Changeset 9652db9


Ignore:
Timestamp:
Jul 30, 2008 3:59:18 AM (13 years ago)
Author:
zzz <zzz@…>
Branches:
master
Children:
719ba3f
Parents:
481af00
Message:
  • Blocklists:
    • New, disabled by default, except for blocking of forever-shitlisted peers. See source for instructions and file format.
  • Transport - Reject peers from inbound connections:
    • Check IP against blocklist
    • Check router hash against forever-shitlist, then block IP
Files:
1 added
9 edited

Legend:

Unmodified
Added
Removed
  • checklist.txt

    r481af00 r9652db9  
    6868        index_de.html
    6969        hosts.txt (copy from mtn)
     70        release-x.y.z.html (new)
    7071        Sync with mtn.i2p2.i2p
    7172
  • history.txt

    r481af00 r9652db9  
     12008-07-30 zzz
     2    * Blocklists:
     3      - New, disabled by default, except for blocking of
     4        forever-shitlisted peers. See source for instructions
     5        and file format.
     6    * Transport - Reject peers from inbound connections:
     7      - Check IP against blocklist
     8      - Check router hash against forever-shitlist, then block IP
     9
    1102008-07-16 zzz
    211    * configpeer.jsp: New
  • news.xml

    r481af00 r9652db9  
    2525</p>
    2626
    27 <p>
    28 &#149;
    29 2008-04-20: <b><a href="http://trac.i2p2.i2p/">We are now using Trac as bugtracker</a></b>
    30 </p>
    31 
    32 <p>
    33 &#149;
    34 2008-02-05: <b><a href="http://www.i2p2.i2p/upgrade-0.6.1.30.html">Upgrading from 0.6.1.30 and Earlier Releases</a></b>
    35 </p>
    36 
    3727<!--
    3828&#149;
  • router/java/src/net/i2p/router/Router.java

    r481af00 r9652db9  
    260260        _sessionKeyPersistenceHelper.startup();
    261261        //_context.adminManager().startup();
     262        _context.blocklist().startup();
    262263       
    263264        // let the timestamper get us sync'ed
     
    381382                             _context.bandwidthLimiter().getOutboundKBytesPerSecond());
    382383        bwLim = (int)(((float)bwLim) * getSharePercentage());
    383         if (_log.shouldLog(Log.WARN))
    384             _log.warn("Adding capabilities w/ bw limit @ " + bwLim, new Exception("caps"));
     384        if (_log.shouldLog(Log.INFO))
     385            _log.info("Adding capabilities w/ bw limit @ " + bwLim, new Exception("caps"));
    385386       
    386387        if (bwLim < 12) {
  • router/java/src/net/i2p/router/RouterContext.java

    r481af00 r9652db9  
    5757    private StatisticsManager _statPublisher;
    5858    private Shitlist _shitlist;
     59    private Blocklist _blocklist;
    5960    private MessageValidator _messageValidator;
    6061    private MessageStateMonitor _messageStateMonitor;
     
    127128        _statPublisher = new StatisticsManager(this);
    128129        _shitlist = new Shitlist(this);
     130        _blocklist = new Blocklist(this);
    129131        _messageValidator = new MessageValidator(this);
    130132        //_throttle = new RouterThrottleImpl(this);
     
    250252     */
    251253    public Shitlist shitlist() { return _shitlist; }
     254    public Blocklist blocklist() { return _blocklist; }
    252255    /**
    253256     * The router keeps track of messages it receives to prevent duplicates, as
  • router/java/src/net/i2p/router/RouterVersion.java

    r481af00 r9652db9  
    1818    public final static String ID = "$Revision: 1.548 $ $Date: 2008-06-07 23:00:00 $";
    1919    public final static String VERSION = "0.6.2";
    20     public final static long BUILD = 9;
     20    public final static long BUILD = 10;
    2121    public static void main(String args[]) {
    2222        System.out.println("I2P Router version: " + VERSION + "-" + BUILD);
  • router/java/src/net/i2p/router/transport/ntcp/EstablishState.java

    r481af00 r9652db9  
    547547            _verified = _context.dsa().verifySignature(sig, toVerify, alice.getSigningPublicKey());
    548548            if (_verified) {
     549                if (_context.shitlist().isShitlistedForever(alice.calculateHash())) {
     550                    if (_log.shouldLog(Log.WARN))
     551                        _log.warn("Dropping inbound connection from permanently shitlisted peer: " + alice.calculateHash().toBase64());
     552                    // So next time we will not accept the con from this IP,
     553                    // rather than doing the whole handshake
     554                    _context.blocklist().add(_con.getChannel().socket().getInetAddress().getAddress());
     555                    fail("Peer is shitlisted forever: " + alice.calculateHash().toBase64());
     556                    return;
     557                }
    549558                if (_log.shouldLog(Log.DEBUG))
    550559                    _log.debug(prefix() + "verification successful for " + _con);
  • router/java/src/net/i2p/router/transport/ntcp/EventPumper.java

    r481af00 r9652db9  
    384384            SocketChannel chan = servChan.accept();
    385385            chan.configureBlocking(false);
     386            if (_context.blocklist().isBlocklisted(chan.socket().getInetAddress().getAddress())) {
     387                if (_log.shouldLog(Log.WARN))
     388                    _log.warn("Receive session request from blocklisted IP: " + chan.socket().getInetAddress());
     389                // need to add this stat first
     390                // _context.statManager().addRateData("ntcp.connectBlocklisted", 1, 0);
     391                try { chan.close(); } catch (IOException ioe) { }
     392                return;
     393            }
    386394            SelectionKey ckey = chan.register(_selector, SelectionKey.OP_READ);
    387395            NTCPConnection con = new NTCPConnection(_context, _transport, chan, ckey);
  • router/java/src/net/i2p/router/transport/udp/EstablishmentManager.java

    r481af00 r9652db9  
    267267            state = (InboundEstablishState)_inboundStates.get(from);
    268268            if (state == null) {
     269                if (_context.blocklist().isBlocklisted(from.getIP())) {
     270                    if (_log.shouldLog(Log.WARN))
     271                        _log.warn("Receive session request from blocklisted IP: " + from);
     272                    return; // drop the packet
     273                }
    269274                state = new InboundEstablishState(_context, from.getIP(), from.getPort(), _transport.getLocalPort());
    270275                state.receiveSessionRequest(reader.getSessionRequestReader());
     
    794799                    break;
    795800                case InboundEstablishState.STATE_CONFIRMED_COMPLETELY:
    796                     if (inboundState.getConfirmedIdentity() != null) {
     801                    RouterIdentity remote = inboundState.getConfirmedIdentity();
     802                    if (remote != null) {
     803                        if (_context.shitlist().isShitlistedForever(remote.calculateHash())) {
     804                            if (_log.shouldLog(Log.WARN))
     805                                _log.warn("Dropping inbound connection from permanently shitlisted peer: " + remote.calculateHash().toBase64());
     806                            // So next time we will not accept the con, rather than doing the whole handshake
     807                            _context.blocklist().add(inboundState.getSentIP());
     808                            inboundState.fail();
     809                            break;
     810                        }
    797811                        handleCompletelyEstablished(inboundState);
    798812                        break;
Note: See TracChangeset for help on using the changeset viewer.