[tor/master] Rate-limit the warnings as a client when asked to connect a private addr - tor-commits

16 May 2012

commit 70c17134c79d9de05408748329c0918158d7deb0
Author: Nick Mathewson nickm@torproject.org
Date:   Wed Mar 28 03:06:25 2012 -0400
Rate-limit the warnings as a client when asked to connect a private addr
Partial fix for ticket 2822.
---
 changes/bug2822.1        |    5 +++++
 src/or/connection_edge.c |   28 +++++++++++++++++++++-------
 2 files changed, 26 insertions(+), 7 deletions(-)

diff --git a/changes/bug2822.1 b/changes/bug2822.1
new file mode 100644
index 0000000..9c4016d
--- /dev/null
+++ b/changes/bug2822.1
@@ -0,0 +1,5 @@
+  o Minor features:
+
+    - Rate-limit log messages when asked to connect anonymously to a private
+      address. When these hit, they tended to hit fast and often. Partial
+      fix for bug 2822.
diff --git a/src/or/connection_edge.c b/src/or/connection_edge.c
index dd772b2..e19d7f0 100644
--- a/src/or/connection_edge.c
+++ b/src/or/connection_edge.c
@@ -2006,14 +2006,28 @@ connection_ap_handshake_rewrite_and_attach(entry_connection_t *conn,
            * then we really don't want to try to connect to it.  That's
            * probably an error. */
           if (conn->is_transparent_ap) {
-            log_warn(LD_NET,
-                     "Rejecting request for anonymous connection to private "
-                     "address %s on a TransPort or NATDPort.  Possible loop "
-                     "in your NAT rules?", safe_str_client(socks->address));
+#define WARN_INTERVAL_LOOP 300
+            static ratelim_t loop_warn_limit = RATELIM_INIT(WARN_INTERVAL_LOOP);
+            char *m;
+            if ((m = rate_limit_log(&loop_warn_limit, approx_time()))) {
+              log_warn(LD_NET,
+                       "Rejecting request for anonymous connection to private "
+                       "address %s on a TransPort or NATDPort.  Possible loop "
+                       "in your NAT rules?%s", safe_str_client(socks->address),
+                       m);
+              tor_free(m);
+            }
           } else {
-            log_warn(LD_NET,
-                     "Rejecting SOCKS request for anonymous connection to "
-                     "private address %s", safe_str_client(socks->address));
+#define WARN_INTERVAL_PRIV 300
+            static ratelim_t priv_warn_limit = RATELIM_INIT(WARN_INTERVAL_PRIV);
+            char *m;
+            if ((m = rate_limit_log(&priv_warn_limit, approx_time()))) {
+              log_warn(LD_NET,
+                       "Rejecting SOCKS request for anonymous connection to "
+                       "private address %s.%s",
+                       safe_str_client(socks->address),m);
+              tor_free(m);
+            }
           }
           connection_mark_unattached_ap(conn, END_STREAM_REASON_PRIVATE_ADDR);
           return -1;

    