Commit 932106f5 authored by Nick Mathewson's avatar Nick Mathewson 🏃
Browse files

Efficiency hack: call tor_fix_source_file late, not early. Add "BUG" domain....

Efficiency hack: call tor_fix_source_file late, not early.  Add "BUG" domain. Domains are now bitmasks... just in case. Make some err msgs non-general.


svn:r5309
parent 452f4cfa
......@@ -177,6 +177,7 @@ tor_memmem(const void *_haystack, size_t hlen, const void *_needle, size_t nlen)
#endif
}
#ifdef MS_WINDOWS
/** Take a filename and return a pointer to its final element. This
* function is called on __FILE__ to fix a MSVC nit where __FILE__
* contains the full path to the file. This is bad, because it
......@@ -184,7 +185,7 @@ tor_memmem(const void *_haystack, size_t hlen, const void *_needle, size_t nlen)
* compiled the binary in their warrning messages.
*/
const char *
_tor_fix_source_file(const char *fname)
tor_fix_source_file(const char *fname)
{
const char *cp1, *cp2, *r;
cp1 = strrchr(fname, '/');
......@@ -200,6 +201,7 @@ _tor_fix_source_file(const char *fname)
}
return r;
}
#endif
#ifndef UNALIGNED_INT_ACCESS_OK
/**
......@@ -499,7 +501,7 @@ switch_id(char *user, char *group)
if (user) {
pw = getpwnam(user);
if (pw == NULL) {
err("User '%s' not found.", user);
err(LD_CONFIG,"User '%s' not found.", user);
return -1;
}
}
......@@ -508,17 +510,17 @@ switch_id(char *user, char *group)
if (group) {
gr = getgrnam(group);
if (gr == NULL) {
err("Group '%s' not found.", group);
err(LD_CONFIG,"Group '%s' not found.", group);
return -1;
}
if (setgid(gr->gr_gid) != 0) {
err("Error setting GID: %s", strerror(errno));
err(LD_GENERAL,"Error setting GID: %s", strerror(errno));
return -1;
}
} else if (user) {
if (setgid(pw->pw_gid) != 0) {
err("Error setting GID: %s", strerror(errno));
err(LD_GENERAL,"Error setting GID: %s", strerror(errno));
return -1;
}
}
......@@ -527,7 +529,7 @@ switch_id(char *user, char *group)
privileges */
if (user) {
if (setuid(pw->pw_uid) != 0) {
err("Error setting UID: %s", strerror(errno));
err(LD_GENERAL,"Error setting UID: %s", strerror(errno));
return -1;
}
}
......@@ -535,8 +537,7 @@ switch_id(char *user, char *group)
return 0;
#endif
err("User or group specified, but switching users is not supported.");
err(LD_CONFIG,"User or group specified, but switching users is not supported.");
return -1;
}
......@@ -550,7 +551,7 @@ get_user_homedir(const char *username)
tor_assert(username);
if (!(pw = getpwnam(username))) {
err("User \"%s\" not found.", username);
err(LD_CONFIG,"User \"%s\" not found.", username);
return NULL;
}
return tor_strdup(pw->pw_dir);
......@@ -894,7 +895,7 @@ tor_gettimeofday(struct timeval *timeval)
/* number of 100-nsec units since Jan 1, 1601 */
GetSystemTimeAsFileTime(&ft.ft_ft);
if (ft.ft_64 < EPOCH_BIAS) {
err("System time is before 1970; failing.");
err(LD_GENERAL,"System time is before 1970; failing.");
exit(1);
}
ft.ft_64 -= EPOCH_BIAS;
......@@ -902,7 +903,7 @@ tor_gettimeofday(struct timeval *timeval)
timeval->tv_usec = (unsigned) ((ft.ft_64 / UNITS_PER_USEC) % USEC_PER_SEC);
#elif defined(HAVE_GETTIMEOFDAY)
if (gettimeofday(timeval, NULL)) {
err("gettimeofday failed.");
err(LD_GENERAL,"gettimeofday failed.");
/* If gettimeofday dies, we have either given a bad timezone (we didn't),
or segfaulted.*/
exit(1);
......
......@@ -100,8 +100,13 @@ const void *tor_memmem(const void *haystack, size_t hlen, const void *needle,
#define TOR_ISDIGIT(c) isdigit((int)(unsigned char)(c))
#define TOR_ISPRINT(c) isprint((int)(unsigned char)(c))
#define _SHORT_FILE_ (_tor_fix_source_file(__FILE__))
const char *_tor_fix_source_file(const char *fname);
#ifdef MS_WINDOWS
#define _SHORT_FILE_ (tor_fix_source_file(__FILE__))
const char *tor_fix_source_file(const char *fname);
#else
#define _SHORT_FILE_ (__FILE__)
#define tor_fix_source_file(s) (s)
#endif
/* ===== Time compatibility */
#if !defined(HAVE_GETTIMEOFDAY) && !defined(HAVE_STRUCT_TIMEVAL_TV_SEC)
......
......@@ -184,7 +184,7 @@ format_msg(char *buf, size_t buf_len,
* message. The actual message is derived as from tor_snprintf(format,ap).
*/
static void
logv(int severity, int domain, const char *funcname, const char *format,
logv(int severity, unsigned int domain, const char *funcname, const char *format,
va_list ap)
{
char buf[10024];
......@@ -234,7 +234,7 @@ logv(int severity, int domain, const char *funcname, const char *format,
/** Output a message to the log. */
void
_log(int severity, int domain, const char *format, ...)
_log(int severity, unsigned int domain, const char *format, ...)
{
va_list ap;
va_start(ap,format);
......@@ -245,7 +245,7 @@ _log(int severity, int domain, const char *format, ...)
/** Output a message to the log, prefixed with a function name <b>fn</b>. */
#ifdef __GNUC__
void
_log_fn(int severity, int domain, const char *fn, const char *format, ...)
_log_fn(int severity, unsigned int domain, const char *fn, const char *format, ...)
{
va_list ap;
va_start(ap,format);
......@@ -255,7 +255,7 @@ _log_fn(int severity, int domain, const char *fn, const char *format, ...)
#else
const char *_log_fn_function_name=NULL;
void
_log_fn(int severity, int domain, const char *format, ...)
_log_fn(int severity, unsigned int domain, const char *format, ...)
{
va_list ap;
va_start(ap,format);
......@@ -264,7 +264,7 @@ _log_fn(int severity, int domain, const char *format, ...)
_log_fn_function_name = NULL;
}
void
_debug(int domain, const char *format, ...)
_debug(unsigned int domain, const char *format, ...)
{
va_list ap;
va_start(ap,format);
......@@ -273,7 +273,7 @@ _debug(int domain, const char *format, ...)
_log_fn_function_name = NULL;
}
void
_info(int domain, const char *format, ...)
_info(unsigned int domain, const char *format, ...)
{
va_list ap;
va_start(ap,format);
......@@ -282,7 +282,7 @@ _info(int domain, const char *format, ...)
_log_fn_function_name = NULL;
}
void
_notice(int domain, const char *format, ...)
_notice(unsigned int domain, const char *format, ...)
{
va_list ap;
va_start(ap,format);
......@@ -291,7 +291,7 @@ _notice(int domain, const char *format, ...)
_log_fn_function_name = NULL;
}
void
_warn(int domain, const char *format, ...)
_warn(unsigned int domain, const char *format, ...)
{
va_list ap;
va_start(ap,format);
......@@ -300,11 +300,11 @@ _warn(int domain, const char *format, ...)
_log_fn_function_name = NULL;
}
void
_err(const char *format, ...)
_err(unsigned int domain, const char *format, ...)
{
va_list ap;
va_start(ap,format);
logv(LOG_ERR, LD_GENERAL, _log_fn_function_name, format, ap);
logv(LOG_ERR, domain, _log_fn_function_name, format, ap);
va_end(ap);
_log_fn_function_name = NULL;
}
......
......@@ -53,39 +53,41 @@
/* Logging domains */
/** Catch-all for miscellaneous events and fatal errors */
#define LD_GENERAL 0
#define LD_GENERAL (1u<<0)
/** The cryptography subsytem */
#define LD_CRYPTO 1
#define LD_CRYPTO (1u<<1)
/** Networking */
#define LD_NET 2
#define LD_NET (1u<<2)
/** Parsing and acting on our configuration */
#define LD_CONFIG 3
#define LD_CONFIG (1u<<3)
/** Reading and writing from the filesystem */
#define LD_FS 4
#define LD_FS (1u<<4)
/** Other servers' (non)compliance with the Tor protocol */
#define LD_PROTOCOL 5
#define LD_PROTOCOL (1u<<5)
/** Memory management */
#define LD_MM 6
#define LD_MM (1u<<6)
/** HTTP implementation */
#define LD_HTTP 7
#define LD_HTTP (1u<<7)
/** Application (socks) requests */
#define LD_APP 8
#define LD_APP (1u<<8)
/** Communication via the controller protocol */
#define LD_CONTROL 9
#define LD_CONTROL (1u<<9)
/** Building, using, and managing circuits */
#define LD_CIRC 10
#define LD_CIRC (1u<<10)
/** Hidden services */
#define LD_REND 11
#define LD_REND (1u<<11)
/** Internal errors in this Tor process. */
#define LD_BUG 12
#define LD_BUG (1u<<12)
/** Learning and using information about Tor servers. */
#define LD_DIR 13
#define LD_DIR (1u<<13)
/** Learning and using information about Tor servers. */
#define LD_DIRSERV 14
#define LD_DIRSERV (1u<<14)
/** Onion routing protocol. */
#define LD_OR 15
#define LD_OR (1u<<15)
/** Connections leaving Tor, other exit stuff. */
#define LD_EXIT (1u<<16)
typedef void (*log_callback)(int severity, int domain, const char *msg);
typedef void (*log_callback)(int severity, unsigned int domain, const char *msg);
int parse_log_level(const char *level);
const char *log_level_to_string(int level);
......@@ -108,10 +110,10 @@ void change_callback_log_severity(int loglevelMin, int loglevelMax,
log_callback cb);
/* Outputs a message to stdout */
void _log(int severity, int domain, const char *format, ...) CHECK_PRINTF(3,4);
void _log(int severity, unsigned int domain, const char *format, ...) CHECK_PRINTF(3,4);
#ifdef __GNUC__
void _log_fn(int severity, int domain,
void _log_fn(int severity, unsigned int domain,
const char *funcname, const char *format, ...)
CHECK_PRINTF(4,5);
/** Log a message at level <b>severity</b>, using a pretty-printed version
......@@ -134,16 +136,16 @@ void _log_fn(int severity, int domain,
_log_fn(LOG_INFO, domain, __PRETTY_FUNCTION__, args)
#define warn(domain, args...) \
_log_fn(LOG_INFO, domain, __PRETTY_FUNCTION__, args)
#define err(args...) \
_log_fn(LOG_ERR, LD_GENERAL, __PRETTY_FUNCTION__, args)
#define err(domain, args...) \
_log_fn(LOG_ERR, domain, __PRETTY_FUNCTION__, args)
#else
void _log_fn(int severity, int domain, const char *format, ...);
void _debug(int domain, const char *format, ...);
void _info(int domain, const char *format, ...);
void _notice(int domain, const char *format, ...);
void _warn(int domain, const char *format, ...);
void _err(const char *format, ...);
void _log_fn(int severity, unsigned int domain, const char *format, ...);
void _debug(unsigned int domain, const char *format, ...);
void _info(unsigned int domain, const char *format, ...);
void _notice(unsigned int domain, const char *format, ...);
void _warn(unsigned int domain, const char *format, ...);
void _err(unsigned int domain, const char *format, ...);
#define log _log /* hack it so we don't conflict with log() as much */
......
......@@ -866,8 +866,8 @@ _check_no_tls_errors(const char *fname, int line)
{
if (ERR_peek_error() == 0)
return;
log_fn(LOG_WARN, LD_CRYPTO, "Unhandled OpenSSL errors found at %s:%d: ",
fname, line);
log(LOG_WARN, LD_CRYPTO, "Unhandled OpenSSL errors found at %s:%d: ",
tor_fix_source_file(fname), line);
tls_log_errors(LOG_WARN, NULL);
}
......@@ -46,7 +46,7 @@ unsigned long tor_tls_get_n_bytes_written(tor_tls_t *tls);
/* Log and abort if there are unhandled TLS errors in OpenSSL's error stack.
*/
#define check_no_tls_errors() _check_no_tls_errors(_SHORT_FILE_,__LINE__)
#define check_no_tls_errors() _check_no_tls_errors(__FILE__,__LINE__)
void _check_no_tls_errors(const char *fname, int line);
......
......@@ -127,7 +127,7 @@ _tor_malloc(size_t size DMALLOC_PARAMS)
result = dmalloc_malloc(file, line, size, DMALLOC_FUNC_MALLOC, 0, 0);
if (!result) {
err("Out of memory. Dying.");
err(LD_MM,"Out of memory. Dying.");
/* XXX if these functions die within a worker process, they won't
* call spawn_exit */
exit(1);
......@@ -159,7 +159,7 @@ _tor_realloc(void *ptr, size_t size DMALLOC_PARAMS)
result = dmalloc_realloc(file, line, ptr, size, DMALLOC_FUNC_REALLOC, 0);
if (!result) {
err("Out of memory. Dying.");
err(LD_MM,"Out of memory. Dying.");
exit(1);
}
return result;
......@@ -177,7 +177,7 @@ _tor_strdup(const char *s DMALLOC_PARAMS)
dup = dmalloc_strdup(file, line, s, 0);
if (!dup) {
err("Out of memory. Dying.");
err(LD_MM,"Out of memory. Dying.");
exit(1);
}
return dup;
......@@ -1594,7 +1594,7 @@ start_daemon(void)
pipe(daemon_filedes);
pid = fork();
if (pid < 0) {
err("fork failed. Exiting.");
err(LD_GENERAL,"fork failed. Exiting.");
exit(1);
}
if (pid) { /* Parent */
......@@ -1649,14 +1649,14 @@ finish_daemon(const char *desired_cwd)
desired_cwd = "/";
/* Don't hold the wrong FS mounted */
if (chdir(desired_cwd) < 0) {
err("chdir to \"%s\" failed. Exiting.",desired_cwd);
err(LD_GENERAL,"chdir to \"%s\" failed. Exiting.",desired_cwd);
exit(1);
}
nullfd = open("/dev/null",
O_CREAT | O_RDWR | O_APPEND);
if (nullfd < 0) {
err("/dev/null can't be opened. Exiting.");
err(LD_GENERAL,"/dev/null can't be opened. Exiting.");
exit(1);
}
/* close fds linking to invoking terminal, but
......@@ -1666,7 +1666,7 @@ finish_daemon(const char *desired_cwd)
if (dup2(nullfd,0) < 0 ||
dup2(nullfd,1) < 0 ||
dup2(nullfd,2) < 0) {
err("dup2 failed. Exiting.");
err(LD_GENERAL,"dup2 failed. Exiting.");
exit(1);
}
if (nullfd > 2)
......
......@@ -39,23 +39,23 @@
#error "Sorry; we don't support building with NDEBUG."
#else
#ifdef OLD_LOG_INTERFACE
#define tor_assert(expr) do { \
if (!(expr)) { \
log(LOG_ERR, "%s:%d: %s: Assertion %s failed; aborting.", \
_SHORT_FILE_, __LINE__, __FUNCTION__, #expr); \
fprintf(stderr,"%s:%d %s: Assertion %s failed; aborting.\n", \
_SHORT_FILE_, __LINE__, __FUNCTION__, #expr); \
abort(); /* unreached */ \
} } while (0)
#define tor_assert(expr) do { \
if (!(expr)) { \
log(LOG_ERR, "%s:%d: %s: Assertion %s failed; aborting.", \
_SHORT_FILE_, __LINE__, __FUNCTION__, #expr); \
fprintf(stderr,"%s:%d %s: Assertion %s failed; aborting.\n", \
_SHORT_FILE_, __LINE__, __FUNCTION__, #expr); \
abort(); /* unreached */ \
} } while (0)
#else
#define tor_assert(expr) do { \
if (!(expr)) { \
log(LOG_ERR, LD_GENERAL, "%s:%d: %s: Assertion %s failed; aborting.", \
_SHORT_FILE_, __LINE__, __FUNCTION__, #expr); \
fprintf(stderr,"%s:%d %s: Assertion %s failed; aborting.\n", \
_SHORT_FILE_, __LINE__, __FUNCTION__, #expr); \
abort(); /* unreached */ \
} } while (0)
#define tor_assert(expr) do { \
if (!(expr)) { \
log(LOG_ERR, LD_BUG, "%s:%d: %s: Assertion %s failed; aborting.", \
_SHORT_FILE_, __LINE__, __FUNCTION__, #expr); \
fprintf(stderr,"%s:%d %s: Assertion %s failed; aborting.\n", \
_SHORT_FILE_, __LINE__, __FUNCTION__, #expr); \
abort(); /* unreached */ \
} } while (0)
#endif
#endif
......
......@@ -731,7 +731,7 @@ assert_cpath_layer_ok(const crypt_path_t *cp)
/* tor_assert(cp->dh_handshake_state); */
break;
default:
err("Unexpected state %d",cp->state);
log_fn(LOG_ERR, LD_BUG, "Unexpected state %d", cp->state);
tor_assert(0);
}
tor_assert(cp->package_window >= 0);
......
This diff is collapsed.
......@@ -11,6 +11,7 @@ const char connection_or_c_id[] = "$Id$";
* cells on the network.
**/
#define NEW_LOG_INTERFACE
#include "or.h"
/** How much clock skew do we tolerate when checking certificates for
......@@ -48,7 +49,7 @@ cell_unpack(cell_t *dest, const char *src)
int
connection_or_reached_eof(connection_t *conn)
{
log_fn(LOG_INFO,"OR connection reached EOF. Closing.");
info(LD_OR,"OR connection reached EOF. Closing.");
connection_mark_for_close(conn);
return 0;
}
......@@ -71,27 +72,27 @@ connection_or_read_proxy_response(connection_t *conn)
&headers, MAX_HEADERS_SIZE,
NULL, NULL, 10000, 0)) {
case -1: /* overflow */
log_fn(LOG_WARN,"Your https proxy sent back an oversized response. Closing.");
warn(LD_PROTOCOL,"Your https proxy sent back an oversized response. Closing.");
return -1;
case 0:
log_fn(LOG_INFO,"https proxy response not all here yet. Waiting.");
info(LD_OR,"https proxy response not all here yet. Waiting.");
return 0;
/* case 1, fall through */
}
if (parse_http_response(headers, &status_code, &date_header,
&compression, &reason) < 0) {
log_fn(LOG_WARN,"Unparseable headers (connecting to '%s'). Closing.",
conn->address);
warn(LD_OR,"Unparseable headers from proxy (connecting to '%s'). Closing.",
conn->address);
tor_free(headers);
return -1;
}
if (!reason) reason = tor_strdup("[no reason given]");
if (status_code == 200) {
log_fn(LOG_INFO,
"HTTPS connect to '%s' successful! (200 \"%s\") Starting TLS.",
conn->address, reason);
info(LD_OR,
"HTTPS connect to '%s' successful! (200 \"%s\") Starting TLS.",
conn->address, reason);
tor_free(reason);
if (connection_tls_start_handshake(conn, 0) < 0) {
/* TLS handshaking error of some kind. */
......@@ -102,8 +103,9 @@ connection_or_read_proxy_response(connection_t *conn)
return 0;
}
/* else, bad news on the status code */
log_fn(LOG_WARN,"The https proxy sent back an unexpected status code %d (\"%s\"). Closing.",
status_code, reason);
warn(LD_OR,
"The https proxy sent back an unexpected status code %d (\"%s\"). Closing.",
status_code, reason);
tor_free(reason);
connection_mark_for_close(conn);
return -1;
......@@ -148,7 +150,7 @@ connection_or_finished_flushing(connection_t *conn)
switch (conn->state) {
case OR_CONN_STATE_PROXY_FLUSHING:
log_fn(LOG_DEBUG,"finished sending CONNECT to proxy.");
debug(LD_OR,"finished sending CONNECT to proxy.");
conn->state = OR_CONN_STATE_PROXY_READING;
connection_stop_writing(conn);
break;
......@@ -156,7 +158,7 @@ connection_or_finished_flushing(connection_t *conn)
connection_stop_writing(conn);
break;
default:
log_fn(LOG_WARN,"BUG: called in unexpected state %d.", conn->state);
err(LD_BUG,"BUG: called in unexpected state %d.", conn->state);
tor_fragile_assert();
return -1;
}
......@@ -172,7 +174,7 @@ connection_or_finished_connecting(connection_t *conn)
tor_assert(conn->type == CONN_TYPE_OR);
tor_assert(conn->state == OR_CONN_STATE_CONNECTING);
log_fn(LOG_DEBUG,"OR connect() to router at %s:%u finished.",
debug(LD_OR,"OR connect() to router at %s:%u finished.",
conn->address,conn->port);
if (get_options()->HttpsProxy) {
......@@ -188,7 +190,7 @@ connection_or_finished_connecting(connection_t *conn)
if (authenticator) {
base64_authenticator = alloc_http_authenticator(authenticator);
if (!base64_authenticator)
log_fn(LOG_WARN, "Encoding https authenticator failed");
warn(LD_OR, "Encoding https authenticator failed");
}
if (base64_authenticator) {
tor_snprintf(buf, sizeof(buf), "CONNECT %s:%d HTTP/1.1\r\n"
......@@ -326,7 +328,7 @@ connection_or_connect(uint32_t addr, uint16_t port, const char *id_digest)
if (server_mode(options) && (me=router_get_my_routerinfo()) &&
!memcmp(me->identity_digest, id_digest,DIGEST_LEN)) {
log_fn(LOG_INFO,"Client asked me to connect to myself. Refusing.");
info(LD_PROTOCOL,"Client asked me to connect to myself. Refusing.");
return NULL;
}
......@@ -380,11 +382,11 @@ connection_tls_start_handshake(connection_t *conn, int receiving)
conn->state = OR_CONN_STATE_HANDSHAKING;
conn->tls = tor_tls_new(conn->s, receiving, 0);
if (!conn->tls) {
log_fn(LOG_WARN,"tor_tls_new failed. Closing.");
warn(LD_BUG,"tor_tls_new failed. Closing.");
return -1;
}
connection_start_reading(conn);
log_fn(LOG_DEBUG,"starting the handshake");
debug(LD_OR,"starting TLS handshake on fd %d", conn->s);
if (connection_tls_continue_handshake(conn) < 0) {
return -1;
}
......@@ -403,16 +405,16 @@ connection_tls_continue_handshake(connection_t *conn)
switch (tor_tls_handshake(conn->tls)) {
case TOR_TLS_ERROR:
case TOR_TLS_CLOSE:
log_fn(LOG_INFO,"tls error. breaking.");
info(LD_OR,"tls error. breaking connection.");
return -1;
case TOR_TLS_DONE:
return connection_tls_finish_handshake(conn);
case TOR_TLS_WANTWRITE:
connection_start_writing(conn);
log_fn(LOG_DEBUG,"wanted write");
debug(LD_OR,"wanted write");
return 0;
case TOR_TLS_WANTREAD: /* handshaking conns are *always* reading */
log_fn(LOG_DEBUG,"wanted read");
debug(LD_OR,"wanted read");
return 0;
}
return 0;
......@@ -467,26 +469,26 @@ connection_or_check_valid_handshake(connection_t *conn, char *digest_rcvd)
check_no_tls_errors();
if (! tor_tls_peer_has_cert(conn->tls)) {
log_fn(LOG_INFO,"Peer didn't send a cert! Closing.");
info(LD_PROTOCOL,"Peer didn't send a cert! Closing.");
return -1;
}
check_no_tls_errors();
if (tor_tls_get_peer_cert_nickname(conn->tls, nickname, sizeof(nickname))) {
log_fn(severity,"Other side (%s:%d) has a cert without a valid nickname. Closing.",
log_fn(severity,LD_PROTOCOL,"Other side (%s:%d) has a cert without a valid nickname. Closing.",
conn->address, conn->port);
return -1;
}
check_no_tls_errors();
log_fn(LOG_DEBUG, "Other side (%s:%d) claims to be router '%s'",
debug(LD_OR, "Other side (%s:%d) claims to be router '%s'",
conn->address, conn->port, nickname);
if (tor_tls_verify(severity, conn->tls, &identity_rcvd) < 0) {
log_fn(severity,"Other side, which claims to be router '%s' (%s:%d), has a cert but it's invalid. Closing.",
log_fn(severity,LD_OR,"Other side, which claims to be router '%s' (%s:%d), has a cert but it's invalid. Closing.",
nickname, conn->address, conn->port);
return -1;
}
check_no_tls_errors();
log_fn(LOG_DEBUG,"The router's cert is valid.");
debug(LD_OR,"The router's cert is valid.");
crypto_pk_get_digest(identity_rcvd, digest_rcvd);
if (crypto_pk_cmp_keys(get_identity_key(), identity_rcvd)<0) {
......@@ -500,7 +502,7 @@ connection_or_check_valid_handshake(connection_t *conn, char *digest_rcvd)
if (router && /* we know this nickname */
router->is_named && /* make sure it's the right guy */
memcmp(digest_rcvd, router->identity_digest, DIGEST_LEN) != 0) {
log_fn(severity,
log_fn(severity, LD_OR,
"Identity key not as expected for router claiming to be '%s' (%s:%d)",
nickname, conn->address, conn->port);
return -1;
......@@ -514,7 +516,7 @@ connection_or_check_valid_handshake(connection_t *conn, char *digest_rcvd)
char expected[HEX_DIGEST_LEN+1];
base16_encode(seen, sizeof(seen), digest_rcvd, DIGEST_LEN);
base16_encode(expected, sizeof(expected), conn->identity_digest, DIGEST_LEN);
log_fn(severity,
log_fn(severity, LD_OR,
"Identity key not as expected for router at %s:%d: wanted %s but got %s",
conn->address, conn->port, expected, seen);
helper_node_set_status(conn->identity_digest, 0);
......@@ -552,14 +554,14 @@ connection_tls_finish_handshake(connection_t *conn)
{
char digest_rcvd[DIGEST_LEN];
log_fn(LOG_DEBUG,"tls handshake done. verifying.");
debug(LD_OR,"tls handshake done. verifying.");
if (connection_or_check_valid_handshake(conn, digest_rcvd) < 0)
return -1;
if (!connection_or_nonopen_was_started_here(conn)) {
connection_t *c;
if ((c=connection_get_by_identity_digest(digest_rcvd, CONN_TYPE_OR))) {
log_fn(LOG_INFO,"Router '%s' is already connected on fd %d. Dropping fd %d.",
debug(LD_OR,"Router '%s' is already connected on fd %d. Dropping fd %d."