#i2p-dev (irc2p) | dev build 2.5.0-3 | Network reliability is degraded, please be patient as we work on mitigations

#i2p-dev

/2022/05/31

Online: 46

@eyedeekay

&eche|on

+R4SAS

+RN

+acetone

+dr|z3d

+hottuna

+orignal

+postman

+weko

An0nm0n

Arch

FreefallHeavens

Gid_

Hidenet1

Irc2PGuest19856

Irc2PGuest2827392

Irc2PGuest30291

Irc2PGuest33877

Irc2PGuest68850

Leopold

Onn4l7h

Onn4|7h

ProRu

Sleepy

Soni

Teeed

aargh3

admin

anon

b3t4f4c3__

cheddah

eyedeekay_bnc

itsjustme

limak

not_bob_afk

profetikla

qend-irc2p

rapidash

tbqdrn

theglitch

w8rabbit

x74a6

zer0bitz

zzz2

dr|z3d pfft to you too :P

dr|z3d so where did we get to with the max concurrent connections per client, zzz?

zzz dr|z3d, re: max conns per client, nowhere, we have no code for that

dr|z3d can't the total max conns code be adapted?

zzz sure, at the cost of CPU or memory. The total count is "free" because all the conns are stored in a map

zzz so we'd have to loop thru all the conns to count every time, which is O(n**2), or keep another batch of counters

dr|z3d I guess it's a question of whether or not you see value in having it available in the arsenal of anti-asshat tools :)

zzz there's no limit to what we could do, but there has to be a balance

dr|z3d sure, cost benefit analysis.

dr|z3d it wouldn't hurt in terms of i2p's anti-ddos credentials, i2p is already being touted at better than Tor in terms of anti-ddos mitigations in various circles, not least wrt darknet markets.

zzz yeah but a lot of this is coming from your current outproxy problems which is a niche usecase. any normal server software e.g. apache has a raft of throttling/blocking tools

dr|z3d I think it has a broader application than just the outproxy, though the outproxying stuff does expose some of the limitations of the current mitigations.

dr|z3d and ideally you want to filter and block requests before they hit the backend server, not rely on the server to handle abuse.

mesh I mean iterating over a map ought to be really fast

mesh even a map with thousands of objects

mesh zzz: there is a way to banlist routers right? Is there an API for that available to native apps?

dr|z3d i2ptunnel/ConnThrottler.java and i2ptunnel/access/ mesh.. those are the current tools.

mesh dr|z3d: ConnThroller isn't public... there's no way for an app to programatically tell the Router, "Hey, don't accept any more connections from this Router (for the next 30 minutes)?"

dr|z3d you don't block routers, you block destinations.

dr|z3d blocking routers isn't part of i2ptunnel, which is what we're discussing indirectly.

mesh ah it's a good point

dr|z3d what you're referring to is: javadoc.skank.i2p/net/i2p/router/RouterContext.html#banlist()

mesh you would want to actually ban a (Destination:src,Destination,port) pair... not an actual IP

zzz clients know nothing about routers

mesh it's too bad because Destinations are cheap, ip addresses are not

dr|z3d the moment you can identify a router from a client destination, it's game over.

zzz there is a global dest ban config but it's limited