dr|z3d
have you considered that you could also be contributing to the issue, orignal?
dr|z3d
by not throttling build requests, you're causing i2pd routers to host a huge amount of tunnels that may be better served by other routers on the network.
orignal
it's not related
orignal
ofc I'm controbuting to the issue with new streams
orignal
sometimes like 1-2 MB/sec each
orignal
huge i2pd routers can handle high bandwidth tunnels easily
orignal
Usually "N" Java routers are in troubles
orignal
I think to set min to "O" for client tunnels
orignal
or even to "P"
dr|z3d
not convinced it's not related.
dr|z3d
there's a huge chunk of routers on the network that could be hosting a ton more traffic if i2pd routers weren't hogging it all.
orignal
and why they are not chosen?
orignal
for tunnels
orignal
it must be a reason
orignal
like TBR got declined etc.
dr|z3d
because routers keep requesting tunnels from other routers until they say "you've had enough, go somewhere else" ?
dr|z3d
exactly.
dr|z3d
there are throttles in play on java i2p.
dr|z3d
if i2pd also implemented throttles, then the traffic would be better distributed, and the network would perform better.
dr|z3d
we also implement a percentage of tunnels relative to total count that can be hosted on a single router. do you do that?
dr|z3d
iirc, it's 30% on canon, 10% on plus.
orignal
but why should I trottle if I'm able to handle
dr|z3d
you throttle requests from 1 router, so you're hosting for a more diverse set of routers, and the traffic is better distributed over the network.
orignal
why don't you just change your profiling like "this router accepts too much tunnels"
orignal
but this is not my business
orignal
my business is to day if I can handle a new tunnel or not
dr|z3d
network performance is everyone's business. or should be.
orignal
if you don't like include this factor in profiling
orignal
it is. and I diagree with you
dr|z3d
we got it covered in java i2p, you're the one that's lacking.
orignal
and according to the protocol my reponse should be if I can handle a new tunnel or not
orignal
it's creator's business to decide if they want to build a tunnel through me
dr|z3d
if you don't enforce a per-router limit, then you're likely a bottleneck over time.
orignal
what's a problem with it? tell me please
dr|z3d
network functions best when traffic is distributed over *all* routers with sufficient bandwidth, not a subset.
orignal
I do enforece per-router limit based on my capacities
orignal
networkwide per-router limit is something new
orignal
is it mentioned somewhere in specs?
dr|z3d
we've had it in java for a couple of years or so.
orignal
like "router shouldn't handle more than ..."
orignal
yes or no?
orignal
give me the page with figures please
orignal
otherwise it's pointeless speculation like "it would be nice to have"
dr|z3d
* Count how often we have accepted a tunnel with the peer
dr|z3d
* as the previous or next hop.
dr|z3d
* We limit each peer to a percentage of all participating tunnels,
dr|z3d
* subject to minimum and maximum values for the limit.
dr|z3d
*
dr|z3d
* This offers basic protection against simple attacks
dr|z3d
* but is not a complete solution, as by design, we don't know
dr|z3d
* the originator of a tunnel request.
dr|z3d
*
dr|z3d
* This also effectively limits the number of tunnels between
dr|z3d
* any given pair of routers, which probably isn't a bad thing.
dr|z3d
*
dr|z3d
* Note that the actual limits will be higher than specified
dr|z3d
* by up to 1 / LIFETIME_PORTION because the counter window resets.
dr|z3d
*
dr|z3d
* Note that the counts are of previous + next hops, so the total will
dr|z3d
* be higher than the participating tunnel count, and will also grow
dr|z3d
* as the network uses more 3-hop tunnels.
dr|z3d
*
dr|z3d
* @since 0.8.4
dr|z3d
*/
dr|z3d
I don't think it's spelled out in a spec, but maybe it should be.
dr|z3d
git.idk.i2p/i2p-hackers/i2p.i2p/-/blob/master/router/java/src/net/i2p/router/tunnel/pool/RequestThrottler.java
dr|z3d
and: git.idk.i2p/i2p-hackers/i2p.i2p/-/blob/master/router/java/src/net/i2p/router/tunnel/pool/ParticipatingThrottler.java
dr|z3d
in case you missed..
dr|z3d
> git.idk.i2p/i2p-hackers/i2p.i2p/-/blob/master/router/java/src/net/i2p/router/tunnel/pool/RequestThrottler.java
dr|z3d
and: git.idk.i2p/i2p-hackers/i2p.i2p/-/blob/master/router/java/src/net/i2p/router/tunnel/pool/ParticipatingThrottler.java
dr|z3d
I do something a bit more finegrained, but the intention is more or less the same:
dr|z3d
git.skank.i2p/i2pplus/I2P.Plus/src/branch/master/router/java/src/net/i2p/router/tunnel/pool/ParticipatingThrottler.java
dr|z3d
as for selecting peers for tunnel builds, excluding slower tiers isn't necessarily a bad idea, here's what I do by default:
dr|z3d
private static final String DEFAULT_EXCLUDE_CAPS = String.valueOf(Router.CAPABILITY_BW12) +
dr|z3d
String.valueOf(Router.CAPABILITY_BW32) +
dr|z3d
String.valueOf(Router.CAPABILITY_BW64) +
dr|z3d
String.valueOf(Router.CAPABILITY_UNREACHABLE) +
dr|z3d
String.valueOf(Router.CAPABILITY_CONGESTION_MODERATE) +
dr|z3d
String.valueOf(Router.CAPABILITY_CONGESTION_SEVERE) +
dr|z3d
String.valueOf(Router.CAPABILITY_NO_TUNNELS);
dr|z3d
which works out as not using anything slower than O tier, or anything exhibiting congestion caps, or unreachables.
orignal
it's implemntation
dr|z3d
indeed it is.
dr|z3d
well spotted. :)
orignal
if you do something in Java code it doesn't mean I have to do the same
dr|z3d
do, we're not sending around the spetznax if you don't, true :)
orignal
only specs is common thing
dr|z3d
*no
dr|z3d
*spetznaz
orignal
eveybody is asking
dr|z3d
like I said, it should probably be in a spec somewhere, but it isn't.
orignal
if there are limits where one can read about them
dr|z3d
what I can tell you is that zzz was pretty emphatic when it came to implementing the current iteration of the throttle that it shouldn't be too generous, round about the same time as we were experiencing a sustained attack.
dr|z3d
still, more distribution of traffic across the network, more better.
Irc2PGuest11348
hi folks, congrats on thinking about bandwidth i have personally been interested in what constitutes a fair and balanced bandwidth, i have been experimenting with limiting bandwidth, i personally believe that by default an individual tunnel should not exceed 28kb/s at 28kbps i can stream audio fine, i can even listen to audio at 1.5x speed, which is FAST
dr|z3d
what you consider fast others may consider slow.
Irc2PGuest11348
video? youtube? lol im surprised that it has taken russia this long to block youtube
Irc2PGuest11348
see peertube
Irc2PGuest11348
yes, but for what? do you listen to podcasts at >1.5x speed?
Irc2PGuest11348
what speed do you listen at?
Irc2PGuest11348
i've been able to go to 1.8x on occasion
dr|z3d
try streaming video @ 480p or greater.
Irc2PGuest11348
google is a malignant state propaganda and i love that countries are finally blocking it, again peertube. yes invidious is always attacked by goog cos goog want to know everything everyone is doing at all times to manipulate them. is anyone testing peertube on i2p?
Irc2PGuest11348
y do i need to stream goog propaganda videos at 480p when i can just choose audio or much lower resolution video on peertube. yes, peertube have audio only options, unlike garbage ytube. yes, i know that invidious can offer audio only but again, goog are evil and attack privacy respecting systems and ALWAYS will, the solution is to stop using goog, which i have for moral reasons
Irc2PGuest11348
the sustainable option is limit tunnels to 28kbps but allow multi-stream tunnel option, and test and support peertube
Irc2PGuest11348
over i2p
dr|z3d
we're not all on dialup anymore, throstle, or ADSL :)
Irc2PGuest11348
the main issue with peertube is it requires javascript to do the fancy 'viral sharing' i would suggest that if ppl have javascript disabled then just allow them to dl the vid direct from the i2p server
Irc2PGuest11348
waiting for drzed to come back online to say i meant kilobytes per second not kilobits
Irc2PGuest11348
the main issue with peertube is it requires javascript to do the fancy 'viral sharing' i would suggest that if ppl have javascript disabled then just allow them to dl the vid direct from the i2p server
Irc2PGuest11348
i2peertube
Irc2PGuest11348
nice ring to it
Irc2PGuest11348
i meant *kilobytes* per second, not *kilobits* dr|zed
Irc2PGuest11348
28 kb/s is going to suit most people, but i think its about the culture you create around the internet, if that culture is built on gimme,gimme gimme, then those people are ALWAYS going to fall prey to maligned 24hour news cycle propagande, the type pushed by goog. i would personally not exceed enable multi-tunnel-awareness for that reason
dr|z3d
yeah, add another zero and it might start to look vaguely interested. >200KB/s shouldn't be difficult to sustain.
dr|z3d
*interesting
dr|z3d
(when required)
Irc2PGuest11348
you can be fooled if you watch video, audio is almost always better for determining when someone is trying to pull the wool over your eyes, video distracts the audio perception part of the brain
dr|z3d
a spoon is better than a fork for eating soup.
Irc2PGuest11348
different thing
dr|z3d
exactly.
Irc2PGuest11348
not if what ur eating is poison
dr|z3d
you can waffle on about trickery and all the rest of it, but when people want video, they want video.
dr|z3d
trying to convince them what they really want is an audio track without the video component will just get you laughed at. :)
Irc2PGuest11348
they can have it, but they woud need to either wait for it (WAITING is a welcome side-effect because it allows a person to think about what they are viewing while they are viewing it), or they enable multi-thread-aware tunneling
Irc2PGuest11348
culture , culture, culture
Irc2PGuest11348
goog has u indoctrinatd
Irc2PGuest11348
indoctrinated to expect HD video streams
Irc2PGuest11348
its not going to be the default in the future
dr|z3d
russians want youtube. russians no like when putin block youtube.
Irc2PGuest11348
only because thats where people have been indoctrinatd to use it, thats like saying ppl want fbook, if u take it away and people need to talk to ppl in real life, they might like it
Irc2PGuest11348
indoctrination, and lock in effect is not generally good
dr|z3d
so when is throstle.i2p going live?
Irc2PGuest11348
you mispell, its throttle
Irc2PGuest11348
but i like the idea
dr|z3d
no, it's definitely throstle where you're concerned :)
Irc2PGuest11348
sidethorn
Irc2PGuest11348
Blinded message
dr|z3d
Anomaly has got a site up while he's learning html and css. and you're apparently a bit of a dab hand.. so...
dr|z3d
you're also not shy about expressing your leftfield opinions, so a site seems like the logical next step for you :)
Irc2PGuest11348
🖒
dr|z3d
seeing a fair few routers without a published version right now.
dr|z3d
smells like some sort of botnet/attack.
Anomaly
Irc2PGuest11348: anomaly.i2p/
Irc2PGuest11348
thats c6iu7qmnrcf4au2dq2evvlfuyrorkivoc4iulprvve2ntbeo6xgq.b32.i2p yeah?
Irc2PGuest11348
re possible botnet attack, sounds a bit concerning, yes
dr|z3d
not really, there's a ton of known crud on the network.
dr|z3d
in + and probably canon i2p those routers get routinely blocked.
Irc2PGuest11348
oh ok :)
dr|z3d
in + they're gifted with a ban as well.
dr|z3d
how do you handle routers without a published version, orignal? ban?
Anomaly
yea someday when my eepsite gets bigger i might want to include topics about critical thinking seeing how Irc2PGuest11348 likes to talk about indoctrination. because i consider critical thinking to combat indoctrination.
Irc2PGuest11348
how long? bans worry me mostly because i can imagine it would be easily for a bad actor in high places to poison ip addresses
orignal
good questiion. Need to check
orignal
I think set version to zeto
dr|z3d
so you don't block requests or ban them?
orignal
no, why?
dr|z3d
we're not talking about ip addresses, throstle, we have other checks to validate those, we're talking about RouterInfos.
orignal
version remains zero
dr|z3d
why? because they're obviously dubious.
orignal
I know
Irc2PGuest11348
there comes a limit to what people can reliably know, ie. critical thinking i've found can get you far and then it but today it can't get us all the way, i find there are particular hallmarks and indicators that are important, some people call this the "intuitive" part of knowing. people who focus only on the material and "the science" are often the most easy to indoctrinate, its important to set at
Irc2PGuest11348
least a tiny bit of time aside to actually process in a holistic way, allowing the intuitive information to play a role also.
orignal
because you asked me how ))
orignal
so, you think if version is not presented we consider RI malformed
dr|z3d
yeah.
dr|z3d
it's part of the spec.
orignal
thanks. will change it
orignal
do we have any?
dr|z3d
routers without versions?
orignal
yes
dr|z3d
I'm seeing at least 4/min being logged right now on one router.
orignal
a new attack?
dr|z3d
could be.
orignal
otherwise where they can come from?
dr|z3d
exactly the question I'm posing :)
orignal
how about signature?
dr|z3d
hang on, I'll pm you a list of current suspects.
orignal
if (!m_SupportedTransports || !isNetId || !m_Version)
orignal
SetUnreachable (true);
orignal
nevermind
orignal
I drop such routers
orignal
no need to
dr|z3d
ok, good.
orignal
I also see that my floodfills are too loaded
dr|z3d
remind me, are you throttling lookup requests?
orignal
they are loaded by transit
orignal
yes, I do.
orignal
I send only limited number of requests
dr|z3d
ok, good. :)
orignal
Transit: 76.03 GiB (2312.58 KiB/s)
orignal
Transit: 20.24 GiB (2492.27 KiB/s)
orignal
too much for this time of day
orignal
if it's a new attack, then it's clearly RKN
dr|z3d
RKN?
orignal
Russian authority
orignal
who implements censorship
orignal
and fights with internet
dr|z3d
oh, you think it's a Russki state attack?
orignal
yes
dr|z3d
interesting.
dr|z3d
as attacks go, it's marzipan dildo class.
orignal
because they are agressively fight with VPNs, Tor and other networks
orignal
remember yourube
orignal
also they blocked the Signal in Russia
orignal
yesterday
orignal
or couple days ago
orignal
people complain today that some google services stopped working
orignal
so it's not a questiion if I2P is their target
Irc2PGuest11348
one of my favorite quotes of all time, "They are making you all drunk" ~ Gaddafi (2011)
orignal
the only question when
Irc2PGuest11348
hint, dont try to revive spewtube, try to replace it
Irc2PGuest11348
see peertube
orignal
sheeple needs youtube
Irc2PGuest11348
lool
orignal
because sheeple
Irc2PGuest11348
i refer to one of my favorite quotes of all time :P
orignal
sigal is asking to run proxy signal.org/blog/proxy-please
orignal
for huilostan
zzz
don't know that stan but was reviewing some others
orignal
Signal is blocked in Russia now
orignal
I think we can run a signal proxy through i2p
zzz
should Kyrgyzstan be on our strict countries list? was reading the latest Freedom House report, it ranks pretty low
orignal
seems it's just ngnix with config
orignal
what do you need to know about KG?
orignal
I know one girl from there
orignal
she can answer some question
orignal
but AFAIK no issues there
zzz
can you get arrested for running i2p there? or is it not so bad
orignal
no
orignal
she runs it there all the time
zzz
ok, thanks
zzz
super. I was reading freedomhouse.org/country/kyrgyzstan/freedom-world/2024 and wasn't sure
orignal
"that stan" is Russia
orignal
Huilo-stan
orignal
Huilo is offensive name of Putin
zzz
got it
orignal
so what do you want me to ask her?
zzz
nothing, I was just wondering how bad it is there, but you say not so bad, that's all I wanted to know
orignal
also she is running a marketplace from there ))
orignal
yes, but be aware they are pro-Ukrainin
orignal
hence don't beleive in everthing thye state
zzz
that's pretty obvious, yes
orignal
and again another source about what's going on in Russina IT world is habr.com
zzz
yup
zzz
spent last week finding/fixing major bug, you may wish to check if you have same problem
zzz
published date in LS2 is one-second resolution. we were creating two leasesets in a row with same timestamp.
zzz
and then didn't store the second one locally or send to ff. old LS then expired, takes a couple minutes before we realize it and build a new one
zzz
messy
orignal
but why do you need to create two leasessets in the row?
orignal
anyway let me check
zzz
here's what happens
orignal
so, the resolution is to postpone new one
zzz
1) 2 lease leaseset
orignal
I guess
zzz
2) tunnel test repeated fails on one tunnel
zzz
3) built new LS2 with that tunnel removed
zzz
4) build new tunnel, it happens pretty fast, say 250ms
zzz
5) build new LS2 with the new tunnel and the one old (still good) tunnel
zzz
6) that new LS2 didn't get stored or published
orignal
got it. makes sense
zzz
7) the LS2 with one old tunnel in it expires, but we didn't realize it for a few minutes
orignal
probably have the same issue
zzz
fix: remember last publish timestamp, set new timestamp = max(now(), oldtimestamp + 1 sec)
orignal
and send LS from future )))
orignal
what's your threshold?
zzz
for what?
orignal
for LS timestamp
orignal
when you receive new LS do you check it?
zzz
yes, has to be newer
zzz
the field is 4 bytes, seconds since the epoch, threshold is 1 ))
zzz
I also found a bug where we were checking earliest lease date, not published date, for LS2, which doesn't work for encrypted LS2 because there's no leases to see
zzz
I think these bugs are one cause of IRC2P disconnects/netsplits
orignal
it it's 1 new one will be dropped by receiver
zzz
has to be one second more
zzz
we weren't even storing it locally or even trying to send to ff, we were losing it
zzz
it was happening a few times a day
orignal
how about through existsing connections?
zzz
same problem
orignal
when you receive a LS do you check if i's too old or from future?
zzz
looking...
zzz
yeah we do but it looks like we're using the earliest/latest lease expirations for those checks, not the published time
zzz
may need to add something there
orignal
yes you should but be away abot 1 sec
orignal
Vort also found a bug in peer test
orignal
sometimes Bob chose Charlie while introduction was not complete
zzz
ok
zzz
I'm seeing a lot of tunnel builds finish in only 100-250 ms which is crazy fast, so this very old bug has been getting worse
orignal
what is the bug about?
zzz
the publish date bug above ^^^
zzz
I've also made a change to not put any ElG routers in my tunnels. There aren't any 0.9.59 or older anyway, but in case some clown makes a bunch, I don't want to be sending old-style build messages
orignal
I excluded Elg routers long time ago
orignal
even the code for it
zzz
but you can still handle tunnel build request with the long 528-byte build records, right?
orignal
yes
orignal
but I'm not Elg
zzz
right
orignal
can handle all 3 TBR
zzz
I haven't ripped out any ElG code yet but I'm going to put it on my todo list
orignal
you can't remove it completly because some eepsites
zzz
right, just some tunnel build stuff, not the end-to-end code
orignal
yes, this "modofied" Elg shit
zzz
that modified shit is what made it possible for us to migrate the network safely and successfully ))
orignal
I meant Elg of 512 instead 514 bytes
orignal
e.g. non standard
zzz
dr|z3d, FYI I ran a report looking for signs of the issue postman is reporting (extended total or near-total loss of traffic)
zzz
I took 45 days of logs for stats.i2p (from long before I started working on the yellow tunnel problem, to today)
zzz
and generated an hourly traffic report for each of the 45 days
zzz
average traffic is about 650 req/hr, and not a single hour across 45 days had less than about 40% of average, and all the lowest ones were close to midnight UTC
zzz
which is the typical slowest part of the day
zzz
and I also don't recall ever seeing it happen here. so I conclude it's probably not a canon problem, and my yellow tunnel fix probably won't fix it, although it shouldn't hurt
not_bob
That would explain why I've had issues getting to postman recently.
dr|z3d
strange that it's turned up recently, zzz, without me having touched any relevant code, and I haven't knowingly seen the issue on any of my routers. digging further into it with postman.
dr|z3d
so the current diagnosis is something like this:
dr|z3d
- LS failed to get published, LS gets requeued. Requeue is 15s after fail, with an absolute timeout of 3min.
dr|z3d
LS may fail to get republished a couple of times, and then a newer LS is found and repub is abandoned, and the dest works again.
zzz
sorry crashed. last seen '... something like this:'
dr|z3d
basically we're seeing the LS failed to be republished, then a newer LS is found soon thereafter. got an idea why that's happening, postman's got a new update he'll be testing soon.
dr|z3d
might be that we're being a bit too fascist in our handling of shitty ffs, code was there to weed out the crap when we were attacked last year in the request throttler, so I've commented that out and await postman's report.
dr|z3d
not getting much info when the LS republish fails, not entirely sure how we go deeper into that with the logging in RepublishLeasesetJob.
zzz
ok. interesting. generic advice: develop a theory, prove or disprove, dig deeper or move on to next. good luck
dr|z3d
thanks. yeah, theory is being tested :)
dr|z3d
in + we have red stars in the sidebar when a LS is overdue, not seeing those right now, haven't been hawkishly watching things, but on initial impressions your yellow tunnel patch looks good here.
zzz
if you're banning enough floodfills to blast big holes in the DHT that's a novel way to self-attack ((
dr|z3d
yeah, that did occur to me :)
dr|z3d
gun, meet face. etc.
zzz
seems like graphing the integratedPeers stat would tell you pretty quick
zzz
that graph should be really flat at ~1100 or so, but it'll depend on if you're ff or not and other factors
zzz
re: yellow fix, there's a new log in there in ExpireLeasesJob that's a logAlways(Log.WARN, ...) if it expires a local LS so that's the clue that things went wrong
dr|z3d
ok, thanks, will keep an eye out.
zzz
yup, thx for testing and report
dr|z3d
**** WARNING: Cert pkg-temp/certificates/plugin/cacapo_at_mail.i2p.crt expires in 179d
dr|z3d
all his plugins are defunct now, no? the main one was the b/w manager iirc.
zzz
interesting guy. hope he's doing well. that's the only one afaik