IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#ls2
/2023/02/17
@eyedeekay
+R4SAS
+RN
+RN_
+Xeha
+acetone
+orignal
+weko
Irc2PGuest42386
Irc2PGuest5995
Leopold_
Onn4l7h
Onn4|7h
T3s|4_
aargh2
anon2
eyedeekay_bnc
hk
not_bob_afk
profetikla
shiver_
u5657
x74a6
dr|z3d forgot to mention, re connections, those figures earlier were for 1m, not 5 as per canon, zzz.
orignal Reseed: Failed to reseed from i2p.novg.net:443/i2pseeds.su3, http code 404
orignal reseed through ipv6
orignal can somebody check?
orignal zzz I connet to FF directly if I'm compatible
orignal and through an expolratory tunnel if not
orignal say if I'm ygg-only router
dr|z3d that one's down for a while irrc.
dr|z3d the reseed host.
zzz orignal, novg reseed down until next java release, he lost his keys
orignal SSU2: Termination reason=99
orignal what's it?
zzz I will be sending a reseed email
orignal thanks. because I didn't receive any notificastions
orignal what is terminnation reason code 99?
orignal do you send it?
zzz I don't send 99 and not in the spec
zzz re: connect to FF directly, can you change it to send through expl. tunnel unless already connected?
orignal but I recieve one
orignal and it's valid message
zzz can't explain 99, maybe bug, maybe corruption, don't know
orignal I can but we agreed long time ago
zzz remind me, then I will explain problem
orignal I asked you long time ago how we publish outself on FF
orignal you said directrly if you can connect
orignal and though an exploratory tunnel if you can't
zzz Here's the problem
orignal furthemore remeber about "short" connections just for ne message
orignal first please clarify
orignal if the conept has changed
orignal because I have explict code for short connection
zzz short connection = rapid close after sending store message?
orignal if I need to create on outgoing connection and pending message is own DatabaseStore I make short connection
zzz ok that's good
orignal if you have new conecpt let me know
zzz but floodfills are still all clogged up with too many connections
zzz I don't think it's new concept, we've done it for a while, but I need to research:
zzz anyway here is concept
zzz if you are slow or unreachable router, then your expl. tunnel OBEP is probably better "connected"
zzz so sending thru tunnel reduces the "fan-in" to the floodfill
zzz gives it a better chance to get there
zzz when I restart my floodfill I get 1000 inbound connections in first minute
orignal yes, single message and close after short time
zzz there shouldn't be 1000 connections per minute, something is not right.
orignal I don't get your point
zzz We have 2000 floodfills
zzz floodfill sees way way too many incoming connections
orignal please eplain the diufference between direct connection and OBEP
zzz the OBEP is more likely to be connected to the ff already
orignal why ?
zzz because the OBEP is probably a "better" router than you are if you are L or U
orignal OBEP is an ordinary router
orignal similar to me
orignal no, it can be LU for explratory
orignal in my code
zzz sure but OBEP is probably better than you if you are LU
zzz just by random selection
zzz if you are bad, most routers are better :)
orignal then you want something else
orignal you want me to send publication through high-bandwidth OBEP if possible
orignal not just through exploratory
zzz I think we pick expl. tunnel that has XOR-closest OBEP
orignal that's not right
zzz probably not ))
orignal you shoulkd pick good OBEP instead
orignal also how about garlic encrytion
zzz yes we encrypt
orignal when you send through OBEP
orignal and now you see that you make the problem for FF worse
orignal because FF has to decrypt
orignal and decryption is not free
orignal unlike in case of direct connection
zzz maybe my concept not the best
zzz but let's go back to problem
zzz why is ff getting 1k connections per minute? Is it attack? bug?
zzz this is a slow ff. It's not tunnels
dr|z3d my hunch is attack. try and render the ffs inoperable by swamping them.
zzz please help investigate orignal
dr|z3d yeah, orignal needs investigating :)
orignal what do you want me to investigate?
dr|z3d super-high connections to newly online ffs.
zzz maybe it's lookups, not stores
zzz question is why do ffs get so many connections
orignal garlics or non-garlics, that's the qeustion
zzz with 2000 floodfills, they only have 1/2000 of the keyspace
orignal another question
orignal how do floodfills fllood?
zzz so attack or bug or needs tweaks or what
zzz anyway I added a connection throttle so we're doing to drop a lot more connections especially at startup
orignal but what's a problem with 1000 connections per minute?
orignal I don't see something excessive on my floodfiils
orignal NTCP2 ( 1811 )
zzz because it quickly drives the router to connection limits, and especially at startup it's using a lot of CPU already
orignal NTCP2v6 ( 272 )
zzz not total count but new connection count
orignal SSU2 ( 1573 )
weko NTCP2 - 2300
weko SSU2 - 2100
weko Looks normal
zzz as recommendation 2) - limit things
orignal SSU2v6 ( 392 )
zzz not total count
zzz incoming per minute
orignal you contraict youslef
orignal <zzz> because it quickly drives the router to connection limits
orignal <zzz> not total count but new connection count
orignal please exaplian what's you problem
zzz right. at 1k/minute we hit our connection limit in 90 seconds
orignal CPU usage?
weko My CPU time looks normal, don't see problem
orignal where?
zzz weko, "I don't see problem" is not helpful
weko Yes but maybe it is local?
orignal in NTCP2? in SSU2? in tunnels? in netdb?
weko Java only issue maybe
orignal zzz we need more details from you
zzz cpu all over at startup as we load everything in
zzz we have to protect the router at startup
orignal where does CPU consumtion come from?
zzz everywhere
orignal let's not talk about startup
zzz agreed
orignal but router running more than 15 minutes
orignal where is the prboblem?
zzz let me look
weko On my router I don't see any anomalies, I think I can't help
zzz problem is ff with 2000 max connections and is always at the limit
weko Increase limit? I always have >2000 connections on every transport, before December also
zzz so is it attack or can we think of concept to reduce ff connections
orignal for me it's normal behaviour
zzz 15 year old problem, yes. But it's getting worse
weko zzz: you have big issue with CPU time with this count of connections?
orignal ofc becuase more routers and more destinatiions now
weko Have you*
orignal for me encrypted RouterInfo is more problem than number of connections
orignal and I have an instant suggestion
orignal always pefer SSU2 when connect to FF
orignal another option. can we just drop single garlic to a port without estblishing session?
zzz we have ssu2 lower cost already
zzz also, prefer non-ff for tunnels
orignal I don't
orignal and I can change it
orignal think about last idea
zzz hmm
orignal UDP packet with garlic in it
zzz like token request + RI
zzz interesting
orignal not connection and since it's garlic no risk
orignal so the first thing I can promise is SSU2 poreference for floodfiil connection
zzz ok. maybe not related to attack, but please research. especially startup issue because there shouldnt be 1k/minute incoming after 3 minutes of downtime
zzz routers should have given up and tried somebody else
dr|z3d was seeing something similar in dec. new router, uptime measured in seconds, being hit with 20-40MB/s traffic.
dr|z3d not a new router, new router session, sorry.
orignal do you see 1k/minute from the same source?
orignal if you see incming connections from different source how they could give up?
zzz I mean they should have given up in the 3 minutes I was down :)
orignal but if you see from differnt guys
zzz with my new throttle I'm dropping 2500 connections in the first 10 minutes of uptime
orignal and what about OBEP?
zzz I don't know, that's why I'm asking for help ))
orignal how should OBEP give up if they keep receivein delivery instructions?
zzz good questions
orignal encrypted RI is a problem for me
zzz after startup I'm dropping 1500 SSU2 connections an hour
orignal I need to rewrite the code to move router's decryption to separate thread
orignal you have a risk this way
orignal that floodfills will be hijacked by i2pd )
zzz i2pd is ~ 33% of network. Let's see what % of inbound connections to my ff are i2pd.
zzz then we will know
orignal also please check DHT lookup
orignal how much it consumes on FF
orignal and FYI I have commited initial version of tree-based Kademlia
zzz I;ll have i2pd vs java data in two hours
zzz almost impossible for me to measure cpu of things on java
zzz I've been thinking about trees
zzz I think red/black is the right kind
zzz what did you do?
orignal ofc it's very first and non-optimal
orignal binary tree with 0 and 1 branch based on next bit
zzz so no balancing
zzz I was going to write my own but it wouldn't be balanced.
zzz red/black is balanced and is probably the right choice.
zzz it's a little complicated so finding a library would be a lot better.
zzz plenty of implementations out there
zzz Red/black is what the kernel uses all over
orignal ni balancing
orignal just by bits in hash
orignal look at my implementation KadDHT.h/.cpp
zzz yeah I see it
zzz nice and simple
zzz but I think balancing is a requirement
orignal I believe even this implemnetation will be fatser than what I have now
orignal plus there is room for optimization
orignal getting rifd of recusrion and memory pool
zzz ofc
orignal we know that this looks consumes around 25% of netdb thread
orignal *lookup
orignal on a FF
zzz doesn't look like you have find-closest-n-hashes yet? that's the hard part
orignal you find first then move 1 level recursin up assuming that branch is not there and try another
zzz seems like it's not easy to "back out" from the closest to find the n next closest. But if you know how, great :)
orignal it's the same as you find first closest, remove it and then find closests again
orignal but ofc you can do it more efficient way
zzz yeah but then it's O(n log m). Would be good to do it in O(log m)
zzz but in the "back out" you will have to go down paths in the tree you didn't take the first time
zzz search for one you just go down down down
orignal I have to go up to closest split and take another branch
zzz search for n you go down down down, then up down up down down etc.
orignal I know
orignal I don't say it's optimal
orignal just better than current dumb implemntation
orignal that's O(n*m)
zzz sure
zzz we are O(m log m) because we just sort them all
zzz not great
orignal yes, that's what I mean
orignal and would be nice how much CPU it consumes on FF
weko What is m?
orignal number of floodfiils
orignal n is number of closests. usually 3
weko Then algorithm O(log n) or O(n), don't now concretely.
weko Yes, log m ofc
zzz we were also doing O(m) for tunnel peer selection and I finally fixed that last month
weko Good
zzz baby steps
weko I don't agree
weko [15:33:56] <orignal> n is number of closests. usually 3
weko Or 2, as I know, for selection for local request
weko Look like O(log m * n ^ 2). Old algo O(m * n^2)
weko In worst case, ofc.
dr|z3d htop will give you internal process threads by name, zzz, so if you can provoke the sub-thread you want to monitor to do something demanding for an extended period, you should be able to monitor how heavy it is.
orignal top -H
orignal we name threads in i2pd
dr|z3d same in java.
zzz y'all are making bad assumptions about where our ff selection code is. Yes I said impossible which ofc is not true. But it is not something I'm going to do. If anybody is interested in researching hot spots in java code, go ahead. I'm busy.
dr|z3d the throttler, zzz, p=24/128 .. that's a fraction indicating the likelihood the connection will be dropped?
dr|z3d so 24 chances in 128, essentially?
dr|z3d I wondering a) how to make that a bit easier to read in the logs, and b) maybe how to do something visual with the stat in the sidebar.
dr|z3d first should be easy enough, just convert it to a %age. 2nd, dunno. thinking...
zzz its for me not you
dr|z3d obviously :)
zzz turn it into a double and print out 20 digits if you like
dr|z3d now that would just be silly. :P
zzz 128 uses half the entropy that 100 does, that's why
dr|z3d > /128 * 100, round to int probably fine.
dr|z3d not grumbling, don't get me wrong. it appears to be doing a good job.
zzz just a micro-optimization but it does make the printout a little wonky
zzz slight sacrifice in code readability, slight improvement in efficiency, close call
zzz some other day may have done it the other way
dr|z3d it's your code, your call to make :)
zzz thats really what all coding is. you make those decisions almost every line, you just don't realize it
zzz e.g. do you do A) :
zzz if (foo.bar() != null && foo.bar().baz())
zzz or B) :
zzz Bar bar = foo.bar();
zzz if (bar != null && bar.baz())
zzz you make that decision a hundred times a day
zzz jrandom almost always did A) and there's still a ton of it in there
zzz I think I usually do B), at least when I'm not in a hurry
zzz you seem to be usually in the jrandom camp
dr|z3d I take my lead from whatever's in the code that makes most sense. That's my template :)
dr|z3d over time I see more and more constructions that I start to understand, and then I might hop onto them.
zzz idealy you should never do A) without first estimating the cost of bar() and determining it's small
zzz all that happens in my head in a split second as I'm typing
obscuratus Jumping into the conversation earlier, do we have an idea how many of our users have internet hardware that can truely handle >1000 conncetions. My computer may think I can handle 1000 connections, but I'm not sure about everything downstream of my computer.
orignal tcp or udp?
orignal it's main difference
obscuratus If you're behind a router, don't both need a NAT table?
zzz generally the nat/firewall is the constraint, not the computer
zzz there both table size and table expiration issues
orignal I would say opposite
orignal a VPS has good network but weak hardware
zzz esp. on UDP
zzz we do periodic SSU pings when firewalled to keep the table entry alive
zzz it's "weak" CPU because you're sharing it, but there's no NAT table or OS limits issue presumably
zzz VPSes are designed for web servers
orignal I would assume VPS as tagret group for floodfills
obscuratus I guess one of the disadvantages of being an anonymous network is that we have difficulty knowing how many floodfills are VPS.
orignal how come? you see it by IP range
dr|z3d depends on the vps plan and the provider, orignal. not all vps' are created equal. some providers massively over-provision, others give you exactly the cores you paid for.
orignal I know
orignal let's assume $10/year shitty vps
dr|z3d then you definitely get what you pay for. aka fuck all :)
orignal but it's fine for floodfiil
dr|z3d that said, it's sometimes surprising what you can throw at that class of vps, even if plenty of your cycles are being stolen by other vps processes.