dr|z3d
let's see
zzz
the key is PERCENT_LIMIT
zzz
lower is stricter
zzz
we agreed to 3%
dr|z3d
as I said, the limit is around 20 tunnels in 220s in cannon. too lax you think?
dr|z3d
if you look further down that commit you'll see that PERCENT_LIMIT is reduced.
dr|z3d
in some cases, to lower than 3%
zzz
ok, I can't figure that out, what is it for fast routers?
dr|z3d
3.3%
dr|z3d
unless you're running with >=8 cores and >= 1024MB
dr|z3d
then it's 5%
dr|z3d
so to all intents and purposes, 3.3%
zzz
ok, not terrible, but we agreed on 3% after seeing that 6% wasn't strict enough, so not sure why all that extra is necessary
zzz
but apologies, didn't see the reduction code
dr|z3d
no problem at all. if you're happier, I'm happy :)
zzz
point is, take care not to let stormy's big fleet of fast routers contribute to this issue
dr|z3d
of course, that guided my thinking when modifying the above.
zzz
okey dokey
zzz
not sure what's going on with the 'new routers' chart but perhaps somebody has time to investigate, I don't right now
dr|z3d
been seeing spikes in known routers for a while now.
dr|z3d
that graph, however, looks more like a gradual incline.
dr|z3d
(or not-so-gradual)
zzz
usual three options are: new bundled application, new publicity, or attack
zzz
eyedeekay, any ideas?
dr|z3d
there's darknetlive.i2p/post/i2p-the-invisible-internet-project-5978d407 but I doubt that's caused the ramp. might be wrong.
weko
i belive this attack because i have transit tunnels with big traffic
weko
50300mb
weko
50-300mb
weko
sometimes this 'waves' happen
weko
with big num of this tunnels
obscuratus
Re: spike in new routers: For my part, I've noticed a large number of entries in my logs for "Picked IPv6-only or unreachable peer for IBGW" that seems to coincide with the periods where the whole network is suffering from poor Exploratory build success.
obscuratus
A can't precisely say the proporation, but when I spot check these routers, I see many that are both unreachable, and don't even have introducers.
obscuratus
Either way, we don't track the IP address of unreachable routers. I don't know it's a problem, but if I think suspiciously, there's nothinig to stop a single IP from spawning 100s or 1000s of unreachable routers, and we wouldn't know.
obscuratus
Nothing wrong with unreachable routers, but do we screen out unreachable routers without introducers when building exploratory tunnels?
dr|z3d
I don't think there's any way to use an unreachable router without introducers, obscuratus, but temporary banning might be something to consider.
dr|z3d
or just go for a straight-up session ban.
dr|z3d
or maybe they're already caught by temp bans under "unreachable on any transport".
obscuratus
dr|z3d: It might just a timing problem. They had introducers when they were selected for an exploratory tunnel, but by the time I checked my logs, the new RI no longer had introducers.
obscuratus
But, no point in banning them, just don't select a unreacheable router without introducers for tunnels.