#saltr (irc2p) | I2P+ 2.7.0-9+ >> i2pplus.github.io | skank.i2p | git.skank.i2p | purokishi.i2p | vituperative.github.io/i2pchat | natter.i2p | notbob.i2p | ramble.i2p | shreddit.i2p | cake.i2p | /msg an op for voice

#saltr

/2023/04/19

Online: 45

~dr|z3d

@RN

@RN_

@StormyCloud

@T3s|4

@T3s|4_

@eyedeekay

@orignal

@postman

@zzz

%Liorar

+FreefallHeavens

+Xeha

+bak83_

+cancername

+cumlord

+hk

+profetikla

+uop23ip

Arch

DeltaOreo

FreeRider

Irc2PGuest19353

Irc2PGuest46029

Irc2PGuest64530

Meow

Nausicaa

Onn4l7h

Onn4|7h

Over1

acetone_

anon4

anu

boonst

enoxa

mareki2pb

mittwerk

not_bob_afk

plap

poriori_

shiver_

simprelay

solidx66

u5657_1

weko_

uop23ip i2pplus.github.io/installers/i2pinstall_2.1.0+.exe is down for me

uop23ip Weird tried dev at first gitlab.com/i2pplus/I2P.Plus/-/jobs/artifacts/master/raw/install.jar?job=Java8

uop23ip Didn't work in the browser. Just weird text in falkon. firefox just blank. So did a vanilla (worked) install and used the update i2pplus.github.io/i2pupdate.zip. Worked got i2p+

uop23ip Then ddownloadedthe dev update. Worked

uop23ip Maybe there is something in the dev installer. At leastt for. Now i am on dev.

end50 Hello again, I wanted to ask about what happened to zzz.i2p and why can't I access it...

end50 The website seems to be down all the time.

end50 well, more like eepsite

tisratil7 hello everyone it's been a min

dr|z3d uop23ip: not sure where you were attempting to download 2.1.0+ installer from, on github.io the links are for 2.2.0+. but it sounds like you got it sorted eventually.

dr|z3d if a dev download fails from gitlab, it could mean that the build bot is in the process of building new files, happens sometimes.

T3s|4_ uop23ip: ^yep, normally a far outlier, but well within the realm of 'normal' experience :)

xeiaso So, it's been over 24 hours since issue 397 was discussed in IRC. What actions have been taken?

obscuratus Hey xeiaso, welcome back.

obscuratus I've been going through the code, trying to follow your assertions.

obscuratus Do you have any debugging patches you've added that would show this issue?

xeiaso You don't need debugging patches to read a single file.

obscuratus xeiaso: So, you've been examining the code. Did you come across a good place to address this?

obscuratus What message would they be sending us that would prompt us to reply back?

xeiaso Think of a HTTP server. When you send a GET request it sends back a reply.

obscuratus xeiaso: We talked about this yesterday. I still don't understand how a message can come down a tunnel, and the tunnel id variable is NULL. Can you explain what you're getting at there.

xeiaso The tunnel id variable is from an incoming packet. An adversary can decide to not include a tunnel id.

obscuratus I don't think we rely on them to tell us what tunnel they're coming down. We figure that out for ourselves, based on what tunnel we received the message through.

xeiaso >distribute(data, instructions.getRouter(), instructions.getTunnelId());

xeiaso line 376 directly contradicts that idea

obscuratus Ah, I had that backwards. The tunnel id is the target.

obscuratus So, the potentially worrisome line (as pointed out by you and in the lambdaplusjs thread) is:

obscuratus if ( (target == null) || ( (tunnel == null) && (_context.routerHash().equals(target) ) ) )

obscuratus in the inbound message distributor.

obscuratus Right?

obscuratus I see tons of (target == null) && ( (tunnel == null)

obscuratus I've never seen a (target = <anything>) && (tunnel == null) in my logs.

xeiaso Looking the router hash while handling a destination-bound packet? It's definitely worrisome.

obscuratus How about I test this (for breakage). We'll normally process the (target == null) && (tunnel == null)

obscuratus I'll start dropping the (_context.routerHash().equals(target) ones, and print a great big warning.

obscuratus Then I'll monitor my logs, and see if that ever shows up.

xeiaso Sounds good, just make sure it doesn't break zero hop tunnels.

obscuratus I'll make it a critical error for testing. It should show up on start-up then.

obscuratus eyedeekay, dr|z3d: When you get a chance, please review my above conversation with xeiaso.

eyedeekay Already on it here thanks

RN "<xeiaso> So, it's been over 24 hours " ◀━━ wow! Bossy much?

RN being pushy and entitled won't make things move any faster

RN the issue is most likely bogus misunderstanding of the code, but it is being investigated seriously.

xeiaso Entitled? I don't run Java I2P. I have no stake in the outcome.

RN but you come in demanding answers