diff options
| -rw-r--r-- | changes/bug2822.1 | 5 | ||||
| -rw-r--r-- | src/or/connection_edge.c | 28 |
2 files changed, 26 insertions, 7 deletions
diff --git a/changes/bug2822.1 b/changes/bug2822.1 new file mode 100644 index 0000000000..9c4016d059 --- /dev/null +++ b/changes/bug2822.1 @@ -0,0 +1,5 @@ + o Minor features: + + - Rate-limit log messages when asked to connect anonymously to a private + address. When these hit, they tended to hit fast and often. Partial + fix for bug 2822. diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c index dd772b22c6..e19d7f0774 100644 --- a/src/or/connection_edge.c +++ b/src/or/connection_edge.c @@ -2006,14 +2006,28 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn, * then we really don't want to try to connect to it. That's * probably an error. */ if (conn->is_transparent_ap) { - log_warn(LD_NET, - "Rejecting request for anonymous connection to private " - "address %s on a TransPort or NATDPort. Possible loop " - "in your NAT rules?", safe_str_client(socks->address)); +#define WARN_INTERVAL_LOOP 300 + static ratelim_t loop_warn_limit = RATELIM_INIT(WARN_INTERVAL_LOOP); + char *m; + if ((m = rate_limit_log(&loop_warn_limit, approx_time()))) { + log_warn(LD_NET, + "Rejecting request for anonymous connection to private " + "address %s on a TransPort or NATDPort. Possible loop " + "in your NAT rules?%s", safe_str_client(socks->address), + m); + tor_free(m); + } } else { - log_warn(LD_NET, - "Rejecting SOCKS request for anonymous connection to " - "private address %s", safe_str_client(socks->address)); +#define WARN_INTERVAL_PRIV 300 + static ratelim_t priv_warn_limit = RATELIM_INIT(WARN_INTERVAL_PRIV); + char *m; + if ((m = rate_limit_log(&priv_warn_limit, approx_time()))) { + log_warn(LD_NET, + "Rejecting SOCKS request for anonymous connection to " + "private address %s.%s", + safe_str_client(socks->address),m); + tor_free(m); + } } connection_mark_unattached_ap(conn, END_STREAM_REASON_PRIVATE_ADDR); return -1; |