IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#i2p-dev
/2022/07/20
@eyedeekay
&eche|on
&kytv
&zzz
+R4SAS
+RN
+RN_
+T3s|4
+acetone
+dr|z3d
+hk
+orignal
+postman
+weko
+wodencafe
An0nm0n
Arch
Danny
DeltaOreo
FreefallHeavens
Irc2PGuest21357
Irc2PGuest21881
Irc2PGuest58867
Leopold_
Nausicaa
Onn4l7h
Onn4|7h
Over
Sisyphus
Sleepy
Soni
T3s|4_
T3s|4__
aargh2
anon2
b3t4f4c3
bak83
boonst
cancername
cumlord
dr4wd3
eyedeekay_bnc
hagen_
khb
not_bob_afk
plap
poriori
profetikla
r3med1tz-
rapidash
shiver_
solidx66
tr
u5657
uop23ip
w8rabbit
x74a6
not_bob zzz: i2psnark standalone works well with android i2p.
zzz dr|z3d, StormyCloud, I'm still having no luck at all with one of your two routers
dr|z3d one has ipv6 disabled on the router, otherwise they're identically configured.
zzz ipv6 was never a problem on those routers
zzz the problem was only on their infrastructure and only on i2pd
dr|z3d ipv6 is fail on one of the systems right now, hence ipv6 disabled. leaving that to stormy to work out.
dr|z3d what errors are you seeing?
zzz do you have enough monitoring to see if they have similar traffic?
zzz just can't connect to the ipv4-only one at all, same problem as a few days ago
zzz ok works now. I think it may be a problem with multihome+ratchet
zzz will investigate
dr|z3d roger that
zzz could be ugly
dr|z3d never seen any issue like it on purokishi.
dr|z3d traffic monitoring, we have bandwidth usage graphs for both instances, so not super accurate, but both are receiving traffic.
zzz ooooooooooooooh
zzz did you guys copy the i2ptunnel.config.d/xxx file from one to the other?
dr|z3d the whole install was copied over and a new set of router keys created on instance 2.
zzz I think you have the same ratchet keys on both of them
zzz from the ls debug page:
zzz Encryption Key: ECIES_X25519 CtoaPuLPcXBavZX8cNkg…
zzz the LS expires but the ratchet session didn't, then I get a new LS, it's the other one, try to talk to the other one with the same ratchet session
zzz can you verify by looking at the LS debug pages on the two routers that they have the same LS encryption key?
zzz CtoaPuL...
dr|z3d same leaseset, same key, yes.
dr|z3d same routing key as well, as you'd expect.
dr|z3d so where's the button in the UI to create a new ratchet key? :)
dr|z3d I wasn't aware this was an issue tbh, though I dodged the bullet on purokishi by recreating the proxy tunnel and doing a clean install for each instance.
zzz I never thought about it either
zzz you'll need to stop one of the routers, delete the option.i2cp.leaseSetPrivateKey line in the i2ptunnel.config.d/xxx file, and restart
dr|z3d maybe keys like this that should be unique could be tied to the router id in some way, so if the router id changes, new keys are generated?
dr|z3d stop the router, or just stop the tunnel?
zzz not sure. you can try stopping the tunnel but I dont think it will work
dr|z3d or stop the tunnel manager webapp, perhaps? ok, will try.
zzz and I think after restarting the router you'll have to go to the i2ptunnel edit page and click save to persist the new keys in the config file
zzz not sure though
zzz anyway, you know how to see if it worked, look for CtoaPul... on the LS page, or something new
dr|z3d yup, give me a few moments, I'll let you know when it's done.
zzz there's just this window between when the LS expires and the ratchet session expires, combined with bad luck to get the other LS after expiration, where this happens
dr|z3d good catch, wouldn't have occurred to me that this was ever an issue.
dr|z3d so can we somehow tie these keys to the routerid and auto-regenerate if that changes?
zzz it's definitely a footgun, and putting the privkey in the config file was never a great choice, but I'm not sure how much effort it deserves to avoid it
dr|z3d_ what about generating a new key every time the tunnel starts? any downside?
dr|z3d_ also, we now have a new ratchet key.
zzz the reason we persist it is to hide router restarts
dr|z3d_ -> 0Vef
dr|z3d_ ah, that makes sense.
dr|z3d_ well, either tying it to the routerid or just providing a button in the UI would be sufficient.
zzz as I said you may need to edit/save in i2ptunnel config to get it persisted, but not really important since you're zero-hop anyway
dr|z3d yeah, done that.
zzz yeah I see 0Vef
dr|z3d ok, one less thing to impede your enjoyment of the outproxy at least :)
zzz so you confirmed that your purokishi's have different keys?
zzz wonder if this affects anybody else...
dr|z3d I'm pretty sure they have, since I didn't clone installs
zzz ok. guess I'll put a post up on my forum
dr|z3d I'm now wondering if part of DreadfulParis' issues stem from this, separate from the floodfill throttling.
zzz thought he was on i2pd
dr|z3d he is.. so issue is non-existent then?
zzz I don't know if or how i2pd persists keys
zzz for my post, was restarting the tunnel sufficient?
dr|z3d nor stopping the tunnel manager.
zzz thx
dr|z3d stop i2p, delete key, then start server.
dr|z3d *start i2p
dr|z3d I took issue with DreadfulParis over his claims that java i2p is trash, so he may well be taking I2P+ for a spin now I've given him some pointers. we'll see.
zzz it's really not necessary, it's not a requirement to realign somebody's worldview before answering their questions
zzz I'm not offended
dr|z3d > it's necessary for me to make sure that misinformation isn't being propagated due to lack of understanding or incorrect assumptions. have an opinion by all means, just make sure it's an informed opinion before you start telling world + dog :)
zzz sure, it's not the greatest strategy to come in hot
dr|z3d while we're on the subject of forums, no idea what whitehat talking about re https errors. parallel universe.
dr|z3d there's no tunable logic there, anyways. the proxy software either sends an error, or the browser takes over.
zzz I think I'm about ready to put the outproxy on the monthly meeting agenda so I need to talk to StormyCloud
zzz dr|z3d, StormyCloud, I just tested with telnet and I did get the HTTP error page for CONNECT. I don't think that's correct
zzz let's check the RFCs....
dr|z3d nothing doing.
zzz huh?
dr|z3d problem exists upstream. like I just said, no tunables.
zzz this is not tuning. this is about correctness
zzz but I'm guessing, let's research...
dr|z3d so what I'm telling you is there's nothing that can be configured on the proxy software, so if there's an issue, the issue is out of our purview.
dr|z3d if you're telneting to exit.stormycloud, the http error's to be expected, in any event, surely.
zzz no, I'm telnetting to the local http client proxy
dr|z3d ok, which amounts to the same thing.
dr|z3d telnet -> http -> endpoint exit.stormycloud -> expect an http formatted error.
dr|z3d what I got from whitehat's post on zzz.i2p is that he was getting proxy error message over https. that shouldn't happen. pretty sure it can't happen.
zzz happened for me
zzz telnet localhost 4444
zzz CONNECT lkajsflkjalfkjalkjflkjslkjsalfkj.com HTTP/1.1
zzz <cr><cr>
dr|z3d ok, I should say with the notable exception of when you're connecting directly to the outproxy host.
dr|z3d what the RFC says I have no idea, but that's what the proxy software does. if it's violating RFCs, oh well. beyond out control :)
zzz I'm not. That's the standard proxy request
zzz looking at RFC 7231 now
dr|z3d I don't get that when making a bogus https request in the browser. the browser displays its own error message.
zzz right, because it got an error
zzz and not a TLS handshake
dr|z3d so it seems to me that it's performing as it should.
zzz after reviewing the rfc, it appears to be legal
dr|z3d hooray \o/
zzz it's a big waste of bandwidth as it won't be displayed
zzz I'll respond to whitehat
dr|z3d compresses to around 20K, not a huge waste of bandwidth.
dr|z3d and it'll be displayed, albeit as html code and not rendered :)
zzz you said you get a browser error message
zzz thats what I get too
dr|z3d I mean, where it should be displayed it will be displayed. for exit. and http errors.
zzz but we're talking error responses to CONNECT
dr|z3d I don't think it's worth worrying about.
dr|z3d If the error's sent to the browser and ignored, oh well. 20K, no big shakes.
zzz right. it's not a problem until it is. meeh's proxy would cascade into congestion collapse due to the huge error page
zzz whether 20K is over or under the threshold for collapse based on a given request load and failure rate, probably won't ever know unless it happens
dr|z3d yeah, except I don't think you're even being sent the error for connect in the browser. I'm not seeing that here.
dr|z3d 0 bytes being sent, aka the browser handles the error before the proxy sends anything.
dr|z3d check your firefox network tab if you don't believe me :)
dr|z3d that suggests to me the proxy will only send the full error message over CONNECT as a fallback, in the event the client doesn't handle the error itself.
zzz tested with telnet, thats what I got
dr|z3d right, because telnet doesn't have error handling built in for http/https.
dr|z3d unlike a web browser, which does.
zzz the browser just isn't displaying it, because it's not a TLS handshake
zzz you are sending it
dr|z3d ok, well, non-issue as far as I'm concerned. break the proxy and you can have your money back :)
zzz ok, starting super-evil testing now
StormyCloud oO super evil
dr|z3d aka midget porn. ;)
StormyCloud I dont judge you do you lol
dr|z3d I was being intentionally ridiculous.
zzz super evil test fail
dr|z3d you failed at your attempt to be super evil, or?
obscuratus I'm playing around with Java-17, and having trouble building i2p (pack200 errors of course)
obscuratus What are the recommended build targets for java-17
dr|z3d anything without pack200 :)
dr|z3d what do you want, an update or a full install?
obscuratus My current java-8/11 builds use the "pkg" target. I guess that's full?
dr|z3d none of the full install targets use pack200 afaik.
dr|z3d nor ant updater
obscuratus So, for example, the "installer" or "installer-linux" targets?
dr|z3d those should be fine. not much gained from the -linux target over the standard multi-platform installer.
dr|z3d anything using pack200 should have the 200 suffix in the build target name.
obscuratus Nuts! Still getting an error that looks like pack200 error.
obscuratus Using the "updater" target gets me further. No pack200 errors, but then my package manager isn't finding everything where it's expected with using the "pkg" target.
zzz pkg does not build a "package", it builds an izpack installer
obscuratus I need to check. My package manager uses the "pkg" target, but I'm suspicious it discards the izpack installer, and simply uses the stuff that was built to go into the installer.
zzz and what is your "package manager" ?
obscuratus I'm on Gentoo, so it's called "portage" here.
zzz preppkg-linux-only is probably the target you want, to skip all the izpack and windows stuff
obscuratus zzz: OK, I'll give that a try then. It does look like it's just discarding the installer.
obscuratus zzz: Thanks, that looks like it might be it. It built without error.
zzz ok, great