From d93e16e52e6afdf55a7a60768c8ec2023570ff12 Mon Sep 17 00:00:00 2001
From: zzz <zzz@i2pmail.org>
Date: Fri, 11 Jun 2021 09:29:16 -0400
Subject: [PATCH] UPnP: Bind to IPv6 addresses for search responses

Older miniupnpd 2.0 will send a SSDP search response with an IPv6 location to a IPv4 address,
but newer ones 2.2 won't. So we need to also bind to an IPv6 address for the SSDP search
to receive the router's IPv6 location. Then we can bind to our public IPv6 address
for a port forward and it will work when miniupnpd is configured for "secure".

Also, don't bind a POST request to a mismatched v4/v6 address.
---
 history.txt                                   | 19 +++++++++++++++----
 .../src/net/i2p/router/RouterVersion.java     |  2 +-
 .../src/net/i2p/router/transport/UPnP.java    |  9 +++++++--
 .../src/org/cybergarage/http/HTTPRequest.java | 12 ++++++++++--
 4 files changed, 33 insertions(+), 9 deletions(-)

diff --git a/history.txt b/history.txt
index fc9f5af3e..bae0c0283 100644
--- a/history.txt
+++ b/history.txt
@@ -1,7 +1,18 @@
-2021-06-07 zzz
- Tunnels:
- - More work on short tunnel build messages (proposal 157)
- - Fix compare logic in ITBM parser (ticket #2814)
+2021-06-11 zzz
+ * UPnP: Bind to IPv6 addresses for search responses
+
+2021-06-10 zzz
+ * Updates:
+   - Add preliminary support for dmg/exe updates
+   - Make backup news URL configurable (see gitlab MR !33)
+
+2021-06-08 zzz
+ * NetDB: Prevent rare deadlock in rebuildRouterInfo()
+ * Tunnels:
+   - More work on short tunnel build messages (proposal 157)
+   - Fix compare logic in ITBM parser (ticket #2814)
+   - Extend use of high cap peers in expl. tunnels at startup, after extended downtime
+   - Switch from SHA256 to SipHash for peer ordering
 
 2021-06-01 zzz
  * i2psnark: Fix autostart for magnets
diff --git a/router/java/src/net/i2p/router/RouterVersion.java b/router/java/src/net/i2p/router/RouterVersion.java
index aee15848b..2d30a2c12 100644
--- a/router/java/src/net/i2p/router/RouterVersion.java
+++ b/router/java/src/net/i2p/router/RouterVersion.java
@@ -18,7 +18,7 @@ public class RouterVersion {
     /** deprecated */
     public final static String ID = "Git";
     public final static String VERSION = CoreVersion.VERSION;
-    public final static long BUILD = 2;
+    public final static long BUILD = 3;
 
     /** for example "-test" */
     public final static String EXTRA = "";
diff --git a/router/java/src/net/i2p/router/transport/UPnP.java b/router/java/src/net/i2p/router/transport/UPnP.java
index 78012214f..aa75fddfc 100644
--- a/router/java/src/net/i2p/router/transport/UPnP.java
+++ b/router/java/src/net/i2p/router/transport/UPnP.java
@@ -681,13 +681,18 @@ public class UPnP extends ControlPoint implements DeviceChangeListener, EventLis
 	 * @since 0.9.46
 	 */
 	static Set<String> getLocalAddresses() {
-		Set<String> addrs = Addresses.getAddresses(true, false, false);
+		// older miniupnpd will send ipv6 ssdp search response to ipv4 address,
+		// but newer ones won't. So we need to bind to an ipv6 address
+		// to get his ipv6 address so we can bind to OUR ipv6 address
+		// for a port forward when miniupnpd is configured for "secure".
+		// local, no loopback, ipv6, no temp. ipv6
+		Set<String> addrs = Addresses.getAddresses(true, false, true, false);
 		// remove public addresses
 		// see TransportManager.startListening()
 		for (Iterator<String> iter = addrs.iterator(); iter.hasNext(); ) {
 			String addr = iter.next();
 			byte[] ip = Addresses.getIP(addr);
-			if (ip == null || TransportUtil.isPubliclyRoutable(ip, false))
+			if (ip == null || TransportUtil.isPubliclyRoutable(ip, true))
 				iter.remove();
 		}
 		return addrs;
diff --git a/router/java/src/org/cybergarage/http/HTTPRequest.java b/router/java/src/org/cybergarage/http/HTTPRequest.java
index 4e35837be..6b9c850b2 100644
--- a/router/java/src/org/cybergarage/http/HTTPRequest.java
+++ b/router/java/src/org/cybergarage/http/HTTPRequest.java
@@ -423,8 +423,16 @@ public class HTTPRequest extends HTTPPacket
 				// And set the soTimeout to 2 second (for reads).
 				//postSocket = new Socket(host, port);
 				postSocket = new Socket();
-				if (bindTo != null)
-					postSocket.bind(new InetSocketAddress(bindTo, 0));
+				if (bindTo != null) {
+					boolean fromv6 = bindTo.contains(":");
+					boolean tov6 = host.contains(":");
+					if (fromv6 == tov6) {
+						//Debug.warning("POST bindTo " + bindTo + " connect to " + host);
+						postSocket.bind(new InetSocketAddress(bindTo, 0));
+					} else {
+						Debug.warning("POST mismatch, NOT binding to " + bindTo + " connect to " + host);
+					}
+				}
 				postSocket.setSoTimeout(2000);
 				SocketAddress sa = new InetSocketAddress(host, port);
 				postSocket.connect(sa, 3000);