diff --git a/router/java/src/net/i2p/router/networkdb/kademlia/FloodfillVerifyStoreJob.java b/router/java/src/net/i2p/router/networkdb/kademlia/FloodfillVerifyStoreJob.java
index 9ffda0201e34912afc0e9a4a2e3459e09328436d..d0f94131ccb1d700cabc47282eeda97ec20c0829 100644
--- a/router/java/src/net/i2p/router/networkdb/kademlia/FloodfillVerifyStoreJob.java
+++ b/router/java/src/net/i2p/router/networkdb/kademlia/FloodfillVerifyStoreJob.java
@@ -19,6 +19,7 @@ import net.i2p.router.MessageSelector;
import net.i2p.router.ReplyJob;
import net.i2p.router.RouterContext;
import net.i2p.router.TunnelInfo;
+import net.i2p.router.util.MaskedIPSet;
import net.i2p.util.Log;
/**
@@ -39,11 +40,13 @@ class FloodfillVerifyStoreJob extends JobImpl {
private final boolean _isRouterInfo;
private MessageWrapper.WrappedMessage _wrappedMessage;
private final Set<Hash> _ignore;
+ private final MaskedIPSet _ipSet;
private static final int START_DELAY = 18*1000;
private static final int START_DELAY_RAND = 9*1000;
private static final int VERIFY_TIMEOUT = 20*1000;
private static final int MAX_PEERS_TO_TRY = 4;
+ private static final int IP_CLOSE_BYTES = 3;
/**
* Delay a few seconds, then start the verify
@@ -60,7 +63,10 @@ class FloodfillVerifyStoreJob extends JobImpl {
_facade = facade;
_ignore = new HashSet<Hash>(MAX_PEERS_TO_TRY);
if (sentTo != null) {
+ _ipSet = new MaskedIPSet(ctx, sentTo, IP_CLOSE_BYTES);
_ignore.add(_sentTo);
+ } else {
+ _ipSet = new MaskedIPSet(4);
}
// wait some time before trying to verify the store
getTiming().setStartAfter(ctx.clock().now() + START_DELAY + ctx.random().nextInt(START_DELAY_RAND));
@@ -188,10 +194,19 @@ class FloodfillVerifyStoreJob extends JobImpl {
break;
Hash peer = peers.get(0);
RouterInfo ri = _facade.lookupRouterInfoLocally(peer);
- if (ri != null && StoreJob.supportsCert(ri, keyCert))
- return peer;
- if (_log.shouldLog(Log.INFO))
- _log.info(getJobId() + ": Skipping verify w/ router that doesn't support key certs " + peer);
+ if (ri != null && StoreJob.supportsCert(ri, keyCert)) {
+ Set<String> peerIPs = new MaskedIPSet(getContext(), ri, IP_CLOSE_BYTES);
+ if (!_ipSet.containsAny(peerIPs)) {
+ _ipSet.addAll(peerIPs);
+ return peer;
+ } else {
+ if (_log.shouldLog(Log.INFO))
+ _log.info(getJobId() + ": Skipping verify w/ router too close to the store " + peer);
+ }
+ } else {
+ if (_log.shouldLog(Log.INFO))
+ _log.info(getJobId() + ": Skipping verify w/ router that doesn't support key certs " + peer);
+ }
_ignore.add(peer);
}
} else {
diff --git a/router/java/src/net/i2p/router/util/MaskedIPSet.java b/router/java/src/net/i2p/router/util/MaskedIPSet.java
index bfcecfd7c3ee87f074cd516cd5e50a6cc62e99ed..eaf3b6e7e3ccf14af8ed52dcb16840ba440d6b1e 100644
--- a/router/java/src/net/i2p/router/util/MaskedIPSet.java
+++ b/router/java/src/net/i2p/router/util/MaskedIPSet.java
@@ -32,17 +32,31 @@ public class MaskedIPSet extends HashSet<String> {
*
* As of 0.9.24, returned set will include netdb family as well.
*
+ * @param peer non-null
* @param mask is 1-4 (number of bytes to match)
* @return an opaque set of masked IPs for this peer
*/
public MaskedIPSet(RouterContext ctx, Hash peer, int mask) {
+ this(ctx, ctx.netDb().lookupRouterInfoLocally(peer), mask);
+ }
+
+ /**
+ * The Set of IPs for this peer, with a given mask.
+ * Includes the comm system's record of the IP, and all netDb addresses.
+ *
+ * As of 0.9.24, returned set will include netdb family as well.
+ *
+ * @param pinfo may be null
+ * @param mask is 1-4 (number of bytes to match)
+ * @return an opaque set of masked IPs for this peer
+ */
+ public MaskedIPSet(RouterContext ctx, RouterInfo pinfo, int mask) {
super(4);
- byte[] commIP = ctx.commSystem().getIP(peer);
- if (commIP != null)
- add(maskedIP(commIP, mask));
- RouterInfo pinfo = ctx.netDb().lookupRouterInfoLocally(peer);
if (pinfo == null)
return;
+ byte[] commIP = ctx.commSystem().getIP(pinfo.getHash());
+ if (commIP != null)
+ add(maskedIP(commIP, mask));
Collection<RouterAddress> paddr = pinfo.getAddresses();
for (RouterAddress pa : paddr) {
byte[] pib = pa.getIP();