From 699a62a9b9ae5461907ce5e6ccd980d024f4b1cd Mon Sep 17 00:00:00 2001
From: zzz <zzz@mail.i2p>
Date: Tue, 27 May 2008 13:20:56 +0000
Subject: [PATCH] Dont bid on private IP addresses in transports

---
 history.txt                                    |  8 +++++++-
 .../java/src/net/i2p/router/RouterVersion.java |  2 +-
 .../router/transport/ntcp/NTCPTransport.java   | 10 ++++++++++
 .../i2p/router/transport/udp/UDPTransport.java | 18 +++++++++++++++++-
 4 files changed, 35 insertions(+), 3 deletions(-)

diff --git a/history.txt b/history.txt
index 0d33ee66d..b22b8c3f4 100644
--- a/history.txt
+++ b/history.txt
@@ -1,8 +1,14 @@
+2008-05-29 zzz
+    * Transport:
+      - NTCP and UDP: Don't bid to connect to private IP addresses, mark unreachable
+      - UDP: Don't bid when IP address missing, mark unreachable
+
 2008-05-26 zzz
     * Throttle: Set a default router.maxParticipatingTunnels = 3000 (was none)
     * Stats: Add a fake uptime if not publishing stats, to get participating tunnels
     * build.xml:
-      - Add an updateSmall target which includes only the essentials
+      - Add an updaterSmall target which includes only the essentials
+      - Add an updaterRouter target which includes only i2p.jar and router.jar
       - Clean up the build file some 
       - Remove empty eepsite/ and subdirs from i2pupdate.zip
     * configtunnels.jsp: Add warning
diff --git a/router/java/src/net/i2p/router/RouterVersion.java b/router/java/src/net/i2p/router/RouterVersion.java
index 2e12db0e1..15ebe7eb4 100644
--- a/router/java/src/net/i2p/router/RouterVersion.java
+++ b/router/java/src/net/i2p/router/RouterVersion.java
@@ -17,7 +17,7 @@ import net.i2p.CoreVersion;
 public class RouterVersion {
     public final static String ID = "$Revision: 1.548 $ $Date: 2008-02-10 15:00:00 $";
     public final static String VERSION = "0.6.1.33";
-    public final static long BUILD = 8;
+    public final static long BUILD = 9;
     public static void main(String args[]) {
         System.out.println("I2P Router version: " + VERSION + "-" + BUILD);
         System.out.println("Router ID: " + RouterVersion.ID);
diff --git a/router/java/src/net/i2p/router/transport/ntcp/NTCPTransport.java b/router/java/src/net/i2p/router/transport/ntcp/NTCPTransport.java
index 38128abc2..89583db79 100644
--- a/router/java/src/net/i2p/router/transport/ntcp/NTCPTransport.java
+++ b/router/java/src/net/i2p/router/transport/ntcp/NTCPTransport.java
@@ -69,6 +69,7 @@ public class NTCPTransport extends TransportImpl {
         _context.statManager().createRateStat("ntcp.closeOnBacklog", "", "ntcp", new long[] { 60*1000, 10*60*1000 });
         _context.statManager().createRateStat("ntcp.connectFailedIOE", "", "ntcp", new long[] { 60*1000, 10*60*1000 });
         _context.statManager().createRateStat("ntcp.connectFailedInvalidPort", "", "ntcp", new long[] { 60*1000, 10*60*1000 });
+        _context.statManager().createRateStat("ntcp.bidRejectedLocalAddress", "", "ntcp", new long[] { 60*1000, 10*60*1000 });
         _context.statManager().createRateStat("ntcp.bidRejectedNoNTCPAddress", "", "ntcp", new long[] { 60*1000, 10*60*1000 });
         _context.statManager().createRateStat("ntcp.connectFailedTimeout", "", "ntcp", new long[] { 60*1000, 10*60*1000 });
         _context.statManager().createRateStat("ntcp.connectFailedTimeoutIOE", "", "ntcp", new long[] { 60*1000, 10*60*1000 });
@@ -273,6 +274,15 @@ public class NTCPTransport extends TransportImpl {
                 _log.debug("no bid when trying to send to " + toAddress.getIdentity().calculateHash().toBase64() + " as they don't have a valid ntcp address");
             return null;
         }
+        if (!naddr.isPubliclyRoutable()) {
+            if (! _context.getProperty("i2np.ntcp.allowLocal", "false").equals("true")) {
+                _context.statManager().addRateData("ntcp.bidRejectedLocalAddress", 1, 0);
+                markUnreachable(peer);
+                if (_log.shouldLog(Log.DEBUG))
+                    _log.debug("no bid when trying to send to " + toAddress.getIdentity().calculateHash().toBase64() + " as they have a private ntcp address");
+                return null;
+            }
+        }
         
         //if ( (_myAddress != null) && (_myAddress.equals(addr)) ) 
         //    return null; // dont talk to yourself
diff --git a/router/java/src/net/i2p/router/transport/udp/UDPTransport.java b/router/java/src/net/i2p/router/transport/udp/UDPTransport.java
index 61eb3a8fb..4e5e77030 100644
--- a/router/java/src/net/i2p/router/transport/udp/UDPTransport.java
+++ b/router/java/src/net/i2p/router/transport/udp/UDPTransport.java
@@ -858,8 +858,24 @@ public class UDPTransport extends TransportImpl implements TimedWeightedPriority
             else
                 return _fastBid;
         } else {
-            if (null == toAddress.getTargetAddress(STYLE))
+            // Validate his SSU address
+            RouterAddress addr = toAddress.getTargetAddress(STYLE);
+            if (addr == null) {
+                markUnreachable(to);
                 return null;
+            }
+            UDPAddress ua = new UDPAddress(addr);
+            if (ua == null) {
+                markUnreachable(to);
+                return null;
+            }
+            if (ua.getIntroducerCount() <= 0) {
+                InetAddress ia = ua.getHostAddress();
+                if (ua.getPort() <= 0 || ia == null || !isPubliclyRoutable(ia.getAddress())) {
+                    markUnreachable(to);
+                    return null;
+                }
+            }
 
             if (_log.shouldLog(Log.DEBUG))
                 _log.debug("bidding on a message to an unestablished peer: " + to.toBase64());