2bf04648c3
bump -7
2026-05-12 11:43:42 -04:00
d042a7d354
SSU2: Require three consecutive peer tests for IPv6 state changes
...
due to high false-positive firewalled rates
2026-05-12 11:43:10 -04:00
a00bc02fb9
SSU2: Require two peers from different /16s to change address
...
(/32 for IPv6)
suggested by: bottomlineit.co.za
2026-05-11 13:58:32 -04:00
514f0c1237
I2NP: Add missing length checks in readMessage() methods
...
- strict checks in Data, DeliveryStatus, Garlic, TunnelData
- check if we did read over and throw in DatabaseLookup, DatabaseSearchReply
- fix potential leaseset read overrun in DatabaseStore
- convert AIOOBE to I2NPMessageException in I2NPMessageImpl
DLM reported by: bottomlineit.co.za
2026-05-10 17:32:54 -04:00
fac0f85197
I2NP: Enforce 4 bits for RI netdb type in DSM
...
to match current spec
2026-05-10 16:40:32 -04:00
b48cb21119
Remove old NTCP1 I2NPMessageHandler pool, unused
2026-05-10 15:26:16 -04:00
3429f733f3
SSU2: Resurrect hole punch throttling as Charlie
...
Was in SSU 1 code but was never adapted for SSU2 and then got deleted.
Send limit reject code when throttled.
Add conn limit check.
Limits same as previously, to be reviewed and adjusted.
reported by: bottomlineit.co.za
2026-05-08 12:16:37 -04:00
7dbeb265a1
Transport: Disable SSU bid adjustment for new routers as of next release
2026-05-07 13:58:55 -04:00
704f4949e4
bump -6
2026-05-06 13:01:04 -04:00
635584bfcb
Transport: Fix PQ SSU2 I2NP block header, bump -5
...
was using SSU1-style header
remove SSU1 code in fragmenter
reported by: orignal
2026-05-02 18:26:50 -04:00
d2d4325e65
bump -4
2026-05-01 18:28:08 -04:00
4d98a0b62d
SSU2: Increase nonce replay cache size
...
Based on measurement of actual relay requests, typ. rate is calculated
as 6/minute total when at the relaying limit of 100 routers,
or 24 in the 4-minute skew window. Increase cache size from 8 to 32.
reported by: bottomlineit.co.za
2026-05-01 17:57:57 -04:00
5482d470a6
I2NP: Add min length checks to fromRawByteArray() methods
...
reported by: bottomlineit.co.za
2026-05-01 17:07:18 -04:00
04caa91e3e
Transport: Fail-fast if NTCP2 msg 2 padding length is too much
...
reported by: bottomlineit.co.za
2026-05-01 13:34:29 -04:00
6c33651714
i2ptunnel, I2CP, SAM: Add delays on auth failure
...
to slow down repeat attempts
2026-04-27 12:13:18 -04:00
55f55208ad
bump -3
2026-04-26 15:42:53 -04:00
16a188996f
Transport: Fix off-by-one check of SSU2 max fragment number
...
reported by: bottomlineit.co.za
2026-04-25 17:11:37 -04:00
aa77c9a4ab
Router: Don't use InetAddress.getByName() for blocklist IP conversion
...
to make really sure we don't use DNS, and it's slow anyway.
reported by: bottomlineit.co.za
2026-04-25 17:03:13 -04:00
20a10ae0ae
Crypto: Change RFC 7748 DH error to a checked exception
...
so things are cleaned up properly
2026-04-25 15:22:21 -04:00
e9d4b0c7e1
Crypto: Refactor Noise initialization to a separate class
...
with enums for efficiency and sanity
2026-04-25 14:26:52 -04:00
b9bdce41a0
Add missing file for I2CP, bump -2
2026-04-25 10:57:31 -04:00
4c764b5165
bump -1
2026-04-25 10:54:02 -04:00
5e829e4ccb
Transport: Add support for SSU2 PQ hybrid (proposal 169)
...
Gitea PR #533
2026-04-25 10:50:51 -04:00
4f892d6331
I2CP, SAM: Support lookup of ls2 options (proposal 167)
2026-04-25 10:43:58 -04:00
94f62c9e9b
NTCP2: Fail-fast if msg 1 padding length is too much
...
reported by: bottomlineit.co.za
2026-04-25 10:12:41 -04:00
ba572bd1bd
spotbugs fixes all over
2026-04-25 09:53:32 -04:00
2800040dee
Bump version to 2.12.0 and update related files
2026-04-20 09:44:38 -04:00
386a90f6cd
bump -14-rc for review
2026-04-17 14:26:38 -04:00
c8be9527b3
bump -13-rc
2026-04-13 08:14:36 -04:00
77fb8949e0
bump -12-rc
2026-04-08 11:39:39 -04:00
61a65346b1
Router: Increase conn limit for congestion flag
2026-04-04 06:13:33 -04:00
716dca2840
bump -11-rc
2026-04-02 08:33:45 -04:00
2eb223932b
bump -10. -8 and -9 were tagged but not bumped.
2026-03-25 13:11:57 -04:00
fb6d7b15e9
bump -7. Previous -5 was mistakenly tagged as -6
2026-03-24 11:22:32 -04:00
055e916a83
UPnP: Fail fast if no local addresses, don't blame on port conflict
2026-03-23 10:19:39 -04:00
689c7d6db3
Util: Fix PriBlockingQueue log class
2026-03-21 17:13:44 -04:00
c1a4144199
missing change from last commit
2026-03-21 16:21:35 -04:00
9cb902b0ec
NetDB: Force L cap if very low max tunnels
2026-03-21 16:06:19 -04:00
12e2dad36b
SSU2: Set peer test result to firewalled if no peers available to test
...
and uptime > 10m and no incoming connections for 10m
to catch completely broken IPv6.
Increase SSU min peers to 10 to improve chance of peer test success.
2026-03-21 16:05:18 -04:00
3d7af13de0
Stats: Change tunnel.tier* stat rates from 10m,60s to 1h
2026-03-19 11:30:36 -04:00
80bb2b767f
Transports: Add method to get connected transport for peer
...
currently unused, for debugging only
2026-03-19 10:05:17 -04:00
50dda23e11
bump -5
2026-03-17 19:12:34 -04:00
20de9d5c7c
NetDB: Publish D cap if near conn limits
2026-03-17 19:12:34 -04:00
d5e8cf07bb
Console: Mark LS1 encrypted leasesets as deprecated
...
also add notes to javadocs for the KeyRing class used to store the keys
2026-03-13 09:10:16 -04:00
5be6b0ed35
ISJ: Fail peer if it doesn't support ElG or Ratchet
...
as suggested by cims,
although this code probably won't ever be hit
2026-03-12 11:23:25 -04:00
6b1576e780
bump -4
2026-03-07 08:36:53 -05:00
3bc4a2d740
Log level tweaks
2026-03-06 13:56:29 -05:00
51626535bf
NetDB: ISJ fixes for client replies going to main db
...
- Do not fallback to inbound expl. tunnel, result would go to main db where client can't find it
- Default supportsRatchetReplies to true if RI is null, so inbound client tunnel is used
reported by: FreefallHeavens, sidereal, cims
2026-03-06 08:20:06 -05:00
155805789d
Noise: Fix SSU2 MLKEM init (WIP)
2026-03-05 16:52:14 -05:00
e6a673c6f4
bump -3
2026-02-28 18:43:59 -05:00
zzz