👮 major
irc2p
#i2p-dev #i2pd-dev #ls2 #saltr
ilita
#4rum #acetonevideo #dev #retroshare #torrent #video2p
IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#saltr
/2024/11/03
~dr|z3d
@RN
@RN_
@StormyCloud
@T3s|4
@T3s|4_
@eyedeekay
@orignal
@postman
@zzz
%Liorar
+FreefallHeavens
+Leopold
+Xeha
+acetone
+bak83
+cancername
+cumlord
+hk
+profetikla
+uop23ip
+weko
An0nm0n
Arch
Danny
DeltaOreo
Irc2PGuest21357
Irc2PGuest21881
Irc2PGuest43426
Meow
Nausicaa
Onn4l7h
Onn4|7h
Over1
anon2
anu3
boonst
mareki2pb
not_bob_afk
plap
poriori_
shiver_
simprelay
solidx66
thetia
tr
u5657
fox anyone have slow's addressbook? or whatever is popular now
RN notbob stats and reg I think are the working ones now I think
fox *** wishes to explore before the possible rise of the 4th reich ***
fox i'll look for those then
RN notbob.i2p has an index, a blog with site reviews and an addressbook subscription
RN you should remember stats (default for Canon java i2p)
fox stats has been around forever yeah
RN and reg, well, it may cause conflicts with older addresses
fox i'll poke around notbob then
dr|z3d if you want in-network news, planeta.i2p isn't bad.
RN yeah, notbob is safe, reg is 'use at your own risk'
RN planeta does look nicer than planet
RN I still use both
dr|z3d ok, this one looks dubious: fRcfUYTkKGHiuMn--vwfYRS1YxvqBbQL7LUNpkgMVe8=
dr|z3d XG, and yet it's requesting a huge amount of tunnels.
dr|z3d so much for the b/w attack disappearing, orignal, appears to be ramping up.
dr|z3d either that or we've got a new cohort of users all downloading furiously, 24/7.
hk dr|z3d: seems like it subsided for a bit, then came back hpdbe6o6qqqqvgygbcznssat46kybsm7rcauofqaoly4ajdi2jeq.b32.i2p/file/T7pL3zTmG8_kRNW6lNXadutenrM989mOCj97YR7MQ_BeXXJlRNlg/attack.png
dr|z3d yeah, ebbs and flows, hk.
hk damn, brutal
dr|z3d what's up with your graph, that should be svg.
hk oh ahahahahah i literally did a screencap in flameshot
hk i didnt think it through and realize I could just save the image directly
hk :p
dr|z3d ah, ok, figured as much. fonts are also off.
hk interesting
dr|z3d you may need to install whatever the default is for java i2p
hk ah that probably explains why the timestamp is cropped off, thanks
dr|z3d cake.i2p/file/At1uOFCtiZ_sygE7HJr2RclTfYQGGJdSjceN0Ggbi_szJfOgpqwK/bw.combined.svg
hk dr|z3d: woah, quite different
dr|z3d the graph, or the datapoints, or both?
hk oh I was just commenting on the visuals, but besides that our graphs do have correlation at the suspected at after 18:00
dr|z3d yeah, somewhat different in plus, the graphs. I'm quantizing the data when the period extends beyond a day iirc, so it reads easier. and various other visual tweaks.
hk but yours does not continue in bandwidth spikes, instead calms down while mine continuously spikes without rest
hk idk just a layman's observation, it's intriguing
dr|z3d that's just one router, but sure, the b/w spread isn't consistent across the entire netork.
dr|z3d we're also a bit more aggressive with the bans in +, so there's also that.
hk do have correlation at the suspected attack*. re: quantizing data, have you considered something like a simple moving average or would that not have much utility in measuring bandwidth?
hk ah, very interesting on the ban part. I wonder if it's meaningful to give the end user the ability to ban more or less; im not aware if such options exist already but yea
dr|z3d re quantizing data, I'm just using existing rrd4j methods to prevent data overload on the graphs.
dr|z3d in canon i2p, you don't get much in the way of knobs to tweak for banning.
dr|z3d in +, you have router.banOldRouters={true|false} and maybe some other stuff.
dr|z3d sorry, not banOldRouters..
dr|z3d router.blockOldRouters={true|false}
dr|z3d When set to false, the router will not block tunnel build requests from slower or unreachable routers running older versions. [Default is true, restart required]
dr|z3d you've also got: i2np.blockMyCountry={true|false}
dr|z3d and router.blockCountries={countrycode,countrycode2}
hk hm hm
dr|z3d and: router.enableTransitThrottle={true|false}
dr|z3d When set to false, the router will not throttle tunnel build requests from other routers, and should be used with caution. [Default is true, restart required]
hk definitely seems useful to me, I mean just by this anecdotal comparison we just made with our graphs (I know there are many variables at play) it really does seem that restrictions can play to a more stable router
hk restrictions on peers*
hk appears to be a careful balance
dr|z3d sure, there's no one size fits all, it's a question of adjusting and tweaking all the time, with current network conditions as a factor to consider.
dr|z3d in + we're a bit more generous before we start throttling routers for making too many requests.. we also scale the max requests depending on b/w tier.. you have to make a large number of requests in excess of the max (when you're being told "no") to get banned.
hk very meritocracal, I like it
dr|z3d well, if you're hosting/requesting a huge number of tunnels and you're L tier, maybe you're lying about your bandwidth.
hk thats right
dr|z3d and if you're lying, then you're up to no good :)
hk haha
hk So in general terms, I know in p2p networks there can be a concept of a "supernode" or a node with elevated privileges
hk I wanted to ask if i2p+ has anything adjacent to that with peer profiling?
hk I guess a node that is donating more and can be trusted more can be given more leeway in a sense or something like that
hk again im a complete novice, just trying to understand i2p more
hk I understand that can be abused to in a sybil attack
hk so theres that
hk elevation attack or agh, i cantremember the name but something to do with reputation
hk flooding a network to give more reputation to your own malicious node and elevating its privileges, so it's not without possible harm I guess
dr|z3d well, fast (bw tier) peers get profiled and used for local tunnels, slower peers don't get profiled.
dr|z3d we don't use slower tier peers for local tunnels.
hk ah I see
dr|z3d profiling itself is somewhat hit and miss, anyways. you need to be pulling a lot of data down to get profiling data.
dr|z3d failing that, in + we do some peer tests to check latency and promote peers with low latency so they're likely to be used more.
hk ahh so that's how you get around with not having to use too much data, I know there can be a problem of collecting too much data in a privacy focused network
hk kind of like how the canon i2p implementation uses a modified kademlia dht for this very reason iirc
dr|z3d not so much privacy focused, it's more a question of ram usage and related page load times when you've got a lot of data to display.
dr|z3d you run a router on the network, expect to be profiled to some degree unless you're in hidden mode. that's not incompatible with privacy.
dr|z3d so you take a view on what's interesting and relevant, and what's not worth keeping/profiling.
hk fair enough
orignal new attack?
orignal zzz, my results of investigation
orignal 1. I was not able to repoduce the problem if I receive multipple acks from Bob and keep resending
orignal 2. I only resend if I don't receive acks but all peers was of older versions
orignal 3. In your scenario mabe that peer really didn't receive ack due to a communication problems however it would be nice if you double check if acks really went our from your side
orignal let me show some example
orignal SSU2: Ack from JOtf ackThrough 0
orignal SSU2: Session with 145.40.231.246:19843 (JOtf) established
orignal it's clear that it was Ack for SessionConformed
orignal then I send
orignal SSU2: RelayRequest sent to JOtf 1
orignal then I receive
orignal SSU2: Ack from JOtf ackThrough 0
orignal SSU2: I2NP message
orignal NetDb: Store request: RouterInfo JOtfqXUgG3Ot-~bi2e4ObSH1j89qveATNMuc9bB4vzg=
orignal simply speakin it's Bob's RI
orignal and it's definitly Java because i2pd sends it as a block
orignal buck ackTrough is still 0. seems it didn't receive my RelayRequest yet
orignal since it was I2NP I send Ack back
orignal next second I resend RelayRequest
orignal SSU2: Resent 4 to JOtf
orignal and keep ressending it and never get acks back
orignal and then termoinate
orignal SSU2: Session with 145.40.231.246:19843 (JOtf) terminated
orignal JOtf is router.version=^F0.9.62
orignal and JOtf seems Java
zzz no, it's i2pd
zzz Addresses:NTCP2: cost: 3 host: 145.40.231.246 i: hBzNk52N0IBZK1WLC2vCMw== port: 19843 s: K9btCaSvRu4XrdtELKZ8L4nyr5TkuQ0Uo5Jl69yyNW4= v: 2
zzz NTCP2: cost: 3 host: 2a00:d4e0:125:3815:8aae:ddff:fe03:eb7b i: hBzNk52N0IBZK1WLC2vCMw== port: 19843 s: K9btCaSvRu4XrdtELKZ8L4nyr5TkuQ0Uo5Jl69yyNW4= v: 2
zzz SSU2: cost: 8 caps: C host: 145.40.231.246 i: t0gdN-KeAQcc0woUqdZW8qFOgwES-zIb8vO02OaDrYY= port: 19843 s: lzykwSE6G45alT9pjvmazJJQQTuO6mt-d~y0JR7wPz8= v: 2
zzz SSU2: cost: 8 caps: BC host: 2a00:d4e0:125:3815:8aae:ddff:fe03:eb7b i: t0gdN-KeAQcc0woUqdZW8qFOgwES-zIb8vO02OaDrYY= mtu: 1500 port: 19843 s: lzykwSE6G45alT9pjvmazJJQQTuO6mt-d~y0JR7wPz8= v: 2
orignal caps: C
orignal and RI as I2NP
orignal I see plenty of such cases
zzz NTCP2 Cost: 3
zzz netdb.knownRouters = 15445
orignal what's wrong with knoerouters?
zzz java usually isn't that much
zzz but java will never do ntcp2 cost 3, that's you
orignal let me find another example
orignal but see, in your scenarion it looks like this
orignal for example xocS
orignal I get
orignal SSU2: RelayRequest sent to xocS 1
orignal SSU2: RouterInfo
orignal NetDb: RouterInfo updated: xocSFWv-FF7~bADzq4xsiL6bH65BB0T90WiprHfc3to=
orignal it clearly i2pd
orignal because RI is block
orignal and no Ack
orignal while JOtf looks like Java'
orignal or some modifed code
zzz my dup relay req detector is working, seeing about 5 dups/hour
zzz 11/03 09:44:07.200 Receive relay request from 146.70.163.91:5296 xJrHmO
zzz 11/03 09:44:07.233 Got relay response 0 as bob, forward nonce 37528592 to 146.70.163.91:5296 xJrHmO
zzz 11/03 09:44:07.746 Dropping dup relay request from 146.70.163.91:5296 xJrHmO IB2
dr|z3d handy
dr|z3d that making it into git?
orignal great
zzz seems like it but I also added a dup relay response check that isn't being hit, have to figure out if it's not working or not necessary
orignal please tell me how you send RI after handshake
zzz who am I?
orignal Java
orignal Bob
orignal I connect send relay request immidiately
orignal then get packet with RI and Ack for ackThrough 0
orignal so do you send this packet immediately?
zzz so I (Bob) send alice RI and relay intro to charlie. what's the question?
orignal I'm asking about handshake
orignal you receive SessionConfirmed
orignal and send Ack
orignal aftter that you send own RI also with Ack block
orignal my question is when you do it
zzz ok, looking...
orignal and secons question why do you send Ack twice
zzz yes we send RI immediately
orignal then why not together with Ack for SessionConfirmed?
orignal it's confusing to received ackthough 0 twice
zzz looking...
zzz yeah we send ack 0 separately. The spec talks about it a lot. The spec doesn't talk about sending your RI
orignal not a big deal just asking why
orignal and in most case RelayRequst gets acked and never resent again
zzz the ack 0 is where we send the relay tag if he asked for it. its a good point, may be worth combining them
zzz still finding some leftover ssu 1 stuff to get rid of too, not quite done
zzz and yes the attack turned back on, knocked 20 points off expl. build success. I can't find fRcf though
orignal what if fRcf?
dr|z3d that's a router I mentioned earlier.
zzz some router dr|z3d was pointing finger at
dr|z3d XG, demanding a ton of transit tunnels.
orignal I can tell you what is XG
orignal and that's right
orignal it couldn't be founf at floodfiils
dr|z3d maybe it's disappeared.
orignal no
dr|z3d we can't rule out the possibility whoever's running the attack is keeping an eye on this channel.
orignal i2pd publishes G for routersthrough proxy
orignal and since no R or U it's definitly the one
dr|z3d the words marzipan and dildo come to mind.
orignal ?
dr|z3d XG routers..
orignal so the guys behind it is an idiot
orignal X for router through proxy
orignal that doesn't accept transit at all
dr|z3d you're not familiar with the expression "about as useful as a marzipan dildo"?
orignal no, I'm not a native english speaker
dr|z3d think about it...
dr|z3d yup, yup.
dr|z3d another idiot: vEVDcDjjkjW7s1vDs2NNLzM-E9P8uvSzQxslKJSZYq8=
dr|z3d I know you're not, orignal, that's why I take some time to increase to explain things :)
orignal I don't see at my FF
orignal how do you see them?
orignal are they all connected to you?
orignal i2pd 20 0 1249296 176180 6016 S 12.2 8.6 183:44.52 SSU2r
orignal wow. that' something new
orignal looks like someone floods with UDP packets
dr|z3d dunno where increase came from, ignore that word.
dr|z3d "as useful as a marzipan dildo / chocolate teapot" is a colloquial way of say "fucking useless".
orignal that thread does nothing but takes UDP packets from buffer
dr|z3d First heard about: 6 min ago Last heard about: 6 min ago Last heard from: 301 ms ago
orignal do you see thier actual IP?
orignal but how did you hear?
dr|z3d no ip, either published or via transport.
orignal then how did you find out about it?
dr|z3d it's in my netdb.
dr|z3d maybe it sent over an RI.
dr|z3d zzz: got a moment to cast an eye over my likely naive LS partial match method?
dr|z3d cake.i2p/view/yb5JvaBuMq_m6NsVgpIaSgodNGrLXNBlVzHRAheoA_vKwPL8Qci3/yb5JvaBuMq.txt
orignal but who sent it?
dr|z3d dunno
orignal zzz, what error code do you send if nonce already exists?
orignal because no code like "duplicate nonce"
zzz am I bob or charlie?
zzz dr|z3d, you'll never get to that new code, because convertToHash(prefix of some sort) will return null. If it gets a hash it isn't partial.
orignal bob
orignal to relay request
dr|z3d yeah, thanks, zzz, figured it wasn't doing the job.
dr|z3d aka "naive" :)
orignal caps=46
orignal Vort has collected this XG guyes
orignal connected to him
orignal <Vort> paste.i2pd.xyz/?8a01efdd52b4b6b5#G4UyP3whDFpcLD9pAiePSzRc8iAdnyCB8FhXVviMuJzT
orignal you guys can take a look
orignal <Vort> [2a02:6ea0:f207::d001]
orignal their IP
zzz if I check in the code I'm working on, then a dup nonce at bob will be acked and dropped
orignal no RelayResponse being sent?
zzz no
zzz but we'll see
dr|z3d tell vort to use cake, orignal. privatebin is shit.
dr|z3d first I have to enable js, then I have to download the attachment. fuck that.
orignal it's just FYI
orignal all these XG routers are connected through NTCP2 v6
orignal то уou don't
orignal privatebin.i2p/?8a01efdd52b4b6b5#G4UyP3whDFpcLD9pAiePSzRc8iAdnyCB8FhXVviMuJzT
orignal that's the i2p link
dr|z3d exactly.
dr|z3d I don't want to have to jump through hoops to view a paste.
orignal paste.i2pd.xyz and privatebin.i2p is the same thing
dr|z3d I know. it's not the site, it's the implementation.
dr|z3d I might reluctantly enable js, but I'm not going to enable js and then download an attachment just to see a paste.
orignal up to you
dr|z3d like I said, tell vort to use cake.i2p in future. up to him.
orignal it's archive of XG RIs
orignal if you guys don't care it's fine
dr|z3d I have my own collection, but thanks.
orignal do you see caps=46 there?
orignal do you see SSU2?
dr|z3d let's have a look at: WWPvSr9Pc4f4mihY3yDNc46qxIdjoOlx4mPI3nfPh6E=
dr|z3d Addresses:
dr|z3d NTCP2 caps: 46 s: 1hXHJ9Xqrf-dzjQPYMNE9WfXEQw9HK6JxVah6iB~6WM= SSU2 caps: 46 MTU: 1478 i: T1L-kf5m93dgVgT5gh5CKKj4HlbSOFpiUi6K8tUX1DU= s: NKbvm6sHpJTfF7RwfsAubdxE67AmODexmJgr9lQMfyA=
dr|z3d Stats:
dr|z3d First heard about: 39 min agoLast heard about: 39 min agoLast heard from: 2534 ms ago
orignal seems same monkey
orignal SSU2
dr|z3d And due to recent changes in my workspaced, also banned.
orignal proxy rarely support UDP
dr|z3d Another monkey: 2avtvyGZepl0AB-a2h9GEtSF7MbYMSBkXxUdwX8UzZQ=
dr|z3d 46/NTCP/SSU2
orignal monkey don't understand that SSU2 doesn't work though the Tor
orignal because monkey
orignal what was the reason of ban?
orignal Tor IP?
dr|z3d no, ban is because XG and not R and no U.
orignal would you ban ygg routers?
orignal great
orignal "dumb and dumber"
dr|z3d oh, actually, no, it's banned because no router version.
dr|z3d ygg routers wouldn't appear in my netdb.
dr|z3d so no.
orignal router.version=0.9.64
orignal I see it everywhere in Vort's list
orignal didn't know that R or U is a requirement
orignal zzz, eyedeekay please confirm
dr|z3d I see version here, so I'm probably wrongly tagging the ban reason.
orignal please find out the actual reason
orignal can I just publish H instead R or U?
dr|z3d and the criteria for the current test ban is X + G + !R + !U.
dr|z3d like we've already established, XG is useless.
orignal and ygg router
orignal сan be XG
orignal router through proxy also can be XG
orignal and no it's not usealles because it can connect to you
zzz we don't ban ygg, we don't require R/U
dr|z3d sure, orignal, it can connect to me, it can request tunnels from me, but it's G. there's something not right.
RN I want my router to be O.G.
RN ;)
orignal what exactly is not right? It says G and that's it
orignal RN not a problem I can run OG router ))
orignal dr|z3d are you going to ban all "G" routers?
dr|z3d orignal: no.
dr|z3d G isn't the problen.
dr|z3d a router that's neither R nor U, X tier, G, and demanding tunnels is the problem.
orignal please explain why
dr|z3d if you're G, you're basically saying "no tunnels".
dr|z3d so why are you asking for tunnels?
orignal no transit tunnels
orignal because I need tunnels for my local destination
dr|z3d right. and what I've observed is these routers requesting a huge number of tunnels.
orignal but don't/can't participate
orignal huge number of tunnel is another issue
orignal bur how is it related to R, U or G caps?
orignal ofc G router can requests only own tunnels
orignal but you said it was banned because G and no R or U
dr|z3d like I said, workspace testing. G, neither R nor U, and X.
orignal baning XG itself deosn't make sense
dr|z3d are you actually listening?
orignal yes
orignal and I can't get your point
dr|z3d I'm not banning XG, I'm currently testing banning XG !R!U
orignal <orignal> but you said it was banned because G and no R or U
orignal you says the same thing router caps is XG
orignal just because caps = XG
dr|z3d all four conditions need to be met.
dr|z3d X, G, !R, !U
orignal that caps=XG
orignal right?
orignal if you caps = XG you ban such router
orignal btw, what would happen if I publish G cap only
dr|z3d this is why I was proposing a !R!U cap.
orignal without bandwidth
orignal dr|z3d yes or no?
dr|z3d yes or no what, orignal?
dr|z3d yes I like pie.
orignal <orignal> if you caps = XG you ban such router
orignal that's my question
orignal do you ban a router if caps=XG?
dr|z3d I've already told you. X + G + !U + !R.
orignal answer concrete qusetion
dr|z3d don't make me hurt you.
dr|z3d :)
orignal do you ban a router because caps=XG or caps=GX ?
orignal without other condition
dr|z3d If an XG router has neither R nor U caps, yes, that's currently the ban condition I'm testing.
orignal than I sould start bypassing I2P+ routers completely
orignal enough insanity for me
orignal zzz, now question for you if caps=G is valid?
dr|z3d like I said before, I'm _testing_ this.
orignal than you should conclude that test failed
dr|z3d really, a router that's G cap should never be able to publish X tier.
orignal nothing illegal or bad if caps=XG
orignal that what tier should it publish?
orignal see my question to zzz
dr|z3d I told you, I've been watching XG!U!R routers request more than a reasonable amount of tunnels lately. I think it may be part of the attack.
orignal then you should check amount of tunnels first
dr|z3d what tier should it publish? won't handle any transit requests? L, or maybe even K.
orignal btw, what does this banndwidth cap mean in specs?
dr|z3d X?
orignal yes
orignal how much you can participate or just your local bandwidth?
dr|z3d unlimited bandwidth available.
orignal my proposal to now publish any tier
orignal available for?
orignal for transit or own traffic?
dr|z3d well, you're publishing that in your routerinfo, so you're advertizing your capability to other peers.
orignal I can sit on 10 Gbs line and not participate to tunnels for ownb reason
dr|z3d and your class is set by your upstream b/w, download b/w is separate.
orignal should I publish X or not?
dr|z3d if you're not offering unlimited bandwidth, no, you shouldn't be publishing X.
orignal my bandwidth is good but I don't participate
orignal for example because I live in batustan
orignal than we come to the question if I'm allowef to not publish bandwidth at all
dr|z3d if you're G, you might as well advertize as K.
dr|z3d because you're doing nothing useful for the network.
orignal again can I not publush at all?
dr|z3d ask zzz
orignal already did
dr|z3d I'd just publish K, or why not hide yourself instead.
dr|z3d because you are a marzipan dildo from the network's perspective.
orignal btw we use this cap
orignal to detect if transport session is slow
orignal if actual bandwidth we see if slower than declared we mark it as slow
dr|z3d well, extend that to also detecting if the router is publishing G, perhaps?
orignal no, why?
orignal if we partcipate it's tunnel
orignal we know if it's slow or not
orignal G or not G doesn't matter
dr|z3d you're detecting if the transport is slow and downgrading the published b/w tier if I understand you correctly, so a router that's G is, to all intents and purposes, also slow and should be avoided.
dr|z3d as an alternative strategy, instead of banning XG!R!U instantly, we can cut them some slack and treat them as slow routers wrt the number of tunnels we'll host for them before rejecting requests.
dr|z3d how about that instead?
orignal yes, that's much better
orignal they should have limit of tunnels because they can only build thier own
dr|z3d sure, that's the alternative strategy. treat them like L class routers.
orignal I also think maybe publish H if through proxy
dr|z3d yeah, that's a good idea.
orignal bassically if a router works in -stan mode
orignal not necessary proxy
zzz debate with drz as you like but please don't keep asking me if I do what he does because I probably don't
orignal zzz, I'm asking you concrete qustion
orignal if bandwidth is requirement
orignal or such router will be considered as malformed
orignal and this question is to you not to him
orignal e.g. can I publish just caps=G
zzz you can research the specs to see whether it's required or recommended
zzz I don't think my code would ban it, but not sure how it would be treated
zzz if it's a serious question, I suggest you test it and see, that's a better way to find out than to ask me ))
zzz you can research the specs to see whether it's required or recommended
zzz I don't think my code would ban it, but not sure how it would be treated
zzz if it's a serious question, I suggest you test it and see, that's a better way to find out than to ask me ))
orignal yes, it's a serious question, because I thought about it alrready
orignal not ban just consider malformed
orignal like if you don't have "version" in RI
orignal remeber we have "G" caps not so long
dr|z3d I don't like routers without versions.
zzz we don't really have a concept of malformed. Either it parses, has netid=2, and has a valid sig, or it doesn't.
zzz but again, the netdb spec may give you some clues
orignal I doubt that specs mention bandidth caps in case of G
dr|z3d you were asking about bandwidth (tier) caps.
dr|z3d G isn't a bandwidth cap per se.
dr|z3d when a tunnel request is declined, orignal, what do you do? stop sending requests?
orignal no
orignal add this info to profile
orignal and if always decline stop sending for a while like 72 hours
dr|z3d so you just carry on blasting out requests?
orignal yes, but to random routers
dr|z3d so not to the same router that's just declined a tunnel request?
dr|z3d let's say for example I set a limit of 30 requests per 10m.. I don't, but it's a useful enough example..
dr|z3d and you request 31, 32.. and I decline those.. how long does it take you to stop sending requests, and how long do you wait before sending new requests?
dr|z3d ie, what's your backoff stategy?
dr|z3d geti2p.net/en/docs/how/network-database#routerInfo
dr|z3d fyi.
orignal not sure need to check
orignal bool IsAlwaysDeclining () const { return !m_NumTunnelsAgreed && m_NumTunnelsDeclined >= 5; };
orignal 5 declines in row
dr|z3d ok, that's within reasonable limits. no bans for you.
dr|z3d if you backoff for maybe 10m, you should be good. maybe less, but 10m is safe.
dr|z3d definitely not 72h :)
RN 72 hours, until next restart.... both seem pretty long to me
RN considering I usually only restart my routers on purpose when there is a release to apply
dr|z3d as long as you know when to backoff and when to resume, then you can adjust requests accordingly.
RN yes the 'until next restart' is referring to (the sybil thing) unrelated area of the code
RN but
orignal no 72 is always 72 hours
orignal it's persisted in a file
RN orignal, I was talking about two different examples of timout that to me seems longer than needed
RN screw up a family key and get sybil banned till restart for all the routers that saw the broken key, or back off for 72 hours because the router failed 5 (rapidly?) sent requests
RN both seem long to me
RN just an opinion
RN )
orignal nobody happened to explain what hapenned to 2RRY yet
orignal as usual here
RN though if I remember correctly, they sybil one was only a therory and wasn't confirmed
dr|z3d sybils bans are persistent.
dr|z3d you set your own ban period.
dr|z3d so after 5 rejections, you avoid the router for 72h?
dr|z3d we did 2RRY a long time ago.
RN if 2RRY is back to normal, then it was just a ghost in the matrix
dr|z3d fucked family cert. end of discussion. move along please.
orignal yes, is 5 rejection I bypass it for 72 hours maybe 24 don't remeber exact number
dr|z3d you need to adjust that.
orignal dr|z3d no, not end of discussion
orignal I'm wondering WHY
dr|z3d even 24h is ridiculous.
orignal idk is 2RRY is normal now
dr|z3d try 10m backoff. you'll be fine.
orignal because the attack
orignal const int PEER_PROFILE_EXPIRATION_TIMEOUT = 36*60*60; // in seconds (1.5 days)
orignal 36 hours
dr|z3d that's just wrong.
RN maybe backoff ten minutes, give that router a chance to de-congest, and next time it is ranbomly selected and fails 5 times then block for a longer time
dr|z3d private static final int LIFETIME_PORTION = 3; // portion of the tunnel lifetime
dr|z3d private static final int MIN_LIMIT = (isSlow ? 100 : 150) / LIFETIME_PORTION;
dr|z3d private static final int MAX_LIMIT = (isSlow ? 1200 : 1800) / LIFETIME_PORTION;
dr|z3d private static final int PERCENT_LIMIT = 15 / LIFETIME_PORTION;
dr|z3d private static final long CLEAN_TIME = 11 * 60 * 1000 / LIFETIME_PORTION;
orignal so, can someone here exaplain what caused so long banf because worng family key?
orignal NOBODY
orignal const int PEER_PROFILE_DECLINED_RECENTLY_INTERVAL = 150; // in seconds (2.5 minutes)
orignal also I give up for 2.5 minutes if declined
dr|z3d we've been here. cached RI data, new restart fixed.
orignal it's not emough
dr|z3d give it 10m.
orignal I would like to have clear explanation
orignal about worng family key
dr|z3d you'll then find whatever was declining you, assuming java, with accept requests again.
dr|z3d *will
orignal because I consider it as another fuck off
orignal nobody happened to explain
dr|z3d you fucked your family key. maybe handling could be better, but that's the basic reason.
RN make a new pair of routers, then mess up the family key on purpose, see what happens with them?
orignal why 2RRY was banned untile next restart
orignal NOBODY EVEN TRIED
RN neither did you orignal
orignal what for?
orignal did what?
RN set up a new router pair, test if the family key mess up breaks them
orignal there is somthing in Java code
dr|z3d 10m, original. not 2.5m, not 1.5days. 10m.
orignal 1.5 days is livetime of a profile
dr|z3d 2.5 minutes isn't long enough to avoid being rejected in java land.
orignal dr|z3d maybe I will change number
orignal just need to look into that code
dr|z3d technically clean time is 11m/3
orignal again I can't tell what is the situation wuth 2RRY
orignal because it becomes E too often
dr|z3d after clean time has elapsed, any router that was requesting too many tunnels is forgotten about.
orignal let me see what happens to 5 rejection in the row
RN that is why I say set up another two, make them a family, set up same as 2rry, then add a third and mess up family key... then you can observe if the same thing happens or not
dr|z3d if you want to got lower than 10m, no less than 4m. but 10m is a good round number.
orignal RN and then?
RN but don't put them in 2rry family
orignal say I see the same problem
orignal how will it help?
RN then you have a reproducable issue
RN you know there is something to investigate or not
orignal and get one more fuck off ?
orignal right now I can't
RN ¿ ?
dr|z3d all in your mind, orignal :)