IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#i2p-dev
/2022/05/31
dr|z3d pfft to you too :P
dr|z3d so where did we get to with the max concurrent connections per client, zzz?
zzz dr|z3d, re: max conns per client, nowhere, we have no code for that
dr|z3d can't the total max conns code be adapted?
zzz sure, at the cost of CPU or memory. The total count is "free" because all the conns are stored in a map
zzz so we'd have to loop thru all the conns to count every time, which is O(n**2), or keep another batch of counters
dr|z3d I guess it's a question of whether or not you see value in having it available in the arsenal of anti-asshat tools :)
zzz there's no limit to what we could do, but there has to be a balance
dr|z3d sure, cost benefit analysis.
dr|z3d it wouldn't hurt in terms of i2p's anti-ddos credentials, i2p is already being touted at better than Tor in terms of anti-ddos mitigations in various circles, not least wrt darknet markets.
zzz yeah but a lot of this is coming from your current outproxy problems which is a niche usecase. any normal server software e.g. apache has a raft of throttling/blocking tools
dr|z3d I think it has a broader application than just the outproxy, though the outproxying stuff does expose some of the limitations of the current mitigations.
dr|z3d and ideally you want to filter and block requests before they hit the backend server, not rely on the server to handle abuse.
mesh I mean iterating over a map ought to be really fast
mesh even a map with thousands of objects
mesh zzz: there is a way to banlist routers right? Is there an API for that available to native apps?
dr|z3d i2ptunnel/ConnThrottler.java and i2ptunnel/access/ mesh.. those are the current tools.
mesh dr|z3d: ConnThroller isn't public... there's no way for an app to programatically tell the Router, "Hey, don't accept any more connections from this Router (for the next 30 minutes)?"
dr|z3d you don't block routers, you block destinations.
dr|z3d blocking routers isn't part of i2ptunnel, which is what we're discussing indirectly.
mesh ah it's a good point
mesh you would want to actually ban a (Destination:src,Destination,port) pair... not an actual IP
zzz clients know nothing about routers
mesh it's too bad because Destinations are cheap, ip addresses are not
dr|z3d the moment you can identify a router from a client destination, it's game over.
zzz there is a global dest ban config but it's limited