I2P Address: [http://git.idk.i2p]

Skip to content
Snippets Groups Projects
Commit 72527f4d authored by zzz's avatar zzz
Browse files

SSU: Allow IP and port in relay request if it matches the source

parent dfbbe3e9
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
router/java/src/net/i2p/router/transport/udp/IntroductionManager.java
+ 27
5
View file @ 72527f4d
...@@ -3,6 +3,7 @@ package net.i2p.router.transport.udp; ...@@ -3,6 +3,7 @@ package net.i2p.router.transport.udp;
import java.net.InetAddress; import java.net.InetAddress;
import java.net.UnknownHostException; import java.net.UnknownHostException;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections; import java.util.Collections;
import java.util.HashSet; import java.util.HashSet;
import java.util.List; import java.util.List;
...@@ -440,12 +441,33 @@ class IntroductionManager { ...@@ -440,12 +441,33 @@ class IntroductionManager {
// and we don't read it here. // and we don't read it here.
// FIXME implement for getting Alice's IPv4 in RelayRequest sent over IPv6? // FIXME implement for getting Alice's IPv4 in RelayRequest sent over IPv6?
// or is that just too easy to spoof? // or is that just too easy to spoof?
if (!isValid(alice.getIP(), alice.getPort()) || ipSize != 0 || port != 0) { byte[] aliceIP = alice.getIP();
if (_log.shouldLog(Log.WARN)) { int alicePort = alice.getPort();
byte ip[] = new byte[ipSize]; if (!isValid(alice.getIP(), alice.getPort())) {
rrReader.readIP(ip, 0); if (_log.shouldWarn())
_log.warn("Bad relay req from " + alice + " for " + Addresses.toString(ip, port)); _log.warn("Bad relay req from " + alice + " for " + Addresses.toString(aliceIP, alicePort));
_context.statManager().addRateData("udp.relayBadIP", 1);
return;
}
// prior to 0.9.24 we rejected any non-zero-length ip
// here we reject anything different
// TODO relay request over IPv6
if (ipSize != 0) {
byte ip[] = new byte[ipSize];
rrReader.readIP(ip, 0);
if (!Arrays.equals(aliceIP, ip)) {
if (_log.shouldWarn())
_log.warn("Bad relay req from " + alice + " for " + Addresses.toString(ip, port));
_context.statManager().addRateData("udp.relayBadIP", 1);
return;
} }
}
// prior to 0.9.24 we rejected any nonzero port
// here we reject anything different
// TODO relay request over IPv6
if (port != 0 && port != alicePort) {
if (_log.shouldWarn())
_log.warn("Bad relay req from " + alice + " for " + Addresses.toString(aliceIP, port));
_context.statManager().addRateData("udp.relayBadIP", 1); _context.statManager().addRateData("udp.relayBadIP", 1);
return; return;
} }
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Base32 Address: [http://7qeve4v2chmjdqlwpa3vl7aojf3nodbku7vepnjwrsxljzqipz6a.b32.i2p] Onion Address: [http://47ggr2fa3vnwfyhvgskzdmr3i32eijwymxohtxsls45dulmriwxszjad.onion]