From 49b8a65ad9ec7fc2b1b9f26d3a543dde5a5cba91 Mon Sep 17 00:00:00 2001 From: str4d Date: Fri, 21 Nov 2014 22:52:19 +0000 Subject: [PATCH 01/13] Integer.compare() is 1.7 syntax --- .../java/src/net/i2p/router/news/NewsMetadata.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/apps/routerconsole/java/src/net/i2p/router/news/NewsMetadata.java b/apps/routerconsole/java/src/net/i2p/router/news/NewsMetadata.java index 96ba51e25..15adf5955 100644 --- a/apps/routerconsole/java/src/net/i2p/router/news/NewsMetadata.java +++ b/apps/routerconsole/java/src/net/i2p/router/news/NewsMetadata.java @@ -41,7 +41,7 @@ public class NewsMetadata { @Override public int compareTo(Update other) { - return Integer.compare(getTypeOrder(), other.getTypeOrder()); + return getTypeOrder() - other.getTypeOrder(); } protected int getTypeOrder() { From a52c06a6c6b9e95b0d6cdb9ddb4439528b95a112 Mon Sep 17 00:00:00 2001 From: zzz Date: Sat, 22 Nov 2014 13:17:39 +0000 Subject: [PATCH 02/13] point to Jetty 8 Javadocs --- build.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/build.properties b/build.properties index 7479e174e..195a13c6b 100644 --- a/build.properties +++ b/build.properties @@ -11,7 +11,7 @@ # Note: Include the trailing slash! Don't surround the URL in quotes! javasedocs.url=http://docs.oracle.com/javase/6/docs/api/ javaeedocs.url=http://docs.oracle.com/javaee/6/api/ -jettydocs.url=http://download.eclipse.org/jetty/stable-7/apidocs/ +jettydocs.url=http://download.eclipse.org/jetty/stable-8/apidocs/ jrobindocs.url=http://docs.i2p-projekt.de/jrobin/javadoc/ wrapperdocs.url=http://wrapper.tanukisoftware.com/jdoc/ # these are only for unit test javadocs From 2a681608b541ededcf0fd80bfd83e194f02717aa Mon Sep 17 00:00:00 2001 From: zzz Date: Sat, 22 Nov 2014 14:05:06 +0000 Subject: [PATCH 03/13] PeerSelector: If non-DSA, don't use incompatible peers for exploratory tunnels or closest-hop in client tunnels --- history.txt | 12 +++++++ .../src/net/i2p/router/RouterVersion.java | 4 +-- .../tunnel/pool/ClientPeerSelector.java | 27 ++++++++++++-- .../tunnel/pool/ExploratoryPeerSelector.java | 7 ++++ .../tunnel/pool/TunnelPeerSelector.java | 35 +++++++++++++++++++ 5 files changed, 80 insertions(+), 5 deletions(-) diff --git a/history.txt b/history.txt index 414e5f39c..8909dcb78 100644 --- a/history.txt +++ b/history.txt @@ -1,3 +1,15 @@ +2014-11-22 zzz + * PeerSelector: If non-DSA, don't use incompatible peers + for exploratory tunnels or closest-hop in client tunnels + +2014-11-17 zzz + * NetDB: Exclude A1/A2 "countries" from auto-floodfill + +2014-11-15 zzz + * I2NP: + - Set lookup type flags even if no reply tunnel specified + - Reduce object churn when writing some messages + 2014-11-13 zzz * I2PTunnel: - Fix bug that left server acceptor thread running after close diff --git a/router/java/src/net/i2p/router/RouterVersion.java b/router/java/src/net/i2p/router/RouterVersion.java index fecba78d6..74605163f 100644 --- a/router/java/src/net/i2p/router/RouterVersion.java +++ b/router/java/src/net/i2p/router/RouterVersion.java @@ -18,10 +18,10 @@ public class RouterVersion { /** deprecated */ public final static String ID = "Monotone"; public final static String VERSION = CoreVersion.VERSION; - public final static long BUILD = 7; + public final static long BUILD = 8; /** for example "-test" */ - public final static String EXTRA = ""; + public final static String EXTRA = "-rc"; public final static String FULL_VERSION = VERSION + "-" + BUILD + EXTRA; public static void main(String args[]) { System.out.println("I2P Router version: " + FULL_VERSION); diff --git a/router/java/src/net/i2p/router/tunnel/pool/ClientPeerSelector.java b/router/java/src/net/i2p/router/tunnel/pool/ClientPeerSelector.java index 2e13c4c57..126004c85 100644 --- a/router/java/src/net/i2p/router/tunnel/pool/ClientPeerSelector.java +++ b/router/java/src/net/i2p/router/tunnel/pool/ClientPeerSelector.java @@ -36,6 +36,10 @@ class ClientPeerSelector extends TunnelPeerSelector { Set exclude = getExclude(settings.isInbound(), false); Set matches = new HashSet(length); if (length == 1) { + // closest-hop restrictions + Set moreExclude = getClosestHopExclude(settings.isInbound()); + if (moreExclude != null) + exclude.addAll(moreExclude); ctx.profileOrganizer().selectFastPeers(length, exclude, matches, 0); matches.remove(ctx.routerHash()); rv = new ArrayList(matches); @@ -46,10 +50,22 @@ class ClientPeerSelector extends TunnelPeerSelector { rv = new ArrayList(length + 1); // OBEP or IB last hop // group 0 or 1 if two hops, otherwise group 0 + Set firstHopExclude; if (!settings.isInbound()) { - // exclude existing OBEPs to get some diversity + // exclude existing OBEPs to get some diversity ? + + // closest-hop restrictions + Set moreExclude = getClosestHopExclude(false); + if (moreExclude != null) { + moreExclude.addAll(exclude); + firstHopExclude = moreExclude; + } else { + firstHopExclude = exclude; + } + } else { + firstHopExclude = exclude; } - ctx.profileOrganizer().selectFastPeers(1, exclude, matches, settings.getRandomKey(), length == 2 ? 2 : 4); + ctx.profileOrganizer().selectFastPeers(1, firstHopExclude, matches, settings.getRandomKey(), length == 2 ? 2 : 4); matches.remove(ctx.routerHash()); exclude.addAll(matches); rv.addAll(matches); @@ -73,7 +89,12 @@ class ClientPeerSelector extends TunnelPeerSelector { // IBGW or OB first hop // group 2 or 3 if two hops, otherwise group 1 if (settings.isInbound()) { - // exclude existing IBGWs to get some diversity + // exclude existing IBGWs to get some diversity ? + + // closest-hop restrictions + Set moreExclude = getClosestHopExclude(true); + if (moreExclude != null) + exclude.addAll(moreExclude); } ctx.profileOrganizer().selectFastPeers(1, exclude, matches, settings.getRandomKey(), length == 2 ? 3 : 5); matches.remove(ctx.routerHash()); diff --git a/router/java/src/net/i2p/router/tunnel/pool/ExploratoryPeerSelector.java b/router/java/src/net/i2p/router/tunnel/pool/ExploratoryPeerSelector.java index e0581c884..68ad4e046 100644 --- a/router/java/src/net/i2p/router/tunnel/pool/ExploratoryPeerSelector.java +++ b/router/java/src/net/i2p/router/tunnel/pool/ExploratoryPeerSelector.java @@ -42,6 +42,13 @@ class ExploratoryPeerSelector extends TunnelPeerSelector { Set exclude = getExclude(settings.isInbound(), true); exclude.add(ctx.routerHash()); + // closest-hop restrictions + // Since we're applying orderPeers() later, we don't know + // which will be the closest hop, so just appply to all peers for now. + Set moreExclude = getClosestHopExclude(settings.isInbound()); + if (moreExclude != null) + exclude.addAll(moreExclude); + // Don't use ff peers for exploratory tunnels to lessen exposure to netDb searches and stores // Hmm if they don't get explored they don't get a speed/capacity rating // so they don't get used for client tunnels either. diff --git a/router/java/src/net/i2p/router/tunnel/pool/TunnelPeerSelector.java b/router/java/src/net/i2p/router/tunnel/pool/TunnelPeerSelector.java index 8bb657831..fa3f5e75d 100644 --- a/router/java/src/net/i2p/router/tunnel/pool/TunnelPeerSelector.java +++ b/router/java/src/net/i2p/router/tunnel/pool/TunnelPeerSelector.java @@ -14,6 +14,7 @@ import java.util.StringTokenizer; import net.i2p.I2PAppContext; import net.i2p.crypto.SHA256Generator; +import net.i2p.crypto.SigType; import net.i2p.data.DataFormatException; import net.i2p.data.Hash; import net.i2p.data.router.RouterInfo; @@ -327,6 +328,40 @@ public abstract class TunnelPeerSelector { return peers; } + /** + * Pick peers that we want to avoid for the first OB hop or last IB hop. + * This is only filled in if our router sig type is not DSA. + * + * @param isInbound unused + * @return null if none + * @since 0.9.17 + */ + protected Set getClosestHopExclude(boolean isInbound) { + RouterInfo ri = ctx.router().getRouterInfo(); + if (ri == null) + return null; + SigType type = ri.getIdentity().getSigType(); + if (type == SigType.DSA_SHA1) + return null; + Set rv = new HashSet(1024); + FloodfillNetworkDatabaseFacade fac = (FloodfillNetworkDatabaseFacade)ctx.netDb(); + List known = fac.getKnownRouterData(); + if (known != null) { + for (int i = 0; i < known.size(); i++) { + RouterInfo peer = known.get(i); + String v = peer.getOption("router.version"); + if (v == null) + continue; + // RI sigtypes added in 0.9.16 + // SSU inbound connection bug fixed in 0.9.17, but it won't bid, so NTCP only, + // no need to check + if (VersionComparator.comp(v, "0.9.16") < 0) + rv.add(peer.getIdentity().calculateHash()); + } + } + return rv; + } + /** warning, this is also called by ProfileOrganizer.isSelectable() */ public static boolean shouldExclude(RouterContext ctx, RouterInfo peer) { Log log = ctx.logManager().getLog(TunnelPeerSelector.class); From 3ef89f49e7e94c8f535182895b229a7cdeec349b Mon Sep 17 00:00:00 2001 From: zzz Date: Sat, 22 Nov 2014 17:19:40 +0000 Subject: [PATCH 04/13] SAM: Fix v3 bug accepting incoming connections It was starting both the v3 and v1 acceptors. --- .../java/src/net/i2p/sam/SAMStreamSession.java | 15 ++++++++++++--- .../java/src/net/i2p/sam/SAMv3StreamSession.java | 2 +- history.txt | 1 + router/java/src/net/i2p/router/RouterVersion.java | 2 +- 4 files changed, 15 insertions(+), 5 deletions(-) diff --git a/apps/sam/java/src/net/i2p/sam/SAMStreamSession.java b/apps/sam/java/src/net/i2p/sam/SAMStreamSession.java index 75aedae57..750407271 100644 --- a/apps/sam/java/src/net/i2p/sam/SAMStreamSession.java +++ b/apps/sam/java/src/net/i2p/sam/SAMStreamSession.java @@ -82,7 +82,7 @@ class SAMStreamSession { * Create a new SAM STREAM session. * * @param dest Base64-encoded destination and private keys (same format as PrivateKeyFile) - * @param dir Session direction ("RECEIVE", "CREATE" or "BOTH") + * @param dir Session direction ("RECEIVE", "CREATE" or "BOTH") or "__v3__" if extended by SAMv3StreamSession * @param props Properties to setup the I2P session * @param recv Object that will receive incoming data * @throws IOException @@ -98,7 +98,7 @@ class SAMStreamSession { * Create a new SAM STREAM session. * * @param destStream Input stream containing the destination and private keys (same format as PrivateKeyFile) - * @param dir Session direction ("RECEIVE", "CREATE" or "BOTH") + * @param dir Session direction ("RECEIVE", "CREATE" or "BOTH") or "__v3__" if extended by SAMv3StreamSession * @param props Properties to setup the I2P session * @param recv Object that will receive incoming data * @throws IOException @@ -111,15 +111,24 @@ class SAMStreamSession { _log = I2PAppContext.getGlobalContext().logManager().getLog(getClass()); boolean canReceive; + boolean startAcceptor; if (dir.equals("BOTH")) { canCreate = true; canReceive = true; + startAcceptor = true; + } else if (dir.equals("__v3__")) { + // we are super to SAMv3StreamSession, don't start thread, he handles it + canCreate = true; + canReceive = true; + startAcceptor = false; } else if (dir.equals("CREATE")) { canCreate = true; canReceive = false; + startAcceptor = false; } else if (dir.equals("RECEIVE")) { canCreate = false; canReceive = true; + startAcceptor = true; } else { _log.error("BUG! Wrong direction passed to SAMStreamSession: " + dir); @@ -162,7 +171,7 @@ class SAMStreamSession { forceFlush = Boolean.parseBoolean(allprops.getProperty(PROP_FORCE_FLUSH, DEFAULT_FORCE_FLUSH)); - if (canReceive) { + if (startAcceptor) { server = new SAMStreamSessionServer(); Thread t = new I2PAppThread(server, "SAMStreamSessionServer"); diff --git a/apps/sam/java/src/net/i2p/sam/SAMv3StreamSession.java b/apps/sam/java/src/net/i2p/sam/SAMv3StreamSession.java index ef732200f..99854637e 100644 --- a/apps/sam/java/src/net/i2p/sam/SAMv3StreamSession.java +++ b/apps/sam/java/src/net/i2p/sam/SAMv3StreamSession.java @@ -61,7 +61,7 @@ class SAMv3StreamSession extends SAMStreamSession implements SAMv3Handler.Sessi public SAMv3StreamSession(String login) throws IOException, DataFormatException, SAMException { - super(getDB().get(login).getDest(), "BOTH", + super(getDB().get(login).getDest(), "__v3__", getDB().get(login).getProps(), getDB().get(login).getHandler()); this.nick = login ; diff --git a/history.txt b/history.txt index 8909dcb78..7a6560702 100644 --- a/history.txt +++ b/history.txt @@ -1,6 +1,7 @@ 2014-11-22 zzz * PeerSelector: If non-DSA, don't use incompatible peers for exploratory tunnels or closest-hop in client tunnels + * SAM: Fix v3 bug accepting incoming connections 2014-11-17 zzz * NetDB: Exclude A1/A2 "countries" from auto-floodfill diff --git a/router/java/src/net/i2p/router/RouterVersion.java b/router/java/src/net/i2p/router/RouterVersion.java index 74605163f..47667df53 100644 --- a/router/java/src/net/i2p/router/RouterVersion.java +++ b/router/java/src/net/i2p/router/RouterVersion.java @@ -18,7 +18,7 @@ public class RouterVersion { /** deprecated */ public final static String ID = "Monotone"; public final static String VERSION = CoreVersion.VERSION; - public final static long BUILD = 8; + public final static long BUILD = 9; /** for example "-test" */ public final static String EXTRA = "-rc"; From 04cd1cedda4126e0e97953fde7b5337ca5119078 Mon Sep 17 00:00:00 2001 From: zzz Date: Sun, 23 Nov 2014 14:18:29 +0000 Subject: [PATCH 05/13] Reseed update from backup@mail.i2p: please commit some updates for my reseed servers: Add new ssl-certs: ieb9oopo.mooo.com2.crt --> certificates/ssl/ link.mx24.eu.crt --> certificates/ssl/ The first one is a new ssl-cert as exchange for the current one. On http-server side the exchange will take place sometimes next year, until then the current existing ieb9oopo.mooo.com.crt is still valid. The second is a new reseed server from me. Reseeder.java: Please add to DEFAULT_SSL_SEED_URL: https://link.mx24.eu/ with this comment: // Only HTTPS and SU3 (v3) support Also the list can be cleaned up from these other dead servers: --- .../certificates/ssl/ieb9oopo.mooo.com2.crt | 25 +++++++++++++++++++ .../certificates/ssl/link.mx24.eu.crt | 24 ++++++++++++++++++ .../i2p/router/networkdb/reseed/Reseeder.java | 9 +------ 3 files changed, 50 insertions(+), 8 deletions(-) create mode 100644 installer/resources/certificates/ssl/ieb9oopo.mooo.com2.crt create mode 100644 installer/resources/certificates/ssl/link.mx24.eu.crt diff --git a/installer/resources/certificates/ssl/ieb9oopo.mooo.com2.crt b/installer/resources/certificates/ssl/ieb9oopo.mooo.com2.crt new file mode 100644 index 000000000..8be9eef8a --- /dev/null +++ b/installer/resources/certificates/ssl/ieb9oopo.mooo.com2.crt @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIESzCCAzOgAwIBAgIJAKII1waVnWddMA0GCSqGSIb3DQEBCwUAMIG7MQswCQYD +VQQGEwJERTEaMBgGA1UECAwRaWViOW9vcG8ubW9vby5jb20xGjAYBgNVBAcMEWll +Yjlvb3BvLm1vb28uY29tMRowGAYDVQQKDBFpZWI5b29wby5tb29vLmNvbTEaMBgG +A1UECwwRaWViOW9vcG8ubW9vby5jb20xGjAYBgNVBAMMEWllYjlvb3BvLm1vb28u +Y29tMSAwHgYJKoZIhvcNAQkBFhFpZWI5b29wby5tb29vLmNvbTAeFw0xNDExMjIx +MzQzNThaFw0yMDA1MTQxMzQzNThaMIG7MQswCQYDVQQGEwJERTEaMBgGA1UECAwR +aWViOW9vcG8ubW9vby5jb20xGjAYBgNVBAcMEWllYjlvb3BvLm1vb28uY29tMRow +GAYDVQQKDBFpZWI5b29wby5tb29vLmNvbTEaMBgGA1UECwwRaWViOW9vcG8ubW9v +by5jb20xGjAYBgNVBAMMEWllYjlvb3BvLm1vb28uY29tMSAwHgYJKoZIhvcNAQkB +FhFpZWI5b29wby5tb29vLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC +ggEBAMhcnkSifOMw5bd66UlvYVsc42H22Nuy64qhtJHtggofrwBooF38kRCBVFL8 +9Xjzr0xsSshvO6p7E+CEUtA8v55l5vNbUTAvGP9WmzeZyZuCFg9Heo3orNMbIK7m +ppwKhwh6tFEIEpUTz/+xF5NRt0+CqcS4aNHuH3JPwNugfTBuSa86GeSaqL7K4eEZ +bZXqQ16Onvi0yyMqRJDp/ijRFxr2eKGPWb55kuRSET9PxVhlgRKULZkr39Dh9q1c +wb9lAMLMRZIzPVnyvC9jWkIqSDl5bkAAto0n1Jkw92rRp6EVKgSLA/4vl9wTb6xf +WfT5cs7pykAE0WXBr9TqpS3okncCAwEAAaNQME4wHQYDVR0OBBYEFGeEOHhWiKwZ +TGbc7uuK3DD7YjYZMB8GA1UdIwQYMBaAFGeEOHhWiKwZTGbc7uuK3DD7YjYZMAwG +A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAAzRA/0OpJtCO4kQkTn/hux9 +dRi9T6B54Xav5jG53iAPLTeMxsaLkvweh2pZ3kvEUrQhvW0JF8QBrHTsgxzb4Wd6 +FNDHSgJbZv3uCjFtWeuUh+GTG1k9uwgNIEnx7J9Vp0JCi4ezi/HMNI7c+LjinM9f +hrAzclkeRPLYg645DkxckLyDUbrc9v1qWFoTpezXSBPO7n3Wk4sCytdoA1FkTdXh +RF4BWCl/3uOxcrn0TqoC9vCh8RcxnllOiOO5j4+PQ1Z6NkQ/5oRCK/jjaWc3Lr6/ +FicOZJe29BVnrPGynqe0Ky1o+kTdXFflKowfr7g8dwn8k9YavjtGbl1ZSHeuMF8= +-----END CERTIFICATE----- diff --git a/installer/resources/certificates/ssl/link.mx24.eu.crt b/installer/resources/certificates/ssl/link.mx24.eu.crt new file mode 100644 index 000000000..8e0d910fc --- /dev/null +++ b/installer/resources/certificates/ssl/link.mx24.eu.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEDzCCAvegAwIBAgIJAMsPNG1k0yV4MA0GCSqGSIb3DQEBCwUAMIGdMQswCQYD +VQQGEwJERTEVMBMGA1UECAwMbGluay5teDI0LmV1MRUwEwYDVQQHDAxsaW5rLm14 +MjQuZXUxFTATBgNVBAoMDGxpbmsubXgyNC5ldTEVMBMGA1UECwwMbGluay5teDI0 +LmV1MRUwEwYDVQQDDAxsaW5rLm14MjQuZXUxGzAZBgkqhkiG9w0BCQEWDGxpbmsu +bXgyNC5ldTAeFw0xNDExMTkxOTE4NTRaFw0yMDA1MTExOTE4NTRaMIGdMQswCQYD +VQQGEwJERTEVMBMGA1UECAwMbGluay5teDI0LmV1MRUwEwYDVQQHDAxsaW5rLm14 +MjQuZXUxFTATBgNVBAoMDGxpbmsubXgyNC5ldTEVMBMGA1UECwwMbGluay5teDI0 +LmV1MRUwEwYDVQQDDAxsaW5rLm14MjQuZXUxGzAZBgkqhkiG9w0BCQEWDGxpbmsu +bXgyNC5ldTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAL8modDBRkyh +SHSm92pTfguO3F6n5ocsBJ4vaVoosYq3ILCsapjqmynMHZUef6gEB7+Gn5cKXsH2 +JaKOeb8DHrOFCaxfj187x1QfZj1UNMQblx2T9q4th12tqp+k4JuLwgemr+2uAUpM +xx/uHRJXD0hf67+fHQFYNVfa+WvT46xlKGsWDQ0LBsA/z4YGnyeaV4PrS5nj3euA +IbdfDj7rJea3bfhSqYA1ZH1cquKlsXOOYO5cIcXsa5dxDWX51QS+i7+ocph+JN1X +dRh6ZirE9OXZVXwXXVRnJSYjgBlP/DQBdE7YkE1R3LyCVZsgxJaaLV/ujijOIK61 +SqEhHvFNRe0CAwEAAaNQME4wHQYDVR0OBBYEFB6XRz6VZlrAE+3xL6AyKrkq+y2X +MB8GA1UdIwQYMBaAFB6XRz6VZlrAE+3xL6AyKrkq+y2XMAwGA1UdEwQFMAMBAf8w +DQYJKoZIhvcNAQELBQADggEBADhxBA5GHisDVf5a+1hIi7FBGBjJJLqzlaKh+bFB +gTCYfk3F4wYzndr1HpdCZSSYDtY3mXFNMWQCpwvwvy1DM+9AMRY68wKNXHa/WypW +zQSqTfEH8cdaIXUALB7pdWFVr3rx0f7/8I0Gj/ByUbJ94rzd22vduX5riY0Rag6B +dPtW0M9bJrC1AIjexzDcStupj9v/ceGYZQYC4zb2tZ7Ek/6q+vei8TxWZjku7Dl4 +YRPXXufyB24uQ1hJVy2fSyIJ63tIRJoEFLBNaKDOB53i10xLWBcsJpXKY57AOQMn +flqW4HG8uGJ/o1WjhiOB9eI7T9toy08zNzt+kSI/blFIoek= +-----END CERTIFICATE----- diff --git a/router/java/src/net/i2p/router/networkdb/reseed/Reseeder.java b/router/java/src/net/i2p/router/networkdb/reseed/Reseeder.java index b494a441c..79338d8f6 100644 --- a/router/java/src/net/i2p/router/networkdb/reseed/Reseeder.java +++ b/router/java/src/net/i2p/router/networkdb/reseed/Reseeder.java @@ -70,9 +70,7 @@ public class Reseeder { * URLs are constructed, and because SSLEepGet doesn't follow redirects. */ public static final String DEFAULT_SEED_URL = - //http://netdb.i2p2.de/" + "," + "http://reseed.i2p-projekt.de/" + "," + - //"http://euve5653.vserver.de/netDb/" + "," + "http://cowpuncher.drollette.com/netdb/" + "," + "http://i2p.mooo.com/netDb/" + "," + "http://193.150.121.66/netDb/" + "," + @@ -83,14 +81,10 @@ public class Reseeder { "http://jp.reseed.i2p2.no/" + "," + "http://i2p-netdb.innovatio.no/" + "," + "http://ieb9oopo.mooo.com/"; - // Temp disabled since h2ik have been AWOL since 06-03-2013 - //"http://i2p.feared.eu/"; /** @since 0.8.2 */ public static final String DEFAULT_SSL_SEED_URL = - //"https://netdb.i2p2.de/" + "," + "https://reseed.i2p-projekt.de/" + "," + - //"https://euve5653.vserver.de/netDb/" + "," + "https://cowpuncher.drollette.com/netdb/" + "," + "https://i2p.mooo.com/netDb/" + "," + "https://193.150.121.66/netDb/" + "," + @@ -101,9 +95,8 @@ public class Reseeder { "https://jp.reseed.i2p2.no:444/" + "," + "https://i2p-netdb.innovatio.no/" + "," + "https://ssl.webpack.de/ivae2he9.sg4.e-plaza.de/" + "," + // Only HTTPS and SU3 (v2) support + "https://link.mx24.eu/" + "," + // Only HTTPS and SU3 (v3) support "https://ieb9oopo.mooo.com/"; - // Temp disabled since h2ik have been AWOL since 06-03-2013 - //"https://i2p.feared.eu/"; private static final String SU3_FILENAME = "i2pseeds.su3"; From 77e7982e7438f22fceae2a844cdf571964d3c27f Mon Sep 17 00:00:00 2001 From: zzz Date: Sun, 23 Nov 2014 14:24:22 +0000 Subject: [PATCH 06/13] Drop i2p.feared.eu ssl cert for reseed --- .../certificates/ssl/i2p.feared.eu.crt | 21 ------------------- installer/resources/deletelist.txt | 1 + 2 files changed, 1 insertion(+), 21 deletions(-) delete mode 100644 installer/resources/certificates/ssl/i2p.feared.eu.crt diff --git a/installer/resources/certificates/ssl/i2p.feared.eu.crt b/installer/resources/certificates/ssl/i2p.feared.eu.crt deleted file mode 100644 index 628c6290c..000000000 --- a/installer/resources/certificates/ssl/i2p.feared.eu.crt +++ /dev/null @@ -1,21 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIDhTCCAm2gAwIBAgIJAPVgXcMcr3zqMA0GCSqGSIb3DQEBBQUAMFkxCzAJBgNV -BAYTAkVVMQ8wDQYDVQQIDAZFdXJvcGUxDDAKBgNVBAoMA0kyUDETMBEGA1UECwwK -T3V0cHJveGllczEWMBQGA1UEAwwNaTJwLmZlYXJlZC5ldTAeFw0xMjEwMjkxNzMw -MDZaFw0yMTAxMTUxNzMwMDZaMFkxCzAJBgNVBAYTAkVVMQ8wDQYDVQQIDAZFdXJv -cGUxDDAKBgNVBAoMA0kyUDETMBEGA1UECwwKT3V0cHJveGllczEWMBQGA1UEAwwN -aTJwLmZlYXJlZC5ldTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAOUh -y2+6Q4RO+b5WPXX/cZ/9fiI7aWGe/C7z0083HOEqnkgGCYgxFWUCed6/eZbYoZ7/ -PV1BAuEereNwTp+Ov7fQB2H73O9sSAEejW6O4C2PZiZWaPxpZiTJNENbLOZxJnIN -+fSqmA5pqvGkYAJ2heZH4v4tayun7Vib58GWuizhzJ4EvhOrOrLq/YHrxMn++r4e -kNNbq4QzWpfxNa7ocDY9OJh5qFzuc+6wKj1m1syK6euDqs5d6X+y0aDTMgRxey2b -tkmNx9wC0flLg1oMcv9o1zN+dENy7Inkd/SqbSjLUqDTJzdq6xURVsgLoV63pb6r -B4gbGIlriYWK/mOPTTkCAwEAAaNQME4wHQYDVR0OBBYEFOI94JZ3Rb2RVmr8QjOp -u3KfVSrNMB8GA1UdIwQYMBaAFOI94JZ3Rb2RVmr8QjOpu3KfVSrNMAwGA1UdEwQF -MAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAD7bI05zg9nf9qanq4ZNw/rvEzYQRBmy -MqzZjcwBMGvbcEbS+zYAdAkfxmN3l/AT4I4z138Om0ud4ZJUQTVlRsJkMlmLD4Rt -Jbi2rl7mrY7Qupgu5hvgH+ZaEWr7LTq+tFjPycRS+zijw9NToKeAsgEex9zYIOYD -BxDUn/trvyA41ItvegWh803IsZUBb45Via+bopid9aFFkejRrck9hhcQ6fVh2yju -nuVwHrxNvGc0NmmJ7zI+nPESFS+TAYbWXikDhc5Vtyiuoz47WZU1cgXYYMejK4WA -+3GLvei7qKm4GOJSg7BngF5Iyj/n7ML1rBqTlN3KA1YOgpGCwJlKzto= ------END CERTIFICATE----- diff --git a/installer/resources/deletelist.txt b/installer/resources/deletelist.txt index 513bfe167..c72a26515 100644 --- a/installer/resources/deletelist.txt +++ b/installer/resources/deletelist.txt @@ -4,6 +4,7 @@ certificates/r31453.ovh.net certificates/75.145.125.59.crt certificates/forum.i2p2.de.crt certificates/cowpuncher.drollette.com.crt +certificates/ssl/i2p.feared.eu.crt certificates/ssl/reseed.pkol.de.crt # old translated proxy error pages docs/ahelper-conflict-header_ar.ht From fd47cb88de23f057d4d88844543a610c8053df4d Mon Sep 17 00:00:00 2001 From: zzz Date: Mon, 24 Nov 2014 14:15:44 +0000 Subject: [PATCH 07/13] i2ptunnel: Fix automatic setting of random key --- apps/i2ptunnel/java/src/net/i2p/i2ptunnel/web/IndexBean.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/web/IndexBean.java b/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/web/IndexBean.java index 8deb1ac99..a1a8490b2 100644 --- a/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/web/IndexBean.java +++ b/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/web/IndexBean.java @@ -1339,10 +1339,10 @@ public class IndexBean { // as of 0.9.17, add a random key if not previously present byte[] rk = new byte[32]; _context.random().nextBytes(rk); - config.setProperty(OPT + p, Base64.encode(rk)); + config.setProperty(p, Base64.encode(rk)); p = OPT + "outbound.randomKey"; _context.random().nextBytes(rk); - config.setProperty(OPT + p, Base64.encode(rk)); + config.setProperty(p, Base64.encode(rk)); } } From 5f2b620819f6c30d92347652dd1c620de8367f9c Mon Sep 17 00:00:00 2001 From: zzz Date: Mon, 24 Nov 2014 14:26:53 +0000 Subject: [PATCH 08/13] PrivateKeyFile: Don't rewrite file in main() if no options --- core/java/src/net/i2p/data/PrivateKeyFile.java | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/core/java/src/net/i2p/data/PrivateKeyFile.java b/core/java/src/net/i2p/data/PrivateKeyFile.java index 42a26ef36..4e1a6d74a 100644 --- a/core/java/src/net/i2p/data/PrivateKeyFile.java +++ b/core/java/src/net/i2p/data/PrivateKeyFile.java @@ -169,9 +169,11 @@ public class PrivateKeyFile { usage(); return; } - System.out.println(pkf); - pkf.write(); - verifySignature(pkf.getDestination()); + if (mode != 0) { + System.out.println(pkf); + pkf.write(); + verifySignature(pkf.getDestination()); + } } catch (Exception e) { e.printStackTrace(); System.exit(1); From a38bd0b5cf666282c11c304d28597075f982d855 Mon Sep 17 00:00:00 2001 From: zzz Date: Wed, 26 Nov 2014 16:06:09 +0000 Subject: [PATCH 09/13] Data: Fix NPE on unknown sig type in destination Fix hashcode and equals for typed data --- core/java/src/net/i2p/data/Signature.java | 21 +++++++++++++ .../src/net/i2p/data/SigningPrivateKey.java | 21 +++++++++++++ .../src/net/i2p/data/SigningPublicKey.java | 30 +++++++++++++++++-- 3 files changed, 69 insertions(+), 3 deletions(-) diff --git a/core/java/src/net/i2p/data/Signature.java b/core/java/src/net/i2p/data/Signature.java index 1338cb664..05d24e51d 100644 --- a/core/java/src/net/i2p/data/Signature.java +++ b/core/java/src/net/i2p/data/Signature.java @@ -9,6 +9,8 @@ package net.i2p.data; * */ +import java.util.Arrays; + import net.i2p.crypto.SigType; /** @@ -102,4 +104,23 @@ public class Signature extends SimpleDataStructure { buf.append(']'); return buf.toString(); } + + /** + * @since 0.9.17 + */ + @Override + public int hashCode() { + return DataHelper.hashCode(_type) ^ super.hashCode(); + } + + /** + * @since 0.9.17 + */ + @Override + public boolean equals(Object obj) { + if (obj == this) return true; + if (obj == null || !(obj instanceof Signature)) return false; + Signature s = (Signature) obj; + return _type == s._type && Arrays.equals(_data, s._data); + } } diff --git a/core/java/src/net/i2p/data/SigningPrivateKey.java b/core/java/src/net/i2p/data/SigningPrivateKey.java index 07b8969e3..fcc9b2dc8 100644 --- a/core/java/src/net/i2p/data/SigningPrivateKey.java +++ b/core/java/src/net/i2p/data/SigningPrivateKey.java @@ -9,6 +9,8 @@ package net.i2p.data; * */ +import java.util.Arrays; + import net.i2p.crypto.KeyGenerator; import net.i2p.crypto.SigType; @@ -104,4 +106,23 @@ public class SigningPrivateKey extends SimpleDataStructure { buf.append(']'); return buf.toString(); } + + /** + * @since 0.9.17 + */ + @Override + public int hashCode() { + return DataHelper.hashCode(_type) ^ super.hashCode(); + } + + /** + * @since 0.9.17 + */ + @Override + public boolean equals(Object obj) { + if (obj == this) return true; + if (obj == null || !(obj instanceof SigningPrivateKey)) return false; + SigningPrivateKey s = (SigningPrivateKey) obj; + return _type == s._type && Arrays.equals(_data, s._data); + } } diff --git a/core/java/src/net/i2p/data/SigningPublicKey.java b/core/java/src/net/i2p/data/SigningPublicKey.java index 386deadac..860985d4b 100644 --- a/core/java/src/net/i2p/data/SigningPublicKey.java +++ b/core/java/src/net/i2p/data/SigningPublicKey.java @@ -12,6 +12,7 @@ package net.i2p.data; import java.io.InputStream; import java.io.IOException; import java.io.OutputStream; +import java.util.Arrays; import net.i2p.crypto.SigType; @@ -113,7 +114,8 @@ public class SigningPublicKey extends SimpleDataStructure { } /** - * Up-convert this from an untyped (type 0) SPK to a typed SPK based on the Key Cert given + * Up-convert this from an untyped (type 0) SPK to a typed SPK based on the Key Cert given. + * The type of the returned key will be null if the kcert sigtype is null. * * @throws IllegalArgumentException if this is already typed to a different type * @since 0.9.12 @@ -126,6 +128,9 @@ public class SigningPublicKey extends SimpleDataStructure { return this; if (_type != SigType.DSA_SHA1) throw new IllegalArgumentException("Cannot convert " + _type + " to " + newType); + // unknown type, keep the 128 bytes of data + if (newType == null) + return new SigningPublicKey(null, _data); int newLen = newType.getPubkeyLen(); if (newLen == SigType.DSA_SHA1.getPubkeyLen()) return new SigningPublicKey(newType, _data); @@ -145,7 +150,7 @@ public class SigningPublicKey extends SimpleDataStructure { * Get the portion of this (type 0) SPK that is really padding based on the Key Cert type given, * if any * - * @return leading padding length > 0 or null + * @return leading padding length > 0 or null if no padding or type is unknown * @throws IllegalArgumentException if this is already typed to a different type * @since 0.9.12 */ @@ -153,7 +158,7 @@ public class SigningPublicKey extends SimpleDataStructure { if (_data == null) throw new IllegalStateException(); SigType newType = kcert.getSigType(); - if (_type == newType) + if (_type == newType || newType == null) return null; if (_type != SigType.DSA_SHA1) throw new IllegalStateException("Cannot convert " + _type + " to " + newType); @@ -200,4 +205,23 @@ public class SigningPublicKey extends SimpleDataStructure { public static void clearCache() { _cache.clear(); } + + /** + * @since 0.9.17 + */ + @Override + public int hashCode() { + return DataHelper.hashCode(_type) ^ super.hashCode(); + } + + /** + * @since 0.9.17 + */ + @Override + public boolean equals(Object obj) { + if (obj == this) return true; + if (obj == null || !(obj instanceof SigningPublicKey)) return false; + SigningPublicKey s = (SigningPublicKey) obj; + return _type == s._type && Arrays.equals(_data, s._data); + } } From 9700f30c35087dd0fdcd5a7e2ef91c4e1a847c59 Mon Sep 17 00:00:00 2001 From: zzz Date: Wed, 26 Nov 2014 16:18:37 +0000 Subject: [PATCH 10/13] Tunnels: Disallow changing allowZeroHop setting for exploratory --- router/java/src/net/i2p/router/TunnelPoolSettings.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/router/java/src/net/i2p/router/TunnelPoolSettings.java b/router/java/src/net/i2p/router/TunnelPoolSettings.java index 481836d17..fd718e479 100644 --- a/router/java/src/net/i2p/router/TunnelPoolSettings.java +++ b/router/java/src/net/i2p/router/TunnelPoolSettings.java @@ -244,9 +244,10 @@ public class TunnelPoolSettings { String name = (String) e.getKey(); String value = (String) e.getValue(); if (name.startsWith(prefix)) { - if (name.equalsIgnoreCase(prefix + PROP_ALLOW_ZERO_HOP)) - _allowZeroHop = getBoolean(value, DEFAULT_ALLOW_ZERO_HOP); - else if (name.equalsIgnoreCase(prefix + PROP_BACKUP_QUANTITY)) + if (name.equalsIgnoreCase(prefix + PROP_ALLOW_ZERO_HOP)) { + if (!_isExploratory) + _allowZeroHop = getBoolean(value, DEFAULT_ALLOW_ZERO_HOP); + } else if (name.equalsIgnoreCase(prefix + PROP_BACKUP_QUANTITY)) _backupQuantity = getInt(value, DEFAULT_BACKUP_QUANTITY); //else if (name.equalsIgnoreCase(prefix + PROP_DURATION)) // _duration = getInt(value, DEFAULT_DURATION); From 285fa6cbc9e1a183267d4f30acc1fa4b328d5305 Mon Sep 17 00:00:00 2001 From: zzz Date: Wed, 26 Nov 2014 17:32:56 +0000 Subject: [PATCH 11/13] BuildRequestor: Reduce delay when client build can't find a paired tunnel (possible fix for ticket #1412) --- history.txt | 15 +++++++++++++++ router/java/src/net/i2p/router/RouterVersion.java | 2 +- .../i2p/router/tunnel/pool/BuildRequestor.java | 5 ++++- 3 files changed, 20 insertions(+), 2 deletions(-) diff --git a/history.txt b/history.txt index 7a6560702..ff226665e 100644 --- a/history.txt +++ b/history.txt @@ -1,3 +1,18 @@ +2014-11-26 zzz + * BuildRequestor: Reduce delay when client build can't find + a paired tunnel (ticket #1412) + * Data: + - Fix NPE on unknown sig type in destination + - Fix hashcode and equals for typed data + * Tunnels: Disallow changing allowZeroHop setting for exploratory + +2014-11-24 zzz + * i2ptunnel: Fix automatic setting of random key + * PrivateKeyFile: Don't rewrite file in main() if no options + +2014-11-23 zzz + * Reseed hosts update + 2014-11-22 zzz * PeerSelector: If non-DSA, don't use incompatible peers for exploratory tunnels or closest-hop in client tunnels diff --git a/router/java/src/net/i2p/router/RouterVersion.java b/router/java/src/net/i2p/router/RouterVersion.java index 47667df53..895e8eb46 100644 --- a/router/java/src/net/i2p/router/RouterVersion.java +++ b/router/java/src/net/i2p/router/RouterVersion.java @@ -18,7 +18,7 @@ public class RouterVersion { /** deprecated */ public final static String ID = "Monotone"; public final static String VERSION = CoreVersion.VERSION; - public final static long BUILD = 9; + public final static long BUILD = 10; /** for example "-test" */ public final static String EXTRA = "-rc"; diff --git a/router/java/src/net/i2p/router/tunnel/pool/BuildRequestor.java b/router/java/src/net/i2p/router/tunnel/pool/BuildRequestor.java index 31aaa8665..084a62c23 100644 --- a/router/java/src/net/i2p/router/tunnel/pool/BuildRequestor.java +++ b/router/java/src/net/i2p/router/tunnel/pool/BuildRequestor.java @@ -166,7 +166,10 @@ abstract class BuildRequestor { exec.buildComplete(cfg, pool); // Not even an exploratory tunnel? We are in big trouble. // Let's not spin through here too fast. - try { Thread.sleep(250); } catch (InterruptedException ie) {} + // But don't let a client tunnel waiting for exploratories slow things down too much, + // as there may be other tunnel pools who can build + int ms = pool.getSettings().isExploratory() ? 250 : 25; + try { Thread.sleep(ms); } catch (InterruptedException ie) {} return false; } From 59996906652b1ed1d72d7f1dba3e9590fae76d53 Mon Sep 17 00:00:00 2001 From: zzz Date: Thu, 27 Nov 2014 12:55:16 +0000 Subject: [PATCH 12/13] link ECDSA warning to wiki help page --- .../java/src/net/i2p/router/web/SummaryBarRenderer.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/apps/routerconsole/java/src/net/i2p/router/web/SummaryBarRenderer.java b/apps/routerconsole/java/src/net/i2p/router/web/SummaryBarRenderer.java index 3a40b8283..03dcfefe8 100644 --- a/apps/routerconsole/java/src/net/i2p/router/web/SummaryBarRenderer.java +++ b/apps/routerconsole/java/src/net/i2p/router/web/SummaryBarRenderer.java @@ -348,8 +348,8 @@ public class SummaryBarRenderer { .append(_helper.getReachability()) .append("\n"); if (!SigType.ECDSA_SHA256_P256.isAvailable()) { - buf.append("
\n

\n

") .append(_("Warning: ECDSA is not available. Update your Java or OS")) .append("

\n"); From be8832e87f7e52340d62f97b830660c99c75098a Mon Sep 17 00:00:00 2001 From: zzz Date: Thu, 27 Nov 2014 18:17:07 +0000 Subject: [PATCH 13/13] link to Russian version of ECDSA help page --- .../java/src/net/i2p/router/web/SummaryBarRenderer.java | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/apps/routerconsole/java/src/net/i2p/router/web/SummaryBarRenderer.java b/apps/routerconsole/java/src/net/i2p/router/web/SummaryBarRenderer.java index 03dcfefe8..f10d6858f 100644 --- a/apps/routerconsole/java/src/net/i2p/router/web/SummaryBarRenderer.java +++ b/apps/routerconsole/java/src/net/i2p/router/web/SummaryBarRenderer.java @@ -348,7 +348,10 @@ public class SummaryBarRenderer { .append(_helper.getReachability()) .append("

\n"); if (!SigType.ECDSA_SHA256_P256.isAvailable()) { - buf.append("
\n

\n

") .append(_("Warning: ECDSA is not available. Update your Java or OS"))