IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#ls2
/2023/01/07
zzz what we do: SSU2 tells NTCP2 what the external port is
dr|z3d interesting looking at the 2-tiered approach to banning peers making excessive tunnel requests.
dr|z3d first they get rejected, and for a good proportion of peers, that's sufficient to make them back off.
dr|z3d a few peers, however, keep going, and then they get temp banned for 1/2 hour. seems pretty effective, especially when targetting L/unreachable peers.
dr|z3d very rarely seeing high b/w tier routers getting snagged, their budget is higher.
dr|z3d the policy isn't totally removing the part tunnel spikes, but when they do occur, they're much less pronounced.
zzz bitcoin jonatack doc change PR, please review/comment github.com/bitcoin/bitcoin/pull/26838/files
dr|z3d looking better.
dr|z3d "It is possible, though strongly discouraged, to change your I2P router
dr|z3d configuration to limit the amount of I2P traffic relayed by your node."
dr|z3d that's good, but then he keeps the sample config for i2pd the same as it was before. not good. there's no scenario where limiting transit tunnels to 20 works.
dr|z3d limiting transit tunnels to 500 often results in a poorly performing router, at least on java.
dr|z3d he also wants a section in there to encourage port forwarding where required, to avoid being firewalled, for optimal router performance.
dr|z3d still, progress.
Xeha amount of transit tunnels should be at least the same amount they consume
dr|z3d can you do me a favor, zzz, and confirm or deny my theory that MAX_BAD_REPLIES_PER_HOUR in ProfileOrganizer will prevent the attack of a 1000 malformed routers?
Xeha otherwise they're leechers
dr|z3d *malformed RIs
dr|z3d he's added something about that, Xeha, though more clarity wouldn't hurt. "It is also
dr|z3d important that the nodes of a popular application like Bitcoin contribute more
dr|z3d to the I2P network than they consume."
Xeha 50% share AND 20 transittunnels, thats just pure leeching
dr|z3d that's my point. I think it's probably best for zzz to carry on communicating with the dev on that ticket, no sense everyone piling in.
dr|z3d he should probably be advised that changing either b/w share _OR_ transit tunnels is sufficient to constrain b/w usage, and that 1000 tunnels minimum or 80% share of 256KB/s if the b/w is available is a reasonable config.
zzz dr|z3d, looks like "deny" - peerSendsBadReplies() is used in only one place, to skip them for a netdb verify
zzz and, ofc, you don't know where a DSM came from anyway, it's not necessarily a "reply"
dr|z3d ok, zzz, thanks. maybe that method could be extended and made a bit more robust, or not.
zzz well, most of the reply stuff is commented out, but in any case, of course, it's for replies to lookups, and it definitely won't kick in for unsolicited stores, where you don't and can't know the source
dr|z3d we're throttling unsolicited stores in OutboundMessageDistributor.
dr|z3d MAX_ROUTERS_PER_PERIOD specifically, no?
zzz re: bitcoin ticket, no, I don't want to be the only one commenting or the sole representative of the community advising on best practices, esp. when the primary router used is i2pd
dr|z3d up to you, but it's probably going to carry much more weight if you act as the i2p emissary.
zzz sure, but I can't become the i2pd whisperer
dr|z3d just remove i2pd from the equation when you're formulating your responses, the recommendations in that doc, though they're more weighted towards i2pd, are applicable to the whole network.
zzz if you don't want to contribute over there, fine, but please don't discourage others
dr|z3d no where am I discouraging others from contributing, I've all along been suggesting that you carry on the dialog with suggestions for how to improve the documentation. if you don't want to assume that role, that's fine, but don't make me the bogeyman.
zzz ok, I misunderstood. I'll weigh in when I get a chance, maybe after it shakes out a little more
zzz anybody know if the btc protocol has a flag that says 'outbound only' ?
zzz or will a router with 10 address get all of them gossipped around and everybody will try to connect to all 10?
dr|z3d ok, great. you've got jonatack's attention and he's listening to your suggestions is really all I'm saying. we don't want to dilute that if at all possible. you're essentially in the driving seat :)
zzz more drivers wouldn't hurt imho
orignal weko can you test it?
weko Test what?
orignal that your NTCP2 is reachable though the port SSU2 tell you
weko I can I think
orignal that's the good question
orignal please try
weko Okay
weko I need rebuild
orignal no, just use nc
orignal check port you receive packet from
orignal and hit TCP port on that box
weko orignal: no i cant connect with port that i recieve from SSU2 peertest
weko with my congif port i can
weko config*
orignal zzz, so it wouldn't work
zzz interesting. we would not handle that well.
zzz dr|z3d, I commented on the PR
orignal zzz so what should we do in this case?
orignal basically what port should be publised for SSU2 address
zzz whatever port works
zzz the internal/external port concept is still a good one for SSU2
zzz if the NAT does something different for UDP and TCP, that's a separate issue
Xeha zzz: could have mentioned the transit tunnels too...
zzz they do have i2pd-specific changes in the PR Xeha, I'll leave the i2pd people to comment on that if they want
zzz when I said "limits" I meant both bandwidth and tunnels
orignal what do you do if real endpoint doesn't match publised endpoint?
zzz for NTCP2?
orignal for SSU2
orignal TCP alsways uses ephemeral ports
zzz we look at the session created. If two peers agree, we change published endpoint
zzz subject to all the limitations I listed yesterday
orignal how about SessionConfirmed?
orignal shouldn't we check it when we receive actual RI?
zzz I don't know. A lot of our code on this is 20 years old and pretty fragile
orignal my concerte question is
orignal can we leave port as is if we received msg 5
zzz yes, that's my recommendation in zzz.i2p/topics/3489
orignal let's go this way
orignal will just show error status "Cone NAT"
zzz vs. restricted
zzz ru flavor without pictures :) ru.wikipedia.org/wiki/NAT
orignal I know
orignal just telling what I'm going to do
zzz it's too bad ru wiki doesn't get pictures though
orignal I'm able o read english )))