Changeset 6de81d4


Ignore:
Timestamp:
Apr 17, 2014 6:52:40 PM (6 years ago)
Author:
zzz <zzz@…>
Branches:
master
Children:
f77a3c7
Parents:
7ac9dc5
Message:

SSU: SessionRequest? replay prevention (ticket #1212)
NTCP: Just use first 8 bytes of HxHi for replay check

Location:
router/java/src/net/i2p/router/transport
Files:
2 edited

Legend:

Unmodified
Added
Removed
  • router/java/src/net/i2p/router/transport/ntcp/NTCPTransport.java

    r7ac9dc5 r6de81d4  
    179179        _conLock = new Object();
    180180        _conByIdent = new ConcurrentHashMap<Hash, NTCPConnection>(64);
    181         _replayFilter = new DecayingHashSet(ctx, 10*60*1000, 32, "NTCP-Hx^HI");
     181        _replayFilter = new DecayingHashSet(ctx, 10*60*1000, 8, "NTCP-Hx^HI");
    182182
    183183        _finisher = new NTCPSendFinisher(ctx, this);
     
    523523     */
    524524    boolean isHXHIValid(byte[] hxhi) {
    525         return !_replayFilter.add(hxhi);
     525        return !_replayFilter.add(hxhi, 0, 8);
    526526    }
    527527
  • router/java/src/net/i2p/router/transport/udp/EstablishmentManager.java

    r7ac9dc5 r6de81d4  
    2424import static net.i2p.router.transport.udp.InboundEstablishState.InboundState.*;
    2525import static net.i2p.router.transport.udp.OutboundEstablishState.OutboundState.*;
     26import net.i2p.router.util.DecayingHashSet;
     27import net.i2p.router.util.DecayingBloomFilter;
    2628import net.i2p.util.Addresses;
    2729import net.i2p.util.I2PThread;
     
    8385    private final Object _activityLock;
    8486    private int _activity;
     87
     88    /** "bloom filter" */
     89    private final DecayingBloomFilter _replayFilter;
    8590   
    8691    /** max outbound in progress - max inbound is half of this */
     
    133138        _outboundByHash = new ConcurrentHashMap<Hash, OutboundEstablishState>();
    134139        _activityLock = new Object();
     140        _replayFilter = new DecayingHashSet(ctx, 10*60*1000, 8, "SSU-DH-X");
    135141        DEFAULT_MAX_CONCURRENT_ESTABLISH = Math.max(DEFAULT_LOW_MAX_CONCURRENT_ESTABLISH,
    136142                                                    Math.min(DEFAULT_HIGH_MAX_CONCURRENT_ESTABLISH,
     
    160166        //_context.statManager().createRateStat("udp.queueDropSize", "How many messages were queued up when it was considered full, causing a tail drop?", "udp", UDPTransport.RATES);
    161167        //_context.statManager().createRateStat("udp.queueAllowTotalLifetime", "When a peer is retransmitting and we probabalistically allow a new message, what is the sum of the pending message lifetimes? (period is the new message's lifetime)?", "udp", UDPTransport.RATES);
     168        _context.statManager().createRateStat("udp.dupDHX", "Session request replay", "udp", new long[] { 24*60*60*1000L } );
    162169    }
    163170   
     
    451458                                                  _transport.getDHBuilder());
    452459                state.receiveSessionRequest(reader.getSessionRequestReader());
     460
     461                if (_replayFilter.add(state.getReceivedX(), 0, 8)) {
     462                    if (_log.shouldLog(Log.WARN))
     463                        _log.warn("Duplicate X in session request from: " + from);
     464                    _context.statManager().addRateData("udp.dupDHX", 1);
     465                    return; // drop the packet
     466                }
     467
    453468                InboundEstablishState oldState = _inboundStates.putIfAbsent(from, state);
    454469                isNew = oldState == null;
Note: See TracChangeset for help on using the changeset viewer.