1 files changed, 11 insertions, 2 deletions

diff --git a/src/or/rendservice.c b/src/or/rendservice.c
index 13bf5ad450..440359a321 100644
--- a/src/or/rendservice.c
+++ b/src/or/rendservice.c
@@ -1021,7 +1021,9 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
     v3_shift += 4;
     if ((now - ts) < -1 * REND_REPLAY_TIME_INTERVAL / 2 ||
         (now - ts) > REND_REPLAY_TIME_INTERVAL / 2) {
-      log_warn(LD_REND, "INTRODUCE2 cell is too %s. Discarding.",
+      /* This is far more likely to mean that a client's clock is
+       * skewed than that a replay attack is in progress. */
+      log_info(LD_REND, "INTRODUCE2 cell is too %s. Discarding.",
                (now - ts) < 0 ? "old" : "new");
       return -1;
     }
@@ -1125,7 +1127,14 @@ rend_service_introduce(origin_circuit_t *circuit, const uint8_t *request,
    * part 1. */
   access_time = digestmap_get(service->accepted_intros, diffie_hellman_hash);
   if (access_time != NULL) {
-    log_warn(LD_REND, "Possible replay detected! We received an "
+    /* A Tor client will send a new INTRODUCE1 cell with the same rend
+     * cookie and DH public key as its previous one if its intro circ
+     * times out while in state CIRCUIT_PURPOSE_C_INTRODUCE_ACK_WAIT .
+     * If we received the first INTRODUCE1 cell (the intro-point relay
+     * converts it into an INTRODUCE2 cell), we are already trying to
+     * connect to that rend point (and may have already succeeded);
+     * drop this cell. */
+    log_info(LD_REND, "We received an "
              "INTRODUCE2 cell with same first part of "
              "Diffie-Hellman handshake %d seconds ago. Dropping "
              "cell.",