T3s|4
dr|z3d: did zzz directly bump from -11 to -13? If there was a -12, I must not have noticed it. :)
mesh
surprised to see so many i2p routers in china
term99
routers everywhere
mesh
interesting that according to stats.i2p/cgi-bin/total_routers_week.cgi
mesh
there's 70K routers out there
mesh
but just 5 days ago there were 80K routers
mesh
that might explain recent connectivity issues
mesh
I genuinely wonder if Russia is succeeding in cracking down on I2P routers
mesh
for several years now the Russian gov has been looking to block darknets... coindesk.com/policy/2020/03/11/russia-seeks-to-block-darknet-technologies-including-telegrams-blockchain
mesh
and they're apparently willing to spend a lot of money to do so
mesh
I also wonder what "offline signatures" are
genka
I think it's strange that many dests make streams with libreddit.i2p at the same time. for a while it stops, but then the same thing happens again
genka
dr|z3d
genka
can i2p router make separate dest for each stream?
mesh
genka: what do you mean by streams?
genka
tcp streams
genka
in i2pd i can see them
mesh
genka: for a given web site there's only 2-3 tunnels
mesh
but your i2pd router may be participating in many, many tunnels
genka
wait
genka
i will show you
genka
ahh
genka
how can i share screenshot
genka
fileshare.linuxfarm.i2p and cake.i2p just saying The connection was reset
mesh
put it on the web
term99
i would either retry a few time or as stated try tor file share or clearnet
genka
see
genka
sometimes there are 0 streams
genka
and sometimes there are so many
genka
like that
genka
i think it's strange
genka
from different dests*
mesh
I don't know why i2pd uses the words Stream. That's strange terminology.
mesh
In my router I can look at 'Tunnels'
genka
mesh: no, it's not a tunnels
genka
it's streams that going through tunnels
mesh
Some of those tunnels, called "Service Tunnels", are created for a web server. Others exist for the purposes of routing.
genka
i think it's streams cuz of streaming library
mesh
I don't think so
mesh
I think what you're seeing are called "Participating Tunnels"
genka
no
genka
it's streams to libreddit dest
genka
there i can see my inbound, outbound tunnels, tags and streams
genka
for libreddit
mesh
you should talk to dr|z3d hehe. There are streams in I2P... I guess
genka
i tagged him
genka
waiting
genka
for the answer
mesh
if I remember correctly, within a given Destion/Session you can have multiple streams. This is because you can have multiple client Sockets that were created by the same I2PServerSocket.
mesh
And each client I2PSocket attached to a I2PServerSocket which is attached to a Destination is a single Stream
mesh
it's possible your website is very popular and has lots of open sockets?
genka
hmm, idk, just asked orignal
mesh
genka: what did he say?
genka
mesh: nothing yet
genka
mesh: I came to the conclusion that this is most likely one person accessing the site, but at the same time, his router creates a separate dest for each stream. orignal said it's possible via SAM. but why is still unknown
mesh
genka: strange
dr|z3d
you can think of a stream as a single connection to a server or resource. for example, when you're viewing a website, your browser will open multiple concurrent streams to download individual resources.
mesh
dr|z3d: all those streams travel over a single tunnel though right? So a stream is just a socket?
mesh
I think most browsers by default won't open more than 4 connections. The sort of abuse genka was seeing almost looks like an abusive bot.
dr|z3d
ordinarily they would travel over a single dest, though for inbound traffic they may use multiple tunnels afaik
dr|z3d
4? 4 is conservative.
dr|z3d
> network.http.http2.default-concurrent100
mesh
it looks like mordern browsers set it to 8
mesh
I would thnink 100 connections from a single client would constitute an attack
dr|z3d
that config I just pasted is from firefox for http/2
mesh
dr|z3d: I think that's because http/2 can multiplex multiple connextions over a single connection
mesh
err multiple http streams
mesh
at which point we get a nice inception: i2p sockets multiplexing over a tunnel pool being used by a browser to multiplex http2 streams
mesh
(reason #43435667 why http is a terrible protocol. the protocol generates a single request for every resource)
dr|z3d
except i2p won't be supporting http/2 any time soon. or ever.
mesh
dr|z3d: I don't see why not
mesh
it could work I think but it all depends on being able to pass in custom Connection logic
dr|z3d
the why not is the requirement traffic happens over https
mesh
but you can use ssl over i2p?
dr|z3d
you can, but most don't. and when you do, it's self-signed certs only.
mesh
I wonder if that's a java implementation though
mesh
it should be possible to layer SSL cleanly on top of i2p I would think. These things are supposed to be cleanly layered between a secure layer and a transport layer, with the secure layer generating discreet data for the transport layer
mesh
but it would be a lot of work. Somebody would need to write a javax.net.ssl.SSLSocket that is also an I2PSocket
mesh
actually it might be easier than that
mesh
it might be as easy as taking the SSLEngine and plugging in the socket input and output streams eg: docs.oracle.com/javase/10/security/sample-code-illustrating-use-sslengine.htm#JSSEC-GUID-3DB6AE99-C0BA-49D1-9ABD-DEF439A965E6
mesh
I don't think the I2PTunnel does this or has access to any kind of keystore but it probably could be done
mesh
sort of thing should be given to a feature bounty program. I imagine some programmers would enjoy the challenge of implementing ssl over i2p
RN
remember mesh "somebody should" == "I volunteer to"
mesh
I2P doesn't really need SSL. Everything's already encrypted. All that's really needed is a way to attach a Certificate to a Destination
mesh
I think this could be done quite easily with a new NetDB entry a la geti2p.net/spec/proposals/123
mesh
but I don't think zzz is too keen on the idea
mesh
being able to attach real certs to Destinations would be really cool and open all sorts of possibilities
dr|z3d
genka: > you can think of a stream as a single connection to a server or resource. for example, when you're viewing a website, your browser will open multiple concurrent streams to download individual resources.
genka
i know
dr|z3d
you're probably seeing spiders hitting your site using multiple dests to fly under the radar.
mesh
dr|z3d: do you know do long lived Destinations offer better connectivity?
dr|z3d
you mean persistent destinations?
mesh
dr|z3d: yeah I think so
mesh
though I imagine even a long-lived transient Destination would enjoy the benefits
dr|z3d
the only advantage of a persistent dest for client tunnels is where you need that dest to be fixed to provide access to a service, for example via dest whitelisting on the server, or for custom hostmasks on irc.
mesh
dr|z3d: I wonder according to geti2p.net/en/docs/how/network-database
mesh
For regular LeaseSets, the expiration is the time of the latest expiration of its leases. For the new LeaseSet2 data structures, the expiration is specified in the header. For LeaseSet2, the expiration should match the latest expiration of its leases. For EncryptedLeaseSet and MetaLeaseSet, the expiration may vary, and maximum expiration may be enforced, to be determined.
mesh
Is it possible to customize the timeout of a LeaseSet if you don't expect it to go anywhere for a while?
mesh
that document is very confusing btw. I feel like the person who wrote that assumes you already know everything about i2p
dr|z3d
you'd need to get clarification from zzz. ordinarily a lease lasts 10 minutes + 1 minute grace period.
mesh
ok thanks
mesh
well that was fun