orignal
I'm listening
orignal
pretty much it is
zzz
ok orignal here's the story
zzz
I'm investigating false-firewalled ipv6 peer test results on routers directly on internet (no firewall)
zzz
10-20 per day
zzz
I get msg 4 but no msg 5 or 7, I think I'm firewalled
zzz
turns out when this heppens, every time, it was a ipv6 firewalled i2pd charlie
zzz
remember you convinced us a year ago, i2pd bobs may pick a firewalled charlie, I have code to handle that
zzz
so I think there's a problem. Why isn't i2pd charlie sending msg 5 and 7? Do they really have ipv6? Or are they publishing ipv6 "6" firewalled address when they don't really have ipv6?
zzz
should i2pd bob be picking these charlies? should they only pick firewalled ipv6 charlies if they "prove" they have ipv6 by being connected to bob with ipv6?
zzz
my workaround is to ignore "firewalled" ipv6 result if charlie is firewalled
zzz
that fixes the problem on my end, no more bad results
orignal
the problem is we had this ipv6 firewalled issue even with SSU1
orignal
so, you mean some idior turn on ipv6 in config while they don't actually have ipv6
orignal
that's your pooint?
zzz
I don't know the root cause, I'm describing the symptoms
orignal
and since we don't know if it's actually ipv6 or not we publish ipv6 as firewalled
orignal
because we have ipv6 address locally
orignal
yes I know
orignal
that makes snse
orignal
because I saw plenty of such isiots
zzz
but you need a public ipv6 address to publish any '6' at all
orignal
why?
zzz
so please fix it
orignal
please explain how I differentiate this situation
orignal
how do I knwo if I have a public ipv6?
zzz
because ipv6 is different than ipv4. the firewall passes through the public address
zzz
if it's routable
orignal
if might be ipv6 NAT
orignal
and it happens often
zzz
that's not the way home firewall/routers work
orignal
because you know f#cking VPS hosters gives you ONE ipv6
orignal
let me explain
zzz
sure but it's a public one
zzz
not an address like fdac::
orignal
for exaple I don't have ipv6 at home
orignal
but I have at my VPS
orignal
I have one ipv6 there
zzz
then you have one public address on the vps interface on your computer, right?
orignal
no, I have an addess assigned by my NAT at the VPS
orignal
and it's up to me
orignal
what range I use
orignal
that's modern reality
zzz
only for vps though
orignal
because VPS hosters are f#cking idiots
orignal
furthemore people use it often
zzz
normal ipv6 on home internet firewall/router does not work like that
orignal
I had a discussion with ygg developer about ipv6
orignal
that no way to regognize if you have ipv6 or not
orignal
not everybody lives in the US)))
zzz
then fix it by having three settings - force off, auto, force on. Default to auto which only enables if you have a public address
zzz
not a US thing, it's a home router thing
orignal
I think what we should it is check if we get reponses to SSU2 reuests
zzz
either charlie should not be publishing 6 address or charlie should not agree to test or bob shouldn't pick this charlie
zzz
if you don't want to fix your ipv6 problems, then fix Bob. Don't pick firewalled ipv6 charlie, or only pick him if he's actually connected via ipv6, so you "know" he has "real" ipv6
zzz
because ipv6 peer test is very broken right now, 20x a day on my routers
zzz
I don't pick firewalled charlies. You convinced me last year it was fine. It's not.
orignal
let me think
orignal
I'm going to fix both
orignal
and yes it's very good idea to set peer test cap only after successfull connetion
orignal
btw, same applies to ipv4
orignal
US thing, because in US you have native ipv6
orignal
at home
zzz
some big ISPs do, some don't, it's not 100%
orignal
and you have to use tuunels in most bantustans
orignal
look at Canada. nobody does
zzz
maybe don't publish '6' address at all until successful connection?
orignal
I can't
orignal
because I will neven connect
orignal
because Bob needs my 'i'
orignal
for handshake
zzz
hmm
orignal
while peer test cap is bettre
orignal
well not 'i' but 's' matching S block with RI
orignal
e.g. sessionconfiormed would always fail
zzz
you don't pick a charlie unless he has a 'B' cap?
zzz
here's one you picked - no B
zzz
[RouterAddress:
zzz
Type: SSU2
zzz
Cost: 8
zzz
Options (4):
zzz
[caps] = [6]
zzz
[i] = [~0Ap6ZyEmvnyxX63ykVXguOYKhnLLRdzoXMkldGYRkM=]
zzz
[s] = [LhzBQDZ7ChqvuxIXrzpBbpRSfAtq~nqmc9g~NnYc9Ek=]
zzz
[v] = [2]]]
zzz
the ipv4 address has a B but not the ipv6 address
orignal
so it's just a bug
orignal
I will fix
zzz
so should I cancel the test if there's no B cap in the charlie RI?
orignal
I think so
orignal
it's wrong test
zzz
As I was researching this, I increased the minimum version for picking a test peer to 0.9.59
zzz
it didn't help fix this problem, but still probably a good idea
orignal
i2pd always picks ssu2
eche|on
eyedeekay: i2pgit.org shows 500
zzz
anyway, thanks for your help orignal.
zzz
also, charlie shouldn't have agreed to do the test
orignal
yes, I will fix both issues
orignal
thank you for pointing
zzz
:)
orignal
btw, when the next release?
orignal
we have fixed too many things already
zzz
see i2pforum post by idk
zzz
but subject to change
orignal
tentative
zzz
lots of fixes on our side too
zzz
but our current release is doing well, much better than the one before
orignal
because you are back
orignal
the most implratnt fix we would to relese is ODEP-IOGW tunnel build
zzz
lol not really, but thanks. We're getting better at dealing with these attacks after two years
zzz
coordinate with idk about it, he's in charge of our release
zzz
eyedeekay, ssh down also
eyedeekay
sorry about the gitlab downtime, failed update, back now
orignal
eyedeekay when the next release?
eyedeekay
Early April, right now it's set at April 28th but we're going to move that a couple weeks earlier to the 8th instead
eyedeekay
So April 8th