IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#ls2
/2022/07/14
zzz test results:
zzz I see some SSU2 addresses with mtu=1500, not necessary, that is the default
zzz I see some SSU addresses on i2pd routers with mtu=1480, not right, should be rounded down to mod 16 = 0, 1472
zzz failures since 8:20 PM eastern last night:
zzz 15 ImQCa~
zzz 13 k8vhnd
zzz 7 CEFnjX
zzz 4 ~GIB3b
zzz 3 gpUBQf
zzz 3 bAU~6X
zzz 1 xZ9nsA
zzz 1 kyY2Tx
zzz 1 iNmqNX
zzz ImQC is publishing 1500 and failing frequently
zzz ditto k8vh
zzz the others do not appear to be publishing mtu
zzz eot
zzz ImQC appears to have a he.net address
orignal I will fix it for SSU1
zzz so the good news is, BpAT and YXEA, formerly top of the list, no longer have the issue
orignal ImQC might be on windows
orignal and we don't detect mtu proprely there
orignal need to inverstigate
zzz that sounds right, because ImQC is 2001:470:: and is publishing 1500. k8vh has the same issue
zzz but k8vh is not 2001:470
orignal we will check
orignal fixed mtu
orignal for SSU1
zzz is it going to be a lot of work to detect MTU on Windows?
orignal it should work
orignal we need to check we it doesn't
orignal maybe it's not windows
orignal ^D1472
orignal for cdoF
orignal and 1480 for SSU2
zzz the k8vh IP address 2a06:a004:: also appears to be a IPv6 tunnel broker: ipinfo.io/AS61138/2a06:a004::/36
zzz same as MNcW
orignal and also publishes 1500?
orignal MNcW depends on mode
orignal I use wireguard
zzz k8vh is publishing 1500. MNcW publishing 1420
orignal right but as I said you can choose mode
orignal there
orignal deavmi also uses wireguard with 1420
orignal strange you didn't see such MTU before
zzz I'm looking at SSU2
orignal I will tell him
orignal to update
zzz clearly there's an MTU detection issue on ImQC and k8vh
orignal but what if interface really publishes 1500?
zzz k8vh is updated because it's publishing 1500 for SSU2
orignal think
zzz then it's a buggy driver?
orignal a tunnel comes to router
orignal but i2pd runs on some box in LAN
zzz then it's a PMTU issue
orignal and get ipv6 from router from it's range
orignal what MTU would you detect?
orignal I guess 1500
zzz well, we have PMTU detection and adjustment up/down based on retransmissions and acks
orignal how do you do it?
orignal in two words
zzz but right now, the SSU2 handshake sends the session confirmed using the advertised MTU
orignal I don't know how to resolve this issue yet
zzz so we could change it to send session confirmend with minimum MTU 1280 to be "safe", and then do PMTU adjustment later
zzz can't do it in 2 words ))
orignal not a bad idea
orignal I think that's where 1472 came from
orignal and that's how SSU1 worked
zzz but that's for later discussion. For now, let's find out if there's MTU detection bugs on ImQC and k8vh
orignal I don't think so
zzz ok, but lets find out for sure
zzz is it a MTU bug or a PMTU issue
orignal I will change it to 1480/1472 max
zzz I do have special-case code to set local HE addresses to 1472 max, no matter what the OS says. I could do the same for the route48.org addresses
zzz orignal, FYI we banned that router building all the tunnels that dr|z3d mentioned yesterday - you may see some impact on i2pd, or maybe not
R4SAS I'll try to figure out MTU for HE.net on windowsn
zzz thanks R4SAS
orignal what was with that router?
orignal I will implement the code for tunnels
zzz re: router, it was all explained yesterday, see 24 hours above ^^^
zzz just giving you a heads up in case it gets worse for i2pd
orignal I know the discusssion
orignal but what's with this router?
zzz if you have more questions please ask drz or obscuratus, they did the research
orignal but what the problem exatcly?
orignal too many tunnel build requests?
obscuratus orignal: To recap... This router was generating a storm of tunnel building. If you didn't implement limits, a single router might see 100s participating tunnel build requests from this one router.
orignal elgamal or ecies?
obscuratus Encryption Key:ECIES_X25519
orignal then why is it a problem?
orignal it doesn't consume too much cpu
obscuratus For my part, I had to degrade my routers service by imlementing tunnel limits. If I didn't, my router would crash.
obscuratus And this one router would crowd out other legimate tunnel requests.
orignal the question is
orignal how can they manage to produce so many requests?
orignal if they are real
obscuratus If I had to guess, they had a custom router build of some kind.
obscuratus Oddly, I never saw an OBEP or IBGW, just participating tunnels. Dozens of them.
orignal I mean how much cpu they use on their side
orignal huh? so you know what's inside that record?
orignal it means they encrypt it properly
obscuratus The traffic through each tunnel was pretty low, usually 20-40k over the life of a given tunnel. I never tried to examine the traffic to check if it was encrypted properly.
orignal since you know that your are a aprticipating tunnel
orignal it means you are able to decypt your record
obscuratus I never saw any glaring errors in my logs, so that seems like a good assumption.
orignal that means they have to do encryption job oon their side
obscuratus Also, the originating IP address of this router was changing. Rotating through several VPN addresses.
orignal maybe Turkmen?
orignal they keep using several VPNs
obscuratus According to eyedeekay, it was a provider called "Clouvider". Most of the vpn out points were in Europe.
eyedeekay That was just based on running whois against the IP addresses which were listed in dev yesterday
eyedeekay But yes, Clouvider, which is a corporation based in the UK
R4SAS windows MTU: I see 1492 on my windows box with Ethernet connection to router
R4SAS VirtualBox creates interfaces woth 1500
R4SAS somewhere in internet I see reports that they have 1280 on 6to4 adapters
R4SAS PPPoE has 1480
R4SAS orignal: hmm... GetMTUWindowsIpv6
R4SAS huh?
orignal I didn't write this code
R4SAS we already check interface MTU on windows
orignal anyway let's recognize tunnel brokers by IP
orignal yes I know
orignal maybe we do it worng
orignal nobody cared before
R4SAS what for?
orignal aboout HE mtu on windows
orignal it must be 1480
dr|z3d Clouvider provides services to HideMeVPN afaik.
dr|z3d do you do any part tunnel request throttling, orignal?
orignal because I'm fine with it
R4SAS nope
R4SAS 1280 5 0 0 IP6Tunnel
dr|z3d ok, just curious. I think that specific router may have been spiking at several thousand part tunnel requests at various times.
orignal R4SAS it's default value
R4SAS nope, I just tried to add tunnel to HE
orignal dr|z3d it's not a problem for us really
orignal x25519 is really fast
R4SAS and system set that MTU automatically
orignal sure it's system rather than i2pd's?
dr|z3d could be an early warning sign of network abuse
orignal I doubt that that router is doing a network abuse
orignal where do you 1280?
orignal if ipconfig or in i2pd?
R4SAS >netsh interface ipv6 show subinterfaces
orignal then windows is fine ))
orignal zzz do we also publish mtu for SSU1 ipv4?
orignal or it's for ipv6 only?
dr|z3d > <zzz> you must, of course, publish non-default MTU for ipv4 also
orignal that's for SSU2
orignal I'm asking about SSU1
orignal I remeber it was a reson to not publish mtu for ipv4
dr|z3d ok, nothing explict I can see regarding SSU1 for MTU publication.
dr|z3d (in the backlog)
orignal it's long story
orignal since I see in the code
orignal I publish mtu for ipv6 addresses only
orignal no 2RRY in the list because it crashed ))
zzz orignal, yes, of course, ipv4 SSU 1 also
zzz since 0.9.2 2012
orignal then why I set it for ipv6 only?
zzz ipv6 can never be the default because it's mod 16 = 0
zzz ipv4 is mod 16 = 12, with a default 1484
zzz why you don't set it for non-default, only you can say
orignal idk either
orignal I will change it