zzz/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

SSU: Allow IP and port in relay request if it matches the source

Browse Source
This commit is contained in:
zzz
2015-12-01 20:11:07 +00:00
parent dfbbe3e928
commit 72527f4d33
1 changed files with 27 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
router/java/src/net/i2p/router/transport/udp/IntroductionManager.java
View File

@@ -3,6 +3,7 @@ package net.i2p.router.transport.udp;
import java.net.InetAddress; import java.net.InetAddress;
import java.net.UnknownHostException; import java.net.UnknownHostException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections; import java.util.Collections;
import java.util.HashSet; import java.util.HashSet;
import java.util.List; import java.util.List;
@@ -440,12 +441,33 @@ class IntroductionManager {
// and we don't read it here. // and we don't read it here.
// FIXME implement for getting Alice's IPv4 in RelayRequest sent over IPv6? // FIXME implement for getting Alice's IPv4 in RelayRequest sent over IPv6?
// or is that just too easy to spoof? // or is that just too easy to spoof?
if (!isValid(alice.getIP(), alice.getPort()) || ipSize != 0 || port != 0) { byte[] aliceIP = alice.getIP();
if (_log.shouldLog(Log.WARN)) { int alicePort = alice.getPort();
byte ip[] = new byte[ipSize]; if (!isValid(alice.getIP(), alice.getPort())) {
rrReader.readIP(ip, 0); if (_log.shouldWarn())
_log.warn("Bad relay req from " + alice + " for " + Addresses.toString(ip, port)); _log.warn("Bad relay req from " + alice + " for " + Addresses.toString(aliceIP, alicePort));
_context.statManager().addRateData("udp.relayBadIP", 1);
return;
}
// prior to 0.9.24 we rejected any non-zero-length ip
// here we reject anything different
// TODO relay request over IPv6
if (ipSize != 0) {
byte ip[] = new byte[ipSize];
rrReader.readIP(ip, 0);
if (!Arrays.equals(aliceIP, ip)) {
if (_log.shouldWarn())
_log.warn("Bad relay req from " + alice + " for " + Addresses.toString(ip, port));
_context.statManager().addRateData("udp.relayBadIP", 1);
return;
} }
}
// prior to 0.9.24 we rejected any nonzero port
// here we reject anything different
// TODO relay request over IPv6
if (port != 0 && port != alicePort) {
if (_log.shouldWarn())
_log.warn("Bad relay req from " + alice + " for " + Addresses.toString(aliceIP, port));
_context.statManager().addRateData("udp.relayBadIP", 1); _context.statManager().addRateData("udp.relayBadIP", 1);
return; return;
} }