#saltr (irc2p) | I2P+ 2.7.0-11+ >> i2pplus.github.io | skank.i2p | git.skank.i2p | purokishi.i2p | vituperative.github.io/i2pchat | natter.i2p | notbob.i2p | ramble.i2p | shreddit.i2p | cake.i2p | /msg an op for voice

dr|z3d NTCP2 caps: 46 s: qsJWhskQmAK3JzzvXFn1ZcblELMWTO9KHBBP-2EKE20= SSU2 caps: 46 MTU: 1478 i: OOzrhbRkX3GN9eZu5tXkm3T13oFBeazMwBCuBd-KU6w= s: rrkt9ZvhkAwhLxqgPSG1EpW

orignal I don't think so

orignal why do you think it's Java?

dr|z3d Cost 14/15. Smells like Java.

dr|z3d I even have a little I2P icon in my console that indicates it's probably Java :)

orignal const uint8_t COST_NTCP2_NON_PUBLISHED = 14;

orignal const uint8_t COST_SSU2_NON_PUBLISHED = 15;

orignal it's i2pd

orignal connecting though proxy

dr|z3d ok, need to update my java detection.

orignal my question is

orignal if you see real SSU2 connections

orignal or monkey just publishes it

orignal if you see real SSU2 connection

dr|z3d can't tell you right now, it hits a certain threshold and then gets banned.

orignal most likely it's shadowsocks

orignal maybe even from that guy in the issue

dr|z3d probably because it's not respecting transit request limits.

orignal if it's NTCP2 only

orignal most likely it's Tor

dr|z3d Sure.

dr|z3d Not Tor.

dr|z3d whois.com/whois/169.150.227.198

orignal then proxy that doesn't support UDP

orignal something new than'

dr|z3d that ip address looks like it's doing a lot of ownership obfuscation all by itself.

orignal why one needs proxy?

dr|z3d registration in cz, .co.uk abuse address, israeli geolocation.

dr|z3d datacamp.co.uk <- abuse.

orignal we need to understand what kind of proxy is it

orignal without attack 2RRY still has lack of trasit

orignal Transit: 1345.37 GiB (984.57 KiB/s)

dr|z3d yeah, seeing a steady 1-1.5MB/s on one router.

orignal usually it was around 3 Mbs

dr|z3d maybe your provider's still get hit.

orignal I don't think so

orignal Java routers still bypass me

dr|z3d we're not fully upgraded on the network yet, ~55% or thereabouts?

dr|z3d here's another XG for you: pzKFy7HQfcmVWi-vRoebaOYOaloGakJwVlW5EmRJOts=

dr|z3d NTCP/SSU

orignal and also 46?

dr|z3d yup

orignal I see they all use the same config

dr|z3d I think they're getting banned here (mostly) because they're not respecting request rejections and just keep on spamming requests, so maybe modified code.

orignal or too many tunnels

orignal one destination produces very limited number of tunnel requests

dr|z3d tada! zzzmirror.i2p/topics/3659-2-8-plans

dr|z3d ramping up again...

RTP Hey everyone, had a question I thought someone here might answer. If I was going to share a couple usbsticks to friends with i2p on it... To help them try it out... Would an i2prouter become a problem if directly cloned on disk by Router Identity? Or is this automatically handled in some way? I've been wondering this and couldn't find the answer.

not_bob I do not think it would be great, no.

not_bob I think it would be fine if you remove ~/i2p/router.keys.dat before you pass them out. Then each router will create a new one on start.

RTP ah awesome. Thanks not_bob! Always appreciated.

not_bob Anytime!

dr|z3d are you going to share the config dir as well, RTP?

dr|z3d if you're not, then you don't need to worry about router identity, it'll create a new one (and a config dir) on first run.

dr|z3d if you were to share a config dir, add the line router.rebuildKeys=true to the existing router.config in the config dir and that will also remove any router identity files and create a new id.

dr|z3d either way, you'd have a hard time deleting ~/i2p/router.keys.dat since it doesn't reside there, it resides in ~/.i2p/

dr|z3d but router.rebuildKeys=true in ~/.i2p/router.config is what you want.

dr|z3d that will create a new routerid and then remove itself from router.config

dr|z3d no harm removing router.keys.dat, though.

dr|z3d probably a "good idea" just so someone else doesn't have your own router id keys.

dr|z3d with all that said, best to just distribute the app dir and then a new profile and new identity will be created on first run.

RTP ah thank you dr|z3d will add that to ~/.i2p/router.config as don't want to cause any issues

dr|z3d are you creating a virtual image?

dr|z3d or you're just providing a usb stick with i2p pre-installed?

dr|z3d either way, better not to copy the profile dir at all. if you want to customize the config, you can edit i2p/router.config

RTP just going to provide usbstick with i2p preinstalled for bootable bare metal experience :)

not_bob_afk Yes, my bad. Forgot the . in the path.

dr|z3d right, so your user runs i2p, and it'll ignore your profile dir.

dr|z3d so don't bother.

dr|z3d the profile dir will be created on first run.

dr|z3d (and not on the usb stick)

dr|z3d bootable??

not_bob_afk That's what it sounds like.

RTP bootable set up for someone who has no linux experience. The idea is just to make it super easy for them to check out for the first time.

dr|z3d it doesn't sound like much without more info.

dr|z3d if it's a live OS, great. still don't recommend a profile dir.

dr|z3d if you want to pre-configure i2p, then do that first, copy the relevant sections in .i2p/router.config to i2p/router.config and then you can remove ~/.i2p/

RTP Just a very basic automated starting i2p browser set up on desktop. Was afraid if I missed something in router ID etc it might get banned so will for sure add the recommendations.

RTP not live run though

dr|z3d ok

RTP so would have i2p+ preinstalled with a browser and some scripts I shared on my channel to automate everything with a shortcut. Nothing fancy on set up. Just basic functional i2p browser is purpose.

dr|z3d on the live os, then, you probably want to run ~/i2p/i2prouter install once you've modified i2prouter to point at the user you're running it from, though you'll need to run ~/i2p/i2prouter install as sudo.

dr|z3d that will setup a systemd service so it runs on startup.

dr|z3d (and can be controlled with service i2p {stop|start|restart}

RTP ahh okay I actually never tried the install argument. That is great to know about! Saves me some writing. :)

dr|z3d the line you want to edit in i2prouter is commented out and starts with RUN_AS_USER iirc.

dr|z3d you can also copy eephead eepget and i2ping from ~/i2p/ to usr/bin and then edit each file to point at your i2p installation

dr|z3d edit each file after copying to usr/bin .. there's comments at the top of each file where you need to specify the i2p app dir.

dr|z3d then user can do eephead skank.i2p etc from terminal.

dr|z3d if you want to add additional documentation, you can add stuff to the default eepsite folder and link to it.. just an idea.

dr|z3d then you might set 127.0.0.1:7667|127.0.0.1:7658 as the homepage in firefox or equiv.

dr|z3d (which will open multiple pages for home)

RTP Very helpful. Thanks to both of you much on this. 🙏

dr|z3d *thumbs up*

orignal RN, you shouldn't clone router keys. Such routers will be banned

orignal once found

orignal at least in i2pd

dr|z3d we estanblished that, orignal :)

dr|z3d I've now contracted your stan bug :|

orignal well you might not know how i2pd works

orignal which -stan bug?

dr|z3d estanblished..

orignal lol

orignal btw, since you watched District 9 you know what bantustan is

dr|z3d I've just reminded myself.

orignal bantustan is word from SA

orignal but in Russian it also means a shitty country

dr|z3d homelands for black South Africans in apartheid South Africa. I guess in Russian in sort of means ghetto.

orignal no, ghetto is about WW2

orignal about Nazi

orignal the differnce that bantustans has own govenments

dr|z3d ok

orignal and not whole SA is bantustan

dr|z3d indeed not.

zzz I've collected about 20 XG's by hash/ip/port

zzz as a group they're all over the place, but none of them are IP-hoppers

zzz my list has zero overlap with Vort's zip of 16 though

zzz anybody want the list for further analysis?

orignal zzz, any idea what kind of proxy is it?

orignal guys, please help me choose name of param that says non recreate expired tunnel

orignal because I'm not native englush speaker

zzz I know nothing about proxies, I leave that to others

orignal do you see actual SSU2 sessions?

orignal or NTCP2 only

zzz not looking for ssu2

orignal if they relly connect through SSU2 there are not too many proxies that support UDP

orignal and then most likely it's shadowsocks

dr|z3d param? newTunnelsOnExpiry ?

dr|z3d newLSOnExpiry?

dr|z3d or rather, newLeaseSetOnExpiry

dr|z3d is that what you're doing, tearing down the LS and creating a new one?

dr|z3d or maybe newDestOnExpiry ?

dr|z3d not that many of them, zzz, possible attack routers? dunno.

orignal thanks

orignal i2cp.newTunnelsOnExpiry sounds right

dr|z3d ok

orignal LS is about IB only

orignal but this is about OB too

orignal Vort said not much traffic went from them

orignal hence most likely it's a monkey try to attack some service

dr|z3d I still think XG !R!U routers are suspect and should be blocked.

dr|z3d maybe in time you'll come around to my way of thinking, orignal :)

orignal no you don't have any evidence that these routers do something wrong

dr|z3d that's the "in time" part. :)

orignal no, it's because the release

orignal before they would appear as X

orignal hence maybe they are in the network for a long time

orignal plus before i2pd didn't work well through proxy

zzz not true, sampled my list, all first seen in last 24 hours

dr|z3d > ok, well we can keep them under review. maybe we'll learn something.

orignal maybe they always change RI

zzz maybe let's do data-based analysis instead of guessing?

dr|z3d *** smiles. ***

orignal I will try on 2RRY

zzz give me the IPs you have for vort's 16 and I'll compare with my list

orignal he said everything had the same one

dr|z3d this one's a good place to start if you want to perform some analysis: dT50jTIPtC9fFD7NnXCmz8HGiAZuRT-~re~JagmO6mo= [169.150.227.198]

orignal that's how he recogznized them

dr|z3d that's got dodgy written all over it.

dr|z3d israel geolocation, czech registration, abuse/hosting co.uk

zzz I don't have that hash or IP in my list

zzz what IP was it orignal ?

orignal I posted it here

zzz so could you do it again please? like you've never asked me to repeat myself?

orignal <Vort> 2a02:6ea0:fb01:1::d001

orignal <Vort> CDN77

orignal sure

orignal <Vort> [2a02:6ea0:f207::d001]

orignal <Vort> скорее всего, все вот эти :d001 - это от одного владельца

orignal bascicallly he sais that all ended with d001

zzz I don't have that hash or IP in my list

orignal do you have ipv6 with d001?

orignal I don't see either now

zzz XG: 1ElsL8VYkh7UGBiWqQzaNUotZuBE23H3KgbIyan4DPk= [2a02:ed04:3581:3:0:0:0:d001]:35858

zzz XG: 3FjBS3xBBmVhnmeHBcmTDNZtE3I3WQCmBPr6WleLIAc= [2a06:3040:d:410:0:0:0:d001]:59054

zzz XG: bInqP3B-TRtryxnec9gp27hrXya~pRIaSGbq3pWKRoo= [2400:ddc0:a00b:0:0:0:0:d001]:44844

zzz XG: fWJ8BU6GlVZqLAwxE-4lkyWfg7ddz6GaOSZgSuITzFk= [2a02:6ea0:f206:0:0:0:0:d001]:51080

zzz XG: hCW-6LzOpPCBedRhUKTj3qcdZ7-5zLPC8JENwDKUpwE= [2602:ffe4:c0d:801d:0:0:0:d001]:35102

zzz XG: i2OMHYkOO0h5n9p7QrLUnSll1Ie-vY7qw8SGA7AIrdM= [2404:f780:4:deb:0:0:0:d001]:34070

zzz XG: i2OMHYkOO0h5n9p7QrLUnSll1Ie-vY7qw8SGA7AIrdM= [2404:f780:4:deb:0:0:0:d001]:50740

zzz XG: IY1RS9XUzvuRw68AzWeSAn2sehHrcy~q2T-XISePjEE= [2804:5364:7000:40:0:0:0:d001]:60476

orignal I seee 2604:d500:4:1::4 like 8 connection from the same IP but from different ports

orignal so Vort was right

zzz but plenty more w/o d001

orignal yes

zzz 4th one above has f206, vort reports f207

orignal so I'm going to change the code if SsessionConfirmed receives XG write it to log

orignal Vort said that all IPs ended with d001

orignal that's how he collected them

zzz not true here, 1/3 ipv6 not d001, 1/3 ipv4

orignal ofc not

orignal only his list

orignal indeed there are more

orignal github.com/PurpleI2P/i2pd/issues/2107

orignal maybe that guy

dr|z3d that RI I referenced just know was notable for requesting a ton of tunnels, aside from the obvious ip ownership obfuscation.

dr|z3d *now

dr|z3d orignal: that issue re the proxy guy on github, shouldn't you be advising him against using a proxy if he wants to host transits?

orignal everybody understands that no transit through proxy

dr|z3d I'm not sure they do, esp. given it's a recent i2pd feature to mark G for proxied connections.

zzz "ton of tunnels" seems to be a different category than "XG", let's not get ourselves confused

dr|z3d just an observation - that specific router came to my attention because XG + tons of tunnels.

zzz it is XG?

dr|z3d yup

zzz ok, we're not confused ))

dr|z3d ok, good. :)

zzz here's a tons of tunnels XG BbZqLVpQYKHF-KqsIcfVVMc8s7B09t4jFWC8KQaXctQ= 2a02:6ea0:d70a:1:0:0:0:b58d

dr|z3d yeah, I see that. Top of my list right now.

orignal requests or what?

dr|z3d except it's not G.

dr|z3d at least not here.

zzz Router: BbZqLVpQYKHF-KqsIcfVVMc8s7B09t4jFWC8KQaXctQ=

zzz Published:9 min ago

zzz Signing Key:EdDSA_SHA512_Ed25519

zzz Encryption Key:ECIES_X25519

zzz Routing Key:jQK-PgELT9~wzZGcpNfvKEy91IY4chOYRymSqKbjMds=

zzz Compressible:true

zzz Last IP: 2a02:6ea0:d70a:1:0:0:0:b58d

zzz Addresses:NTCP2: cost: 14 caps: 46 s: qkyxgS9bcHv4f~1-GIcts12zWdirQ2~K~k1miCixOiY= v: 2

zzz SSU2: cost: 15 caps: 46 i: m~cEiBQ0XldaSqw84B~Rm7YYE40NZj3faphDHXN8NS4= s: LLiLuZF2phDy1x9ShLAWo~F~RfvoPLI01JDwu005G2I= v: 2

zzz Stats:caps = XG

zzz netId = 2

zzz router.version = 0.9.64

orignal <zzz> Published: 9 min ago

orignal what does it mean?

zzz that's the RI timestamp

dr|z3d ok, that's strange, it's displaying G on the routerinfo page, just not on transits.

dr|z3d must be a css snafu.

dr|z3d another XG demanding a ton of tunnels: T6nP4iQZ6u~2x4YqARQV8~sdREzMDkyTtqNRY56tnes=

orignal because it's not supposed to be published at FF

dr|z3d another one slowly climbing up the XG tons of tunnels ladder: YV6J9XMlk19D3-0-vy2Z6qNXDHT9IIR5JEYJi8lfSpw=

dr|z3d they climb to the top, then seemingly don't take the "no more tunnels" hint and keep requesting, and then get banned.

orignal do you publish E?

dr|z3d publish? sure.

dr|z3d I think ARM or Android is E by default.

dr|z3d one of the two, or both.

dr|z3d otherwise, when we reach x percent of capacity, we publish E.

orignal i2pd never tries to requst tunnel through a router with E

dr|z3d I think we're the same, at least in + and possibly in canon.

dr|z3d in fact, in + I don't think we request transit from routers with D, E or G.

dr|z3d actually, no, we publish D for low performance (Android et al) routers, my bad.

dr|z3d correct channel: another XG/tunnels: hdsZ1DIgi~AMYbQ8q~6euPj9MadfEvy4L~o~ZcUN-3g=

orignal also people are reporting than tunnels thread is most CPU consuming now

orignal it means too many TBRs

dr|z3d right, so throttle, orignal :)

dr|z3d one of these days you'll get the hint.

orignal no, first is to move x25519 away

zzz fix your 25519 precalc thread.

zzz don't run it once a second with a timer; just interrupt it when it's low or empty

orignal zzz, already

orignal I generate x25519 is separate thread

zzz ane even 25 may not be enough; we do 20-60 depending on memory

orignal but this CPU usage is key agreement

orignal once a second? what are you talking about?

orignal I have enough pre-culaulated keys

zzz std::this_thread::sleep_for (std::chrono::seconds(1)); // take a break

zzz github.com/PurpleI2P/i2pd/commit/b8d61e04f0ca5ce652e193198b5cd4f277fe2a18#diff-9a8b45dc33aeb2ab786c744f137ede2b369e97bc9975cf4652ccbbbb8c96aa28R77

orignal the problem comes when you have to calculate shared secrect for every TBR

orignal it never falls here

orignal it's circuit breaker

zzz ok

orignal to make sure that thread doesn't eat whole CPU

zzz keep a queue of tbrs and start dropping if you fall behind in that thread

orignal usually it calculates a new key one a key is used

orignal yes, that's what I'm goung to do

orignal move TBRs away from tunnels thread

orignal I handle TBR and tunnel data in the same thread

zzz eww

orignal just saying it's time

orignal because it was never been an issue

zzz how many threads total do you have?

orignal my point is that x25519 also consume CPU

orignal around 20

zzz ofc

orignal well it's much better than ElGamal

orignal but still much slower than symmetric crypto

zzz ofc

dr|z3d another one: HRiGlE9sEMnPRMsHPM~wTWQJ0-NLnl8IDimIoB4Yd6Y=

zzz we have one thread for TBRs but a whole bunch for data

orignal yes, that's I'm going to do

orignal for own TBR or transit TBR?

zzz all incoming requests and responses

zzz we're well over 100 threads total, probably close to 200 on big routers

zzz but it's a little easier to do threads on java

orignal for your TBR you need to apply x25519 for each record

dr|z3d closer to 300 here.

dr|z3d (threads)

orignal no problem with threads in C++ either

orignal I just prefer to keep tjem minimal

uop23ip dr|z3d, What are good values for job lag or message delay and are they useful (transit) performance indicators?

dr|z3d what are you seeing right now, uop23ip, and are you floodfill?

uop23ip yes ff, jlag 500mu, mdelay 6ms

dr|z3d those are fine. job lag under 200ms is fine, message delay under 100ms is fine.

dr|z3d obviously the lower the better, and your values are low.

dr|z3d you'll maybe see those a bit higher when the router starts up.. they soon come down.

dr|z3d job lag is normally lower for floodfills because they're not exploring the netdb DHT.

uop23ip Regarding the attack, better to get onto dev to bring your fixes in?

dr|z3d sure, there are a few mitigations in there.

dr|z3d it's not going to stop the bandwidth rollercoaster, but it might catch offending routers sooner.

uop23ip Nice, thanks

uop23ip Is it possible to tunnel "dos" a router so far that its congestion level gets worse and worse?

dr|z3d you also get an enhanced, streamlined view of router profiles in the latest dev builds.

uop23ip Can you make a D to an E or G, by overwhelming it with tunnel demands which exceeds it limits and reacts by declining tunnel request for others?

uop23ip nevermind, just wondering how i became an E from a former always D. ;)

zzz so what do we do about G routers

zzz G hop is obviously owner

zzz no mention of it in proposal

zzz I don't recall orignal discussing any anon concerns about it here

orignal zzz, it's obbvious even without G

orignal if a router publishes RI without incoming addresses

orignal if someone connects through proxy they must understand this risk

orignal that thier connectivity is limited

zzz what about non proxy

orignal I set G only for proxy

zzz I certainly haven't communicated the risk via my UI

zzz you set it for sym nat and for max tunnels == 0 also, iirc

orignal if someone turn off transit they must accept this risk

orignal for sym nat you did it

orignal I'm going to revert it

zzz where do you present that info to the user? website? web UI? logs?

orignal notransit=true you mean?

orignal it false by default

orignal if you are so dumb to turn if off don't expect anonymity

orignal G for symm NAT is a bad idea, I agree

zzz ah, you've come full circle, bad idea again

zzz ok so you don't communicate it anywhere, they either know it or they're dumb ))

orignal I talked to people on dev

zzz should G routers be limited to 1 hop tunnels since they're wasting their time?

orignal ofc no

orignal to 2

orignal examaple

orignal I'm a G router ygg-only

orignal first hop is ygg only too

orignal last one is ygg + clearnet for endpoints

zzz should the part. tunnel throttler be way stricter for G routers?

zzz that would reduce the impact of the XG fleet

orignal you mean own tunnels?

orignal yes I agree

zzz no. how many tunnels should I allow a G router as previous or next hop. shouldn't be too many

zzz definitely not 25 like I saw this morning

orignal zero

orignal because you are G

orignal how many FROM G routers?

dr|z3d re part throttler, yes.

orignal I would say how many destinations are allowed

dr|z3d treat G routers as superslow and throttle accordingly. that's what I do.

orignal I would alllow only 3

orignal shared local destination, proxy and one server tunnel

dr|z3d another XG/tunnels offender: MH5A7L1fcsea9bv6UHc~PNX~yknfVoTjKKpoCOxJ7Vo=

dr|z3d you don't throttle, orignal :)

orignal no I don't

orignal I mean in configuration

dr|z3d so you can't allow only 3.

dr|z3d oh, you mean cap the number of tunnels the router can host.

dr|z3d tunnels/dests.

zzz this is all discussion we should have had when the G cap was proposed and discussed

dr|z3d we're only discussing it now because orignal's marking proxied routers G.

orignal zzz, it's not about G cap

orignal if you see LU with NTCP2 only

orignal what's a difference?

orignal e.g. we should also talk about de-facto G

zzz that's even rarer than G

orignal poroxy always looked like this before

orignal and there were tonns of such routers and dr|z3d banned them explicitly

zzz proxy was almost nonexistent until you decided to do the opposite of what I recommended and make it easy

orignal come on

dr|z3d lol.

orignal proxy existed for al least 5 years

orignal un has implemented it long time ago

dr|z3d orignal's doing that "come on" routine again. it's almost a catch phrase.

orignal even for NTCP1

orignal proxies always existed

zzz this is how we got here. me + drz: block tor; you: make sure i2p-over-tor works well

zzz so not surprising

orignal hold on

orignal we are talking aboyt two different things

orignal how long does i2pd support proxy for NTCP2? For SSU2?

orignal seocond. all these XG routers have nothing to do wiht Tor

orignal hence they would work anyway wihout my recent change

orignal but looked like X or XU

orignal and I wish we had this discussion 6 months

orignal to discuss how to fix proxy rather than all Tor IPs

zzz if they're behind a proxy you can probably limit them to 1 hop unless ygg-ygg

orignal yes, good idea

orignal but then OBEP and IBGW will be i2pd only

zzz ok, if you want to keep your tor sabotage

orignal that I don't like

orignal because enpoints always consume more reosources than middle hop

orignal man, it's not about Tor

orignal the purpose of this change is wider

orignal it's "-stan" mode

orignal meaning you can't connet to every routers in the network

orignal you guys don't even try to address this issue yet

orignal keep living in jrandom's days with assumption that any-to-any connection is possble

orignal but in real world driven by monkeys it's not true anymore

zzz jrandom did not assume that and it's mentioned all over his docs

orignal and what's the solution?

orignal hidden router?

dr|z3d might as well be. G + !R + !U == hidden.

orignal maybe I should publishing H for proxy?

dr|z3d sure

dr|z3d amounts to the same thing, no?

orignal I don't want to inytroduce "hidded" mode explicitly

orignal because every monkey would start turning it on

orignal they are so dumb that turn on encrypted leasesets for client tunnels

orignal zzz, what do you think about H?

zzz not a bad letter, not my favorite

orignal for proxy I mean

dr|z3d *** chuckles ***

orignal literraly meaning that it doesn't publush itslef

orignal and that's true

orignal for proxy

zzz state your case, write it up, with a security analysis this time

orignal my case?

zzz case = "why"

orignal NTCP2 and/or SSU2 go through proxy

orignal why publish H?

orignal that's my question to you

orignal waht it actually means

zzz I'm asking that you spend some time to explain an idea before you ask me what I think

orignal then I need to know what 'H' is for

orignal what exactly does it say?

orignal in my code I consider it as G

zzz look in the specs

orignal ok. removed G for proxies and symm nat

orignal I did

orignal it doesn't have exact explnation

orignal zzz, while you are here and we are talking about caps maybe you can give an ulitmate answer about 'U' cap

orignal the question is simple. Can a router publish U cap for non-published NTCP2 only router?

orignal nobody can answer this question for years

orignal and second question if I can publish "R" for ygg-only router

zzz asked and answered many times, and the answer is in the spec

orignal no it's not there

orignal R if can be reached by any transport

orignal but is ygg "any" transport since you don't recogzize it as transport

zzz if you have a proposed addition to the spec, email me a patch

orignal R: Reachable

orignal U: Unreachable

orignal that's what I see in specs

zzz sigh

orignal R means that the router is directly reachable (no introducers required, not firewalled) on at least one transport address. U means that the router is NOT directly reachable on ANY transport address.

zzz there you go

orignal no it doesn't answeer my question

orignal for R it doesn't answer if ygg is transport or not

orignal U says if it's not reachable directly but doen't say what if not reachable at all

zzz then add your own answer and email me the patch

orignal but I don't the answer

zzz I added that section after the last 10 times we talked about it

orignal A router should usually publish the R or U capability, unless the reachability state is currently unknown.

zzz I don't have all the answers either. Sometimes implementers have to make their own decisions

orignal so, what's right answer?

zzz don't know

orignal I should publish R or U accodring to this statmenet

orignal but I don't know

orignal if I can publush R in case of ygg, and U in case of proxy

zzz then convene a subcommittee of i2pd devs to research the alternatives and make a recommendation

orignal you already know my recommendtation

orignal but you disgree with it and I know your reasons

orignal that's why I'm asking because any Java uses these caps

orignal zzz, will you also remove G from routers with symm nat?

zzz don't know

orignal it's real deanon

orignal for non-guilty user

orignal better to decide how to publish code for symm nat

orignal a guys might not even know about symm nat

orignal unlike proxy or no transit

orignal it's not his fault

eyedeekay Re: Yggdrasil, my understanding is that yggdrasil routers are reachable to other yggdrasil routers, and that yggdrasil is an IPv6 overlay, fulfilling the "reachable on any" requirement of the specification, so it makes sense from that POV to publish R, and the routers who can't talk to the yggdrasil routers have to learn to avoid them

orignal eyedeekay theoritaclly yes

orignal however Java doesn't recognize ygg as transport

eyedeekay That seems like an us problem, if we don't support the transport we need to avoid the routers with ygg addresses

orignal or drop such routers as malformed

orignal that's why i'm trying to avoid