IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#saltr
/2024/05/20
uop23ip ok don't know why, but now it has worked
eyedeekay Currently trying to figure out why I'm seeing issues very similar to snex, I pretty much instantly get gitlab and IRC, others are much harder to find
dr|z3d any sites specifically, eyedeekay?
eyedeekay postman's tracker, stats, and my own site
dr|z3d stats.i2p loads fine here.
dr|z3d idk's homepage, also fine.
dr|z3d tracker2 taking a bit longer than normal.
snex notbob wont load for me either. and i also cant get the update zip from skank
eyedeekay Yeah I'm ssh'ed in to my site's host and it looks pretty normal
dr|z3d tracker2 loaded, notbob, loading, skank.i2p loading.
eyedeekay I have excellent ETBS everywhere, but very poor lookup success at the moment, something seems weird but I'm not sure what's going on yet
snex tunnel build success 98%
dr|z3d possibly related, last time I looked the chinese router caucus were in force.
snex when things were working properly it was always around 70%
eyedeekay Yeah I'm seeing similar, I have pretty low floodfills at the moment too
dr|z3d yeah, looks like less than normal.
dr|z3d smells like a new attack, but hard to say right now what it is.
snex active peers 19. that seems super low
eyedeekay At the moment I'm just looking at what's going in and out of the netDb's on the routers I have access to to try and see some kind of pattern
eyedeekay It does
dr|z3d you can grab the dev update build from gitub, snex. i2pplus.github.io
dr|z3d 19 is super low indeed.
eyedeekay 60 or so for me on the router with the most trouble, 1200 on one which is performing pretty normally
dr|z3d 1.5-3.5K here.
snex ok im gonna install the dev build.. hopefully im back in a bit rather than the hour+ it took before
cumlord Late here but it’s sometimes struggle to keep connected to postman tracker too as Java builds so wonder if it’s something on postman’s end
cumlord Not sure if can adjust http tunnel in snark but i2pd has worked better for that, been meaning to try haproxy to pool for that
dr|z3d Not enough info yet to speculate on possible causes, but whoever was running the attacks probably hasn't gone away.
cumlord Oof things are running at snails pace
eyedeekay rotating the keys on the affected router by setting router.rebuildKeys=true in router.config seems to have helped a great deal
dr|z3d interesting.
eyedeekay Almost instantly, everything came back, peers started going up, that 60ish peer router is now climbing to around 100 in the past 3 minutes since I restarted, hopefully it keeps going up
eyedeekay Might be a coincidence but it makes me wonder
dr|z3d I was looking at graphs on one router, active peers and part tunnels started declining around 4am utc yesterday, slowly.
dr|z3d restarting the affected router appears to have fixed things.
cumlord ah that happened to one of mine yesterday, 80 peers, 20 floodfills, reseeded and it kept dropping
cumlord Restarted reseeded and forced floodfill and it seemed ok
dr|z3d I know i2pd uses gost encryption, but I'm seeing a lot of "Received Lease but can't send to it" recently. Safe to ignore?
dr|z3d appaers mostly from one router, tIQaHP
zzz in OCMOSJ? That would be a to a dest, not a router
dr|z3d Yeah, one shot job.
zzz I output a failure code, do you have that?
dr|z3d the failure code has been translated, that's what you're seeing. "no remote leaseset".
dr|z3d no remote leaseset and unsupported crypto.
zzz those are two different codes
dr|z3d they appear contuguously.
dr|z3d a flurry of those logs at the same time.
zzz you have the dest b32?
dr|z3d maybe, I got somthing here just before those errors that looks super iffy.
dr|z3d this line in the dbstore msg: Public Signing Key: SigningPublicKey EdDSA_SHA512_Ed25519 NIJCjK
zzz canon logs the b32 and reason code in OCMOSJ
dr|z3d yeah, not seeing a dest in those specific entries, just a dropped dbstore just before.
dr|z3d and this -> NIJCjK leads me think they might be related?
zzz dropped a LS store?
dr|z3d if so: wscbuhh4mfilqsjg7b73rknv6d5wrlvxormb7z6yfftgcv4mvzlq.b32.i2p
dr|z3d yeah, Ls2 drop.
zzz that ls looks fine to me
zzz tIQaHP =- wscb...
dr|z3d yeah, I see it in my netdb.
dr|z3d maybe I dropped a dupe.
zzz it's a LS, not a RI
dr|z3d yeah, I got that :)
dr|z3d what I've also got is repeating log events telling me no remote leaseset, so I'm a bit confused.
zzz maybe tweak the logging to investigate further
dr|z3d yeah, ok, good idea, thx.
dr|z3d in other news, ff count is right down here.
dr|z3d until a couple of days ago it was stable at around 1K, now I see it between ~300-500
dr|z3d I know there are a bunch of 2.5.1 ffs that I'm now blocking, but that shouldn't account for the decline in totality.
dr|z3d I was setting the error code for unsupported crypto based on the comment in OCMOSJ. "// shouldn't happen unless unsupported encryption"
zzz well if you're messing w/ error codes I can't help you ))
dr|z3d adding the failure code just so I know if it correlates with the unsupported encryption thesis.
zzz I have 1040-1180 ffs on my fleet
dr|z3d are you running as ff on those?
zzz no I don't run any ffs
dr|z3d interesting.
dr|z3d all the routes with declining ff count are ffs.
dr|z3d *routers
zzz two possiblities then, you're banning them or they're banning you
dr|z3d yeah, will keep an eye on it, report back when I have more info to go on.
dr|z3d totally unrelated, GeoIP.java, I'm now associating Macau with China as per Hong Kong, you might want to do the same.
dr|z3d static {
dr|z3d // To block additional countries b,c,d when blocking country a,
dr|z3d // put the list a,b,c,d for country a.
dr|z3d _associatedCountries = new HashMap<String, List<String>>(3);
dr|z3d List<String> c = new ArrayList<String>(3);
dr|z3d c.add("cn");
dr|z3d c.add("hk");
dr|z3d c.add("mo");
dr|z3d _associatedCountries.put("cn", c);
dr|z3d _associatedCountries.put("hk", c);
dr|z3d _associatedCountries.put("mo", c);
zzz is this based on research into macao?
dr|z3d Macau is a Chinese territory.
zzz any more research than that? ))
dr|z3d Tibet also looks like a likely candidate for association.
dr|z3d only one problem with Tibet, it doesn't have its own country code.
snex as you can probably guess by how long it took me to get back onto irc, the dev build has not solved the issue
snex peers at 36
dr|z3d welcome back!
dr|z3d eyedeekay reported a similar issue on canon, he created a new router id which he said fixed his issue.
snex this may be a totally unrelated coincidence, but this only seemed to start happening after my internet went out for a little bit and when it came back my IP was different
snex how would i do that?
dr|z3d add router.rebuildKeys=true to your router.config and then restart.
snex and this wont affect my eepsites?
dr|z3d you'll come back up with a new router id.
dr|z3d no, won't affect your eepsite, just your router id.
snex ok ill try later after work
snex things seem to be working right now, torrents are up, sites load. but that peer count is still low
dr|z3d yeah, I'm seeing some weirdness here on some routers, so you're not alone.
dr|z3d snex: also seeing what can be improved/relaxed in the dev builds, so keep an eye on those.
Irc2PGuest66955 did we ever figure out why i2p+ supports so many fewer tunnels than i2pd?
dr|z3d no throttling on i2pd, mesh.
Irc2PGuest66955 dr|z3d: the difference is so dramatic tho. i2pd can support 10-20,000 tunnels, while i2p+ struggles to get above 5k
dr|z3d it doesn't struggle.
dr|z3d it's both throttling and being more selective about what it transits. different.
Irc2PGuest66955 dr|z3d: is that... good? Is it silly paying for all these overpowered flood fills if i2p+ isn't going to leverage all the bandwidth and hardware?
dr|z3d depends on your definition of good.
dr|z3d i2p also throttles, because without throttling some routers will consume all available bandwidth given half a chance.
dr|z3d and there are potentially routers out there that are running with the sole purpose of exhausting network resources. so you define good.
Irc2PGuest66955 dr|z3d: is there a way to increase the limits? Or is i2pd just a better fit for these sorts of nodes? I mean I would be happy with i2p consuming 80% of bandwidth. The only reason I pay for these servers is to contribute to the network and learn
dr|z3d you can turn off throttling if that's what you want. see the advanced settings section in /help
Irc2PGuest66955 interesting
Irc2PGuest66955 router.enableTransitThrottle ?
Irc2PGuest66955 if I disable throttling will i2p+ still enforce bandwidth limits?
dr|z3d it will.
Irc2PGuest66955 thanks. let me do some experiments with this setting then.
dr|z3d that setting's largely untested, so let me know how you get on with it.
Irc2PGuest66955 dr|z3d: does i2p+ not have the built in bandwidth test btw?
dr|z3d it does.
dr|z3d try /wizard
Irc2PGuest66955 ok here goes nothing. disabling throttling across i2p+ routers. hopefully nobody dies
Irc2PGuest66955 dr|z3d: you know removing throttling seems to have really improved performance?
dr|z3d no I don't know that. how would I know that?
Irc2PGuest66955 dr|z3d: I guess it's sort of an unexpected result
Irc2PGuest66955 but I am seeing less cpu load, less ram usage, but more transit
dr|z3d if you're happier, great.
dr|z3d give it time to bake in.
Irc2PGuest66955 yeah I may have spoken too soon about less cpu load
Irc2PGuest66955 but these boxes aren't really doing anything but i2p so that's the point