From 42977373b9b37da1b8f97afbe2ea5b7627074e12 Mon Sep 17 00:00:00 2001 From: Leonid Evdokimov Date: Mon, 28 Mar 2016 22:44:34 +0300 Subject: [PATCH] Emit better log message if client has `loopback' destination --- redsocks.c | 26 +++++++++++++++++++++++++- 1 file changed, 25 insertions(+), 1 deletion(-) diff --git a/redsocks.c b/redsocks.c index 077b9631..aeac74cd 100644 --- a/redsocks.c +++ b/redsocks.c @@ -44,6 +44,7 @@ enum pump_state_t { }; static void redsocks_shutdown(redsocks_client *client, struct bufferevent *buffev, int how); +static const char *redsocks_event_str(unsigned short what); extern relay_subsys http_connect_subsys; @@ -341,9 +342,32 @@ void redsocks_start_relay(redsocks_client *client) } } +static bool has_loopback_destination(redsocks_client *client) +{ + const uint32_t net = ntohl(client->destaddr.sin_addr.s_addr) >> 24; + return 0 == memcmp(&client->destaddr.sin_addr, &client->instance->config.relayaddr.sin_addr, sizeof(client->destaddr.sin_addr)) + || net == 127 || net == 0; +} + void redsocks_drop_client(redsocks_client *client) { - redsocks_log_error(client, LOG_INFO, "dropping client"); + if (client->relay_evshut == (EV_READ|EV_WRITE) && client->client_evshut == (EV_READ|EV_WRITE)) { + redsocks_log_error(client, LOG_INFO, "connection closed"); + } else { + if (has_loopback_destination(client)) { + static time_t last = 0; + const time_t now = redsocks_time(NULL); + if (now - last >= 3600) { + // log this warning once an hour to save some debugging time, OTOH it may be valid traffic in some cases + redsocks_log_error(client, LOG_NOTICE, "client tries to connect to the proxy using proxy! Usual proxy security policy is to drop alike connection"); + last = now; + } + } + + redsocks_log_error(client, LOG_INFO, "dropping client (%s), relay (%s)", + redsocks_event_str( (~client->client_evshut) & (EV_READ|EV_WRITE) ), + redsocks_event_str( (~client->relay_evshut) & (EV_READ|EV_WRITE) )); + } if (client->instance->relay_ss->fini) client->instance->relay_ss->fini(client);