Opened 7 years ago

Closed 7 years ago

Last modified 7 years ago

#812 closed defect (fixed)

Invalid previous peer - attempted hostile loop?

Reported by: killyourtv Owned by: zzz
Priority: major Milestone: 0.9.5
Component: router/general Version: 0.9.3
Keywords: Cc: killyourtv@…
Parent Tickets: Sensitive: no

Description

In case it's a problem:

12/16/12 20:14:05.486 ERROR [P reader 3/4] i2p.router.tunnel.HopProcessor: Invalid previous peer - attempted hostile loop?  from [Hash: nOEayZBcfH7X2vhjmfe3miRgsYlNhOeiTMy4aV6XR1U=], expected [Hash: yyhQoIi9Ci2EY1Yez0fGsYCSZCfVcsmup3Bd5LHrHcM=]
12/16/12 20:14:05.720 ^^^ 2 similar messages omitted ^^^
12/16/12 20:14:06.187 ERROR [P reader 4/4] i2p.router.tunnel.HopProcessor: Invalid previous peer - attempted hostile loop?  from [Hash: nOEayZBcfH7X2vhjmfe3miRgsYlNhOeiTMy4aV6XR1U=], expected [Hash: yyhQoIi9Ci2EY1Yez0fGsYCSZCfVcsmup3Bd5LHrHcM=]
12/16/12 20:14:11.089 ^^^ 17 similar messages omitted ^^^

I2P version: 0.9.3-15
Java version: Oracle Corporation 1.7.0_03 (OpenJDK Runtime Environment 1.7.0_03-b21)
Wrapper version: 3.5.16
Server version: 6.1.26
Servlet version: Jasper JSP 2.1 Engine
Platform: Linux amd64 3.2.0-4-amd64

Subtickets

Change History (6)

comment:1 Changed 7 years ago by killyourtv

Cc: killyourtv@… added

comment:2 Changed 7 years ago by zzz

Status: newaccepted

This occurs when you are in the middle or at the endpoint of a tunnel and you get a msg not from the previous hop. The message makes it sound like an attack, but what's more likely is we haven't tried as hard as we can to eliminate duplicate tunnel IDs and catch them intelligently when it does happen.

The tunnel IDs are 4 bytes. Routers with 2500 or more part. tunnels are pretty common these days. Due to birthday paradox the chance of dups is a lot higher than you might expect. According to http://en.wikipedia.org/wiki/Birthday_problem#Calculating_the_probability Probability Table first line (32 bits) chance of a dup is 0.1% with 2900 entries and 1% with 9300 entries. These probbailities are way way too high.

Originator picks tunnel IDs in BuildRequestor?.prepare() but do we catch and reject dups in BuildHandler?? Shouldn't we check for dups when creating the ID for our own IBEP? What happens when a TBM/VTBM comes in with the dup - does the BuildHandler? get it or is it sent to the HopProcessor? for the existing tunnel? BuildRequestor? may need to check the IBEP ID against all current and pending IDs. Ditto BuildHandler?.

So go through and evaluate all these issues, reduce chance of dups and catch them when they happen.

comment:3 Changed 7 years ago by zzz

Priority: minormajor

Work started. There's a few holes to be plugged, including vectors for trouble.

comment:4 Changed 7 years ago by zzz

Component: router/transportrouter/general
Resolution: fixed
Status: acceptedclosed

comment:5 Changed 7 years ago by killyourtv

Just spotted

ERROR [P reader 2/4] i2p.router.tunnel.HopProcessor?: Attempted mid-tunnel injection from [Hash: eTsEV3cCSzDJK28YEO7C32A773-IJuf~aBhorV8bVhg=], expected [Hash: Lz70Z3k0kwEmgLiU~gSvHyOHMI1kOccRU9dxXcpRgwU=]

comment:6 Changed 7 years ago by killyourtv

01/07/13 23:13:46.528 ERROR [P reader 3/4] i2p.router.tunnel.HopProcessor: Attempted mid-tunnel injection from [Hash: yNi7ki-h0lBs~u~F72ytSCxeDmg61J3iNqNrjqpyLtw=], expected [Hash: xWhY89VqlWQKjYd3Y5ZQ9mU8y5XMG1nAS9KmOV1Poh4=]
01/07/13 23:13:51.309 ^^^ 2 similar messages omitted ^^^
01/07/13 23:14:27.489 ERROR [P reader 2/4] i2p.router.tunnel.HopProcessor: Attempted mid-tunnel injection from [Hash: yNi7ki-h0lBs~u~F72ytSCxeDmg61J3iNqNrjqpyLtw=], expected [Hash: xWhY89VqlWQKjYd3Y5ZQ9mU8y5XMG1nAS9KmOV1Poh4=]
01/07/13 23:14:42.945 ^^^ 2 similar messages omitted ^^^
01/07/13 23:15:54.594 ERROR [P reader 1/4] i2p.router.tunnel.HopProcessor: Attempted mid-tunnel injection from [Hash: yNi7ki-h0lBs~u~F72ytSCxeDmg61J3iNqNrjqpyLtw=], expected [Hash: xWhY89VqlWQKjYd3Y5ZQ9mU8y5XMG1nAS9KmOV1Poh4=]
01/07/13 23:16:18.637 ^^^ 6 similar messages omitted ^^^
01/07/13 23:16:21.160 ERROR [P reader 1/4] i2p.router.tunnel.HopProcessor: Attempted mid-tunnel injection from [Hash: yNi7ki-h0lBs~u~F72ytSCxeDmg61J3iNqNrjqpyLtw=], expected [Hash: xWhY89VqlWQKjYd3Y5ZQ9mU8y5XMG1nAS9KmOV1Poh4=]
01/07/13 23:16:45.633 ^^^ 8 similar messages omitted ^^^
01/07/13 23:16:48.633 ERROR [P reader 1/4] i2p.router.tunnel.HopProcessor: Attempted mid-tunnel injection from [Hash: yNi7ki-h0lBs~u~F72ytSCxeDmg61J3iNqNrjqpyLtw=], expected [Hash: xWhY89VqlWQKjYd3Y5ZQ9mU8y5XMG1nAS9KmOV1Poh4=]
01/07/13 23:17:15.801 ^^^ 9 similar messages omitted ^^^
01/07/13 23:17:18.635 ERROR [P reader 4/4] i2p.router.tunnel.HopProcessor: Attempted mid-tunnel injection from [Hash: yNi7ki-h0lBs~u~F72ytSCxeDmg61J3iNqNrjqpyLtw=], expected [Hash: xWhY89VqlWQKjYd3Y5ZQ9mU8y5XMG1nAS9KmOV1Poh4=]
01/07/13 23:17:45.651 ^^^ 14 similar messages omitted ^^^
01/07/13 23:17:48.635 ERROR [P reader 4/4] i2p.router.tunnel.HopProcessor: Attempted mid-tunnel injection from [Hash: yNi7ki-h0lBs~u~F72ytSCxeDmg61J3iNqNrjqpyLtw=], expected [Hash: xWhY89VqlWQKjYd3Y5ZQ9mU8y5XMG1nAS9KmOV1Poh4=]
01/07/13 23:18:12.929 ^^^ 11 similar messages omitted ^^^
01/07/13 23:18:15.634 ERROR [P reader 3/4] i2p.router.tunnel.HopProcessor: Attempted mid-tunnel injection from [Hash: yNi7ki-h0lBs~u~F72ytSCxeDmg61J3iNqNrjqpyLtw=], expected [Hash: xWhY89VqlWQKjYd3Y5ZQ9mU8y5XMG1nAS9KmOV1Poh4=]
01/07/13 23:18:42.232 ^^^ 26 similar messages omitted ^^^
01/07/13 23:18:44.696 ERROR [P reader 1/4] i2p.router.tunnel.HopProcessor: Attempted mid-tunnel injection from [Hash: yNi7ki-h0lBs~u~F72ytSCxeDmg61J3iNqNrjqpyLtw=], expected [Hash: xWhY89VqlWQKjYd3Y5ZQ9mU8y5XMG1nAS9KmOV1Poh4=]
01/07/13 23:19:06.637 ^^^ 17 similar messages omitted ^^^
01/07/13 23:19:13.868 ERROR [P reader 4/4] i2p.router.tunnel.HopProcessor: Attempted mid-tunnel injection from [Hash: yNi7ki-h0lBs~u~F72ytSCxeDmg61J3iNqNrjqpyLtw=], expected [Hash: xWhY89VqlWQKjYd3Y5ZQ9mU8y5XMG1nAS9KmOV1Poh4=]
01/07/13 23:19:41.063 ^^^ 21 similar messages omitted ^^^
01/07/13 23:19:43.892 ERROR [P reader 4/4] i2p.router.tunnel.HopProcessor: Attempted mid-tunnel injection from [Hash: yNi7ki-h0lBs~u~F72ytSCxeDmg61J3iNqNrjqpyLtw=], expected [Hash: xWhY89VqlWQKjYd3Y5ZQ9mU8y5XMG1nAS9KmOV1Poh4=]
01/07/13 23:20:08.299 ^^^ 33 similar messages omitted ^^^
01/07/13 23:20:11.299 ERROR [P reader 2/4] i2p.router.tunnel.HopProcessor: Attempted mid-tunnel injection from [Hash: yNi7ki-h0lBs~u~F72ytSCxeDmg61J3iNqNrjqpyLtw=], expected [Hash: xWhY89VqlWQKjYd3Y5ZQ9mU8y5XMG1nAS9KmOV1Poh4=]
01/07/13 23:20:21.643 ^^^ 9 similar messages omitted ^^^

Note: See TracTickets for help on using tickets.