Browse Source

Merge remote-tracking branch 'purple/openssl'

pull/509/head
Jeff Becker 9 years ago
parent
commit
05f7578928
No known key found for this signature in database
GPG Key ID: AB950234D6EA286B
  1. 28
      Crypto.cpp
  2. 14
      Destination.cpp
  3. 1
      Destination.h
  4. 28
      HTTPServer.cpp
  5. 20
      I2PControl.cpp
  6. 2
      I2PControl.h
  7. 26
      Identity.cpp
  8. 1
      Identity.h
  9. 24
      RouterContext.cpp
  10. 23
      RouterInfo.cpp
  11. 2
      RouterInfo.h
  12. 31
      SAM.cpp
  13. 8
      SAM.h
  14. 6
      debian/copyright
  15. 87
      debian/i2pd.1
  16. 19
      debian/i2pd.conf
  17. 2
      debian/i2pd.install
  18. 4
      docs/configuration.md
  19. 4
      docs/i2pd.conf

28
Crypto.cpp

@ -146,6 +146,10 @@ namespace crypto
} }
// DH/ElGamal // DH/ElGamal
const int ELGAMAL_SHORT_EXPONENT_NUM_BITS = 226;
const int ELGAMAL_FULL_EXPONENT_NUM_BITS = 2048;
#define elgp GetCryptoConstants ().elgp #define elgp GetCryptoConstants ().elgp
#define elgg GetCryptoConstants ().elgg #define elgg GetCryptoConstants ().elgg
@ -169,6 +173,10 @@ namespace crypto
{ {
if (m_DH->priv_key) { BN_free (m_DH->priv_key); m_DH->priv_key = NULL; }; if (m_DH->priv_key) { BN_free (m_DH->priv_key); m_DH->priv_key = NULL; };
if (m_DH->pub_key) { BN_free (m_DH->pub_key); m_DH->pub_key = NULL; }; if (m_DH->pub_key) { BN_free (m_DH->pub_key); m_DH->pub_key = NULL; };
#if !defined(__x86_64__) // use short exponent for non x64
m_DH->priv_key = BN_new ();
BN_rand (m_DH->priv_key, ELGAMAL_SHORT_EXPONENT_NUM_BITS, 0, 1);
#endif
DH_generate_key (m_DH); DH_generate_key (m_DH);
if (priv) bn2buf (m_DH->priv_key, priv, 256); if (priv) bn2buf (m_DH->priv_key, priv, 256);
if (pub) bn2buf (m_DH->pub_key, pub, 256); if (pub) bn2buf (m_DH->pub_key, pub, 256);
@ -200,8 +208,11 @@ namespace crypto
ctx = BN_CTX_new (); ctx = BN_CTX_new ();
// select random k // select random k
BIGNUM * k = BN_new (); BIGNUM * k = BN_new ();
BN_rand_range (k, elgp); #if defined(__x86_64__)
if (BN_is_zero (k)) BN_one (k); BN_rand (k, ELGAMAL_FULL_EXPONENT_NUM_BITS, -1, 1); // full exponent for x64
#else
BN_rand (k, ELGAMAL_SHORT_EXPONENT_NUM_BITS, -1, 1); // short exponent of 226 bits
#endif
// caulculate a // caulculate a
a = BN_new (); a = BN_new ();
BN_mod_exp (a, elgg, k, elgp, ctx); BN_mod_exp (a, elgg, k, elgp, ctx);
@ -279,6 +290,14 @@ namespace crypto
{ {
#if defined(__x86_64__) || defined(__i386__) || defined(_MSC_VER) #if defined(__x86_64__) || defined(__i386__) || defined(_MSC_VER)
RAND_bytes (priv, 256); RAND_bytes (priv, 256);
#else
// lower 226 bits (28 bytes and 2 bits) only. short exponent
auto numBytes = (ELGAMAL_SHORT_EXPONENT_NUM_BITS)/8 + 1; // 29
auto numZeroBytes = 256 - numBytes;
RAND_bytes (priv + numZeroBytes, numBytes);
memset (priv, 0, numZeroBytes);
priv[numZeroBytes] &= 0x03;
#endif
BN_CTX * ctx = BN_CTX_new (); BN_CTX * ctx = BN_CTX_new ();
BIGNUM * p = BN_new (); BIGNUM * p = BN_new ();
BN_bin2bn (priv, 256, p); BN_bin2bn (priv, 256, p);
@ -286,11 +305,6 @@ namespace crypto
bn2buf (p, pub, 256); bn2buf (p, pub, 256);
BN_free (p); BN_free (p);
BN_CTX_free (ctx); BN_CTX_free (ctx);
#else
DHKeys dh;
dh.GenerateKeys (priv, pub);
#endif
} }
// HMAC // HMAC

14
Destination.cpp

@ -780,5 +780,19 @@ namespace client
} }
LogPrint(eLogError, "Destinations: Can't save keys to ", path); LogPrint(eLogError, "Destinations: Can't save keys to ", path);
} }
std::vector<std::shared_ptr<const i2p::stream::Stream> > ClientDestination::GetAllStreams () const
{
std::vector<std::shared_ptr<const i2p::stream::Stream> > ret;
if (m_StreamingDestination)
{
for (auto& it: m_StreamingDestination->GetStreams ())
ret.push_back (it.second);
}
for (auto& it: m_StreamingDestinationsByPorts)
for (auto& it1: it.second->GetStreams ())
ret.push_back (it1.second);
return ret;
}
} }
} }

1
Destination.h

@ -159,6 +159,7 @@ namespace client
// for HTTP only // for HTTP only
int GetNumRemoteLeaseSets () const { return m_RemoteLeaseSets.size (); }; int GetNumRemoteLeaseSets () const { return m_RemoteLeaseSets.size (); };
std::vector<std::shared_ptr<const i2p::stream::Stream> > GetAllStreams () const;
}; };
} }
} }

28
HTTPServer.cpp

@ -609,19 +609,19 @@ namespace util
s << "<th>Status</th>"; s << "<th>Status</th>";
s << "</tr>"; s << "</tr>";
for (auto it: dest->GetStreamingDestination ()->GetStreams ()) for (auto it: dest->GetAllStreams ())
{ {
s << "<tr>"; s << "<tr>";
s << "<td>" << it.first << "</td>"; s << "<td>" << it->GetSendStreamID () << "</td>";
s << "<td>" << i2p::client::context.GetAddressBook ().ToAddress(it.second->GetRemoteIdentity ()) << "</td>"; s << "<td>" << i2p::client::context.GetAddressBook ().ToAddress(it->GetRemoteIdentity ()) << "</td>";
s << "<td>" << it.second->GetNumSentBytes () << "</td>"; s << "<td>" << it->GetNumSentBytes () << "</td>";
s << "<td>" << it.second->GetNumReceivedBytes () << "</td>"; s << "<td>" << it->GetNumReceivedBytes () << "</td>";
s << "<td>" << it.second->GetSendQueueSize () << "</td>"; s << "<td>" << it->GetSendQueueSize () << "</td>";
s << "<td>" << it.second->GetReceiveQueueSize () << "</td>"; s << "<td>" << it->GetReceiveQueueSize () << "</td>";
s << "<td>" << it.second->GetSendBufferSize () << "</td>"; s << "<td>" << it->GetSendBufferSize () << "</td>";
s << "<td>" << it.second->GetRTT () << "</td>"; s << "<td>" << it->GetRTT () << "</td>";
s << "<td>" << it.second->GetWindowSize () << "</td>"; s << "<td>" << it->GetWindowSize () << "</td>";
s << "<td>" << (int)it.second->GetStatus () << "</td>"; s << "<td>" << (int)it->GetStatus () << "</td>";
s << "</tr><br>\r\n" << std::endl; s << "</tr><br>\r\n" << std::endl;
} }
} }
@ -777,20 +777,20 @@ namespace util
s << "<b>Client Tunnels:</b><br>\r\n<br>\r\n"; s << "<b>Client Tunnels:</b><br>\r\n<br>\r\n";
for (auto& it: i2p::client::context.GetClientTunnels ()) for (auto& it: i2p::client::context.GetClientTunnels ())
{ {
s << it.second->GetName () << "";
auto& ident = it.second->GetLocalDestination ()->GetIdentHash(); auto& ident = it.second->GetLocalDestination ()->GetIdentHash();
s << "<a href=/?" << HTTP_COMMAND_LOCAL_DESTINATION; s << "<a href=/?" << HTTP_COMMAND_LOCAL_DESTINATION;
s << "&" << HTTP_PARAM_BASE32_ADDRESS << "=" << ident.ToBase32 () << ">"; s << "&" << HTTP_PARAM_BASE32_ADDRESS << "=" << ident.ToBase32 () << ">";
s << it.second->GetName () << "</a> ⇐ ";
s << i2p::client::context.GetAddressBook ().ToAddress(ident); s << i2p::client::context.GetAddressBook ().ToAddress(ident);
s << "</a><br>\r\n"<< std::endl; s << "<br>\r\n"<< std::endl;
} }
s << "<br>\r\n<b>Server Tunnels:</b><br>\r\n<br>\r\n"; s << "<br>\r\n<b>Server Tunnels:</b><br>\r\n<br>\r\n";
for (auto& it: i2p::client::context.GetServerTunnels ()) for (auto& it: i2p::client::context.GetServerTunnels ())
{ {
s << it.second->GetName () << "";
auto& ident = it.second->GetLocalDestination ()->GetIdentHash(); auto& ident = it.second->GetLocalDestination ()->GetIdentHash();
s << "<a href=/?" << HTTP_COMMAND_LOCAL_DESTINATION; s << "<a href=/?" << HTTP_COMMAND_LOCAL_DESTINATION;
s << "&" << HTTP_PARAM_BASE32_ADDRESS << "=" << ident.ToBase32 () << ">"; s << "&" << HTTP_PARAM_BASE32_ADDRESS << "=" << ident.ToBase32 () << ">";
s << it.second->GetName () << "</a> ⇒ ";
s << i2p::client::context.GetAddressBook ().ToAddress(ident); s << i2p::client::context.GetAddressBook ().ToAddress(ident);
s << ":" << it.second->GetLocalPort (); s << ":" << it.second->GetLocalPort ();
s << "</a><br>\r\n"<< std::endl; s << "</a><br>\r\n"<< std::endl;

20
I2PControl.cpp

@ -83,6 +83,10 @@ namespace client
m_RouterManagerHandlers["Reseed"] = &I2PControlService::ReseedHandler; m_RouterManagerHandlers["Reseed"] = &I2PControlService::ReseedHandler;
m_RouterManagerHandlers["Shutdown"] = &I2PControlService::ShutdownHandler; m_RouterManagerHandlers["Shutdown"] = &I2PControlService::ShutdownHandler;
m_RouterManagerHandlers["ShutdownGraceful"] = &I2PControlService::ShutdownGracefulHandler; m_RouterManagerHandlers["ShutdownGraceful"] = &I2PControlService::ShutdownGracefulHandler;
// NetworkSetting
m_NetworkSettingHandlers["i2p.router.net.bw.in"] = &I2PControlService::InboundBandwidthLimit;
m_NetworkSettingHandlers["i2p.router.net.bw.out"] = &I2PControlService::OutboundBandwidthLimit;
} }
I2PControlService::~I2PControlService () I2PControlService::~I2PControlService ()
@ -496,6 +500,22 @@ namespace client
} }
} }
void I2PControlService::InboundBandwidthLimit (const std::string& value, std::ostringstream& results)
{
if (value != "null")
i2p::context.SetBandwidth (std::atoi(value.c_str()));
int bw = i2p::context.GetBandwidthLimit();
InsertParam (results, "i2p.router.net.bw.in", bw);
}
void I2PControlService::OutboundBandwidthLimit (const std::string& value, std::ostringstream& results)
{
if (value != "null")
i2p::context.SetBandwidth (std::atoi(value.c_str()));
int bw = i2p::context.GetBandwidthLimit();
InsertParam (results, "i2p.router.net.bw.out", bw);
}
// certificate // certificate
void I2PControlService::CreateCertificate (const char *crt_path, const char *key_path) void I2PControlService::CreateCertificate (const char *crt_path, const char *key_path)
{ {

2
I2PControl.h

@ -94,6 +94,8 @@ namespace client
// NetworkSetting // NetworkSetting
typedef void (I2PControlService::*NetworkSettingRequestHandler)(const std::string& value, std::ostringstream& results); typedef void (I2PControlService::*NetworkSettingRequestHandler)(const std::string& value, std::ostringstream& results);
void InboundBandwidthLimit (const std::string& value, std::ostringstream& results);
void OutboundBandwidthLimit (const std::string& value, std::ostringstream& results);
private: private:

26
Identity.cpp

@ -311,18 +311,18 @@ namespace data
switch (keyType) switch (keyType)
{ {
case SIGNING_KEY_TYPE_DSA_SHA1: case SIGNING_KEY_TYPE_DSA_SHA1:
m_Verifier.reset (new i2p::crypto::DSAVerifier (m_StandardIdentity.signingKey)); UpdateVerifier (new i2p::crypto::DSAVerifier (m_StandardIdentity.signingKey));
break; break;
case SIGNING_KEY_TYPE_ECDSA_SHA256_P256: case SIGNING_KEY_TYPE_ECDSA_SHA256_P256:
{ {
size_t padding = 128 - i2p::crypto::ECDSAP256_KEY_LENGTH; // 64 = 128 - 64 size_t padding = 128 - i2p::crypto::ECDSAP256_KEY_LENGTH; // 64 = 128 - 64
m_Verifier.reset (new i2p::crypto::ECDSAP256Verifier (m_StandardIdentity.signingKey + padding)); UpdateVerifier (new i2p::crypto::ECDSAP256Verifier (m_StandardIdentity.signingKey + padding));
break; break;
} }
case SIGNING_KEY_TYPE_ECDSA_SHA384_P384: case SIGNING_KEY_TYPE_ECDSA_SHA384_P384:
{ {
size_t padding = 128 - i2p::crypto::ECDSAP384_KEY_LENGTH; // 32 = 128 - 96 size_t padding = 128 - i2p::crypto::ECDSAP384_KEY_LENGTH; // 32 = 128 - 96
m_Verifier.reset (new i2p::crypto::ECDSAP384Verifier (m_StandardIdentity.signingKey + padding)); UpdateVerifier (new i2p::crypto::ECDSAP384Verifier (m_StandardIdentity.signingKey + padding));
break; break;
} }
case SIGNING_KEY_TYPE_ECDSA_SHA512_P521: case SIGNING_KEY_TYPE_ECDSA_SHA512_P521:
@ -331,7 +331,7 @@ namespace data
memcpy (signingKey, m_StandardIdentity.signingKey, 128); memcpy (signingKey, m_StandardIdentity.signingKey, 128);
size_t excessLen = i2p::crypto::ECDSAP521_KEY_LENGTH - 128; // 4 = 132- 128 size_t excessLen = i2p::crypto::ECDSAP521_KEY_LENGTH - 128; // 4 = 132- 128
memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types
m_Verifier.reset (new i2p::crypto::ECDSAP521Verifier (signingKey)); UpdateVerifier (new i2p::crypto::ECDSAP521Verifier (signingKey));
break; break;
} }
case SIGNING_KEY_TYPE_RSA_SHA256_2048: case SIGNING_KEY_TYPE_RSA_SHA256_2048:
@ -340,7 +340,7 @@ namespace data
memcpy (signingKey, m_StandardIdentity.signingKey, 128); memcpy (signingKey, m_StandardIdentity.signingKey, 128);
size_t excessLen = i2p::crypto::RSASHA2562048_KEY_LENGTH - 128; // 128 = 256- 128 size_t excessLen = i2p::crypto::RSASHA2562048_KEY_LENGTH - 128; // 128 = 256- 128
memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types
m_Verifier.reset (new i2p::crypto:: RSASHA2562048Verifier (signingKey)); UpdateVerifier (new i2p::crypto:: RSASHA2562048Verifier (signingKey));
break; break;
} }
case SIGNING_KEY_TYPE_RSA_SHA384_3072: case SIGNING_KEY_TYPE_RSA_SHA384_3072:
@ -349,7 +349,7 @@ namespace data
memcpy (signingKey, m_StandardIdentity.signingKey, 128); memcpy (signingKey, m_StandardIdentity.signingKey, 128);
size_t excessLen = i2p::crypto::RSASHA3843072_KEY_LENGTH - 128; // 256 = 384- 128 size_t excessLen = i2p::crypto::RSASHA3843072_KEY_LENGTH - 128; // 256 = 384- 128
memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types
m_Verifier.reset (new i2p::crypto:: RSASHA3843072Verifier (signingKey)); UpdateVerifier (new i2p::crypto:: RSASHA3843072Verifier (signingKey));
break; break;
} }
case SIGNING_KEY_TYPE_RSA_SHA512_4096: case SIGNING_KEY_TYPE_RSA_SHA512_4096:
@ -358,20 +358,28 @@ namespace data
memcpy (signingKey, m_StandardIdentity.signingKey, 128); memcpy (signingKey, m_StandardIdentity.signingKey, 128);
size_t excessLen = i2p::crypto::RSASHA5124096_KEY_LENGTH - 128; // 384 = 512- 128 size_t excessLen = i2p::crypto::RSASHA5124096_KEY_LENGTH - 128; // 384 = 512- 128
memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types memcpy (signingKey + 128, m_ExtendedBuffer + 4, excessLen); // right after signing and crypto key types
m_Verifier.reset (new i2p::crypto:: RSASHA5124096Verifier (signingKey)); UpdateVerifier (new i2p::crypto:: RSASHA5124096Verifier (signingKey));
break; break;
} }
case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519: case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519:
{ {
size_t padding = 128 - i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH; // 96 = 128 - 32 size_t padding = 128 - i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH; // 96 = 128 - 32
m_Verifier.reset (new i2p::crypto::EDDSA25519Verifier (m_StandardIdentity.signingKey + padding)); UpdateVerifier (new i2p::crypto::EDDSA25519Verifier (m_StandardIdentity.signingKey + padding));
break; break;
} }
default: default:
LogPrint (eLogError, "Identity: Signing key type ", (int)keyType, " is not supported"); LogPrint (eLogError, "Identity: Signing key type ", (int)keyType, " is not supported");
} }
} }
void IdentityEx::UpdateVerifier (i2p::crypto::Verifier * verifier) const
{
if (!m_Verifier || !verifier)
m_Verifier.reset (verifier);
else
delete verifier;
}
void IdentityEx::DropVerifier () const void IdentityEx::DropVerifier () const
{ {
// TODO: potential race condition with Verify // TODO: potential race condition with Verify

1
Identity.h

@ -95,6 +95,7 @@ namespace data
private: private:
void CreateVerifier () const; void CreateVerifier () const;
void UpdateVerifier (i2p::crypto::Verifier * verifier) const;
private: private:

24
RouterContext.cpp

@ -356,16 +356,24 @@ namespace i2p
delete[] buf; delete[] buf;
} }
i2p::data::RouterInfo routerInfo(i2p::fs::DataDirPath (ROUTER_INFO)); // TODO
m_RouterInfo.SetRouterIdentity (GetIdentity ()); m_RouterInfo.SetRouterIdentity (GetIdentity ());
m_RouterInfo.Update (routerInfo.GetBuffer (), routerInfo.GetBufferLen ()); i2p::data::RouterInfo routerInfo(i2p::fs::DataDirPath (ROUTER_INFO));
m_RouterInfo.SetProperty ("coreVersion", I2P_VERSION); if (!routerInfo.IsUnreachable ()) // router.info looks good
m_RouterInfo.SetProperty ("router.version", I2P_VERSION); {
m_RouterInfo.Update (routerInfo.GetBuffer (), routerInfo.GetBufferLen ());
m_RouterInfo.SetProperty ("coreVersion", I2P_VERSION);
m_RouterInfo.SetProperty ("router.version", I2P_VERSION);
// Migration to 0.9.24. TODO: remove later
m_RouterInfo.DeleteProperty ("coreVersion");
m_RouterInfo.DeleteProperty ("stat_uptime");
}
else
{
LogPrint (eLogError, ROUTER_INFO, " is malformed. Creating new");
NewRouterInfo ();
}
// Migration to 0.9.24. TODO: remove later
m_RouterInfo.DeleteProperty ("coreVersion");
m_RouterInfo.DeleteProperty ("stat_uptime");
if (IsUnreachable ()) if (IsUnreachable ())
SetReachable (); // we assume reachable until we discover firewall through peer tests SetReachable (); // we assume reachable until we discover firewall through peer tests

23
RouterInfo.cpp

@ -104,6 +104,8 @@ namespace data
{ {
if (LoadFile ()) if (LoadFile ())
ReadFromBuffer (false); ReadFromBuffer (false);
else
m_IsUnreachable = true;
} }
void RouterInfo::ReadFromBuffer (bool verifySignature) void RouterInfo::ReadFromBuffer (bool verifySignature)
@ -514,19 +516,20 @@ namespace data
m_BufferLen += privateKeys.GetPublic ()->GetSignatureLen (); m_BufferLen += privateKeys.GetPublic ()->GetSignatureLen ();
} }
void RouterInfo::SaveToFile (const std::string& fullPath) bool RouterInfo::SaveToFile (const std::string& fullPath)
{ {
m_FullPath = fullPath; m_FullPath = fullPath;
if (m_Buffer) if (!m_Buffer) {
{
std::ofstream f (fullPath, std::ofstream::binary | std::ofstream::out);
if (f.is_open ())
f.write ((char *)m_Buffer, m_BufferLen);
else
LogPrint(eLogError, "RouterInfo: Can't save to ", fullPath);
}
else
LogPrint (eLogError, "RouterInfo: Can't save, m_Buffer == NULL"); LogPrint (eLogError, "RouterInfo: Can't save, m_Buffer == NULL");
return false;
}
std::ofstream f (fullPath, std::ofstream::binary | std::ofstream::out);
if (!f.is_open ()) {
LogPrint(eLogError, "RouterInfo: Can't save to ", fullPath);
return false;
}
f.write ((char *)m_Buffer, m_BufferLen);
return true;
} }
size_t RouterInfo::ReadString (char * str, std::istream& s) size_t RouterInfo::ReadString (char * str, std::istream& s)

2
RouterInfo.h

@ -161,7 +161,7 @@ namespace data
bool IsUpdated () const { return m_IsUpdated; }; bool IsUpdated () const { return m_IsUpdated; };
void SetUpdated (bool updated) { m_IsUpdated = updated; }; void SetUpdated (bool updated) { m_IsUpdated = updated; };
void SaveToFile (const std::string& fullPath); bool SaveToFile (const std::string& fullPath);
std::shared_ptr<RouterProfile> GetProfile () const; std::shared_ptr<RouterProfile> GetProfile () const;
void SaveProfile () { if (m_Profile) m_Profile->Save (); }; void SaveProfile () { if (m_Profile) m_Profile->Save (); };

31
SAM.cpp

@ -47,7 +47,7 @@ namespace client
break; break;
case eSAMSocketTypeStream: case eSAMSocketTypeStream:
{ {
if (m_Session) { if (m_Session)
m_Session->DelSocket (shared_from_this ()); m_Session->DelSocket (shared_from_this ());
} }
break; break;
@ -55,7 +55,7 @@ namespace client
case eSAMSocketTypeAcceptor: case eSAMSocketTypeAcceptor:
{ {
if (m_Session) if (m_Session)
{ {
m_Session->DelSocket (shared_from_this ()); m_Session->DelSocket (shared_from_this ());
if (m_Session->localDestination) if (m_Session->localDestination)
m_Session->localDestination->StopAcceptingStreams (); m_Session->localDestination->StopAcceptingStreams ();
@ -67,6 +67,7 @@ namespace client
} }
m_SocketType = eSAMSocketTypeTerminated; m_SocketType = eSAMSocketTypeTerminated;
if (m_Socket.is_open()) m_Socket.close (); if (m_Socket.is_open()) m_Socket.close ();
m_Session = nullptr;
} }
void SAMSocket::ReceiveHandshake () void SAMSocket::ReceiveHandshake ()
@ -720,7 +721,7 @@ namespace client
m_IsRunning = false; m_IsRunning = false;
m_Acceptor.cancel (); m_Acceptor.cancel ();
for (auto it: m_Sessions) for (auto it: m_Sessions)
delete it.second; it.second->CloseStreams ();
m_Sessions.clear (); m_Sessions.clear ();
m_Service.stop (); m_Service.stop ();
if (m_Thread) if (m_Thread)
@ -774,7 +775,7 @@ namespace client
Accept (); Accept ();
} }
SAMSession * SAMBridge::CreateSession (const std::string& id, const std::string& destination, std::shared_ptr<SAMSession> SAMBridge::CreateSession (const std::string& id, const std::string& destination,
const std::map<std::string, std::string> * params) const std::map<std::string, std::string> * params)
{ {
std::shared_ptr<ClientDestination> localDestination = nullptr; std::shared_ptr<ClientDestination> localDestination = nullptr;
@ -799,8 +800,9 @@ namespace client
} }
if (localDestination) if (localDestination)
{ {
auto session = std::make_shared<SAMSession>(localDestination);
std::unique_lock<std::mutex> l(m_SessionsMutex); std::unique_lock<std::mutex> l(m_SessionsMutex);
auto ret = m_Sessions.insert (std::pair<std::string, SAMSession *>(id, new SAMSession (localDestination))); auto ret = m_Sessions.insert (std::make_pair(id, session));
if (!ret.second) if (!ret.second)
LogPrint (eLogWarning, "SAM: Session ", id, " already exists"); LogPrint (eLogWarning, "SAM: Session ", id, " already exists");
return ret.first->second; return ret.first->second;
@ -810,19 +812,24 @@ namespace client
void SAMBridge::CloseSession (const std::string& id) void SAMBridge::CloseSession (const std::string& id)
{ {
std::unique_lock<std::mutex> l(m_SessionsMutex); std::shared_ptr<SAMSession> session;
auto it = m_Sessions.find (id);
if (it != m_Sessions.end ())
{ {
auto session = it->second; std::unique_lock<std::mutex> l(m_SessionsMutex);
auto it = m_Sessions.find (id);
if (it != m_Sessions.end ())
{
session = it->second;
m_Sessions.erase (it);
}
}
if (session)
{
session->localDestination->StopAcceptingStreams (); session->localDestination->StopAcceptingStreams ();
session->CloseStreams (); session->CloseStreams ();
m_Sessions.erase (it);
delete session;
} }
} }
SAMSession * SAMBridge::FindSession (const std::string& id) const std::shared_ptr<SAMSession> SAMBridge::FindSession (const std::string& id) const
{ {
std::unique_lock<std::mutex> l(m_SessionsMutex); std::unique_lock<std::mutex> l(m_SessionsMutex);
auto it = m_Sessions.find (id); auto it = m_Sessions.find (id);

8
SAM.h

@ -128,7 +128,7 @@ namespace client
std::string m_ID; // nickname std::string m_ID; // nickname
bool m_IsSilent; bool m_IsSilent;
std::shared_ptr<i2p::stream::Stream> m_Stream; std::shared_ptr<i2p::stream::Stream> m_Stream;
SAMSession * m_Session; std::shared_ptr<SAMSession> m_Session;
}; };
struct SAMSession struct SAMSession
@ -176,10 +176,10 @@ namespace client
void Stop (); void Stop ();
boost::asio::io_service& GetService () { return m_Service; }; boost::asio::io_service& GetService () { return m_Service; };
SAMSession * CreateSession (const std::string& id, const std::string& destination, // empty string means transient std::shared_ptr<SAMSession> CreateSession (const std::string& id, const std::string& destination, // empty string means transient
const std::map<std::string, std::string> * params); const std::map<std::string, std::string> * params);
void CloseSession (const std::string& id); void CloseSession (const std::string& id);
SAMSession * FindSession (const std::string& id) const; std::shared_ptr<SAMSession> FindSession (const std::string& id) const;
private: private:
@ -200,7 +200,7 @@ namespace client
boost::asio::ip::udp::endpoint m_DatagramEndpoint, m_SenderEndpoint; boost::asio::ip::udp::endpoint m_DatagramEndpoint, m_SenderEndpoint;
boost::asio::ip::udp::socket m_DatagramSocket; boost::asio::ip::udp::socket m_DatagramSocket;
mutable std::mutex m_SessionsMutex; mutable std::mutex m_SessionsMutex;
std::map<std::string, SAMSession *> m_Sessions; std::map<std::string, std::shared_ptr<SAMSession> > m_Sessions;
uint8_t m_DatagramReceiveBuffer[i2p::datagram::MAX_DATAGRAM_SIZE+1]; uint8_t m_DatagramReceiveBuffer[i2p::datagram::MAX_DATAGRAM_SIZE+1];
public: public:

6
debian/copyright vendored

@ -3,9 +3,9 @@ Upstream-Name: i2pd
Source: https://github.com/PurpleI2P Source: https://github.com/PurpleI2P
Files: * Files: *
Copyright: 2013-2015 PurpleI2P Copyright: 2013-2016 PurpleI2P
License: BSD-3-clause License: BSD-3-clause
Copyright (c) 2013-2015, The PurpleI2P Project Copyright (c) 2013-2016, The PurpleI2P Project
. .
All rights reserved. All rights reserved.
. .
@ -34,7 +34,7 @@ License: BSD-3-clause
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Files: debian/* Files: debian/*
Copyright: 2014-2015 hagen <hagen@i2pmail.org> Copyright: 2014-2016 hagen <hagen@i2pmail.org>
2013-2015 Kill Your TV <killyourtv@i2pmail.org> 2013-2015 Kill Your TV <killyourtv@i2pmail.org>
License: GPL-2.0+ License: GPL-2.0+
This package is free software; you can redistribute it and/or modify This package is free software; you can redistribute it and/or modify

87
debian/i2pd.1 vendored

@ -5,7 +5,7 @@ i2pd \- Load-balanced unspoofable packet switching network
.SH SYNOPSIS .SH SYNOPSIS
.B i2pd .B i2pd
[\fIOPTION1\fR) [\fIOPTION2\fR]... [\fIOPTION1\fR] [\fIOPTION2\fR]...
.SH DESCRIPTION .SH DESCRIPTION
i2pd i2pd
@ -18,59 +18,58 @@ network is both distributed and dynamic, with no trusted parties.
Any of the configuration options below can be used in the \fBDAEMON_ARGS\fR variable in \fI/etc/default/i2pd\fR. Any of the configuration options below can be used in the \fBDAEMON_ARGS\fR variable in \fI/etc/default/i2pd\fR.
.BR .BR
.TP .TP
\fB\-\-host=\fR \fB\-\-help\fR
The external IP (deprecated) Show available options.
.TP
\fB\-\-port=\fR
The external port to listen on
.TP .TP
\fB\-\-httpport=\fR \fB\-\-conf=\fR
The HTTP port to listen on Config file (default: \fI~/.i2pd/i2pd.conf\fR or \fI/var/lib/i2pd/i2pd.conf\fR)
.BR
This parameter will be silently ignored if the specified config file does not exist.
Options specified on the command line take precedence over those in the config file.
.TP .TP
\fB\-\-log=\fR[\fI1\fR|\fI0\fR] \fB\-\-tunconf=\fR
.br Tunnels config file (default: \fI~/.i2pd/tunnels.conf\fR or \fI/var/lib/i2pd/tunnels.conf\fR)
Enable of disable logging to a file. \fI1\fR for yes, \fI0\fR for no. (default: \fI0\fR, off)
.TP .TP
\fB\-\-daemon=\fR[\fI1\fR|\fI0\fR] \fB\-\-pidfile=\fR
Enable or disable daemon mode. Daemon mode is enabled with \fI1\fR and disabled with \fI0\fR. (default: \fI0\fR, off) Where to write pidfile (don\'t write by default)
.TP .TP
\fB\-\-service=\fR[\fI1\fR|\fI0\fR] \fB\-\-log=\fR
If enabled, system folders (\fB/var/run/i2pd.pid\fR, \fB/var/log/i2pd.log\fR, \fB/var/lib/i2pd\fR) will be used. If off, \fB$HOME/.i2pd\fR will be used instead. (default: \fI0\fR, off). Logs destination: \fIstdout\fR, \fIfile\fR, \fIsyslog\fR (\fIstdout\fR if not set, \fIfile\fR - otherwise, for compatibility)
.TP .TP
\fB\-\-unreachable=\fR[\fI1\fR|\fI0\fR] \fB\-\-loglevel=\fR
\fI1\fR if router is declared as unreachable and works through introducers. (default: \fI0\fR, off) Log messages above this level (\fIdebug\fR, \fBinfo\fR, \fIwarn\fR, \fIerror\fR)
.TP .TP
\fB\-\-v6=\fR[\fI1\fR|\fI0\fR] \fB\-\-datadir=\fR
\fI1\fR if \fBi2pd\fR should communicate via IPv6. (default: \fI0\fR, off) Path to storage of i2pd data (RI, keys, peer profiles, ...)
.TP .TP
\fB\-\-floodfill=\fR[\fI1\fR|\fI0\fR] \fB\-\-host=\fR
\fI1\fR if \fBi2pd\fR should become a floodfill. (default: \fI0\fR, off) The external IP address
.TP .TP
\fB\-\-bandwidth=\fR[\fI1\fR|\fI0\fR] \fB\-\-port=\fR
\fIL\fR if \fBi2pd\fR should be limited to 32KiB/s. Enabling floodfill will automatically set this to \fI0\fR (default: \fI0\fR, no limit) The port to listen on for incoming connections
.TP .TP
\fB\-\-httpproxyport=\fR \fB\-\-daemon\fR
The local port for the HTTP Proxy to listen on (default: \fI4446\fR) Router will go to background after start
.TP .TP
\fB\-\-socksproxyport=\fR \fB\-\-service\fR
The local port for the SOCKS proxy to listen on (default: \fI4447\fR) Router will use system folders like \fI/var/lib/i2pd\fR
.TP .TP
\fB\-\-proxykeys=\fR \fB\-\-ipv6\fR
An optional keys file for tunnel local destination (both HTTP and SOCKS) Enable communication through ipv6. false by default
.TP .TP
\fB\-\-samport=\fR \fB\-\-notransit\fR
Port of SAM bridge. Usually \fI7656\fR. SAM will not be enabled if this is not set. (default: unset) Router will not accept transit tunnels at startup
.TP .TP
\fB\-\-bobport=\fR \fB\-\-floodfill\fR
Port of BOB command channel. Usually \fI2827\fR. BOB will not be enabled if this is not set. (default: unset) Router will be floodfill
.TP .TP
\fB\-\-i2pcontrolport=\fR \fB\-\-bandwidth=\fR
Port of I2P control service. Usually \fI7650\fR. I2PControl will not be enabled if this is not set. (default: unset) Bandwidth limit: integer in KBps or letter aliases: \fIL (32KBps)\fR, O (256), P (2048), X (>9000)
.TP .TP
\fB\-\-conf=\fR \fB\-\-family=\fR
Config file (default: \fI~/.i2pd/i2pd.conf\fR or \fI/var/lib/i2pd/i2pd.conf\fR) Name of a family, router belongs to.
This parameter will be silently ignored if the specified config file does not exist. .PP
Options specified on the command line take precedence over those in the config file. See service-specific parameters in page \fIdocs/configuration.md\fR or in example config file \fIdocs/i2pd.conf\fR
.SH FILES .SH FILES
.PP .PP
@ -82,10 +81,10 @@ i2pd configuration files (when running as a system service)
.PP .PP
/var/lib/i2pd/ /var/lib/i2pd/
.RS 4 .RS 4
i2pd profile directory (when running as a system service, see \fB\-\-service=\fR above) i2pd profile directory (when running as a system service, see \fB\-\-service\fR above)
.RE .RE
.PP .PP
$HOME/.i2pd $HOME/.i2pd/
.RS 4 .RS 4
i2pd profile directory (when running as a normal user) i2pd profile directory (when running as a normal user)
.RE .RE
@ -95,7 +94,9 @@ i2pd profile directory (when running as a normal user)
default I2P hosts file default I2P hosts file
.SH AUTHOR .SH AUTHOR
This manual page was written by kytv <killyourtv@i2pmail.org> for the Debian system (but may be used by others). This manual page was written by kytv <killyourtv@i2pmail.org> for the Debian system (but may be used by others).
.BR .PP
Updated by hagen <hagen@i2pmail.org> in 2016.
.PP
Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU General Public License, Version 2 or any later version published by the Free Software Foundation
.BR .BR
On Debian systems, the complete text of the GNU General Public License can be found in /usr/share/common-licenses/GPL On Debian systems, the complete text of the GNU General Public License can be found in \fI/usr/share/common-licenses/GPL\fR

19
debian/i2pd.conf vendored

@ -1,19 +0,0 @@
ipv6
[httpproxy]
address = 127.0.0.1
port = 4444
# other services (disabled by default)
#
#[sam]
#address = 127.0.0.1
#port = 7656
#
#[bob]
#address = 127.0.0.1
#port = 2827
#
#[i2pcontrol]
#address = 127.0.0.1
#port = 7650

2
debian/i2pd.install vendored

@ -1,5 +1,5 @@
i2pd usr/sbin/ i2pd usr/sbin/
debian/i2pd.conf etc/i2pd/ docs/i2pd.conf etc/i2pd/
debian/tunnels.conf etc/i2pd/ debian/tunnels.conf etc/i2pd/
debian/subscriptions.txt etc/i2pd/ debian/subscriptions.txt etc/i2pd/
contrib/certificates/ usr/share/i2pd/ contrib/certificates/ usr/share/i2pd/

4
docs/configuration.md

@ -16,8 +16,8 @@ If you are upgrading your very old router (< 2.3.0) see also [this](config_opts_
* --logfile= - Path to logfile (default - autodetect) * --logfile= - Path to logfile (default - autodetect)
* --loglevel= - Log messages above this level (debug, *info, warn, error) * --loglevel= - Log messages above this level (debug, *info, warn, error)
* --datadir= - Path to storage of i2pd data (RI, keys, peer profiles, ...) * --datadir= - Path to storage of i2pd data (RI, keys, peer profiles, ...)
* --host= - The external IP * --host= - Router external IP for incoming connections
* --port= - The port to listen on * --port= - Port to listen for incoming connections (default: auto)
* --daemon - Router will go to background after start * --daemon - Router will go to background after start
* --service - Router will use system folders like '/var/lib/i2pd' * --service - Router will use system folders like '/var/lib/i2pd'
* --ipv6 - Enable communication through ipv6. false by default * --ipv6 - Enable communication through ipv6. false by default

4
docs/i2pd.conf

@ -69,8 +69,8 @@ port = 7070
## Uncomment and set to 'false' to disable HTTP Proxy ## Uncomment and set to 'false' to disable HTTP Proxy
# enabled = true # enabled = true
## Address and port service will listen on ## Address and port service will listen on
# address = 127.0.0.1 address = 127.0.0.1
# port = 4444 port = 4444
## Optional keys file for proxy local destination ## Optional keys file for proxy local destination
# keys = http-proxy-keys.dat # keys = http-proxy-keys.dat

Loading…
Cancel
Save