marek/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions 2 Packages Projects Releases Wiki Activity

SSU: No need to validate Bob IP/port on relay intro as Charlie

Browse Source 
as it is received in-session only
Log tweaks all over
This commit is contained in:
zzz
2022-06-10 16:50:46 -04:00
parent ffc4520382
commit e4996a2db6
5 changed files with 13 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
router/java/src/net/i2p/router/transport/udp/EstablishmentManager.java
View File

@ -1664,8 +1664,8 @@ class EstablishmentManager {
}
} else {
// HolePunch received before RelayResponse, and we didn't know the IP/port, or it changed
if (_log.shouldLog(Log.INFO))
_log.info("No state found for hole punch from " + from + " port " + fromPort);
if (_log.shouldDebug())
_log.debug("No state found for hole punch from " + from + " port " + fromPort);
}
}
@ -1725,7 +1725,7 @@ class EstablishmentManager {
} else {
// HolePunch received before RelayResponse, and we didn't know the IP/port, or it changed
if (_log.shouldLog(Log.INFO))
_log.info("No state found for hole punch from " + id);
_log.info("No state found for SSU2 hole punch from " + id);
}
}
@ -1953,6 +1953,7 @@ class EstablishmentManager {
handleCompletelyEstablished(inboundState);
}
} else {
// really shouldn't be this state
if (_log.shouldLog(Log.WARN))
_log.warn("confirmed with invalid? " + inboundState);
inboundState.fail();

4
router/java/src/net/i2p/router/transport/udp/InboundEstablishState2.java
View File

@ -170,6 +170,8 @@ class InboundEstablishState2 extends InboundEstablishState implements SSU2Payloa
throw new GeneralSecurityException("Skew exceeded in Session/Token Request: " + _skew);
}
packetReceived();
if (_log.shouldDebug())
_log.debug("New " + this);
}
@Override
@ -179,7 +181,7 @@ class InboundEstablishState2 extends InboundEstablishState implements SSU2Payloa
try {
int blocks = SSU2Payload.processPayload(_context, this, payload, offset, length, isHandshake);
if (_log.shouldDebug())
_log.debug("Processed " + blocks + " blocks");
_log.debug("Processed " + blocks + " blocks on " + this);
} catch (Exception e) {
_log.error("IES2 payload error\n" + net.i2p.util.HexDump.dump(payload, 0, length), e);
throw new GeneralSecurityException("IES2 payload error", e);

5
router/java/src/net/i2p/router/transport/udp/IntroductionManager.java
View File

@ -574,9 +574,10 @@ class IntroductionManager {
int port = reader.getRelayIntroReader().readPort();
// allow IPv6 as of 0.9.50
if ((!isValid(ip, port, true)) || (!isValid(bob.getIP(), bob.getPort(), true))) {
// validate alice IP/port here. We don't need to validate Bob, we have a session with him.
if (!isValid(ip, port, true)) {
if (_log.shouldLog(Log.WARN))
_log.warn("Bad relay intro from " + bob + " for " + Addresses.toString(ip, port));
_log.warn("Invalid relay intro for alice " + Addresses.toString(ip, port) + " via bob " + bob);
_context.statManager().addRateData("udp.relayBadIP", 1);
return;
}

2
router/java/src/net/i2p/router/transport/udp/OutboundEstablishState2.java
View File

@ -179,7 +179,7 @@ class OutboundEstablishState2 extends OutboundEstablishState implements SSU2Payl
try {
int blocks = SSU2Payload.processPayload(_context, this, payload, offset, length, isHandshake);
if (_log.shouldDebug())
_log.debug("Processed " + blocks + " blocks");
_log.debug("Processed " + blocks + " blocks on " + this);
} catch (Exception e) {
throw new GeneralSecurityException("Session Created payload error", e);
}

4
router/java/src/net/i2p/router/transport/udp/PeerState2.java
View File

@ -583,8 +583,8 @@ public class PeerState2 extends PeerState implements SSU2Payload.PayloadCallback
}
public void gotTermination(int reason, long count) {
if (_log.shouldWarn())
_log.warn("Got TERMINATION block, reason: " + reason + " count: " + count);
if (_log.shouldDebug())
_log.debug("Got TERMINATION block, reason: " + reason + " count: " + count + " on " + this);
_transport.getEstablisher().receiveSessionDestroy(_remoteHostId, this);
}