Re: [Openvpn-devel] [PATCH] Refine float logging

2015-10-15 Thread Steffan Karger 

On 15 Oct 2015 13:40, Lev Stipakov wrote:
> v2:
>  * Bump log level for attack attempt message
>  * More clear message for float event
> 
> v1:
>  * Decrease log level for peer float message
> 
> Signed-off-by: Lev Stipakov 
> ---
>  src/openvpn/mudp.c  | 2 +-
>  src/openvpn/multi.c | 2 +-
>  2 files changed, 2 insertions(+), 2 deletions(-)
> 
> diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c
> index 3aed3a0..ce67206 100644
> --- a/src/openvpn/mudp.c
> +++ b/src/openvpn/mudp.c
> @@ -79,7 +79,7 @@ multi_get_create_instance_udp (struct multi_context
> *m, bool *floated)
> {
>   /* reset prefix, since here we are not sure peer is the one
> it claims to be */
>   ungenerate_prefix(mi);
> - msg (D_MULTI_ERRORS, "Untrusted peer %" PRIu32 " wants to
> float to %s", peer_id,
> + msg (D_MULTI_MEDIUM, "Float requested for peer %" PRIu32 " to
> %s", peer_id,
>   mroute_addr_print (, ));
> }
>   }
> diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
> index 05c36db..7c3aaac 100644
> --- a/src/openvpn/multi.c
> +++ b/src/openvpn/multi.c
> @@ -2286,7 +2286,7 @@ void multi_process_float (struct multi_context* m,
> struct multi_instance* mi)
>/* do not float if target address is taken by client with another
> cert */
>if (!cert_hash_compare(m1->locked_cert_hash_set, m2-
> >locked_cert_hash_set))
>   {
> -   msg (D_MULTI_MEDIUM, "Disallow float to an address taken by
> another client %s",
> +   msg (D_MULTI_LOW, "Disallow float to an address taken by another
> client %s",
>  multi_instance_string (ex_mi, false, ));
> 
> mi->context.c2.buf.len = 0;

Even-more-ACK

-Steffan

[Openvpn-devel] [PATCH] Refine float logging

2015-10-15 Thread Lev Stipakov 
v2:
 * Bump log level for attack attempt message
 * More clear message for float event

v1:
 * Decrease log level for peer float message

Signed-off-by: Lev Stipakov 
---
 src/openvpn/mudp.c  | 2 +-
 src/openvpn/multi.c | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c
index 3aed3a0..ce67206 100644
--- a/src/openvpn/mudp.c
+++ b/src/openvpn/mudp.c
@@ -79,7 +79,7 @@ multi_get_create_instance_udp (struct multi_context *m, bool 
*floated)
  {
/* reset prefix, since here we are not sure peer is the one it 
claims to be */
ungenerate_prefix(mi);
-   msg (D_MULTI_ERRORS, "Untrusted peer %" PRIu32 " wants to float 
to %s", peer_id,
+   msg (D_MULTI_MEDIUM, "Float requested for peer %" PRIu32 " to 
%s", peer_id,
mroute_addr_print (, ));
  }
}
diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index 05c36db..7c3aaac 100644
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -2286,7 +2286,7 @@ void multi_process_float (struct multi_context* m, struct 
multi_instance* mi)
   /* do not float if target address is taken by client with another cert */
   if (!cert_hash_compare(m1->locked_cert_hash_set, 
m2->locked_cert_hash_set))
{
- msg (D_MULTI_MEDIUM, "Disallow float to an address taken by another 
client %s",
+ msg (D_MULTI_LOW, "Disallow float to an address taken by another 
client %s",
   multi_instance_string (ex_mi, false, ));

  mi->context.c2.buf.len = 0;
-- 
1.9.1