@eyedeekay
+R4SAS
+RN
+RN_
+T3s|4
+Xeha
+not_bob
+orignal
FreeRider
Irc2PGuest15271
Onn4l7h
Onn4|7h
T3s|4_
aargh3
acetone_
anon4
cancername
eyedeekay_bnc
profetikla
shiver_1
u5657
weko_
x74a6
zzz
not clear if the question was for simultaneous though
eyedeekay
My take was that even if the app sometimes needed up to 1000 identities where identity~=destination, it's unlikely that a real-world user would be contacting all those identities simultaneously
eyedeekay
So smarter management may cut down on the real-world overhead
zzz
looked at peer test logs where I'm Bob
zzz
alice i2pd and charlie i2pd: success
zzz
alice i2pd and charlie java: charlie code 67 sig fail
zzz
so we both need to double check the spec
zzz
and I'm going to add sig checking at Bob to help track it down
orignal
will check
orignal
I think it's relay request message
zzz
my bug, I was using alice hash in sig, but that's only for msgs 3 and 4
zzz
you're not handling it yet as charlie? it looked right to me
orignal
signatures?
orignal
one sec
zzz
peer test
zzz
Alice i2pd FJ-F
zzz
Charlie i2pd IMQc
zzz
^^ this one worked
zzz
06-07 12:24:25.092 DEBUG [ handler 1/1] .transport.udp.PeerTestManager: Got peer test msg: 1 status: 0 hash: null nonce: 1495682559 time: Jun 7, 2022, 12:24 PM ip/port: 185.244.29.91:18443 from 185.244.29.91:18443 FJ-Fcd IB2 recvAge: 27s sendAge: 27s sendAttemptAge: 27s sendACKAge: 27s lifetime: 27s RTT: 35 RTO: 1000 cwin: 5263 acwin: 5263 SST: 524288 FRTX? false consecFail: 0 msgs rcvd: 1 msgs sent: 1 pkts rcvd
zzz
OK/Dup: 3/0 pkts sent OK/Dup: 2/0 IBM: 0 OBQ: 0 OBL: 0 state: null
zzz
06-07 12:24:25.092 DEBUG [ handler 1/1] .transport.udp.PeerTestManager: Send Alice RI and msg 2 to charlie on PeerTest 1495682559 IPv4 started Jun 7, 2022, 12:24 PM as BOB; Alice: /185.244.29.91:18443 Charlie: /2001:470:28:2e3:f8c5:3e90:3366:1bcd:30305; last send after 0; rcvd from Alice after 0; pkts relayed: 0
zzz
06-07 12:24:25.156 DEBUG [ handler 1/1] .transport.udp.PeerTestManager: Got peer test msg: 3 status: 0 hash: null nonce: 1495682559 time: Jun 7, 2022, 12:24 PM ip/port: 185.244.29.91:18443 from [2001:470:28:2e3:f8c5:3e90:3366:1bcd]:30305 ImQCa~ OB2 recvAge: 7m sendAge: 7m sendAttemptAge: 64ms sendACKAge: 64ms lifetime: 65m RTT: 59 RTO: 1000 cwin: 3376 acwin: 2270 SST: 2560 FRTX? false consecFail: 0 msgs rcvd: 4 msgs
zzz
sent: 127 pkts rcvd OK/Dup: 134/0 pkts sent OK/Dup: 132/2 IBM: 0 OBQ: 0 OBL: 1 theyRelayToUsAs: 825018819 state: PeerTest 1495682559 IPv4 started Jun 7, 2022, 12:24 PM as BOB; Alice: /185.244.29.91:18443 Charlie: /2001:470:28:2e3:f8c5:3e90:3366:1bcd:30305; last send after 0; rcvd from Alice after 0; pkts relayed: 0
zzz
06-07 12:24:25.156 DEBUG [ handler 1/1] .transport.udp.PeerTestManager: Send Charlie RI to alice on PeerTest 1495682559 IPv4 started Jun 7, 2022, 12:24 PM as BOB; Alice: /185.244.29.91:18443 Charlie: /2001:470:28:2e3:f8c5:3e90:3366:1bcd:30305; last send after 64; rcvd from Alice after 0; rcvd from Charlie after 64; pkts relayed: 0
zzz
06-07 12:24:25.156 DEBUG [ handler 1/1] .transport.udp.PeerTestManager: Send msg 4 to alice on PeerTest 1495682559 IPv4 started Jun 7, 2022, 12:24 PM as BOB; Alice: /185.244.29.91:18443 Charlie: /2001:470:28:2e3:f8c5:3e90:3366:1bcd:30305; last send after 64; rcvd from Alice after 0; rcvd from Charlie after 64; pkts relayed: 0
orignal
no, peer test is not implemented yet
orignal
if (!s.Verify (r->GetIdentity (), buf + 47 + asz))
orignal
{
orignal
LogPrint (eLogWarning, "SSU2: RelayIntro signature verification failed");
orignal
return; // TODO: send relay response
orignal
}
orignal
if you are talking about signatures
zzz
this is peer test. all I know is I was bob and had i2pd on both sides, messages 1-4.
orignal
for relays
zzz
but I didn't check signatures
orignal
what are we talking about? relays or peer tests?
zzz
peer test
orignal
peer test is not implemneted for Charlie yet
orignal
remeber we dsicussed it yeserday
zzz
you have messages 1-4 done?
orignal
probably I send something back to Bob
orignal
no
zzz
I got a message 3 back and it looked right
orignal
I definitly don't check signature yet
orignal
yes, message 3 works
orignal
but signature was not checked
zzz
so that's what I'm reporting :)
orignal
I though you meant relays
zzz
and reporting that I have a bug in signature checking for peer test, fixing now
orignal
but you use i2pd for peer test without cap
orignal
why?
orignal
I mean it might lead to crash
orignal
because I have incomplete code for it
orignal
strange that router replied with msg 3
orignal
because I have commited it yesterday tonight ))
orignal
last commit
zzz
not sure I check for cap, let me look
zzz
ok, another bug, I got the 'B' cap from the SSU address, not the SSU2 address
orignal
yes, I publish in SSU but not in SSU2 yet
orignal
zzz, when Charlie find that Alice's endpoint from her RI doesn't match one from peer test what code should we send?
zzz
its a good question
zzz
for example, alice may not have any IP in her RI, if she thinks she's firewalled
zzz
or it could be a different IP
zzz
we can add another code if you want
zzz
but in some cases charlie should accept it
orignal
my question is
orignal
which address is right? from message or from RI?
orignal
the problem is
orignal
I have enpoint in message but still need an address for intro key
zzz
pick the address for v6 or v4
orignal
yes
zzz
should have code for that already, we do that in other places
orignal
that's what I do
orignal
but if there is an endpoint in address that doesn't match
orignal
I'm sure which one is right
orignal
*not
zzz
if there's an IP, look for that, if not, look for 6 or 4 in the cap
orignal
that's what I do
orignal
but if there is IP and it's different from one in the message
zzz
not sure
zzz
maybe reject, maybe not
orignal
I think we should use from message
orignal
because RI might be outdated
zzz
or could be testing a different ip
orignal
while IP in message is current one
zzz
but could be an attack also
zzz
maybe should be rate limited if different
orignal
?
orignal
also 6 and 7 are identifcal to 5 just different msg
zzz
like if some attacker asked everybody to peer test putin's IP, 5 times a second
orignal
attacker can publish RI with Putin's IP
orignal
easily
zzz
true, but routers will try it once or twice and then give up
zzz
peer test is on-demand
zzz
I need to look if I have any throttles now, don't remember
orignal
yes, but he can flood with peer tests
zzz
yes I have a throttle now. 12 per IP per 10 minutes
zzz
that sounds way too high
orignal
it's bad
zzz
can always tweak it
orignal
what if it;s floodfill?
orignal
bunch of short connections
zzz
I'll put it on my list to review it
orignal
almost done with Charlie
orignal
need to implemnt 6 and 7 but they are simple
zzz
great. I'm still chasing bugs
orignal
message 3 is complicated
orignal
if I receive 5 before 4 should I wait for 4?
orignal
because I don't know Charlie's hash from 5
orignal
but I need intro key for 6
zzz
from the spec:
zzz
NOTE: As in SSU 1, messages 4 and 5 may arrive in either order. Message 5 and/or 7 may not be received at all if Alice is firewalled. When message 5 arrives before message 4, Alice cannot immediately send message 6, because she does not yet have Charlie's intro key to encrypt the header. When message 4 arrives before message 5, should not immediately send message 6, because she should wait to see if message 5 arrives
zzz
without opening the firewall with message 6.
orignal
so I have to wait 4 before sending 6
zzz
correct
zzz
ok the peer test signature is fixed and tested