uop23ip
ok don't know why, but now it has worked
eyedeekay
Currently trying to figure out why I'm seeing issues very similar to snex, I pretty much instantly get gitlab and IRC, others are much harder to find
dr|z3d
any sites specifically, eyedeekay?
eyedeekay
postman's tracker, stats, and my own site
dr|z3d
stats.i2p loads fine here.
dr|z3d
idk's homepage, also fine.
dr|z3d
tracker2 taking a bit longer than normal.
snex
notbob wont load for me either. and i also cant get the update zip from skank
eyedeekay
Yeah I'm ssh'ed in to my site's host and it looks pretty normal
dr|z3d
tracker2 loaded, notbob, loading, skank.i2p loading.
eyedeekay
I have excellent ETBS everywhere, but very poor lookup success at the moment, something seems weird but I'm not sure what's going on yet
snex
tunnel build success 98%
dr|z3d
possibly related, last time I looked the chinese router caucus were in force.
snex
when things were working properly it was always around 70%
eyedeekay
Yeah I'm seeing similar, I have pretty low floodfills at the moment too
dr|z3d
yeah, looks like less than normal.
dr|z3d
smells like a new attack, but hard to say right now what it is.
snex
active peers 19. that seems super low
eyedeekay
At the moment I'm just looking at what's going in and out of the netDb's on the routers I have access to to try and see some kind of pattern
eyedeekay
It does
dr|z3d
you can grab the dev update build from gitub, snex. i2pplus.github.io
dr|z3d
19 is super low indeed.
eyedeekay
60 or so for me on the router with the most trouble, 1200 on one which is performing pretty normally
dr|z3d
1.5-3.5K here.
snex
ok im gonna install the dev build.. hopefully im back in a bit rather than the hour+ it took before
cumlord
Late here but it’s sometimes struggle to keep connected to postman tracker too as Java builds so wonder if it’s something on postman’s end
cumlord
Not sure if can adjust http tunnel in snark but i2pd has worked better for that, been meaning to try haproxy to pool for that
dr|z3d
Not enough info yet to speculate on possible causes, but whoever was running the attacks probably hasn't gone away.
cumlord
Oof things are running at snails pace
eyedeekay
rotating the keys on the affected router by setting router.rebuildKeys=true in router.config seems to have helped a great deal
dr|z3d
interesting.
eyedeekay
Almost instantly, everything came back, peers started going up, that 60ish peer router is now climbing to around 100 in the past 3 minutes since I restarted, hopefully it keeps going up
eyedeekay
Might be a coincidence but it makes me wonder
dr|z3d
I was looking at graphs on one router, active peers and part tunnels started declining around 4am utc yesterday, slowly.
dr|z3d
restarting the affected router appears to have fixed things.
cumlord
ah that happened to one of mine yesterday, 80 peers, 20 floodfills, reseeded and it kept dropping
cumlord
Restarted reseeded and forced floodfill and it seemed ok
dr|z3d
I know i2pd uses gost encryption, but I'm seeing a lot of "Received Lease but can't send to it" recently. Safe to ignore?
dr|z3d
appaers mostly from one router, tIQaHP
zzz
in OCMOSJ? That would be a to a dest, not a router
dr|z3d
Yeah, one shot job.
zzz
I output a failure code, do you have that?
dr|z3d
the failure code has been translated, that's what you're seeing. "no remote leaseset".
dr|z3d
no remote leaseset and unsupported crypto.
zzz
those are two different codes
dr|z3d
yup
dr|z3d
they appear contuguously.
dr|z3d
a flurry of those logs at the same time.
zzz
you have the dest b32?
dr|z3d
maybe, I got somthing here just before those errors that looks super iffy.
dr|z3d
this line in the dbstore msg: Public Signing Key: SigningPublicKey EdDSA_SHA512_Ed25519 NIJCjK
zzz
canon logs the b32 and reason code in OCMOSJ
dr|z3d
yeah, not seeing a dest in those specific entries, just a dropped dbstore just before.
dr|z3d
and this -> NIJCjK leads me think they might be related?
zzz
dropped a LS store?
dr|z3d
if so: wscbuhh4mfilqsjg7b73rknv6d5wrlvxormb7z6yfftgcv4mvzlq.b32.i2p
dr|z3d
yeah, Ls2 drop.
zzz
that ls looks fine to me
zzz
tIQaHP =- wscb...
dr|z3d
yeah, I see it in my netdb.
dr|z3d
maybe I dropped a dupe.
zzz
it's a LS, not a RI
dr|z3d
yeah, I got that :)
dr|z3d
what I've also got is repeating log events telling me no remote leaseset, so I'm a bit confused.
zzz
maybe tweak the logging to investigate further
dr|z3d
yeah, ok, good idea, thx.
dr|z3d
in other news, ff count is right down here.
dr|z3d
until a couple of days ago it was stable at around 1K, now I see it between ~300-500
dr|z3d
I know there are a bunch of 2.5.1 ffs that I'm now blocking, but that shouldn't account for the decline in totality.
dr|z3d
I was setting the error code for unsupported crypto based on the comment in OCMOSJ. "// shouldn't happen unless unsupported encryption"
zzz
well if you're messing w/ error codes I can't help you ))
dr|z3d
:)
dr|z3d
adding the failure code just so I know if it correlates with the unsupported encryption thesis.
zzz
I have 1040-1180 ffs on my fleet
dr|z3d
are you running as ff on those?
zzz
no I don't run any ffs
dr|z3d
interesting.
dr|z3d
all the routes with declining ff count are ffs.
dr|z3d
*routers
zzz
two possiblities then, you're banning them or they're banning you
dr|z3d
yeah, will keep an eye on it, report back when I have more info to go on.
dr|z3d
totally unrelated, GeoIP.java, I'm now associating Macau with China as per Hong Kong, you might want to do the same.
dr|z3d
static {
dr|z3d
// To block additional countries b,c,d when blocking country a,
dr|z3d
// put the list a,b,c,d for country a.
dr|z3d
_associatedCountries = new HashMap<String, List<String>>(3);
dr|z3d
List<String> c = new ArrayList<String>(3);
dr|z3d
c.add("cn");
dr|z3d
c.add("hk");
dr|z3d
c.add("mo");
dr|z3d
_associatedCountries.put("cn", c);
dr|z3d
_associatedCountries.put("hk", c);
dr|z3d
_associatedCountries.put("mo", c);
dr|z3d
}
zzz
is this based on research into macao?
dr|z3d
Macau is a Chinese territory.
zzz
any more research than that? ))
dr|z3d
Tibet also looks like a likely candidate for association.
dr|z3d
only one problem with Tibet, it doesn't have its own country code.
snex
as you can probably guess by how long it took me to get back onto irc, the dev build has not solved the issue
snex
peers at 36
dr|z3d
welcome back!
dr|z3d
eyedeekay reported a similar issue on canon, he created a new router id which he said fixed his issue.
snex
this may be a totally unrelated coincidence, but this only seemed to start happening after my internet went out for a little bit and when it came back my IP was different
snex
how would i do that?
dr|z3d
add router.rebuildKeys=true to your router.config and then restart.
snex
and this wont affect my eepsites?
dr|z3d
you'll come back up with a new router id.
dr|z3d
no, won't affect your eepsite, just your router id.
snex
ok ill try later after work
snex
things seem to be working right now, torrents are up, sites load. but that peer count is still low
dr|z3d
yeah, I'm seeing some weirdness here on some routers, so you're not alone.
dr|z3d
snex: also seeing what can be improved/relaxed in the dev builds, so keep an eye on those.
Irc2PGuest66955
did we ever figure out why i2p+ supports so many fewer tunnels than i2pd?
dr|z3d
no throttling on i2pd, mesh.
Irc2PGuest66955
dr|z3d: the difference is so dramatic tho. i2pd can support 10-20,000 tunnels, while i2p+ struggles to get above 5k
dr|z3d
it doesn't struggle.
dr|z3d
it's both throttling and being more selective about what it transits. different.
Irc2PGuest66955
dr|z3d: is that... good? Is it silly paying for all these overpowered flood fills if i2p+ isn't going to leverage all the bandwidth and hardware?
dr|z3d
depends on your definition of good.
dr|z3d
i2p also throttles, because without throttling some routers will consume all available bandwidth given half a chance.
dr|z3d
and there are potentially routers out there that are running with the sole purpose of exhausting network resources. so you define good.
Irc2PGuest66955
dr|z3d: is there a way to increase the limits? Or is i2pd just a better fit for these sorts of nodes? I mean I would be happy with i2p consuming 80% of bandwidth. The only reason I pay for these servers is to contribute to the network and learn
dr|z3d
you can turn off throttling if that's what you want. see the advanced settings section in /help
Irc2PGuest66955
interesting
Irc2PGuest66955
router.enableTransitThrottle ?
Irc2PGuest66955
if I disable throttling will i2p+ still enforce bandwidth limits?
dr|z3d
it will.
Irc2PGuest66955
thanks. let me do some experiments with this setting then.
dr|z3d
that setting's largely untested, so let me know how you get on with it.
Irc2PGuest66955
dr|z3d: does i2p+ not have the built in bandwidth test btw?
dr|z3d
it does.
dr|z3d
try /wizard
Irc2PGuest66955
ok here goes nothing. disabling throttling across i2p+ routers. hopefully nobody dies
Irc2PGuest66955
dr|z3d: you know removing throttling seems to have really improved performance?
dr|z3d
no I don't know that. how would I know that?
Irc2PGuest66955
dr|z3d: I guess it's sort of an unexpected result
Irc2PGuest66955
but I am seeing less cpu load, less ram usage, but more transit
dr|z3d
if you're happier, great.
dr|z3d
give it time to bake in.
Irc2PGuest66955
yeah I may have spoken too soon about less cpu load
Irc2PGuest66955
but these boxes aren't really doing anything but i2p so that's the point