From b924eba1acd0a9159d1a938509475174b10644ef Mon Sep 17 00:00:00 2001 From: Nikos Mavrogiannopoulos Date: Mon, 10 Nov 2014 15:52:39 +0100 Subject: [PATCH] reduced the severity of log messages when forwarding packets and reduced the timeouts --- src/main.c | 11 ++++------- src/worker-misc.c | 4 +--- src/worker-vpn.c | 4 ---- src/worker.h | 5 +++++ 4 files changed, 10 insertions(+), 14 deletions(-) diff --git a/src/main.c b/src/main.c index 30e05826..15b4e9eb 100644 --- a/src/main.c +++ b/src/main.c @@ -658,7 +658,7 @@ void request_reload(int signo) /* A UDP fd will not be forwarded to worker process before this number of * seconds has passed. That is to prevent a duplicate message messing the worker. */ -#define UDP_FD_RESEND_TIME 60 +#define UDP_FD_RESEND_TIME 35 #define RECORD_PAYLOAD_POS 13 #define HANDSHAKE_SESSION_ID_POS 46 @@ -708,7 +708,7 @@ time_t now; goto fail; } if (buffer[0] != 22) { - mslog(s, NULL, LOG_INFO, "%s: unexpected DTLS content type: %u", + mslog(s, NULL, LOG_DEBUG, "%s: unexpected DTLS content type: %u; a firewall disassociated a UDP session", human_addr((struct sockaddr*)&cli_addr, cli_addr_size, tbuf, sizeof(tbuf)), (unsigned int)buffer[0]); /* Here we received a non-client hello packet. It may be that @@ -736,7 +736,7 @@ time_t now; UdpFdMsg msg = UDP_FD_MSG__INIT; if (now - proc_to_send->udp_fd_receive_time <= UDP_FD_RESEND_TIME) { - mslog(s, proc_to_send, LOG_INFO, "received UDP connection too soon from %s", + mslog(s, proc_to_send, LOG_DEBUG, "received UDP connection too soon from %s", human_addr((struct sockaddr*)&cli_addr, cli_addr_size, tbuf, sizeof(tbuf))); goto fail; } @@ -1165,10 +1165,7 @@ fork_failed: ms_sleep(s->config->rate_limit_ms); } else if (set && ltmp->sock_type == SOCK_TYPE_UDP) { /* connection on UDP port */ - ret = forward_udp_to_owner(s, ltmp); - if (ret < 0) { - mslog(s, NULL, LOG_INFO, "could not determine the owner of received UDP packet"); - } + forward_udp_to_owner(s, ltmp); if (s->config->rate_limit_ms > 0) ms_sleep(s->config->rate_limit_ms); diff --git a/src/worker-misc.c b/src/worker-misc.c index 8a78c7cf..dac4590c 100644 --- a/src/worker-misc.c +++ b/src/worker-misc.c @@ -48,8 +48,6 @@ # include #endif -#define ACTIVE_SESSION_TIMEOUT 30 - int handle_worker_commands(struct worker_st *ws) { struct iovec iov[3]; @@ -134,7 +132,7 @@ int handle_worker_commands(struct worker_st *ws) if (hello == 0) { /* only replace our session if we are inactive for more than 60 secs */ if ((ws->udp_state != UP_ACTIVE && ws->udp_state != UP_INACTIVE) || - time(0) - ws->last_msg_udp < ACTIVE_SESSION_TIMEOUT) { + time(0) - ws->last_msg_udp < UDP_SWITCH_TIME) { oclog(ws, LOG_INFO, "received UDP fd message but our session is active!"); close(fd); return 0; diff --git a/src/worker-vpn.c b/src/worker-vpn.c index 15f47424..364cbff5 100644 --- a/src/worker-vpn.c +++ b/src/worker-vpn.c @@ -57,10 +57,6 @@ #define MIN_MTU(ws) (((ws)->vinfo.ipv6!=NULL)?1281:257) -/* after that time (secs) of inactivity in the UDP part, connection switches to - * TCP (if activity occurs there). - */ -#define UDP_SWITCH_TIME 15 #define PERIODIC_CHECK_TIME 30 /* The number of DPD packets a client skips before he's kicked */ diff --git a/src/worker.h b/src/worker.h index 6e9d88c9..e5299eb9 100644 --- a/src/worker.h +++ b/src/worker.h @@ -279,4 +279,9 @@ int send_msg_to_main(worker_st *ws, uint8_t cmd, return send_msg(ws, ws->cmd_fd, cmd, msg, get_size, pack); } +/* after that time (secs) of inactivity in the UDP part, connection switches to + * TCP (if activity occurs there). + */ +#define UDP_SWITCH_TIME 15 + #endif