Blocklist: Don't maintain IPv6 blocklist unless we have an IPv6 address

Don't read in same-country blocklist unless configured or in strict country, so we don't continue to block when no longer hidden
2023-01-30 11:51:44 -05:00
parent 86c6800fbd
commit bd4415ad5c
2 changed files with 41 additions and 8 deletions
--- a/router/java/src/net/i2p/router/Blocklist.java
+++ b/router/java/src/net/i2p/router/Blocklist.java
@@ -32,6 +32,8 @@ import net.i2p.data.Hash;
 import net.i2p.data.router.RouterAddress;
 import net.i2p.data.router.RouterInfo;
 import net.i2p.router.networkdb.kademlia.FloodfillNetworkDatabaseFacade;
+import net.i2p.router.transport.GeoIP;
+import net.i2p.router.transport.TransportUtil;
 import net.i2p.router.transport.udp.UDPTransport;
 import net.i2p.update.UpdateManager;
 import net.i2p.update.UpdateType;
@@ -85,6 +87,7 @@ public class Blocklist {
    private Entry _wrapSave;
    private final Set<Hash> _inProcess = new HashSet<Hash>(4);
    private final File _blocklistFeedFile;
+    private final boolean _haveIPv6;
    private boolean _started;
    // temp
    private final Map<Hash, String> _peerBlocklist = new HashMap<Hash, String>(4);
@@ -106,7 +109,7 @@ public class Blocklist {
    private static final int MAX_IPV6_SINGLES = SystemVersion.isSlow() ? 256 : 4096;

    private final Map<Integer, Object> _singleIPBlocklist = new LHMCache<Integer, Object>(MAX_IPV4_SINGLES);
-    private final Map<BigInteger, Object> _singleIPv6Blocklist = new LHMCache<BigInteger, Object>(MAX_IPV6_SINGLES);
+    private final Map<BigInteger, Object> _singleIPv6Blocklist;

    private static final Object DUMMY = Integer.valueOf(0);    

@@ -129,6 +132,9 @@ public class Blocklist {
        _context = context;
        _log = context.logManager().getLog(Blocklist.class);
        _blocklistFeedFile = new File(context.getConfigDir(), BLOCKLIST_FEED_FILE);
+        _haveIPv6 = TransportUtil.getIPv6Config(_context, "SSU") != TransportUtil.IPv6Config.IPV6_DISABLED &&
+                    Addresses.isConnectedIPv6();
+        _singleIPv6Blocklist = _haveIPv6 ? new LHMCache<BigInteger, Object>(MAX_IPV6_SINGLES) : null;
    }
    
    /** only for testing with main() */
@@ -136,6 +142,9 @@ public class Blocklist {
        _context = null;
        _log = new Log(Blocklist.class);
        _blocklistFeedFile = new File(BLOCKLIST_FEED_FILE);
+        _haveIPv6 = TransportUtil.getIPv6Config(_context, "SSU") != TransportUtil.IPv6Config.IPV6_DISABLED &&
+                    Addresses.isConnectedIPv6();
+        _singleIPv6Blocklist = _haveIPv6 ? new LHMCache<BigInteger, Object>(MAX_IPV6_SINGLES) : null;
    }

    /**
@@ -163,8 +172,11 @@ public class Blocklist {
            files.add(new BLFile(blFile, ID_LOCAL));
        }
        files.add(new BLFile(_blocklistFeedFile, ID_FEED));
-        blFile = new File(_context.getConfigDir(), BLOCKLIST_COUNTRY_FILE);
-        files.add(new BLFile(blFile, ID_COUNTRY));
+        if (_context.router().isHidden() ||
+            _context.getBooleanProperty(GeoIP.PROP_BLOCK_MY_COUNTRY)) {
+            blFile = new File(_context.getConfigDir(), BLOCKLIST_COUNTRY_FILE);
+            files.add(new BLFile(blFile, ID_COUNTRY));
+        }
        // user specified
        String file = _context.getProperty(PROP_BLOCKLIST_FILE);
        if (file != null && !file.equals(BLOCKLIST_FILE_DEFAULT)) {
@@ -667,6 +679,8 @@ public class Blocklist {
     * @param ip IPv4 or IPv6
     */
    public void add(String ip) {
+        if (!_haveIPv6 && ip.indexOf(':') >= 0)
+            return;
        byte[] pib = Addresses.getIPOnly(ip);
        if (pib == null) return;
        add(pib, null);
@@ -682,6 +696,8 @@ public class Blocklist {
     * @since 0.9.57
     */
    public void add(String ip, String source) {
+        if (!_haveIPv6 && ip.indexOf(':') >= 0)
+            return;
        byte[] pib = Addresses.getIPOnly(ip);
        if (pib == null) return;
        add(pib, source);
@@ -722,6 +738,8 @@ public class Blocklist {
            }
            rv = add(toInt(ip));
        } else if (ip.length == 16) {
+            if (!_haveIPv6)
+                return;
            // don't ever block ourselves
            String us = _context.getProperty(UDPTransport.PROP_IPV6);
            if (us != null) {
@@ -754,10 +772,13 @@ public class Blocklist {
     * @since 0.9.28
     */
    public void remove(byte ip[]) {
-        if (ip.length == 4)
+        if (ip.length == 4) {
            remove(toInt(ip));
-        else if (ip.length == 16)
+        } else if (ip.length == 16) {
+            if (!_haveIPv6)
+                return;
            remove(new BigInteger(1, ip));
+        }
    }

    /**
@@ -835,12 +856,14 @@ public class Blocklist {
     * Will not contain duplicates.
     * @since 0.9.29
     */
-    private static List<byte[]> getAddresses(RouterInfo pinfo) {
+    private List<byte[]> getAddresses(RouterInfo pinfo) {
        List<byte[]> rv = new ArrayList<byte[]>(4);
        // for each peer address
        for (RouterAddress pa : pinfo.getAddresses()) {
            byte[] pib = pa.getIP();
            if (pib == null) continue;
+            if (!_haveIPv6 && pib.length == 16)
+                continue;
            // O(n**2)
            boolean dup = false;
            for (int i = 0; i < rv.size(); i++) {
@@ -901,6 +924,8 @@ public class Blocklist {
     * @param ip IPv4 or IPv6
     */
    public boolean isBlocklisted(String ip) {
+        if (!_haveIPv6 && ip.indexOf(':') >= 0)
+            return false;
        byte[] pib = Addresses.getIPOnly(ip);
        if (pib == null) return false;
        return isBlocklisted(pib);
@@ -914,8 +939,11 @@ public class Blocklist {
    public boolean isBlocklisted(byte ip[]) {
        if (ip.length == 4)
            return isBlocklisted(toInt(ip));
-        if (ip.length == 16)
+        if (ip.length == 16) {
+            if (!_haveIPv6)
+                return false;
            return isOnSingleList(new BigInteger(1, ip));
+        }
        return false;
    }

@@ -1094,6 +1122,9 @@ public class Blocklist {
     *
     */
    private void banlist(Hash peer, byte[] ip) {
+        // Don't bother unless we have IPv6
+        if (!_haveIPv6 && ip.length == 16)
+            return;
        // Temporary reason, until the job finishes
        String reason = _x("IP banned by blocklist.txt entry {0}");
        String sip = Addresses.toString(ip);
@@ -1239,6 +1270,8 @@ public class Blocklist {
     *  @since 0.9.48
     */
    public List<BigInteger> getTransientIPv6Blocks() {
+        if (!_haveIPv6)
+            return Collections.<BigInteger>emptyList();
        synchronized(_singleIPv6Blocklist) {
            return new ArrayList<BigInteger>(_singleIPv6Blocklist.keySet());
        }
--- a/router/java/src/net/i2p/router/transport/GeoIP.java
+++ b/router/java/src/net/i2p/router/transport/GeoIP.java
@@ -93,7 +93,7 @@ public class GeoIP {
    private static final String DEBIAN_GEOIPV6_FILE = "/usr/share/GeoIP/GeoIPv6.dat";
    private static final boolean DISABLE_DEBIAN = false;
    private static final boolean ENABLE_DEBIAN = !DISABLE_DEBIAN && !(SystemVersion.isWindows() || SystemVersion.isAndroid());
-    private static final String PROP_BLOCK_MY_COUNTRY = "i2np.blockMyCountry";
+    public static final String PROP_BLOCK_MY_COUNTRY = "i2np.blockMyCountry";
    /** maxmind API */
    private static final String UNKNOWN_COUNTRY_CODE = "--";
    /** db-ip.com https://db-ip.com/faq.php */