diff --git a/apps/routerconsole/java/src/net/i2p/router/web/ConfigNetHandler.java b/apps/routerconsole/java/src/net/i2p/router/web/ConfigNetHandler.java index c52634b885..8465400f53 100644 --- a/apps/routerconsole/java/src/net/i2p/router/web/ConfigNetHandler.java +++ b/apps/routerconsole/java/src/net/i2p/router/web/ConfigNetHandler.java @@ -50,6 +50,7 @@ public class ConfigNetHandler extends FormHandler { private boolean _ratesOnly; private boolean _udpDisabled; private String _ipv6Mode; + private boolean _ipv4Firewalled; private final Map changes = new HashMap(); private static final String PROP_HIDDEN = Router.PROP_HIDDEN_HIDDEN; // see Router for other choice @@ -79,8 +80,12 @@ public class ConfigNetHandler extends FormHandler { public void setNtcpAutoPort(String mode) { _ntcpAutoPort = mode.equals("2"); } + public void setUpnp(String moo) { _upnp = true; } public void setLaptop(String moo) { _laptop = true; } + + /** @since 0.9.20 */ + public void setIPv4Firewalled(String moo) { _ipv4Firewalled = true; } public void setHostname(String hostname) { _hostname = (hostname != null ? hostname.trim() : null); @@ -348,6 +353,16 @@ public class ConfigNetHandler extends FormHandler { } changes.put(UDPTransport.PROP_LAPTOP_MODE, "" + _laptop); + if (Boolean.parseBoolean(_context.getProperty(TransportUtil.PROP_IPV4_FIREWALLED)) != + _ipv4Firewalled) { + if (_ipv4Firewalled) + addFormNotice(_("Disabling inbound IPv4")); + else + addFormNotice(_("Enabling inbound IPv4")); + restartRequired = true; + } + changes.put(TransportUtil.PROP_IPV4_FIREWALLED, "" + _ipv4Firewalled); + if (_context.getBooleanPropertyDefaultTrue(TransportManager.PROP_ENABLE_UDP) != !_udpDisabled) { if (_udpDisabled) diff --git a/apps/routerconsole/java/src/net/i2p/router/web/ConfigNetHelper.java b/apps/routerconsole/java/src/net/i2p/router/web/ConfigNetHelper.java index cd2f89eba1..3c82277943 100644 --- a/apps/routerconsole/java/src/net/i2p/router/web/ConfigNetHelper.java +++ b/apps/routerconsole/java/src/net/i2p/router/web/ConfigNetHelper.java @@ -93,6 +93,11 @@ public class ConfigNetHelper extends HelperBase { return getChecked(UDPTransport.PROP_LAPTOP_MODE); } + /** @since 0.9.20 */ + public String getIPv4FirewalledChecked() { + return getChecked(TransportUtil.PROP_IPV4_FIREWALLED); + } + public String getTcpAutoPortChecked(int mode) { String port = _context.getProperty(PROP_I2NP_NTCP_PORT); boolean specified = port != null && port.length() > 0; diff --git a/apps/routerconsole/jsp/confignet.jsp b/apps/routerconsole/jsp/confignet.jsp index 6c4b6149c3..27fdfef7ef 100644 --- a/apps/routerconsole/jsp/confignet.jsp +++ b/apps/routerconsole/jsp/confignet.jsp @@ -51,6 +51,10 @@ <%=intl._("Laptop mode - Change router identity and UDP port when IP changes for enhanced anonymity")%> (<%=intl._("Experimental")%>)

+ <%=intl._("IPv4 Configuration")%>:
+ > + <%=intl._("Disable inbound (Firewalled by Carrier-grade NAT or DS-Lite)")%> +

<%=intl._("IPv6 Configuration")%>:
> <%=intl._("Disable IPv6")%>
diff --git a/router/java/src/net/i2p/router/transport/TransportImpl.java b/router/java/src/net/i2p/router/transport/TransportImpl.java index b5f0870aad..68b56bf336 100644 --- a/router/java/src/net/i2p/router/transport/TransportImpl.java +++ b/router/java/src/net/i2p/router/transport/TransportImpl.java @@ -813,6 +813,14 @@ public abstract class TransportImpl implements Transport { */ public void recheckReachability() {} + /** + * @param transportStyle ignored + * @since 0.9.20 + */ + protected boolean isIPv4Firewalled() { + return TransportUtil.isIPv4Firewalled(_context, getStyle()); + } + public boolean isBacklogged(Hash dest) { return false; } public boolean isEstablished(Hash dest) { return false; } diff --git a/router/java/src/net/i2p/router/transport/TransportManager.java b/router/java/src/net/i2p/router/transport/TransportManager.java index eb44660133..e5240d6a2d 100644 --- a/router/java/src/net/i2p/router/transport/TransportManager.java +++ b/router/java/src/net/i2p/router/transport/TransportManager.java @@ -60,6 +60,8 @@ public class TransportManager implements TransportEventListener { public final static String PROP_ENABLE_NTCP = "i2np.ntcp.enable"; /** default true */ public final static String PROP_ENABLE_UPNP = "i2np.upnp.enable"; + + private static final String PROP_ADVANCED = "routerconsole.advanced"; /** not forever, since they may update */ private static final long SIGTYPE_BANLIST_DURATION = 36*60*60*1000L; @@ -667,11 +669,13 @@ public class TransportManager implements TransportEventListener { * will take many seconds if it has vanished. */ public void renderStatusHTML(Writer out, String urlBase, int sortFlags) throws IOException { - out.write("

"); - out.write(_("Status")); - out.write(": "); - out.write(_(getReachabilityStatus().toStatusString())); - out.write("

"); + if (_context.getBooleanProperty(PROP_ADVANCED)) { + out.write("

"); + out.write(_("Status")); + out.write(": "); + out.write(_(getReachabilityStatus().toStatusString())); + out.write("

"); + } TreeMap transports = new TreeMap(); for (Transport t : _transports.values()) { transports.put(t.getStyle(), t); diff --git a/router/java/src/net/i2p/router/transport/TransportUtil.java b/router/java/src/net/i2p/router/transport/TransportUtil.java index 650a9656f3..3ca7e8a2e1 100644 --- a/router/java/src/net/i2p/router/transport/TransportUtil.java +++ b/router/java/src/net/i2p/router/transport/TransportUtil.java @@ -23,6 +23,7 @@ public abstract class TransportUtil { public static final String NTCP_IPV6_CONFIG = "i2np.ntcp.ipv6"; public static final String SSU_IPV6_CONFIG = "i2np.udp.ipv6"; + public static final String PROP_IPV4_FIREWALLED = "i2np.ipv4.firewalled"; public enum IPv6Config { /** IPv6 disabled */ @@ -83,6 +84,14 @@ public abstract class TransportUtil { return DEFAULT_IPV6_CONFIG; } + /** + * @param transportStyle ignored + * @since 0.9.20 + */ + public static boolean isIPv4Firewalled(RouterContext ctx, String transportStyle) { + return ctx.getBooleanProperty(PROP_IPV4_FIREWALLED); + } + /** * Addresses without a host (i.e. w/introducers) * are assumed to be IPv4 diff --git a/router/java/src/net/i2p/router/transport/ntcp/NTCPTransport.java b/router/java/src/net/i2p/router/transport/ntcp/NTCPTransport.java index ca6259e456..382d4d89e4 100644 --- a/router/java/src/net/i2p/router/transport/ntcp/NTCPTransport.java +++ b/router/java/src/net/i2p/router/transport/ntcp/NTCPTransport.java @@ -1344,7 +1344,9 @@ public class NTCPTransport extends TransportImpl { buf.append("

").append(_("NTCP connections")).append(": ").append(peers.size()); buf.append(". ").append(_("Limit")).append(": ").append(getMaxConnections()); buf.append(". ").append(_("Timeout")).append(": ").append(DataHelper.formatDuration2(_pumper.getIdleTimeout())); - buf.append(". ").append(_("Status")).append(": ").append(_(getReachabilityStatus().toStatusString())); + if (_context.getBooleanProperty(PROP_ADVANCED)) { + buf.append(". ").append(_("Status")).append(": ").append(_(getReachabilityStatus().toStatusString())); + } buf.append(".

\n" + "\n" + "" + diff --git a/router/java/src/net/i2p/router/transport/udp/UDPTransport.java b/router/java/src/net/i2p/router/transport/udp/UDPTransport.java index 35f2accce1..a502eb327b 100644 --- a/router/java/src/net/i2p/router/transport/udp/UDPTransport.java +++ b/router/java/src/net/i2p/router/transport/udp/UDPTransport.java @@ -167,6 +167,7 @@ public class UDPTransport extends TransportImpl implements TimedWeightedPriority public static final String PROP_BIND_INTERFACE = "i2np.udp.bindInterface"; /** override the "large" (max) MTU, default is PeerState.LARGE_MTU */ private static final String PROP_DEFAULT_MTU = "i2np.udp.mtu"; + private static final String PROP_ADVANCED = "routerconsole.advanced"; private static final String CAP_TESTING = "" + UDPAddress.CAPACITY_TESTING; private static final String CAP_TESTING_INTRO = "" + UDPAddress.CAPACITY_TESTING + UDPAddress.CAPACITY_INTRODUCER; @@ -457,6 +458,7 @@ public class UDPTransport extends TransportImpl implements TimedWeightedPriority //if (SHOULD_FLOOD_PEERS) // _flooder.startup(); _expireEvent.setIsAlive(true); + _reachabilityStatus = Status.UNKNOWN; _testEvent.setIsAlive(true); // this queues it for 3-6 minutes in the future... _testEvent.reschedule(10*1000); // lets requeue it for Real Soon @@ -477,7 +479,8 @@ public class UDPTransport extends TransportImpl implements TimedWeightedPriority _lastInboundIPv6 = _context.clock().now(); setReachabilityStatus(Status.IPV4_UNKNOWN_IPV6_OK); } else { - setReachabilityStatus(Status.IPV4_OK_IPV6_UNKNOWN); + if (!isIPv4Firewalled()) + setReachabilityStatus(Status.IPV4_OK_IPV6_UNKNOWN); } rebuildExternalAddress(ia.getHostAddress(), newPort, false); } @@ -487,11 +490,18 @@ public class UDPTransport extends TransportImpl implements TimedWeightedPriority _lastInboundIPv6 = _context.clock().now(); setReachabilityStatus(Status.IPV4_UNKNOWN_IPV6_OK); } else { - setReachabilityStatus(Status.IPV4_OK_IPV6_UNKNOWN); + if (!isIPv4Firewalled()) + setReachabilityStatus(Status.IPV4_OK_IPV6_UNKNOWN); } rebuildExternalAddress(ia.getHostAddress(), newPort, false); } } + if (isIPv4Firewalled()) { + if (_lastInboundIPv6 > 0) + setReachabilityStatus(Status.IPV4_FIREWALLED_IPV6_UNKNOWN); + else + setReachabilityStatus(Status.REJECT_UNSOLICITED); + } rebuildExternalAddress(false); } @@ -763,12 +773,14 @@ public class UDPTransport extends TransportImpl implements TimedWeightedPriority // Assume if we have an interface with a public IP that we aren't firewalled. // If this is wrong, the peer test will figure it out and change the status. if (changed && source == SOURCE_INTERFACE) { - if (ip.length == 4) - setReachabilityStatus(Status.IPV4_OK_IPV6_UNKNOWN); - else if (ip.length == 16) + if (ip.length == 4) { + if (!isIPv4Firewalled()) + setReachabilityStatus(Status.IPV4_OK_IPV6_UNKNOWN); + } else if (ip.length == 16) { // TODO should we set both to unknown and wait for an inbound v6 conn, // since there's no v6 testing? setReachabilityStatus(Status.IPV4_UNKNOWN_IPV6_OK); + } } } @@ -786,8 +798,10 @@ public class UDPTransport extends TransportImpl implements TimedWeightedPriority else _log.warn("UPnP has failed to open the SSU port: " + port + " reason: " + reason); } - if (success && ip != null && getExternalIP() != null) - setReachabilityStatus(Status.IPV4_OK_IPV6_UNKNOWN); + if (success && ip != null && getExternalIP() != null) { + if (!isIPv4Firewalled()) + setReachabilityStatus(Status.IPV4_OK_IPV6_UNKNOWN); + } } /** @@ -2434,7 +2448,9 @@ public class UDPTransport extends TransportImpl implements TimedWeightedPriority buf.append("

").append(_("UDP connections")).append(": ").append(peers.size()); buf.append(". ").append(_("Limit")).append(": ").append(getMaxConnections()); buf.append(". ").append(_("Timeout")).append(": ").append(DataHelper.formatDuration2(_expireTimeout)); - buf.append(". ").append(_("Status")).append(": ").append(_(_reachabilityStatus.toStatusString())); + if (_context.getBooleanProperty(PROP_ADVANCED)) { + buf.append(". ").append(_("Status")).append(": ").append(_(_reachabilityStatus.toStatusString())); + } buf.append(".

\n"); buf.append("
").append(_("Peer")).append("
\n"); buf.append("
").append(_("Peer")).append("
"); @@ -3003,7 +3019,8 @@ public class UDPTransport extends TransportImpl implements TimedWeightedPriority } private boolean shouldTest() { - return ! _context.router().isHidden(); + return ! (_context.router().isHidden() || + isIPv4Firewalled()); //String val = _context.getProperty(PROP_SHOULD_TEST); //return ( (val != null) && ("true".equals(val)) ); } @@ -3053,6 +3070,8 @@ public class UDPTransport extends TransportImpl implements TimedWeightedPriority * @since 0.9.13 */ public synchronized void forceRunSoon() { + if (isIPv4Firewalled()) + return; _forceRun = true; reschedule(MIN_TEST_FREQUENCY); } @@ -3063,6 +3082,8 @@ public class UDPTransport extends TransportImpl implements TimedWeightedPriority * @since 0.9.13 */ public synchronized void forceRunImmediately() { + if (isIPv4Firewalled()) + return; _lastTested.set(0); _forceRun = true; reschedule(5*1000);