orignal
if I create a new routers
dr|z3d
we all love you here, obviously. :)
orignal
it will be full of transit shortly
dr|z3d
anyways, 2.5m is too short a backoff.
orignal
how do I know if Java routers drop me or not
dr|z3d
you should get a rejection, not a drop.
RN
same way you are blaming java routers of dropping 2rry
orignal
I'm talking about 2RRY case
dr|z3d
run I2P+, have some fun, see what a real UI looks like.
RN
I'm saying make one like 2rry and see if it happens again.
orignal
RN I can't repeat this scenario because the attack
RN
well
RN
make three
RN
ahh
orignal
a router reaches cap quickly
RN
after atack
orignal
and attacker is i2pd
orignal
it might last for years
RN
mine don't seem to be experiencing an attack
RN
maybe I'm not watching the right numbers
orignal
i2pd of course doen't care about wrong family key
orignal
once it becomes good
dr|z3d
check your bandwidth graph, RN.
orignal
2RRY is always jusm between 500 Kbs to 15 Mbs
dr|z3d
if it's spiky, you're probably under attack like the rest of us.
orignal
so I can't evaluate
RN
the usual high and low 'sawtooth' at the timeframe I watch
orignal
if the problem with Java still exists
dr|z3d
that sawtooth is attack.
orignal
even I create a new router it will be the same
orignal
Transit: 811.88 GiB (396.16 KiB/s)
orignal
Router Caps: XfRE
orignal
few minutes ago it was 15 mbs
dr|z3d
MB or Mb?
orignal
so what does it tell me?
orignal
megabytes
orignal
and now it's 400 kilobytes
dr|z3d
it tells you there are a substantial amount of routers pushing serious traffic over the network.
orignal
yes
orignal
but I don't know if 2RRY is good for Java routers or not
dr|z3d
pretty sure 2RRY is fine.
dr|z3d
looks fine from where I'm sitting.
dr|z3d
Total tunnels peer agreed to participate in7
dr|z3d
Total tunnels peer refused to participate in7
dr|z3d
Total failed tunnels peer agreed to participate in4
dr|z3d
Number of times peer sent us something unrequested and not seen before1
dr|z3d
Number of times peer sent us something unrequested but seen before3
dr|z3d
Number of times peer never responded to a lookup request13
dr|z3d
Number of times peer sent a valid response to a lookup request2
dr|z3d
Average peer response time17.22 seconds
orignal
yes but it's only for you
orignal
we still don't know about the majority of Java routers
dr|z3d
latency is off the charts.
orignal
because zzz saw the problem after more than a wekk
dr|z3d
if you want peace of mind, install I2P or I2P+
orignal
peer response is result of attack to the hoster
orignal
Transit: 814.74 GiB (13207.98 KiB/s)
orignal
now
dr|z3d
13MB/s eh.
orignal
yes
dr|z3d
+-
RN
¿ can we just unplug it and plug it in again ?
orignal
2RRY?
RN
))
RN
no all of I2P
RN
hehehe
orignal
lol
dr|z3d
the answer to 2RRY is I2P+.
dr|z3d
next question? :)
RN
we need to unplug that (those) asshat(s) running the attack
dr|z3d
yeah, we don't see quite so much traffic in java-land, orignal, because throttles.
RN
so how do we find them while they use things like I2P to hide themselves
RN
yes throttling... I'd throttle the neck of the attacker if I met them.
RN
especially if they claim to be "just following orders"
RN
but, functionally, I really don't notice anything I attribute to 'an attack being active'
RN
my stuff is still working
RN
noted about the graphs
dr|z3d
also, backoff -> 10m !2.5m and you'll see much less rejections from java routers. (reminder)
dr|z3d
eepsite access is less than stellar, that's probably an obvious side-effect.
RN
you mean mine? or in general?
dr|z3d
generally, though it's variable.
RN
maybe I'm just not looking at the right times, but stuff is loading for me prety fast right now and last few days when I looked at things like ramble, irc-scores and translate.idk
RN
due for a little catch up on notbob
RN
I'll wait for a high part of the sawtooth and try then
RN
actually, I mispoke before, more a square wave than sawtooth
dr|z3d
just call it a bumpy ride :)
RN
*** fastens seatbelts ***
dr|z3d
fwiw: X== Over 2,048KBps shared bandwidth
orignal
it's not my goal
orignal
and I'm fine with such traffic
orignal
I can test under load
orignal
R4SAS said 40 MBs today and some threads comsume entire core
orignal
I'm wondring at which moment Java reaches this situation
dr|z3d
sure, but you'll still get a decent amount of traffic if you throttle requests from individual routers. 8MB/s is plenty.
dr|z3d
yeah, I've seen that on java before.
orignal
That's why I want to move x25519 to another thread
dr|z3d
or do what we do and pre-cache keys.
dr|z3d
<zzz> no, but we have a queue of eph. keys precalculated, so that saves a little
orignal
it's one part
orignal
second part is key agreement
orignal
ofc I have pre-calculation
dr|z3d
ok, sort of got ls partial match working, zzz.
dr|z3d
it matches the first found lease right now, ideally it should match all leases that contain the query string.
dr|z3d
ok, now it's returning more than one result \o/
dr|z3d
still not quite the results I want, but progress.
dr|z3d
ok, this one's dubious: sIVCheipBdmN6ptApsK6q1fDX9vc2oovkfw7Uhlmafw=
dr|z3d
L tier, pushing 200K/s
dr|z3d
also dubious @ 130K/s (L) rEypFHVYwBJ0ePIN9WIGwiHCO-NMsNGB-GpsSNWJakA=
dr|z3d
smtp.wugi.info
orignal
i2pd doesn't limit current speed
orignal
it limits new tunnels
orignal
e.g. a siugnle tunnel can send 200 K/s even on L
orignal
but that L wouldn't accept more tunnels
dr|z3d
another XG demanding a ton of tunnels. c-DZ1TeE~V50zWSuZf0WNkpLYMhIXq0Z5wpqioyDxfg=
dr|z3d
L12 - 48 KBps shared bandwidth
dr|z3d
if a user sets their router to L tier, the expectation is they won't be pushing more than 48KB/s upstream.
dr|z3d
otherwise, what's the point of setting bandwidth limits?
dr|z3d
you need some sort of bandwidth test, orignal, so the user can make an informed decision about how much b/w they want to share, and perhaps also to adjust limits based on results.
dr|z3d
but more importantly, you should be setting upstream limits based on what the user has configured.
dr|z3d
maybe I'm on a VPS with a data cap, and I configure my bandwidth limits to avoid hitting that cap.. as it stands, i2pd will blast right through that cap.
orignal
i2pd uses bandwidth to control number of tunnels
orignal
the blast will be for short time
orignal
and in average it will be what user set
orignal
it worked this way for years
orignal
nobody complains
orignal
maybe spike but average works fine
orignal
hence you never exceed your VPS bandwidth
orignal
and i2pd never limits own raffic
orignal
*traffic
orignal
only transit
dr|z3d
ok
orignal
and I know who is demanding tonns of tunnels
orignal
that monkey who attacks Ilita with bots
orignal
he has to create thousands of local destinations
dr|z3d
he can do that programatically.
dr|z3d
I wonder what sort of traffic he's pushing over them.
dr|z3d
maybe just pulling huge files 24/7.
orignal
no, monkey is not familiarwith SAM/BOB
orignal
for huge fules you don't need tonns of tunnels
orignal
for tonns of addresses yoy do
dr|z3d
no, you don't, but if you want to hit the network hard, you want a ton of tunnels/dests and huge files being requested from all of them.
dr|z3d
also, monkey might not know bob/sam, but monkey might have found a script.
orignal
usually they create thousands of tunnels in config
RN
Bad Monkey!(tm)
orignal
what was the IP of XG? Tor?
dr|z3d
sure, that's what I'm suggesting, wouldn't be difficult to script dests for the .config
dr|z3d
didn't have any ips.
orignal
then how do you know that it generates tonn of tunnels if it's not connected to you directy
dr|z3d
the RI displays no IP, but I see a large tunnel count. Strange, but true.
orignal
but how do you see them?
orignal
how do you know if a tunnel came from router if you didn't have connection with it?
dr|z3d
occasionally I'll see a router in the tunnels listing that indicates tunnel count, but without an ip.
dr|z3d
or maybe I missed the ip which wasn't in the RI. can't remember.
orignal
and how does it work?
orignal
you should take an IP from endpoint
dr|z3d
yeah, mostly I do, I look at the transport ip.
orignal
then something worng in your code
orignal
nobody can connect without endpoint
dr|z3d
unless there's some sort of obfuscation in play.
dr|z3d
dunno, I'll keep an eye on suspect routers and let you know if I see another that doesn't have an obvious ip./
orignal
it's impossible
orignal
Vort clearly sees thier IP
orignal
and it's ipv6
dr|z3d
that could be it, on routers without ipv6.
dr|z3d
what about backoff period for rejected requests? you fixed that yet?
orignal
I'm busy with something else
orignal
you missed the point
dr|z3d
it's a single variable value. set to 10*60*1000 and you're golden.
orignal
Vort saw real NTCP2 conections to these routers
orignal
no, it's profiling logic I need to review it again
dr|z3d
like I said, I'll keep an eye on things and let you know if I see anything interesting.
zzz
no, XG is not all ipv6
zzz
also, investigting attempted all-zeros RI stores, several per day
orignal
what is all-zeros RI store?
zzz
WARN [ handler 1/1] FloodfillNetworkDatabaseFacade: Invalid store attempt! key does not match routerInfo.identity! key = [Hash: iOVJ9WBSwEGPtQ5ZpC6AZdD4-1Ub6VrUUs5hzVg-vuI=], router = [RouterInfo:
zzz
Identity: [RouterIdentity:
zzz
Hash: MRn86w6tHQgE25D7DIejOBCJ-dImSjdsQaOaBuUypkE=
zzz
Certificate: [Certificate: type: Null payload: null]
zzz
PublicKey: [PublicKey ELGAMAL_2048 size: 256]
zzz
SigningPublicKey: [SigningPublicKey DSA_SHA1 size: 128]]
zzz
Signature: [Signature DSA_SHA1: size: 40]
zzz
Published: Thu Jan 01 00:00:00 GMT 1970
zzz
Options (0):]
orignal
timestamp zero
zzz
everything zero. the hash is the hash of 387 zeros
orignal
btw, do we have an I2CP option to not recreate a tunnel when expires?
zzz
no
orignal
thanks
orignal
I have a request for one
orignal
always create a new tunnel
zzz
email me a patch to the spec, mark it i2pd-only
orignal
I want to implement is as i2cp param
orignal
e.g. not only for tunnels, but also for SAM and I2CP
zzz
email me a patch to the spec, mark it i2pd-only
orignal
so you suggest me to invent own param
zzz
yeah because if I ever did it it would probably be a router config option, not a per-client option
orignal
I think to do it per destination
orignal
per local destination
orignal
for one service you might want it for another no
dr|z3d
orignal: there, zzz loves you too: git.idk.i2p/i2p-hackers/i2p.i2p/-/commit/2bec64c55a0248b8d347a0c4596605352be31af6
dr|z3d
per client _might_ be useful, dunno. what's your use case, orignal?