dr|z3d
8GB required to load 50 torrents in Snark. Something's not right there. zzz.i2p/topics/3475
obscuratus
I do 'java -Xmx196m' on my stand alone, and have never had a problem.
dr|z3d
you'd probably have issues with that amount of allocated ram with 50 torrents, but 8GB for 50 is absurd. should run fine in 512M.
obscuratus
I wonder if his wrapper.config is in the right place, or if another is getting grabbed first.
dr|z3d
don't think that's the issue, because he's obviously mitigated his issue by allocated 8000.
obscuratus
Unless he just got lucky. the defaults should work fine for 30 torrents.
obscuratus
At any rate, something's not right.
obscuratus
Unless his torrents have a really large amount of pieces or something.
dr|z3d
seems unlikely. nothing yet hits the "super-large" boundary on postman. no doubt someone will upload a TB torrent at some point. just not today.
dr|z3d
if he's running off a microSD on his raspberry pi, then maybe that's the issue, not the ram per se. I'm guessing it's pi-related, not i2p/snark related.
obscuratus
Isn't that another user who is talking about his pi? Or are they both on a pi.
obscuratus
The /home/MyDirectory/.i2p/wrapper.config is a weird location. Doesn't seem right for either windows or linux.
obscuratus
I was running I2P on my Raspberry Pi 3 for a while. I had to be careful how many torrents I ran. But that was mostly because of storage limitations.
obscuratus
I guess he probably edited the log entry to remove his actual user name for posting on a board.
dr|z3d
I might be conflating users.
dr|z3d
wrapper.config shouldn't be in ~/.i2p/ but that's probably a typo on his part.
dr|z3d
it won't do anything useful in ~/.i2p/ :)
obscuratus
Yeah, I've tried it there, and it doesn't work. But that might have to do with the PATH order on my build.
obscuratus
Where would you put a user modified wrapper.config ?
dr|z3d
you wouldn't. you'd leave it in the app dir.
obscuratus
Which app? I2P?
dr|z3d
obviously :)
obscuratus
So then the ~/.i2p directory should be correct, no?
dr|z3d
correct? for what? the wrapper.config file? no. it won't work from there.
obscuratus
Is a user not supposed to be allowed to edit wrapper.config? Does it need to be root or sudo?
dr|z3d
wrapper.config is installed with the same permissions as the app, no root permissions needed.
dr|z3d
at least, not for the java install. .deb or similar installs may differ.
obscuratus
On my distro, it's in /usr/share/i2p/, and I need root to edit it. That might just be my distro.
dr|z3d
that's a repo/deb install. different kettle o' fish.
obscuratus
With the ParticipatingThrottler PERCENT_LIMIT at 6, I begin to see a smattering of other routers join the list.
obscuratus
1673 CyLg6w8lypk1gnAX-CdG8O4NCR86hq8ifge6QKXAoJg=]:
obscuratus
16 olQ3SE53v23v41epntXYPEyjmlNQLWdjx6s764rMsng=]:
obscuratus
6 JrSiJ0Q81cK~Hyi~qpvleV7z7dmOTiKWJfxnQaH-uSU=]:
obscuratus
3 spRuV28pSbpNOkc-KTmzaBO41rQ~tySxqCmC6ZUUG7w=]:
obscuratus
1 seWdI3JkIAL5Pzf7I6uTf0r825jmJrboOPpINyMRurA=]:
obscuratus
DtQs hasn't shown up.
obscuratus
At either 6 or 9 percent, it looks like CyLg is just a nuisance, and not having a significant impact.
dr|z3d
if you take the handbrake off, 5-11K part tunnels happens in a matter of minutes.
dr|z3d
5K being the before-ramp value.
dr|z3d
I wonder if there's value in a per-day calculation of part tunnel requests, maybe with a view to adding a banning strategy to the mix.
obscuratus
I suppose it's worth noodling our heads about. What if a malicious player threw 10-20 CyLg's at us?
dr|z3d
I think it's as much a question of being able to accurately identify the offender on the network. If you can do that with a reasonable level of confidence, then you can deal with them appropriately.
dr|z3d
And everything so far points to being able to identify the offender quite well.
dr|z3d
That being the case, I'd suggest a tripwire after which the router in question gets banned for the entire local router session or similar.
dr|z3d
zzz previously mentioned in passing some sort of opt-in telemetry feature for perf stats and whatnot. Identifying and then sharing offending routers might be something to consider.
obscuratus
I still have a minor nit with asserting we can "identify the offender". We don't have a policy other than the implied policy in the throttlers.
obscuratus
But we do have a good framework already in place to allow us to do that.
dr|z3d
I think there's an implicit policy not to abuse the network, either intentionally, or through misconfigured software. Not sure that needs to be stated outright to be valid.
dr|z3d
I take your point, however. A quick new post in the console / blog post on the site would quickly clarify what counts as abuse.
obscuratus
Yeah, not a big deal, we just need to firm up a definition when this behavior becomes abuse, and publicize it if we implement controls.
zzz
it may not be having a "significant impact" on your router, but it knocked 10 points off the network-wide build success a few hours ago
dr|z3d
impressive :)
dr|z3d
my hunch more and more is that this is the prelude to an orchestrated attack on the network.
dr|z3d
what tor have been experiencing for the last 1/2 year may well be expanding out.
dr|z3d
and if there's any veracity to the rumors re Tor, the attacker is the Russian gov.
dr|z3d
seeing quite a few of these lately, zzz: […Establisher] …sport.GetBidsJob: Send a message to ourselves? nuh uh…
dr|z3d
don't think I've seen them on a regular repeat before.
dr|z3d
the other thing I'm noticing is occasional spikes in terms of known peers, maybe 2K appear in no time at all and then disappear just as quickly.
dr|z3d
I think the part tunnel spikes, bandwidth spikes and known peer spikes may be related, and are part of a suite of tests being performed on the network to determine potential attack points.
dr|z3d
Again, just a hunch.
zzz
re: to ourselves - two seen here across three routers in 30 days; one 12/9 and one today. Will put it on my list. Earliest sighting?
dr|z3d
oh, sorry, took me a while to decipher your question :) um, seen for a few days, couldn't give you an exact time. maybe a week or so?
dr|z3d
got 2 today on one router within the space of 3 hours, but I haven't been looking out for them and on some routers the logs are pretty verbose so I don't always spot them.
obscuratus
dr|z3d: Your b/w spike, was it also about 12:00 GMT today?
dr|z3d
not my spike, obscuratus, was on one of stormycloud's outproxy routers. see if you can spot it! stormycloud.org/i2p-stats
dr|z3d
not so much a spike as a prolonged spike attack!
obscuratus
Whatever party was going on earlier today at about 12:00 GMT that affected network-wide build success, my router missed it. I was boring around then.
dr|z3d
the fact that the outproxy was attacked while other routers with plenty of bandwidth and capacity weren't leads me to believe it may have been a targetted attack.
dr|z3d
started around 8, finished around 12, UTC.
obscuratus
Might be two separate issues. The stormycloud BW spike was over about 4 hours it looks like. The depression in exploratory build success looks shorter, but there may have been a lag.
dr|z3d
sure, it's possible they're entirely unrelated, but it's also just as possible they're part of a concerted effort to probe the network for potential attack points.
dr|z3d
keep an eye on your known peers, that's also looking fishy.
dr|z3d
not so pronounced, but some definite short term spikes that seem to be fairly regular over the course of a day.
zzz
re: to ourselves, thanks, I suspect peer test or relay shenanigans, but might be hard to track down
zzz
re: cause of spikes, ultimately doesn't matter why
zzz
whatever the reason, yes it could get much worse, which is why we should dial our defenses in, even if the network is "handling" it now, more or less
zzz
even 3% of your tunnels going to/from one hop seems like plenty in a network of many thousands of routers, but I haven't tested 3% yet, gotta pull the stats for 6% first
dr|z3d
sure, mitigation strategies now may well save pain later.
dr|z3d
but as things stand, without original's buy in we're not actually addressing the problem, just pushing it sideways.
obscuratus
I'll clear my logs, and go down to 3% for participating tunnels. I'm still at 6% now.
dr|z3d
I'm starting to dial things back here a little, while retaining short term bans.
zzz
remember that only java publishes stats, so the stats.i2p graphs don't cover i2pd
zzz
they're in a world of pain right now with ulimit problems so they may start to dip their toe into limits but you're not going to get any rapid "buy in" on major architectural changes
dr|z3d
sure, I think it'll take orignal's routers getting hit hard repeatedly with the tunnel spam before he sits up and takes note.
dr|z3d
then again, he might just ride through it. I think the default max tunnels on i2pd is 2K.
dr|z3d
oh, unrelated, but I think the new site isolation stuff in Firefox may be preventing cookie bleed between consoles with the same hostname,
dr|z3d
electrolysis I think they're called it.
zzz
we already push tons of traffic over to them due to our banning and blocking and sybils and throttling. it's nothing new
zzz
just don't waste any breath trying to talk them into anything. trust me
dr|z3d
"fission", not electrolysis.
dr|z3d
I wouldn't be so direct. :)
zzz
pfft
dr|z3d
yeah, I'll raise your pfft and counter with a ping :)