#i2p-dev (irc2p) | 2.7.0-1 | 2.8.0 Release Discussion: http://i2pforum.i2p/viewtopic.php?t=1301

#i2p-dev

/2024/03/01

Online: 54

@eyedeekay

&kytv

&zzz

+R4SAS

+RN

+RN_

+dr|z3d

+hk

+postman

+wodencafe

Arch

DeltaOreo

FreeRider

FreefallHeavens

Irc2PGuest10850

Irc2PGuest19353

Irc2PGuest23854

Irc2PGuest46029

Irc2PGuest48064

Irc2PGuest77854

Nausicaa

Onn4l7h

Onn4|7h

Over

Sisyphus

Sleepy

Soni

T3s|4__

Teeed

aargh3

acetone_

anon4

b3t4f4c3

bak83_

boonst

cumlord

dr4wd3_

eyedeekay_bnc

glowie

hagen_

khb

mittwerk

orignal

plap

poriori

profetikla

rapidash

shiver_

solidx66

u5657_1

uop23ip

w8rabbit

weko_

x74a6

orignal I'm listening

orignal pretty much it is

zzz ok orignal here's the story

zzz I'm investigating false-firewalled ipv6 peer test results on routers directly on internet (no firewall)

zzz 10-20 per day

zzz I get msg 4 but no msg 5 or 7, I think I'm firewalled

zzz turns out when this heppens, every time, it was a ipv6 firewalled i2pd charlie

zzz remember you convinced us a year ago, i2pd bobs may pick a firewalled charlie, I have code to handle that

zzz so I think there's a problem. Why isn't i2pd charlie sending msg 5 and 7? Do they really have ipv6? Or are they publishing ipv6 "6" firewalled address when they don't really have ipv6?

zzz should i2pd bob be picking these charlies? should they only pick firewalled ipv6 charlies if they "prove" they have ipv6 by being connected to bob with ipv6?

zzz my workaround is to ignore "firewalled" ipv6 result if charlie is firewalled

zzz that fixes the problem on my end, no more bad results

orignal the problem is we had this ipv6 firewalled issue even with SSU1

orignal so, you mean some idior turn on ipv6 in config while they don't actually have ipv6

orignal that's your pooint?

zzz I don't know the root cause, I'm describing the symptoms

orignal and since we don't know if it's actually ipv6 or not we publish ipv6 as firewalled

orignal because we have ipv6 address locally

orignal yes I know

orignal that makes snse

orignal because I saw plenty of such isiots

zzz but you need a public ipv6 address to publish any '6' at all

orignal why?

zzz so please fix it

orignal please explain how I differentiate this situation

orignal how do I knwo if I have a public ipv6?

zzz because ipv6 is different than ipv4. the firewall passes through the public address

zzz if it's routable

orignal if might be ipv6 NAT

orignal and it happens often

zzz that's not the way home firewall/routers work

orignal because you know f#cking VPS hosters gives you ONE ipv6

orignal let me explain

zzz sure but it's a public one

zzz not an address like fdac::

orignal for exaple I don't have ipv6 at home

orignal but I have at my VPS

orignal I have one ipv6 there

zzz then you have one public address on the vps interface on your computer, right?

orignal no, I have an addess assigned by my NAT at the VPS

orignal and it's up to me

orignal what range I use

orignal that's modern reality

zzz only for vps though

orignal because VPS hosters are f#cking idiots

orignal furthemore people use it often

zzz normal ipv6 on home internet firewall/router does not work like that

orignal I had a discussion with ygg developer about ipv6

orignal that no way to regognize if you have ipv6 or not

orignal not everybody lives in the US)))

zzz then fix it by having three settings - force off, auto, force on. Default to auto which only enables if you have a public address

zzz not a US thing, it's a home router thing

orignal I think what we should it is check if we get reponses to SSU2 reuests

zzz either charlie should not be publishing 6 address or charlie should not agree to test or bob shouldn't pick this charlie

zzz if you don't want to fix your ipv6 problems, then fix Bob. Don't pick firewalled ipv6 charlie, or only pick him if he's actually connected via ipv6, so you "know" he has "real" ipv6

zzz because ipv6 peer test is very broken right now, 20x a day on my routers

zzz I don't pick firewalled charlies. You convinced me last year it was fine. It's not.

orignal let me think

orignal I'm going to fix both

orignal and yes it's very good idea to set peer test cap only after successfull connetion

orignal btw, same applies to ipv4

orignal US thing, because in US you have native ipv6

orignal at home

zzz some big ISPs do, some don't, it's not 100%

orignal and you have to use tuunels in most bantustans

orignal look at Canada. nobody does

zzz maybe don't publish '6' address at all until successful connection?

orignal I can't

orignal because I will neven connect

orignal because Bob needs my 'i'

orignal for handshake

zzz hmm

orignal while peer test cap is bettre

orignal well not 'i' but 's' matching S block with RI

orignal e.g. sessionconfiormed would always fail

zzz you don't pick a charlie unless he has a 'B' cap?

zzz here's one you picked - no B

zzz [RouterAddress:

zzz Type: SSU2

zzz Cost: 8

zzz Options (4):

zzz [caps] = [6]

zzz [i] = [~0Ap6ZyEmvnyxX63ykVXguOYKhnLLRdzoXMkldGYRkM=]

zzz [s] = [LhzBQDZ7ChqvuxIXrzpBbpRSfAtq~nqmc9g~NnYc9Ek=]

zzz [v] = [2]]]

zzz the ipv4 address has a B but not the ipv6 address

orignal so it's just a bug

orignal I will fix

zzz so should I cancel the test if there's no B cap in the charlie RI?

orignal I think so

orignal it's wrong test

zzz As I was researching this, I increased the minimum version for picking a test peer to 0.9.59

zzz it didn't help fix this problem, but still probably a good idea

orignal i2pd always picks ssu2

eche|on eyedeekay: i2pgit.org shows 500

zzz anyway, thanks for your help orignal.

zzz also, charlie shouldn't have agreed to do the test

orignal yes, I will fix both issues

orignal thank you for pointing

zzz :)

orignal btw, when the next release?

orignal we have fixed too many things already

zzz see i2pforum post by idk

zzz but subject to change

orignal tentative

zzz lots of fixes on our side too

zzz but our current release is doing well, much better than the one before

orignal because you are back

zzz stats.i2p/cgi-bin/partvtunnels-day.cgi

orignal the most implratnt fix we would to relese is ODEP-IOGW tunnel build

zzz lol not really, but thanks. We're getting better at dealing with these attacks after two years

zzz coordinate with idk about it, he's in charge of our release

zzz eyedeekay, ssh down also

eyedeekay sorry about the gitlab downtime, failed update, back now

orignal eyedeekay when the next release?

eyedeekay Early April, right now it's set at April 28th but we're going to move that a couple weeks earlier to the 8th instead

eyedeekay So April 8th