#saltr (irc2p) | I2P+ 2.7.0-10+ >> i2pplus.github.io | skank.i2p | git.skank.i2p | purokishi.i2p | vituperative.github.io/i2pchat | natter.i2p | notbob.i2p | ramble.i2p | shreddit.i2p | cake.i2p | /msg an op for voice

eyedeekay I'm not seeing anything in either blocklist, a bad family key is currently the biggest penalty in the sybil attack tool and possibly the only way to actually hit the threshold

eyedeekay It's the only thing that makes any sense to me so far

orignal it was bad family key

orignal but for 180 days?

orignal just for cyrpto bug?

eyedeekay More like "until a restart" in practice, or at least it should be

orignal then why did you ban IP address?

orignal sorry guys this lead me to make a statment "don't use family at all"

orignal do you undertand that you have made a good powerfull floodfiil unsuable just for nothing?

orignal great job

eyedeekay I am fairly sure that the function that bans them bans by hash and by IP in the sybil tool, which is a flaw IMO, type of ban needs to be situational

orignal and what are you going to do with it?

eyedeekay The sybil tool? Too long to explain here, I've got a gitlab issue for it

orignal if any bug in crypto kicks out a good router?

orignal no with this false ban

dr|z3d Not sure it's a sybil block, I'm seeing it marked as "Blocklist"

orignal and how many good routers did you ban this way so far?

orignal maybe that's the reason why so few floodfills in the network?

eyedeekay I don't know that this is even why it's banned, it's a hypothesis

orignal but who knows?

orignal aren't you the main dev now?

dr|z3d keep your hair on, orignal, we're trying to identify the root cause.

orignal you are still reconsidering Tor exit nodes ban, aren't you?

orignal I will stop paying for 2RRY hosting, that's all

orignal one less floodfiils

orignal and more doubts

dr|z3d you've identified an issue, until fairly recently I had no problem with 2RRY in my netdb, so it's something recent.

orignal and I'm still not convinced it was not done intentinally

orignal as a small revenge

orignal this issue with 2RRY was 3 days ago

orignal and I still have one i2pd transit

orignal and peer tests from i2pd Chalies only

orignal really great job

dr|z3d I don't think anyone was/is trying to sabotage your router.

orignal unfortuannly too many haters of me

orignal and 2RRY is only known my router

orignal because it has family gostcoin

orignal and I didn't hide that it's mine

dr|z3d let's keep it rational. however many haters you have, very few have access to the repo, and even if they do, there's a papertrail.

eyedeekay Revenge for what? Also our fixed blocklists are public and you're not in them

orignal there are many reasons

eyedeekay The explanation has to be a dynamic block from somewhere

orignal maybe it's in the code of new release

orignal keeping rational the source of problem is wrong family signature for short time

orignal due to a bug

orignal that leaded to forever ban

orignal is it normal?

orignal revenge for what? say for bring Tor nodes back

dr|z3d yeah, eyedeekay, possibly dynamic block being wrongly flagged as originating from a blocklist.

dr|z3d a bogus family sig could get you banned, possibly.

orignal *bringing

orignal it might be banned say for 24 hours

orignal it's fine

orignal but not forever

dr|z3d although the ban should disappear on router restart, or after however long the sybil ban persists if it's detected as a sybil.

dr|z3d well, you're not in any blocklists, so you're not banned forever.

eyedeekay I have no hostility toward Tor exit operators and finding a way to coexist on Tor exits is IMO overwhelmingly a good thing

orignal almost

orignal I'm not going to pay for hosting that doesn't work

eyedeekay I agree that a broken family key should warrant a shorter ban time, especially because it will just be re-checked after the ban and if it's still broke, re-ban

eyedeekay Not a big deal

eyedeekay To change that behavior IMO

orignal than it must be fixed as son as in 2.7.1

eyedeekay Is your family key fixed?

orignal The Tor issue is easy. They can be back now

orignal yes, 3 daysa ago

orignal alomost immediately

eyedeekay Then the bans will be lifted as people restart their routers, I can't do a 2.7.1 over this right now

eyedeekay There's a whole refactoring of the sybil tool that needs to happen before it can be aware of what ban-point sources are significant

orignal I will shut it down by that time

eyedeekay The Debian people will probably never ban you at all, nor will the Android people

eyedeekay Because they will all restart **after** your family keys were fixed

dr|z3d as soon as the ppa is up and running, you'll likely have most of your connections restored, orignal.

dr|z3d and what eyedeekay said.

orignal no

orignal I don't see any improvement in few days

dr|z3d thing is, I can't see you in every other router where you're not banned.

dr|z3d so maybe the issue is you, not us.

orignal no it's Java code issue

orignal and you have banned bunch of other routers thsi way

orignal I'm pretty sure

orignal NOTHING should be banned to more that 72 hours

orignal if it;s not obvious for you

eyedeekay They would have to all be using bad family keys, which sounds absolutely absurd

orignal because the intgernetal changes quicly

orignal who knows how many other woirng reaosns you had

RN so, it requires user intervention to reset sybil bans, or just a restart? can I just look in the sybil page for "2RRY" so see if mine shows it as banned?

orignal then pelase tell me the reason

orignal you can't even tell the reason how do you know?

eyedeekay There is currently only one way to reach the 50 point threshold without running a router with a significant misconfiguration of a family key

orignal then it's dumb and must be fixed ASAP

orignal *** afk ***

eyedeekay Why? I'll concede the point about the ban times, but just don't misconfigure your family keys.

eyedeekay Just a restart RN

eyedeekay I do not have you in my sybil bans

dr|z3d in + you can delete the sybil blocklist, but you'll need to restart. you may also need to delete the sybil blocklist in canon to make sure it's gone.

dr|z3d I'm not convinced it's a sybil issue, however.

eyedeekay ^ again, we're still not sure that's what this is. I'm simply defending a hypothesis

dr|z3d I think it might be an issue with orignal's router, no matter how much he protests.

eyedeekay In fact I can't find him in a banlist on any of my routers, and I see 2RRY on about half of them

dr|z3d I only saw him in one, on 4 other routers I can't find him in the netdb.

dr|z3d *3 other routers.

eyedeekay 2/5 here, so not that different

dr|z3d maybe i2pd has inadvertently developed an allergy to java routers :)

eyedeekay I must confess I am over the sybil ban hypothesis

eyedeekay That seems unlikely at this time

RN not on my sybil blocked

mareki2p Hi, I created an issue for the Launch4j project related to my problem running the i2p installer: sourceforge.net/p/launch4j/discussion/332683/thread/b79fef5c2a

dr|z3d nicely done, mareki2p

dr|z3d let's hope they're responsive.

dr|z3d which reminds me, do you want to try building with ant installer, eyedeekay, or a recent java, and see if you have issues with izpack?

dr|z3d *on a recent java

mareki2p This is caused by me, if some software supports both an installer and a zip distribution, I always choose the .zip one. Normal people would have Java installed thru .exe or .msi installer and there would be no problems locating Java from Launch4j.

mareki2p I can try building the i2p installer from sources, I have Ubuntu machine over here. Just tell me what to do.

dr|z3d what does 'java -version' tell you mareki2p?

dr|z3d make sure you pull the latest + if you're testing plus, otherwise for canon i2p, just run ant installer

eyedeekay Does he need to do the IzPack5 install with +?

dr|z3d no, we're specifically testing what's in the repo.

dr|z3d and I think they may have fixed the issue in izpack5.

eyedeekay OIC

dr|z3d that's why I'm asking if you get issues with 'ant installer'

dr|z3d assuming you're building locally with a recent java.

mareki2p $ java -version

mareki2p openjdk version "21.0.4" 2024-07-16

mareki2p OpenJDK Runtime Environment (build 21.0.4+7-Ubuntu-1ubuntu222.04)

mareki2p OpenJDK 64-Bit Server VM (build 21.0.4+7-Ubuntu-1ubuntu222.04, mixed mode, sharing)

dr|z3d ok, try any installer from + and canon workspaces, if you have both of those.

dr|z3d (rememeber to git pull on the + repo first)

mareki2p Build failed: java.lang.NoClassDefFoundError: java/util/jar/Pack200

dr|z3d on canon?

dr|z3d canon == not +

mareki2p That was on the I2P.Plus repo, build failed on the i2p.i2p repo, different error: java.lang.ExceptionInInitializerError, at net.sf.launch4j.ant.Launch4jTask.execute(Launch4jTask.java:82), Caused by: java.lang.reflect.InaccessibleObjectException: Unable to make field protected volatile java.util.Properties java.util.Properties.defaults accessible: module java.base does not "opens java.util" to unn

orignal eyedeekay can you give me a favour?

orignal remove gostcoin's cert from the package

orignal dr|z3d which issue?

orignal the only issue was worng signature 3 days ago

dr|z3d mareki2p: did you git pull on + before you built?

orignal you don't see it because it's banned by other Java floodfiils

dr|z3d [ ] yes [ ] no (Tick one box only)

mareki2p Yes, the latest version from git. commit id 562e6dfe0dfc6c51457cf7565f06296fb9dd7ee8 in the i2p.i2p repo and commit id 0c47b7ea1369d661ea08f7109d153c7df51e5c52 in the I2P.Plus repo.

orignal but again I see it on all my routers

orignal_ soo

dr|z3d mareki2p: in the +_ workspace, try ant distclean && ant installer

orignal_ again please remove gostcoin.crt from the ceritifactes

dr|z3d I've just successfully built on openjdk version "23" 2024-09-17

orignal_ 2. family code will be removed from ip2d code completely

orignal_ e.g. it will not be supported at all since Java react so inadequate

orignal_ 3. All routers responding with code 69 will be banned

mareki2p I always start from clean slate, meaning git clean -dfx && git reset --hard. Do I need to install some dependency?

orignal seems I2P has too many good floodfills to throw the away

dr|z3d a clean slate won't cleanup files ignored by git.

dr|z3d hence ant distclean

mareki2p After distclean same build error.

dr|z3d ok, where are you pulling from? don't tell me, gitlab?

orignal why do you need to fix it? because it's your fuckup

dr|z3d you need to calm down, orignal

orignal no

orignal I said what I said

orignal the only thing I need from you now is removing goistcoin cert

mareki2p $ git remote get-url origin

mareki2p gitlab.com/i2pplus/I2P.Plus.git

mareki2p I guess I need to add some xxx.i2p domain, righ?

orignal is it possible to do it for 2.7.1?

dr|z3d no, just pull from github.

dr|z3d gitlab is currently non-functional.

orignal <eyedeekay> Why? I'll concede the point about the ban times, but just don't misconfigure your family keys.

orignal calm down after such statment?

orignal you guys are all insane

dr|z3d we haven't identified the root cause of your issue, orignal, and neither have you.

orignal idk said clearly

orignal and I agree

orignal it's worng family signature that produced 180 days ban

dr|z3d eyedeekay doesn't know, he was speculating. and he's probably wrong relating to a sybil-level ban. so we _don't know_.

orignal are you going to fix it? no

orignal I run 2RRY for stress test of serious load

dr|z3d your router is not very visible right now, for whatever reason.

dr|z3d like I said, mostly it just doesn't appear in any of my routers' netdbs.. no bans, just no 2RRY.

orignal no transit no load not reason to run it at all

dr|z3d 180 days ban is boilerplate.

orignal_ do you afree it must be fixed asap

dr|z3d those bans don't persist beyond a restart unless they're in a blocklist.

orignal_ ?

dr|z3d and afaict, your router isn't in any blocklist.

orignal_ and?

eyedeekay No, because the evidence currently supports not a sybil block

dr|z3d so we haven't actually established anything yet.

orignal_ eyedeekay will you remove gostcoin.crt?

dr|z3d and you throwing a tantrum isn't much helping shed light.

mareki2p Build succesful.

orignal_ eyedeekay then it's even worse

dr|z3d there we go, good.

orignal_ because you don't even know

dr|z3d orignal_: have you ever had bugs in your code that aren't immediately obvious?

orignal and I'm asking again

orignal how many good floodfiils did you lose becuase of this?

orignal dr|z3d that's why this bug must be investigated shortly

orignal the only sure thing it start happening after inccorect signature

onon_ Guys, I think you need to add to the check code: if (RI == 2RRY) to exclude him from the ban list

orignal of afer the releaae

orignal onon_ no

orignal it's not about 2RRY

onon_ For any reason

dr|z3d that's what we do, orignal, we attempt to identify issues and their root cause when they're reported. we just prefer not having to deal with people throwing tantrums.

orignal the problem is not 2RRY

orignal the problem is your code

orignal that might causes issues

dr|z3d mareki2p: can you do idk a favor and copy /installer/lib/izpack/standalone-compiler.jar from + to canon and see if canon compiles.

mareki2p will do...wait

orignal unless it's confirmed it was just new release, I will remove family code anyway

orignal useless features causes many troubles

mareki2p No, both before copying that .jar nor after the i2p.i2p repo doesn't compile.

dr|z3d ok, thanks. one for the canon folks to investigate then.

mareki2p Do you have GitHub actions CI?

dr|z3d I do, but currently it's "in flux".

dr|z3d it needs to copy the artifacts to a specified folder after they're built so I can serve them via github pages, but it's not playing ball.

orignal I need to decide soon if I put 2RRY down or not

orignal it's about payment for that VPS

orignal that's the commit github.com/PurpleI2P/i2pd/commit/2321a897f5ec89ab18f8b206c7191293ece0df3d

orignal fixing that problem

orignal it was 4 days ago

orignal as I see Java release start rolling out yesterday

orignal meaning that most of Java router had to restart after

orignal therefore what's going on?

dr|z3d no, ppa routers which are the bulk of canon i2p routers won't have updated yet.

orignal then accroding to eyedeekay I should see an improvement in few days

eyedeekay And won't be updated until tomorrow at least, I have currently 4 arches to wait on

dr|z3d no, forget what eyedeekay said. we don't know what the issue is. it's not sybil detection, and it's definitely not an issue with any blocklist.

orignal then why IP address? and only ipv4 as I understand right

dr|z3d what I want to know is why 2RRY is failing to show up in my netdbs.

orignal because it's banned on other floodfiils

dr|z3d that I also don't know, that was an outlier on a single router. why it was reported as being in a blocklist when I couldn't find any mention of hash or ip I don't know.

orignal why peer test returns code 69?

orignal why it's connect to i2pd only?

orignal and why all other my routers with same code are fine?

dr|z3d let's assume that your family fuckup has caused a temporary ban on some routers. if that's the case, it should resolve in time without further intervention.

orignal yes, me expectation like 24 hours or so

mareki2p The failed build on GitHub's Ubuntu 24.04: github.com/mareki2p/i2p.i2p/actions/runs/11310259494/job/31455103566

eyedeekay dr|zed where's your pages CI file, I could take a look?

orignal more funny

orignal most of my node are connected with it

dr|z3d eyedeekay: this is what I'm wrestling with right now: github.com/I2PPlus/i2pplus/blob/master/.github/workflows/ant.yml

dr|z3d orignal: you can keep your vps running, it'll sort itself out.

orignal if it's banned on most Java routers no reason to keep it

dr|z3d eyedeekay: I wanted to keep a separate branch (artifacts) that copies to builds/ so that i2pplus.github.io/i2pplus/builds/{artifact} is available. that's the plan.

orignal I don't need it without high load

dr|z3d it will sort itself out. patience, young jedi.

orignal I don't see any improvements in last 3 days

orignal it's around 1/3 of normal load

dr|z3d most of the canon i2p network hasn't migrated to 2.7.0 yet, as mentioned, that's waiting for the PPA build.

orignal and bunch of error 69 for peer test

dr|z3d if the ban is session-persistent, then you'll need to wait for the routers to restart.

orignal but the release is rolling out

dr|z3d NOT YET PPA.

dr|z3d PPA = majority of java routers.

orignal let me check stats.i2p

orignal well 15% only

orignal than let's wait until 40-50%

dr|z3d yes, let's!

orignal one more week

dr|z3d crack open a packet of chocolate potato chips, pour yourself a vodka, and relax.

orignal and if no improvement put it down

orignal maybe started it somewhere else later

orignal but without family

orignal how can I send GHOST command?

dr|z3d Blinded message

orignal thanks

dr|z3d you may also fine nickserv release helpful on occasion. /msg nickserv help release

dr|z3d *find

orignal wondring why no ghosts at ilita?

dr|z3d you usually only see ghosts when you restart i2p without /quitting first.

orignal I use znc )))

orignal but see here

dr|z3d you're not alone.

orignal and never at ilita

orignal why?

dr|z3d I don't know. I've got a question for you. snark+ yet?

dr|z3d :)

orignal no, I was busy in something else

orignal will try tommorow

dr|z3d yeah, busy harassing us.

dr|z3d :)

orignal harrassng?

dr|z3d as I mentioned before, just extract the zip over your existing installation.

dr|z3d you can always do the same with canon snark to revert. no need for multiple copies.

orignal does it accpet i2p.streaming.profile=2 now?

dr|z3d you asked me that yesterday, and I told you "YES!"

dr|z3d be sure to git pull before you build.

orignal don't remember )) probably I was drunk ))

dr|z3d are you drunk now?

orignal no

orignal I don't remeber I was here yesterday

orignal was I?

dr|z3d that's unfortunate, we could have put your tantrum down to too much potato juice. oh well. maybe now's a good time to drink some :)

orignal so about harrassing

orignal seems I have found a serious bug

orignal and it's lucky it affected me

dr|z3d yeah, it's one of those pebcak bugs.

orignal so I brought it in

orignal to investagate

orignal other people don't understand what's going on

dr|z3d presumably the only person having this issue is you?

orignal and I receive complains often about low transit

orignal many compains from many people

orignal looks like Java bans i2pd nodes often

dr|z3d you can't serve more traffic than occurs on the network. rule #1.

orignal I'm only person who is able to understand what's going on

dr|z3d as for banning i2pd, no, that's something we haven't established. routers with fucked family certs, otoh...

orignal not intenially

orignal but for some logic that contains a bug

dr|z3d we haven't established that, either. perhaps we're a bit too strict with fucked family certs, that's something to look at.

orignal in my case it was fucked family cert for sure

orignal but for short ime

orignal *time

orignal people compian about few hunreds Kbs transit on XR routers

dr|z3d sure, we'd like to see more. but if not much is happening on the network, there's not so much traffic to route.

orignal also another version

orignal maybe Java node bans 2RRY because it's partcipates too much

orignal if I remeber it was your idea

dr|z3d unlikely.

dr|z3d for a router to be banned for requesting too many transit tunnels, it first has to ignore the fact that its requests are being rejected and keep requesting a ridiculous numner of tunnels.

dr|z3d on canon, it's just rejected.

orignal no, it's not requisting it's accepting too much

dr|z3d "it's accepting too much"

dr|z3d look at what you just wrote. :)

dr|z3d if it's accepting too much, fix it.

orignal why? if it can

dr|z3d you just said it was accepting "too much". too much == needs fix.

dr|z3d we've had this discussion before. setting a limit on individual routers results in better distribution over the network and more heterogenous tunnels.

dr|z3d it also means you're less likely to get rejected when requesting tunnels.

dr|z3d so the whole network operates more smoothly.

dr|z3d everyone wins.

dr|z3d you also protect yourself from abusive routers.

orignal we need to think about loops

dr|z3d sure, that's a good topic. let's wait to see what zzz has to offer on the matter.

dr|z3d I see you, orignal

dr|z3d you're back in my netdb.

dr|z3d LeaseSets: 346 Routers: 15463 First heard about: 62 min ago Last heard about: 23 min ago Last heard from: 5 sec ago

orignal because you have restarted

orignal ?

dr|z3d I did restart, but before that I wasn't seeing your router in my blocklist.

orignal java routers keep updating

orignal I see now half of usual transit

orignal however this problem is still not identified I guess

dr|z3d I think we identified the issue.

dr|z3d The issue was your fucked family cert. It probably resulted in a session ban.

dr|z3d So if there's any issue at all, it's the length of the ban. That's my hypothesis, anyways.

orignal no the issue is why it was banned for 180 days

orignal and IP

orignal I'm wondering what would happen if RI has wrong signature for example

dr|z3d I told you, 180 days is boilerplate.

dr|z3d 180 days means "180 days OR until the router is restarted"

orignal so the issue not what tiggered it

orignal but why such consequences

orignal people don't restart routers for months

orignal it's ot a point

dr|z3d yeah, we also discussed this. the ban may be excessive, it'll get fixed.

dr|z3d once I've had time to locate the specific ban code, I'll do a 4hr ban.

orignal but it's not identified why

orignal we don't have such code in i2pd )))

dr|z3d that also needs fixing, it shouldn't be indicating blocklist.

orignal as I said, I will remove family code completely

dr|z3d no, you don't ban and let all manner of morons route traffic through you :)

orignal much easier

orignal I do ban a lot of shit

orignal say duplicates

orignal or false IPs

orignal if publuished IP doesn't match actual one

orignal but again I ban for 72 hours max

orignal not forever as you do

dr|z3d sure, that's something we can review.

orignal I have an idea how to solve this loops issue

orignal we need to store ident where TBR came from with tunnelID

orignal then we check if it's from another address drop it

orignal ofc not for IBGW but it received TunnleGateway msg

zzz re: 2RRY, rekey and change port, done and done

orignal zzz, they banned IP address

orignal that's the problem

orignal it means I have to ask hoster to assign another IP

orignal anyway better to talk with you about loops

zzz the only report we have of banning is from dr|z3d ? did he report IP is banned? how do you know?

orignal yes

zzz I thought he said IP was not banned? it's a lot of backlog

orignal <dr|z3d> ➜ Blocklist: 193.38.54.107

orignal that's the main problem

orignal also I saw code 69 in peer tests

dr|z3d only saw it banned on 1/4 routers.

zzz change port and rekey, see what happens

dr|z3d couldn't find it in blocklists, so I'm guessing the reason for the ban was misreported.

dr|z3d you're suggesting orignal rekey.. he has an emotional attachment to his router hash :)

orignal maybe later next week

orignal no, you didn't

dr|z3d no I didn't what?

orignal since it was banned by IP

orignal you didn't suggest rekeying because it's useless

dr|z3d I was talking to zzz in response to his comment "change port and rekey, see what happens"

zzz maybe only i2pplus banned you, maybe only some of them

orignal and no I didn't emotially attachem to router hash

orignal maybe

orignal by IP maybe

orignal by hash definitly not

orignal many Java routers did

orignal let's see how it will go next week since routers are going to restart due to the new release

orignal however it would be nice to know what caused it

orignal loops however is more imporant topic

orignal assume better scenarion

zzz if your #1 priority is having your router used for ff and tunnels, then stop what you're doing, change port and rekey

orignal tunnel ->A->B-C->D->

orignal and D's next tunnel id is tunnel id at B

zzz what caused it is you messed up the family sig, that's what you said? nothing to research. you did it.

orignal no, it's not #1 priority

orignal I just want to see things sorted out because it might affect other users

orignal what caused bad forever?

orignal that's my question

dr|z3d private void banlist(Hash peer, byte[] ip) {

dr|z3d if (!_haveIPv6 && ip.length == 16) {return;} // Don't bother unless we have IPv6

dr|z3d String sip = Addresses.toString(ip); // Temporary reason, until the job finishes

dr|z3d String reason = " ➜ " + _x("Blocklist") + ": " + sip;

dr|z3d if (sip != null && sip.startsWith("127.") || "0:0:0:0:0:0:0:1".equals(sip) ||

dr|z3d sip.startsWith("192.168.") || sip.startsWith("10.") ||

zzz one banned router out of thousands and thousands doesn't affect anything

dr|z3d (ip != null && ip.length == 4 && (ip[0] * 0xff) == 172 && ip[1] >= 16 && ip[1] <= 31)) {

dr|z3d // i2pd bug, possibly at startup, don't ban forever

orignal 5-th day and only littelt improvement

dr|z3d _context.banlist().banlistRouter(peer, reason, sip, null, _context.clock().now() + Banlist.BANLIST_DURATION_PRIVATE);

dr|z3d return;

dr|z3d }

orignal zzz, people compalined about low transit

orignal on thier routers

orignal it might be the same cause

zzz did they all have bad family sigs also?

dr|z3d *** chuckles. ***

orignal 2RRY works fine just lower ransit and sometimes failures of peer tests

orignal no

orignal but we don't know the whole logic yet

orignal my question is not why it's banned

orignal my question is why it's banned for long time

zzz re: research and "whole logic", work with dr|z3d on that, it's his router that banned you and his code. He's tweaked everthing, especially on banning. I can't help you.

orignal yes, and I'm not askign this question to you

orignal idk should take care

orignal I can collect router hashes retuning code 69 and see what's that

orignal so let's talk about loops

zzz ok, please restate the scenario briefly

orignal <orignal> tunnel ->A->B-C->D->

orignal <orignal> and D's next tunnel id is tunnel id at B

orignal an advesary drops a message into such tunnels and it's in loop for 10 minutes

orignal be back in 15 minites

dr|z3d I think the reason orignal's ip was reported as being in the blocklist was the temp reason code.

dr|z3d String sip = Addresses.toString(ip); // Temporary reason, until the job finishes

dr|z3d String reason = " ➜ " + _x("Blocklist") + ": " + sip;

dr|z3d that's the only thing that makes any sense to me, and even then, I'm not entirely sure it makes sense, since it's not pulling the ip from a blocklist.

zzz orignal, you've researched this loop scenario and confirmed i2pd is vulnerable?

dr|z3d orignal was speculating that the excessive bandwidth we saw at the beginning of the year might have been a result of tunnel "loops", though I'll let orignal answer your question.

orignal zzz, I think so

orignal this scenario is mine now

orignal see, A can't handle TunnelGateway

orignal but B can handle TunnelData as long as it can find tunnel id

orignal it just add encryption layer and sends to C

orignal so this loop can be stopped only after 10 minutes

orignal but my question to is about timestamps in TunnelData msgs

zzz what about them

orignal does tunnel participants assigns actual timestamp or copied it from incoming TunnelData?

zzz what do you do

orignal former

zzz is this a new topic? I thought we were talking about tunnel build loops

orignal so, my proposal is save router hash where TBR came from with a tunnel

orignal yes tunnels loops

orignal that's about it

zzz you can't have tunnel data msgs until the tunnel is built ))

orignal why?

orignal tunnel participant don''t know if tunnel was built or not

orignal they only have a record with tunnelid

orignal why timestamp?

zzz ok, right, but at least everybody has to agree

orignal if we had a timestamp assigned by IBGW we could drop it by timeout

orignal but it's bad idea

orignal no

orignal that's my point

orignal A,B,C,D agreed

zzz so fix that. you can't fix it with timeouts

orignal D sends back to A

orignal this record contains new tunnel id and A accepts it

orignal bue next tunnel id for D contains first tunnel id at A

orignal how do you handle it?

orignal I suspect you have the same issue

zzz doubt it

orignal timeout is wrong idea

orignal please exaplain what's wrong in this sceranio

orignal D doesn't know what's inside the next record

orignal advesray doesn't need a successufull tunnel

orignal he only need a loop to flood routers

zzz so fix your loop

orignal please explain how

orignal what do I do if I'm B or D?

orignal I never know if it's loop

zzz check for dup tunnel IDs? bloom filters?

orignal no dup tunnel ids

orignal every TBM record contains unique tunnel id

orignal and nexttunnelid for A and for D are same

zzz <orignal> <orignal> and D's next tunnel id is tunnel id at B <--- that sounds like a dup tunnel id to me

orignal no. nexttunnleid is a fieild in D's tunnel build record

zzz so that's a dup for B, right?

orignal and tunnel id is in B's record

orignal no dup

zzz but B will get the TBM for that tunnel ID twice, once from A and once from D?

orignal B receive two records with difefrent tunnel id

orignal no

orignal they will be different

zzz <orignal> and nexttunnelid for A and for D are same

zzz I'm very confused

orignal see, D had a fiild "next tunnel id"

orignal he sends next record to A

orignal every TBR contains two fields

orignal tunnel id and next tunnel id

orignal right?

zzz yes

orignal next tunnel id = tunnel id in next peer

orignal right?

zzz yes

orignal but it's set by tunnel originator

zzz yes

orignal what if adverasy breaks this rule?

orignal he set next tunnel id to tunnel id for first occurence of B

orignal and unique tunnel id for TBR for secnd accorence of B

orignal in this case B will receive two different TBRs with different tunnel id

orignal no when message goes through tunnel

orignal D will send it back to B wihh tunnel id that was alerady used

orignal B thinks it's a new message and send to C, C send to D and D sends back to C

orignal the loop gets formed

orignal be back in 2 hours. please think about this scenario

zzz I'm going to need a picture, I've had plenty of coffee and still stumped

orignal ofc. the key thing is worng next tunnel id at D

orignal *** afk ***

zzz I need the ids for the TBM

zzz A: id=1 nexthop=B nextid=2

zzz B: id=2 nexthop=B nextid=3

zzz *B: id=2 nexthop=C nextid=3

zzz C: id=3 nexthop=D nextid=4

zzz D: id=4 nexthop=B id=5

zzz B: id=??? nexcthop=??? nextid=???

orignal и TBR D: id=4 nextHop=B id=1

orignal B: id = 5 OBEP no next hop

orignal soory D: id=4 nextHop=B nextid=2

zzz if B is java i2p that's not going to loop for multiple different reasons

zzz - if B id 5 is an OBEP it's not going to infinite loop

zzz - D to B on id 2, B will drop it because 'mid tunnel injection' check

zzz - will the D->B layer keys be the same as the A->B layer keys? depends how the KDF works

snex dr|z3d: gitlab says latest commit is 3 weeks ago. shouldnt there be newer stuff? trying to work on the snark infobar

dr|z3d snex: use github, not gitlab.

dr|z3d gitlab locked me out.

dr|z3d (and won't send a password verification e-mail)

snex link?

dr|z3d github.com/I2PPlus/i2pplus

snex 👍️

orignal please explain why B will drop

orignal layer key doesn't matter

orignal B id 5 is OBEP but TunnelData will never come to tunnel 5 it will always come to 2 from D

orignal why layer key will be the same? You have different ephemeral key for first and second occurence of b

snex lol... i added a torrent so thered be an infobar and now the page is just blank white. dafuq

dr|z3d try ant distclean before building.

snex the html is loaded, not sure why browser wont display it

dr|z3d have you just copied over the .war file or?

snex oh what the fuck... body display:none; was set somehow??

snex yeah the .war

dr|z3d you'll need to copy over the .jar file as well.

dr|z3d ignore body styling, nothing to do with the issue.

snex oh right i have an older v of that

dr|z3d build -> i2psnark.jar -> i2p/lib/

snex why would it set body display:none tho

dr|z3d so that the user's presented with a completely rendered page.

dr|z3d (see the bottom of the page before </body>)

snex there we go

dr|z3d as long as you're just working on the servlet, you can just copy over the .war file now.

dr|z3d if you work on other stuff, you'll need to copy over .jar file as well and restart your router/standalone.

snex yeah i just forgot the jar was ancient

dr|z3d there's a possible fix for console graphs that you said you were experiencing if you're running the latest + from git. let me know if it fixes things for you.

snex Error 500: /graphs - javax.servlet.ServletException: java.lang.NoSuchMethodError: 'int net.i2p.router.web.StatSummarizer.countGraphs()'

dr|z3d well that's odd.

dr|z3d make sure you ant distclean before building an update.

dr|z3d /** @since 0.9.62+ */

dr|z3d public int countGraphs() {return _listeners.size();}

dr|z3d as mentioned before, you should also be able to 'ant installer' without erroring now.

snex yeah that part worked. did not distclean or copy over anything not snark-related

zzz orignal, <zzz> - D to B on id 2, B will drop it because 'mid tunnel injection' check

zzz and if the layer keys are different, B will not be able to correctly layer encrypt the msgs it gets from D, even without the mid-tunnel-injection check

orignal but an advesray doens't need a message to be decrypted

orignal thier puprose it to make the shit circulating

orignal please explain how "mid injection check works"

zzz when B gets TBM from A for id 2, it enforces that all tunnel data msgs for that tunnel must come from A

zzz nobody else can send messages into the "middle of the tunnel"

zzz if you don

orignal so you store ident hash with tunnel

orignal where TBM came from

zzz if you don't have that check, that's your issue

zzz yes

orignal agree it's mine issue

orignal do you compare hashes for every single message?

orignal I mean tunnel message

zzz yes

orignal it's an overhead and slows down

orignal I would start doing it after some threshold

dr|z3d this is probably all you, orignal: BuildHandler: Dropping HOSTILE Tunnel Request -> Previous and next hop are the same

orignal e.g. when too much data goes through

zzz not too much overhead imho

orignal comparison of 32 bytes

zzz but I'm not here to convince you, just to explain what my code does

orignal ?

orignal I'm talking about possible solutions

orignal thinking how to implement it efficiently

orignal say you can save connid is it's SSU2

orignal instead ident hash

zzz I'm not very helpful on C++ efficiency tradeoffs :) 32 byte hash storage and comparison is pretty cheap in java

orignal dr|z3d yes it's mine

orignal I don't check this situation

snex bleh now i cant run the install.jar after distclean and rebuild all: Exception in thread "main" java.lang.NoClassDefFoundError: Could not initialize class java.awt.Toolkit

dr|z3d try running with java -jar ./install.jar -console

orignal 8 bytes int is much much faster than 32 bytes nin0aligned buffer

dr|z3d remember to run that from the dir you want to install to, or specify the install path without trailing /

dr|z3d otherwise it'll install to the pwd.

orignal anyway I will implemnet this check

snex got it - i forgot all this stuff lol

snex the graphs page still gives that error and it also seems to prevent display of the tunnels page

snex slightly different error coming from the tunnels page when it tries to load viewstat.jsp: Error 500: /viewstat.jsp - java.io.IOException: No rates for combined bandwidth graph

dr|z3d that should be a transient error, or you're running java with awt support expected.

dr|z3d try: sudo sed -i -e '/^assistive_technologies=/s/^/#/' /etc/java-*-openjdk/accessibility.properties

dr|z3d I don't think you see that error if you install openjdk-headless.

snex i believe my default is running java-14-oracle

snex i can switch it

dr|z3d if you've got openjdk-headless or similar, try that. whichever version's latest, or whatever that installs.

snex same thing :(

snex i dont have assistive_technologies in that config file

dr|z3d did you purge oracle java?

snex no i just changed JAVA_HOME

dr|z3d and you ran i2prouter restart?

snex no i have it run in console so i ctrl+c then change JAVA_HOME then restart

snex i got this in the console log but it started anyway: ERROR: Failed to start imagegen MultiException[java.lang.UnsatisfiedLinkError: Can't load library: /usr/lib/jvm/java-11-openjdk-amd64/lib/libawt_xawt.so, java.lang.NoClassDefFoundError: Could not initialize class java.awt.Toolkit]

dr|z3d you're running it without the wrapper (runplain.sh) ?

snex didnt know i needed any wrappers

dr|z3d that's what i2prouter does.

dr|z3d runs the wrapper (service) which is how you can restart from the web ui.

dr|z3d either way, you're using java11.

snex i was just doing this: ./i2prouter console

dr|z3d I'm not entirely sure how that handles things, but try i2prouter stop && i2prouter start.

snex i believe it just runs it in the foreground rather than background

snex i dont want it running as a daemon

dr|z3d ok, well somewhere java's configured to load awt which you don't want.

dr|z3d because that relies on X11 or wayland.

dr|z3d (which you obviously won't have running from console)

snex i mean i am in a "terminal" from inside of X11 not a real terminal

dr|z3d well, you've got an issue somewhere locally relating to awt/java. stackoverflow.com/questions/18099614/java-lang-noclassdeffounderror-could-not-initialize-class-java-awt-toolkit

orignal zzz, and one more question

orignal about timestamp in I2NP Garlic message

orignal OBEP can conclude what was the tunnel length

orignal that's different topic

snex ok got rid of all that by switching to java-18-openjdk. local tunnels page still blank despite not seeing this error in viewstat.jsp anymore. i was hoping to use this page to get some insight on how to poll the number of tunnels for display in snark

dr|z3d anything in logs?

dr|z3d local tunnels being the tunnel manager, or /tunnels ?

snex no. also my real router displays these pages just fine

snex /tunnels

dr|z3d dunno, you're not giving me much to go on.

dr|z3d what about /transit ? same?

snex ffs now the page loaded. i wonder if brave is doing some stupid fuckin caching shit

dr|z3d also, you're more likely to get the info you need from /configtunnels (maybe)

snex i hate when my software tries to be more clever than me and is never right

orignal ha

orignal ghost works

dr|z3d chocolate star for orignal.