decline transit tunnel to duplicated router

libi2pd/Profiling.cpp

@@ -279,6 +279,15 @@ namespace data
 		return false;
 	}	
 
+	bool IsRouterDuplicated (const IdentHash& identHash)
+	{
+		std::lock_guard<std::mutex> l(g_ProfilesMutex);
+		auto it = g_Profiles.find (identHash);
+		if (it != g_Profiles.end ())
+			return it->second->IsDuplicated ();
+		return false;
+	}	
+		
 	void InitProfilesStorage ()
 	{
 		g_ProfilesStorage.SetPlace(i2p::fs::GetDataDir());

libi2pd/Profiling.h

@@ -113,6 +113,7 @@ namespace data
 
 	std::shared_ptr<RouterProfile> GetRouterProfile (const IdentHash& identHash);
 	bool IsRouterBanned (const IdentHash& identHash); // check only existing profiles
+	bool IsRouterDuplicated (const IdentHash& identHash); // check only existing profiles
 	void InitProfilesStorage ();
 	std::future<void> DeleteObsoleteProfiles ();
 	void SaveProfiles ();

libi2pd/TransitTunnel.cpp

@@ -349,15 +349,23 @@ namespace tunnel
 				
 				if (!retCode)
 				{
-					// create new transit tunnel
+					i2p::data::IdentHash nextIdent(clearText + SHORT_REQUEST_RECORD_NEXT_IDENT_OFFSET);
-					transitTunnel = i2p::tunnel::CreateTransitTunnel (
+					bool isEndpoint = clearText[SHORT_REQUEST_RECORD_FLAG_OFFSET] & TUNNEL_BUILD_RECORD_ENDPOINT_FLAG;
-						bufbe32toh (clearText + SHORT_REQUEST_RECORD_RECEIVE_TUNNEL_OFFSET),
+					if (isEndpoint || !i2p::data::IsRouterDuplicated (nextIdent))
-						clearText + SHORT_REQUEST_RECORD_NEXT_IDENT_OFFSET,
+					{	
-						bufbe32toh (clearText + SHORT_REQUEST_RECORD_NEXT_TUNNEL_OFFSET),
+						// create new transit tunnel
-						layerKey, ivKey,
+						transitTunnel = CreateTransitTunnel (
-						clearText[SHORT_REQUEST_RECORD_FLAG_OFFSET] & TUNNEL_BUILD_RECORD_GATEWAY_FLAG,
+							bufbe32toh (clearText + SHORT_REQUEST_RECORD_RECEIVE_TUNNEL_OFFSET),
-						clearText[SHORT_REQUEST_RECORD_FLAG_OFFSET] & TUNNEL_BUILD_RECORD_ENDPOINT_FLAG);
+							nextIdent,
-					if (!AddTransitTunnel (transitTunnel))
+							bufbe32toh (clearText + SHORT_REQUEST_RECORD_NEXT_TUNNEL_OFFSET),
+							layerKey, ivKey,
+							clearText[SHORT_REQUEST_RECORD_FLAG_OFFSET] & TUNNEL_BUILD_RECORD_GATEWAY_FLAG,
+							isEndpoint);
+						if (!AddTransitTunnel (transitTunnel))
+							retCode = 30;
+					}
+					else
+						// decline tunnel going to duplicated router 
 						retCode = 30;
 				}
 
@@ -477,23 +485,32 @@ namespace tunnel
 							accept = false;
 					}	
 				}	
-				// replace record to reply
+					
 				if (accept)
 				{
-					auto transitTunnel = i2p::tunnel::CreateTransitTunnel (
+					i2p::data::IdentHash nextIdent(clearText + ECIES_BUILD_REQUEST_RECORD_NEXT_IDENT_OFFSET);
-							bufbe32toh (clearText + ECIES_BUILD_REQUEST_RECORD_RECEIVE_TUNNEL_OFFSET),
+					bool isEndpoint = clearText[ECIES_BUILD_REQUEST_RECORD_FLAG_OFFSET] & TUNNEL_BUILD_RECORD_ENDPOINT_FLAG;
-							clearText + ECIES_BUILD_REQUEST_RECORD_NEXT_IDENT_OFFSET,
+					if (isEndpoint || !i2p::data::IsRouterDuplicated (nextIdent))
-							bufbe32toh (clearText + ECIES_BUILD_REQUEST_RECORD_NEXT_TUNNEL_OFFSET),
+					{	
-							clearText + ECIES_BUILD_REQUEST_RECORD_LAYER_KEY_OFFSET,
+						auto transitTunnel = CreateTransitTunnel (
-							clearText + ECIES_BUILD_REQUEST_RECORD_IV_KEY_OFFSET,
+								bufbe32toh (clearText + ECIES_BUILD_REQUEST_RECORD_RECEIVE_TUNNEL_OFFSET),
-							clearText[ECIES_BUILD_REQUEST_RECORD_FLAG_OFFSET] & TUNNEL_BUILD_RECORD_GATEWAY_FLAG,
+								nextIdent,
-							clearText[ECIES_BUILD_REQUEST_RECORD_FLAG_OFFSET] & TUNNEL_BUILD_RECORD_ENDPOINT_FLAG);
+								bufbe32toh (clearText + ECIES_BUILD_REQUEST_RECORD_NEXT_TUNNEL_OFFSET),
-					if (!AddTransitTunnel (transitTunnel))
+								clearText + ECIES_BUILD_REQUEST_RECORD_LAYER_KEY_OFFSET,
+								clearText + ECIES_BUILD_REQUEST_RECORD_IV_KEY_OFFSET,
+								clearText[ECIES_BUILD_REQUEST_RECORD_FLAG_OFFSET] & TUNNEL_BUILD_RECORD_GATEWAY_FLAG,
+								isEndpoint);
+						if (!AddTransitTunnel (transitTunnel))
+							retCode = 30;
+					}	
+					else
+						// decline tunnel going to duplicated router 
 						retCode = 30;
 				}
 				else
 					retCode = 30; // always reject with bandwidth reason (30)
 
+				// replace record to reply
 				memset (record + ECIES_BUILD_RESPONSE_RECORD_OPTIONS_OFFSET, 0, 2); // no options
 				record[ECIES_BUILD_RESPONSE_RECORD_RET_OFFSET] = retCode;
 				// encrypt reply