From c8cbf425ac5d52304ce5f268639c65e4def7ee30 Mon Sep 17 00:00:00 2001
From: orignal <i2porignal@yandex.ru>
Date: Tue, 13 Aug 2019 14:55:18 -0400
Subject: [PATCH] check and send netid for NTCP2 and SSU

---
 libi2pd/NTCP2.cpp      |  6 ++++++
 libi2pd/SSUSession.cpp | 10 +++++++---
 2 files changed, 13 insertions(+), 3 deletions(-)

diff --git a/libi2pd/NTCP2.cpp b/libi2pd/NTCP2.cpp
index 368f1b3e..6d235abe 100644
--- a/libi2pd/NTCP2.cpp
+++ b/libi2pd/NTCP2.cpp
@@ -161,6 +161,7 @@ namespace transport
 		// fill options
 		uint8_t options[32]; // actual options size is 16 bytes
 		memset (options, 0, 16);
+		options[0] = i2p::context.GetNetID (); // network ID
 		options[1] = 2; // ver	
 		htobe16buf (options + 2, paddingLength); // padLen
 		// m3p2Len	
@@ -248,6 +249,11 @@ namespace transport
 		if (i2p::crypto::AEADChaCha20Poly1305 (m_SessionRequestBuffer + 32, 16, m_H, 32, m_K, nonce, options, 16, false)) // decrypt
 		{
 			// options
+			if (options[0] && options[0] != i2p::context.GetNetID ())
+			{
+				LogPrint (eLogWarning, "NTCP2: SessionRequest networkID ", (int)options[0], " mismatch. Expected ", i2p::context.GetNetID ());
+				return false;
+			}
 			if (options[1] == 2) // ver is always 2 
 			{
 				paddingLen = bufbe16toh (options + 2);
diff --git a/libi2pd/SSUSession.cpp b/libi2pd/SSUSession.cpp
index a7497fd1..88dbcf04 100644
--- a/libi2pd/SSUSession.cpp
+++ b/libi2pd/SSUSession.cpp
@@ -1,4 +1,5 @@
 #include <boost/bind.hpp>
+#include "version.h"
 #include "Crypto.h"
 #include "Log.h"
 #include "Timestamp.h"
@@ -729,7 +730,8 @@ namespace transport
 		encryption.Encrypt (encrypted, encryptedLen, encrypted);
 		// assume actual buffer size is 18 (16 + 2) bytes more
 		memcpy (buf + len, iv, 16);
-		htobe16buf (buf + len + 16, encryptedLen);
+		uint16_t netid = i2p::context.GetNetID ();
+		htobe16buf (buf + len + 16, (netid == I2PD_NET_ID) ? encryptedLen : encryptedLen ^ ((netid - 2) << 8));
 		i2p::crypto::HMACMD5Digest (encrypted, encryptedLen + 18, macKey, header->mac);
 	}
 
@@ -750,7 +752,8 @@ namespace transport
 		m_SessionKeyEncryption.Encrypt (encrypted, encryptedLen, encrypted);
 		// assume actual buffer size is 18 (16 + 2) bytes more
 		memcpy (buf + len, header->iv, 16);
-		htobe16buf (buf + len + 16, encryptedLen);
+		uint16_t netid = i2p::context.GetNetID ();
+		htobe16buf (buf + len + 16, (netid == I2PD_NET_ID) ? encryptedLen : encryptedLen ^ ((netid - 2) << 8));
 		i2p::crypto::HMACMD5Digest (encrypted, encryptedLen + 18, m_MacKey, header->mac);
 	}
 
@@ -799,7 +802,8 @@ namespace transport
 		uint16_t encryptedLen = len - (encrypted - buf);
 		// assume actual buffer size is 18 (16 + 2) bytes more
 		memcpy (buf + len, header->iv, 16);
-		htobe16buf (buf + len + 16, encryptedLen);
+		uint16_t netid = i2p::context.GetNetID ();
+		htobe16buf (buf + len + 16, (netid == I2PD_NET_ID) ? encryptedLen : encryptedLen ^ ((netid - 2) << 8));
 		uint8_t digest[16];
 		i2p::crypto::HMACMD5Digest (encrypted, encryptedLen + 18, macKey, digest);
 		return !memcmp (header->mac, digest, 16);