#i2p-dev (irc2p) | 2.10.0-10-rc | Network status http://zzz.i2p/topics/3714 | See important notes on zzz.i2p before updating | New beta site please review http://g5hrmnatotkavda5nnalr74ecvu44vigutrcb7h3qbrmsfdmoora.b32.i2p/ | Prop. 169 review Feb. 10, 8 PM UTC #ls2

#i2p-dev

/2025/12/28

Online: 63

&zzz

+R4SAS

+RN_

+eche|off

+nilbog

+orignal

+postman

+qend-irc2p

+sourceress

Arch

Birdy

Irc2PGuest30010

Irc2PGuest36077

Irc2PGuest49364

Irc2PGuest51117

Irc2PGuest6564

Irc2PGuest65656

Irc2PGuest67278

Irc2PGuest74235

Irc2PGuest83482

MatrixBot

Onn4l7h

Over

Sleepy

T3s|4_

Teeed

Yotsu

aargh3

ac9f

acetone_

ahiru

anontor

b3t4f4c3__

bob___

cims

dr4wd3_

dr|z3d

duanin2

eyedeekay

f00b4r

hababam

hagen_

leopold

makoto

marek

marek22k

n2_

noidea

not_bob_afk

nyaa2pguy

o3d3_

poriori

profetikla

r00tobo

rapidash

solidx66

stormycloud[m]

test7363673

uop23ip

urist_

user_

w8rabbit

zelgomer

dr|z3d not seeing that here.

dr|z3d all looks fairly normal.

zzz few hundred new 0.9.61 i2pd starting wednesday - turkey, brazil, india, indonesia, iran, a few others

zzz all LR

orignal I also see too many transports at floodfills

dr|z3d all looks fairly normal here.

orignal I see abnormal number of transports. Like 12K. But on floodfills only

orignal ok. too many incoming SSU2 with iTag

zzz Almost all the routers in Turkey, India, Indonesia, and Vietnam are the botnet

orignal do you see abnormal number of transports?

orignal I want to add parem to limit number of instrucer sessions

orignal like 1K per router

zzz no but not running any floodfills atm

zzz I think we already have a limit, let me look

orignal let me know what's your limit

orignal I think I got flooded by relay request sessions

zzz we have two limits. Hard limit of 100, and also a limit of 25% of our SSU connection limit

zzz and also we don't introduce at all if floodfill

orignal huh? you FF is not introducer?

orignal *your

zzz correct. introducers are long-lived connections, so we don't want that if ff

zzz also, if they are 'R', 75% of the time we ignore the request, to reduce spammy routers that always ask

zzz so we have about 5 different things we do to limit introducers

zzz got a report that the CCC workshop was well-attended, both idk and altonen got people embedding routers from scratch

orignal thanks will change floodfill code

dr|z3d re ccc, good to hear.

dr|z3d re botnet, we also mitigate against that, orignal

dr|z3d more info via pm.

orignal no issue just abnormal number of connectuion

orignal but it's about introducers

dr|z3d that chimes with what I've told you via pm.

orignal yes, that's fine too

zzz you don't have to do what we do, but if you are concerned about floodfill connection count, reducing or eliminating introducers will help

orignal I didn't know that your FF is never an introducer

zzz lets see when we did that...

zzz October 2012 ))

orignal zzz, another question

orignal how do you handle redirects in HTTP server tunnel?

zzz you probably mean client tunnel? but doesn't matter, we don't handle them, it's the web server's and the browser's problem

orignal no, server tunnel

orignal your tunnel goes say to instragram.com

orignal but when you try to connect it returns redirect

orignal instead I2P address it will return clearned address

dr|z3d that's not an i2p problem, but if you're getting a redirect, make sure you're connecting to not

zzz ok. same answer. the redirect goes all the way back to the browser unchanged

orignal and it means if you connect through i2p you browser might connect to clearnet

orignal don't you think it's wrong?

orignal you should not let redirect go through unless it's i2p

dr|z3d so you're trying to host let's say instagram.i2p which proxies to clearnet?

orignal say I want to host eepsite actually going to instragram

zzz It's not wrong imho. that's a browser policy issue. The server and client tunnels are essentially HTTP proxies. It's not a proxy's job to follow redirects

orignal to let people from huilostan to connect to instrarram

orignal zzz, it's fine as long as it's browser but what if client is not a browser?

orignal but an app

dr|z3d not as easy as you think, orignal

orignal without redirect everything works good

zzz for one thing, you'll lose any cookies or other headers if a proxy follows a redirect.

dr|z3d because you're not just forwarding to instagram, there are a ton of other hosts you'd also need to forward, one way or another. cdns, etc etc.

orignal assume page contains only relative links

zzz when I say "browser" I mean "user agent"

orignal let me tell the practical case where it comes from

orignal for some reason Putin has blocked as access to Haiku repo

zzz and it also breaks http to https redirects

orignal why? because he is fucking idiot

orignal now

orignal Haiku's packege manager can't use proxy

orignal just no proxy

orignal but you can speacify any url you wish

orignal so I have created a server tunnel going to the repo

orignal and client tunnel connecting to that server tunnel and put 127.0.0.1:port to package manager

orignal it connects fine but then the repo redirects to a cdn

zzz if it's a special-purpose thing than do whatever. But in general, proxies doing non-proxy things gets really messy and possibly insecure

orignal there is no proxies in this scenario

orignal that's the difference

dr|z3d i2p is the proxy.

orignal i2p is a tunnel

dr|z3d foo.i2p -> foo.com

orignal so guys you don't have a solution for this problem yet

dr|z3d proxy.

zzz sure, but from a HTTP standards perspective, the http client tunnel and http server tunnel are two separate HTTP proxies, acting independently, and we try really hard to follow the specs so it all works

zzz thats why it took me 15 years to get persistent connections working because I didn't understand before

orignal what is persistent connection?

dr|z3d keep-alive.

dr|z3d developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Keep-Alive