]> git.ipfire.org Git - thirdparty/tor.git/commitdiff
projects / thirdparty / tor.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 511c900)
Improve clarity, safety, and rate of dns spoofing log msg
authorNick Mathewson <nickm@torproject.org>
Wed, 24 May 2017 14:32:38 +0000 (10:32 -0400)
committerNick Mathewson <nickm@torproject.org>
Fri, 23 Jun 2017 13:28:17 +0000 (09:28 -0400)
Closes ticket 3056.

changes/bug3056 [new file with mode: 0644] patch | blob
src/or/dns.c patch | blob | blame | history

diff --git a/changes/bug3056 b/changes/bug3056
new file mode 100644 (file)
index 0000000..62bec20
--- /dev/null
+++ b/changes/bug3056
@@ -0,0 +1,3 @@
+   o Minor features (exit relay, DNS):
+     - Improve the clarity and safety of the log message from evdns when
+       receiving an apparent spoofed DNS reply. Closes ticket 3056.
diff --git a/src/or/dns.c b/src/or/dns.c
index 024a21abfea87a3248edf6a8b5ef5c81e9ce2574..53f7a820f3d65daf0e1037c60a80ab958a2e79d4 100644 (file)
--- a/src/or/dns.c
+++ b/src/or/dns.c
@@ -182,6 +182,18 @@ evdns_log_cb(int warn, const char *msg)
   } else if (!strcmp(msg, "All nameservers have failed")) {
     control_event_server_status(LOG_WARN, "NAMESERVER_ALL_DOWN");
     all_down = 1;
+  } else if (!strcmpstart(msg, "Address mismatch on received DNS")) {
+    static ratelim_t mismatch_limit = RATELIM_INIT(3600);
+    const char *src = strstr(msg, " Apparent source");
+    if (!src || get_options()->SafeLogging) {
+      src = "";
+    }
+    log_fn_ratelim(&mismatch_limit, severity, LD_EXIT,
+                   "eventdns: Received a DNS packet from "
+                   "an IP address to which we did not send a request. This "
+                   "could be a DNS spoofing attempt, or some kind of "
+                   "misconfiguration.%s", src);
+    return;
   }
   tor_log(severity, LD_EXIT, "eventdns: %s", msg);
 }
Mirror of https://git.torproject.org/tor.git