Browse code
Refine float logging
v2:
* Bump log level for attack attempt message
* More clear message for float event
v1:
* Decrease log level for peer float message
Signed-off-by: Lev Stipakov <lstipakov@gmail.com>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: 1444909182-11785-1-git-send-email-lstipakov@gmail.com
URL: http://article.gmane.org/gmane.network.openvpn.devel/10276
Signed-off-by: David Sommerseth <davids@redhat.com>
Lev Stipakov authored on 2015/10/15 20:39:42Showing 2 changed files
| ... | ... |
@@ -79,7 +79,7 @@ multi_get_create_instance_udp (struct multi_context *m, bool *floated) |
| 79 | 79 |
{
|
| 80 | 80 |
/* reset prefix, since here we are not sure peer is the one it claims to be */ |
| 81 | 81 |
ungenerate_prefix(mi); |
| 82 |
- msg (D_MULTI_ERRORS, "Untrusted peer %" PRIu32 " wants to float to %s", peer_id, |
|
| 82 |
+ msg (D_MULTI_MEDIUM, "Float requested for peer %" PRIu32 " to %s", peer_id, |
|
| 83 | 83 |
mroute_addr_print (&real, &gc)); |
| 84 | 84 |
} |
| 85 | 85 |
} |
| ... | ... |
@@ -2286,7 +2286,7 @@ void multi_process_float (struct multi_context* m, struct multi_instance* mi) |
| 2286 | 2286 |
/* do not float if target address is taken by client with another cert */ |
| 2287 | 2287 |
if (!cert_hash_compare(m1->locked_cert_hash_set, m2->locked_cert_hash_set)) |
| 2288 | 2288 |
{
|
| 2289 |
- msg (D_MULTI_MEDIUM, "Disallow float to an address taken by another client %s", |
|
| 2289 |
+ msg (D_MULTI_LOW, "Disallow float to an address taken by another client %s", |
|
| 2290 | 2290 |
multi_instance_string (ex_mi, false, &gc)); |
| 2291 | 2291 |
|
| 2292 | 2292 |
mi->context.c2.buf.len = 0; |