zzz
wb zlatinb
zlatinb
good to be back :)
zzz
how was it?
zlatinb
well Lisbon is great, Monerokon was very casual
zlatinb
by that I mean everyone smoked everything all the time everywhere
zzz
nice
zlatinb
but we did the presentations and had an interview with the monero talk podcast
zzz
missed it all
zlatinb
some people brought up Kovri so we had to be very diplomatic about it
zzz
those people have long memories
zzz
was the diva guy there or just the students?
zlatinb
yes diva.exchange guy was there + 1 one of the students
zlatinb
we should hear once the podcast is out I'm sure
zzz
the diva guy seems solid but their blockchain stuff is a little fuzzy to me. Did you get a better handle on what they're up to and how to work together?
zlatinb
the trust-less swaps are a bit fuzzy to me too; I think they just use I2P as a transport layer
zzz
but they also have a sam lib, a reseed, a i2pd fork, sponsor research, ... so they're in pretty deep
zlatinb
regarding the attack they presented I expect somone to propose making the default tunnel length variable between 3 and 4 as that practically defeats their colluding tunnel participants attack
zzz
havent studied the slides yet
zzz
now I wish I wasn't so lazy and had gone to the monerocon in miami a couple months back
zlatinb
none of the developers we worked with on i2p-zero were in Lisbon so that was pity
zlatinb
but people knew them
zzz
yeah they were at the miami one
zzz
I know idk made it because I was talking to him about the android issues
zzz
we may need a postmortem
orignal
zzz, let's come back to our sheeps
orignal
can Alice request ipv6 peer test over ipv4 session with Bob?
zzz
baaa?
orignal
you don't know this famous phrase?
zzz
no
orignal
no to which question?
zzz
not famous here :)
orignal
so can Alice do it?
zzz
looking...
orignal
even if her ipv6 doesn't work at all
orignal
she only believes she has an ipv6 address
orignal
zlatinb what did they say that i2pd is actually "russian" project?
zlatinb
we were careful to say "developed by Russian expats"
zzz
ok, here's the SSU 1 documentation about it:
zzz
Alice sends the request to Bob using an existing session over the transport (IPv4 or IPv6) that she wishes to test. When Bob receives a request from Alice via IPv4, Bob must select a Charlie that advertises an IPv4 address. When Bob receives a request from Alice via IPv6, Bob must select a Charlie that advertises an IPv6 address. The actual Bob-Charlie communication may be via IPv4 or IPv6 (i.e., independent of Alice's
zzz
address type).
zzz
so the answer for SSU 1 is no
orignal
expats?
orignal
what does it mean?
orignal
zzz ofc I'm asking about SSU2
zlatinb
expat == someone who does not live in their home country afaik
zzz
ex-patriots, i.e. emigrants
orignal
I don't care about SSU1
orignal
I know what word expat means
zzz
I know, but that's how I get to the answer
orignal
but most people live in Russia
zlatinb
didn't know that
zzz
so, since we don't say anything different in prop. 159, the answer for SSU 2 is also no, at least right now
orignal
R4SAS, acetone, polistern
orignal
zzz, my point is how to iterpret msg 4
zzz
please explain
orignal
if we allow ipv6 test over ipv4 msg 4 means nothing
orignal
it even doesn't say if ipv6 for Alice works
orignal
only msg 5 matters
orignal
I'm working on the code for network status upon receieving messages
zzz
you may not get 5 OR 7, only 4. Then you are totally blocked for inbound
orignal
if I understand msg 5 means we are reachable
orignal
6 and 7 is test for symmertric NA
orignal
NAT
zzz
right
zzz
that's why 4 is important
orignal
ofc it's important for msg 6
orignal
but msg 4 doesn't change state
zzz
not right away, but you set a timer to change state after getting 4
orignal
in SSU1 I change state to Firewalled when receive 4 and change back to OK when receive 5
orignal
ofc it's done more complicated
zzz
because you may ever get 5
orignal
my point is
orignal
if I receive 4 in SSU1 and not 5
orignal
I set status to Firewalled
zzz
that sounds right
orignal
if I don't receive even 4 it means testing failed
zzz
yup
zzz
so back to the original question
zzz
can alice request v6 test over v4 connection to bob, or vice versa?
zzz
I don't think it's necessary to support that
zzz
if alice can't make a single outbound connection on v6, why does it need to be tested?
orignal
I can tell you why
zzz
or think of making the connection as the first part of the test
zzz
please tell ))
orignal
Alice needs ipv6 test but has ipv4 sessions only
orignal
not worth to establish one more session just for test
orignal
same logic as relay request
zzz
I would say, at startup, prioritize a mix of v4 and v6 connections so you can run tests
orignal
yes, that's fine
orignal
but in long term run
zzz
the other thing is, until you make an outbound connection and get an address block back, you may not "know" your IP address to send in a test request
orignal
assume I have an ipv6 SSU2 session before
zzz
so the process is:
zzz
1) make an outbound connection to discover your address
orignal
hence I know my IP or I think I know
zzz
2) make a peer test request to test it
orignal
3. make a new peer test request after 1 hour
orignal
and I don't have SSU2 ipv6 sessions anymore
orignal
for whatever reason
zzz
yeah the other thing is security. Bob can do checks that Alice is asking for a test for her IP, not any random IP
orignal
at start yes you should create all new session to discover your IP
orignal
Bob always has Alice's RI
orignal
furtrhermore he has to send it for Charlie
orignal
zlatinb I have heard that EU consider as Russian anybody who even born in RSFSR
zzz
yeah but bob is the first line of defense that the IP isn't garbage
orignal
and what code do we send if address is wrong?
zzz
dunno, we could add one if you want
zzz
alice's RI may not have the address in it if firewalled
zzz
I think mixed v4/v6 would be much less secure than SSU 1, and we're trying to be more secure
zzz
you want to add code 5 "unsupported address" ?
orignal
probably
zzz
ok, will do
orignal
if Alice's RI doesn't have an address Bob still knows her endpoint
orignal
should we also check it?
zzz
bob should do some checking. I don't know what I do now
orignal
that's why I'm asking what I shpuld do being Bob
zzz
looking...
zzz
right now I don't do any checking, because it's copied from SSU 1 where there is no ip/port in msg 1
zzz
my standard checks, which I should do here, are:
zzz
if (!TransportUtil.isValidPort(fromPort) ||
zzz
(!_transport.isValid(fromIP)) ||
zzz
_transport.isTooClose(fromIP) ||
zzz
_context.blocklist().isBlocklisted(fromIP)) {
zzz
and additional checks:
zzz
same address type v4/v6
zzz
check that the IP is the same or "close to" the session IP ?
orignal
let's check it and add rejection code
orignal
so you do have this phrase
dr|z3d
no one says that, orignal *chuckle*
dr|z3d
probably the closest thing, though not quite so euphemistic, would be "let's get back to the topic at hand" or similar.
orignal
but we say it in Russian all the time
orignal
zzz, I see strange thing
orignal
I see you connected to 2RRY but don't see ih in your RI
orignal
although I have re-requested it
orignal
zzz, can ypu check you RelayResponse ?
orignal
I receive messages SSU2: Block type 0 of size 17305
orignal
from Java routers
orignal
in response to RelayRequest
orignal
I also see a bug on my side for Bob