#saltr (irc2p) | I2P+ 2.7.0-9+ >> i2pplus.github.io | skank.i2p | git.skank.i2p | purokishi.i2p | vituperative.github.io/i2pchat | natter.i2p | notbob.i2p | ramble.i2p | shreddit.i2p | cake.i2p | /msg an op for voice

wellicht reuters.com/world/us-fbi-says-it-foiled-cyberattack-by-russian-hackers-2022-04-06

T3s|4 dr|z3d: did zzz directly bump from -11 to -13? If there was a -12, I must not have noticed it. :)

mesh surprised to see so many i2p routers in china

term99 routers everywhere

mesh interesting that according to stats.i2p/cgi-bin/total_routers_week.cgi

mesh there's 70K routers out there

mesh but just 5 days ago there were 80K routers

mesh that might explain recent connectivity issues

mesh I genuinely wonder if Russia is succeeding in cracking down on I2P routers

mesh for several years now the Russian gov has been looking to block darknets... coindesk.com/policy/2020/03/11/russia-seeks-to-block-darknet-technologies-including-telegrams-blockchain

mesh and they're apparently willing to spend a lot of money to do so

mesh I also wonder what "offline signatures" are

genka I think it's strange that many dests make streams with libreddit.i2p at the same time. for a while it stops, but then the same thing happens again

genka dr|z3d

genka can i2p router make separate dest for each stream?

mesh genka: what do you mean by streams?

genka tcp streams

genka in i2pd i can see them

mesh genka: for a given web site there's only 2-3 tunnels

mesh but your i2pd router may be participating in many, many tunnels

genka wait

genka i will show you

genka ahh

genka how can i share screenshot

genka fileshare.linuxfarm.i2p and cake.i2p just saying The connection was reset

mesh put it on the web

term99 i would either retry a few time or as stated try tor file share or clearnet

genka imgur.com/kT7vhYg

genka see

genka sometimes there are 0 streams

genka and sometimes there are so many

genka like that

genka i think it's strange

genka from different dests*

mesh I don't know why i2pd uses the words Stream. That's strange terminology.

mesh In my router I can look at 'Tunnels'

genka mesh: no, it's not a tunnels

genka it's streams that going through tunnels

mesh Some of those tunnels, called "Service Tunnels", are created for a web server. Others exist for the purposes of routing.

genka i think it's streams cuz of streaming library

mesh I don't think so

mesh I think what you're seeing are called "Participating Tunnels"

genka no

genka it's streams to libreddit dest

genka there i can see my inbound, outbound tunnels, tags and streams

genka for libreddit

mesh you should talk to dr|z3d hehe. There are streams in I2P... I guess

genka i tagged him

genka waiting

genka for the answer

mesh if I remember correctly, within a given Destion/Session you can have multiple streams. This is because you can have multiple client Sockets that were created by the same I2PServerSocket.

mesh And each client I2PSocket attached to a I2PServerSocket which is attached to a Destination is a single Stream

mesh it's possible your website is very popular and has lots of open sockets?

genka hmm, idk, just asked orignal

mesh genka: what did he say?

genka mesh: nothing yet

genka mesh: I came to the conclusion that this is most likely one person accessing the site, but at the same time, his router creates a separate dest for each stream. orignal said it's possible via SAM. but why is still unknown

mesh genka: strange

dr|z3d you can think of a stream as a single connection to a server or resource. for example, when you're viewing a website, your browser will open multiple concurrent streams to download individual resources.

mesh dr|z3d: all those streams travel over a single tunnel though right? So a stream is just a socket?

mesh I think most browsers by default won't open more than 4 connections. The sort of abuse genka was seeing almost looks like an abusive bot.

dr|z3d ordinarily they would travel over a single dest, though for inbound traffic they may use multiple tunnels afaik

dr|z3d 4? 4 is conservative.

dr|z3d > network.http.http2.default-concurrent100

mesh it looks like mordern browsers set it to 8

mesh I would thnink 100 connections from a single client would constitute an attack

dr|z3d that config I just pasted is from firefox for http/2

mesh dr|z3d: I think that's because http/2 can multiplex multiple connextions over a single connection

mesh err multiple http streams

mesh at which point we get a nice inception: i2p sockets multiplexing over a tunnel pool being used by a browser to multiplex http2 streams

mesh (reason #43435667 why http is a terrible protocol. the protocol generates a single request for every resource)

dr|z3d except i2p won't be supporting http/2 any time soon. or ever.

mesh dr|z3d: I don't see why not

mesh it could work I think but it all depends on being able to pass in custom Connection logic

dr|z3d the why not is the requirement traffic happens over https

mesh but you can use ssl over i2p?

dr|z3d you can, but most don't. and when you do, it's self-signed certs only.

mesh I wonder if that's a java implementation though

mesh it should be possible to layer SSL cleanly on top of i2p I would think. These things are supposed to be cleanly layered between a secure layer and a transport layer, with the secure layer generating discreet data for the transport layer

mesh but it would be a lot of work. Somebody would need to write a javax.net.ssl.SSLSocket that is also an I2PSocket

mesh actually it might be easier than that

mesh it might be as easy as taking the SSLEngine and plugging in the socket input and output streams eg: docs.oracle.com/javase/10/security/sample-code-illustrating-use-sslengine.htm#JSSEC-GUID-3DB6AE99-C0BA-49D1-9ABD-DEF439A965E6

mesh I don't think the I2PTunnel does this or has access to any kind of keystore but it probably could be done

mesh sort of thing should be given to a feature bounty program. I imagine some programmers would enjoy the challenge of implementing ssl over i2p

RN remember mesh "somebody should" == "I volunteer to"

mesh I2P doesn't really need SSL. Everything's already encrypted. All that's really needed is a way to attach a Certificate to a Destination

mesh I think this could be done quite easily with a new NetDB entry a la geti2p.net/spec/proposals/123

mesh but I don't think zzz is too keen on the idea

mesh being able to attach real certs to Destinations would be really cool and open all sorts of possibilities

dr|z3d genka: > you can think of a stream as a single connection to a server or resource. for example, when you're viewing a website, your browser will open multiple concurrent streams to download individual resources.

genka i know

dr|z3d you're probably seeing spiders hitting your site using multiple dests to fly under the radar.

mesh dr|z3d: do you know do long lived Destinations offer better connectivity?

dr|z3d you mean persistent destinations?

mesh dr|z3d: yeah I think so

mesh though I imagine even a long-lived transient Destination would enjoy the benefits

dr|z3d the only advantage of a persistent dest for client tunnels is where you need that dest to be fixed to provide access to a service, for example via dest whitelisting on the server, or for custom hostmasks on irc.

mesh dr|z3d: I wonder according to geti2p.net/en/docs/how/network-database

mesh For regular LeaseSets, the expiration is the time of the latest expiration of its leases. For the new LeaseSet2 data structures, the expiration is specified in the header. For LeaseSet2, the expiration should match the latest expiration of its leases. For EncryptedLeaseSet and MetaLeaseSet, the expiration may vary, and maximum expiration may be enforced, to be determined.

mesh Is it possible to customize the timeout of a LeaseSet if you don't expect it to go anywhere for a while?

mesh that document is very confusing btw. I feel like the person who wrote that assumes you already know everything about i2p

dr|z3d you'd need to get clarification from zzz. ordinarily a lease lasts 10 minutes + 1 minute grace period.

mesh ok thanks

mesh well that was fun