diff --git a/router/java/src/net/i2p/router/transport/udp/EstablishmentManager.java b/router/java/src/net/i2p/router/transport/udp/EstablishmentManager.java index 4afd49b7b..c0c17e1df 100644 --- a/router/java/src/net/i2p/router/transport/udp/EstablishmentManager.java +++ b/router/java/src/net/i2p/router/transport/udp/EstablishmentManager.java @@ -960,7 +960,7 @@ class EstablishmentManager { port <= 65535 && ip != null && ip.length == 4 && _transport.isValid(ip) && - (!DataHelper.eq(ip, 0, _transport.getExternalIP(), 0, 2)) && + (!_transport.isTooClose(ip)) && (!_context.blocklist().isBlocklisted(ip)); } diff --git a/router/java/src/net/i2p/router/transport/udp/IntroductionManager.java b/router/java/src/net/i2p/router/transport/udp/IntroductionManager.java index 790a0d349..6eb9ab017 100644 --- a/router/java/src/net/i2p/router/transport/udp/IntroductionManager.java +++ b/router/java/src/net/i2p/router/transport/udp/IntroductionManager.java @@ -433,7 +433,7 @@ class IntroductionManager { port <= 65535 && ip != null && ip.length == 4 && _transport.isValid(ip) && - (!DataHelper.eq(ip, 0, _transport.getExternalIP(), 0, 2)) && + (!_transport.isTooClose(ip)) && (!_context.blocklist().isBlocklisted(ip)); } } diff --git a/router/java/src/net/i2p/router/transport/udp/PacketBuilder.java b/router/java/src/net/i2p/router/transport/udp/PacketBuilder.java index 523141d2c..ed62440a4 100644 --- a/router/java/src/net/i2p/router/transport/udp/PacketBuilder.java +++ b/router/java/src/net/i2p/router/transport/udp/PacketBuilder.java @@ -1084,7 +1084,7 @@ class PacketBuilder { // must be IPv4 for now as we don't send Alice IP/port, see below iaddr.getAddress().length != 4 || (!_transport.isValid(iaddr.getAddress())) || - Arrays.equals(iaddr.getAddress(), _transport.getExternalIP())) { + (Arrays.equals(iaddr.getAddress(), _transport.getExternalIP()) && !_transport.allowLocal())) { if (_log.shouldLog(_log.WARN)) _log.warn("Cannot build a relay request to " + state.getRemoteIdentity().calculateHash() + ", as their UDP address is invalid: addr=" + addr + " index=" + i); diff --git a/router/java/src/net/i2p/router/transport/udp/PeerTestManager.java b/router/java/src/net/i2p/router/transport/udp/PeerTestManager.java index 5cc72dfcf..ffc512654 100644 --- a/router/java/src/net/i2p/router/transport/udp/PeerTestManager.java +++ b/router/java/src/net/i2p/router/transport/udp/PeerTestManager.java @@ -182,7 +182,7 @@ class PeerTestManager { _log.warn("We are already running a test: " + _currentTest + ", aborting test with bob = " + bobIP); return; } - if (DataHelper.eq(bobIP.getAddress(), 0, _transport.getExternalIP(), 0, 2)) { + if (_transport.isTooClose(bobIP.getAddress())) { if (_log.shouldLog(Log.WARN)) _log.warn("Not running test with Bob too close to us " + bobIP); return; @@ -496,7 +496,7 @@ class PeerTestManager { int fromPort = from.getPort(); if (fromPort < 1024 || fromPort > 65535 || (!_transport.isValid(fromIP)) || - DataHelper.eq(fromIP, 0, _transport.getExternalIP(), 0, 2) || + _transport.isTooClose(fromIP) || _context.blocklist().isBlocklisted(fromIP)) { // spoof check, and don't respond to privileged ports if (_log.shouldLog(Log.WARN)) @@ -556,7 +556,7 @@ class PeerTestManager { Long lNonce = Long.valueOf(nonce); PeerTestState state = _activeTests.get(lNonce); - if (testIP != null && DataHelper.eq(testIP, 0, _transport.getExternalIP(), 0, 2)) { + if (testIP != null && _transport.isTooClose(testIP)) { // spoof check - have to do this after receiveTestReply(), since // the field should be us there. // Let's also eliminate anybody in the same /16 diff --git a/router/java/src/net/i2p/router/transport/udp/UDPPacket.java b/router/java/src/net/i2p/router/transport/udp/UDPPacket.java index 958a6d4c9..275152f35 100644 --- a/router/java/src/net/i2p/router/transport/udp/UDPPacket.java +++ b/router/java/src/net/i2p/router/transport/udp/UDPPacket.java @@ -10,6 +10,7 @@ import net.i2p.I2PAppContext; import net.i2p.data.DataHelper; import net.i2p.data.SessionKey; import net.i2p.router.util.CDQEntry; +import net.i2p.util.Addresses; import net.i2p.util.Log; /** @@ -292,8 +293,7 @@ class UDPPacket implements CDQEntry { StringBuilder buf = new StringBuilder(256); buf.append(_packet.getLength()); buf.append(" byte pkt with "); - buf.append(_packet.getAddress().getHostAddress()).append(":"); - buf.append(_packet.getPort()); + buf.append(Addresses.toString(_packet.getAddress().getAddress(), _packet.getPort())); //buf.append(" id=").append(System.identityHashCode(this)); if (_messageType >= 0) buf.append(" msgType=").append(_messageType); diff --git a/router/java/src/net/i2p/router/transport/udp/UDPTransport.java b/router/java/src/net/i2p/router/transport/udp/UDPTransport.java index fe7d7bfc7..726c61946 100644 --- a/router/java/src/net/i2p/router/transport/udp/UDPTransport.java +++ b/router/java/src/net/i2p/router/transport/udp/UDPTransport.java @@ -508,6 +508,30 @@ public class UDPTransport extends TransportImpl implements TimedWeightedPriority return null; } + /** + * Is this IP too close to ours to trust it for + * things like relaying? + * @param ip IPv4 or IPv6 + * @since IPv6 + */ + boolean isTooClose(byte[] ip) { + if (allowLocal()) + return false; + for (RouterAddress addr : getCurrentAddresses()) { + byte[] myip = addr.getIP(); + if (myip == null || ip.length != myip.length) + continue; + if (ip.length == 4) { + if (DataHelper.eq(ip, 0, myip, 0, 2)) + return true; + } else if (ip.length == 16) { + if (DataHelper.eq(ip, 0, myip, 0, 8)) + return true; + } + } + return false; + } + /** * The current port of the first matching endpoint. * To be enhanced to handle multiple endpoints of the same type. @@ -2980,7 +3004,7 @@ public class UDPTransport extends TransportImpl implements TimedWeightedPriority } if (ip == null) continue; - if (DataHelper.eq(ip, 0, getExternalIP(), 0, 2)) + if (isTooClose(ip)) continue; return peer; }