- Handle IPv6 in too-close checks

2013-05-18 19:24:16 +00:00
parent ec3756a69f
commit 5cda1ec703
6 changed files with 33 additions and 9 deletions
--- a/router/java/src/net/i2p/router/transport/udp/EstablishmentManager.java
+++ b/router/java/src/net/i2p/router/transport/udp/EstablishmentManager.java
@@ -960,7 +960,7 @@ class EstablishmentManager {
               port <= 65535 &&
               ip != null && ip.length == 4 &&
               _transport.isValid(ip) &&
-               (!DataHelper.eq(ip, 0, _transport.getExternalIP(), 0, 2)) &&
+               (!_transport.isTooClose(ip)) &&
               (!_context.blocklist().isBlocklisted(ip));
    }

--- a/router/java/src/net/i2p/router/transport/udp/IntroductionManager.java
+++ b/router/java/src/net/i2p/router/transport/udp/IntroductionManager.java
@@ -433,7 +433,7 @@ class IntroductionManager {
               port <= 65535 &&
               ip != null && ip.length == 4 &&
               _transport.isValid(ip) &&
-               (!DataHelper.eq(ip, 0, _transport.getExternalIP(), 0, 2)) &&
+               (!_transport.isTooClose(ip)) &&
               (!_context.blocklist().isBlocklisted(ip));
    }
 }
--- a/router/java/src/net/i2p/router/transport/udp/PacketBuilder.java
+++ b/router/java/src/net/i2p/router/transport/udp/PacketBuilder.java
@@ -1084,7 +1084,7 @@ class PacketBuilder {
                // must be IPv4 for now as we don't send Alice IP/port, see below
                iaddr.getAddress().length != 4 ||
                (!_transport.isValid(iaddr.getAddress())) ||
-                Arrays.equals(iaddr.getAddress(), _transport.getExternalIP())) {
+                (Arrays.equals(iaddr.getAddress(), _transport.getExternalIP()) && !_transport.allowLocal())) {
                if (_log.shouldLog(_log.WARN))
                    _log.warn("Cannot build a relay request to " + state.getRemoteIdentity().calculateHash()
                               + ", as their UDP address is invalid: addr=" + addr + " index=" + i);
--- a/router/java/src/net/i2p/router/transport/udp/PeerTestManager.java
+++ b/router/java/src/net/i2p/router/transport/udp/PeerTestManager.java
@@ -182,7 +182,7 @@ class PeerTestManager {
                _log.warn("We are already running a test: " + _currentTest + ", aborting test with bob = " + bobIP);
            return;
        }
-        if (DataHelper.eq(bobIP.getAddress(), 0, _transport.getExternalIP(), 0, 2)) {
+        if (_transport.isTooClose(bobIP.getAddress())) {
            if (_log.shouldLog(Log.WARN))
                _log.warn("Not running test with Bob too close to us " + bobIP);
            return;
@@ -496,7 +496,7 @@ class PeerTestManager {
        int fromPort = from.getPort();
        if (fromPort < 1024 || fromPort > 65535 ||
            (!_transport.isValid(fromIP)) ||
-            DataHelper.eq(fromIP, 0, _transport.getExternalIP(), 0, 2) ||
+            _transport.isTooClose(fromIP) ||
            _context.blocklist().isBlocklisted(fromIP)) {
            // spoof check, and don't respond to privileged ports
            if (_log.shouldLog(Log.WARN))
@@ -556,7 +556,7 @@ class PeerTestManager {
        Long lNonce = Long.valueOf(nonce);
        PeerTestState state = _activeTests.get(lNonce);

-        if (testIP != null && DataHelper.eq(testIP, 0, _transport.getExternalIP(), 0, 2)) {
+        if (testIP != null && _transport.isTooClose(testIP)) {
            // spoof check - have to do this after receiveTestReply(), since
            // the field should be us there.
            // Let's also eliminate anybody in the same /16
--- a/router/java/src/net/i2p/router/transport/udp/UDPPacket.java
+++ b/router/java/src/net/i2p/router/transport/udp/UDPPacket.java
@@ -10,6 +10,7 @@ import net.i2p.I2PAppContext;
 import net.i2p.data.DataHelper;
 import net.i2p.data.SessionKey;
 import net.i2p.router.util.CDQEntry;
+import net.i2p.util.Addresses;
 import net.i2p.util.Log;

 /**
@@ -292,8 +293,7 @@ class UDPPacket implements CDQEntry {
        StringBuilder buf = new StringBuilder(256);
        buf.append(_packet.getLength());
        buf.append(" byte pkt with ");
-        buf.append(_packet.getAddress().getHostAddress()).append(":");
-        buf.append(_packet.getPort());
+        buf.append(Addresses.toString(_packet.getAddress().getAddress(), _packet.getPort()));
        //buf.append(" id=").append(System.identityHashCode(this));
        if (_messageType >= 0)
            buf.append(" msgType=").append(_messageType);
--- a/router/java/src/net/i2p/router/transport/udp/UDPTransport.java
+++ b/router/java/src/net/i2p/router/transport/udp/UDPTransport.java
@@ -508,6 +508,30 @@ public class UDPTransport extends TransportImpl implements TimedWeightedPriority
        return null;
    }

+    /**
+     *  Is this IP too close to ours to trust it for
+     *  things like relaying?
+     *  @param ip IPv4 or IPv6
+     *  @since IPv6
+     */
+    boolean isTooClose(byte[] ip) {
+        if (allowLocal())
+            return false;
+        for (RouterAddress addr : getCurrentAddresses()) {
+            byte[] myip = addr.getIP();
+            if (myip == null || ip.length != myip.length)
+                continue;
+            if (ip.length == 4) {
+                if (DataHelper.eq(ip, 0, myip, 0, 2))
+                    return true;
+            } else if (ip.length == 16) {
+                if (DataHelper.eq(ip, 0, myip, 0, 8))
+                    return true;
+            }
+        }
+        return false;
+    }
+
    /**
     *  The current port of the first matching endpoint.
     *  To be enhanced to handle multiple endpoints of the same type.
@@ -2980,7 +3004,7 @@ public class UDPTransport extends TransportImpl implements TimedWeightedPriority
            }
            if (ip == null)
                continue;
-            if (DataHelper.eq(ip, 0, getExternalIP(), 0, 2))
+            if (isTooClose(ip))
                continue;
            return peer;
        }