#saltr (irc2p) | I2P+ 2.6.5+ >> i2pplus.github.io | skank.i2p | git.skank.i2p | purokishi.i2p | vituperative.github.io/i2pchat | natter.i2p | notbob.i2p | ramble.i2p | shreddit.i2p | cake.i2p | /msg an op for voice

dr|z3d > IPv6 is going to make blacklisting kinda impractical. Imagine I run some exit and my provider gives me an v6 /64. I could exit from anywhere in that whole /64 range. Trying to enumerate them remotely is difficult (imperfect) for v4, for v6 in would be practically impossible, never mind having to store them in some distributed list, which is kept up to date. I don't think it's going to be feasible ...

orignal do you understand that an attacker can just turn on ipv6 in thier config and that's all?

dr|z3d it's not perfect, but it's "something".

orignal or it was discussed so well that nobody thought about such possibility?

orignal something for what?

orignal asking this question again

dr|z3d let's see what we can do to remedy this.

orignal I've made my changes alerady

dr|z3d what are you up to?

orignal and btw people do host eepistes though Tor

orignal just FYI

orignal github.com/PurpleI2P/i2pd/commit/8d1c18666593cfae9e3585756437b6ea6025ef0f

orignal this change has wider effect

orignal it's mistly against putins of different kinds

dr|z3d ok, looks tight. so any router you can't directly reach is deemed to be running behind a proxy and blocked?

dr|z3d blocked / set unreachable and not used for first hop..?

orignal if my router is in "limited conectivity" mode

orignal and I can't connect to a router I don't consider it as unreachable

orignal and I always talk to floodfills through tunnels in this mode

orignal later I'm going to instroduce "stan" parament to turn on this mode explicitly

orignal *parameter

dr|z3d if (username == stan) {reponse == "fuck off";} ?

orignal if stan = true in config then IsLimitedConnectivity returns true

dr|z3d ok, I think I more or less get your logic, if not the best way to implement that in java. maybe zzz will have some ideas.

orignal I was inspired by you

orignal by question how we handle ygg

dr|z3d If I inspired you, great. No charge :)

orignal and current sistuation with Tor is a good model of Puitin's bahaviour

orignal like you can't connect to all other routers even if they are good

dr|z3d there's another minor issue with ipv6 and Tor..

dr|z3d > * On-disk blocklist supports IPv4 only.

orignal it will not help anyway

dr|z3d here's what an ipv4/6 combined blocklist might look like, if we were able to support ipv6, zzz: cake.i2p/view/ijhABKbDpz_MAJZczQEe1dXNm6Ym5dKcjuwAAZn7m_C7aQ1WAg7B/ijhABKbDpz.txt

dr|z3d though based on what orignal's doing, it sounds like there's a better approach.

orignal times change and we need to assume that i2p can work in -stans

dr|z3d we can support ipv6, we just have to load the addresses into memory.

dr|z3d but I'm with you, let's see what zzz thinks.

orignal again I don't like any central authority at all

orignal better if you implement my method

orignal e.g. if RTT of link if too high disconnect and ban it

dr|z3d as an interim measure, ipv6 tor exits now blocked in the latest + dev build.

dr|z3d orignal: you sorted out + snark yet?

dr|z3d pulling the latest revision recommended, some "new stuff" has landed.

dr|z3d (including more terminal event logging)

darius damn, so ipv6 has secuirty issues due to its large addressing space. limits to growth vibes, its unfair to just say the stans, western countries do their share of suppression and crimes, they also often test policies in in poorer places like "stans" for adoption in their own countres, they just tend to do it in more roundabout ways, but they are no less bad, and some might argue worse because often combined with

darius propaganda.

darius when we talk about "ban"ning servers are these servers that go out of there way to open a connection and then cut communication later, or are these connections that for whatever reason never seem to respond.

darius i would say theres a big difference between the two.

darius the former is a problem the latter? could be a firewall policy to drop packets from a specific ip and not "ban"-worthy

darius when it comes to suppression in the west look on further than assange, claims of "russian meddling" to block the laptop story etc. I'm no trump fan but yeah, jus saying.

darius they were recently biden mental incapacity videoes were russian disinfo also, btw, they were saying it was ai generated, iirc

darius tldr, lives are ruined when people in power lie that's part of the reason i work on tech like i2p

darius Blinded message

darius speaking of updating the geti2p site, anyone in favor of me putting the css rss icon on the geti2p site?

dr|z3d I see someone charged your batteries again, throstle :)

orignal will try today

orignal new word "invisible I2P"

onon_ I3P

onon_ Invisible Invisible Internet Project

dr|z3d looks like you're well on the way with netdb search refactor, zzz. good stuff.

dr|z3d I was going to suggest moving the search stuff to a separate class to make maintenance and the like easier.

zzz yeah after whining about how annoying it was, I just sucked it up and finished it

dr|z3d nice, nice. ping me when it's ready to test.

zzz there's more possible ofc but tried to minimize the diff size

dr|z3d that's the other thing re diff size.. new class, less pain merging :)

zzz it's up for review and ready to test

dr|z3d ok, great. I'll look at pulling it in shortly and let you know how it functions.

onon_ zzz, i have a question

onon_ Is it possible to pass a command from the streams layer in java i2p to change the outgoing tunnel?

onon_ This concerns the client side, in the case when the ACK does not reach the server

zzz no

onon_ Is it possible to make changes in i2cp or use existing mechanisms?

onon_ This is a fairly common problem when the java client stops sending acknowledgments

zzz anything is possible, but somebody would have to make a case for it

zzz haven't seen a major issue here.

onon_ Really? Oh well.

zzz we have the mechanism you're proposing, but it's based on ratchet acks

zzz the client side knows nothing about tunnels, that's the original jrandom design/architecture

onon_ This mechanism probably doesn't work as well as we'd like.

T3s|4 onon_: I have no idea if you're trying to ask a question that you are uncertain of, or trying to advance some speculative postulate. Why not link your proposed solution?

onon_ I see a problem and I'm trying to find a solution. I'm currently interested in snark's functionality, as I don't see any other good solutions in conjunction with i2pd.

T3s|4 onon_: np, and glad you're trying to crack the issue you've found

orignal the question if there is an IPCP message that tells router to change outtbound tunnel - remote leaseset pair

orignal becuase current is suspected dead

orignal as zzz said it can be detected at ratchets level

orignal but ack request is being sent too rare