diff options
author | Amber Brown <hawkowl@atleastfornow.net> | 2018-09-12 20:43:47 +1000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-09-12 20:43:47 +1000 |
commit | 33716c4aea130a59f704f08f2bd0c32b013a54d4 (patch) | |
tree | 6186f4595b23cff3a4ea0ba807fa6a8d3e974cd0 /synapse/federation | |
parent | Merge pull request #3824 from matrix-org/rav/fix_jwt_import (diff) | |
parent | changelog (diff) | |
download | synapse-33716c4aea130a59f704f08f2bd0c32b013a54d4.tar.xz |
Merge pull request #3826 from matrix-org/rav/logging_for_keyring
add some logging for the keyring queue
Diffstat (limited to 'synapse/federation')
-rw-r--r-- | synapse/federation/federation_base.py | 34 |
1 files changed, 27 insertions, 7 deletions
diff --git a/synapse/federation/federation_base.py b/synapse/federation/federation_base.py index 5be8e66fb8..61782ae1c0 100644 --- a/synapse/federation/federation_base.py +++ b/synapse/federation/federation_base.py @@ -143,11 +143,31 @@ class FederationBase(object): def callback(_, pdu): with logcontext.PreserveLoggingContext(ctx): if not check_event_content_hash(pdu): - logger.warn( - "Event content has been tampered, redacting %s: %s", - pdu.event_id, pdu.get_pdu_json() - ) - return prune_event(pdu) + # let's try to distinguish between failures because the event was + # redacted (which are somewhat expected) vs actual ball-tampering + # incidents. + # + # This is just a heuristic, so we just assume that if the keys are + # about the same between the redacted and received events, then the + # received event was probably a redacted copy (but we then use our + # *actual* redacted copy to be on the safe side.) + redacted_event = prune_event(pdu) + if ( + set(six.iterkeys(redacted_event)) == set(six.iterkeys(pdu)) and + set(six.iterkeys(redacted_event.content)) + == set(six.iterkeys(pdu.content)) + ): + logger.info( + "Event %s seems to have been redacted; using our redacted " + "copy", + pdu.event_id, + ) + else: + logger.warning( + "Event %s content has been tampered, redacting", + pdu.event_id, pdu.get_pdu_json(), + ) + return redacted_event if self.spam_checker.check_event_for_spam(pdu): logger.warn( @@ -162,8 +182,8 @@ class FederationBase(object): failure.trap(SynapseError) with logcontext.PreserveLoggingContext(ctx): logger.warn( - "Signature check failed for %s", - pdu.event_id, + "Signature check failed for %s: %s", + pdu.event_id, failure.getErrorMessage(), ) return failure |