#saltr (irc2p) | I2P+ 2.7.0-9+ >> i2pplus.github.io | skank.i2p | git.skank.i2p | purokishi.i2p | vituperative.github.io/i2pchat | natter.i2p | notbob.i2p | ramble.i2p | shreddit.i2p | cake.i2p | /msg an op for voice

orignal btw, did anybody check if shit is coming as DatabaseStore or as Garlic?

dr|z3d IterativeLookup ➜ DbSearchReplyMsg from unqueried peer from [MVEnLH] for key [YkbDZ~]

dr|z3d starting to see more of those.

dr|z3d IterativeLookup ➜ DbSearchReplyMsg from unqueried peer from [bmYlGU] for key [vRY~o8]

dr|z3d orignal: that ^ appears to be one method to inject shit into the netdb.

dr|z3d (or try to)

dr|z3d java i2p ignores the request.

zzz search fixes pushed

zzz I think I have things under control on stats.i2p's router, graphs coming back down, 75% client build success, 25% expl. build success

orignal zzz what do you think about signatures of DatabaseStore?

zzz orignal, interesting idea, but:

zzz - as I said the other day, there is no "expected source" of a DSM. It is legal to send DSMs through tunnels

orignal yes

orignal but not flood

orignal right?

zzz - What's unstated is this is actually an elaborate pgp-like web-of-trust scheme. How do I know whether to sign a DSM? How do I know what signatures to accept?

orignal you must flood directly

zzz we'd have to define and maintain a trust hierarchy

orignal so

orignal we have two cases

zzz correct, floods are direct

orignal I create DSR with own RI

orignal I don't sign

orignal 2. I create DSR with someone else's RI. I sign

orignal pretty easy

orignal right now I see only one case for 2.

orignal but later mught be more

zzz How do I know what signatures to accept?

orignal if it's flood it must be direct

orignal I use public key of peer where it come from

zzz I'm very confused

zzz floodfills would sign when they flood?

orignal if signature doesn't match it means that DSM didn't come from flooding router

orignal but though OBEP on it

zzz but you know who your DHT neighbor floodfills are already. They don't need to sign. You know who they are

orignal yes

orignal they sign only when they flood

orignal they sign the fact they recived RI to flood

orignal see the secnario

orignal I receive RI with floodfill

orignal and from another floodfill

orignal how do I know if it's flood or from ir's OBEP?

zzz if it's from a DHT neighbor or not

zzz if the stored RI is in your keyspace or not

orignal an adrvesray can pick OBEP for neighbourhood

orignal that's the problem

orignal ofc RI in my keyspace but fake

zzz that's a lot of trouble, easier to just send it to floodfill and ask him to flood

zzz none of this stops regular DSMs sent to floodfills with reply token

orignal what with reply token?

orignal if an adesray send someone else's floodfill we should reject

orignal that floodfill should reject rather than flood further

zzz no just a normal store of my RI to a floodfill, with reply token (i.e. requesting flood)

orignal we are not talking about normal RI, only floodfills

zzz you mean this is only about when the RI is a floodfill RI?

orignal the attack is about floodfills not regular RIs

orignal fake regular RI could be eliminated easier

orignal our gial is to stop flow of fake floodfiils

zzz so I create a fake ff RI, send it to a ff with a reply token, the ff signs it and sends it to your ff

zzz how does signing help?

orignal you send fake FF, recognizes that it came from connection with another peer

orignal and if no signature or signature failed it drops it

orignal and doesn't flood

orignal it signs it and flood if it's received directly

zzz sending DSM via a tunnel to a ff is legal, there is no "expected source", see my first comment above

orignal then we should make it illegal

orignal FF must talk to other FF only directly. preiod

orignal I don't see a case when it's worth

orignal beside number of connection

orignal but not so many floodfills

dr|z3d we don't allow it, request gets ignored.

dr|z3d re above.

orignal you are back

orignal please exaplian what you mean

zzz it's to minimize connections, and allow storage to incompatible ffs

orignal what is "imcompatible FF"?

zzz if you are ipv6-only how would you store to a ipv4-only ff?

orignal all or them must be reachbale by ipv4

orignal I can't be ipv6-only floodfill

zzz vice versa

orignal all floodfills are ipv4

orignal and they can reach each other directly

zzz then ntcp-only vs ssu2-only

zzz or connection limits

dr|z3d router sends unsolicted dbstore search reply to a query we never sent.

zzz we cannot make stores-thru-tunnels illegal

orignal agree

orignal we can make it illigal if direct connection is possible

orignal dr|z3d thnks. let me check

orignal it this case an adversary can attack only fllodfilld without full set of addresses

zzz so the attacker is a real ff, blasting out to all ffs, signing everything

zzz signing sounds like a complex solution to a simple problem

dr|z3d sorry, I responded with an unsolicited response, I'll step back :)

dr|z3d network flake :|

orignal if attacker is real FF it's another attack

orignal and another model

orignal dr|z3d yes I see what you mean

orignal and I will check what we do with unsolicited replies

orignal if attacker has real floodfill and keep flooding fakes it will be recinized quickly

orignal right now he sits behund Tor and throw his shoit through tuunels

dr|z3d router's hosted on a tor ip?

dr|z3d or rather, routers are hosted on tor ips?

orignal their routers are connected through Tor

orignal or whatever

orignal they are always Firewalled

dr|z3d so, why not make connections over Tor illegal? Just an idea. We do that already.

orignal yes, that was my idea year ago

dr|z3d I saw "we" when I mean I2P+

orignal byut many people are againt it

orignal because many people use Tor to connect to i2p

dr|z3d who cares? we're talking about network health, which trumps everything else.

dr|z3d running routers over Tor just adds latency and unrealiability to the network. there's no benefit to the network.

orignal up to zzz then

dr|z3d and if allowing connections via Tor is giving the attacker cover, then it's one thing we can target.

snex dr|z3d: maybe this is the reason i2p+ users are all saying nothing looks amiss?

zzz let me finish up with idk in -dev and then I'll be back

orignal no problem

dr|z3d snex: not entirely, but it probably doesn't hurt.

dr|z3d snex: if the i2p+ users you're talking to are saying nothing looks amiss, then they're not paying much attention :)

dr|z3d build tunnel success appears to be ok, but the number of banned peers should be way up.

snex my tun suc % has consistently been around 70% and banned is 1800

dr|z3d 1800, or 18000?

snex 1800

snex unless you are cutting digits off in the ui

dr|z3d interesting. are you running as a floodfill?

snex no

dr|z3d ah.

dr|z3d if you run as a floodfill then your view will be different.

snex why would normal users do that?

dr|z3d run as a floodfill?

snex right

dr|z3d there is no "normal", there's just allocated bandwidth and firewall status. fast routers will get opted in over time.

dr|z3d of course you can force floodfill status if you want to, but normally it's sufficient just to let the router decide.

snex if my router is deciding not to be a ff when i have gigabit fiber, its weird that some of the people here on irc would have their routers trying to ff

snex i capped my bw at 3MB/3MB/80%

dr|z3d how many floodfills is the console reporting?

snex 798

dr|z3d I think I added some extra logging to indicate when/why you're opted in as a floodfill, let's see if I can find out which knob you need to tweak.

not_bob Things are better on I2P+, but it's still not great.

not_bob Less than good mostly.

dr|z3d add this line to /configlogging, snex: net.i2p.router.networkdb.kademlia.FloodfillMonitorJob=INFO

snex ok

dr|z3d that should give you a regular report on whether or not you're being recruited as a floodfill, and why/why not.