From 68d8c6e556f4cb6540b11c09c7f233125f8fa8b9 Mon Sep 17 00:00:00 2001 From: zzz Date: Wed, 6 Jan 2016 19:38:26 +0000 Subject: [PATCH] NetDB: Don't query floodfills if they are too old to support sig types or encrypted replies (ticket #1742) --- history.txt | 4 +++- .../src/net/i2p/router/RouterVersion.java | 2 +- .../kademlia/IterativeSearchJob.java | 20 ++++++++++++++++++- 3 files changed, 23 insertions(+), 3 deletions(-) diff --git a/history.txt b/history.txt index 2e3ca8d295..0a07d637fc 100644 --- a/history.txt +++ b/history.txt @@ -3,10 +3,12 @@ * Console: Properly register listen hosts with PortMapper * DataHelper: Optimize checks in storeProps() * I2PTunnel: Fixup console links in error pages if console is - on a non-standard host or port, or on https + on a non-standard host or port, or on https * Jetty: Change default source logging from b64 to b32. To change back to b64, add the following to the RequestLogImpl section of jetty.xml: true + * NetDB: Don't query floodfills if they are too old to + support sig types or encrypted replies (ticket #1742) * PortMapper: Add method to convert wildcard host to actual host 2015-12-21 zzz diff --git a/router/java/src/net/i2p/router/RouterVersion.java b/router/java/src/net/i2p/router/RouterVersion.java index 5b1ba79e39..f5c9264549 100644 --- a/router/java/src/net/i2p/router/RouterVersion.java +++ b/router/java/src/net/i2p/router/RouterVersion.java @@ -18,7 +18,7 @@ public class RouterVersion { /** deprecated */ public final static String ID = "Monotone"; public final static String VERSION = CoreVersion.VERSION; - public final static long BUILD = 19; + public final static long BUILD = 20; /** for example "-test" */ public final static String EXTRA = ""; diff --git a/router/java/src/net/i2p/router/networkdb/kademlia/IterativeSearchJob.java b/router/java/src/net/i2p/router/networkdb/kademlia/IterativeSearchJob.java index 8fc784acef..58f045c284 100644 --- a/router/java/src/net/i2p/router/networkdb/kademlia/IterativeSearchJob.java +++ b/router/java/src/net/i2p/router/networkdb/kademlia/IterativeSearchJob.java @@ -10,6 +10,7 @@ import java.util.SortedSet; import java.util.TreeSet; import java.util.concurrent.ConcurrentHashMap; +import net.i2p.crypto.SigType; import net.i2p.data.Base64; import net.i2p.data.DataHelper; import net.i2p.data.Hash; @@ -30,6 +31,7 @@ import net.i2p.router.util.RandomIterator; import net.i2p.util.Log; import net.i2p.util.NativeBigInteger; import net.i2p.util.SystemVersion; +import net.i2p.util.VersionComparator; /** * A traditional Kademlia search that continues to search @@ -288,6 +290,20 @@ class IterativeSearchJob extends FloodSearchJob { private void sendQuery(Hash peer) { TunnelManagerFacade tm = getContext().tunnelManager(); RouterInfo ri = getContext().netDb().lookupRouterInfoLocally(peer); + if (ri != null) { + // Now that most of the netdb is Ed RIs and EC LSs, don't even bother + // querying old floodfills that don't know about those sig types. + // This is also more recent than the version that supports encrypted replies, + // so we won't request unencrypted replies anymore either. + String v = ri.getVersion(); + String since = SigType.EdDSA_SHA512_Ed25519.getSupportedSince(); + if (VersionComparator.comp(v, since) < 0) { + failed(peer, false); + if (_log.shouldLog(Log.WARN)) + _log.warn(getJobId() + ": not sending query to old version " + v + ": " + peer); + return; + } + } TunnelInfo outTunnel; TunnelInfo replyTunnel; boolean isClientReplyTunnel; @@ -381,7 +397,9 @@ class IterativeSearchJob extends FloodSearchJob { // if we have the ff RI, garlic encrypt it if (ri != null) { // request encrypted reply - if (DatabaseLookupMessage.supportsEncryptedReplies(ri)) { + // now covered by version check above, which is more recent + //if (DatabaseLookupMessage.supportsEncryptedReplies(ri)) { + if (true) { MessageWrapper.OneTimeSession sess; if (isClientReplyTunnel) sess = MessageWrapper.generateSession(getContext(), _fromLocalDest);