Merge pull request #1 from PurpleI2P/openssl

merge "mainline"

appveyor.yml

@@ -17,7 +17,7 @@ environment:
   - MSYSTEM: MINGW32
 
 install:
-- c:\msys64\usr\bin\bash -lc "pacman --noconfirm -Rns gcc-fortran gcc catgets"
+- c:\msys64\usr\bin\bash -lc "pacman --noconfirm -Rns gcc-fortran gcc"
 - c:\msys64\usr\bin\bash -lc "pacman --noconfirm -Syuu "
 
 - c:\msys64\usr\bin\bash -lc "pacman --noconfirm -Syuu"

contrib/i2pd.service

@@ -10,7 +10,7 @@ RuntimeDirectory=i2pd
 RuntimeDirectoryMode=0700
 LogsDirectory=i2pd
 LogsDirectoryMode=0700
-Type=simple
+Type=forking
 ExecStart=/usr/sbin/i2pd --conf=/etc/i2pd/i2pd.conf --tunconf=/etc/i2pd/tunnels.conf --pidfile=/var/run/i2pd/i2pd.pid --logfile=/var/log/i2pd/i2pd.log --daemon --service
 ExecReload=/bin/kill -HUP $MAINPID
 PIDFile=/var/run/i2pd/i2pd.pid

libi2pd/Base.cpp

@@ -210,6 +210,21 @@ namespace data
 		return 4*d.quot;
 	}
 
+	std::string ToBase64Standard (const std::string& in)
+	{
+		auto len = Base64EncodingBufferSize (in.length ());	
+		char * str = new char[len+1];
+		auto l = ByteStreamToBase64 ((const uint8_t *)in.c_str (), in.length (), str, len);
+		str[l] = 0;
+		// replace '-' by '+' and '~' by '/'
+		for (size_t i = 0; i < l; i++)
+			if (str[i] == '-') str[i] = '+';
+			else if (str[i] == '~') str[i] = '/';
+		std::string s(str);
+		delete[] str;
+		return s;
+	}
+
 	/*
 	*
 	* iT64

libi2pd/Base.h

@@ -15,10 +15,13 @@ namespace data {
 	size_t Base32ToByteStream (const char * inBuf, size_t len, uint8_t * outBuf, size_t outLen);
 	size_t ByteStreamToBase32 (const uint8_t * InBuf, size_t len, char * outBuf, size_t outLen);
 
-  /**
+ 	/**
      Compute the size for a buffer to contain encoded base64 given that the size of the input is input_size bytes
-   */
+   	*/
-  size_t Base64EncodingBufferSize(const size_t input_size);
+	size_t Base64EncodingBufferSize(const size_t input_size);
+	
+	std::string ToBase64Standard (const std::string& in); // using standard table, for Proxy-Authorization	
+	
 } // data
 } // i2p
 

libi2pd/Config.cpp

@@ -191,7 +191,7 @@ namespace config {
 				// "https://uk.reseed.i2p2.no:444/," // mamoth's shit
 				"https://i2p-0.manas.ca:8443/,"
 				"https://download.xxlspeed.com/,"
-				"https://reseed-ru.lngserv.ru/,"
+				"https://reseed-fr.i2pd.xyz/,"
 				"https://reseed.atomike.ninja/,"
 				"https://reseed.memcpy.io/,"
 				"https://reseed.onion.im/,"

libi2pd/Streaming.cpp

@@ -903,11 +903,7 @@ namespace stream
 	StreamingDestination::StreamingDestination (std::shared_ptr<i2p::client::ClientDestination> owner, uint16_t localPort, bool gzip):
 		m_Owner (owner), m_LocalPort (localPort), m_Gzip (gzip),
 		m_LastIncomingReceiveStreamID (0),
-		m_PendingIncomingTimer (m_Owner->GetService ()),
+		m_PendingIncomingTimer (m_Owner->GetService ())
-		m_ConnTrackTimer(m_Owner->GetService()),
-		m_ConnsPerMinute(DEFAULT_MAX_CONNS_PER_MIN),
-		m_LastBanClear(i2p::util::GetMillisecondsSinceEpoch()),
-		m_EnableDrop(false)
 	{
 	}
 
@@ -923,7 +919,6 @@ namespace stream
 
 	void StreamingDestination::Start ()
 	{
-		ScheduleConnTrack();
 	}
 
 	void StreamingDestination::Stop ()
@@ -931,15 +926,10 @@ namespace stream
 		ResetAcceptor ();
 		m_PendingIncomingTimer.cancel ();
 		m_PendingIncomingStreams.clear ();
-		m_ConnTrackTimer.cancel();
 		{
 			std::unique_lock<std::mutex> l(m_StreamsMutex);
 			m_Streams.clear ();
 		}
-		{
-			std::unique_lock<std::mutex> l(m_ConnsMutex);
-			m_Conns.clear ();
-		}
 	}
 
 	void StreamingDestination::HandleNextPacket (Packet * packet)
@@ -971,17 +961,7 @@ namespace stream
 				auto incomingStream = CreateNewIncomingStream ();
 				incomingStream->HandleNextPacket (packet); // SYN
 				auto ident = incomingStream->GetRemoteIdentity();
-				if(ident && m_EnableDrop)
+			 
-				{
-					auto ih = ident->GetIdentHash();
-					if(DropNewStream(ih))
-					{
-						// drop
-						LogPrint(eLogWarning, "Streaming: Dropping connection, too many inbound streams from ", ih.ToBase32());
-						incomingStream->Terminate();
-						return;
-					}
-				}
 				m_LastIncomingReceiveStreamID = receiveStreamID;
 
 				// handle saved packets if any
@@ -1176,63 +1156,5 @@ namespace stream
 		return msg;
 	}
 
-	void StreamingDestination::SetMaxConnsPerMinute(const uint32_t conns)
-	{
-		m_EnableDrop = conns > 0;
-		m_ConnsPerMinute = conns;
-		LogPrint(eLogDebug, "Streaming: Set max conns per minute per destination to ", conns);
-	}
-
-	bool StreamingDestination::DropNewStream(const i2p::data::IdentHash & ih)
-	{
-		std::lock_guard<std::mutex> lock(m_ConnsMutex);
-		if (m_Banned.size() > MAX_BANNED_CONNS) return true; // overload
-		auto end = std::end(m_Banned);
-		if ( std::find(std::begin(m_Banned), end, ih) != end) return true; // already banned
-		auto itr = m_Conns.find(ih);
-		if (itr == m_Conns.end())
-			m_Conns[ih] = 0;
-
-		m_Conns[ih] += 1;
-
-		bool ban = m_Conns[ih] >= m_ConnsPerMinute;
-		if (ban)
-		{
-			m_Banned.push_back(ih);
-			m_Conns.erase(ih);
-			LogPrint(eLogWarning, "Streaming: ban ", ih.ToBase32());
-		}
-		return ban;
-	}
-
-	void StreamingDestination::HandleConnTrack(const boost::system::error_code& ecode)
-	{
-		if (ecode != boost::asio::error::operation_aborted)
-		{
-			{ // acquire lock
-				std::lock_guard<std::mutex> lock(m_ConnsMutex);
-				// clear conn tracking
-				m_Conns.clear();
-				// check for ban clear
-				auto ts = i2p::util::GetMillisecondsSinceEpoch();
-				if (ts - m_LastBanClear >= DEFAULT_BAN_INTERVAL)
-				{
-					// clear bans
-					m_Banned.clear();
-					m_LastBanClear = ts;
-				}
-			}
-			// reschedule timer
-			ScheduleConnTrack();
-		}
-	}
-
-	void StreamingDestination::ScheduleConnTrack()
-	{
-		m_ConnTrackTimer.expires_from_now (boost::posix_time::seconds(60));
-		m_ConnTrackTimer.async_wait (
-			std::bind (&StreamingDestination::HandleConnTrack,
-								 shared_from_this (), std::placeholders::_1));
-	}
 }
 }

libi2pd/Streaming.h

@@ -53,22 +53,6 @@ namespace stream
 	const int PENDING_INCOMING_TIMEOUT = 10; // in seconds
 	const int MAX_RECEIVE_TIMEOUT = 30; // in seconds
 
-	/** i2cp option for limiting inbound stremaing connections */
-	const char I2CP_PARAM_STREAMING_MAX_CONNS_PER_MIN[] = "maxconns";
-	/** default maximum connections attempts per minute per destination */
-	const uint32_t DEFAULT_MAX_CONNS_PER_MIN = 600;
-
-	/**
-	 * max banned destinations per local destination
-	 * TODO: make configurable
-	 */
-	const uint16_t MAX_BANNED_CONNS = 9999;
-	/**
-	 * length of a ban in ms
-	 * TODO: make configurable
-	 */
-	const uint64_t DEFAULT_BAN_INTERVAL = 60 * 60 * 1000;
-
 	struct Packet
 	{
 		size_t len, offset;
@@ -273,9 +257,6 @@ namespace stream
 			void HandleDataMessagePayload (const uint8_t * buf, size_t len);
 			std::shared_ptr<I2NPMessage> CreateDataMessage (const uint8_t * payload, size_t len, uint16_t toPort);
 
-			/** set max connections per minute per destination */
-			void SetMaxConnsPerMinute(const uint32_t conns);
-
 			Packet * NewPacket () { return m_PacketsPool.Acquire(); }
 			void DeletePacket (Packet * p) { return m_PacketsPool.Release(p); }
 
@@ -286,13 +267,6 @@ namespace stream
 			std::shared_ptr<Stream> CreateNewIncomingStream ();
 			void HandlePendingIncomingTimer (const boost::system::error_code& ecode);
 
-			/** handle cleaning up connection tracking for ratelimits */
-			void HandleConnTrack(const boost::system::error_code& ecode);
-
-			bool DropNewStream(const i2p::data::IdentHash & ident);
-
-			void ScheduleConnTrack();
-
 		private:
 
 			std::shared_ptr<i2p::client::ClientDestination> m_Owner;
@@ -306,17 +280,7 @@ namespace stream
 			boost::asio::deadline_timer m_PendingIncomingTimer;
 			std::map<uint32_t, std::list<Packet *> > m_SavedPackets; // receiveStreamID->packets, arrived before SYN
 
-			std::mutex m_ConnsMutex;
-			/** how many connections per minute did each identity have */
-			std::map<i2p::data::IdentHash, uint32_t> m_Conns;
-			boost::asio::deadline_timer m_ConnTrackTimer;
-			uint32_t m_ConnsPerMinute;
-			/** banned identities */
-			std::vector<i2p::data::IdentHash> m_Banned;
-			uint64_t m_LastBanClear;
-
 			i2p::util::MemoryPool<Packet> m_PacketsPool;
-			bool m_EnableDrop;
 
 		public:
 

libi2pd/version.h

@@ -21,7 +21,7 @@
 
 #define I2P_VERSION_MAJOR 0
 #define I2P_VERSION_MINOR 9
-#define I2P_VERSION_MICRO 33
+#define I2P_VERSION_MICRO 34
 #define I2P_VERSION_PATCH 0
 #define I2P_VERSION MAKE_VERSION(I2P_VERSION_MAJOR, I2P_VERSION_MINOR, I2P_VERSION_MICRO)
 

libi2pd_client/ClientContext.cpp

@@ -531,6 +531,7 @@ namespace client
 							LogPrint(eLogInfo, "Clients: I2P Client tunnel connect timeout set to ", timeout);
 						}
 
+						auto clientTunnelDest = clientTunnel->GetLocalDestination (); // make copy of destination for possible update
 						auto ins = m_ClientTunnels.insert (std::make_pair (clientEndpoint,	std::unique_ptr<I2PService>(clientTunnel)));
 						if (ins.second)
 						{
@@ -540,10 +541,10 @@ namespace client
 						else
 						{
 							// TODO: update
-							if (ins.first->second->GetLocalDestination () != clientTunnel->GetLocalDestination ())
+							if (ins.first->second->GetLocalDestination () != clientTunnelDest)
 							{
 								LogPrint (eLogInfo, "Clients: I2P client tunnel destination updated");
-								ins.first->second->SetLocalDestination (clientTunnel->GetLocalDestination ());
+								ins.first->second->SetLocalDestination (clientTunnelDest);
 							}
 							ins.first->second->isUpdated = true;
 							LogPrint (eLogInfo, "Clients: I2P client tunnel for endpoint ", clientEndpoint, " already exists");
@@ -567,7 +568,7 @@ namespace client
 					bool gzip = section.second.get (I2P_SERVER_TUNNEL_GZIP, true);
 					i2p::data::SigningKeyType sigType = section.second.get (I2P_SERVER_TUNNEL_SIGNATURE_TYPE, i2p::data::SIGNING_KEY_TYPE_ECDSA_SHA256_P256);
 					i2p::data::CryptoKeyType cryptoType = section.second.get (I2P_CLIENT_TUNNEL_CRYPTO_TYPE, i2p::data::CRYPTO_KEY_TYPE_ELGAMAL);
-					uint32_t maxConns = section.second.get(i2p::stream::I2CP_PARAM_STREAMING_MAX_CONNS_PER_MIN, i2p::stream::DEFAULT_MAX_CONNS_PER_MIN);
+
 					std::string address = section.second.get<std::string> (I2P_SERVER_TUNNEL_ADDRESS, "127.0.0.1");
 					bool isUniqueLocal = section.second.get(I2P_SERVER_TUNNEL_ENABLE_UNIQUE_LOCAL, true);
 
@@ -618,8 +619,6 @@ namespace client
 					else // regular server tunnel by default
 						serverTunnel = new I2PServerTunnel (name, host, port, localDestination, inPort, gzip);
 
-					LogPrint(eLogInfo, "Clients: Set Max Conns To ", maxConns);
-					serverTunnel->SetMaxConnsPerMinute(maxConns);
 					if(!isUniqueLocal)
 					{
 						LogPrint(eLogInfo, "Clients: disabling loopback address mapping");
@@ -641,6 +640,7 @@ namespace client
 						while (comma != std::string::npos);
 						serverTunnel->SetAccessList (idents);
 					}
+					auto serverTunnelDest = serverTunnel->GetLocalDestination ();
 					auto ins = m_ServerTunnels.insert (std::make_pair (
 							std::make_pair (localDestination->GetIdentHash (), inPort),
 					        std::unique_ptr<I2PServerTunnel>(serverTunnel)));
@@ -652,10 +652,10 @@ namespace client
 					else
 					{
 						// TODO: update
-						if (ins.first->second->GetLocalDestination () != serverTunnel->GetLocalDestination ())
+						if (ins.first->second->GetLocalDestination () != serverTunnelDest)
 						{
 							LogPrint (eLogInfo, "Clients: I2P server tunnel destination updated");
-							ins.first->second->SetLocalDestination (serverTunnel->GetLocalDestination ());
+							ins.first->second->SetLocalDestination (serverTunnelDest);
 						}
 						ins.first->second->isUpdated = true;
 						LogPrint (eLogInfo, "Clients: I2P server tunnel for destination/port ",   m_AddressBook.ToAddress(localDestination->GetIdentHash ()), "/", inPort, " already exists");

libi2pd_client/HTTPProxy.cpp

@@ -219,7 +219,7 @@ namespace proxy {
 		/* replace headers */
 		req.UpdateHeader("User-Agent", "MYOB/6.66 (AN/ON)");
 		/* add headers */
-		req.AddHeader("Connection", "close"); /* keep-alive conns not supported yet */
+		req.UpdateHeader("Connection", "close"); /* keep-alive conns not supported yet */
 	}
 
 	/**
@@ -387,18 +387,31 @@ namespace proxy {
 		LogPrint(eLogDebug, "HTTPProxy: ", m_ClientRequestURL.host);
 		m_ClientRequestURL.schema = "";
 		m_ClientRequestURL.host   = "";
+		std::string origURI = m_ClientRequest.uri; // TODO: what do we need to chage uri for?
 		m_ClientRequest.uri = m_ClientRequestURL.to_string();
 
 		m_ClientRequest.write(m_ClientRequestBuffer);
 		m_ClientRequestBuffer << m_recv_buf.substr(m_req_len);
 		
 		// assume http if empty schema
-		if (m_ProxyURL.schema == "" || m_ProxyURL.schema == "http") {
+		if (m_ProxyURL.schema == "" || m_ProxyURL.schema == "http") 
+		{
 			// handle upstream http proxy
 			if (!m_ProxyURL.port) m_ProxyURL.port = 80;
 			if (m_ProxyURL.is_i2p())
 			{
-				m_send_buf = m_recv_buf;
+				m_ClientRequest.uri = origURI;
+				if (!m_ProxyURL.user.empty () || !m_ProxyURL.pass.empty ())
+				{
+					// remove existing authorization if any
+					m_ClientRequest.RemoveHeader("Proxy-");
+					// add own http proxy authorization
+					std::string s = "Basic " + i2p::data::ToBase64Standard (m_ProxyURL.user + ":" + m_ProxyURL.pass);
+					m_ClientRequest.AddHeader("Proxy-Authorization", s);
+				}
+				m_send_buf = m_ClientRequest.to_string();
+				m_recv_buf.erase(0, m_req_len);
+				m_send_buf.append(m_recv_buf);
 				GetOwner()->CreateStream (std::bind (&HTTPReqHandler::HandleStreamRequestComplete,
 					shared_from_this(), std::placeholders::_1), m_ProxyURL.host, m_ProxyURL.port);
 			}
@@ -409,14 +422,18 @@ namespace proxy {
 					m_proxysock->async_connect(ep, std::bind(&HTTPReqHandler::HandleUpstreamHTTPProxyConnect, this, std::placeholders::_1));
 				}));
 			}
-		} else if (m_ProxyURL.schema == "socks") {
+		} 
+		else if (m_ProxyURL.schema == "socks") 
+		{
 			// handle upstream socks proxy
 			if (!m_ProxyURL.port) m_ProxyURL.port = 9050; // default to tor default if not specified
 			boost::asio::ip::tcp::resolver::query q(m_ProxyURL.host, std::to_string(m_ProxyURL.port));
 			m_proxy_resolver.async_resolve(q, std::bind(&HTTPReqHandler::HandleUpstreamProxyResolved, this, std::placeholders::_1, std::placeholders::_2, [&](boost::asio::ip::tcp::endpoint ep) {
 						m_proxysock->async_connect(ep, std::bind(&HTTPReqHandler::HandleUpstreamSocksProxyConnect, this, std::placeholders::_1));
 			}));
-		} else {
+		} 
+		else 
+		{
 			// unknown type, complain
 			GenericProxyError("unknown outproxy url", m_ProxyURL.to_string().c_str());
 		}

libi2pd_client/I2PTunnel.h

@@ -280,8 +280,6 @@ namespace client
 
 			const char* GetName() { return m_Name.c_str (); }
 
-			void SetMaxConnsPerMinute(const uint32_t conns) { m_PortDestination->SetMaxConnsPerMinute(conns); }
-
 		private:
 			void HandleResolve (const boost::system::error_code& ecode, boost::asio::ip::tcp::resolver::iterator it,
 				std::shared_ptr<boost::asio::ip::tcp::resolver> resolver);

qt/i2pd_qt/i2pd_qt.pro

@@ -268,8 +268,14 @@ android {
 }
 
 linux:!android {
-	message("Using Linux settings")
+        message("Using Linux settings")
-	LIBS += -lcrypto -lssl -lboost_system -lboost_date_time -lboost_filesystem -lboost_program_options -lpthread -lminiupnpc
+        LIBS += -lcrypto -lssl -lboost_system -lboost_date_time -lboost_filesystem -lboost_program_options -lpthread -lminiupnpc
+}
+
+windows:!android {
+        message("Using Windows settings")
+        DEFINES += BOOST_USE_WINDOWS_H WINDOWS
+        LIBS += -lcrypto -lssl -lboost_system -lboost_date_time -lboost_filesystem -lboost_program_options -lpthread -lminiupnpc
 }
 
 !android:!symbian:!maemo5:!simulator {