Changeset 94fd60d for router


Ignore:
Timestamp:
Dec 21, 2018 11:32:17 AM (18 months ago)
Author:
zzz <zzz@…>
Branches:
master
Children:
0365129
Parents:
18b7d97
Message:

Transports: Improve banning of routers from wrong network

Location:
router/java/src/net/i2p/router
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • router/java/src/net/i2p/router/networkdb/kademlia/KademliaNetworkDatabaseFacade.java

    r18b7d97 r94fd60d  
    921921        }
    922922        if (routerInfo.getNetworkId() != _networkID){
    923             _context.banlist().banlistRouter(key, "Not in our network");
     923            _context.banlist().banlistRouterForever(key, "Not in our network: " + routerInfo.getNetworkId());
    924924            if (_log.shouldLog(Log.WARN))
    925925                _log.warn("Bad network: " + routerInfo);
  • router/java/src/net/i2p/router/transport/ntcp/InboundEstablishState.java

    r18b7d97 r94fd60d  
    571571        }
    572572        return true;
     573    }
     574
     575    /**
     576     *  Validate network ID, NTCP 2 only.
     577     *  Call after receiving Alice's RouterInfo,
     578     *  but before storing it in the netdb.
     579     *
     580     *  Side effects: When returning false, sets _msg3p2FailReason,
     581     *  banlists permanently and blocklists
     582     *
     583     *  @return success
     584     *  @since 0.9.38
     585     */
     586    private boolean verifyInboundNetworkID(RouterInfo alice) {
     587        int aliceID = alice.getNetworkId();
     588        boolean rv = aliceID == _context.router().getNetworkID();
     589        if (!rv) {
     590            Hash aliceHash = alice.getHash();
     591            if (_log.shouldLog(Log.WARN))
     592                _log.warn("Dropping inbound connection from wrong network: " + aliceID + ' ' + aliceHash);
     593            // So next time we will not accept the con from this IP,
     594            // rather than doing the whole handshake
     595            InetAddress addr = _con.getChannel().socket().getInetAddress();
     596            if (addr != null) {
     597                byte[] ip = addr.getAddress();
     598                _context.blocklist().add(ip);
     599            }
     600            _context.banlist().banlistRouterForever(aliceHash, "Not in our network: " + aliceID);
     601            _transport.markUnreachable(aliceHash);
     602            _msg3p2FailReason = NTCPConnection.REASON_BANNED;
     603        }
     604        return rv;
    573605    }
    574606
     
    9891021        if (!ok)
    9901022            throw new DataFormatException("NTCP2 verifyInbound() fail");
     1023        ok = verifyInboundNetworkID(ri);
     1024        if (!ok)
     1025            throw new DataFormatException("NTCP2 network ID mismatch");
    9911026        try {
    9921027            RouterInfo old = _context.netDb().store(h, ri);
  • router/java/src/net/i2p/router/transport/ntcp/NTCPTransport.java

    r18b7d97 r94fd60d  
    8282    /** synch on this */
    8383    private final Set<InetSocketAddress> _endpoints;
     84    private final int _networkID;
    8485
    8586    /**
     
    230231        _writer = new net.i2p.router.transport.ntcp.Writer(ctx);
    231232
     233        _networkID = ctx.router().getNetworkID();
    232234        _fastBid = new SharedBid(25); // best
    233235        _slowBid = new SharedBid(70); // better than ssu unestablished, but not better than ssu established
     
    504506            }
    505507            return _fastBid;
     508        }
     509        if (toAddress.getNetworkId() != _networkID) {
     510            _context.banlist().banlistRouterForever(peer, "Not in our network: " + toAddress.getNetworkId());
     511            markUnreachable(peer);
     512            return null;   
    506513        }
    507514        if (dataSize > NTCPConnection.NTCP1_MAX_MSG_SIZE) {
  • router/java/src/net/i2p/router/transport/udp/EstablishmentManager.java

    r18b7d97 r94fd60d  
    253253        Hash toHash = toIdentity.calculateHash();
    254254        if (toRouterInfo.getNetworkId() != _networkID) {
    255             _context.banlist().banlistRouter(toHash);
     255            _context.banlist().banlistRouterForever(toHash, "Not in our network: " + toRouterInfo.getNetworkId());
    256256            _transport.markUnreachable(toHash);
    257257            _transport.failed(msg, "Remote peer is on the wrong network, cannot establish");
  • router/java/src/net/i2p/router/transport/udp/UDPTransport.java

    r18b7d97 r94fd60d  
    14171417                }
    14181418                markUnreachable(peerHash);
    1419                 _context.banlist().banlistRouter(peerHash, "Part of the wrong network, version = " + ((RouterInfo) entry).getVersion());
     1419                _context.banlist().banlistRouterForever(peerHash, "Not in our network: " + ((RouterInfo) entry).getNetworkId());
    14201420                //_context.banlist().banlistRouter(peerHash, "Part of the wrong network", STYLE);
    14211421                if (peer != null)
     
    17551755                return _cachedBid[FAST_BID];
    17561756        } else {
     1757            if (toAddress.getNetworkId() != _networkID) {
     1758                _context.banlist().banlistRouterForever(to, "Not in our network: " + toAddress.getNetworkId());
     1759                markUnreachable(to);
     1760                return null;   
     1761            }
     1762
    17571763            // If we don't have a port, all is lost
    17581764            if ( _reachabilityStatus == Status.HOSED) {
     
    18811887    public void send(OutNetMessage msg) {
    18821888        if (msg == null) return;
    1883         if (msg.getTarget() == null) return;
    1884         if (msg.getTarget().getIdentity() == null) return;
     1889        RouterInfo tori = msg.getTarget();
     1890        if (tori == null) return;
     1891        if (tori.getIdentity() == null) return;
    18851892        if (_establisher == null) {
    18861893            failed(msg, "UDP not up yet");
     
    18891896
    18901897        msg.timestamp("sending on UDP transport");
    1891         Hash to = msg.getTarget().getIdentity().calculateHash();
     1898        Hash to = tori.getIdentity().calculateHash();
    18921899        PeerState peer = getPeerState(to);
    18931900        if (_log.shouldLog(Log.DEBUG))
Note: See TracChangeset for help on using the changeset viewer.