👮 major
irc2p
#i2p-dev #i2pd-dev #ls2 #saltr
ilita
#4rum #acetonevideo #dev #retroshare #torrent #video2p
IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#i2p-dev
/2022/05/31
+R4SAS
+RN
+acetone
+mareki2p
+postman
+qend-irc2p
Arch
Danny
FreefallHeavens
Irc2PGuest30714
Irc2PGuest78974
Irc2PGuest95549
Irc2PGuest97708
NiceBoat
Onn4l7h
Onn4|7h
Over
Romster_
Sisyphus
Sleepy
StormyCloud
Teeed
__bob_
aargh3
ahiru_
ananas
anontor
b3t4f4c3__
c1ms
cims_
dr4wd3_
duanin2
eche|off
eyedeekay_
f00b4r
hagen_
leopold
makoto
marek
mareki2p
n2
nilbog
noidea_
not_bob
nyaa2pguy
o3d3
orignal
poriori
profetikla
r00tobo_BNC
rapidash
solidx66
test3847473
uop23ip
urist_
wodencafe
zelgomer
zzz
dr|z3d pfft to you too :P
dr|z3d so where did we get to with the max concurrent connections per client, zzz?
zzz dr|z3d, re: max conns per client, nowhere, we have no code for that
dr|z3d can't the total max conns code be adapted?
zzz sure, at the cost of CPU or memory. The total count is "free" because all the conns are stored in a map
zzz so we'd have to loop thru all the conns to count every time, which is O(n**2), or keep another batch of counters
dr|z3d I guess it's a question of whether or not you see value in having it available in the arsenal of anti-asshat tools :)
zzz there's no limit to what we could do, but there has to be a balance
dr|z3d sure, cost benefit analysis.
dr|z3d it wouldn't hurt in terms of i2p's anti-ddos credentials, i2p is already being touted at better than Tor in terms of anti-ddos mitigations in various circles, not least wrt darknet markets.
zzz yeah but a lot of this is coming from your current outproxy problems which is a niche usecase. any normal server software e.g. apache has a raft of throttling/blocking tools
dr|z3d I think it has a broader application than just the outproxy, though the outproxying stuff does expose some of the limitations of the current mitigations.
dr|z3d and ideally you want to filter and block requests before they hit the backend server, not rely on the server to handle abuse.
mesh I mean iterating over a map ought to be really fast
mesh even a map with thousands of objects
mesh zzz: there is a way to banlist routers right? Is there an API for that available to native apps?
dr|z3d i2ptunnel/ConnThrottler.java and i2ptunnel/access/ mesh.. those are the current tools.
mesh dr|z3d: ConnThroller isn't public... there's no way for an app to programatically tell the Router, "Hey, don't accept any more connections from this Router (for the next 30 minutes)?"
dr|z3d you don't block routers, you block destinations.
dr|z3d blocking routers isn't part of i2ptunnel, which is what we're discussing indirectly.
mesh ah it's a good point
dr|z3d what you're referring to is: javadoc.skank.i2p/net/i2p/router/RouterContext.html#banlist()
mesh you would want to actually ban a (Destination:src,Destination,port) pair... not an actual IP
zzz clients know nothing about routers
mesh it's too bad because Destinations are cheap, ip addresses are not
dr|z3d the moment you can identify a router from a client destination, it's game over.
zzz there is a global dest ban config but it's limited