From 144c5f04246dcca536652c2594f6f8aeae319712 Mon Sep 17 00:00:00 2001
From: Philipp Hauswirth <philipp.hauswirth@stud.hslu.ch>
Date: Thu, 11 Jan 2024 17:54:25 +0100
Subject: [PATCH] add 'reservedrange' config option check before
 IsInReservedRange() check

---
 libi2pd/NTCP2.cpp       | 9 ++++++---
 libi2pd/NTCP2.h         | 2 ++
 libi2pd/Reseed.cpp      | 3 ++-
 libi2pd/RouterInfo.cpp  | 4 +++-
 libi2pd/SSU2.cpp        | 8 +++++---
 libi2pd/SSU2.h          | 4 ++++
 libi2pd/SSU2Session.cpp | 4 ++--
 7 files changed, 24 insertions(+), 10 deletions(-)

diff --git a/libi2pd/NTCP2.cpp b/libi2pd/NTCP2.cpp
index 0a23f07e..57ffc010 100644
--- a/libi2pd/NTCP2.cpp
+++ b/libi2pd/NTCP2.cpp
@@ -22,6 +22,7 @@
 #include "NTCP2.h"
 #include "HTTP.h"
 #include "util.h"
+#include "Config.h"
 
 #if defined(__linux__) && !defined(_NETINET_IN_H)
 	#include <linux/in6.h>
@@ -1240,7 +1241,8 @@ namespace transport
 
 	NTCP2Server::NTCP2Server ():
 		RunnableServiceWithWork ("NTCP2"), m_TerminationTimer (GetService ()),
-			m_ProxyType(eNoProxy), m_Resolver(GetService ())
+			m_ProxyType(eNoProxy), m_Resolver(GetService ()),
+			m_CheckReserved (true)
 	{
 	}
 
@@ -1254,6 +1256,7 @@ namespace transport
 		if (!IsRunning ())
 		{
 			StartIOService ();
+			i2p::config::GetOption("reservedrange", m_CheckReserved);
 			if(UsingProxy())
 			{
 				LogPrint(eLogInfo, "NTCP2: Using proxy to connect to peers");
@@ -1490,7 +1493,7 @@ namespace transport
 			if (!ec)
 			{
 				LogPrint (eLogDebug, "NTCP2: Connected from ", ep);
-				if (!i2p::util::net::IsInReservedRange(ep.address ()))
+				if (!(m_CheckReserved && i2p::util::net::IsInReservedRange(ep.address ())))
 				{
 					if (m_PendingIncomingSessions.emplace (ep.address (), conn).second)
 					{
@@ -1537,7 +1540,7 @@ namespace transport
 			if (!ec)
 			{
 				LogPrint (eLogDebug, "NTCP2: Connected from ", ep);
-				if (!i2p::util::net::IsInReservedRange(ep.address ()) ||
+				if (!(m_CheckReserved && i2p::util::net::IsInReservedRange(ep.address ())) ||
 				    i2p::util::net::IsYggdrasilAddress (ep.address ()))
 				{
 					if (m_PendingIncomingSessions.emplace (ep.address (), conn).second)
diff --git a/libi2pd/NTCP2.h b/libi2pd/NTCP2.h
index ba1380c3..c87169f0 100644
--- a/libi2pd/NTCP2.h
+++ b/libi2pd/NTCP2.h
@@ -286,6 +286,8 @@ namespace transport
 			std::unique_ptr<boost::asio::ip::tcp::endpoint> m_ProxyEndpoint;
 			std::shared_ptr<boost::asio::ip::tcp::endpoint> m_Address4, m_Address6, m_YggdrasilAddress;
 
+			bool m_CheckReserved;
+
 		public:
 
 			// for HTTP/I2PControl
diff --git a/libi2pd/Reseed.cpp b/libi2pd/Reseed.cpp
index 28e4db24..1c8c42c1 100644
--- a/libi2pd/Reseed.cpp
+++ b/libi2pd/Reseed.cpp
@@ -523,6 +523,7 @@ namespace data
 	{
 		i2p::http::URL proxyUrl;
 		std::string proxy; i2p::config::GetOption("reseed.proxy", proxy);
+		bool checkInReserved; i2p::config::GetOption("reservedrange", checkInReserved);
 		// check for proxy url
 		if(proxy.size()) {
 			// parse
@@ -689,7 +690,7 @@ namespace data
 					boost::asio::ip::tcp::endpoint ep = *it;
 					if (
 						(
-							!i2p::util::net::IsInReservedRange(ep.address ()) && (
+							!( checkInReserved && i2p::util::net::IsInReservedRange(ep.address ())) && (
 								(ep.address ().is_v4 () && i2p::context.SupportsV4 ()) ||
 								(ep.address ().is_v6 () && i2p::context.SupportsV6 ())
 							)
diff --git a/libi2pd/RouterInfo.cpp b/libi2pd/RouterInfo.cpp
index 63cb79ef..6af5031c 100644
--- a/libi2pd/RouterInfo.cpp
+++ b/libi2pd/RouterInfo.cpp
@@ -24,6 +24,7 @@
 #include "NetDb.hpp"
 #include "RouterContext.h"
 #include "RouterInfo.h"
+#include "Config.h"
 
 namespace i2p
 {
@@ -204,6 +205,7 @@ namespace data
 		m_Caps = 0; m_Congestion = eLowCongestion;
 		s.read ((char *)&m_Timestamp, sizeof (m_Timestamp));
 		m_Timestamp = be64toh (m_Timestamp);
+		bool checkInReserved; i2p::config::GetOption("reservedrange", checkInReserved);
 		// read addresses
 		auto addresses = NewAddresses ();
 		uint8_t numAddresses;
@@ -253,7 +255,7 @@ namespace data
 					address->host = boost::asio::ip::address::from_string (value, ecode);
 					if (!ecode && !address->host.is_unspecified ())
 					{
-						if (!i2p::util::net::IsInReservedRange (address->host) ||
+						if (!(checkInReserved && i2p::util::net::IsInReservedRange (address->host)) ||
 						    i2p::util::net::IsYggdrasilAddress (address->host))
 							isHost = true;
 						else
diff --git a/libi2pd/SSU2.cpp b/libi2pd/SSU2.cpp
index 6a8615d5..8bb47e1b 100644
--- a/libi2pd/SSU2.cpp
+++ b/libi2pd/SSU2.cpp
@@ -25,7 +25,8 @@ namespace transport
 		m_TerminationTimer (GetService ()), m_CleanupTimer (GetService ()), m_ResendTimer (GetService ()),
 		m_IntroducersUpdateTimer (GetService ()), m_IntroducersUpdateTimerV6 (GetService ()),
 		m_IsPublished (true), m_IsSyncClockFromPeers (true), m_PendingTimeOffset (0),
-		m_IsThroughProxy (false)
+		m_IsThroughProxy (false),
+		m_CheckReserved (true)
 	{
 	}
 
@@ -36,6 +37,7 @@ namespace transport
 			StartIOService ();
 			i2p::config::GetOption ("ssu2.published", m_IsPublished);
 			i2p::config::GetOption("nettime.frompeers", m_IsSyncClockFromPeers);
+			i2p::config::GetOption("reservedrange", m_CheckReserved);
 			bool found = false;
 			auto addresses = i2p::context.GetRouterInfo ().GetAddresses ();
 			if (!addresses) return;
@@ -566,7 +568,7 @@ namespace transport
 				else
 					it1->second->ProcessRetry (buf, len);
 			}
-			else if (!i2p::util::net::IsInReservedRange(senderEndpoint.address ()) && senderEndpoint.port ())
+			else if (!(m_CheckReserved && i2p::util::net::IsInReservedRange(senderEndpoint.address ())) && senderEndpoint.port ())
 			{
 				// assume new incoming session
 				auto session = std::make_shared<SSU2Session> (*this);
@@ -666,7 +668,7 @@ namespace transport
 			bool isValidEndpoint = !address->host.is_unspecified () && address->port;
 			if (isValidEndpoint)
 			{
-				if (i2p::util::net::IsInReservedRange(address->host)) return false;
+				if (m_CheckReserved && i2p::util::net::IsInReservedRange(address->host)) return false;
 				auto s = FindPendingOutgoingSession (boost::asio::ip::udp::endpoint (address->host, address->port));
 				if (s)
 				{
diff --git a/libi2pd/SSU2.h b/libi2pd/SSU2.h
index 03e22245..749b4094 100644
--- a/libi2pd/SSU2.h
+++ b/libi2pd/SSU2.h
@@ -103,6 +103,8 @@ namespace transport
 			i2p::util::MemoryPool<SSU2IncompleteMessage>& GetIncompleteMessagesPool () { return m_IncompleteMessagesPool; };
 			i2p::util::MemoryPool<SSU2IncompleteMessage::Fragment>& GetFragmentsPool () { return m_FragmentsPool; };
 
+			bool GetCheckInReserved() { return m_CheckReserved; };
+
 		private:
 
 			boost::asio::ip::udp::socket& OpenSocket (const boost::asio::ip::udp::endpoint& localEndpoint);
@@ -172,6 +174,8 @@ namespace transport
 			std::unique_ptr<boost::asio::ip::udp::endpoint> m_ProxyRelayEndpoint;
 			std::unique_ptr<boost::asio::deadline_timer> m_ProxyConnectRetryTimer;
 
+			bool m_CheckReserved;
+
 		public:
 
 			// for HTTP/I2PControl
diff --git a/libi2pd/SSU2Session.cpp b/libi2pd/SSU2Session.cpp
index e5261622..9641fafd 100644
--- a/libi2pd/SSU2Session.cpp
+++ b/libi2pd/SSU2Session.cpp
@@ -1471,7 +1471,7 @@ namespace transport
 				ResendHandshakePacket (); // assume we receive
 			return;
 		}
-		if (from != m_RemoteEndpoint && !i2p::util::net::IsInReservedRange (from.address ()))
+		if (from != m_RemoteEndpoint && !(m_Server.GetCheckInReserved() && i2p::util::net::IsInReservedRange (from.address ())))
 		{
 			LogPrint (eLogInfo, "SSU2: Remote endpoint update ", m_RemoteEndpoint, "->", from);
 			m_RemoteEndpoint = from;
@@ -1753,7 +1753,7 @@ namespace transport
 		if (ExtractEndpoint (buf, len, ep))
 		{
 			LogPrint (eLogInfo, "SSU2: Our external address is ", ep);
-			if (!i2p::util::net::IsInReservedRange (ep.address ()))
+			if (!(m_Server.GetCheckInReserved() && i2p::util::net::IsInReservedRange (ep.address ())))
 			{
 				i2p::context.UpdateAddress (ep.address ());
 				// check our port