zzz
0) Hi
zzz
hi
eyedeekay
hi
zzz
Meeting #200
zlatinb
hi
zzz
wave your party stuff
orignal
hi
eyedeekay
<throws confetti>
zzz
probably 6 years including #ntcp2 which we didn't number I don't think
zzz
anyway
zzz
what's on the agenda for today?
eyedeekay
go-i2p
zzz
ok that will be 1)
zzz
2) orignal proposed going to every-other-week for a while
orignal
nothing from my side
orignal
yes
zzz
ok then
zzz
1) go-i2p
eyedeekay
So obviously I was struggling a little bit with Noise, about last Thursday I went ahead and tried something different
eyedeekay
I started by taking the handshake functions from NoiseSocket which was an existing implementation of a noise tunnel and adapting them to the go-i2p transport interfaces
eyedeekay
Which led to me figuring out the differences between the NoiseSocket handshake and the needs of my "hypothetical unmodded noise transport" thing that I've been doing
eyedeekay
Which is that NoiseSocket is client-server and expects that, so what I actually had to do was to refactor it to decide based on whether we're connecting to somebody or somebody is connecting to us, so now I understand the difference between clients and servers and alices and bobs better
eyedeekay
But the long and short of it is I think I'm pretty close to actually being able to send a message across it for real
eyedeekay
It's still very messy but close to actually doing something
zzz
yeah, for sure, you're either alice or bob, and those are very different
zzz
and really have to be debugged independently
orignal
but if you are Alice you must know Bob's RI
orignal
meaning partial netdb implemnetation
eyedeekay
I am using fake ones right now but yes I do have a partial netDb implementation already
zzz
we've done this 4 times now. the important thing is looking at the state on each side: eph. and static keys, chaining key, hash, etc
eyedeekay
I'm just constructing something that fills up the object
zzz
bugs almost always result from some mismatch
eyedeekay
Yeah there was a lot of locking elaboration in NoiseSocket that to be perfectly honest hadn't even occurred to me yet but it was very helpful to work from
zzz
sure, it's a state machine, so you can only be processing one message at a time
zzz
(per socket)
orignal
you need to send it in SessionConfirmed
orignal
with correct signature etc.
zzz
good stuff
eyedeekay
orignal you're talking about for when I try and start making connections instead of just defining the sequence of things that happen on a connection, right?
eyedeekay
Right now what I've got is noise stuff(Handshake) happening on a socket implementation that almost works so I think I know what you mean
eyedeekay
And I'll be trying it soon
zzz
anything else on 1) ?
orignal
I'm just telling you the scope
orignal
if you are trying to connect to a real router
orignal
including your own
eyedeekay
Nothing else for me
orignal
but guys hinestly
eyedeekay
OK thanks orignal for your help
orignal
SSU2 looks much more prospective than NTCP2
zzz
what do you mean prospective?
orignal
faster, less load
orignal
more dpi resistant
zzz
sure, but he's having enough trouble with NTCP2. SSU2 is 4x harder
zzz
I think he's on the right path
orignal
yes he is
orignal
but he might want to think about common code for both
zzz
we don't want him crying in the corner :)
orignal
right now I have spgetti code
orignal
becuase SSU is too different
eyedeekay
That's a good point though, I'm not quite there yet but I think I'll have a better perspective on how to do the common code after I get done with this initial fake transport
orignal
from NTCP2 and SSU2
zzz
anything else on 1) ?
orignal
no
eyedeekay
no
zzz
2) meeting schedule
orignal
I suggest one in two week
orignal
because not too much to discuss at this point
zzz
that's fine by me, for now. Maybe through the end of the year?
zzz
or does eyedeekay need every week for go-i2p motivation?
orignal
maybe
eyedeekay
I'm fine with that, I'll be doing about the same thing every meeting for the rest of the year
orignal
up to him
eyedeekay
I'm fine with every 2 weeks though, I'll have more to say per meeting is all
orignal
me too
zzz
of course, never need to wait for a meeting to discuss things.
zzz
that's what the channel is here for
zzz
ok, so next meeting halloween, oct. 31 ?
orignal
yes, fine for me
eyedeekay
Pacing might be better
zzz
ok, let's try it, can always change back any time
zzz
I have a quick 3)
zzz
anything else on 2) ?
orignal
no
eyedeekay
no
zzz
3) hole punch
zzz
we discussed a few days ago, when I was answering orignal's question about proxy port
zzz
I answered the wrong thing
zzz
but got me thinking
zzz
for symmetric NAT, charlie doesn't know his own port
zzz
so port in the relay response block is probably wrong
orignal
why?
zzz
because each "session" has a different port
orignal
Charlie knows it from Bob
orignal
it's not neccesary however
zzz
yeah but when alice gets the hole punch, it won't be from that port
zzz
example:
zzz
EstablishmentManager: Hole punch source mismatch on OES2 v-9prH [Hash: v-9prHa6MrUcuZN8BQwcJL0xjZm1ujxEQ9TKfn~2Ifw=] lifetime: 96ms Rcv ID: 3860917032206725661 Send ID: -7079722670705281909 OB_STATE_PENDING_INTRO Introducers: {[Hash: 1wSo0ri1tvuStLf-1gBbF-I0s5wvLargiFcFViFtHwM=]=INTRO_STATE_SUCCESS, [Hash: tPcd9GdprLXJWPWUyS-z~5x7Mhv3VZYs1v8jGuUCgPw=]=INTRO_STATE_INIT, [Hash: BpATV4o2-r6~pbHjtleL5Qgo7Wn-5f1N6oGROvxyiEg=
zzz
]=INTRO_STATE_INIT} resp. block: 163.182.172.114:19352 rcvd. from: 163.182.172.114:13226
zzz
response block in the hole punch said port 19352
zzz
but the hole punch came from port 13226
R4SAS
orignal: Charlie will never be able to connect to Alice with proxy. There is the same thing like with NAT
R4SAS
proxy will that NAT device
zzz
yeah this is not the proxy case.
R4SAS
will be *
orignal
he will
zzz
just regular symmetric NAT
orignal
if no symmetric NAT
orignal
and it works now
zzz
(orignal's proxy question just got me thinking)
orignal
both routers behind NAT can connect to each other
zzz
SO, anyway, I'm Alice. I sent the Session Request to Charlie to port 13226 (where the hole punch came from)
zzz
and it worked
R4SAS
proxy server will make external mapping to different outgoing ports
zzz
so, my recommendation is, if the hole punch comes from a differnt port, send the session request to that port instead
zzz
(we may or may not have done that for SSU 1, I don't remember)
orignal
but how do you know this port?
zzz
it's the source port for the hole punch msg
R4SAS
you'll wouldn't know
orignal
yes but different from relay response
zzz
yes you do
zzz
right, different from relay response
orignal
it you don't check ports wouldn't be a room for an attack?
zzz
I still check if the from-IP matches the relay response block IP
zzz
and I still check if the port is a valid port
orignal
I mean why do we even need a relay response then?
orignal
ok. IP only
orignal
fine than
orignal
think you for hint
orignal
I will take port from HolePunch
zzz
so this will allow routers behind symmetric NAT to get incoming connections
orignal
great
orignal
now, what if Alice is behind stymmetric nat?
orignal
trying to connect to a router through introducer
zzz
alice only? or both alice and charlie?
orignal
alice is symmetric nat
orignal
bob is just nat
orignal
not syttemtric
zzz
should work fine, right?
orignal
no
orignal
sorry not bob
orignal
charlie
orignal
alice sends her ennpoint with wrong port
zzz
so alice doesn't get the hole punch, it's blocked by her symmetric nat
zzz
alice gets the relay response from bob
zzz
and sends session request to charlie as usual
orignal
charlie send HolePunch to that worng port
zzz
doesn't matter, it still opened the port on charlies' firewall
orignal
agree
zzz
pKWyqn is one router that seems very confused
orignal
what's that?
zzz
for 89.187.163.198:39261 via 89.187.163.218:39261
zzz
sometimes has wrong IP
zzz
sometimes wrong port
zzz
for 156.146.56.138:39261 via 89.187.163.213:38774
orignal
java or i2pd?
zzz
might be behind VPN
orignal
because I don't update port yet
zzz
java
orignal
SSU2 through proxy will look more funny
zzz
anyway, that's all I have on 3)
orignal
great
zzz
also, I copied most of prop. 159 to the spec section
orignal
I will change the code according to your logic
zzz
minus all the QUIC copy-paste and some other stuff
orignal
will check
zzz
and got the blog post out (finally)
zzz
so any more updates I will change in both places, prop. 159 and the spec
zzz
that's it from me
zzz
anything else for the meeting?
orignal
we need more SSU2 routers as usual
zzz
we'll have all you need in 5 weeks :)
zzz
start planning what costume you will be wearing
zzz
thanks everybody