loveisgrief/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Packages Projects Releases Wiki Activity

NetDB: When verifying store, don't use floodfills too close

Browse Source 
to the store
This commit is contained in:
zzz
2016-11-17 14:27:55 +00:00
parent 66c2664b91
commit 7a1a1d5b93
2 changed files with 37 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
router/java/src/net/i2p/router/networkdb/kademlia/FloodfillVerifyStoreJob.java
View File

@@ -19,6 +19,7 @@ import net.i2p.router.MessageSelector;
import net.i2p.router.ReplyJob;
import net.i2p.router.RouterContext;
import net.i2p.router.TunnelInfo;
import net.i2p.router.util.MaskedIPSet;
import net.i2p.util.Log;
/**
@@ -39,11 +40,13 @@ class FloodfillVerifyStoreJob extends JobImpl {
private final boolean _isRouterInfo;
private MessageWrapper.WrappedMessage _wrappedMessage;
private final Set<Hash> _ignore;
private final MaskedIPSet _ipSet;
private static final int START_DELAY = 18*1000;
private static final int START_DELAY_RAND = 9*1000;
private static final int VERIFY_TIMEOUT = 20*1000;
private static final int MAX_PEERS_TO_TRY = 4;
private static final int IP_CLOSE_BYTES = 3;
/**
* Delay a few seconds, then start the verify
@@ -60,7 +63,10 @@ class FloodfillVerifyStoreJob extends JobImpl {
_facade = facade;
_ignore = new HashSet<Hash>(MAX_PEERS_TO_TRY);
if (sentTo != null) {
_ipSet = new MaskedIPSet(ctx, sentTo, IP_CLOSE_BYTES);
_ignore.add(_sentTo);
} else {
_ipSet = new MaskedIPSet(4);
}
// wait some time before trying to verify the store
getTiming().setStartAfter(ctx.clock().now() + START_DELAY + ctx.random().nextInt(START_DELAY_RAND));
@@ -188,10 +194,19 @@ class FloodfillVerifyStoreJob extends JobImpl {
break;
Hash peer = peers.get(0);
RouterInfo ri = _facade.lookupRouterInfoLocally(peer);
if (ri != null && StoreJob.supportsCert(ri, keyCert))
return peer;
if (_log.shouldLog(Log.INFO))
_log.info(getJobId() + ": Skipping verify w/ router that doesn't support key certs " + peer);
if (ri != null && StoreJob.supportsCert(ri, keyCert)) {
Set<String> peerIPs = new MaskedIPSet(getContext(), ri, IP_CLOSE_BYTES);
if (!_ipSet.containsAny(peerIPs)) {
_ipSet.addAll(peerIPs);
return peer;
} else {
if (_log.shouldLog(Log.INFO))
_log.info(getJobId() + ": Skipping verify w/ router too close to the store " + peer);
}
} else {
if (_log.shouldLog(Log.INFO))
_log.info(getJobId() + ": Skipping verify w/ router that doesn't support key certs " + peer);
}
_ignore.add(peer);
}
} else {

22
router/java/src/net/i2p/router/util/MaskedIPSet.java
View File

@@ -32,17 +32,31 @@ public class MaskedIPSet extends HashSet<String> {
*
* As of 0.9.24, returned set will include netdb family as well.
*
* @param peer non-null
* @param mask is 1-4 (number of bytes to match)
* @return an opaque set of masked IPs for this peer
*/
public MaskedIPSet(RouterContext ctx, Hash peer, int mask) {
this(ctx, ctx.netDb().lookupRouterInfoLocally(peer), mask);
}
/**
* The Set of IPs for this peer, with a given mask.
* Includes the comm system's record of the IP, and all netDb addresses.
*
* As of 0.9.24, returned set will include netdb family as well.
*
* @param pinfo may be null
* @param mask is 1-4 (number of bytes to match)
* @return an opaque set of masked IPs for this peer
*/
public MaskedIPSet(RouterContext ctx, RouterInfo pinfo, int mask) {
super(4);
byte[] commIP = ctx.commSystem().getIP(peer);
if (commIP != null)
add(maskedIP(commIP, mask));
RouterInfo pinfo = ctx.netDb().lookupRouterInfoLocally(peer);
if (pinfo == null)
return;
byte[] commIP = ctx.commSystem().getIP(pinfo.getHash());
if (commIP != null)
add(maskedIP(commIP, mask));
Collection<RouterAddress> paddr = pinfo.getAddresses();
for (RouterAddress pa : paddr) {
byte[] pib = pa.getIP();