Refine float logging

v2:
 * Bump log level for attack attempt message
 * More clear message for float event

v1:
 * Decrease log level for peer float message

Signed-off-by: Lev Stipakov <lstipakov@gmail.com>
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: 1444909182-11785-1-git-send-email-lstipakov@gmail.com
URL: http://article.gmane.org/gmane.network.openvpn.devel/10276
Signed-off-by: David Sommerseth <davids@redhat.com>

diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c
index 3aed3a0a01532245e63f9f50cf9cd39af5f7f031..ce6720604f9faf24bbb4a286cc598fdd46e6a728 100644 (file)
--- a/src/openvpn/mudp.c
+++ b/src/openvpn/mudp.c
@@ -79,7 +79,7 @@ multi_get_create_instance_udp (struct multi_context *m, bool *floated)
              {
                /* reset prefix, since here we are not sure peer is the one it claims to be */
                ungenerate_prefix(mi);
-               msg (D_MULTI_ERRORS, "Untrusted peer %" PRIu32 " wants to float to %s", peer_id,
+               msg (D_MULTI_MEDIUM, "Float requested for peer %" PRIu32 " to %s", peer_id,
                        mroute_addr_print (&real, &gc));
              }
            }

diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index 05c36db4b0a09298f0b7dd4ff46dfd1d63ebb2fa..7c3aaaca4a70ce8856787596a4bb9b420ed46ba5 100644 (file)
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -2286,7 +2286,7 @@ void multi_process_float (struct multi_context* m, struct multi_instance* mi)
       /* do not float if target address is taken by client with another cert */
       if (!cert_hash_compare(m1->locked_cert_hash_set, m2->locked_cert_hash_set))
        {
-         msg (D_MULTI_MEDIUM, "Disallow float to an address taken by another client %s",
+         msg (D_MULTI_LOW, "Disallow float to an address taken by another client %s",
               multi_instance_string (ex_mi, false, &gc));
 
          mi->context.c2.buf.len = 0;