I2P Address: [http://git.idk.i2p]

Skip to content
Snippets Groups Projects
Commit 8e66563e authored by zzz's avatar zzz
Browse files

Merge branch 'ssu1-1' into 'master' 

Transport: SSU1 removal part 1/n

See merge request !174
parents 6a9b9267 74f57b87
No related branches found
No related tags found
1 merge request!174Transport: SSU1 removal part 1/n
Pipeline #1470 canceled
Stage: test
Stage: build
Hide whitespace changes
Inline Side-by-side
router/java/src/net/i2p/router/transport/udp/PacketHandler.java
+ 6
618
View file @ 8e66563e
...@@ -32,15 +32,10 @@ class PacketHandler { ...@@ -32,15 +32,10 @@ class PacketHandler {
private final Log _log; private final Log _log;
private final UDPTransport _transport; private final UDPTransport _transport;
private final EstablishmentManager _establisher; private final EstablishmentManager _establisher;
private final InboundMessageFragments _inbound;
private final PeerTestManager _testManager; private final PeerTestManager _testManager;
private final IntroductionManager _introManager;
private volatile boolean _keepReading; private volatile boolean _keepReading;
private final Handler[] _handlers; private final Handler[] _handlers;
private final Map<RemoteHostId, Object> _failCache;
private final BlockingQueue<UDPPacket> _inboundQueue; private final BlockingQueue<UDPPacket> _inboundQueue;
private static final Object DUMMY = new Object();
private final boolean _enableSSU1, _enableSSU2;
private final int _networkID; private final int _networkID;
private static final int TYPE_POISON = -99999; private static final int TYPE_POISON = -99999;
...@@ -48,28 +43,14 @@ class PacketHandler { ...@@ -48,28 +43,14 @@ class PacketHandler {
private static final int MAX_QUEUE_SIZE = 192; private static final int MAX_QUEUE_SIZE = 192;
private static final int MIN_NUM_HANDLERS = 1; // unless < 32MB private static final int MIN_NUM_HANDLERS = 1; // unless < 32MB
private static final int MAX_NUM_HANDLERS = 1; private static final int MAX_NUM_HANDLERS = 1;
/**
* Let packets be up to this much skewed.
* This is the same limit as in InNetMessagePool's MessageValidator.
* There's no use making it any larger, as messages will just be thrown out there.
*/
private static final long GRACE_PERIOD = Router.CLOCK_FUDGE_FACTOR + 30*1000;
static final long MAX_SKEW = 90*24*60*60*1000L;
private enum AuthType { NONE, INTRO, BOBINTRO, SESSION }
PacketHandler(RouterContext ctx, UDPTransport transport, boolean enableSSU1, boolean enableSSU2, EstablishmentManager establisher, PacketHandler(RouterContext ctx, UDPTransport transport, boolean enableSSU1, boolean enableSSU2, EstablishmentManager establisher,
InboundMessageFragments inbound, PeerTestManager testManager, IntroductionManager introManager) { InboundMessageFragments inbound, PeerTestManager testManager, IntroductionManager introManager) {
_context = ctx; _context = ctx;
_log = ctx.logManager().getLog(PacketHandler.class); _log = ctx.logManager().getLog(PacketHandler.class);
_transport = transport; _transport = transport;
_enableSSU1 = enableSSU1;
_enableSSU2 = enableSSU2;
_establisher = establisher; _establisher = establisher;
_inbound = inbound;
_testManager = testManager; _testManager = testManager;
_introManager = introManager;
_failCache = new LHMCache<RemoteHostId, Object>(24);
_networkID = ctx.router().getNetworkID(); _networkID = ctx.router().getNetworkID();
long maxMemory = SystemVersion.getMaxMemory(); long maxMemory = SystemVersion.getMaxMemory();
...@@ -87,20 +68,7 @@ class PacketHandler { ...@@ -87,20 +68,7 @@ class PacketHandler {
_handlers[i] = new Handler(); _handlers[i] = new Handler();
} }
_context.statManager().createRateStat("udp.receivePacketSkew", "How long ago after the packet was sent did we receive it", "udp", UDPTransport.RATES);
_context.statManager().createRateStat("udp.droppedInvalidUnkown", "How old the packet we dropped due to invalidity (unkown type) was", "udp", UDPTransport.RATES);
_context.statManager().createRateStat("udp.droppedInvalidReestablish", "How old the packet we dropped due to invalidity (doesn't use existing key, not an establishment) was", "udp", UDPTransport.RATES);
_context.statManager().createRateStat("udp.droppedInvalidEstablish", "How old the packet we dropped due to invalidity (establishment, bad key) was", "udp", UDPTransport.RATES);
_context.statManager().createRateStat("udp.droppedInvalidEstablish.inbound", "How old the packet we dropped due to invalidity (even though we have an active inbound establishment with the peer) was", "udp", UDPTransport.RATES);
_context.statManager().createRateStat("udp.droppedInvalidEstablish.outbound", "How old the packet we dropped due to invalidity (even though we have an active outbound establishment with the peer) was", "udp", UDPTransport.RATES);
_context.statManager().createRateStat("udp.droppedInvalidEstablish.new", "How old the packet we dropped due to invalidity (even though we do not have any active establishment with the peer) was", "udp", UDPTransport.RATES);
_context.statManager().createRateStat("udp.droppedInvalidInboundEstablish", "How old the packet we dropped due to invalidity (inbound establishment, bad key) was", "udp", UDPTransport.RATES);
_context.statManager().createRateStat("udp.droppedInvalidSkew", "How skewed the packet we dropped due to invalidity (valid except bad skew) was", "udp", UDPTransport.RATES);
_context.statManager().createRateStat("udp.destroyedInvalidSkew", "Destroyed session due to bad skew", "udp", UDPTransport.RATES); _context.statManager().createRateStat("udp.destroyedInvalidSkew", "Destroyed session due to bad skew", "udp", UDPTransport.RATES);
_context.statManager().createRateStat("udp.receivePacketSize.dataKnown", "Packet size of the given inbound packet type (period is the packet's lifetime)", "udp", UDPTransport.RATES);
_context.statManager().createRateStat("udp.receivePacketSize.dataKnownAck", "Packet size of the given inbound packet type (period is the packet's lifetime)", "udp", UDPTransport.RATES);
_context.statManager().createRateStat("udp.receivePacketSize.dataUnknown", "Packet size of the given inbound packet type (period is the packet's lifetime)", "udp", UDPTransport.RATES);
_context.statManager().createRateStat("udp.receivePacketSize.dataUnknownAck", "Packet size of the given inbound packet type (period is the packet's lifetime)", "udp", UDPTransport.RATES);
} }
public synchronized void startup() { public synchronized void startup() {
...@@ -177,29 +145,8 @@ class PacketHandler { ...@@ -177,29 +145,8 @@ class PacketHandler {
return rv; return rv;
} }
/**
* @since 0.9.42
*/
private boolean validate(UDPPacket packet, SessionKey key) {
return packet.validate(key, _transport.getHMAC());
}
private enum PeerType {
/** the packet is from a peer we are establishing an outbound con to, but failed validation, so fallback */
OUTBOUND_FALLBACK,
/** the packet is from a peer we are establishing an inbound con to, but failed validation, so fallback */
INBOUND_FALLBACK,
/** the packet is not from anyone we know */
NEW_PEER
}
private class Handler implements Runnable { private class Handler implements Runnable {
private final UDPPacketReader _reader;
public Handler() {
_reader = new UDPPacketReader(_context);
}
public void run() { public void run() {
while (_keepReading) { while (_keepReading) {
UDPPacket packet = receiveNext(); UDPPacket packet = receiveNext();
...@@ -209,7 +156,7 @@ class PacketHandler { ...@@ -209,7 +156,7 @@ class PacketHandler {
//if (_log.shouldLog(Log.DEBUG)) //if (_log.shouldLog(Log.DEBUG))
// _log.debug("Received: " + packet); // _log.debug("Received: " + packet);
try { try {
handlePacket(_reader, packet); handlePacket(packet);
} catch (RuntimeException e) { } catch (RuntimeException e) {
if (_log.shouldLog(Log.ERROR)) if (_log.shouldLog(Log.ERROR))
_log.error("Internal error handling " + packet, e); _log.error("Internal error handling " + packet, e);
...@@ -232,7 +179,7 @@ class PacketHandler { ...@@ -232,7 +179,7 @@ class PacketHandler {
*<li>No established or pending session found *<li>No established or pending session found
*</ol> *</ol>
*/ */
private void handlePacket(UDPPacketReader reader, UDPPacket packet) { private void handlePacket(UDPPacket packet) {
RemoteHostId rem = packet.getRemoteHost(); RemoteHostId rem = packet.getRemoteHost();
PeerState state = _transport.getPeerState(rem); PeerState state = _transport.getPeerState(rem);
if (state == null) { if (state == null) {
...@@ -243,10 +190,7 @@ class PacketHandler { ...@@ -243,10 +190,7 @@ class PacketHandler {
// Group 2: Inbound Establishment // Group 2: Inbound Establishment
if (_log.shouldLog(Log.DEBUG)) if (_log.shouldLog(Log.DEBUG))
_log.debug("Packet received IS for an inbound establishment"); _log.debug("Packet received IS for an inbound establishment");
if (est.getVersion() == 2) receiveSSU2Packet(rem, packet, (InboundEstablishState2) est);
receiveSSU2Packet(rem, packet, (InboundEstablishState2) est);
else
receivePacket(reader, packet, est);
} else { } else {
//if (_log.shouldLog(Log.DEBUG)) //if (_log.shouldLog(Log.DEBUG))
// _log.debug("Packet received is not for an inbound establishment"); // _log.debug("Packet received is not for an inbound establishment");
...@@ -255,566 +199,25 @@ class PacketHandler { ...@@ -255,566 +199,25 @@ class PacketHandler {
// Group 3: Outbound Establishment // Group 3: Outbound Establishment
if (_log.shouldLog(Log.DEBUG)) if (_log.shouldLog(Log.DEBUG))
_log.debug("Packet received IS for an outbound establishment"); _log.debug("Packet received IS for an outbound establishment");
if (oest.getVersion() == 2) receiveSSU2Packet(packet, (OutboundEstablishState2) oest);
receiveSSU2Packet(packet, (OutboundEstablishState2) oest);
else
receivePacket(reader, packet, oest);
} else { } else {
// Group 4: New conn or needs fallback // Group 4: New conn or needs fallback
if (_log.shouldLog(Log.DEBUG)) if (_log.shouldLog(Log.DEBUG))
_log.debug("Packet received is not for an inbound or outbound establishment"); _log.debug("Packet received is not for an inbound or outbound establishment");
// ok, not already known establishment, try as a new one // ok, not already known establishment, try as a new one
// Last chance for success, using our intro key // Last chance for success, using our intro key
if (_enableSSU1) receiveSSU2Packet(rem, packet, (InboundEstablishState2) null);
receivePacket(reader, packet, PeerType.NEW_PEER);
else
receiveSSU2Packet(rem, packet, (InboundEstablishState2) null);
} }
} }
} else { } else {
// Group 1: Established // Group 1: Established
//if (_log.shouldLog(Log.DEBUG)) //if (_log.shouldLog(Log.DEBUG))
// _log.debug("Packet received IS for an existing peer"); // _log.debug("Packet received IS for an existing peer");
if (state.getVersion() == 2) ((PeerState2) state).receivePacket(rem, packet);
((PeerState2) state).receivePacket(rem, packet);
else
receivePacket(reader, packet, state);
}
}
///////////
// Begin SSU1-only methods (except group 4)
///////////
/**
* Group 1: Established conn
* Decrypt and validate the packet then call handlePacket()
*
* SSU1 only.
*/
private void receivePacket(UDPPacketReader reader, UDPPacket packet, PeerState state) {
AuthType auth = AuthType.NONE;
boolean isValid = validate(packet, state.getCurrentMACKey());
if (!isValid) {
if (state.getNextMACKey() != null)
isValid = validate(packet, state.getNextMACKey());
if (!isValid) {
if (_log.shouldDebug())
_log.debug("Failed validation with existing con, trying as new con: " + packet);
isValid = validate(packet, _transport.getIntroKey());
if (isValid) {
// this is a stray packet from an inbound establishment
// process, so try our intro key
// (after an outbound establishment process, there wouldn't
// be any stray packets)
// These are generally PeerTest packets
if (_log.shouldLog(Log.DEBUG))
_log.debug("Validation with existing con failed, but validation as reestablish/stray passed");
packet.decrypt(_transport.getIntroKey());
auth = AuthType.INTRO;
} else {
InboundEstablishState est = _establisher.getInboundState(packet.getRemoteHost());
if (est != null) {
if (_log.shouldLog(Log.DEBUG))
_log.debug("Packet from an existing peer IS for an inbound establishment");
receivePacket(reader, packet, est, false);
} else {
if (_log.shouldLog(Log.WARN))
_log.warn("Validation with existing con failed, and validation as reestablish failed too. DROP " + packet);
_context.statManager().addRateData("udp.droppedInvalidReestablish", packet.getLifetime());
}
return;
}
} else {
packet.decrypt(state.getNextCipherKey());
auth = AuthType.SESSION;
}
} else {
packet.decrypt(state.getCurrentCipherKey());
auth = AuthType.SESSION;
}
handlePacket(reader, packet, state, null, null, auth);
}
/**
* Group 4: New conn or failed validation - we have no Session Key.
* Here we attempt to validate the packet with our intro key,
* then decrypt the packet with our intro key,
* then call handlePacket().
*
* This falls back to SSU2 for PeerType.NEW_PEER.
* If SSU1 is disabled, call receiveSSU2Packet() directly, don't call this.
*
* @param peerType OUTBOUND_FALLBACK, INBOUND_FALLBACK, or NEW_PEER
*/
private void receivePacket(UDPPacketReader reader, UDPPacket packet, PeerType peerType) {
boolean isValid = validate(packet, _transport.getIntroKey());
if (!isValid) {
// Note that the vast majority of these are NOT corrupted packets, but
// packets for which we don't have the PeerState (i.e. SessionKey)
// Case 1: 48 byte destroy packet, we already closed
// Case 2: 369 byte session created packet, re-tx of one that failed validation
// (peer probably doesn't know his correct external port, esp. on <= 0.9.1
// Case 3:
// For peers that change ports, look for an existing session with the same IP
// If we find it, and the packet validates with its mac key, tell the transport
// to change the port, and handle the packet.
// All this since 0.9.3.
RemoteHostId remoteHost = packet.getRemoteHost();
boolean alreadyFailed;
synchronized(_failCache) {
alreadyFailed = _failCache.get(remoteHost) != null;
}
if (!alreadyFailed) {
// For now, try SSU2 Session/Token Request processing here.
// After we've migrated the majority of the network over to SSU2,
// we can try SSU2 first.
if (_enableSSU2 && peerType == PeerType.NEW_PEER) {
int len = packet.getPacket().getLength();
if (len >= SSU2Util.MIN_TOKEN_REQUEST_LEN) {
boolean handled = receiveSSU2Packet(remoteHost, packet, (InboundEstablishState2) null);
if (handled)
return;
} else if (len >= SSU2Util.MIN_DATA_LEN) {
byte[] k1 = _transport.getSSU2StaticIntroKey();
long id = SSU2Header.decryptDestConnID(packet.getPacket(), k1);
PeerStateDestroyed dead = _transport.getRecentlyClosed(id);
if (dead != null) {
// Probably termination ack.
// Prevent attempted SSU1 fallback processing and adding to fail cache
if (_log.shouldDebug())
_log.debug("Handling " + len + " byte packet from " + remoteHost +
" for recently closed ID " + id);
dead.receivePacket(remoteHost, packet);
return;
}
}
if (_log.shouldDebug())
_log.debug("Continuing with SSU1 fallback processing, wasn't an SSU2 packet from " + remoteHost);
}
// this is slow, that's why we cache it above.
List<PeerState> peers = _transport.getPeerStatesByIP(remoteHost);
if (!peers.isEmpty()) {
StringBuilder buf = new StringBuilder(256);
buf.append("Established peers with this IP: ");
boolean foundSamePort = false;
PeerState state = null;
int newPort = remoteHost.getPort();
for (PeerState ps : peers) {
if (ps.getVersion() > 1)
continue;
boolean valid = false;
if (_log.shouldLog(Log.WARN)) {
long now = _context.clock().now();
buf.append(ps.getRemoteHostId().toString())
.append(" last sent: ").append(now - ps.getLastSendTime())
.append(" last rcvd: ").append(now - ps.getLastReceiveTime());
}
if (ps.getRemotePort() == newPort) {
foundSamePort = true;
} else if (validate(packet, ps.getCurrentMACKey())) {
packet.decrypt(ps.getCurrentCipherKey());
reader.initialize(packet);
if (_log.shouldLog(Log.WARN))
buf.append(" VALID type ").append(reader.readPayloadType()).append("; ");
valid = true;
if (state == null)
state = ps;
} else {
if (_log.shouldLog(Log.WARN))
buf.append(" INVALID; ");
}
}
if (state != null && !foundSamePort) {
_transport.changePeerPort(state, newPort);
if (_log.shouldLog(Log.WARN)) {
buf.append(" CHANGED PORT TO ").append(newPort).append(" AND HANDLED");
_log.warn(buf.toString());
}
handlePacket(reader, packet, state, null, null, AuthType.SESSION);
return;
}
if (_log.shouldLog(Log.WARN))
_log.warn(buf.toString());
}
synchronized(_failCache) {
_failCache.put(remoteHost, DUMMY);
}
}
if (_log.shouldLog(Log.WARN))
_log.warn("Cannot validate rcvd pkt (path) wasCached? " + alreadyFailed + ": " + packet);
long lifetime = packet.getLifetime();
_context.statManager().addRateData("udp.droppedInvalidEstablish", lifetime);
switch (peerType) {
case INBOUND_FALLBACK:
_context.statManager().addRateData("udp.droppedInvalidEstablish.inbound", lifetime, packet.getTimeSinceReceived());
break;
case OUTBOUND_FALLBACK:
_context.statManager().addRateData("udp.droppedInvalidEstablish.outbound", lifetime, packet.getTimeSinceReceived());
break;
case NEW_PEER:
_context.statManager().addRateData("udp.droppedInvalidEstablish.new", lifetime, packet.getTimeSinceReceived());
break;
}
return;
} else {
if (_log.shouldLog(Log.DEBUG))
_log.debug("Valid introduction packet received: " + packet);
}
// Packets that get here are probably one of:
// 304 byte Session Request
// 96 byte Relay Request
// 60 byte Relay Response
// 80 byte Peer Test
packet.decrypt(_transport.getIntroKey());
handlePacket(reader, packet, null, null, null, AuthType.INTRO);
}
/**
* SSU1 only.
*
* @param state non-null
*/
private void receivePacket(UDPPacketReader reader, UDPPacket packet, InboundEstablishState state) {
receivePacket(reader, packet, state, true);
}
/**
* Group 2: Inbound establishing conn
* Decrypt and validate the packet then call handlePacket()
*
* SSU1 only.
*
* @param state non-null
* @param allowFallback if it isn't valid for this establishment state, try as a non-establishment packet
*/
private void receivePacket(UDPPacketReader reader, UDPPacket packet, InboundEstablishState state, boolean allowFallback) {
if (_log.shouldLog(Log.DEBUG)) {
StringBuilder buf = new StringBuilder(128);
buf.append("Attempting to receive a packet on a known inbound state: ");
buf.append(state);
buf.append(" MAC key: ").append(state.getMACKey());
buf.append(" intro key: ").append(_transport.getIntroKey());
_log.debug(buf.toString());
}
boolean isValid = false;
if (state.getMACKey() != null) {
isValid = validate(packet, state.getMACKey());
if (isValid) {
if (_log.shouldDebug())
_log.debug("Valid introduction packet received for inbound con: " + packet);
packet.decrypt(state.getCipherKey());
handlePacket(reader, packet, null, null, null, AuthType.SESSION);
return;
} else {
if (_log.shouldLog(Log.WARN))
_log.warn("Invalid introduction packet received for inbound con, falling back: " + packet);
}
}
if (allowFallback) {
// ok, we couldn't handle it with the established stuff, so fall back
// on earlier state packets
receivePacket(reader, packet, PeerType.INBOUND_FALLBACK);
} else {
_context.statManager().addRateData("udp.droppedInvalidInboundEstablish", packet.getLifetime());
}
}
/**
* Group 3: Outbound establishing conn
* Decrypt and validate the packet then call handlePacket()
*
* SSU1 only.
*
* @param state non-null
*/
private void receivePacket(UDPPacketReader reader, UDPPacket packet, OutboundEstablishState state) {
if (_log.shouldLog(Log.DEBUG)) {
StringBuilder buf = new StringBuilder(128);
buf.append("Attempting to receive a packet on a known outbound state: ");
buf.append(state);
buf.append(" MAC key: ").append(state.getMACKey());
buf.append(" intro key: ").append(state.getIntroKey());
_log.debug(buf.toString());
}
boolean isValid = false;
if (state.getMACKey() != null) {
isValid = validate(packet, state.getMACKey());
if (isValid) {
// this should be the Session Confirmed packet
if (_log.shouldDebug())
_log.debug("Valid introduction packet received for outbound established con: " + packet);
packet.decrypt(state.getCipherKey());
handlePacket(reader, packet, null, state, null, AuthType.SESSION);
return;
}
}
// keys not yet exchanged, lets try it with the peer's intro key
isValid = validate(packet, state.getIntroKey());
if (isValid) {
if (_log.shouldDebug())
_log.debug("Valid packet received for " + state + " with Bob's intro key: " + packet);
packet.decrypt(state.getIntroKey());
// the only packet we should be getting with Bob's intro key is Session Created
handlePacket(reader, packet, null, state, null, AuthType.BOBINTRO);
return;
} else {
if (_log.shouldLog(Log.WARN))
_log.warn("Invalid introduction packet received for outbound established con with old intro key, falling back: " + packet);
}
// ok, we couldn't handle it with the established stuff, so fall back
// on earlier state packets
receivePacket(reader, packet, PeerType.OUTBOUND_FALLBACK);
}
/**
* The last step. The packet was decrypted with some key. Now get the message type
* and send it to one of four places: The EstablishmentManager, IntroductionManager,
* PeerTestManager, or InboundMessageFragments.
*
* SSU1 only.
*
* @param state non-null if fully established
* @param outState non-null if outbound establishing in process
* @param inState unused always null, TODO use for 48-byte destroys during inbound establishment
* @param auth what type of authentication succeeded
*/
private void handlePacket(UDPPacketReader reader, UDPPacket packet, PeerState state,
OutboundEstablishState outState, InboundEstablishState inState,
AuthType auth) {
reader.initialize(packet);
long recvOn = packet.getBegin();
long sendOn = reader.readTimestamp() * 1000;
// Positive when we are ahead of them
long skew = recvOn - sendOn;
int type = reader.readPayloadType();
// if it's a bad type, the whole packet is probably corrupt
boolean typeOK = type <= UDPPacket.MAX_PAYLOAD_TYPE;
boolean skewOK = skew < MAX_SKEW && skew > (0 - MAX_SKEW) && typeOK;
// update skew whether or not we will be dropping the packet for excessive skew
if (state != null) {
if (_log.shouldLog(Log.DEBUG))
_log.debug("Received packet from " + state.getRemoteHostId().toString() + " with skew " + skew);
if (auth == AuthType.SESSION && typeOK && (skewOK || state.getMessagesReceived() <= 0))
state.adjustClockSkew(skew);
}
_context.statManager().addRateData("udp.receivePacketSkew", skew);
if (!_enableSSU2 && !_context.clock().getUpdatedSuccessfully()) {
// adjust the clock one time in desperation
_context.clock().setOffset(0 - skew, true);
if (skew != 0) {
String source;
if (state != null)
source = state.getRemotePeer().toBase64();
else if (outState != null)
source = outState.getRemoteHostId().toString();
else
source = packet.getRemoteHost().toString();
_log.logAlways(Log.WARN, "NTP failure, SSU1 adjusted clock by " + DataHelper.formatDuration(Math.abs(skew)) +
" source " + source);
skew = 0;
}
}
if (skew > GRACE_PERIOD) {
_context.statManager().addRateData("udp.droppedInvalidSkew", skew);
if (state != null && skew > 4 * GRACE_PERIOD && state.getPacketsReceived() <= 0) {
_transport.sendDestroy(state, SSU2Util.REASON_SKEW);
_transport.dropPeer(state, true, "Clock skew");
if (state.getRemotePort() == 65520) {
// distinct port of buggy router
_context.banlist().banlistRouterForever(state.getRemotePeer(),
_x("Excessive clock skew: {0}"),
DataHelper.formatDuration(skew));
} else {
_context.banlist().banlistRouter(DataHelper.formatDuration(skew),
state.getRemotePeer(),
_x("Excessive clock skew: {0}"));
}
_context.statManager().addRateData("udp.destroyedInvalidSkew", skew);
if (_log.shouldWarn())
_log.warn("Dropped conn, packet too far in the past: " + new Date(sendOn) + ": " + packet +
" PeerState: " + state);
} else {
if (_log.shouldWarn())
_log.warn("Packet too far in the past: " + new Date(sendOn) + ": " + packet +
" PeerState: " + state);
}
return;
} else if (skew < 0 - GRACE_PERIOD) {
_context.statManager().addRateData("udp.droppedInvalidSkew", 0-skew);
if (state != null && skew < 0 - (4 * GRACE_PERIOD) && state.getPacketsReceived() <= 0) {
_transport.sendDestroy(state, SSU2Util.REASON_SKEW);
_transport.dropPeer(state, true, "Clock skew");
if (state.getRemotePort() == 65520) {
// distinct port of buggy router
_context.banlist().banlistRouterForever(state.getRemotePeer(),
_x("Excessive clock skew: {0}"),
DataHelper.formatDuration(0 - skew));
} else {
_context.banlist().banlistRouter(DataHelper.formatDuration(0 - skew),
state.getRemotePeer(),
_x("Excessive clock skew: {0}"));
}
_context.statManager().addRateData("udp.destroyedInvalidSkew", 0-skew);
if (_log.shouldWarn())
_log.warn("Dropped conn, packet too far in the future: " + new Date(sendOn) + ": " + packet +
" PeerState: " + state);
} else {
if (_log.shouldWarn())
_log.warn("Packet too far in the future: " + new Date(sendOn) + ": " + packet +
" PeerState: " + state);
}
return;
}
RemoteHostId from = packet.getRemoteHost();
switch (type) {
case UDPPacket.PAYLOAD_TYPE_SESSION_REQUEST:
if (auth == AuthType.BOBINTRO) {
if (_log.shouldLog(Log.WARN))
_log.warn("Dropping type " + type + " auth " + auth + ": " + packet);
break;
}
_establisher.receiveSessionRequest(from, inState, reader);
break;
case UDPPacket.PAYLOAD_TYPE_SESSION_CONFIRMED:
if (auth != AuthType.SESSION) {
if (_log.shouldLog(Log.WARN))
_log.warn("Dropping type " + type + " auth " + auth + ": " + packet);
break;
}
_establisher.receiveSessionConfirmed(from, inState, reader);
break;
case UDPPacket.PAYLOAD_TYPE_SESSION_CREATED:
// this is the only type that allows BOBINTRO
if (auth != AuthType.BOBINTRO && auth != AuthType.SESSION) {
if (_log.shouldLog(Log.WARN))
_log.warn("Dropping type " + type + " auth " + auth + ": " + packet);
break;
}
_establisher.receiveSessionCreated(from, outState, reader);
break;
case UDPPacket.PAYLOAD_TYPE_DATA:
if (auth != AuthType.SESSION) {
if (_log.shouldLog(Log.WARN))
_log.warn("Dropping type " + type + " auth " + auth + ": " + packet);
break;
}
if (outState != null)
state = _establisher.receiveData(outState);
if (_log.shouldLog(Log.DEBUG))
_log.debug("Received new DATA packet from " + state + ": " + packet);
UDPPacketReader.DataReader dr = reader.getDataReader();
if (state != null) {
if (_log.shouldLog(Log.DEBUG)) {
StringBuilder msg = new StringBuilder(512);
msg.append("Receive ").append(System.identityHashCode(packet));
msg.append(" from ").append(state.getRemotePeer().toBase64()).append(" ").append(state.getRemoteHostId());
try {
int count = dr.readFragmentCount();
for (int i = 0; i < count; i++) {
msg.append(" msg ").append(dr.readMessageId(i));
msg.append(":").append(dr.readMessageFragmentNum(i));
if (dr.readMessageIsLast(i))
msg.append("*");
}
} catch (DataFormatException dfe) {}
msg.append(": ").append(dr.toString());
_log.debug(msg.toString());
}
//packet.beforeReceiveFragments();
_inbound.receiveData(state, dr);
_context.statManager().addRateData("udp.receivePacketSize.dataKnown", packet.getPacket().getLength(), packet.getLifetime());
} else {
// doesn't happen
_context.statManager().addRateData("udp.receivePacketSize.dataUnknown", packet.getPacket().getLength(), packet.getLifetime());
}
try {
if (dr.readFragmentCount() <= 0)
_context.statManager().addRateData("udp.receivePacketSize.dataUnknownAck", packet.getPacket().getLength(), packet.getLifetime());
} catch (DataFormatException dfe) {}
break;
case UDPPacket.PAYLOAD_TYPE_TEST:
if (auth == AuthType.BOBINTRO) {
if (_log.shouldLog(Log.WARN))
_log.warn("Dropping type " + type + " auth " + auth + ": " + packet);
break;
}
if (_log.shouldLog(Log.DEBUG))
_log.debug("Received test packet: " + reader + " from " + from);
_testManager.receiveTest(from, state, auth == AuthType.SESSION, reader);
break;
case UDPPacket.PAYLOAD_TYPE_RELAY_REQUEST:
if (auth == AuthType.BOBINTRO) {
if (_log.shouldLog(Log.WARN))
_log.warn("Dropping type " + type + " auth " + auth + ": " + packet);
break;
}
if (_log.shouldDebug())
_log.debug("Received relay request packet: " + reader + " from " + from);
_introManager.receiveRelayRequest(from, reader);
break;
case UDPPacket.PAYLOAD_TYPE_RELAY_INTRO:
if (auth != AuthType.SESSION) {
if (_log.shouldLog(Log.WARN))
_log.warn("Dropping type " + type + " auth " + auth + ": " + packet);
break;
}
if (_log.shouldDebug())
_log.debug("Received relay intro packet: " + reader + " from " + from);
_introManager.receiveRelayIntro(from, reader);
break;
case UDPPacket.PAYLOAD_TYPE_RELAY_RESPONSE:
if (auth == AuthType.BOBINTRO) {
if (_log.shouldLog(Log.WARN))
_log.warn("Dropping type " + type + " auth " + auth + ": " + packet);
break;
}
if (_log.shouldDebug())
_log.debug("Received relay response packet: " + reader + " from " + from);
_establisher.receiveRelayResponse(from, reader);
break;
case UDPPacket.PAYLOAD_TYPE_SESSION_DESTROY:
if (auth == AuthType.BOBINTRO) {
if (_log.shouldLog(Log.WARN))
_log.warn("Dropping type " + type + " auth " + auth + ": " + packet);
} else if (auth != AuthType.SESSION)
_establisher.receiveSessionDestroy(from); // drops
else if (outState != null)
_establisher.receiveSessionDestroy(from, outState);
else if (state != null)
_establisher.receiveSessionDestroy(from, state);
else
_establisher.receiveSessionDestroy(from); // drops
break;
default:
if (_log.shouldLog(Log.WARN))
_log.warn("Dropping type " + type + " auth " + auth + ": " + packet);
_context.statManager().addRateData("udp.droppedInvalidUnknown", packet.getLifetime());
return;
} }
} }
} }
//// End SSU1-only methods ////
//// Begin SSU2 Handling ////
/** /**
* Decrypt the header and hand off to the state for processing. * Decrypt the header and hand off to the state for processing.
* Packet is trial-decrypted, so fallback * Packet is trial-decrypted, so fallback
...@@ -1091,19 +494,4 @@ class PacketHandler { ...@@ -1091,19 +494,4 @@ class PacketHandler {
} }
return true; return true;
} }
//// End SSU2 Handling ////
/**
* Mark a string for extraction by xgettext and translation.
* Use this only in static initializers.
* It does not translate!
* @return s
* @since 0.9.20
*/
private static final String _x(String s) {
return s;
}
} }
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment

Base32 Address: [http://7qeve4v2chmjdqlwpa3vl7aojf3nodbku7vepnjwrsxljzqipz6a.b32.i2p] Onion Address: [http://47ggr2fa3vnwfyhvgskzdmr3i32eijwymxohtxsls45dulmriwxszjad.onion]