IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#i2p-dev
/2024/03/01
orignal I'm listening
orignal pretty much it is
zzz ok orignal here's the story
zzz I'm investigating false-firewalled ipv6 peer test results on routers directly on internet (no firewall)
zzz 10-20 per day
zzz I get msg 4 but no msg 5 or 7, I think I'm firewalled
zzz turns out when this heppens, every time, it was a ipv6 firewalled i2pd charlie
zzz remember you convinced us a year ago, i2pd bobs may pick a firewalled charlie, I have code to handle that
zzz so I think there's a problem. Why isn't i2pd charlie sending msg 5 and 7? Do they really have ipv6? Or are they publishing ipv6 "6" firewalled address when they don't really have ipv6?
zzz should i2pd bob be picking these charlies? should they only pick firewalled ipv6 charlies if they "prove" they have ipv6 by being connected to bob with ipv6?
zzz my workaround is to ignore "firewalled" ipv6 result if charlie is firewalled
zzz that fixes the problem on my end, no more bad results
orignal the problem is we had this ipv6 firewalled issue even with SSU1
orignal so, you mean some idior turn on ipv6 in config while they don't actually have ipv6
orignal that's your pooint?
zzz I don't know the root cause, I'm describing the symptoms
orignal and since we don't know if it's actually ipv6 or not we publish ipv6 as firewalled
orignal because we have ipv6 address locally
orignal yes I know
orignal that makes snse
orignal because I saw plenty of such isiots
zzz but you need a public ipv6 address to publish any '6' at all
zzz so please fix it
orignal please explain how I differentiate this situation
orignal how do I knwo if I have a public ipv6?
zzz because ipv6 is different than ipv4. the firewall passes through the public address
zzz if it's routable
orignal if might be ipv6 NAT
orignal and it happens often
zzz that's not the way home firewall/routers work
orignal because you know f#cking VPS hosters gives you ONE ipv6
orignal let me explain
zzz sure but it's a public one
zzz not an address like fdac::
orignal for exaple I don't have ipv6 at home
orignal but I have at my VPS
orignal I have one ipv6 there
zzz then you have one public address on the vps interface on your computer, right?
orignal no, I have an addess assigned by my NAT at the VPS
orignal and it's up to me
orignal what range I use
orignal that's modern reality
zzz only for vps though
orignal because VPS hosters are f#cking idiots
orignal furthemore people use it often
zzz normal ipv6 on home internet firewall/router does not work like that
orignal I had a discussion with ygg developer about ipv6
orignal that no way to regognize if you have ipv6 or not
orignal not everybody lives in the US)))
zzz then fix it by having three settings - force off, auto, force on. Default to auto which only enables if you have a public address
zzz not a US thing, it's a home router thing
orignal I think what we should it is check if we get reponses to SSU2 reuests
zzz either charlie should not be publishing 6 address or charlie should not agree to test or bob shouldn't pick this charlie
zzz if you don't want to fix your ipv6 problems, then fix Bob. Don't pick firewalled ipv6 charlie, or only pick him if he's actually connected via ipv6, so you "know" he has "real" ipv6
zzz because ipv6 peer test is very broken right now, 20x a day on my routers
zzz I don't pick firewalled charlies. You convinced me last year it was fine. It's not.
orignal let me think
orignal I'm going to fix both
orignal and yes it's very good idea to set peer test cap only after successfull connetion
orignal btw, same applies to ipv4
orignal US thing, because in US you have native ipv6
orignal at home
zzz some big ISPs do, some don't, it's not 100%
orignal and you have to use tuunels in most bantustans
orignal look at Canada. nobody does
zzz maybe don't publish '6' address at all until successful connection?
orignal I can't
orignal because I will neven connect
orignal because Bob needs my 'i'
orignal for handshake
zzz hmm
orignal while peer test cap is bettre
orignal well not 'i' but 's' matching S block with RI
orignal e.g. sessionconfiormed would always fail
zzz you don't pick a charlie unless he has a 'B' cap?
zzz here's one you picked - no B
zzz [RouterAddress:
zzz Type: SSU2
zzz Cost: 8
zzz Options (4):
zzz [caps] = [6]
zzz [i] = [~0Ap6ZyEmvnyxX63ykVXguOYKhnLLRdzoXMkldGYRkM=]
zzz [s] = [LhzBQDZ7ChqvuxIXrzpBbpRSfAtq~nqmc9g~NnYc9Ek=]
zzz [v] = [2]]]
zzz the ipv4 address has a B but not the ipv6 address
orignal so it's just a bug
orignal I will fix
zzz so should I cancel the test if there's no B cap in the charlie RI?
orignal I think so
orignal it's wrong test
zzz As I was researching this, I increased the minimum version for picking a test peer to 0.9.59
zzz it didn't help fix this problem, but still probably a good idea
orignal i2pd always picks ssu2
eche|on eyedeekay: i2pgit.org shows 500
zzz anyway, thanks for your help orignal.
zzz also, charlie shouldn't have agreed to do the test
orignal yes, I will fix both issues
orignal thank you for pointing
orignal btw, when the next release?
orignal we have fixed too many things already
zzz see i2pforum post by idk
zzz but subject to change
orignal tentative
zzz lots of fixes on our side too
zzz but our current release is doing well, much better than the one before
orignal because you are back
orignal the most implratnt fix we would to relese is ODEP-IOGW tunnel build
zzz lol not really, but thanks. We're getting better at dealing with these attacks after two years
zzz coordinate with idk about it, he's in charge of our release
zzz eyedeekay, ssh down also
eyedeekay sorry about the gitlab downtime, failed update, back now
orignal eyedeekay when the next release?
eyedeekay Early April, right now it's set at April 28th but we're going to move that a couple weeks earlier to the 8th instead
eyedeekay So April 8th