2005-09-16 jrandom
* Reject unroutable IPs in SSU like we do for the TCP transport (unless
you have i2np.udp.allowLocal=true defined - useful for private nets)
This commit is contained in:
jrandom
@ -15,9 +15,9 @@ import net.i2p.CoreVersion;
|
||||
*
|
||||
*/
|
||||
public class RouterVersion {
|
||||
public final static String ID = "$Revision: 1.237 $ $Date: 2005/09/15 23:12:26 $";
|
||||
public final static String ID = "$Revision: 1.238 $ $Date: 2005/09/16 13:28:26 $";
|
||||
public final static String VERSION = "0.6.0.5";
|
||||
public final static long BUILD = 12;
|
||||
public final static long BUILD = 13;
|
||||
public static void main(String args[]) {
|
||||
System.out.println("I2P Router version: " + VERSION + "-" + BUILD);
|
||||
System.out.println("Router ID: " + RouterVersion.ID);
|
||||
|
||||
@ -355,4 +355,12 @@ public abstract class TransportImpl implements Transport {
|
||||
public short getReachabilityStatus() { return CommSystemFacade.STATUS_UNKNOWN; }
|
||||
public void recheckReachability() {}
|
||||
|
||||
public static boolean isPubliclyRoutable(byte addr[]) {
|
||||
if (addr[0] == (int)127) return false;
|
||||
if (addr[0] == (int)10) return false;
|
||||
if ( (addr[0] == (int)172) && (addr[1] >= (int)16) && (addr[1] <= (int)31) ) return false;
|
||||
if ( (addr[0] == (int)192) && (addr[1] == (int)168) ) return false;
|
||||
if (addr[0] >= (int)224) return false; // no multicast
|
||||
return true; // or at least possible to be true
|
||||
}
|
||||
}
|
||||
|
||||
@ -14,6 +14,7 @@ import java.util.Properties;
|
||||
|
||||
import net.i2p.data.DataHelper;
|
||||
import net.i2p.data.RouterAddress;
|
||||
import net.i2p.router.transport.TransportImpl;
|
||||
import net.i2p.util.Log;
|
||||
|
||||
/**
|
||||
@ -132,12 +133,7 @@ public class TCPAddress {
|
||||
+ " since not all peers support it, and we don't support restricted routes");
|
||||
return false;
|
||||
}
|
||||
if (quad[0] == (int)127) return false;
|
||||
if (quad[0] == (int)10) return false;
|
||||
if ( (quad[0] == (int)172) && (quad[1] >= (int)16) && (quad[1] <= (int)31) ) return false;
|
||||
if ( (quad[0] == (int)192) && (quad[1] == (int)168) ) return false;
|
||||
if (quad[0] >= (int)224) return false; // no multicast
|
||||
return true; // or at least possible to be true
|
||||
return TransportImpl.isPubliclyRoutable(quad);
|
||||
} catch (Throwable t) {
|
||||
if (_log.shouldLog(Log.WARN))
|
||||
_log.warn("Error checking routability", t);
|
||||
|
||||
@ -128,6 +128,11 @@ public class EstablishmentManager {
|
||||
int port = addr.getPort();
|
||||
RemoteHostId to = new RemoteHostId(remAddr.getAddress(), port);
|
||||
|
||||
if (!_transport.isValid(to.getIP())) {
|
||||
_transport.failed(msg);
|
||||
return;
|
||||
}
|
||||
|
||||
if (_log.shouldLog(Log.DEBUG))
|
||||
_log.debug("Add outobund establish state to: " + to);
|
||||
|
||||
@ -165,6 +170,9 @@ public class EstablishmentManager {
|
||||
*
|
||||
*/
|
||||
void receiveSessionRequest(RemoteHostId from, UDPPacketReader reader) {
|
||||
if (!_transport.isValid(from.getIP()))
|
||||
return;
|
||||
|
||||
boolean isNew = false;
|
||||
InboundEstablishState state = null;
|
||||
synchronized (_inboundStates) {
|
||||
@ -445,7 +453,7 @@ public class EstablishmentManager {
|
||||
SimpleTimer.getInstance().addEvent(new FailIntroduction(state, nonce), INTRO_ATTEMPT_TIMEOUT);
|
||||
state.setIntroNonce(nonce);
|
||||
_context.statManager().addRateData("udp.sendIntroRelayRequest", 1, 0);
|
||||
_transport.send(_builder.buildRelayRequest(state, _transport.getIntroKey()));
|
||||
_transport.send(_builder.buildRelayRequest(_transport, state, _transport.getIntroKey()));
|
||||
if (_log.shouldLog(Log.DEBUG))
|
||||
_log.debug("Send intro for " + state.getRemoteHostId().toString() + " with our intro key as " + _transport.getIntroKey().toBase64());
|
||||
state.introSent();
|
||||
|
||||
@ -120,6 +120,8 @@ public class InboundEstablishState {
|
||||
/** what port number do they appear to be coming from? */
|
||||
public synchronized int getSentPort() { return _alicePort; }
|
||||
|
||||
public synchronized byte[] getBobIP() { return _bobIP; }
|
||||
|
||||
public synchronized byte[] getSentY() {
|
||||
if (_sentY == null)
|
||||
_sentY = _keyBuilder.getMyPublicValueBytes();
|
||||
|
||||
@ -639,23 +639,28 @@ public class PacketBuilder {
|
||||
private byte[] getOurExplicitIP() { return null; }
|
||||
private int getOurExplicitPort() { return 0; }
|
||||
|
||||
public UDPPacket buildRelayRequest(OutboundEstablishState state, SessionKey ourIntroKey) {
|
||||
public UDPPacket buildRelayRequest(UDPTransport transport, OutboundEstablishState state, SessionKey ourIntroKey) {
|
||||
UDPAddress addr = state.getRemoteAddress();
|
||||
int count = addr.getIntroducerCount();
|
||||
if (count <= 0)
|
||||
return null;
|
||||
int index = _context.random().nextInt(count);
|
||||
InetAddress iaddr = addr.getIntroducerHost(index);
|
||||
int iport = addr.getIntroducerPort(index);
|
||||
byte ikey[] = addr.getIntroducerKey(index);
|
||||
long tag = addr.getIntroducerTag(index);
|
||||
if ( (ikey == null) || (iport <= 0) || (iaddr == null) || (tag <= 0) ) {
|
||||
if (_log.shouldLog(_log.ERROR))
|
||||
_log.error("Cannot build a relay request to " + state.getRemoteIdentity().calculateHash().toBase64()
|
||||
+ ", as their UDP address is invalid: addr=" + addr + " index=" + index);
|
||||
return null;
|
||||
for (int i = 0; i < count; i++) {
|
||||
int cur = (i + index) % count;
|
||||
InetAddress iaddr = addr.getIntroducerHost(cur);
|
||||
int iport = addr.getIntroducerPort(cur);
|
||||
byte ikey[] = addr.getIntroducerKey(cur);
|
||||
long tag = addr.getIntroducerTag(cur);
|
||||
if ( (ikey == null) || (iport <= 0) || (iaddr == null) || (tag <= 0) ) {
|
||||
if (_log.shouldLog(_log.WARN))
|
||||
_log.warn("Cannot build a relay request to " + state.getRemoteIdentity().calculateHash().toBase64()
|
||||
+ ", as their UDP address is invalid: addr=" + addr + " index=" + cur);
|
||||
continue;
|
||||
}
|
||||
if (transport.isValid(iaddr.getAddress()))
|
||||
return buildRelayRequest(iaddr, iport, ikey, tag, ourIntroKey, state.getIntroNonce(), true);
|
||||
}
|
||||
return buildRelayRequest(iaddr, iport, ikey, tag, ourIntroKey, state.getIntroNonce(), true);
|
||||
return null;
|
||||
}
|
||||
|
||||
public UDPPacket buildRelayRequest(InetAddress introHost, int introPort, byte introKey[], long introTag, SessionKey ourIntroKey, long introNonce, boolean encrypt) {
|
||||
|
||||
@ -288,7 +288,9 @@ public class UDPTransport extends TransportImpl implements TimedWeightedPriority
|
||||
synchronized (this) {
|
||||
if ( (_externalListenHost == null) ||
|
||||
(!eq(_externalListenHost.getAddress(), _externalListenPort, ourIP, ourPort)) ) {
|
||||
if ( (_reachabilityStatus == CommSystemFacade.STATUS_UNKNOWN) ||
|
||||
if (!isValid(ourIP)) {
|
||||
// ignore them
|
||||
} else if ( (_reachabilityStatus == CommSystemFacade.STATUS_UNKNOWN) ||
|
||||
(_context.clock().now() - _reachabilityStatusLastUpdated > 2*TEST_FREQUENCY) ) {
|
||||
// they told us something different and our tests are either old or failing
|
||||
try {
|
||||
@ -330,6 +332,14 @@ public class UDPTransport extends TransportImpl implements TimedWeightedPriority
|
||||
return (rport == lport) && DataHelper.eq(laddr, raddr);
|
||||
}
|
||||
|
||||
public final boolean isValid(byte addr[]) {
|
||||
if (addr == null) return false;
|
||||
if (addr.length < 4) return false;
|
||||
if (isPubliclyRoutable(addr))
|
||||
return true;
|
||||
return Boolean.valueOf(_context.getProperty("i2np.udp.allowLocal", "false")).booleanValue();
|
||||
}
|
||||
|
||||
private boolean getIsPortFixed() {
|
||||
return DEFAULT_FIXED_PORT.equals(_context.getProperty(PROP_FIXED_PORT, DEFAULT_FIXED_PORT));
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user