Do not use isValidPort() on inbound connections

[jogger]

My traffic just broke down and I saw 100s of log messages like

ERROR [ Establisher] ter.transport.udp.UDPTransport: The router [Hash: aQJqcFiwno-Evv~AhP6XgEw7ZAi8WX5IWaE5Vu8FSeY=] told us we have an invalid IP - my.ip.add.ress:reservedport. Lets throw tomatoes at them

UDP packet pusher CPU was near zero.

Root cause is that I am sitting behind NAT and my router accidentally chose a port reserved by i2p for outgoing UDP. Since most users simply can not change their routers behaviour, this check has to be removed.

Workaround if you run one of those beautiful $49 EdgeRouters? (highly recommended):
Set NAT protocols for the default rule to TCP/UDP only and then use the command line to "set service nat rule 5010 outside-address port 40000-50000"

After committing the workaround SSU peer count and UDP packet pusher CPU went up immediately.

[zzz]

what port did it choose?

[zzz]

first report we've ever gotten on this, been like this for years, I assume most firewalls pick a high port value by default, or else this would have happened lots of times and been reported.

[jogger]

My router picked one in the 76xx range.

RFC 2663 does not give details about valid port numbers. Wikipedia says "router picks any free port", so it indeed appears that use of isValidPort() leads to blocking valid connections in this case.

The fact that this was not reported before can be attributed to the fact that this is highly implementation dependent. If it infrequently appears in the logs, no one cares. In my case the router reused the very same port again and again. Others may behave differently.

The code used by Ubiquity (Vyatta code base) certainly is used by other vendors too as it it based on Debian.