zzz/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Transports: Consolidate port checking code

Browse Source 
Disallow SSDP port
This commit is contained in:
zzz
2014-11-06 15:20:24 +00:00
parent f524351041
commit 76e4b49d9d
7 changed files with 28 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
router/java/src/net/i2p/router/transport/TransportUtil.java
View File

@@ -169,4 +169,15 @@ public abstract class TransportUtil {
}
return false;
}
/**
* Is this a valid port for us or a remote router?
*
* @since 0.9.17 moved from logic in individual transports
*/
public static boolean isValidPort(int port) {
return port >= 1024 &&
port <= 65535 &&
port != 1900; // UPnP SSDP
}
}

13
router/java/src/net/i2p/router/transport/ntcp/NTCPTransport.java
View File

@@ -97,13 +97,6 @@ public class NTCPTransport extends TransportImpl {
private long _lastBadSkew;
private static final long[] RATES = { 10*60*1000 };
/**
* To prevent trouble. 1024 as of 0.9.4.
*
* @since 0.9.3
*/
private static final int MIN_PEER_PORT = 1024;
// Opera doesn't have the char, TODO check UA
//private static final String THINSP = "&thinsp;/&thinsp;";
private static final String THINSP = " / ";
@@ -402,7 +395,7 @@ public class NTCPTransport extends TransportImpl {
for (int i = 0; i < addrs.size(); i++) {
RouterAddress addr = addrs.get(i);
byte[] ip = addr.getIP();
if (addr.getPort() < MIN_PEER_PORT || ip == null) {
if (!TransportUtil.isValidPort(addr.getPort()) || ip == null) {
//_context.statManager().addRateData("ntcp.connectFailedInvalidPort", 1);
//_context.banlist().banlistRouter(toAddress.getIdentity().calculateHash(), "Invalid NTCP address", STYLE);
//if (_log.shouldLog(Log.DEBUG))
@@ -695,8 +688,8 @@ public class NTCPTransport extends TransportImpl {
// FIXME just close and unregister
stopWaitAndRestart();
}
if (port < 1024)
_log.logAlways(Log.WARN, "Specified NTCP port is " + port + ", ports lower than 1024 not recommended");
if (!TransportUtil.isValidPort(port))
_log.error("Specified NTCP port is " + port + ", ports lower than 1024 not recommended");
ServerSocketChannel chan = ServerSocketChannel.open();
chan.configureBlocking(false);
chan.socket().bind(addr);

6
router/java/src/net/i2p/router/transport/udp/EstablishmentManager.java
View File

@@ -20,6 +20,7 @@ import net.i2p.data.i2np.I2NPMessage;
import net.i2p.router.OutNetMessage;
import net.i2p.router.Router;
import net.i2p.router.RouterContext;
import net.i2p.router.transport.TransportUtil;
import net.i2p.router.transport.crypto.DHSessionKeyBuilder;
import static net.i2p.router.transport.udp.InboundEstablishState.InboundState.*;
import static net.i2p.router.transport.udp.OutboundEstablishState.OutboundState.*;
@@ -425,7 +426,7 @@ class EstablishmentManager {
*
*/
void receiveSessionRequest(RemoteHostId from, UDPPacketReader reader) {
if (from.getPort() < UDPTransport.MIN_PEER_PORT || !_transport.isValid(from.getIP())) {
if (!TransportUtil.isValidPort(from.getPort()) || !_transport.isValid(from.getIP())) {
if (_log.shouldLog(Log.WARN))
_log.warn("Receive session request from invalid: " + from);
return;
@@ -1000,8 +1001,7 @@ class EstablishmentManager {
* @since 0.9.3
*/
private boolean isValid(byte[] ip, int port) {
return port >= UDPTransport.MIN_PEER_PORT &&
port <= 65535 &&
return TransportUtil.isValidPort(port) &&
ip != null && ip.length == 4 &&
_transport.isValid(ip) &&
(!_transport.isTooClose(ip)) &&

6
router/java/src/net/i2p/router/transport/udp/IntroductionManager.java
View File

@@ -18,6 +18,7 @@ import net.i2p.router.RouterContext;
import net.i2p.util.Addresses;
import net.i2p.util.ConcurrentHashSet;
import net.i2p.util.Log;
import net.i2p.router.transport.TransportUtil;
/**
* Keep track of inbound and outbound introductions.
@@ -119,7 +120,7 @@ class IntroductionManager {
public void add(PeerState peer) {
if (peer == null) return;
// let's not use an introducer on a privileged port, sounds like trouble
if (peer.getRemotePort() < 1024)
if (!TransportUtil.isValidPort(peer.getRemotePort()))
return;
// Only allow relay as Bob or Charlie if the Bob-Charlie session is IPv4
if (peer.getRemoteIP().length != 4)
@@ -451,8 +452,7 @@ class IntroductionManager {
* @since 0.9.3
*/
private boolean isValid(byte[] ip, int port) {
return port >= UDPTransport.MIN_PEER_PORT &&
port <= 65535 &&
return TransportUtil.isValidPort(port) &&
ip != null && ip.length == 4 &&
_transport.isValid(ip) &&
(!_transport.isTooClose(ip)) &&

5
router/java/src/net/i2p/router/transport/udp/PeerTestManager.java
View File

@@ -15,6 +15,7 @@ import net.i2p.data.SessionKey;
import net.i2p.router.CommSystemFacade;
import net.i2p.router.RouterContext;
import static net.i2p.router.transport.udp.PeerTestState.Role.*;
import net.i2p.router.transport.TransportUtil;
import net.i2p.util.Addresses;
import net.i2p.util.Log;
import net.i2p.util.SimpleTimer;
@@ -495,7 +496,7 @@ class PeerTestManager {
_context.statManager().addRateData("udp.receiveTest", 1);
byte[] fromIP = from.getIP();
int fromPort = from.getPort();
if (fromPort < 1024 || fromPort > 65535 ||
if (!TransportUtil.isValidPort(fromPort) ||
(!_transport.isValid(fromIP)) ||
_transport.isTooClose(fromIP) ||
_context.blocklist().isBlocklisted(fromIP)) {
@@ -514,7 +515,7 @@ class PeerTestManager {
testInfo.readIP(testIP, 0);
}
if ((testPort > 0 && (testPort < 1024 || testPort > 65535)) ||
if ((testPort > 0 && (!TransportUtil.isValidPort(testPort))) ||
(testIP != null &&
((!_transport.isValid(testIP)) ||
testIP.length != 4 ||

5
router/java/src/net/i2p/router/transport/udp/UDPEndpoint.java
View File

@@ -9,6 +9,7 @@ import java.net.SocketException;
import java.util.concurrent.atomic.AtomicInteger;
import net.i2p.router.RouterContext;
import net.i2p.router.transport.TransportUtil;
import net.i2p.util.Log;
/**
@@ -112,8 +113,8 @@ class UDPEndpoint implements SocketListener {
private DatagramSocket getSocket() {
DatagramSocket socket = null;
int port = _listenPort;
if (port > 0 && port < 1024)
_log.logAlways(Log.WARN, "Specified UDP port is " + port + ", ports lower than 1024 not recommended");
if (port > 0 && !TransportUtil.isValidPort(port))
_log.error("Specified UDP port is " + port + ", ports lower than 1024 not recommended");
for (int i = 0; i < MAX_PORT_RETRIES; i++) {
if (port <= 0) {

17
router/java/src/net/i2p/router/transport/udp/UDPTransport.java
View File

@@ -121,19 +121,6 @@ public class UDPTransport extends TransportImpl implements TimedWeightedPriority
*/
public static final int DEFAULT_INTERNAL_PORT = 8887;
/**
* To prevent trouble. 1024 as of 0.9.4.
*
* @since 0.9.3
*/
static final int MIN_PEER_PORT = 1024;
/** Limits on port told to us by others,
* We should have an exception if it matches the existing low port.
*/
private static final int MIN_EXTERNAL_PORT = 1024;
private static final int MAX_EXTERNAL_PORT = 65535;
/** define this to explicitly set an external IP address */
public static final String PROP_EXTERNAL_HOST = "i2np.udp.host";
/** define this to explicitly set an external port */
@@ -765,7 +752,7 @@ public class UDPTransport extends TransportImpl implements TimedWeightedPriority
if (ourIP.length != 4)
return;
boolean isValid = isValid(ourIP) &&
(ourPort >= MIN_EXTERNAL_PORT && ourPort <= MAX_EXTERNAL_PORT);
TransportUtil.isValidPort(ourPort);
boolean explicitSpecified = explicitAddressSpecified();
boolean inboundRecent = _lastInboundReceivedOn + ALLOW_IP_CHANGE_INTERVAL > System.currentTimeMillis();
if (_log.shouldLog(Log.INFO))
@@ -1620,7 +1607,7 @@ public class UDPTransport extends TransportImpl implements TimedWeightedPriority
if (addr.getOption("ihost0") == null) {
byte[] ip = addr.getIP();
int port = addr.getPort();
if (ip == null || port < MIN_PEER_PORT ||
if (ip == null || !TransportUtil.isValidPort(port) ||
(!isValid(ip)) ||
(Arrays.equals(ip, getExternalIP()) && !allowLocal())) {
continue;