dr|z3d
forgot to mention, re connections, those figures earlier were for 1m, not 5 as per canon, zzz.
orignal
Reseed: Failed to reseed from i2p.novg.net:443/i2pseeds.su3, http code 404
orignal
reseed through ipv6
orignal
can somebody check?
orignal
zzz I connet to FF directly if I'm compatible
orignal
and through an expolratory tunnel if not
orignal
say if I'm ygg-only router
dr|z3d
that one's down for a while irrc.
dr|z3d
the reseed host.
zzz
orignal, novg reseed down until next java release, he lost his keys
orignal
SSU2: Termination reason=99
orignal
what's it?
zzz
I will be sending a reseed email
orignal
thanks. because I didn't receive any notificastions
orignal
what is terminnation reason code 99?
orignal
do you send it?
zzz
I don't send 99 and not in the spec
zzz
re: connect to FF directly, can you change it to send through expl. tunnel unless already connected?
orignal
but I recieve one
orignal
and it's valid message
zzz
can't explain 99, maybe bug, maybe corruption, don't know
orignal
I can but we agreed long time ago
zzz
remind me, then I will explain problem
orignal
I asked you long time ago how we publish outself on FF
orignal
you said directrly if you can connect
orignal
and though an exploratory tunnel if you can't
zzz
Here's the problem
orignal
furthemore remeber about "short" connections just for ne message
orignal
first please clarify
orignal
if the conept has changed
orignal
because I have explict code for short connection
zzz
short connection = rapid close after sending store message?
orignal
if I need to create on outgoing connection and pending message is own DatabaseStore I make short connection
zzz
ok that's good
orignal
if you have new conecpt let me know
zzz
but floodfills are still all clogged up with too many connections
zzz
I don't think it's new concept, we've done it for a while, but I need to research:
zzz
anyway here is concept
zzz
if you are slow or unreachable router, then your expl. tunnel OBEP is probably better "connected"
zzz
so sending thru tunnel reduces the "fan-in" to the floodfill
zzz
gives it a better chance to get there
zzz
when I restart my floodfill I get 1000 inbound connections in first minute
orignal
yes, single message and close after short time
zzz
there shouldn't be 1000 connections per minute, something is not right.
orignal
I don't get your point
zzz
We have 2000 floodfills
zzz
floodfill sees way way too many incoming connections
orignal
please eplain the diufference between direct connection and OBEP
zzz
the OBEP is more likely to be connected to the ff already
orignal
why ?
zzz
because the OBEP is probably a "better" router than you are if you are L or U
orignal
OBEP is an ordinary router
orignal
similar to me
orignal
no, it can be LU for explratory
orignal
in my code
zzz
sure but OBEP is probably better than you if you are LU
zzz
just by random selection
zzz
if you are bad, most routers are better :)
orignal
then you want something else
orignal
you want me to send publication through high-bandwidth OBEP if possible
orignal
not just through exploratory
zzz
I think we pick expl. tunnel that has XOR-closest OBEP
orignal
that's not right
zzz
probably not ))
orignal
you shoulkd pick good OBEP instead
orignal
also how about garlic encrytion
zzz
yes we encrypt
orignal
when you send through OBEP
orignal
and now you see that you make the problem for FF worse
orignal
because FF has to decrypt
orignal
and decryption is not free
orignal
unlike in case of direct connection
zzz
maybe my concept not the best
zzz
but let's go back to problem
zzz
why is ff getting 1k connections per minute? Is it attack? bug?
zzz
this is a slow ff. It's not tunnels
dr|z3d
my hunch is attack. try and render the ffs inoperable by swamping them.
zzz
please help investigate orignal
dr|z3d
yeah, orignal needs investigating :)
orignal
what do you want me to investigate?
dr|z3d
super-high connections to newly online ffs.
zzz
maybe it's lookups, not stores
zzz
question is why do ffs get so many connections
orignal
garlics or non-garlics, that's the qeustion
zzz
with 2000 floodfills, they only have 1/2000 of the keyspace
orignal
another question
orignal
how do floodfills fllood?
zzz
so attack or bug or needs tweaks or what
zzz
anyway I added a connection throttle so we're doing to drop a lot more connections especially at startup
orignal
but what's a problem with 1000 connections per minute?
orignal
I don't see something excessive on my floodfiils
orignal
NTCP2 ( 1811 )
zzz
because it quickly drives the router to connection limits, and especially at startup it's using a lot of CPU already
orignal
NTCP2v6 ( 272 )
zzz
not total count but new connection count
orignal
SSU2 ( 1573 )
weko
NTCP2 - 2300
weko
SSU2 - 2100
weko
Looks normal
zzz
as recommendation 2) - limit things
orignal
SSU2v6 ( 392 )
zzz
not total count
zzz
incoming per minute
orignal
you contraict youslef
orignal
<zzz> because it quickly drives the router to connection limits
orignal
<zzz> not total count but new connection count
orignal
please exaplian what's you problem
zzz
right. at 1k/minute we hit our connection limit in 90 seconds
orignal
CPU usage?
weko
My CPU time looks normal, don't see problem
orignal
where?
zzz
weko, "I don't see problem" is not helpful
weko
Yes but maybe it is local?
orignal
in NTCP2? in SSU2? in tunnels? in netdb?
weko
Java only issue maybe
orignal
zzz we need more details from you
zzz
cpu all over at startup as we load everything in
zzz
we have to protect the router at startup
orignal
where does CPU consumtion come from?
zzz
everywhere
orignal
let's not talk about startup
zzz
agreed
orignal
but router running more than 15 minutes
orignal
where is the prboblem?
zzz
let me look
weko
On my router I don't see any anomalies, I think I can't help
zzz
problem is ff with 2000 max connections and is always at the limit
weko
Increase limit? I always have >2000 connections on every transport, before December also
zzz
so is it attack or can we think of concept to reduce ff connections
orignal
for me it's normal behaviour
zzz
15 year old problem, yes. But it's getting worse
weko
zzz: you have big issue with CPU time with this count of connections?
orignal
ofc becuase more routers and more destinatiions now
weko
Have you*
orignal
for me encrypted RouterInfo is more problem than number of connections
orignal
and I have an instant suggestion
orignal
always pefer SSU2 when connect to FF
orignal
another option. can we just drop single garlic to a port without estblishing session?
zzz
we have ssu2 lower cost already
zzz
also, prefer non-ff for tunnels
orignal
I don't
orignal
and I can change it
orignal
think about last idea
zzz
hmm
orignal
UDP packet with garlic in it
zzz
like token request + RI
zzz
interesting
orignal
yes
orignal
not connection and since it's garlic no risk
orignal
so the first thing I can promise is SSU2 poreference for floodfiil connection
zzz
ok. maybe not related to attack, but please research. especially startup issue because there shouldnt be 1k/minute incoming after 3 minutes of downtime
zzz
routers should have given up and tried somebody else
dr|z3d
was seeing something similar in dec. new router, uptime measured in seconds, being hit with 20-40MB/s traffic.
dr|z3d
not a new router, new router session, sorry.
orignal
do you see 1k/minute from the same source?
orignal
if you see incming connections from different source how they could give up?
zzz
no
zzz
I mean they should have given up in the 3 minutes I was down :)
orignal
but if you see from differnt guys
zzz
with my new throttle I'm dropping 2500 connections in the first 10 minutes of uptime
orignal
and what about OBEP?
zzz
I don't know, that's why I'm asking for help ))
orignal
how should OBEP give up if they keep receivein delivery instructions?
zzz
good questions
orignal
encrypted RI is a problem for me
zzz
after startup I'm dropping 1500 SSU2 connections an hour
orignal
I need to rewrite the code to move router's decryption to separate thread
orignal
you have a risk this way
orignal
that floodfills will be hijacked by i2pd )
zzz
i2pd is ~ 33% of network. Let's see what % of inbound connections to my ff are i2pd.
zzz
then we will know
orignal
also please check DHT lookup
orignal
how much it consumes on FF
orignal
and FYI I have commited initial version of tree-based Kademlia
zzz
I;ll have i2pd vs java data in two hours
zzz
almost impossible for me to measure cpu of things on java
zzz
I've been thinking about trees
zzz
I think red/black is the right kind
zzz
what did you do?
orignal
ofc it's very first and non-optimal
orignal
binary tree with 0 and 1 branch based on next bit
zzz
so no balancing
zzz
I was going to write my own but it wouldn't be balanced.
zzz
red/black is balanced and is probably the right choice.
zzz
it's a little complicated so finding a library would be a lot better.
zzz
plenty of implementations out there
zzz
Red/black is what the kernel uses all over
orignal
ni balancing
orignal
just by bits in hash
orignal
look at my implementation KadDHT.h/.cpp
zzz
yeah I see it
zzz
nice and simple
zzz
but I think balancing is a requirement
orignal
I believe even this implemnetation will be fatser than what I have now
orignal
plus there is room for optimization
orignal
getting rifd of recusrion and memory pool
zzz
ofc
orignal
we know that this looks consumes around 25% of netdb thread
orignal
*lookup
orignal
on a FF
zzz
doesn't look like you have find-closest-n-hashes yet? that's the hard part
orignal
why?
orignal
you find first then move 1 level recursin up assuming that branch is not there and try another
zzz
seems like it's not easy to "back out" from the closest to find the n next closest. But if you know how, great :)
orignal
it's the same as you find first closest, remove it and then find closests again
orignal
but ofc you can do it more efficient way
zzz
yeah but then it's O(n log m). Would be good to do it in O(log m)
zzz
but in the "back out" you will have to go down paths in the tree you didn't take the first time
orignal
yes
zzz
search for one you just go down down down
orignal
I have to go up to closest split and take another branch
zzz
search for n you go down down down, then up down up down down etc.
orignal
I know
orignal
I don't say it's optimal
orignal
just better than current dumb implemntation
orignal
that's O(n*m)
zzz
sure
zzz
we are O(m log m) because we just sort them all
zzz
not great
orignal
yes, that's what I mean
orignal
and would be nice how much CPU it consumes on FF
weko
What is m?
orignal
number of floodfiils
orignal
n is number of closests. usually 3
weko
Then algorithm O(log n) or O(n), don't now concretely.
weko
Oh
weko
No
weko
Yes, log m ofc
zzz
we were also doing O(m) for tunnel peer selection and I finally fixed that last month
weko
Good
zzz
baby steps
weko
I don't agree
weko
[15:33:56] <orignal> n is number of closests. usually 3
weko
Or 2, as I know, for selection for local request
weko
Look like O(log m * n ^ 2). Old algo O(m * n^2)
weko
In worst case, ofc.
dr|z3d
htop will give you internal process threads by name, zzz, so if you can provoke the sub-thread you want to monitor to do something demanding for an extended period, you should be able to monitor how heavy it is.
orignal
top -H
orignal
we name threads in i2pd
dr|z3d
same in java.
zzz
y'all are making bad assumptions about where our ff selection code is. Yes I said impossible which ofc is not true. But it is not something I'm going to do. If anybody is interested in researching hot spots in java code, go ahead. I'm busy.
dr|z3d
the throttler, zzz, p=24/128 .. that's a fraction indicating the likelihood the connection will be dropped?
dr|z3d
so 24 chances in 128, essentially?
dr|z3d
I wondering a) how to make that a bit easier to read in the logs, and b) maybe how to do something visual with the stat in the sidebar.
zzz
da
dr|z3d
first should be easy enough, just convert it to a %age. 2nd, dunno. thinking...
zzz
its for me not you
dr|z3d
obviously :)
zzz
turn it into a double and print out 20 digits if you like
dr|z3d
now that would just be silly. :P
zzz
128 uses half the entropy that 100 does, that's why
dr|z3d
> /128 * 100, round to int probably fine.
dr|z3d
ok
dr|z3d
not grumbling, don't get me wrong. it appears to be doing a good job.
zzz
just a micro-optimization but it does make the printout a little wonky
zzz
slight sacrifice in code readability, slight improvement in efficiency, close call
zzz
some other day may have done it the other way
dr|z3d
it's your code, your call to make :)
zzz
thats really what all coding is. you make those decisions almost every line, you just don't realize it
zzz
e.g. do you do A) :
zzz
if (foo.bar() != null && foo.bar().baz())
zzz
or B) :
zzz
Bar bar = foo.bar();
zzz
if (bar != null && bar.baz())
zzz
you make that decision a hundred times a day
zzz
jrandom almost always did A) and there's still a ton of it in there
zzz
I think I usually do B), at least when I'm not in a hurry
zzz
you seem to be usually in the jrandom camp
dr|z3d
I take my lead from whatever's in the code that makes most sense. That's my template :)
dr|z3d
over time I see more and more constructions that I start to understand, and then I might hop onto them.
zzz
idealy you should never do A) without first estimating the cost of bar() and determining it's small
zzz
all that happens in my head in a split second as I'm typing
obscuratus
Jumping into the conversation earlier, do we have an idea how many of our users have internet hardware that can truely handle >1000 conncetions. My computer may think I can handle 1000 connections, but I'm not sure about everything downstream of my computer.
orignal
tcp or udp?
orignal
it's main difference
obscuratus
If you're behind a router, don't both need a NAT table?
zzz
generally the nat/firewall is the constraint, not the computer
zzz
there both table size and table expiration issues
orignal
I would say opposite
orignal
a VPS has good network but weak hardware
zzz
esp. on UDP
zzz
we do periodic SSU pings when firewalled to keep the table entry alive
zzz
it's "weak" CPU because you're sharing it, but there's no NAT table or OS limits issue presumably
zzz
VPSes are designed for web servers
orignal
I would assume VPS as tagret group for floodfills
obscuratus
I guess one of the disadvantages of being an anonymous network is that we have difficulty knowing how many floodfills are VPS.
orignal
how come? you see it by IP range
dr|z3d
depends on the vps plan and the provider, orignal. not all vps' are created equal. some providers massively over-provision, others give you exactly the cores you paid for.
orignal
I know
orignal
let's assume $10/year shitty vps
dr|z3d
then you definitely get what you pay for. aka fuck all :)
orignal
but it's fine for floodfiil
dr|z3d
that said, it's sometimes surprising what you can throw at that class of vps, even if plenty of your cycles are being stolen by other vps processes.