[or-cvs] r13657: Change some of our log messages related to closed TLS connec (in tor/trunk: . src/common src/or)

Thu Feb 21 16:11:59 UTC 2008

Author: nickm
Date: 2008-02-21 11:11:58 -0500 (Thu, 21 Feb 2008)
New Revision: 13657

Modified:
   tor/trunk/
   tor/trunk/ChangeLog
   tor/trunk/src/common/tortls.c
   tor/trunk/src/common/tortls.h
   tor/trunk/src/or/connection.c
Log:
 r14362 at 31-33-219:  nickm | 2008-02-21 11:01:10 -0500
 Change some of our log messages related to closed TLS connections in order to better reflect reality.



Property changes on: tor/trunk
___________________________________________________________________
 svk:merge ticket from /tor/trunk [r14362] on 49666b30-7950-49c5-bedf-9dc8f3168102

Modified: tor/trunk/ChangeLog
===================================================================

--- tor/trunk/ChangeLog	2008-02-21 15:41:14 UTC (rev 13656)
+++ tor/trunk/ChangeLog	2008-02-21 16:11:58 UTC (rev 13657)
@@ -72,6 +72,10 @@
     - Alter the code that tries to recover from unhandled write
       errors, to not try to flush onto a socket that's given us
       unhandled errors.  Bugfix on 0.1.2.x.
+    - Report TLS "zero return" case as a "clean close" and "IO error"
+      as a "close".  Stop calling closes "unexpected closes": existing
+      Tors don't use SSL_close(), so having a connection close without
+      the TLS shutdown handshake is hardly unexpected.
 
   o Code simplifications and refactoring:
     - Remove the tor_strpartition function: its logic was confused,

Modified: tor/trunk/src/common/tortls.c
===================================================================
--- tor/trunk/src/common/tortls.c	2008-02-21 15:41:14 UTC (rev 13656)
+++ tor/trunk/src/common/tortls.c	2008-02-21 16:11:58 UTC (rev 13657)
@@ -282,12 +282,9 @@
     case SSL_ERROR_ZERO_RETURN:
       if (extra&CATCH_ZERO)
         return _TOR_TLS_ZERORETURN;
-      log(severity, LD_NET, "TLS error: Zero return");
+      log(severity, LD_NET, "TLS connection closed while %s", doing);
       tls_log_errors(tls, severity, doing);
-      /* XXXX020rc Actually, a 'zero return' error has a pretty specific
-       * meaning: the connection has been closed cleanly. -NM
-       * Great. Do something smart here then. :) -RD */
-      return TOR_TLS_ERROR_MISC;
+      return TOR_TLS_CLOSE;
     default:
       tls_log_errors(tls, severity, doing);
       return TOR_TLS_ERROR_MISC;
@@ -858,7 +855,7 @@
     return r;
   }
   err = tor_tls_get_error(tls, r, CATCH_ZERO, "reading", LOG_DEBUG);
-  if (err == _TOR_TLS_ZERORETURN) {
+  if (err == _TOR_TLS_ZERORETURN || err == TOR_TLS_CLOSE) {
     log_debug(LD_NET,"read returned r=%d; TLS is closed",r);
     tls->state = TOR_TLS_ST_CLOSED;
     return TOR_TLS_CLOSE;

Modified: tor/trunk/src/common/tortls.h
===================================================================
--- tor/trunk/src/common/tortls.h	2008-02-21 15:41:14 UTC (rev 13656)
+++ tor/trunk/src/common/tortls.h	2008-02-21 16:11:58 UTC (rev 13657)
@@ -22,7 +22,7 @@
 /* Possible return values for most tor_tls_* functions. */
 #define _MIN_TOR_TLS_ERROR_VAL     -9
 #define TOR_TLS_ERROR_MISC         -9
-/* Rename to unexpected close or something. XXXX */
+/* Rename to unexpected close or something. XXXX021 */
 #define TOR_TLS_ERROR_IO           -8
 #define TOR_TLS_ERROR_CONNREFUSED  -7
 #define TOR_TLS_ERROR_CONNRESET    -6
@@ -33,16 +33,20 @@
 #define TOR_TLS_WANTWRITE          -1
 #define TOR_TLS_DONE                0
 
-/** Use this macro in a switch statement to catch _any_ TLS error.  That way,
- * if more errors are added, your switches will still work. */
-#define CASE_TOR_TLS_ERROR_ANY                  \
+/** DOCDOC XXXX021 also rename me. */
+#define CASE_TOR_TLS_ERROR_ANY_NONIO            \
   case TOR_TLS_ERROR_MISC:                      \
-  case TOR_TLS_ERROR_IO:                        \
   case TOR_TLS_ERROR_CONNREFUSED:               \
   case TOR_TLS_ERROR_CONNRESET:                 \
   case TOR_TLS_ERROR_NO_ROUTE:                  \
   case TOR_TLS_ERROR_TIMEOUT
 
+/** Use this macro in a switch statement to catch _any_ TLS error.  That way,
+ * if more errors are added, your switches will still work. */
+#define CASE_TOR_TLS_ERROR_ANY                  \
+  CASE_TOR_TLS_ERROR_ANY_NONIO:                 \
+  case TOR_TLS_ERROR_IO
+
 #define TOR_TLS_IS_ERROR(rv) ((rv) < TOR_TLS_CLOSE)
 const char *tor_tls_err_to_string(int err);
 

Modified: tor/trunk/src/or/connection.c
===================================================================
--- tor/trunk/src/or/connection.c	2008-02-21 15:41:14 UTC (rev 13656)
+++ tor/trunk/src/or/connection.c	2008-02-21 16:11:58 UTC (rev 13657)
@@ -1945,12 +1945,14 @@
 
     switch (result) {
       case TOR_TLS_CLOSE:
-        log_info(LD_NET,"TLS connection closed on read. Closing. "
+      case TOR_TLS_ERROR_IO:
+        log_info(LD_NET,"TLS connection closed %son read. Closing. "
                  "(Nickname %s, address %s",
+                 result == TOR_TLS_CLOSE ? "cleanly " : "",
                  or_conn->nickname ? or_conn->nickname : "not set",
                  conn->address);
         return result;
-      CASE_TOR_TLS_ERROR_ANY:
+      CASE_TOR_TLS_ERROR_ANY_NONIO:
         log_info(LD_NET,"tls error [%s]. breaking (nickname %s, address %s).",
                  tor_tls_err_to_string(result),
                  or_conn->nickname ? or_conn->nickname : "not set",

