IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#ls2
/2022/12/04
@eyedeekay
+R4SAS
+RN
+RN_
+orignal
+weko
Irc2PGuest88897
Onn4l7h
Onn4|7h
T3s|4
T3s|4_
Xeha
aargh2
acetone_
anon2
cancername
eyedeekay_bnc
hk
not_bob_afk
profetikla
shiver_
u5657
x74a6
orignal do you persist tokens?
dr|z3d we do, orignal, up until expiry.
dr|z3d which means writing them to file and loading then on shutdown/startup.
dr|z3d write on shutdown, load on startup, to clarify.
zzz ok I've drastically reduced the number of bad tokens coming in
zzz orignal, most of the remaining ones are from snatted (or proxied?) i2pd
zzz I'm not going to send or save tokens if I think I'm symmetric natted
zzz almost all these i2pd routers think they are reachable; maybe they are, I don't know
zzz but they're not sending from the port they are publishing
orignal I will check why. I rely on peer test 5
orignal if it comes I assume they are reachable
orignal please explain when we send or save tokens
orignal because I always do
orignal another issue
orignal Vort sees this message in his logs
orignal if (numFragments > 2)
orignal LogPrint (eLogError, "SSU2: Too many fragments ", numFragments, " in SessionConfirmed");
orignal how is it possible?
zzz sounds like a one-in-a-million very large RI
zzz why limit to 2 fragments?
zzz biggest RI I have right now is 2046 bytes, gzipped is 1572
dr|z3d 2043 bytes here is largest locally.
zzz seems like two fragments should be enough but I guess not
zzz orignal, re: when to send/save tokens:
zzz right now I always do
zzz I'm about to check in a change to NOT do it if it's IPv4 and I think I'm snatted
zzz I _may_ also make a change to not do it if I think the _other_ guy is snatted
dr|z3d did you bump up the token cache limits yet, zzz, or that's next?
dr|z3d for now I'm just flat out limiting to 4096 tokens until something better comes along :)
orignal just asking
orignal I never send more than two
zzz doing last checks on a 600 line diff
orignal so back to the problem with status
orignal you say that i2pd publishes port but packets come from different one
orignal but might it be possible?
dr|z3d 600 lines. dang. that's a big patch.
orignal that incoming port also works
zzz sure, it's possible, but I see it a lot.
orignal no I mean that peer test message 5 is succesful
zzz after my fixes, 60% of the bad inbound tokens are from i2pd, wrong port
orignal even if outgoiing port is different
orignal then tell me how should I handle it
zzz don't know, maybe a bug, maybe not. Just reporting what I see
orignal after I receive peer test 5
orignal I'm asking the proper way to do it
zzz take a look at this guy he's the worst offender DtQsGzkbeR3nilr6ZvywR2O7-f0XaaV~YfHXohqwjgI=
orignal basically I do nothing for 6 and 7. just send and receive
orignal that's what I'm asking
zzz I'll take a look at what I do, stand by
orignal saty I receive 6 and discover that Alice's address I have sent 5 to is different
zzz here's my success criteria:
zzz if ( (test.getAlicePort() == test.getAlicePortFromCharlie()) &&
zzz (test.getAliceIP() != null) && (test.getAliceIPFromCharlie() != null) &&
zzz (test.getAliceIP().equals(test.getAliceIPFromCharlie())) ) {
zzz /// success
zzz I also require two consecutive tests with the same result to transition from firewalled to OK or OK to firewalled, because there's a lot of false positives/negatives
zzz orignal, you don't want to ignore msg 7, because you need to verify the msg 7 ip/port match
orignal if it for 7?
orignal but what you do for 6?
zzz looking...
orignal getAlicePortFromCharlie() means remote endpoint from socket?
zzz no, that's the address block
orignal please exlain what it is
orignal so, msg 7 should contain an address block?
zzz checking...
orignal I don't attach it
zzz been a while, I shouldn't be guessing
zzz yes I put an address block in msgs 5-7
zzz I send msg 7 to the source IP/port from msg 6
orignal I will make this change then
orignal now if I receive msg 6 and it doesn't match address for 5 what I do?
orignal send 7?
zzz yes
orignal what if port mismatch upon receiveing 7?
orignal set status Firewalled?
orignal well I add address block to 6 and 7
zzz if mismatch on 7, I set state to SNAT for ipv4, or FIREWALLED for ipv6
orignal I have Firewalled state for it and Symmetric NAT error now
orignal will do
zzz ok, have fun testing
orignal that's the reason why you see so many cases
orignal because I don't do anything with 7
zzz great, let's see how it works out
orignal one more question
orignal what do you put into msg 5 as you mentioned before?
zzz for the address block?
orignal you don't know Alice's real enpoint
orignal only Bob knows
zzz looking...
orignal Charlie doesn't
zzz it's the destination ip/port for msg 5, so it's the same data as what's in the peer test block
orignal then what's the point?
orignal send address to Alice from her own block
zzz may not be any point, let me see what the spec says
zzz Address block contents:
zzz In message 5: Not required.
zzz In message 6: Charlie's IP and port as selected from Charlie's RI.
zzz In message 7: Alice's actual IP and port message 6 was received from.
zzz I use the same code for creating 5/6/7, that's why I put it in there
orignal because I don't put it into 5
orignal you don't publish introducers in case of symmetric nat, do you?
zzz looking...
zzz yes we do
orignal if it's useless
zzz relay should still work
orignal fine then
orignal thanks
orignal I don;t publish introducers if I'm connected through proxy
orignal but should I?
zzz if it works, sure
zzz good discussion, I've found a couple minor peer test bugs because of it