v2:
* Bump log level for attack attempt message
* More clear message for float event
v1:
* Decrease log level for peer float message
Signed-off-by: Lev Stipakov <lstipakov@gmail.com>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: 1444909182-11785-1-git-send-email-lstipakov@gmail.com
URL: http://article.gmane.org/gmane.network.openvpn.devel/10276
Signed-off-by: David Sommerseth <davids@redhat.com>
... | ... |
@@ -79,7 +79,7 @@ multi_get_create_instance_udp (struct multi_context *m, bool *floated) |
79 | 79 |
{ |
80 | 80 |
/* reset prefix, since here we are not sure peer is the one it claims to be */ |
81 | 81 |
ungenerate_prefix(mi); |
82 |
- msg (D_MULTI_ERRORS, "Untrusted peer %" PRIu32 " wants to float to %s", peer_id, |
|
82 |
+ msg (D_MULTI_MEDIUM, "Float requested for peer %" PRIu32 " to %s", peer_id, |
|
83 | 83 |
mroute_addr_print (&real, &gc)); |
84 | 84 |
} |
85 | 85 |
} |
... | ... |
@@ -2286,7 +2286,7 @@ void multi_process_float (struct multi_context* m, struct multi_instance* mi) |
2286 | 2286 |
/* do not float if target address is taken by client with another cert */ |
2287 | 2287 |
if (!cert_hash_compare(m1->locked_cert_hash_set, m2->locked_cert_hash_set)) |
2288 | 2288 |
{ |
2289 |
- msg (D_MULTI_MEDIUM, "Disallow float to an address taken by another client %s", |
|
2289 |
+ msg (D_MULTI_LOW, "Disallow float to an address taken by another client %s", |
|
2290 | 2290 |
multi_instance_string (ex_mi, false, &gc)); |
2291 | 2291 |
|
2292 | 2292 |
mi->context.c2.buf.len = 0; |