@eyedeekay
+R4SAS
+RN
+RN_
+T3s|4
+Xeha
+acetone
+orignal
+weko
Irc2PGuest89954
Leopold_
Onn4l7h
Onn4|7h
T3s|4_
aargh2
anon2
cancername
eyedeekay_bnc
hk
not_bob_afk
profetikla
shiver_
u5657
x74a6
zzz
test results:
zzz
I see some SSU2 addresses with mtu=1500, not necessary, that is the default
zzz
I see some SSU addresses on i2pd routers with mtu=1480, not right, should be rounded down to mod 16 = 0, 1472
zzz
failures since 8:20 PM eastern last night:
zzz
15 ImQCa~
zzz
13 k8vhnd
zzz
7 CEFnjX
zzz
4 ~GIB3b
zzz
3 gpUBQf
zzz
3 bAU~6X
zzz
1 xZ9nsA
zzz
1 kyY2Tx
zzz
1 iNmqNX
zzz
ImQC is publishing 1500 and failing frequently
zzz
ditto k8vh
zzz
the others do not appear to be publishing mtu
zzz
eot
zzz
ImQC appears to have a he.net address
orignal
I will fix it for SSU1
zzz
so the good news is, BpAT and YXEA, formerly top of the list, no longer have the issue
orignal
ImQC might be on windows
orignal
and we don't detect mtu proprely there
orignal
need to inverstigate
zzz
that sounds right, because ImQC is 2001:470:: and is publishing 1500. k8vh has the same issue
zzz
but k8vh is not 2001:470
orignal
we will check
orignal
fixed mtu
orignal
for SSU1
zzz
is it going to be a lot of work to detect MTU on Windows?
orignal
it should work
orignal
we need to check we it doesn't
orignal
maybe it's not windows
orignal
mtu=
orignal
^D1472
orignal
for cdoF
orignal
and 1480 for SSU2
zzz
the k8vh IP address 2a06:a004:: also appears to be a IPv6 tunnel broker: ipinfo.io/AS61138/2a06:a004::/36
zzz
same as MNcW
orignal
and also publishes 1500?
orignal
MNcW depends on mode
orignal
I use wireguard
zzz
k8vh is publishing 1500. MNcW publishing 1420
orignal
right but as I said you can choose mode
orignal
there
zzz
ok
orignal
deavmi also uses wireguard with 1420
orignal
strange you didn't see such MTU before
zzz
I'm looking at SSU2
orignal
I will tell him
orignal
to update
zzz
clearly there's an MTU detection issue on ImQC and k8vh
orignal
but what if interface really publishes 1500?
zzz
k8vh is updated because it's publishing 1500 for SSU2
orignal
think
zzz
then it's a buggy driver?
orignal
no
orignal
a tunnel comes to router
orignal
but i2pd runs on some box in LAN
zzz
then it's a PMTU issue
orignal
and get ipv6 from router from it's range
orignal
what MTU would you detect?
orignal
I guess 1500
zzz
well, we have PMTU detection and adjustment up/down based on retransmissions and acks
orignal
how do you do it?
orignal
in two words
zzz
but right now, the SSU2 handshake sends the session confirmed using the advertised MTU
orignal
I don't know how to resolve this issue yet
zzz
so we could change it to send session confirmend with minimum MTU 1280 to be "safe", and then do PMTU adjustment later
zzz
can't do it in 2 words ))
orignal
not a bad idea
orignal
I think that's where 1472 came from
orignal
and that's how SSU1 worked
zzz
but that's for later discussion. For now, let's find out if there's MTU detection bugs on ImQC and k8vh
orignal
I don't think so
zzz
ok, but lets find out for sure
zzz
is it a MTU bug or a PMTU issue
orignal
I will change it to 1480/1472 max
zzz
I do have special-case code to set local HE addresses to 1472 max, no matter what the OS says. I could do the same for the route48.org addresses
zzz
orignal, FYI we banned that router building all the tunnels that dr|z3d mentioned yesterday - you may see some impact on i2pd, or maybe not
R4SAS
I'll try to figure out MTU for HE.net on windowsn
zzz
thanks R4SAS
orignal
what was with that router?
orignal
I will implement the code for tunnels
zzz
re: router, it was all explained yesterday, see 24 hours above ^^^
zzz
just giving you a heads up in case it gets worse for i2pd
orignal
I know the discusssion
orignal
but what's with this router?
zzz
if you have more questions please ask drz or obscuratus, they did the research
orignal
but what the problem exatcly?
orignal
too many tunnel build requests?
obscuratus
orignal: To recap... This router was generating a storm of tunnel building. If you didn't implement limits, a single router might see 100s participating tunnel build requests from this one router.
orignal
elgamal or ecies?
obscuratus
Encryption Key:ECIES_X25519
orignal
then why is it a problem?
orignal
it doesn't consume too much cpu
obscuratus
For my part, I had to degrade my routers service by imlementing tunnel limits. If I didn't, my router would crash.
obscuratus
And this one router would crowd out other legimate tunnel requests.
orignal
the question is
orignal
how can they manage to produce so many requests?
orignal
if they are real
obscuratus
If I had to guess, they had a custom router build of some kind.
obscuratus
Oddly, I never saw an OBEP or IBGW, just participating tunnels. Dozens of them.
orignal
I mean how much cpu they use on their side
orignal
huh? so you know what's inside that record?
orignal
it means they encrypt it properly
obscuratus
The traffic through each tunnel was pretty low, usually 20-40k over the life of a given tunnel. I never tried to examine the traffic to check if it was encrypted properly.
orignal
since you know that your are a aprticipating tunnel
orignal
it means you are able to decypt your record
obscuratus
I never saw any glaring errors in my logs, so that seems like a good assumption.
orignal
that means they have to do encryption job oon their side
obscuratus
Also, the originating IP address of this router was changing. Rotating through several VPN addresses.
orignal
maybe Turkmen?
orignal
they keep using several VPNs
obscuratus
According to eyedeekay, it was a provider called "Clouvider". Most of the vpn out points were in Europe.
eyedeekay
That was just based on running whois against the IP addresses which were listed in dev yesterday
eyedeekay
But yes, Clouvider, which is a corporation based in the UK
R4SAS
windows MTU: I see 1492 on my windows box with Ethernet connection to router
R4SAS
VirtualBox creates interfaces woth 1500
R4SAS
somewhere in internet I see reports that they have 1280 on 6to4 adapters
R4SAS
PPPoE has 1480
R4SAS
orignal: hmm... GetMTUWindowsIpv6
R4SAS
huh?
orignal
idk
orignal
I didn't write this code
R4SAS
we already check interface MTU on windows
orignal
anyway let's recognize tunnel brokers by IP
orignal
yes I know
orignal
maybe we do it worng
orignal
nobody cared before
R4SAS
what for?
orignal
aboout HE mtu on windows
orignal
it must be 1480
dr|z3d
Clouvider provides services to HideMeVPN afaik.
dr|z3d
do you do any part tunnel request throttling, orignal?
orignal
no
orignal
because I'm fine with it
R4SAS
nope
R4SAS
1280 5 0 0 IP6Tunnel
dr|z3d
ok, just curious. I think that specific router may have been spiking at several thousand part tunnel requests at various times.
orignal
R4SAS it's default value
R4SAS
nope, I just tried to add tunnel to HE
orignal
dr|z3d it's not a problem for us really
orignal
x25519 is really fast
R4SAS
and system set that MTU automatically
orignal
sure it's system rather than i2pd's?
dr|z3d
could be an early warning sign of network abuse
R4SAS
???
orignal
I doubt that that router is doing a network abuse
orignal
where do you 1280?
orignal
if ipconfig or in i2pd?
R4SAS
>netsh interface ipv6 show subinterfaces
orignal
then windows is fine ))
orignal
zzz do we also publish mtu for SSU1 ipv4?
orignal
or it's for ipv6 only?
dr|z3d
> <zzz> you must, of course, publish non-default MTU for ipv4 also
orignal
that's for SSU2
orignal
I'm asking about SSU1
orignal
I remeber it was a reson to not publish mtu for ipv4
dr|z3d
ok, nothing explict I can see regarding SSU1 for MTU publication.
dr|z3d
(in the backlog)
orignal
it's long story
orignal
since I see in the code
orignal
I publish mtu for ipv6 addresses only
orignal
no 2RRY in the list because it crashed ))
zzz
orignal, yes, of course, ipv4 SSU 1 also
zzz
since 0.9.2 2012
orignal
then why I set it for ipv6 only?
zzz
ipv6 can never be the default because it's mod 16 = 0
zzz
ipv4 is mod 16 = 12, with a default 1484
zzz
why you don't set it for non-default, only you can say
orignal
idk either
orignal
I will change it