From e1d9eca7bd4df3abdf5c9a1a0b4e6b75f6f01c90 Mon Sep 17 00:00:00 2001 From: orignal Date: Tue, 13 Dec 2016 09:49:42 -0500 Subject: [PATCH 01/15] 0.9.28 --- version.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/version.h b/version.h index ef88cbcb..ed84efd1 100644 --- a/version.h +++ b/version.h @@ -21,7 +21,7 @@ #define I2P_VERSION_MAJOR 0 #define I2P_VERSION_MINOR 9 -#define I2P_VERSION_MICRO 27 +#define I2P_VERSION_MICRO 28 #define I2P_VERSION_PATCH 0 #define I2P_VERSION MAKE_VERSION(I2P_VERSION_MAJOR, I2P_VERSION_MINOR, I2P_VERSION_MICRO) From c45f72a63e08a551797cd4e47f654d322d1d0f80 Mon Sep 17 00:00:00 2001 From: orignal Date: Tue, 13 Dec 2016 11:01:13 -0500 Subject: [PATCH 02/15] make sure all outstading data got sent before closing socket --- I2PTunnel.cpp | 11 +++++++++-- Streaming.h | 4 ++-- 2 files changed, 11 insertions(+), 4 deletions(-) diff --git a/I2PTunnel.cpp b/I2PTunnel.cpp index 0f9188b6..fdc5bc52 100644 --- a/I2PTunnel.cpp +++ b/I2PTunnel.cpp @@ -92,8 +92,15 @@ namespace client m_Stream->Close (); m_Stream.reset (); } - m_Socket->close (); - Done(shared_from_this ()); + auto s = shared_from_this (); + // make sure all outstading jobs finished before close + m_Socket->get_io_service ().post( + [s]() + { + s->m_Socket->close (); + }); + + Done(s); } void I2PTunnelConnection::Receive () diff --git a/Streaming.h b/Streaming.h index bf19f92a..65a8d8b4 100644 --- a/Streaming.h +++ b/Streaming.h @@ -285,7 +285,7 @@ namespace stream auto s = shared_from_this(); m_Service.post ([=](void) { - if (!m_ReceiveQueue.empty () || m_Status == eStreamStatusReset || m_Status == eStreamStatusClosed) + if (!m_ReceiveQueue.empty () || m_Status == eStreamStatusReset) s->HandleReceiveTimer (boost::asio::error::make_error_code (boost::asio::error::operation_aborted), buffer, handler, 0); else { @@ -306,7 +306,7 @@ namespace stream else if (ecode == boost::asio::error::operation_aborted) { // timeout not expired - if (m_Status == eStreamStatusReset || m_Status == eStreamStatusClosed) + if (m_Status == eStreamStatusReset) handler (boost::asio::error::make_error_code (boost::asio::error::connection_reset), 0); else handler (boost::asio::error::make_error_code (boost::asio::error::operation_aborted), 0); From cfde1f8c2716644932d14c19ff75dbfb2d090b30 Mon Sep 17 00:00:00 2001 From: orignal Date: Tue, 13 Dec 2016 12:44:05 -0500 Subject: [PATCH 03/15] rollback --- I2PTunnel.cpp | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/I2PTunnel.cpp b/I2PTunnel.cpp index fdc5bc52..c98fb8c8 100644 --- a/I2PTunnel.cpp +++ b/I2PTunnel.cpp @@ -92,15 +92,9 @@ namespace client m_Stream->Close (); m_Stream.reset (); } - auto s = shared_from_this (); - // make sure all outstading jobs finished before close - m_Socket->get_io_service ().post( - [s]() - { - s->m_Socket->close (); - }); + m_Socket->close (); - Done(s); + Done(shared_from_this ()); } void I2PTunnelConnection::Receive () From c065fae4221f9d9a296a8636d67466c0c7f074e2 Mon Sep 17 00:00:00 2001 From: orignal Date: Tue, 13 Dec 2016 12:45:18 -0500 Subject: [PATCH 04/15] store remote IdentHash only --- Garlic.cpp | 14 ++++++++------ Garlic.h | 4 +++- 2 files changed, 11 insertions(+), 7 deletions(-) diff --git a/Garlic.cpp b/Garlic.cpp index ab20ac8f..192d47a0 100644 --- a/Garlic.cpp +++ b/Garlic.cpp @@ -18,7 +18,7 @@ namespace garlic { GarlicRoutingSession::GarlicRoutingSession (GarlicDestination * owner, std::shared_ptr destination, int numTags, bool attachLeaseSet): - m_Owner (owner), m_Destination (destination), m_NumTags (numTags), + m_Owner (owner), m_IsDestination (destination->IsDestination ()), m_NumTags (numTags), m_LeaseSetUpdateStatus (attachLeaseSet ? eLeaseSetUpdated : eLeaseSetDoNotSend), m_LeaseSetUpdateMsgID (0), m_ElGamalEncryption (new i2p::crypto::ElGamalEncryption (destination->GetEncryptionPublicKey ())) @@ -26,10 +26,12 @@ namespace garlic // create new session tags and session key RAND_bytes (m_SessionKey, 32); m_Encryption.SetKey (m_SessionKey); + if (m_IsDestination) + m_DestinationIdent = destination->GetIdentHash (); } GarlicRoutingSession::GarlicRoutingSession (const uint8_t * sessionKey, const SessionTag& sessionTag): - m_Owner (nullptr), m_Destination (nullptr), m_NumTags (1), m_LeaseSetUpdateStatus (eLeaseSetDoNotSend), m_LeaseSetUpdateMsgID (0) + m_Owner (nullptr), m_IsDestination (false), m_NumTags (1), m_LeaseSetUpdateStatus (eLeaseSetDoNotSend), m_LeaseSetUpdateMsgID (0) { memcpy (m_SessionKey, sessionKey, 32); m_Encryption.SetKey (m_SessionKey); @@ -177,7 +179,7 @@ namespace garlic if (!tagFound) // new session { LogPrint (eLogInfo, "Garlic: No tags available, will use ElGamal"); - if (!m_Destination) + if (!m_ElGamalEncryption) { LogPrint (eLogError, "Garlic: Can't use ElGamal for unknown destination"); return nullptr; @@ -297,7 +299,7 @@ namespace garlic } if (msg) // clove message ifself if presented { - size += CreateGarlicClove (payload + size, msg, m_Destination ? m_Destination->IsDestination () : false); + size += CreateGarlicClove (payload + size, msg, m_IsDestination); (*numCloves)++; } memset (payload + size, 0, 3); // certificate of message @@ -315,11 +317,11 @@ namespace garlic { uint64_t ts = i2p::util::GetMillisecondsSinceEpoch () + 8000; // 8 sec size_t size = 0; - if (isDestination && m_Destination) + if (isDestination) { buf[size] = eGarlicDeliveryTypeDestination << 5;// delivery instructions flag destination size++; - memcpy (buf + size, m_Destination->GetIdentHash (), 32); + memcpy (buf + size, m_DestinationIdent, 32); size += 32; } else diff --git a/Garlic.h b/Garlic.h index a7e2d264..523399cc 100644 --- a/Garlic.h +++ b/Garlic.h @@ -127,7 +127,9 @@ namespace garlic private: GarlicDestination * m_Owner; - std::shared_ptr m_Destination; + bool m_IsDestination; // destination or RouterInfo ? + i2p::data::IdentHash m_DestinationIdent; + i2p::crypto::AESKey m_SessionKey; std::list m_SessionTags; int m_NumTags; From 9c7de5ad032165d9cc29c6569281209ab0d0f9fa Mon Sep 17 00:00:00 2001 From: orignal Date: Tue, 13 Dec 2016 14:54:48 -0500 Subject: [PATCH 05/15] avoid sending RST instead FIN --- I2PTunnel.cpp | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/I2PTunnel.cpp b/I2PTunnel.cpp index c98fb8c8..2b7ccc0e 100644 --- a/I2PTunnel.cpp +++ b/I2PTunnel.cpp @@ -92,6 +92,7 @@ namespace client m_Stream->Close (); m_Stream.reset (); } + m_Socket->shutdown(boost::asio::ip::tcp::socket::shutdown_send); // avoid RST m_Socket->close (); Done(shared_from_this ()); @@ -108,9 +109,11 @@ namespace client { if (ecode) { - LogPrint (eLogError, "I2PTunnel: read error: ", ecode.message ()); if (ecode != boost::asio::error::operation_aborted) + { + LogPrint (eLogError, "I2PTunnel: read error: ", ecode.message ()); Terminate (); + } } else { From b57a62fece6995c32022159abee3aeaedc167905 Mon Sep 17 00:00:00 2001 From: orignal Date: Wed, 14 Dec 2016 09:35:15 -0500 Subject: [PATCH 06/15] static and AVX support for OSX --- Makefile.osx | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/Makefile.osx b/Makefile.osx index f40ce1af..c8a7de2a 100644 --- a/Makefile.osx +++ b/Makefile.osx @@ -3,21 +3,26 @@ CXXFLAGS = -g -Wall -std=c++11 -DMAC_OSX #CXXFLAGS = -g -O2 -Wall -std=c++11 INCFLAGS = -I/usr/local/include -I/usr/local/ssl/include LDFLAGS = -Wl,-rpath,/usr/local/lib -L/usr/local/lib -L/usr/local/ssl/lib + +ifeq ($(USE_STATIC),yes) +LDLIBS = -lz -lcrypto -lssl /usr/local/lib/libboost_system.a /usr/local/lib/libboost_date_time.a /usr/local/lib/libboost_filesystem.a /usr/local/lib/libboost_program_options.a -lpthread +else LDLIBS = -lz -lcrypto -lssl -lboost_system -lboost_date_time -lboost_filesystem -lboost_program_options -lpthread +endif ifeq ($(USE_UPNP),yes) LDFLAGS += -ldl CXXFLAGS += -DUSE_UPNP endif -# OSX Notes -# http://www.hutsby.net/2011/08/macs-with-aes-ni.html -# Seems like all recent Mac's have AES-NI, after firmware upgrade 2.2 -# Found no good way to detect it from command line. TODO: Might be some osx sysinfo magic ifeq ($(USE_AESNI),yes) CXXFLAGS += -maes -DAESNI endif +ifeq ($(USE_AVX),yes) + CXXFLAGS += -mavx +endif + # Disabled, since it will be the default make rule. I think its better # to define the default rule in Makefile and not Makefile. - torkel #install: all From 15b7284a8f63fe122f1d57f8cc4364fa63770e9e Mon Sep 17 00:00:00 2001 From: orignal Date: Wed, 14 Dec 2016 09:48:05 -0500 Subject: [PATCH 07/15] AVX support for Windows --- Makefile.mingw | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/Makefile.mingw b/Makefile.mingw index e2dae747..40cf14b3 100644 --- a/Makefile.mingw +++ b/Makefile.mingw @@ -39,9 +39,13 @@ endif # don't change following line to ifeq ($(USE_AESNI),yes) !!! ifeq ($(USE_AESNI),1) - CPU_FLAGS = -maes -DAESNI + CPU_FLAGS += -maes -DAESNI else - CPU_FLAGS = -msse + CPU_FLAGS += -msse +endif + +ifeq ($(USE_AVX),1) + CPU_FLAGS += -mavx endif ifeq ($(USE_ASLR),yes) From 37e4dfc5d58d939fc9250c88becdce160689b7c7 Mon Sep 17 00:00:00 2001 From: orignal Date: Wed, 14 Dec 2016 10:59:36 -0500 Subject: [PATCH 08/15] cleanup from some overhead --- NetDb.cpp | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/NetDb.cpp b/NetDb.cpp index a1f0fcb7..88d5483f 100644 --- a/NetDb.cpp +++ b/NetDb.cpp @@ -912,7 +912,6 @@ namespace data uint8_t randomHash[32]; std::vector msgs; - std::set floodfills; LogPrint (eLogInfo, "NetDb: exploring new ", numDestinations, " routers ..."); for (int i = 0; i < numDestinations; i++) { @@ -924,9 +923,8 @@ namespace data return; } auto floodfill = GetClosestFloodfill (randomHash, dest->GetExcludedPeers ()); - if (floodfill && !floodfills.count (floodfill.get ())) // request floodfill only once + if (floodfill) { - floodfills.insert (floodfill.get ()); if (i2p::transport::transports.IsConnected (floodfill->GetIdentHash ())) throughTunnels = false; if (throughTunnels) From b9552c42f1966b757101d00fcb2cf31bc73f864e Mon Sep 17 00:00:00 2001 From: orignal Date: Wed, 14 Dec 2016 11:32:20 -0500 Subject: [PATCH 09/15] don't overwrite whole lease --- LeaseSet.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/LeaseSet.cpp b/LeaseSet.cpp index 04dc77c5..bddb517e 100644 --- a/LeaseSet.cpp +++ b/LeaseSet.cpp @@ -91,7 +91,7 @@ namespace data if (m_StoreLeases) { auto ret = m_Leases.insert (std::make_shared(lease)); - if (!ret.second) *(*ret.first) = lease; // update existing + if (!ret.second) (*ret.first)->endDate = lease.endDate; // update existing (*ret.first)->isUpdated = true; // check if lease's gateway is in our netDb if (!netdb.FindRouter (lease.tunnelGateway)) From 992603496e95b27870a80ba854b9b024805f6886 Mon Sep 17 00:00:00 2001 From: orignal Date: Wed, 14 Dec 2016 13:54:16 -0500 Subject: [PATCH 10/15] don't copy address --- RouterInfo.cpp | 44 ++++++++++++++++++++++---------------------- 1 file changed, 22 insertions(+), 22 deletions(-) diff --git a/RouterInfo.cpp b/RouterInfo.cpp index b570d6c2..4ae2f9e5 100644 --- a/RouterInfo.cpp +++ b/RouterInfo.cpp @@ -167,19 +167,19 @@ namespace data { uint8_t supportedTransports = 0; bool isValidAddress = true; - Address address; - s.read ((char *)&address.cost, sizeof (address.cost)); - s.read ((char *)&address.date, sizeof (address.date)); + auto address = std::make_shared
(); + s.read ((char *)&address->cost, sizeof (address->cost)); + s.read ((char *)&address->date, sizeof (address->date)); char transportStyle[5]; ReadString (transportStyle, 5, s); if (!strcmp (transportStyle, "NTCP")) - address.transportStyle = eTransportNTCP; + address->transportStyle = eTransportNTCP; else if (!strcmp (transportStyle, "SSU")) - address.transportStyle = eTransportSSU; + address->transportStyle = eTransportSSU; else - address.transportStyle = eTransportUnknown; - address.port = 0; - address.mtu = 0; + address->transportStyle = eTransportUnknown; + address->port = 0; + address->mtu = 0; uint16_t size, r = 0; s.read ((char *)&size, sizeof (size)); if (!s) return; size = be16toh (size); @@ -194,35 +194,35 @@ namespace data if (!strcmp (key, "host")) { boost::system::error_code ecode; - address.host = boost::asio::ip::address::from_string (value, ecode); + address->host = boost::asio::ip::address::from_string (value, ecode); if (ecode) { - if (address.transportStyle == eTransportNTCP) + if (address->transportStyle == eTransportNTCP) { supportedTransports |= eNTCPV4; // TODO: - address.addressString = value; + address->addressString = value; } else { supportedTransports |= eSSUV4; // TODO: - address.addressString = value; + address->addressString = value; } } else { // add supported protocol - if (address.host.is_v4 ()) - supportedTransports |= (address.transportStyle == eTransportNTCP) ? eNTCPV4 : eSSUV4; + if (address->host.is_v4 ()) + supportedTransports |= (address->transportStyle == eTransportNTCP) ? eNTCPV4 : eSSUV4; else - supportedTransports |= (address.transportStyle == eTransportNTCP) ? eNTCPV6 : eSSUV6; + supportedTransports |= (address->transportStyle == eTransportNTCP) ? eNTCPV6 : eSSUV6; } } else if (!strcmp (key, "port")) - address.port = boost::lexical_cast(value); + address->port = boost::lexical_cast(value); else if (!strcmp (key, "mtu")) - address.mtu = boost::lexical_cast(value); + address->mtu = boost::lexical_cast(value); else if (!strcmp (key, "key")) - Base64ToByteStream (value, strlen (value), address.key, 32); + Base64ToByteStream (value, strlen (value), address->key, 32); else if (!strcmp (key, "caps")) ExtractCaps (value); else if (key[0] == 'i') @@ -237,9 +237,9 @@ namespace data LogPrint (eLogError, "RouterInfo: Unexpected introducer's index ", index, " skipped"); if (s) continue; else return; } - if (index >= address.introducers.size ()) - address.introducers.resize (index + 1); - Introducer& introducer = address.introducers.at (index); + if (index >= address->introducers.size ()) + address->introducers.resize (index + 1); + Introducer& introducer = address->introducers.at (index); if (!strcmp (key, "ihost")) { boost::system::error_code ecode; @@ -256,7 +256,7 @@ namespace data } if (isValidAddress) { - addresses->push_back(std::make_shared
(address)); + addresses->push_back(address); m_SupportedTransports |= supportedTransports; } } From 34df1b16461dc260114d7a6469fe02cedb36bc11 Mon Sep 17 00:00:00 2001 From: orignal Date: Thu, 15 Dec 2016 07:21:34 -0500 Subject: [PATCH 11/15] add AVX to clobber list --- Crypto.cpp | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/Crypto.cpp b/Crypto.cpp index 5de3a4ee..67c1f226 100644 --- a/Crypto.cpp +++ b/Crypto.cpp @@ -386,9 +386,11 @@ namespace crypto // HMAC const uint64_t IPAD = 0x3636363636363636; const uint64_t OPAD = 0x5C5C5C5C5C5C5C5C; - + +#if defined(__AVX__) static const uint64_t ipads[] = { IPAD, IPAD, IPAD, IPAD }; static const uint64_t opads[] = { OPAD, OPAD, OPAD, OPAD }; +#endif void HMACMD5Digest (uint8_t * msg, size_t len, const MACKey& key, uint8_t * digest) // key is 32 bytes @@ -413,7 +415,7 @@ namespace crypto "movups %%xmm0, 80%[hash] \n" // zero last 16 bytes : [buf]"=m"(*buf), [hash]"=m"(*hash) : [key]"m"(*(const uint8_t *)key), [ipad]"m"(*ipads), [opad]"m"(*opads) - : "memory" + : "memory", "%xmm0" // TODO: change to %ymm0 later ); #else // ikeypad @@ -421,13 +423,19 @@ namespace crypto buf[1] = key.GetLL ()[1] ^ IPAD; buf[2] = key.GetLL ()[2] ^ IPAD; buf[3] = key.GetLL ()[3] ^ IPAD; - memcpy (buf + 4, ipads, 32); + buf[4] = IPAD; + buf[5] = IPAD; + buf[6] = IPAD; + buf[7] = IPAD; // okeypad hash[0] = key.GetLL ()[0] ^ OPAD; hash[1] = key.GetLL ()[1] ^ OPAD; hash[2] = key.GetLL ()[2] ^ OPAD; hash[3] = key.GetLL ()[3] ^ OPAD; - memcpy (hash + 4, opads, 32); + hash[4] = OPAD; + hash[5] = OPAD; + hash[6] = OPAD; + hash[7] = OPAD; // fill last 16 bytes with zeros (first hash size assumed 32 bytes in I2P) memset (hash + 10, 0, 16); #endif From 6913da7efa4834ab0f0459ad3f206518df6b8a3e Mon Sep 17 00:00:00 2001 From: orignal Date: Thu, 15 Dec 2016 10:43:48 -0500 Subject: [PATCH 12/15] fixed AVX crash for mingw build --- Crypto.cpp | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/Crypto.cpp b/Crypto.cpp index 67c1f226..a4a794ac 100644 --- a/Crypto.cpp +++ b/Crypto.cpp @@ -404,17 +404,18 @@ namespace crypto ( "vmovups %[key], %%ymm0 \n" "vmovups %[ipad], %%ymm1 \n" - "vmovups %%ymm1, 32%[buf] \n" + "vmovups %%ymm1, 32(%[buf]) \n" "vxorps %%ymm0, %%ymm1, %%ymm1 \n" - "vmovups %%ymm1, %[buf] \n" + "vmovups %%ymm1, (%[buf]) \n" "vmovups %[opad], %%ymm1 \n" - "vmovups %%ymm1, 32%[hash] \n" + "vmovups %%ymm1, 32(%[hash]) \n" "vxorps %%ymm0, %%ymm1, %%ymm1 \n" - "vmovups %%ymm1, %[hash] \n" + "vmovups %%ymm1, (%[hash]) \n" "vzeroall \n" // end of AVX - "movups %%xmm0, 80%[hash] \n" // zero last 16 bytes - : [buf]"=m"(*buf), [hash]"=m"(*hash) - : [key]"m"(*(const uint8_t *)key), [ipad]"m"(*ipads), [opad]"m"(*opads) + "movups %%xmm0, 80(%[hash]) \n" // zero last 16 bytes + : + : [key]"m"(*(const uint8_t *)key), [ipad]"m"(*ipads), [opad]"m"(*opads), + [buf]"r"(buf), [hash]"r"(hash) : "memory", "%xmm0" // TODO: change to %ymm0 later ); #else From 10d6cd989608d85dd80ec19433ca66f817a73bbf Mon Sep 17 00:00:00 2001 From: orignal Date: Thu, 15 Dec 2016 13:10:12 -0500 Subject: [PATCH 13/15] use token for commands --- HTTPServer.cpp | 42 +++++++++++++++++++++++++++++++----------- HTTPServer.h | 20 ++++++++++++++++---- 2 files changed, 47 insertions(+), 15 deletions(-) diff --git a/HTTPServer.cpp b/HTTPServer.cpp index 5deb7c60..368c5e21 100644 --- a/HTTPServer.cpp +++ b/HTTPServer.cpp @@ -451,26 +451,26 @@ namespace http { s << "
\r\n"; } - static void ShowCommands (std::stringstream& s) + static void ShowCommands (std::stringstream& s, uint32_t token) { /* commands */ s << "Router Commands
\r\n"; - s << " Run peer test
\r\n"; + s << " Run peer test
\r\n"; //s << " Reload config
\r\n"; if (i2p::context.AcceptsTunnels ()) - s << " Decline transit tunnels
\r\n"; + s << " Decline transit tunnels
\r\n"; else - s << " Accept transit tunnels
\r\n"; + s << " Accept transit tunnels
\r\n"; #if (!defined(WIN32) && !defined(QT_GUI_LIB) && !defined(ANDROID)) if (Daemon.gracefulShutdownInterval) - s << " Cancel graceful shutdown
"; + s << " Cancel graceful shutdown
"; else - s << " Start graceful shutdown
\r\n"; + s << " Start graceful shutdown
\r\n"; #endif #ifdef WIN32_APP - s << " Graceful shutdown
\r\n"; + s << " Graceful shutdown
\r\n"; #endif - s << " Force shutdown
\r\n"; + s << " Force shutdown
\r\n"; } static void ShowTransitTunnels (std::stringstream& s) @@ -756,6 +756,7 @@ namespace http { SendReply (res, content); } + std::map HTTPConnection::m_Tokens; void HTTPConnection::HandlePage (const HTTPReq& req, HTTPRes& res, std::stringstream& s) { std::map params; @@ -771,7 +772,20 @@ namespace http { else if (page == HTTP_PAGE_TUNNELS) ShowTunnels (s); else if (page == HTTP_PAGE_COMMANDS) - ShowCommands (s); + { + uint32_t token; + RAND_bytes ((uint8_t *)&token, 4); + auto ts = i2p::util::GetSecondsSinceEpoch (); + for (auto it = m_Tokens.begin (); it != m_Tokens.end (); ) + { + if (ts > it->second + TOKEN_EXPIRATION_TIMEOUT) + it = m_Tokens.erase (it); + else + ++it; + } + m_Tokens[token] = ts; + ShowCommands (s, token); + } else if (page == HTTP_PAGE_TRANSIT_TUNNELS) ShowTransitTunnels (s); else if (page == HTTP_PAGE_LOCAL_DESTINATIONS) @@ -798,13 +812,19 @@ namespace http { void HTTPConnection::HandleCommand (const HTTPReq& req, HTTPRes& res, std::stringstream& s) { std::map params; - std::string cmd(""); URL url; url.parse(req.uri); url.parse_query(params); - cmd = params["cmd"]; + std::string token = params["token"]; + if (!token.empty () || m_Tokens.find (std::stoi (token)) == m_Tokens.end ()) + { + ShowError(s, "Invalid token"); + return; + } + + std::string cmd = params["cmd"]; if (cmd == HTTP_COMMAND_RUN_PEER_TEST) i2p::transport::transports.PeerTest (); else if (cmd == HTTP_COMMAND_RELOAD_CONFIG) diff --git a/HTTPServer.h b/HTTPServer.h index 4a32702d..ec56e08a 100644 --- a/HTTPServer.h +++ b/HTTPServer.h @@ -1,10 +1,20 @@ #ifndef HTTP_SERVER_H__ #define HTTP_SERVER_H__ -namespace i2p { -namespace http { - extern const char *itoopieFavicon; - const size_t HTTP_CONNECTION_BUFFER_SIZE = 8192; +#include +#include +#include +#include +#include +#include +#include "HTTP.h" + +namespace i2p +{ +namespace http +{ + const size_t HTTP_CONNECTION_BUFFER_SIZE = 8192; + const int TOKEN_EXPIRATION_TIMEOUT = 30; // in seconds class HTTPConnection: public std::enable_shared_from_this { @@ -35,6 +45,8 @@ namespace http { bool needAuth; std::string user; std::string pass; + + static std::map m_Tokens; // token->timestamp in seconds }; class HTTPServer From 0edc149ecca68670e4b378d71a0a1d52815f3ce8 Mon Sep 17 00:00:00 2001 From: orignal Date: Thu, 15 Dec 2016 13:36:52 -0500 Subject: [PATCH 14/15] fixed typo --- HTTPServer.cpp | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/HTTPServer.cpp b/HTTPServer.cpp index 368c5e21..84818e8e 100644 --- a/HTTPServer.cpp +++ b/HTTPServer.cpp @@ -818,7 +818,7 @@ namespace http { url.parse_query(params); std::string token = params["token"]; - if (!token.empty () || m_Tokens.find (std::stoi (token)) == m_Tokens.end ()) + if (token.empty () || m_Tokens.find (std::stoi (token)) == m_Tokens.end ()) { ShowError(s, "Invalid token"); return; From 38d85a49e721c65fb6ceb9acb34a1c8816261e60 Mon Sep 17 00:00:00 2001 From: orignal Date: Thu, 15 Dec 2016 14:42:26 -0500 Subject: [PATCH 15/15] use AVX instructions for XOR in AES-CBC if applicable --- Crypto.h | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/Crypto.h b/Crypto.h index a04a93da..9e35f073 100644 --- a/Crypto.h +++ b/Crypto.h @@ -76,7 +76,18 @@ namespace crypto void operator^=(const ChipherBlock& other) // XOR { -#if defined(__x86_64__) || defined(__SSE__) // for Intel x84 or with SSE +#if defined(__AVX__) // AVX + __asm__ + ( + "vmovups (%[buf]), %%xmm0 \n" + "vmovups (%[other]), %%xmm1 \n" + "vxorps %%xmm0, %%xmm1, %%xmm0 \n" + "vmovups %%xmm0, (%[buf]) \n" + : + : [buf]"r"(buf), [other]"r"(other.buf) + : "%xmm0", "%xmm1", "memory" + ); +#elif defined(__SSE__) // SSE __asm__ ( "movups (%[buf]), %%xmm0 \n"