👮 major
irc2p
#i2p-dev #i2pd-dev #ls2 #saltr
ilita
#4rum #acetonevideo #dev #retroshare #torrent #video2p
IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#i2p-dev
/2022/05/31
@eyedeekay
&eche|on
&kytv
&zzz
+R4SAS
+RN
+RN_
+T3s|4
+acetone
+dr|z3d
+hk
+orignal
+postman
+weko
+wodencafe
An0nm0n
Arch
Danny
DeltaOreo
FreefallHeavens
Irc2PGuest21357
Irc2PGuest21881
Irc2PGuest32033
Leopold_
Nausicaa
Onn4l7h
Onn4|7h
Over1
Sisyphus
Sleepy
Soni
T3s|4_
aargh2
anon2
b3t4f4c3
bak83
boonst
cancername
cumlord
dr4wd3
eyedeekay_bnc
hagen_
khb
not_bob_afk
plap
poriori
profetikla
r3med1tz-
rapidash
shiver_
solidx66
tr
u5657
uop23ip
w8rabbit
x74a6
dr|z3d pfft to you too :P
dr|z3d so where did we get to with the max concurrent connections per client, zzz?
zzz dr|z3d, re: max conns per client, nowhere, we have no code for that
dr|z3d can't the total max conns code be adapted?
zzz sure, at the cost of CPU or memory. The total count is "free" because all the conns are stored in a map
zzz so we'd have to loop thru all the conns to count every time, which is O(n**2), or keep another batch of counters
dr|z3d I guess it's a question of whether or not you see value in having it available in the arsenal of anti-asshat tools :)
zzz there's no limit to what we could do, but there has to be a balance
dr|z3d sure, cost benefit analysis.
dr|z3d it wouldn't hurt in terms of i2p's anti-ddos credentials, i2p is already being touted at better than Tor in terms of anti-ddos mitigations in various circles, not least wrt darknet markets.
zzz yeah but a lot of this is coming from your current outproxy problems which is a niche usecase. any normal server software e.g. apache has a raft of throttling/blocking tools
dr|z3d I think it has a broader application than just the outproxy, though the outproxying stuff does expose some of the limitations of the current mitigations.
dr|z3d and ideally you want to filter and block requests before they hit the backend server, not rely on the server to handle abuse.
mesh I mean iterating over a map ought to be really fast
mesh even a map with thousands of objects
mesh zzz: there is a way to banlist routers right? Is there an API for that available to native apps?
dr|z3d i2ptunnel/ConnThrottler.java and i2ptunnel/access/ mesh.. those are the current tools.
mesh dr|z3d: ConnThroller isn't public... there's no way for an app to programatically tell the Router, "Hey, don't accept any more connections from this Router (for the next 30 minutes)?"
dr|z3d you don't block routers, you block destinations.
dr|z3d blocking routers isn't part of i2ptunnel, which is what we're discussing indirectly.
mesh ah it's a good point
dr|z3d what you're referring to is: javadoc.skank.i2p/net/i2p/router/RouterContext.html#banlist()
mesh you would want to actually ban a (Destination:src,Destination,port) pair... not an actual IP
zzz clients know nothing about routers
mesh it's too bad because Destinations are cheap, ip addresses are not
dr|z3d the moment you can identify a router from a client destination, it's game over.
zzz there is a global dest ban config but it's limited