GithubHelp home page GithubHelp logo

i2p / i2p.i2p Goto Github PK

View Code? Open in Web Editor NEW
2.0K 2.0K 309.0 468.24 MB

I2P is an anonymizing network, offering a simple layer that identity-sensitive applications can use to securely communicate. All data is wrapped with several layers of encryption, and the network is both distributed and dynamic, with no trusted parties.

Home Page: https://geti2p.net

License: Other

Shell 1.11% Java 87.29% HTML 3.69% JavaScript 1.06% Scala 0.09% Python 0.11% Makefile 0.43% C 0.34% Perl 0.02% CSS 4.81% C++ 0.34% Batchfile 0.08% Roff 0.61% Dockerfile 0.01%
anonymity crypto i2p java monotone network p2p router

i2p.i2p's People

Contributors

apsoyka avatar ducki2p avatar echeloni2p avatar eyedeekay avatar hungryhobo avatar hurui200320 avatar jeanluc162 avatar kfeoktistoff avatar kpetku avatar kytvi2p avatar mehdie79 avatar mikalv avatar obscuratus-i2p avatar robertfoss avatar shisheng-1 avatar shoalsteed avatar str4d avatar welterde avatar y2kboy23 avatar zlatinb avatar zzzi2p avatar

Stargazers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

Watchers

 avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar  avatar

i2p.i2p's Issues

2 uses of risky/ broken cryptograhic alogrithm CVE

line #22
// a NoSuchAlgorithmException
} catch (NoSuchMethodError nsme) {
// JamVM, gij
try {
Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");

The CBC mode used in javax.crypto.Cipher.getInstance does not provide integrity. Consided using Galois/Counter Mode.
[‎core/java/src/net/i2p/crypto/CryptoCheck.java]

line 272
private Cipher acquire() {
Cipher rv = _ciphers.poll();
if (rv == null) {
try {
rv = Cipher.getInstance("AES/CBC/NoPadding");

The CBC mode used in javax.crypto.Cipher.getInstance does not provide integrity. Consided using Galois/Counter Mode.
[‎core/java/src/net/i2p/crypto/CryptixAESEngine.java]

Use of Hardcoded, Security-relevant Constants

private static final String PROP_LS_SPK = "i2cp.leaseSetSigningPrivateKey";
// LS 2
public static final String PROP_LS_TYPE = "i2cp.leaseSetType";
private static final String PROP_LS_ENCTYPE = "i2cp.leaseSetEncType";
private static final String PROP_SECRET = "i2cp.leaseSetSecret";

line:70
Avoid hardcoding values that are meant to be secret. Found hardcoded secret.

core/java/src/net/i2p/client/impl/RequestLeaseSetMessageHandler.java#L70)

i2psnark : clear messages button has css issue - light/snark.css:315

i2p 2.6.0
Linux, Firefox 128
i2psnark, only light theme

The "clear messages" button is not properly working, only the top ~10% of the button are clickable, the lower 90% of the icon is not clickable.

The issue seems to be here:
i2psnark/webapps/.resources/themes/light/snark.css:315
in rule .snarkMessages li {

Solution:
disabling the line
mix-blend-mode: multiply;
makes the "clear messages" button fully working again.

fresh install with split-config breaks the addressbook

I'm the maintainer for i2p on Gentoo and we found an issue when freshly installing the package. We are using there a split-install, having a directory in /usr/share/i2p for the install and a separated user directory in /var/lib/i2p. The launcher is started in the install dir, with -Di2p.dir.app=/var/lib/i2p/app -Di2p.dir.config=/var/lib/i2p/config -Di2p.dir.router=/var/lib/i2p/router.

Now, when starting the router for the first time, some install files are copied to the user directory. The hosts.txt is put by it in the config dir.
The default config of the addressbook points to some relative files (for eg defaultSettings.put("router_addressbook", "../hosts.txt")), which is only valid in a non-split setup. The addressbook files resides in the router directory, not in the config one. So we end up with an empty addressbook, which isn't even able to sync with subscriptions as no address can be resolved.

I'm unsure of how to best approach it, I see a few ways to do so but not a clear one (from what I gathered, there is not a dedicated way to know what is the known list of address)

  • should the default config point to the install directory?
    • but files there are not writable, and router_addressbook wants to update it
  • should the migration process actually copy the hosts.txt to the addressbook?
    • there is a bunch of references to "hosts.txt" throughout the code, so I'm scared of having it defined sometimes via the install dir and sometimes via the addressbook

@eyedeekay, btw I registered on git.idk.i2p around a month ago, I would happily continue the conversation there if you accept me :)

i2psnark themes behave different

i2psnark themes behave different

dark: ok
light: torrent names are central aligned, not left-aligned, clear messages button not working
ubergine: ok
vanilla torrent names are central aligned, not left-aligned,

Please make all themes behave the same, I like the light/vanilla one :-)

Thanks.

Improper Neutralization of CRLF Sequences in HTTP Headers number 2

Unsanitized input from data from a remote resource flows into setHeader and reaches an HTTP header returned to the user. This may allow a malicious input that contain CR/LF to split the http response into two responses and the second response to be controlled by the attacker. This may be used to mount a range of attacks such as cross-site scripting or cache poisoning.

router/java/src/org/cybergarage/upnp/Device.java#L485)

functions causing issues
ssdpRes.setST
ssdpReq.setUSN
ssdpReq.setNT
childDevice.announce
announce
device

########################################################
return null;
Node devNode = rootNode.getNode(Device.ELEM_NAME);
if (devNode == null)
return null;
return new Device(rootNode, devNode);
###################################################
Node devNode = getDeviceNode();
Node aux = null;
//
aux = devNode.getParentNode().getParentNode();
return new Device(aux);
######################################################
if (isRootDevice() == true) {
String devNT = getNotifyDeviceNT();
String devUSN = getNotifyDeviceUSN();
ssdpReq.setNT(devNT);
ssdpReq.setUSN(devUSN);
######################################################
ssdpReq.setUSN(devUSN);
ssdpSock.post(ssdpReq);

		String devUDN = getUDN();
		ssdpReq.setNT(devUDN);

#########################################################
ssdpSock.post(ssdpReq);

		String devUDN = getUDN();
		ssdpReq.setNT(devUDN);
		ssdpReq.setUSN(devUDN);

#############################################################
// uuid:device-UUID::urn:schemas-upnp-org:device:deviceType:v
String devNT = getNotifyDeviceTypeNT();
String devUSN = getNotifyDeviceTypeUSN();
ssdpReq.setNT(devNT);
#############################################################
ServiceList serviceList = getServiceList();
int serviceCnt = serviceList.size();
for (int n = 0; n < serviceCnt; n++) {
Service service = serviceList.getService(n);
service.announce(bindAddr);
#############################################################
DeviceList childDeviceList = getDeviceList();
int childDeviceCnt = childDeviceList.size();
for (int n = 0; n < childDeviceCnt; n++) {
Device childDevice = childDeviceList.getDevice(n);
childDevice.announce(bindAddr);
##############################################################
if (bindAddresses[j] == null || bindAddresses[j].length() == 0)
continue;
int ssdpCount = getSSDPAnnounceCount();
for (int i = 0; i < ssdpCount; i++)
announce(bindAddresses[j]);
##############################################################
// uuid:device-UUID(::upnp:rootdevice)*
if (isRootDevice() == true) {
String devNT = getNotifyDeviceNT();
String devUSN = getNotifyDeviceUSN();
ssdpReq.setNT(devNT);
###############################################################
if (isRootDevice() == true) {
String devNT = getNotifyDeviceNT();
String devUSN = getNotifyDeviceUSN();
ssdpReq.setNT(devNT);
ssdpReq.setUSN(devUSN);
################################################################
// uuid:device-UUID::urn:schemas-upnp-org:device:deviceType:v
String devNT = getNotifyDeviceTypeNT();
String devUSN = getNotifyDeviceTypeUSN();
ssdpReq.setNT(devNT);
#######################################################
// uuid:device-UUID::urn:schemas-upnp-org:device:deviceType:v
String devNT = getNotifyDeviceTypeNT();
String devUSN = getNotifyDeviceTypeUSN();
ssdpReq.setNT(devNT);
ssdpReq.setUSN(devUSN);
###############################################
SSDPSearchResponse ssdpRes = new SSDPSearchResponse();
ssdpRes.setLeaseTime(getLeaseTime());
ssdpRes.setDate(cal);
ssdpRes.setST(st);

https://deb.i2p2.de not responding

I'm sorry to open a bug report here for this kind of problem but I've not found a better way.

It's a few weeks the debian reposository is not accessible, is this a know issue?

About 2.6.1 release

👋 looks like 2.6.1 tag got created, but not the release notes? Raise this issue for some awareness. Thanks!

caps=D @ ARM vserver ?

i2p is running at an ARM vserver, but only gets caps = PRD
D == Congested is probably hard coded, because 1st arm here in the past were light headed raspberry pi's ?
But now we have multi cpu ARM vserver - is the "D" still required ?
How can we detect it ?

lscpu

Architecture:             aarch64                                                                                           
  CPU op-mode(s):         32-bit, 64-bit                                                                                    
  Byte Order:             Little Endian                                                                                     
CPU(s):                   6                                                                                                 
  On-line CPU(s) list:    0-5                                                                                               
Vendor ID:                ARM                                                                                               
  Model name:             Neoverse-N1                                                                                       
    Model:                1                                                                                                 
    Thread(s) per core:   1                                                                                                 
    Core(s) per cluster:  6         

I2P Version and Running Environment

I2P version:	2.5.1-0
API version:	0.9.62
Java version:	Debian 17.0.11 (OpenJDK Runtime Environment 17.0.11+9-Debian-1deb12u1)
Wrapper version:	3.5.44
Server version:	9.3.30.v20211001
Servlet version:	Jasper JSP 2.3 Engine (3.1)
JSTL version:	standard-taglib 1.2.0
Platform:	Linux aarch64 6.1.0-20-arm64
Processor:	(armv8)
JBigI status:	Locally optimized library libjbigi-linux-armv8_64.so loaded from file
GMP version:	6.2.0
JBigI version:	4
Encoding:	UTF-8
Charset:	UTF-8
Service:	false
Built:	2024-05-06 19:41:38 UTC
Built By:	idk

Thanks

Router Password

After my initial setup on Windows went perfectly I set a username and password. I can no longer login with the combination I chose. How can I have this reset?

slow

erorro no connect

Docker arm images

Are there any plans on updating the docker image to support ARM?

  • Jason

i2p / Namecoin Integration

Hi!

probably you have heard of Namecoin. Maybe there are ways for us to work together, e.g. make .bit resolve to i2p domains? You are always welcome to our forum.

Cheers,

phelix

multiable Hardcoded Secrets cve

private static final boolean USE_SYSTEM_AES = hasAESNI() && CryptoCheck.isUnlimited();

private static final boolean CACHE = true;
private static final int CACHE_SIZE = 8;
private static final SecretKeySpec ZERO_KEY = new SecretKeySpec(new byte[32], "AES"); line 52

Hardcoded value array {...} is used as a cipher key. Generate the value with a cryptographically strong random number generator such as java.security.SecureRandom instead.
‎core/java/src/net/i2p/crypto/CryptixAESEngine.java
Open this link in a new tab
2 steps in 1 file

Hardcoded Secret

} catch (NoSuchMethodError nsme) {
// JamVM, gij
try {
Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
SecretKeySpec key = new SecretKeySpec(new byte[32], "AES");
27 line

Hardcoded value array {...} is used as a cipher key. Generate the value with a cryptographically strong random number generator such as java.security.SecureRandom instead.
[‎core/java/src/net/i2p/crypto/CryptoCheck.java]

private static final boolean USE_SYSTEM_AES = hasAESNI() && CryptoCheck.isUnlimited();

private static final boolean CACHE = true;
private static final int CACHE_SIZE = 8;
private static final SecretKeySpec ZERO_KEY = new SecretKeySpec(new byte[32], "AES");

line 53

Hardcoded value array {...} is used as a cipher key. Generate the value with a cryptographically strong random number generator such as java.security.SecureRandom instead.
‎core/java/src/net/i2p/crypto/CryptixAESEngine.java

KeyFactory kf = KeyFactory.getInstance("RSA");
// private key is modulus (pubkey) + exponent
BigInteger[] nd = split(pk.getData());
// modulus exponent
KeySpec ks = new RSAPrivateKeySpec(nd[0], nd[1]);
line 513

Hardcoded value array {...} is used as a cipher key. Generate the value with a cryptographically strong random number generator such as java.security.SecureRandom instead.
[‎core/java/src/net/i2p/crypto/SigUtil.java]

".i2p" make it flexible

I was wondering if possible to modify this condition inseted of ".i2p" make it accepting any/flexible ending is that possible or has been discussed before. for example I need to set my domain ppp.y is it possible not to use ppp.i2p ?

path: i2p.i2p\core\java\src\net\i2p\client\naming\EepGetAndAddNamingService.java
if (hostname.length() < 516 && hostname.endsWith(".i2p") && ! hostname.endsWith(".b32.i2p")) {

I'm getting "UPnP is not enabled" even though it is

On http://127.0.0.1:7657/confignet, I have "Enable UPnP to open firewall ports" selected.

On http://127.0.0.1:7657/peers?tx=upnp, it says "UPnP is not enabled".

I'm using the latest I2P version 2.6.1-0, running on Windows 7.

I have tried unselecting it, restarting I2P, selecting it, then restarting I2P again. It didn't affect the issue.

01_i2p_network_config

02_i2p_upnp_config

Logs:

I2P version:		2.6.1-0
API version:		0.9.63
Java version:		Oracle Corporation 1.8.0_341 (Java(TM) SE Runtime Environment 1.8.0_341-b10)
Wrapper version:	none
Server version:		9.3.30.v20211001
Servlet version:	Jasper JSP 2.3 Engine (3.1)
JSTL version:		standard-taglib 1.2.0
Platform:		Windows Server 2008 R2 amd64 6.1
Processor:		Kaby Lake Core i3/i5/i7 (coreibwl)
JBigI status:		Locally optimized library jbigi-windows-coreihwl_64.dll loaded from file
GMP version:		6.0.0
JBigI version:		3
JCpuId version:		3
Encoding:		Cp1252
Charset:		windows-1252
Service:		false
Revision:		903d69eb01b06584d04ea4ac8ccd46b742575793
Built:			2024-08-07 02:00:22 UTC
Built By:		idk
Critical Logs
No log messages
Sep 17, 2024 7:26:26 PM WARN  [main        ] .tunnel.BloomFilterIVValidator: Configured for 11.14MiBps share bandwidth but only 123.00MiB available memory. Recommend running the restartable version of I2P, and increasing wrapper.java.maxmemory in C:\Program Files\i2p\wrapper.config to at least 140 (MB) if the actual share bandwidth exceeds 512.00KiBps.
Sep 17, 2024 7:34 PM	Reachability change	from OK to Firewalled
Sep 17, 2024 7:26 PM	Started router	2.6.1-0
Sep 17, 2024 7:26 PM	Stopped router	3
Sep 17, 2024 5:20 PM	Started router	2.6.1-0
Sep 17, 2024 5:20 PM	Crashed	64 sec ago
Sep 17, 2024 5:19 PM	Started router	2.6.1-0
Sep 17, 2024 5:19 PM	Crashed	56 min ago
Sep 17, 2024 7:10 AM	Started router	2.6.1-0
Sep 16, 2024 11:41 PM	Stopped router	3
Sep 16, 2024 11:04 PM	Reseeded router	152
Sep 16, 2024 11:04 PM	New router identity	65rE14tdjumBC3vItKqfXSngsL3tEH0iezGArrx8GF4=
Sep 16, 2024 11:04 PM	Started router	2.6.1-0
Setting up new user directory C:\Users\Administrator\AppData\Local\I2P
Created File C:\Users\Administrator\AppData\Local\I2P\eepsite
Created File C:\Users\Administrator\AppData\Local\I2P\eepsite\cgi-bin
Created File C:\Users\Administrator\AppData\Local\I2P\eepsite\contexts
Copied File C:\Program Files\i2p\eepsite\contexts\base-context.xml
Copied File C:\Program Files\i2p\eepsite\contexts\cgi-context.xml
Created File C:\Users\Administrator\AppData\Local\I2P\eepsite\docroot
Copied File C:\Program Files\i2p\eepsite\docroot\favicon.ico
Created File C:\Users\Administrator\AppData\Local\I2P\eepsite\docroot\help
Copied File C:\Program Files\i2p\eepsite\docroot\help\index.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_ar.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_az.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_de.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_el.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_es.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_fa.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_fr.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_hu.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_in.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_it.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_ja.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_nl.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_pl.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_pt.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_ro.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_ru.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_sv.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_tr.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_uk.html
Copied File C:\Program Files\i2p\eepsite\docroot\help\index_zh.html
Created File C:\Users\Administrator\AppData\Local\I2P\eepsite\docroot\help\lib
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\az.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\brown.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\cn.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\de.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\eepsite.css
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\eepsite_zh.css
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\es.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\fr.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\gr.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\h2bg.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\hu.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\id.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\ir.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\it.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\itoopie.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\jetty-dir.css
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\jp.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\lang_ar.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\nl.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\pagebg.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\pl.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\pt.png
Created File C:\Users\Administrator\AppData\Local\I2P\eepsite\docroot\help\lib\resources
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\resources\audio.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\resources\file.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\resources\flash.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\resources\folder.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\resources\folder_32x32.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\resources\folder_open.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\resources\image.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\resources\iso.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\resources\pdf.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\resources\playlist.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\resources\text.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\resources\video.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\resources\word.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\resources\zip.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\ro.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\ru.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\se.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\tr.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\ua.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\lib\us.png
Copied File C:\Program Files\i2p\eepsite\docroot\help\pagetemplate.html
Copied File C:\Program Files\i2p\eepsite\docroot\index.html
Copied File C:\Program Files\i2p\eepsite\docroot\robots.txt
Created File C:\Users\Administrator\AppData\Local\I2P\eepsite\etc
Copied File C:\Program Files\i2p\eepsite\etc\realm.properties
Copied File C:\Program Files\i2p\eepsite\etc\webdefault.xml
Copied File C:\Program Files\i2p\eepsite\jetty-jmx.xml
Copied File C:\Program Files\i2p\eepsite\jetty-rewrite.xml
Copied File C:\Program Files\i2p\eepsite\jetty-ssl.xml
Copied File C:\Program Files\i2p\eepsite\jetty.xml
Created File C:\Users\Administrator\AppData\Local\I2P\eepsite\logs
Created File C:\Users\Administrator\AppData\Local\I2P\eepsite\webapps
Copied File C:\Program Files\i2p\hosts.txt
Copied File C:\Program Files\i2p\i2psnark.config
Copied File C:\Program Files\i2p\i2ptunnel.config
Copied C:\Program Files\i2p\eepsite\jetty.xml with modifications
Copied C:\Program Files\i2p\eepsite\jetty-ssl.xml with modifications
Copied C:\Program Files\i2p\eepsite\contexts\base-context.xml with modifications
Copied C:\Program Files\i2p\eepsite\contexts\cgi-context.xml with modifications
Copied file C:\Program Files\i2p\clients.config with modifications
Successfully copied data files to new user directory C:\Users\Administrator\AppData\Local\I2P
INFO: Native CPUID library jcpuid-x86-windows.dll loaded from resource
INFO: Resource name [jbigi-windows-coreibwl_64.dll] was not found
INFO: Resource name [jbigi-windows-coreibwl.dll] was not found
INFO: Loaded library: jar:file:/C:/Program%20Files/i2p/lib/jbigi.jar!/jbigi-windows-coreihwl_64.dll
INFO: Native BigInteger library jbigi-windows-coreihwl_64.dll loaded from resource
Reseed start
Reseeding from https://i2p.novg.net/i2pseeds.su3?netid=2
INFO: 77 files extracted to C:\Users\ADMINI~1\AppData\Local\Temp\i2p-0E5fyZEX.tmp\reseeds-759942971
Reseed got 77 router infos from https://i2p.novg.net/i2pseeds.su3?netid=2 with 0 errors
Reseeding from https://reseed-fr.i2pd.xyz/i2pseeds.su3?netid=2
INFO: 75 files extracted to C:\Users\ADMINI~1\AppData\Local\Temp\i2p-0E5fyZEX.tmp\reseeds-1691944963
Reseed got 75 router infos from https://reseed-fr.i2pd.xyz/i2pseeds.su3?netid=2 with 0 errors
Reseed successful, fetched 152 router infos
Sep 16, 2024 11:41:45 PM CRIT  [ShutdownHook] net.i2p.router.Router         : Shutdown imminent
Sep 16, 2024 11:41:45 PM CRIT  [ShutdownHook] net.i2p.router.Router         : Shutdown(3) complete
INFO: Native CPUID library jcpuid-x86-windows loaded from file
INFO: Locally optimized library jbigi-windows-coreihwl_64.dll loaded from file
WARN: Configured for 11.14MiBps share bandwidth but only 123.00MiB available memory. Recommend running the restartable version of I2P, and increasing wrapper.java.maxmemory in C:\Program Files\i2p\wrapper.config to at least 140 (MB) if the actual share bandwidth exceeds 512.00KiBps.
2024/09/17 17:18:44 | --> Wrapper Started as Console
2024/09/17 17:18:44 | Java Service Wrapper Community Edition 64-bit 3.5.25
2024/09/17 17:18:44 |   Copyright (C) 1999-2014 Tanuki Software, Ltd. All Rights Reserved.
2024/09/17 17:18:44 |     http://wrapper.tanukisoftware.com
2024/09/17 17:18:44 | 
2024/09/17 17:18:45 | Launching a JVM...
2024/09/17 17:19:06 | WrapperManager: Initializing...
2024/09/17 17:19:09 | Starting I2P 2.6.1-0
2024/09/17 17:19:10 | WARN: Old router was not shut down gracefully, deleting C:\Users\Administrator\AppData\Local\I2P\router.ping
2024/09/17 17:19:11 | INFO: Native CPUID library jcpuid-x86-windows loaded from file
2024/09/17 17:19:11 | INFO: Locally optimized library jbigi-windows-coreihwl_64.dll loaded from file
2024/09/17 17:19:15 | WARN: Configured for 11.14MiBps share bandwidth but only 245.50MiB available memory. Recommend increasing wrapper.java.maxmemory in C:\Program Files\i2p\wrapper.config to at least 281 (MB) if the actual share bandwidth exceeds 1.50MiBps.
WARN: There may be another router already running. Waiting a while to be sure...
WARN: Old router was not shut down gracefully, deleting C:\Users\Administrator\AppData\Local\I2P\router.ping
INFO: No, there wasn't another router already running. Proceeding with startup.
INFO: Native CPUID library jcpuid-x86-windows loaded from file
INFO: Locally optimized library jbigi-windows-coreihwl_64.dll loaded from file
WARN: Configured for 11.14MiBps share bandwidth but only 123.00MiB available memory. Recommend running the restartable version of I2P, and increasing wrapper.java.maxmemory in C:\Program Files\i2p\wrapper.config to at least 140 (MB) if the actual share bandwidth exceeds 512.00KiBps.
Sep 17, 2024 7:26:08 PM CRIT  [ShutdownHook] net.i2p.router.Router         : Shutdown imminent
Sep 17, 2024 7:26:09 PM CRIT  [ShutdownHook] net.i2p.router.Router         : Shutdown(3) complete
INFO: Native CPUID library jcpuid-x86-windows loaded from file
INFO: Locally optimized library jbigi-windows-coreihwl_64.dll loaded from file
WARN: Configured for 11.14MiBps share bandwidth but only 123.00MiB available memory. Recommend running the restartable version of I2P, and increasing wrapper.java.maxmemory in C:\Program Files\i2p\wrapper.config to at least 140 (MB) if the actual share bandwidth exceeds 512.00KiBps.

i2psnark.upbw.max not applied after restart.

db52cc7 i2psnark: Bandwidth limiter improvements introduced a bug:
i2psnark.upbw.max is not applied during restart.
Though the desired value is present in i2psnark.config file.
i2psnark.downbw.max is not affected.

I think the bug is here:

SnarkManager.java, getBWLimit()

            int maxup = getInt(PROP_UPBW_MAX, DEFAULT_MAX_UP_BW);
            _util.setMaxUpBW(up);
            _bwManager.setUpBWLimit(Math.min(up, maxup) * 1000L);

--> setMaxUpBW is called before the Math.min ?

Thanks.

Respect for building in Java

It's so wicked what y'all are building, I've been watching for a few years & respect for the immense progress!

Just gonna say, java? (ewww) lol but better than C (eww)

I2P Service launches on non-AppDataLocal nor ProgramData instance

I've reinstalled I2P after letting it decay for a long while. However, once I let it run and then install the service via the router console, I2P runs it's system (through the I2P service) on the following address:
C:\WINDOWS\system32\config\systemprofile\AppData\Local\i2p

I now have basically three versions of the I2P directory via that link, my %LOCALAPPDATA% link, and the %PROGRAMDATA% link.

Observable Timing Discrepancy (Timing Attack)

    return digestHexCache;
}

public boolean digestEquals(byte[] otherDigest) {
    return Arrays.equals(digest, otherDigest);

An attacker can guess the secret value of digest because it is compared using java.util.Arrays.equals, which is vulnerable to timing attacks. Use java.security.MessageDigest.isEqual to compare values securely.
line:154
/core/java/src/org/minidns/record/DelegatingDnssecRR.java#L154)

Link to an Irc2P client on I2P router console home

Not that it's too difficult to connect an existing IRC client to the Irc2P network, but I think it would be nice to have an icon on the homepage for easy access.

I'm not really a web developer, but it seems like all you'd need to do is include a javascript IRC client configured to point to localhost:6668. Freenode's webchat does this using qwebirc (https://webchat.freenode.net/).

If we think this would be useful/feasible, I could have a go at implementing this myself.

"headless" installer is not "headless"

java -jar i2pinstall_0.9.22.jar -console prompts for info, is there a way, or can you add a way to actually install this without any prompting? Thanks.

Was working then suddenly stopped

Using debian bullseye I installed i2p using the package manager and it was working fine at first. Could access clearnet and i2p sites all I had to do was set my proxy settings to 127.0.0.1 and port 4444 and it worked. Now I am doing exactly the same thing (haven't changed a thing on the computer) but now I can't access either clearnet or i2p websites. Either proxy refused connection or website timeouts on clearnet websites.

It's so annoying when you install a program and it works fine. Then you start it up again after changing absolutely nothing and yet it refuses to work properly. Not sure what's causing it to not work but assuming a bug considering it was working then suddenly stopped and I can still access configuration page etc. and all settings are correct. i2prouter status reports everything running as normal.

Inadequate Encryption Strength CVE multiables

if (_log.shouldLog(Log.INFO))
_log.info("Loaded total of " + totalAdds + " new trusted certificates");

    try {
        SSLContext sslc = SSLContext.getInstance("TLS");

line:430

Implement secure HTTPS communication. Consider using latest TLSv1.2 instead of javax.net.ssl.SSLContext.getInstance.
[‎core/java/src/net/i2p/util/SSLEepGet.java]

    return false;
    }
    InputStream fis = null;
    try {
        SSLContext sslc = SSLContext.getInstance("TLS");

line:141

Implement secure HTTPS communication. Consider using latest TLSv1.2 instead of javax.net.ssl.SSLContext.getInstance.
[‎router/java/src/net/i2p/router/client/SSLClientListenerRunner.java]

        // don't continue, since we didn't load the system keystore, we have nothing.
        throw new GeneralSecurityException(msg);
    }

529: SSLContext sslc = SSLContext.getInstance("TLS");

Implement secure HTTPS communication. Consider using latest TLSv1.2 instead of javax.net.ssl.SSLContext.getInstance.
[‎core/java/src/net/i2p/util/I2PSSLSocketFactory.java]

   }

    InputStream fis = null;
    try {

#198 SSLContext sslc = SSLContext.getInstance("TLS");

Implement secure HTTPS communication. Consider using latest TLSv1.2 instead of javax.net.ssl.SSLContext.getInstance.
[‎apps/i2ptunnel/java/src/net/i2p/i2ptunnel/SSLClientUtil.java]

    }

    InputStream fis = null;
    try {
        SSLContext sslc = SSLContext.getInstance("TLS");

163:

[‎apps/sam/java/src/net/i2p/sam/client/SSLUtil.java]

    }

    InputStream fis = null;
    try {
        SSLContext sslc = SSLContext.getInstance("TLS");

162:
[‎apps/sam/java/src/net/i2p/sam/SSLUtil.java

learn how to fix
https://learn.snyk.io/lesson/insecure-hash/?authenticate=automatic

Unzip to folder

Please unzip to a folder with the project name. E.g. if the installer is run from ~/Downloads/, unzip to ~/Downloads/i2p/.

4 open redirects CVE

Open Redirect

url = url.substring(0, qq);
buf.append(url);
if (q != null && q.length() > 0)
buf.append(q.replace("&", "&")); // no you don't html escape the redirect header
resp.setHeader("Location", buf.toString());
line # 2480

[‎apps/susimail/src/src/i2p/susi/webmail/WebMail.java]
Open this link in a new tab

   url = url.substring(0, url.length() - 5);
    buf.append(url);
    if (p.length() > 0)
        buf.append(p.replace("&amp;", "&"));  // no you don't html escape the redirect header
    resp.setHeader("Location", buf.toString());

line 1617

Unsanitized input from the request URL flows into setHeader, where it is used as an URL to redirect the user. This may result in an Open Redirect vulnerability.
[‎apps/i2psnark/java/src/org/klomp/snark/web/I2PSnarkServlet.java]

Unsanitized input from the request URL flows into setHeader, where it is used as an URL to redirect the user. This may result in an Open Redirect vulnerability.
[‎apps/routerconsole/jsp/index.jsp:50]

Unsanitized input from the request URL flows into setHeader, where it is used as an URL to redirect the user. This may result in an Open Redirect vulnerability.
[‎apps/routerconsole/java/src/net/i2p/router/web/HostCheckHandler.java:193]

Improper Neutralization of CRLF Sequences in HTTP Headers

	SSDPNotifyRequest ssdpReq = new SSDPNotifyRequest();
	ssdpReq.setServer(UPnP.getServerName());
	ssdpReq.setLeaseTime(dev.getLeaseTime());
	ssdpReq.setLocation(devLocation);

lines 661 ,
664, ssdpReq.setUSN(serviceUSN);
686, ssdpReq.setUSN(devUSN);
711, dev.postSearchResponse(ssdpPacket, serviceNT, serviceUSN);
716, dev.postSearchResponse(ssdpPacket, serviceType, serviceUSN);

Unsanitized input from data from a remote resource flows into setHeader and reaches an HTTP header returned to the user. This may allow a malicious input that contain CR/LF to split the http response into two responses and the second response to be controlled by the attacker. This may be used to mount a range of attacks such as cross-site scripting or cache poisoning.

router/java/src/org/cybergarage/upnp/Service.java#L661)

Floodfill router DoS Mitigation

In light of the recent Floodfill router DDoS. Denial-of-service is an effective means of censorship and I can see attacks like this becoming a bigger concern on the network. Seeing as the basis of this attack is that there simply are too many of floodfill routers, the first step is making it more difficult to create new floodfill routers and have them join:

  1. Each node should have a hard-coded ceiling IP address limit - seeing a floodfill advertisement or a direct connection will count against the IP limit. In practice I think a limit of ~10 would be unlikely to filter legitimate traffic, once the cap is hit - ignore future advertisements for that "unique" floodfill.
  2. Require that floodfill routers generate a unique, timestamped zoro-prefix'ed signature as a proof-of-work that is used for their first advertisement. A CPU bound process local process of a PoW will limit a floodfill router's ability eating community DHT resources. Even generating just one PoW would make floodfilll DoS more difficult to carry out.

Another approach is a reputation system, and being able to report on reputation solves the problem of a large number of floodfill routers working together and refusing to forwarding traffic.

  1. Use a libp2p-style pub/sub establish a CRDT communal counter (OrbitDB has one of these data types). Each counter is a k/v pair of the hash of the public key of a node on the network so that anyone can lookup a reputation score of a public key using the DHT.
  2. Votes which have been cast by nodes with higher reputation should be seen as more valuable, where as votes cast by nodes without reputation should be seen as less so.
  3. On a regular interval a high-reputation node to establish connections with nodes, and subtract reputation if a message wasn't routed. (not all that unlike PoS elections)

Nodes gain reputation through good actions - and can quickly loose it for misbehaving, which is why judgement needs to be carried out by another trusted node on the network, but not the same node - a randomly elected node, which is similar to Ethereum's Proof of Stake election system.

If i am not mistaken the attacker wants to find as many legitimate floodfill routers out there to flood them with new requests which are then re-transmitted. I don't know how difficult it is to enumerate all floodfill routers. I suspect this is already happening, where a passive observer can collect them all. I'm not sure what we would gain by hiding them, or if hiding the list of routers is even possible.

Doesn't work

Latest version of i2p installed from the debian repository. Connecting to i2p websites gives connection reset error, connecting to clearnet gives connection refused error.

Any chance of this software ever working properly or shall I just forget about it.

Docker instructions out of date

Greetings and thank you for your great work!

I have to report that I ran into issues with Docker and docker-compose lately, and I hope I‘m in the right spot here to address what I found.

So when updating today after some weeks of operation, my whole setup basically died. As I found out, the reason is that I‘m told e.g. here to mount my config to /i2p/.i2p, but now everything sits directly in /i2p inside the container. So I ended up with an ignored folder where my config etc. sits and stuff like router.config is duplicated in i2p but only contains very brief defaults, so nothing works.

Pinning the image in my docker-compose.yaml like so does the trick for now: image: geti2p/i2p:i2p-i2p-2.1.0 This way though, I‘m cut off from updates etc., so I‘d rather know how I‘m supposed to mount my config etc. into the container - over time, my .i2p folder accumulated some stuff and mounting every file manually into the container doesn‘t seem feasible to me.

Again, thanks for the effort of maintaining this for already two decades, and regards!

router memory usage huge and not limitid by jvm size

hi,

docker, 2.1.0-2 and 2.0.0.

router console says:
image

compose is set with this:
image

docker stats says:
image
so, i dont know where the 2496MB limit comes from.

the memory amount keeps filling until the max, then i looks like i2p crashes and restarts. Cant find any logs that show me an error.

//--
removed the compose JVM_XMX environment variable:
image

I2P "B33" / Encrypted Base32 Address Encoding In Rust

Overview

Hello, I'm attempting to work with encrypted leasesets using rust, and am having difficulties calculating the encrypted/blinded destination address. Any attempt at using the derived b33 addresses results in a lookup error being returned:

Corrupt b32 address (or unsupported options)

Implementation

So far this is the function I have written modified from the java implementation

pub fn b33_address(
  public_key_data: &[u8], 
  public_key_type: u8,
  require_secret: bool, 
  client_auth: bool
) -> Option<String> {
    if public_key_type != 7 && public_key_type != 11 {
      return None;
    }
    let mut data_vec = Vec::with_capacity(public_key_data.len()+3);
    data_vec.extend_from_slice(&[0, 0, 0]);
    data_vec.extend_from_slice(public_key_data);
    let summer: Crc<u32> = Crc::<u32>::new(&crc::CRC_32_CKSUM);
    let chk_sum = summer.checksum(&data_vec[3..]);
    if require_secret {
      data_vec[0] = 0x02;
    }
    if client_auth {
      data_vec[0] |= 0x04;
    }
    data_vec[1] = (public_key_type & 0xff) as u8;
    data_vec[2] = (11 & 0xff) as u8;
    data_vec[0] ^= chk_sum as u8;
    data_vec[1] ^= (chk_sum >> 8) as u8;
    data_vec[2] ^= (chk_sum >> 16) as u8;
    Some(format!("{}.b32.i2p", BASE32_I2P.encode(&data_vec)))
}

And here is how I'm testing:

    let pub_key = "3eFx8MpIlacWgW0sooXtYUXsd61WpbmnZscoiDIBlbQ=".to_string();
    let pub_key = BASE64_I2P.decode(pub_key.as_bytes()).unwrap();
    let addr =b33_address(&pub_key[..],7, true, true).unwrap();
    println!("{}", addr);

Note that to generate the base64 string stored in the variable pub_key, I'm using the i2p-rs library, and running the following from

	let (pubkey, seckey) = {
		let mut sam_conn = SamConnection::connect(DEFAULT_API).unwrap();
		sam_conn
			.generate_destination(SignatureType::EdDsaSha512Ed25519)
			.unwrap()
	};
	let decoded = BASE64_I2P.decode(pubkey.as_bytes()).unwrap();
        // the output of this is stored in the `pub_key` variable
	println!("public key {}", BASE64_I2P.encode(&decoded[0..32]));

The result of the test is the following "b33" address m7nz7xpbohymusevu4lic3jmukc62ykf5r322vvfxgtwnrzirazadfnu.b32.i2p however when attempting to navigate to that address using my web browser, I receive the following error message

Corrupt b32 address (or unsupported options)

Key Material

I've included the following keys generated via the SAM api, using sig type 7 (EdDSA_SHA512_Ed25519)

Public Key:

3eFx8MpIlacWgW0sooXtYUXsd61WpbmnZscoiDIBlbTd4XHwykiVpxaBbSyihe1hRex3rValuadmxyiIMgGVtN3hcfDKSJWnFoFtLKKF7WFF7HetVqW5p2bHKIgyAZW03eFx8MpIlacWgW0sooXtYUXsd61WpbmnZscoiDIBlbTd4XHwykiVpxaBbSyihe1hRex3rValuadmxyiIMgGVtN3hcfDKSJWnFoFtLKKF7WFF7HetVqW5p2bHKIgyAZW03eFx8MpIlacWgW0sooXtYUXsd61WpbmnZscoiDIBlbTd4XHwykiVpxaBbSyihe1hRex3rValuadmxyiIMgGVtN3hcfDKSJWnFoFtLKKF7WFF7HetVqW5p2bHKIgyAZW03eFx8MpIlacWgW0sooXtYUXsd61WpbmnZscoiDIBlbTd4XHwykiVpxaBbSyihe1hRex3rValuadmxyiIMgGVtN~I24i13ln4SUng99dgTQX33scumIuRGu38WuL80hc3BQAEAAcAAA==

Secret Key:

3eFx8MpIlacWgW0sooXtYUXsd61WpbmnZscoiDIBlbTd4XHwykiVpxaBbSyihe1hRex3rValuadmxyiIMgGVtN3hcfDKSJWnFoFtLKKF7WFF7HetVqW5p2bHKIgyAZW03eFx8MpIlacWgW0sooXtYUXsd61WpbmnZscoiDIBlbTd4XHwykiVpxaBbSyihe1hRex3rValuadmxyiIMgGVtN3hcfDKSJWnFoFtLKKF7WFF7HetVqW5p2bHKIgyAZW03eFx8MpIlacWgW0sooXtYUXsd61WpbmnZscoiDIBlbTd4XHwykiVpxaBbSyihe1hRex3rValuadmxyiIMgGVtN3hcfDKSJWnFoFtLKKF7WFF7HetVqW5p2bHKIgyAZW03eFx8MpIlacWgW0sooXtYUXsd61WpbmnZscoiDIBlbTd4XHwykiVpxaBbSyihe1hRex3rValuadmxyiIMgGVtN~I24i13ln4SUng99dgTQX33scumIuRGu38WuL80hc3BQAEAAcAAMTRtED335Fs3UCsTmT65U~tnkqMzcfGprDZ6UDKCFp~LPWL73lcud9JTpSk2JIRbskxFLKziPwTi-O2rC4nsjDDxLsHowR--R1bloIjn73S7T-Wcy2FCbZgsi~O~vhKEZohlnCI46GwgNJVwRHr0AvBfe4VrZFfF-ti73alo0Jv3m-C15vReuwS15JW1DN2mFI6FqB4bru0wIqi359JprVgTSrViIdNAmLpVtaoLuCAt-iT6Uhr2F6xncw~yz1UFmqpRQqszUTk09vluEKeWZomc9v7sPUvpCjQKoahD2pP7svlxuAXIDGGrTpNg3U~7vrp1eFXt1y6FzrRI6HzgnVfbU5EIqQTI~FqdQAr9uVV5590LzJfSShF32I83oMWDQ==

multiable Use of Password Hash With Insufficient Computational Effort :CVE

The SHA-1 hash (used in java.security.MessageDigest.getInstance) is insecure. Consider changing it to a secure hash algorithm

boolean useBitzi = true;
    if (SystemVersion.isApache() ||            // Harmony
        SystemVersion.isGNU()) {               // JamVM or gij
        try {

128: MessageDigest.getInstance("SHA-1");

[‎core/java/src/net/i2p/crypto/SHA1.java

 */
public static MessageDigest getInstance() {
    if (!_useBitzi) {
        try {

65: return MessageDigest.getInstance("SHA-1");
[‎core/java/src/com/nettgryppa/security/HashCash.java

    throw new IllegalArgumentException("Resource may not contain a colon.");

HashCash result = new HashCash();

179: MessageDigest md = MessageDigest.getInstance("SHA1");

[‎core/java/src/com/nettgryppa/security/HashCash.java]

 *  @return 16 bytes, or null on error
 */
public static byte[] md5Sum(byte[] data) {
    try {

229: MessageDigest md = MessageDigest.getInstance("MD5");

[‎core/java/src/net/i2p/util/PasswordManager.java] core/java/src/net/i2p/util/PasswordManager.java#L229)

The MD5 hash (used in java.security.MessageDigest.getInstance) is insecure. Consider changing it to a secure hash algorithm

    // for backwards compatability.  next time we have a backwards
    // incompatible change, we should update this by removing ", 32"
    // SEE NOTES ABOVE
    try {

108: MessageDigest md = MessageDigest.getInstance("MD5");

/router/java/src/net/i2p/router/transport/udp/SSUHMACGenerator.java#L108)

	s.append(ipInt);
	s.append('+');
	s.append(inetSalt);
	MessageDigest md;

95: md = MessageDigest.getInstance("SHA1");

apps/imagegen/identicon/core/src/main/java/com/docuverse/identicon/IdenticonUtil.java#L95)

Use of Hardcoded Credentials

*/
public static KeyStore createKeyStore(File ksFile, String password)
throws GeneralSecurityException, IOException {
boolean exists = ksFile != null && ksFile.exists();
char[] pwchars = password != null ? password.toCharArray() : null;

Do not hardcode passwords in code. Found hardcoded password used in
core/java/src/net/i2p/crypto/KeyStoreUtil.java#L155)

following lines 155,170,204,223,245,251,258,1021,1050,1152,1184,1209,1443,

DEFAULT_KEYSTORE_PASSWORD.toCharArray());

password.toCharArray() :

ksPW.toCharArray()

apps/i2pcontrol/java/net/i2p/i2pcontrol/security/SecurityManager.java#L43)


``` **
 * Manage the password storing for I2PControl.
 */
public class SecurityManager {
    public final static String DEFAULT_AUTH_PASSWORD = "itoopie";

multiable SSRF server side request forgery CVE

n sanitized input from data from a remote resource flows into openConnection, where it is used as an URL to perform a request. This may result in a Server-Side Request Forgery vulnerability.
‎router/java/src/org/cybergarage/xml/Parser.java:97

‎router/java/src/org/cybergarage/xml/Parser.java:135
‎core/java/src/net/i2p/util/EepGet.java:310
‎router/java/src/org/cybergarage/xml/Parser.java:160

stack guard error

On startup, I get the following error:

Starting I2P 2.3.0-4
OpenJDK 64-Bit Server VM warning: You have loaded library /tmp/i2p-DBusBrQL.tmp/libjbigi.so which might have disabled stack guard. The VM will try to fix the stack guard now.
It's highly recommended that you fix the library with 'execstack -c <libfile>', or link it with '-z noexecstack'.

I am running image geti2p/i2p:latest.

Many sites not accessible with 2.3.0 docker image

The latest Docker image running 2.3.0-1 is unable to connect to most sites. Planet I2P works fine, but many others, such as notbob and the I2P forum, present an error screen that says "The website was not reachable, because it uses encryption options that are not supported by your I2P or Java version."

It was working under 2.2.0. Because I upgraded I also tested with a fresh config and still get the same error.

ERROR: Failed to start i2ptunnel java.lang.NoClassDefFoundError: jakarta/servlet/ServletException

I previously, for version 2.0.0 I believe, followed the instructions for installation on debian here.

I built this as a docker image.
Everything worked fine.

Today I basically rebuilt it all, to pull in the latest i2p packages.

When starting i2p router, I see errors like these in the logs:

2023/03/22 16:31:23 | ERROR: Failed to start i2ptunnel java.lang.NoClassDefFoundError: jakarta/servlet/ServletException
2023/03/22 16:31:23 | java.lang.NoClassDefFoundError: jakarta/servlet/ServletException
2023/03/22 16:31:23 | 	at java.base/java.lang.Class.getDeclaredConstructors0(Native Method)
2023/03/22 16:31:23 | 	at java.base/java.lang.Class.privateGetDeclaredConstructors(Class.java:3373)
2023/03/22 16:31:23 | 	at java.base/java.lang.Class.getConstructor0(Class.java:3578)
2023/03/22 16:31:23 | 	at java.base/java.lang.Class.getDeclaredConstructor(Class.java:2754)
2023/03/22 16:31:23 | 	at org.eclipse.jetty.server.handler.ContextHandler$StaticContext.createInstance(ContextHandler.java:2902)
2023/03/22 16:31:23 | 	at org.eclipse.jetty.servlet.ServletContextHandler$Context.createInstance(ServletContextHandler.java:1299)
2023/03/22 16:31:23 | 	at org.eclipse.jetty.server.handler.ContextHandler$StaticContext.createServlet(ContextHandler.java:2919)
2023/03/22 16:31:23 | 	at org.eclipse.jetty.servlet.ServletHolder.newInstance(ServletHolder.java:1202)
2023/03/22 16:31:23 | 	at org.eclipse.jetty.servlet.ServletHolder.initServlet(ServletHolder.java:592)
2023/03/22 16:31:23 | 	at org.eclipse.jetty.servlet.ServletHolder.initialize(ServletHolder.java:415)
2023/03/22 16:31:23 | 	at org.eclipse.jetty.servlet.ServletHandler.lambda$initialize$0(ServletHandler.java:750)
2023/03/22 16:31:23 | 	at java.base/java.util.stream.SortedOps$SizedRefSortingSink.end(SortedOps.java:357)
2023/03/22 16:31:23 | 	at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:510)
2023/03/22 16:31:23 | 	at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
2023/03/22 16:31:23 | 	at java.base/java.util.stream.StreamSpliterators$WrappingSpliterator.forEachRemaining(StreamSpliterators.java:310)
2023/03/22 16:31:23 | 	at java.base/java.util.stream.Streams$ConcatSpliterator.forEachRemaining(Streams.java:735)
2023/03/22 16:31:23 | 	at java.base/java.util.stream.ReferencePipeline$Head.forEach(ReferencePipeline.java:762)
2023/03/22 16:31:23 | 	at org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:774)
2023/03/22 16:31:23 | 	at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:379)
2023/03/22 16:31:23 | 	at org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1449)
2023/03/22 16:31:23 | 	at org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1414)
2023/03/22 16:31:23 | 	at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:916)
2023/03/22 16:31:23 | 	at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:288)
2023/03/22 16:31:23 | 	at org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:524)
2023/03/22 16:31:23 | 	at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
2023/03/22 16:31:23 | 	at net.i2p.router.web.WebAppStarter.startWebApp(WebAppStarter.java:126)
2023/03/22 16:31:23 | 	at net.i2p.router.web.WebAppStarter.startWebApp(WebAppStarter.java:101)
2023/03/22 16:31:23 | 	at net.i2p.router.web.RouterConsoleRunner.startConsole(RouterConsoleRunner.java:844)
2023/03/22 16:31:23 | 	at net.i2p.router.web.RouterConsoleRunner.startup(RouterConsoleRunner.java:239)
2023/03/22 16:31:23 | 	at net.i2p.router.startup.RouterAppManager.addAndStart(RouterAppManager.java:54)
2023/03/22 16:31:23 | 	at net.i2p.router.startup.LoadClientAppsJob$RunApp.run(LoadClientAppsJob.java:303)
2023/03/22 16:31:23 | 	at java.base/java.lang.Thread.run(Thread.java:833)
2023/03/22 16:31:23 | 	at net.i2p.util.I2PThread.run(I2PThread.java:103)
2023/03/22 16:31:23 | Caused by: java.lang.ClassNotFoundException: jakarta.servlet.ServletException
2023/03/22 16:31:23 | 	at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:641)
2023/03/22 16:31:23 | 	at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188)
2023/03/22 16:31:23 | 	at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:520)
2023/03/22 16:31:23 | 	... 33 more

Obviously nothing works.

This feels like a missed dependency in the i2p package, but maybe I'm mistaken and there is some way to fix this from the OS/container side?

OS used: debian bookworm (slim base image tag)
JDK: OpenJDK 17-jre (installed as dependency for i2p)

The same behaviour exist on x86 and armhf.

Can't access I2P router.

i2p
I still can access eepsites, but I just can't access the router, and this happened after the last update.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.