an error. */
           if (conn->is_transparent_ap) {
-            log_warn(LD_NET,
-                     "Rejecting request for anonymous connection to private "
-                     "address %s on a TransPort or NATDPort.  Possible loop "
-                     "in your NAT rules?", safe_str_client(socks->address));
+#define WARN_INTERVAL_LOOP 300
+            static ratelim_t loop_warn_limit = RATELIM_INIT(WARN_INTERVAL_LOOP);
+            char *m;
+            if ((m = rate_limit_log(&loop_warn_limit, approx_time()))) {
+              log_warn(LD_NET,
+                       "Rejecting request for anonymous connection to private "
+                       "address %s on a TransPort or NATDPort.  Possible loop "
+                       "in your NAT rules?%s", safe_str_client(socks->address),
+                       m);
+              tor_free(m);
+            }
           } else {
-            log_warn(LD_NET,
-                     "Rejecting SOCKS request for anonymous connection to "
-                     "private address %s", safe_str_client(socks->address));
+#define WARN_INTERVAL_PRIV 300
+            static ratelim_t priv_warn_limit = RATELIM_INIT(WARN_INTERVAL_PRIV);
+            char *m;
+            if ((m = rate_limit_log(&priv_warn_limit, approx_time()))) {
+              log_warn(LD_NET,
+                       "Rejecting SOCKS request for anonymous connection to "
+                       "private address %s.%s",
+                       safe_str_client(socks->address),m);
+              tor_free(m);
+            }
           }
           connection_mark_unattached_ap(conn, END_STREAM_REASON_PRIVATE_ADDR);
           return -1;
author	Nick Mathewson <nickm@torproject.org>	2012-05-16 11:10:09 -0400
committer	Nick Mathewson <nickm@torproject.org>	2012-05-16 11:10:09 -0400
commit	a925fc918975fd62581d438eec0dc8a1d53ce127 (patch)
tree	b212cfbe77ccfcbeb0746d755c3725b923c0e459 /src/or/connection_edge.c
parent	a3046fd5e576bc7294374a8bbab1a80cd3fb3524 (diff)
parent	433d7578465e04484d537810096512b5cc61246f (diff)
download	tor-a925fc918975fd62581d438eec0dc8a1d53ce127.tar.gz tor-a925fc918975fd62581d438eec0dc8a1d53ce127.zip