@eyedeekay
+R4SAS
+RN
+RN_
+T3s|4
+Xeha
+orignal
FreeRider
Irc2PGuest15271
Onn4l7h
Onn4|7h
T3s|4_
aargh3
acetone_
anon4
cancername
eyedeekay_bnc
not_bob_afk
profetikla
shiver_1
u5657
weko_
x74a6
orignal
do you persist tokens?
dr|z3d
we do, orignal, up until expiry.
dr|z3d
which means writing them to file and loading then on shutdown/startup.
dr|z3d
write on shutdown, load on startup, to clarify.
zzz
ok I've drastically reduced the number of bad tokens coming in
zzz
orignal, most of the remaining ones are from snatted (or proxied?) i2pd
zzz
I'm not going to send or save tokens if I think I'm symmetric natted
zzz
almost all these i2pd routers think they are reachable; maybe they are, I don't know
zzz
but they're not sending from the port they are publishing
orignal
I will check why. I rely on peer test 5
orignal
if it comes I assume they are reachable
orignal
please explain when we send or save tokens
orignal
because I always do
orignal
another issue
orignal
Vort sees this message in his logs
orignal
if (numFragments > 2)
orignal
{
orignal
LogPrint (eLogError, "SSU2: Too many fragments ", numFragments, " in SessionConfirmed");
orignal
how is it possible?
zzz
sounds like a one-in-a-million very large RI
zzz
why limit to 2 fragments?
zzz
biggest RI I have right now is 2046 bytes, gzipped is 1572
dr|z3d
2043 bytes here is largest locally.
zzz
seems like two fragments should be enough but I guess not
zzz
orignal, re: when to send/save tokens:
zzz
right now I always do
zzz
I'm about to check in a change to NOT do it if it's IPv4 and I think I'm snatted
zzz
I _may_ also make a change to not do it if I think the _other_ guy is snatted
dr|z3d
did you bump up the token cache limits yet, zzz, or that's next?
dr|z3d
for now I'm just flat out limiting to 4096 tokens until something better comes along :)
orignal
just asking
orignal
I never send more than two
zzz
doing last checks on a 600 line diff
orignal
so back to the problem with status
orignal
you say that i2pd publishes port but packets come from different one
orignal
but might it be possible?
dr|z3d
600 lines. dang. that's a big patch.
orignal
that incoming port also works
zzz
sure, it's possible, but I see it a lot.
orignal
no I mean that peer test message 5 is succesful
zzz
after my fixes, 60% of the bad inbound tokens are from i2pd, wrong port
orignal
even if outgoiing port is different
orignal
then tell me how should I handle it
zzz
don't know, maybe a bug, maybe not. Just reporting what I see
orignal
after I receive peer test 5
orignal
I'm asking the proper way to do it
zzz
take a look at this guy he's the worst offender DtQsGzkbeR3nilr6ZvywR2O7-f0XaaV~YfHXohqwjgI=
orignal
basically I do nothing for 6 and 7. just send and receive
orignal
that's what I'm asking
zzz
I'll take a look at what I do, stand by
orignal
saty I receive 6 and discover that Alice's address I have sent 5 to is different
zzz
here's my success criteria:
zzz
if ( (test.getAlicePort() == test.getAlicePortFromCharlie()) &&
zzz
(test.getAliceIP() != null) && (test.getAliceIPFromCharlie() != null) &&
zzz
(test.getAliceIP().equals(test.getAliceIPFromCharlie())) ) {
zzz
/// success
zzz
I also require two consecutive tests with the same result to transition from firewalled to OK or OK to firewalled, because there's a lot of false positives/negatives
zzz
orignal, you don't want to ignore msg 7, because you need to verify the msg 7 ip/port match
orignal
if it for 7?
orignal
but what you do for 6?
zzz
looking...
orignal
getAlicePortFromCharlie() means remote endpoint from socket?
zzz
no, that's the address block
orignal
please exlain what it is
orignal
so, msg 7 should contain an address block?
zzz
checking...
orignal
I don't attach it
zzz
been a while, I shouldn't be guessing
zzz
yes I put an address block in msgs 5-7
zzz
I send msg 7 to the source IP/port from msg 6
orignal
I will make this change then
orignal
now if I receive msg 6 and it doesn't match address for 5 what I do?
orignal
send 7?
zzz
yes
orignal
what if port mismatch upon receiveing 7?
orignal
set status Firewalled?
orignal
well I add address block to 6 and 7
zzz
if mismatch on 7, I set state to SNAT for ipv4, or FIREWALLED for ipv6
orignal
I have Firewalled state for it and Symmetric NAT error now
orignal
fine
orignal
will do
zzz
ok, have fun testing
orignal
that's the reason why you see so many cases
orignal
because I don't do anything with 7
zzz
great, let's see how it works out
orignal
one more question
orignal
what do you put into msg 5 as you mentioned before?
zzz
for the address block?
orignal
yes
orignal
you don't know Alice's real enpoint
orignal
only Bob knows
zzz
looking...
orignal
Charlie doesn't
zzz
it's the destination ip/port for msg 5, so it's the same data as what's in the peer test block
orignal
then what's the point?
orignal
send address to Alice from her own block
zzz
may not be any point, let me see what the spec says
zzz
Address block contents:
zzz
In message 5: Not required.
zzz
In message 6: Charlie's IP and port as selected from Charlie's RI.
zzz
In message 7: Alice's actual IP and port message 6 was received from.
zzz
I use the same code for creating 5/6/7, that's why I put it in there
orignal
because I don't put it into 5
orignal
you don't publish introducers in case of symmetric nat, do you?
zzz
looking...
zzz
yes we do
orignal
why?
orignal
if it's useless
zzz
relay should still work
orignal
fine then
orignal
thanks
orignal
I don;t publish introducers if I'm connected through proxy
orignal
but should I?
zzz
if it works, sure
zzz
good discussion, I've found a couple minor peer test bugs because of it