From c1adc7ef1fd532d5127f6c40ed4b06b40fbb3a39 Mon Sep 17 00:00:00 2001 From: zzz Date: Mon, 2 May 2022 12:04:44 -0400 Subject: [PATCH] Prop. 159 hole punch updates SSU spec: add more info on changes in 0.9.50 --- i2p2www/pages/site/docs/transport/ssu.html | 12 +- i2p2www/spec/proposals/159-ssu2.rst | 144 +++++++++++++++++++-- 2 files changed, 142 insertions(+), 14 deletions(-) diff --git a/i2p2www/pages/site/docs/transport/ssu.html b/i2p2www/pages/site/docs/transport/ssu.html index 8983ab5c..f865a403 100644 --- a/i2p2www/pages/site/docs/transport/ssu.html +++ b/i2p2www/pages/site/docs/transport/ssu.html @@ -1,7 +1,7 @@ {% extends "global/layout.html" %} {% block title %}{% trans %}Secure Semireliable UDP{% endtrans %} (SSU){% endblock %} -{% block lastupdated %}2021-10{% endblock %} -{% block accuratefor %}0.9.52{% endblock %} +{% block lastupdated %}2022-05{% endblock %} +{% block accuratefor %}0.9.54{% endblock %} {% block content %}

{% trans transports=site_url('docs/transport'), ntcp=site_url('docs/transport/ntcp'), ntcp2=site_url('docs/spec/ntcp2') -%} @@ -527,10 +527,18 @@ and Alice-Bob and Alice-Charlie communication may be via IPv6, if Bob and Charlie indicate support with a 'B' capability in their published IPv6 address. See Proposal 126 for details.

+Prior to release 0.9.50, Alice sends the request to Bob using an existing session over the transport (IPv4 or IPv6) that she wishes to test. When Bob receives a request from Alice via IPv4, Bob must select a Charlie that advertises an IPv4 address. When Bob receives a request from Alice via IPv6, Bob must select a Charlie that advertises an IPv6 address. The actual Bob-Charlie communication may be via IPv4 or IPv6 (i.e., independent of Alice's address type). +

+As of release 0.9.50, +If the message is over IPv6 for an IPv4 introduction, + or (as of release 0.9.50) over IPv4 for an IPv6 introduction, + Alice must include her introduction address and port. + +See Proposal 158 for details.

diff --git a/i2p2www/spec/proposals/159-ssu2.rst b/i2p2www/spec/proposals/159-ssu2.rst index 6eb3f7c0..af4d7ff7 100644 --- a/i2p2www/spec/proposals/159-ssu2.rst +++ b/i2p2www/spec/proposals/159-ssu2.rst @@ -5,7 +5,7 @@ SSU2 :author: eyedeekay, orignal, zlatinb, zzz :created: 2021-09-12 :thread: http://zzz.i2p/topics/2612 - :lastupdated: 2022-04-30 + :lastupdated: 2022-05-02 :status: Open :target: 0.9.56 @@ -2237,6 +2237,10 @@ correlate the HolePunch with Charlie. Four byte nonce may need to be replaced or supplemented by 8-byte connection ID. +The empty Hole Punch message is unique and may be used +by on-path observers to identify the protocol, this should be +changed. + Peer Test Security --------------------- @@ -2664,7 +2668,7 @@ The "packet header" is the part after the IP/UDP header. TODO except fragmented Session Confirmed -All SSU2 messages are at least 40 bytes in length, except for Hole Punch which is empty. +All SSU2 messages are at least 40 bytes in length. Any message of length 1-39 bytes is invalid. All SSU2 messages are less than or equal to 1472 (IPv4) or 1452 (IPv6) bytes in length. The message format is based on Noise messages, with modifications for framing and indistinguishability. @@ -2684,7 +2688,7 @@ Type Message Header Length Header Encr. Length 7 PeerTest 32 32 9 Retry 32 32 10 Token Request 32 32 -n/a HolePunch HTTP/1.1 200 OK Set-Cookie: i_like_gitea=5c30e7cebde9287e; Path=/; HttpOnly; Secure; SameSite=Lax Set-Cookie: _csrf=21IyQEdexiuqXq9SYknZx8GgQJg6MTc1MzI5ODY0Njk5NTYzNDE1MQ; Path=/; Max-Age=86400; HttpOnly; Secure; SameSite=Lax X-Frame-Options: SAMEORIGIN Date: Wed, 23 Jul 2025 19:24:07 GMT Content-Type: text/plain; charset=utf-8 Connection: close Transfer-Encoding: chunked Cache-Control: max-age=0, private, must-revalidate, no-transform X-Cache-Status: HIT X-Cache-Age: 0 2452 From c1adc7ef1fd532d5127f6c40ed4b06b40fbb3a39 Mon Sep 17 00:00:00 2001 From: zzz Date: Mon, 2 May 2022 12:04:44 -0400 Subject: [PATCH] Prop. 159 hole punch updates SSU spec: add more info on changes in 0.9.50 --- i2p2www/pages/site/docs/transport/ssu.html | 12 +- i2p2www/spec/proposals/159-ssu2.rst | 144 +++++++++++++++++++-- 2 files changed, 142 insertions(+), 14 deletions(-) diff --git a/i2p2www/pages/site/docs/transport/ssu.html b/i2p2www/pages/site/docs/transport/ssu.html index 8983ab5c..f865a403 100644 --- a/i2p2www/pages/site/docs/transport/ssu.html +++ b/i2p2www/pages/site/docs/transport/ssu.html @@ -1,7 +1,7 @@ {% extends "global/layout.html" %} {% block title %}{% trans %}Secure Semireliable UDP{% endtrans %} (SSU){% endblock %} -{% block lastupdated %}2021-10{% endblock %} -{% block accuratefor %}0.9.52{% endblock %} +{% block lastupdated %}2022-05{% endblock %} +{% block accuratefor %}0.9.54{% endblock %} {% block content %}

{% trans transports=site_url('docs/transport'), ntcp=site_url('docs/transport/ntcp'), ntcp2=site_url('docs/spec/ntcp2') -%} @@ -527,10 +527,18 @@ and Alice-Bob and Alice-Charlie communication may be via IPv6, if Bob and Charlie indicate support with a 'B' capability in their published IPv6 address. See Proposal 126 for details.

+Prior to release 0.9.50, Alice sends the request to Bob using an existing session over the transport (IPv4 or IPv6) that she wishes to test. When Bob receives a request from Alice via IPv4, Bob must select a Charlie that advertises an IPv4 address. When Bob receives a request from Alice via IPv6, Bob must select a Charlie that advertises an IPv6 address. The actual Bob-Charlie communication may be via IPv4 or IPv6 (i.e., independent of Alice's address type). +

+As of release 0.9.50, +If the message is over IPv6 for an IPv4 introduction, + or (as of release 0.9.50) over IPv4 for an IPv6 introduction, + Alice must include her introduction address and port. + +See Proposal 158 for details.

diff --git a/i2p2www/spec/proposals/159-ssu2.rst b/i2p2www/spec/proposals/159-ssu2.rst index 6eb3f7c0..af4d7ff7 100644 --- a/i2p2www/spec/proposals/159-ssu2.rst +++ b/i2p2www/spec/proposals/159-ssu2.rst @@ -5,7 +5,7 @@ SSU2 :author: eyedeekay, orignal, zlatinb, zzz :created: 2021-09-12 :thread: http://zzz.i2p/topics/2612 - :lastupdated: 2022-04-30 + :lastupdated: 2022-05-02 :status: Open :target: 0.9.56 @@ -2237,6 +2237,10 @@ correlate the HolePunch with Charlie. Four byte nonce may need to be replaced or supplemented by 8-byte connection ID. +The empty Hole Punch message is unique and may be used +by on-path observers to identify the protocol, this should be +changed. + Peer Test Security --------------------- @@ -2664,7 +2668,7 @@ The "packet header" is the part after the IP/UDP header. TODO except fragmented Session Confirmed -All SSU2 messages are at least 40 bytes in length, except for Hole Punch which is empty. +All SSU2 messages are at least 40 bytes in length. Any message of length 1-39 bytes is invalid. All SSU2 messages are less than or equal to 1472 (IPv4) or 1452 (IPv6) bytes in length. The message format is based on Noise messages, with modifications for framing and indistinguishability. @@ -2684,7 +2688,7 @@ Type Message Header Length Header Encr. Length 7 PeerTest 32 32 9 Retry 32 32 10 Token Request 32 32 -n/a HolePunch 0