diff --git a/history.txt b/history.txt index 0d6ea56c1..bf6d62eb0 100644 --- a/history.txt +++ b/history.txt @@ -1,4 +1,8 @@ -$Id: history.txt,v 1.251 2005/09/15 23:12:27 jrandom Exp $ +$Id: history.txt,v 1.252 2005/09/16 13:28:27 jrandom Exp $ + +2005-09-16 jrandom + * Reject unroutable IPs in SSU like we do for the TCP transport (unless + you have i2np.udp.allowLocal=true defined - useful for private nets) 2005-09-16 jrandom * Adjust I2PTunnelHTTPServer so it can be used for outproxy operators diff --git a/router/java/src/net/i2p/router/RouterVersion.java b/router/java/src/net/i2p/router/RouterVersion.java index c720d7d44..60869ef0e 100644 --- a/router/java/src/net/i2p/router/RouterVersion.java +++ b/router/java/src/net/i2p/router/RouterVersion.java @@ -15,9 +15,9 @@ import net.i2p.CoreVersion; * */ public class RouterVersion { - public final static String ID = "$Revision: 1.237 $ $Date: 2005/09/15 23:12:26 $"; + public final static String ID = "$Revision: 1.238 $ $Date: 2005/09/16 13:28:26 $"; public final static String VERSION = "0.6.0.5"; - public final static long BUILD = 12; + public final static long BUILD = 13; public static void main(String args[]) { System.out.println("I2P Router version: " + VERSION + "-" + BUILD); System.out.println("Router ID: " + RouterVersion.ID); diff --git a/router/java/src/net/i2p/router/transport/TransportImpl.java b/router/java/src/net/i2p/router/transport/TransportImpl.java index 3ca0c140a..8d5962e28 100644 --- a/router/java/src/net/i2p/router/transport/TransportImpl.java +++ b/router/java/src/net/i2p/router/transport/TransportImpl.java @@ -355,4 +355,12 @@ public abstract class TransportImpl implements Transport { public short getReachabilityStatus() { return CommSystemFacade.STATUS_UNKNOWN; } public void recheckReachability() {} + public static boolean isPubliclyRoutable(byte addr[]) { + if (addr[0] == (int)127) return false; + if (addr[0] == (int)10) return false; + if ( (addr[0] == (int)172) && (addr[1] >= (int)16) && (addr[1] <= (int)31) ) return false; + if ( (addr[0] == (int)192) && (addr[1] == (int)168) ) return false; + if (addr[0] >= (int)224) return false; // no multicast + return true; // or at least possible to be true + } } diff --git a/router/java/src/net/i2p/router/transport/tcp/TCPAddress.java b/router/java/src/net/i2p/router/transport/tcp/TCPAddress.java index 5a5eb842e..08c07f201 100644 --- a/router/java/src/net/i2p/router/transport/tcp/TCPAddress.java +++ b/router/java/src/net/i2p/router/transport/tcp/TCPAddress.java @@ -14,6 +14,7 @@ import java.util.Properties; import net.i2p.data.DataHelper; import net.i2p.data.RouterAddress; +import net.i2p.router.transport.TransportImpl; import net.i2p.util.Log; /** @@ -132,12 +133,7 @@ public class TCPAddress { + " since not all peers support it, and we don't support restricted routes"); return false; } - if (quad[0] == (int)127) return false; - if (quad[0] == (int)10) return false; - if ( (quad[0] == (int)172) && (quad[1] >= (int)16) && (quad[1] <= (int)31) ) return false; - if ( (quad[0] == (int)192) && (quad[1] == (int)168) ) return false; - if (quad[0] >= (int)224) return false; // no multicast - return true; // or at least possible to be true + return TransportImpl.isPubliclyRoutable(quad); } catch (Throwable t) { if (_log.shouldLog(Log.WARN)) _log.warn("Error checking routability", t); diff --git a/router/java/src/net/i2p/router/transport/udp/EstablishmentManager.java b/router/java/src/net/i2p/router/transport/udp/EstablishmentManager.java index 1679b4256..435d71726 100644 --- a/router/java/src/net/i2p/router/transport/udp/EstablishmentManager.java +++ b/router/java/src/net/i2p/router/transport/udp/EstablishmentManager.java @@ -128,6 +128,11 @@ public class EstablishmentManager { int port = addr.getPort(); RemoteHostId to = new RemoteHostId(remAddr.getAddress(), port); + if (!_transport.isValid(to.getIP())) { + _transport.failed(msg); + return; + } + if (_log.shouldLog(Log.DEBUG)) _log.debug("Add outobund establish state to: " + to); @@ -165,6 +170,9 @@ public class EstablishmentManager { * */ void receiveSessionRequest(RemoteHostId from, UDPPacketReader reader) { + if (!_transport.isValid(from.getIP())) + return; + boolean isNew = false; InboundEstablishState state = null; synchronized (_inboundStates) { @@ -445,7 +453,7 @@ public class EstablishmentManager { SimpleTimer.getInstance().addEvent(new FailIntroduction(state, nonce), INTRO_ATTEMPT_TIMEOUT); state.setIntroNonce(nonce); _context.statManager().addRateData("udp.sendIntroRelayRequest", 1, 0); - _transport.send(_builder.buildRelayRequest(state, _transport.getIntroKey())); + _transport.send(_builder.buildRelayRequest(_transport, state, _transport.getIntroKey())); if (_log.shouldLog(Log.DEBUG)) _log.debug("Send intro for " + state.getRemoteHostId().toString() + " with our intro key as " + _transport.getIntroKey().toBase64()); state.introSent(); diff --git a/router/java/src/net/i2p/router/transport/udp/InboundEstablishState.java b/router/java/src/net/i2p/router/transport/udp/InboundEstablishState.java index 4a9979ed4..be9219f19 100644 --- a/router/java/src/net/i2p/router/transport/udp/InboundEstablishState.java +++ b/router/java/src/net/i2p/router/transport/udp/InboundEstablishState.java @@ -120,6 +120,8 @@ public class InboundEstablishState { /** what port number do they appear to be coming from? */ public synchronized int getSentPort() { return _alicePort; } + public synchronized byte[] getBobIP() { return _bobIP; } + public synchronized byte[] getSentY() { if (_sentY == null) _sentY = _keyBuilder.getMyPublicValueBytes(); diff --git a/router/java/src/net/i2p/router/transport/udp/PacketBuilder.java b/router/java/src/net/i2p/router/transport/udp/PacketBuilder.java index 9b0eb0768..f8ec0a0bc 100644 --- a/router/java/src/net/i2p/router/transport/udp/PacketBuilder.java +++ b/router/java/src/net/i2p/router/transport/udp/PacketBuilder.java @@ -639,23 +639,28 @@ public class PacketBuilder { private byte[] getOurExplicitIP() { return null; } private int getOurExplicitPort() { return 0; } - public UDPPacket buildRelayRequest(OutboundEstablishState state, SessionKey ourIntroKey) { + public UDPPacket buildRelayRequest(UDPTransport transport, OutboundEstablishState state, SessionKey ourIntroKey) { UDPAddress addr = state.getRemoteAddress(); int count = addr.getIntroducerCount(); if (count <= 0) return null; int index = _context.random().nextInt(count); - InetAddress iaddr = addr.getIntroducerHost(index); - int iport = addr.getIntroducerPort(index); - byte ikey[] = addr.getIntroducerKey(index); - long tag = addr.getIntroducerTag(index); - if ( (ikey == null) || (iport <= 0) || (iaddr == null) || (tag <= 0) ) { - if (_log.shouldLog(_log.ERROR)) - _log.error("Cannot build a relay request to " + state.getRemoteIdentity().calculateHash().toBase64() - + ", as their UDP address is invalid: addr=" + addr + " index=" + index); - return null; + for (int i = 0; i < count; i++) { + int cur = (i + index) % count; + InetAddress iaddr = addr.getIntroducerHost(cur); + int iport = addr.getIntroducerPort(cur); + byte ikey[] = addr.getIntroducerKey(cur); + long tag = addr.getIntroducerTag(cur); + if ( (ikey == null) || (iport <= 0) || (iaddr == null) || (tag <= 0) ) { + if (_log.shouldLog(_log.WARN)) + _log.warn("Cannot build a relay request to " + state.getRemoteIdentity().calculateHash().toBase64() + + ", as their UDP address is invalid: addr=" + addr + " index=" + cur); + continue; + } + if (transport.isValid(iaddr.getAddress())) + return buildRelayRequest(iaddr, iport, ikey, tag, ourIntroKey, state.getIntroNonce(), true); } - return buildRelayRequest(iaddr, iport, ikey, tag, ourIntroKey, state.getIntroNonce(), true); + return null; } public UDPPacket buildRelayRequest(InetAddress introHost, int introPort, byte introKey[], long introTag, SessionKey ourIntroKey, long introNonce, boolean encrypt) { diff --git a/router/java/src/net/i2p/router/transport/udp/UDPTransport.java b/router/java/src/net/i2p/router/transport/udp/UDPTransport.java index a863092cb..81865c24f 100644 --- a/router/java/src/net/i2p/router/transport/udp/UDPTransport.java +++ b/router/java/src/net/i2p/router/transport/udp/UDPTransport.java @@ -288,7 +288,9 @@ public class UDPTransport extends TransportImpl implements TimedWeightedPriority synchronized (this) { if ( (_externalListenHost == null) || (!eq(_externalListenHost.getAddress(), _externalListenPort, ourIP, ourPort)) ) { - if ( (_reachabilityStatus == CommSystemFacade.STATUS_UNKNOWN) || + if (!isValid(ourIP)) { + // ignore them + } else if ( (_reachabilityStatus == CommSystemFacade.STATUS_UNKNOWN) || (_context.clock().now() - _reachabilityStatusLastUpdated > 2*TEST_FREQUENCY) ) { // they told us something different and our tests are either old or failing try { @@ -330,6 +332,14 @@ public class UDPTransport extends TransportImpl implements TimedWeightedPriority return (rport == lport) && DataHelper.eq(laddr, raddr); } + public final boolean isValid(byte addr[]) { + if (addr == null) return false; + if (addr.length < 4) return false; + if (isPubliclyRoutable(addr)) + return true; + return Boolean.valueOf(_context.getProperty("i2np.udp.allowLocal", "false")).booleanValue(); + } + private boolean getIsPortFixed() { return DEFAULT_FIXED_PORT.equals(_context.getProperty(PROP_FIXED_PORT, DEFAULT_FIXED_PORT)); }