[tor-commits] [tor/master] relay: Log the address in circuit protocol warnings
nickm at torproject.org
nickm at torproject.org
Wed Apr 29 23:23:42 UTC 2020
commit 44f71e08c414f6c7aad6304e24be90d5d320c95b
Author: teor <teor at torproject.org>
Date: Wed Apr 15 09:55:09 2020 +1000
relay: Log the address in circuit protocol warnings
Always log the address family in extend protocol warnings.
If SafeLogging is 0, also log the address and port.
Diagnostics for 33817.
---
src/feature/relay/circuitbuild_relay.c | 12 ++++++++++--
src/test/test_circuitbuild.c | 19 ++++++++++---------
2 files changed, 20 insertions(+), 11 deletions(-)
diff --git a/src/feature/relay/circuitbuild_relay.c b/src/feature/relay/circuitbuild_relay.c
index dd38a2825..05146f1b6 100644
--- a/src/feature/relay/circuitbuild_relay.c
+++ b/src/feature/relay/circuitbuild_relay.c
@@ -130,16 +130,24 @@ static int
circuit_extend_addr_port_helper(const struct tor_addr_port_t *ap,
int log_level)
{
+ /* It's safe to print the family. But we don't want to print the address,
+ * unless specifically configured to do so. (Zero addresses aren't sensitive,
+ * But some internal addresses might be.)*/
+
if (!tor_addr_port_is_valid_ap(ap, 0)) {
log_fn(log_level, LD_PROTOCOL,
- "Client asked me to extend to zero destination port or addr.");
+ "Client asked me to extend to a zero destination port or "
+ "%s address '%s'.",
+ fmt_addr_family(&ap->addr), safe_str(fmt_addrport_ap(ap)));
return -1;
}
if (tor_addr_is_internal(&ap->addr, 0) &&
!get_options()->ExtendAllowPrivateAddresses) {
log_fn(log_level, LD_PROTOCOL,
- "Client asked me to extend to a private address.");
+ "Client asked me to extend to a private %s address '%s'.",
+ fmt_addr_family(&ap->addr),
+ safe_str(fmt_and_decorate_addr(&ap->addr)));
return -1;
}
diff --git a/src/test/test_circuitbuild.c b/src/test/test_circuitbuild.c
index 061f39937..ab5c9c993 100644
--- a/src/test/test_circuitbuild.c
+++ b/src/test/test_circuitbuild.c
@@ -521,21 +521,21 @@ test_circuit_extend_lspec_valid(void *arg)
/* IPv4 addr or port are 0, these should fail */
tt_int_op(circuit_extend_lspec_valid_helper(ec, circ), OP_EQ, -1);
- expect_log_msg("Client asked me to extend to "
- "zero destination port or addr.\n");
+ expect_log_msg("Client asked me to extend to a zero destination port "
+ "or unspecified address '[scrubbed]'.\n");
mock_clean_saved_logs();
tor_addr_parse(&ec->orport_ipv4.addr, PUBLIC_IPV4);
tt_int_op(circuit_extend_lspec_valid_helper(ec, circ), OP_EQ, -1);
- expect_log_msg("Client asked me to extend to "
- "zero destination port or addr.\n");
+ expect_log_msg("Client asked me to extend to a zero destination port "
+ "or IPv4 address '[scrubbed]'.\n");
mock_clean_saved_logs();
tor_addr_make_null(&ec->orport_ipv4.addr, AF_INET);
ec->orport_ipv4.port = VALID_PORT;
tt_int_op(circuit_extend_lspec_valid_helper(ec, circ), OP_EQ, -1);
- expect_log_msg("Client asked me to extend to "
- "zero destination port or addr.\n");
+ expect_log_msg("Client asked me to extend to a zero destination port "
+ "or IPv4 address '[scrubbed]'.\n");
mock_clean_saved_logs();
ec->orport_ipv4.port = 0;
@@ -546,7 +546,8 @@ test_circuit_extend_lspec_valid(void *arg)
fake_options->ExtendAllowPrivateAddresses = 0;
tt_int_op(circuit_extend_lspec_valid_helper(ec, circ), OP_EQ, -1);
- expect_log_msg("Client asked me to extend to a private address.\n");
+ expect_log_msg("Client asked me to extend "
+ "to a private IPv4 address '[scrubbed]'.\n");
mock_clean_saved_logs();
fake_options->ExtendAllowPrivateAddresses = 0;
@@ -1002,8 +1003,8 @@ test_circuit_extend(void *arg)
tt_int_op(circuit_extend(cell, circ), OP_EQ, -1);
tt_int_op(mock_extend_cell_parse_calls, OP_EQ, 1);
- expect_log_msg("Client asked me to extend to "
- "zero destination port or addr.\n");
+ expect_log_msg("Client asked me to extend to a zero destination port "
+ "or unspecified address '[scrubbed]'.\n");
mock_clean_saved_logs();
mock_extend_cell_parse_calls = 0;
More information about the tor-commits
mailing list