From e4996a2db6ee2286d635a35a522e7a1c2d70eb21 Mon Sep 17 00:00:00 2001
From: zzz <zzz@i2pmail.org>
Date: Fri, 10 Jun 2022 16:50:46 -0400
Subject: [PATCH] SSU: No need to validate Bob IP/port on relay intro as
Charlie
as it is received in-session only
Log tweaks all over
---
.../net/i2p/router/transport/udp/EstablishmentManager.java | 7 ++++---
.../i2p/router/transport/udp/InboundEstablishState2.java | 4 +++-
.../net/i2p/router/transport/udp/IntroductionManager.java | 5 +++--
.../i2p/router/transport/udp/OutboundEstablishState2.java | 2 +-
.../java/src/net/i2p/router/transport/udp/PeerState2.java | 4 ++--
5 files changed, 13 insertions(+), 9 deletions(-)
diff --git a/router/java/src/net/i2p/router/transport/udp/EstablishmentManager.java b/router/java/src/net/i2p/router/transport/udp/EstablishmentManager.java
index 24f6a95e9f..f6835a310a 100644
--- a/router/java/src/net/i2p/router/transport/udp/EstablishmentManager.java
+++ b/router/java/src/net/i2p/router/transport/udp/EstablishmentManager.java
@@ -1664,8 +1664,8 @@ class EstablishmentManager {
}
} else {
// HolePunch received before RelayResponse, and we didn't know the IP/port, or it changed
- if (_log.shouldLog(Log.INFO))
- _log.info("No state found for hole punch from " + from + " port " + fromPort);
+ if (_log.shouldDebug())
+ _log.debug("No state found for hole punch from " + from + " port " + fromPort);
}
}
@@ -1725,7 +1725,7 @@ class EstablishmentManager {
} else {
// HolePunch received before RelayResponse, and we didn't know the IP/port, or it changed
if (_log.shouldLog(Log.INFO))
- _log.info("No state found for hole punch from " + id);
+ _log.info("No state found for SSU2 hole punch from " + id);
}
}
@@ -1953,6 +1953,7 @@ class EstablishmentManager {
handleCompletelyEstablished(inboundState);
}
} else {
+ // really shouldn't be this state
if (_log.shouldLog(Log.WARN))
_log.warn("confirmed with invalid? " + inboundState);
inboundState.fail();
diff --git a/router/java/src/net/i2p/router/transport/udp/InboundEstablishState2.java b/router/java/src/net/i2p/router/transport/udp/InboundEstablishState2.java
index e8fd42a848..cba4baaec0 100644
--- a/router/java/src/net/i2p/router/transport/udp/InboundEstablishState2.java
+++ b/router/java/src/net/i2p/router/transport/udp/InboundEstablishState2.java
@@ -170,6 +170,8 @@ class InboundEstablishState2 extends InboundEstablishState implements SSU2Payloa
throw new GeneralSecurityException("Skew exceeded in Session/Token Request: " + _skew);
}
packetReceived();
+ if (_log.shouldDebug())
+ _log.debug("New " + this);
}
@Override
@@ -179,7 +181,7 @@ class InboundEstablishState2 extends InboundEstablishState implements SSU2Payloa
try {
int blocks = SSU2Payload.processPayload(_context, this, payload, offset, length, isHandshake);
if (_log.shouldDebug())
- _log.debug("Processed " + blocks + " blocks");
+ _log.debug("Processed " + blocks + " blocks on " + this);
} catch (Exception e) {
_log.error("IES2 payload error\n" + net.i2p.util.HexDump.dump(payload, 0, length), e);
throw new GeneralSecurityException("IES2 payload error", e);
diff --git a/router/java/src/net/i2p/router/transport/udp/IntroductionManager.java b/router/java/src/net/i2p/router/transport/udp/IntroductionManager.java
index 2b2bd678c6..14037d435d 100644
--- a/router/java/src/net/i2p/router/transport/udp/IntroductionManager.java
+++ b/router/java/src/net/i2p/router/transport/udp/IntroductionManager.java
@@ -574,9 +574,10 @@ class IntroductionManager {
int port = reader.getRelayIntroReader().readPort();
// allow IPv6 as of 0.9.50
- if ((!isValid(ip, port, true)) || (!isValid(bob.getIP(), bob.getPort(), true))) {
+ // validate alice IP/port here. We don't need to validate Bob, we have a session with him.
+ if (!isValid(ip, port, true)) {
if (_log.shouldLog(Log.WARN))
- _log.warn("Bad relay intro from " + bob + " for " + Addresses.toString(ip, port));
+ _log.warn("Invalid relay intro for alice " + Addresses.toString(ip, port) + " via bob " + bob);
_context.statManager().addRateData("udp.relayBadIP", 1);
return;
}
diff --git a/router/java/src/net/i2p/router/transport/udp/OutboundEstablishState2.java b/router/java/src/net/i2p/router/transport/udp/OutboundEstablishState2.java
index b35eeda95f..95cd8688c1 100644
--- a/router/java/src/net/i2p/router/transport/udp/OutboundEstablishState2.java
+++ b/router/java/src/net/i2p/router/transport/udp/OutboundEstablishState2.java
@@ -179,7 +179,7 @@ class OutboundEstablishState2 extends OutboundEstablishState implements SSU2Payl
try {
int blocks = SSU2Payload.processPayload(_context, this, payload, offset, length, isHandshake);
if (_log.shouldDebug())
- _log.debug("Processed " + blocks + " blocks");
+ _log.debug("Processed " + blocks + " blocks on " + this);
} catch (Exception e) {
throw new GeneralSecurityException("Session Created payload error", e);
}
diff --git a/router/java/src/net/i2p/router/transport/udp/PeerState2.java b/router/java/src/net/i2p/router/transport/udp/PeerState2.java
index a37c945e8c..2b5d591ca8 100644
--- a/router/java/src/net/i2p/router/transport/udp/PeerState2.java
+++ b/router/java/src/net/i2p/router/transport/udp/PeerState2.java
@@ -583,8 +583,8 @@ public class PeerState2 extends PeerState implements SSU2Payload.PayloadCallback
}
public void gotTermination(int reason, long count) {
- if (_log.shouldWarn())
- _log.warn("Got TERMINATION block, reason: " + reason + " count: " + count);
+ if (_log.shouldDebug())
+ _log.debug("Got TERMINATION block, reason: " + reason + " count: " + count + " on " + this);
_transport.getEstablisher().receiveSessionDestroy(_remoteHostId, this);
}
--
GitLab