DDoS mitigation: analysis to understand relay-to-relay connections from non-relay IPs

We are working on a tor proposal that should help with protecting non-guard relays from a large fraction of the DDoS load.

In first tests we have seen a 55% CPU usage decrease when deploying our proposed mitigations, but we want to make sure that we are not introducing an over blocking problem. We know about a few configurations when a relay will use a source IP that is not in consensus to connect to other relays (OutboundBindAddress, OutboundBindAddressOR) but we would like to have some actual data about it.

To measure, understand and solve that potential problem and to back up the proposal with some actual data we would like to measure the following on our tor relays:

Log when our non-guard tor relays get an authenticated relay to relay connection to our ORPort from a source IP that is not in consensus and not in the exit lists:

timestamp relay-fingerprint source-IP

If the "and not in the exit lists" part is too hard, we can take care of that in post-processing of the logs to filter them out.

We do not care about client to relay connections and do not want to log them.

Would it be possible to provide a patch or branch that implements that logging on top of main? It does not have to be in a release and we will run it only temporarily.

thank you!