From e5caf86ea4820044e87aaddcf77446d40a2bddc7 Mon Sep 17 00:00:00 2001 From: Richard Fuchs Date: Fri, 18 May 2018 07:47:13 -0400 Subject: [PATCH] TT#36759 rate limiting for ICE/STUN log messages Change-Id: Iac172a52ac9a48d5ff62995454bda108680228d7 (cherry picked from commit c3eacd16fb07a7c2430ac489e3976e4443bc8fbe) --- daemon/ice.c | 4 ++-- daemon/stun.c | 15 +++++++++------ 2 files changed, 11 insertions(+), 8 deletions(-) diff --git a/daemon/ice.c b/daemon/ice.c index ba04a1ee8..12048c51b 100644 --- a/daemon/ice.c +++ b/daemon/ice.c @@ -1154,7 +1154,7 @@ int ice_request(struct stream_fd *sfd, const endpoint_t *src, err_unlock: mutex_unlock(&ag->lock); - ilog(LOG_NOTICE, "%s (from %s on interface %s)", err, endpoint_print_buf(src), + ilog(LOG_NOTICE | LOG_FLAG_LIMIT, "%s (from %s on interface %s)", err, endpoint_print_buf(src), endpoint_print_buf(&sfd->socket.local)); return 0; } @@ -1305,7 +1305,7 @@ err_unlock: mutex_unlock(&ag->lock); err: if (err) - ilog(LOG_NOTICE, "%s (from %s on interface %s)", + ilog(LOG_NOTICE | LOG_FLAG_LIMIT, "%s (from %s on interface %s)", err, endpoint_print_buf(src), endpoint_print_buf(&sfd->socket.local)); if (pair && attrs->error_code) diff --git a/daemon/stun.c b/daemon/stun.c index a236f0e98..d8767891b 100644 --- a/daemon/stun.c +++ b/daemon/stun.c @@ -222,9 +222,12 @@ static int stun_attributes(struct stun_attrs *out, str *s, u_int16_t *unknowns, break; default: - ilog(LOG_NOTICE, "Unknown STUN attribute: 0x%04x", type); - if ((type & 0x8000)) + if ((type & 0x8000)) { + // comprehension optional + ilog(LOG_DEBUG, "Unknown STUN attribute: 0x%04x", type); break; + } + ilog(LOG_NOTICE | LOG_FLAG_LIMIT, "Unknown STUN attribute: 0x%04x", type); unknowns[uc] = tlv->type; unknowns[++uc] = 0xffff; if (uc >= UNKNOWNS_COUNT - 1) @@ -581,7 +584,7 @@ int stun(str *b, struct stream_fd *sfd, const endpoint_t *sin) { err = "failed to parse attributes"; if (unknowns[0] == 0xffff) goto ignore; - ilog(LOG_WARNING, "STUN packet contained unknown " + ilog(LOG_WARNING | LOG_FLAG_LIMIT, "STUN packet contained unknown " "\"comprehension required\" attribute(s)" SLF, SLP); stun_error_attrs(sfd, sin, req, 420, "Unknown attribute", STUN_UNKNOWN_ATTRIBUTES, unknowns, @@ -627,15 +630,15 @@ int stun(str *b, struct stream_fd *sfd, const endpoint_t *sin) { /* notreached */ bad_req: - ilog(LOG_NOTICE, "Received invalid STUN packet" SLF ": %s", SLP, err); + ilog(LOG_NOTICE | LOG_FLAG_LIMIT, "Received invalid STUN packet" SLF ": %s", SLP, err); stun_error(sfd, sin, req, 400, "Bad request"); return 0; unauth: - ilog(LOG_NOTICE, "STUN authentication mismatch" SLF, SLP); + ilog(LOG_NOTICE | LOG_FLAG_LIMIT, "STUN authentication mismatch" SLF, SLP); stun_error(sfd, sin, req, 401, "Unauthorized"); return 0; ignore: - ilog(LOG_NOTICE, "Not handling potential STUN packet" SLF ": %s", SLP, err); + ilog(LOG_NOTICE | LOG_FLAG_LIMIT, "Not handling potential STUN packet" SLF ": %s", SLP, err); return -1; }