👮 major
irc2p
#i2p-dev #i2pd-dev #ls2 #saltr
ilita
#4rum #acetonevideo #dev #retroshare #torrent #video2p
IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#i2p-dev
/2022/12/12
dr|z3d 8GB required to load 50 torrents in Snark. Something's not right there. zzz.i2p/topics/3475
obscuratus I do 'java -Xmx196m' on my stand alone, and have never had a problem.
dr|z3d you'd probably have issues with that amount of allocated ram with 50 torrents, but 8GB for 50 is absurd. should run fine in 512M.
obscuratus I wonder if his wrapper.config is in the right place, or if another is getting grabbed first.
dr|z3d don't think that's the issue, because he's obviously mitigated his issue by allocated 8000.
obscuratus Unless he just got lucky. the defaults should work fine for 30 torrents.
obscuratus At any rate, something's not right.
obscuratus Unless his torrents have a really large amount of pieces or something.
dr|z3d seems unlikely. nothing yet hits the "super-large" boundary on postman. no doubt someone will upload a TB torrent at some point. just not today.
dr|z3d if he's running off a microSD on his raspberry pi, then maybe that's the issue, not the ram per se. I'm guessing it's pi-related, not i2p/snark related.
obscuratus Isn't that another user who is talking about his pi? Or are they both on a pi.
obscuratus The /home/MyDirectory/.i2p/wrapper.config is a weird location. Doesn't seem right for either windows or linux.
obscuratus I was running I2P on my Raspberry Pi 3 for a while. I had to be careful how many torrents I ran. But that was mostly because of storage limitations.
obscuratus I guess he probably edited the log entry to remove his actual user name for posting on a board.
dr|z3d I might be conflating users.
dr|z3d wrapper.config shouldn't be in ~/.i2p/ but that's probably a typo on his part.
dr|z3d it won't do anything useful in ~/.i2p/ :)
obscuratus Yeah, I've tried it there, and it doesn't work. But that might have to do with the PATH order on my build.
obscuratus Where would you put a user modified wrapper.config ?
dr|z3d you wouldn't. you'd leave it in the app dir.
obscuratus Which app? I2P?
dr|z3d obviously :)
obscuratus So then the ~/.i2p directory should be correct, no?
dr|z3d correct? for what? the wrapper.config file? no. it won't work from there.
obscuratus Is a user not supposed to be allowed to edit wrapper.config? Does it need to be root or sudo?
dr|z3d wrapper.config is installed with the same permissions as the app, no root permissions needed.
dr|z3d at least, not for the java install. .deb or similar installs may differ.
obscuratus On my distro, it's in /usr/share/i2p/, and I need root to edit it. That might just be my distro.
dr|z3d that's a repo/deb install. different kettle o' fish.
obscuratus With the ParticipatingThrottler PERCENT_LIMIT at 6, I begin to see a smattering of other routers join the list.
obscuratus 1673 CyLg6w8lypk1gnAX-CdG8O4NCR86hq8ifge6QKXAoJg=]:
obscuratus 16 olQ3SE53v23v41epntXYPEyjmlNQLWdjx6s764rMsng=]:
obscuratus 6 JrSiJ0Q81cK~Hyi~qpvleV7z7dmOTiKWJfxnQaH-uSU=]:
obscuratus 3 spRuV28pSbpNOkc-KTmzaBO41rQ~tySxqCmC6ZUUG7w=]:
obscuratus 1 seWdI3JkIAL5Pzf7I6uTf0r825jmJrboOPpINyMRurA=]:
obscuratus DtQs hasn't shown up.
obscuratus At either 6 or 9 percent, it looks like CyLg is just a nuisance, and not having a significant impact.
dr|z3d if you take the handbrake off, 5-11K part tunnels happens in a matter of minutes.
dr|z3d 5K being the before-ramp value.
dr|z3d I wonder if there's value in a per-day calculation of part tunnel requests, maybe with a view to adding a banning strategy to the mix.
obscuratus I suppose it's worth noodling our heads about. What if a malicious player threw 10-20 CyLg's at us?
dr|z3d I think it's as much a question of being able to accurately identify the offender on the network. If you can do that with a reasonable level of confidence, then you can deal with them appropriately.
dr|z3d And everything so far points to being able to identify the offender quite well.
dr|z3d That being the case, I'd suggest a tripwire after which the router in question gets banned for the entire local router session or similar.
dr|z3d zzz previously mentioned in passing some sort of opt-in telemetry feature for perf stats and whatnot. Identifying and then sharing offending routers might be something to consider.
obscuratus I still have a minor nit with asserting we can "identify the offender". We don't have a policy other than the implied policy in the throttlers.
obscuratus But we do have a good framework already in place to allow us to do that.
dr|z3d I think there's an implicit policy not to abuse the network, either intentionally, or through misconfigured software. Not sure that needs to be stated outright to be valid.
dr|z3d I take your point, however. A quick new post in the console / blog post on the site would quickly clarify what counts as abuse.
obscuratus Yeah, not a big deal, we just need to firm up a definition when this behavior becomes abuse, and publicize it if we implement controls.
zzz it may not be having a "significant impact" on your router, but it knocked 10 points off the network-wide build success a few hours ago
dr|z3d impressive :)
dr|z3d my hunch more and more is that this is the prelude to an orchestrated attack on the network.
dr|z3d what tor have been experiencing for the last 1/2 year may well be expanding out.
dr|z3d and if there's any veracity to the rumors re Tor, the attacker is the Russian gov.
dr|z3d seeing quite a few of these lately, zzz: […Establisher] …sport.GetBidsJob: Send a message to ourselves? nuh uh…
dr|z3d don't think I've seen them on a regular repeat before.
dr|z3d the other thing I'm noticing is occasional spikes in terms of known peers, maybe 2K appear in no time at all and then disappear just as quickly.
dr|z3d I think the part tunnel spikes, bandwidth spikes and known peer spikes may be related, and are part of a suite of tests being performed on the network to determine potential attack points.
dr|z3d Again, just a hunch.
zzz re: to ourselves - two seen here across three routers in 30 days; one 12/9 and one today. Will put it on my list. Earliest sighting?
dr|z3d oh, sorry, took me a while to decipher your question :) um, seen for a few days, couldn't give you an exact time. maybe a week or so?
dr|z3d got 2 today on one router within the space of 3 hours, but I haven't been looking out for them and on some routers the logs are pretty verbose so I don't always spot them.
obscuratus dr|z3d: Your b/w spike, was it also about 12:00 GMT today?
dr|z3d not my spike, obscuratus, was on one of stormycloud's outproxy routers. see if you can spot it! stormycloud.org/i2p-stats
dr|z3d not so much a spike as a prolonged spike attack!
obscuratus Whatever party was going on earlier today at about 12:00 GMT that affected network-wide build success, my router missed it. I was boring around then.
dr|z3d the fact that the outproxy was attacked while other routers with plenty of bandwidth and capacity weren't leads me to believe it may have been a targetted attack.
dr|z3d started around 8, finished around 12, UTC.
obscuratus Might be two separate issues. The stormycloud BW spike was over about 4 hours it looks like. The depression in exploratory build success looks shorter, but there may have been a lag.
dr|z3d sure, it's possible they're entirely unrelated, but it's also just as possible they're part of a concerted effort to probe the network for potential attack points.
dr|z3d keep an eye on your known peers, that's also looking fishy.
dr|z3d not so pronounced, but some definite short term spikes that seem to be fairly regular over the course of a day.
zzz re: to ourselves, thanks, I suspect peer test or relay shenanigans, but might be hard to track down
zzz re: cause of spikes, ultimately doesn't matter why
zzz whatever the reason, yes it could get much worse, which is why we should dial our defenses in, even if the network is "handling" it now, more or less
zzz even 3% of your tunnels going to/from one hop seems like plenty in a network of many thousands of routers, but I haven't tested 3% yet, gotta pull the stats for 6% first
dr|z3d sure, mitigation strategies now may well save pain later.
dr|z3d but as things stand, without original's buy in we're not actually addressing the problem, just pushing it sideways.
obscuratus I'll clear my logs, and go down to 3% for participating tunnels. I'm still at 6% now.
dr|z3d I'm starting to dial things back here a little, while retaining short term bans.
zzz remember that only java publishes stats, so the stats.i2p graphs don't cover i2pd
zzz they're in a world of pain right now with ulimit problems so they may start to dip their toe into limits but you're not going to get any rapid "buy in" on major architectural changes
dr|z3d sure, I think it'll take orignal's routers getting hit hard repeatedly with the tunnel spam before he sits up and takes note.
dr|z3d then again, he might just ride through it. I think the default max tunnels on i2pd is 2K.
dr|z3d oh, unrelated, but I think the new site isolation stuff in Firefox may be preventing cookie bleed between consoles with the same hostname,
dr|z3d electrolysis I think they're called it.
zzz we already push tons of traffic over to them due to our banning and blocking and sybils and throttling. it's nothing new
zzz just don't waste any breath trying to talk them into anything. trust me
dr|z3d "fission", not electrolysis.
dr|z3d I wouldn't be so direct. :)
zzz pfft
dr|z3d yeah, I'll raise your pfft and counter with a ping :)