#dev (ilita) | Обсуждение разработки I2Pd | i2pd development discussion | http://i2pd.website/

ViktorShahter largo, создаёшь блок в tunnels.conf, ставишь type = server. Хост и порт это, собственно, тот локальный адрес и порт, на который ты хочешь попадать удалённо. При этом укажи ещё inport - порт что будет указывать удалённый клиент.

ViktorShahter В твойм случае host = 10.1.1.21. Только ключи не забудь указать чтобы адрес был всегда один.

largo Про ключи не понял. где взять?

largo Что-то не вижу что бы где-то поднялся эот inport и попытки подключиться к стриму чреез mplayer приводят к сообщению, что такой хост не обнаружен. То бишь ДНС не резолвит, хотя тут апишников нет, непонятно чо резолвить

orignal VLC по UDP?

orignal там все сложнее

zzz Does not decrypt as Session Request, attempt to decrypt as Token Request/Peer Test: Handshake header destID -4258379545499944410 pkt num 3243896805 type 187 version 191 netID 251 srcID 1785734510980643824 token 3358563715595154636 key T6M~VIDuSjoZ8AOSVJwO8G~3TXwu5OCw5356Oj~6rmw=

zzz is the destID right? that's the first 8 bytes, need to verify that first

orignal I use 8 random bytes

orignal for it

orignal should I do it differently?

zzz random is correct, but need to verify what you put in there before encryption

zzz once we confirm that we can look at the rest of the header

orignal let me print out

zzz you're sending a session request, right?

orignal yes

orignal let's do it

zzz print out big endian ofc

orignal let me check someting first

zzz print out big endian ofc

zzz the packet was 93 bytes (not including IP/UDP headers) which sounds about right. min size is 88

orignal yes it was 93

orignal be back in 10 minutes

orignal I have changed it it 1 and sent at 9:23. should we 106 bytes

zzz Handshake header destID -3849060384246460879 pkt num 1466189687 type 38 version 59 netID 199 srcID -8318608071136251158 token -4826061853381708388 key 738jyF5wQMKLIfUS7wHKUqEyIEGMrn7qsudhIcXGWDg=

orignal so it's defintyl not 1

orignal size is right?

zzz yes

zzz what do you mean not 1?

orignal destid

orignal I set it to 1

zzz oh, ok

orignal let's investigate deeper

zzz yeah I'm looking at your code

orignal first nonce is from 106-24 and second is 106-12. right?

orignal so there are only two things

orignal either intro key or nonce

zzz this is wrong but that's for the next message, not the problem right now:

zzz m_NoiseState->MixHash (payload, 24); // h = SHA256(h || 24 byte encrypted payload from Session Request) for SessionCreated

zzz that's the error in the spec, it's the full payload, not 24 bytes

zzz you're using my 32 byte intro key GrQCg6lOyqL9xrjJBY-1sob~jifxg-fFhdp-~HDLJo4= right?

zzz yes the nonce offsets are correct

orignal let me correct then

orignal I see the problem

orignal I use key as i

orignal and you have them different

orignal btw, why?

zzz SSU 1 vs SSU 2 you mean?

orignal in your RI

orignal you have both i and key in your SSU address

zzz one is AES and one is ChaCha; general principle, don't use the same key for two different cryptos

orignal no problem

orignal will fix it

ganimed Hey guys, where to read about router caps (shown in console in hidden area)? I mean what do they mean, in what source file do they defined?..

orignal RouterInfo.h

ganimed thx

zzz ganimed, see also i2p-projekt.i2p/en/docs/how/network-database

ganimed thx x2

zzz :)

orignal ganimed мгимо?))

ganimed не

orignal ну как не? в одной фразе 3 ошибки как в том анекдоте ))

ganimed Пф, меня понимают и ладно

ganimed Да и пагубное влияние нейтив-спикеров дает о себе знать

orignal ну так zzz тот самый нейтив спикер

ganimed Ну так я обычно не сним общась, а с самыми обычнми ребятами из асашай, которые филфаков явно не кончали

orignal асашай это что?

ganimed США

ganimed В произношении Бората

orignal а причем тут филфак?

ganimed А при том, что грамматика - вещь довольно условная и ее правила соблюдаются далеко не всеми, особенно в живом общении, в чатах. Отсюда и нестрогое следование строгим правилам :)

orignal конечно условная. ее никто не знает все просто употребляют автоматически

orignal ладно вернемся к нашим баранам

ganimed А что там с баранами?..

orignal бараны которые SSU2

orignal zzz, at 10:31:35 of 100 bytes

orignal wow seem I got reply from you

orignal can you confirm?

zzz yup, well done, stand by

orignal SSU2: Unexpected message type 128

orignal but we know why

orignal because KDF

orignal whatever let me investigate that part

zzz Invalid token 6705875313099848879 in session request

zzz I sent you a Retry

zzz not a Session Confirmed

zzz * not a Session Created

orignal so what is corect token in SessionRequest?

orignal you said I should send non-zero

zzz that would work in my test code; but in the live net, I'm enforcing tokens

orignal what is the code for retry? 128?

zzz 10?

orignal if I see 128 it's wrong anyway

zzz 9

orignal so what do I put into token field? zero?

zzz header key 2 is different for Session Created and Retry, so if it's not Session Created you have to re-decrypt the header

orignal got it

orignal but what key do you use for retry?

zzz retry is bob's intro key for both k1 and k2

orignal I see

zzz if you don't have a token, send a token request instead of a session request, because you don't need to do DH

zzz if you think you have a token that's not expired, send a session request, but you may still get back a retry

orignal so I shoul start with token request?

zzz the retry has the token you'll use for your second attempt

orignal is it per endpoint?

zzz I can't remember if it's per-router or per-IP

orignal please let me know

zzz maybe haven't thought that issue fully

orignal I will add this code

orignal are you able to decrypt my payload or you haven't reached that point?

zzz if the token is invalid, I don't bother to decrypt the payload

zzz to not waste DH / CPU on possible attacks

orignal fine

orignal let me implement tokens first then

zzz so, I store saved outbound tokens by router hash, and saved inbound tokens by IP/port. That doesn't sound right :)

zzz I'll need to research and see what QUIC does

orignal does it mean tokens are the same between addresses

orignal e.g. if I have a token for ipv4 I can reuse it for ipv6

zzz good questions, needs research and thinking

zzz the problem is, when you get an inbound token, all you know is the source ip/port... do you accept it from anywhere, or only from the ip/port you sent it to before

orignal then use endpoint

orignal not router

zzz yeah QUIC was worried about attacks where an on-path observer sees the token and then uses it himself

zzz I think you're right but I'll have to research and report back

orignal let me do it per endpoint for now

zzz it also means you'd have to clear all your saved outbound tokens if your ip changes

orignal yes, I should

orignal same of inbound

orignal because other side knows me by IP

zzz there's really two kinds of tokens:

zzz 1) when you get one in a Retry, you just use it right away, no storage, no issues about router vs. endpoint

zzz 2) when you get one in a New Token Block, that's to be saved for later, for the next time you connect

zzz for now, just worry about 1). The router vs. endpoint issue is for 2)

orignal yes I know

orignal but what if I'm Bob?

orignal I also need to store token I assign to Alices

zzz if I'm bob I just keep the "inbound establish state" open, with the token I sent, because the next message will come in on the same Dest Conn ID

zzz so I don't "store" the token in a central place

orignal agree

orignal zzz, when we send new SesionRequest as reply to Retry do we increase seqn?

orignal sorry, packet number

orignal or at least should it different?

zzz use random pkt num in Session Request and Session Created.

orignal but it must be new

zzz Session Confirmed pkt num is always 0 because it must be acked

orignal I mean SessionRequest

zzz doesn't matter in session request

orignal shoudl I generate new one or use from original request

zzz it's ignored

orignal how about nonce for chacha ?

zzz yes, use it as the nonce

orignal I mean not for payload

orignal but for long header

zzz looking...

zzz you mean for retry and token request?

orignal for next SessionRequest after retry

zzz looking...

orignal when I encrypt long header and X

zzz so the question is, what's the packet number in the 2nd Session Request?

orignal I send SessionRequest with 0, then I receive Retry, I send SessionRequest with 1

orignal but this is for payload, e.g. AEAD/Chacha/Poly

orignal but there is another chacha

orignal I'm asking about it

zzz the Noise chacha is basically "start over", because the header is different so it will be a different mixHash().

zzz so you'll use n=0 again

orignal so it's always 0 for chacha

zzz correct

orignal and sequence number for payload

orignal right?

zzz the packet number in the header?

orignal no, first is 0, second is 1 etc.

zzz I'm not sure what sequence number you mean?

orignal anyway as I understand you right we always use 0 for nonce

zzz yes, that's standard Noise

orignal until handashke finishes

orignal and when I get Retry I reset noise

zzz there's a n=1 in the Session confirmed (standard XK)

orignal that part I undertand

zzz yes, you can reset noise. I guess you could reuse the ephemeral key if you wanted?

zzz but you have to reset because you have to redo the mixhash() of the header

orignal thanks. it's clear now

zzz :)

orignal will try again tonight

zzz most of the time this won't happen, because you'll send a token request instead

zzz so we don't "waste" a DH

orignal race condition

orignal or restart

zzz right

orignal I believe you still know my token but you don't

zzz right

zzz but hopefully, 99% of time no reset required

orignal how do you prevent ping-pong?

orignal I send SessionRequest you don't like and send Retry

orignal I send again and you don't like again

zzz then it fails. Never send two Retry

zzz and don't retransmit Retry

orignal good

orignal will do the same

zzz one other thing: put an address block in Session Request, Session Created, and Token Request payloads.

zzz that's to duplicate the "what is my ip/port?" feature of SSU 1

orignal SessionRequest? What for?

zzz also Retry

orignal why do I need to put you address from your RI?

zzz because we use SSU for address discovery

orignal I'm confused

zzz but maybe not useful for Session Request?

zzz it was in SSU 1

orignal I don't understand what to put

zzz you put bob's address when sending to bob. alice's address when sending to alice

zzz to help peers that don't know what their IP/port is

orignal dont; see in SSU

orignal what's a point of Bob's address in SessionRequest

orignal since I take it from Bob's RI

zzz it's in SSU 1 so I added it to SSU 2

zzz will have to research more

orignal where in SSU1

orignal no IP/port in SessionRequest

zzz Message format:

zzz +----+----+----+----+----+----+----+----+

zzz | X, as calculated from DH |

zzz ~ . . . ~

zzz | |

zzz +----+----+----+----+----+----+----+----+

orignal or yes I see

zzz |size| that many byte IP address (4-16) |

zzz +----+----+----+----+----+----+----+----+

zzz | arbitrary amount of uninterpreted data|

zzz ~ . . . ~

orignal idk why it's there

orignal doesn't make sense at all

zzz right now I will fail without it; ofc can be changed

orignal it was not specs

orignal only DateTime is required

orignal let's discuss tommorow

orignal probabry jrandom had something else in mind

zzz it might be part of what is signed in the 3rd message

zzz oh, you're right, the spec only requires it in session created

orignal we do it differently anyway

orignal ofc it must be in SessionCreated

zzz agreed, makes sense there

orignal because we tell Alice her actual IP

zzz so also in Retry

orignal yes

zzz good stuff, you're asking very smart questions

orignal I don't even decrypt Retry pyload for now ))

orignal *** afk ***

zzz yeah, probably fine, except for some possible injection attacks

R4SAS orignal: github.com/PurpleI2P/i2pd/pull/1745

R4SAS на неилитном, канал #i2pd

zzz correction, I do NOT send or require Address Block in Session Request

R4SAS там чувак попал на ту хрень с окончанием дескрипторов и у него отожрало 70 гигов логами

R4SAS с ошибкой

R4SAS так что в том PR предложение от него

orignal R4SAS нет не надо

R4SAS попросил его там зайти на i2pd-dev

R4SAS чего не надо?

orignal зеабали уже с этой идеей

R4SAS ну а чего делать предлагаешь?

R4SAS если нет возможности поднять лимит например

orignal там проблема что дескрипторы не только сокеты но и таймера

orignal пока ничего

orignal закрывать на хуй

R4SAS ну сам прокоментируй и закрой

R4SAS я ему перешлю

uis Таймеров много?

uis Я понять не могу, зачем делать фрагментацию SessionConfirmed, если IP уже может фрагментировать?

acetone orignal: добрее надо быть и люди потянутся)))

F5NAS acetone, ага)

orignal R4SAS пусть число транзитных тоннелей ограничивает

orignal uis что в mtu вписаться

orignal acetone, а?

orignal zzz, I have sent SessionRequest at 15:29:54

orignal then I have recveive Retry

orignal then send another SessionRequest and no response

orignal first was 93 bytes, second was 96 bytes

uis Впишется в два ip пакета

uis Так таймеров много?

orignal на каждую SSU сессию

orignal ну сделано было так давным давно

orignal в SSU2 разумеется будет сделано иначе

uis И на каждый таймер по файловому дескриптору? Ну и костыли!

` uis, чота не нраица7 Чемодан. Клирнет. Тор! Шутка, шутка.

uis SSU1 после реализации SSU2 больше не нужен?

zzz orignal,

zzz Bad Source Conn id Handshake header destID 3187227616902313146 pkt num 0 type 0 version 2 netID 2 srcID -5041392407515611427 token 8611805434283770328 key 7g8fcxEaO-nwjsvepvktw55vXS0-PSIoYFLMXWA-BWc= on IES2

zzz did you same the same source ID the 2nd time?

orignal yes

orignal should I use new one?

orignal uis ну я тогда не задумывался как в бусте таймера реализованы

orignal а оказалось через дескрипторы

zzz no

zzz somehow I got a mismatch

zzz the dest conn ID matched. the source conn ID did not

zzz I didn't log what I got the first time though

orignal let me check

zzz actually the source conn id check was first

zzz I don't know if the dest conn id matched

orignal but they shoulc match, right?

orignal will fix

zzz they both should be the same as the first time

zzz ok, you found the problem?

orignal yes

orignal I though they must be different

orignal assuming we reset a session completely

zzz not that completely )))

zzz baby steps

orignal will fix

zzz note that the header decrypted correctly: pkt num 0 type 0 version 2 netID 2

orignal yes I saw it

legit-anon this isnt exactly dev related but...

legit-anon Deathbox MINECRAFT server hosted over i2p! learn to join here! ggdh6tgsenlz47zlmso52zbwl5cbc7z4qa66zthqaiv4fsbcf7fa.b32.i2p:2000

` MINECRA-A-A-A-A-A-A-A-AFT IS MY LIFE!

legit-anon lol

legit-anon feel free to join

` maybe minetest i will try.

` maybe.

orignal zzz, got something back after second SessionRequest

orignal of 120 bytes

orignal failed to decrypt but let me investigate

zzz Invalid token 0 in session request

zzz Got session request after retry

zzz Retransmit created

orignal why retransmit?

orignal what was that 120 bytes?

zzz because I never got back a session confirmed

zzz looking...

orignal you don't

orignal because it's not implemented yet ))

uis Some time ago there was another minecraft_is_my_life server

orignal my question is if you like my SessionRequest

legit-anon ?

zzz looking...

legit-anon tunnels might take a sec

zzz State after sess req: XK-SSU2 Handshake State:

zzz Symmetric State:

zzz ck: IAYKo664~0c75LKGdiZs0OTiVLusvXsWkKq9lc1iVlw=

zzz h: o-Hrp2f4AnPpaDViTnGjLC-N6s6aO~2tSYUMeWGV9Lw=

zzz Cipher State:

zzz nonce: 1

zzz poly key: p6MdZOVfh9zvL0M5mBGta~cmHwoGwnUTVA4xqx2hTg8=

zzz Local static public key (s) : O7EzKQpOIQffYq5jX4ZmeyYXncw2Zou3ad60Kgx1cD4=

zzz Remote static public key (rs) : null

zzz Local ephemeral public key (e) : null

zzz Remote ephemeral public key (re) : IPT7seztmjp8y3tqAoOzEFpp8xfFXDx65X6ya0oGvxk=

zzz 03-20 21:55:33.958 DEBUG [ handler 1/1] ort.udp.InboundEstablishState2: Processed 2 blocks

zzz all looks good :)

orignal finally

orignal and that 120 bytes was SessionCreated

zzz and thankfully, no Noise problems so far

orignal great

legit-anon cool

legit-anon is zzz a bot?

orignal zzz is main I2P dev

zzz I didn't log the size, but it sounds right. 88 bytes minimum

orignal if you didn't know it ))

orignal will fxi SessionCreated and implement SessionConfirmed

zzz hello legit-anon, not a bot

legit-anon ah

zzz congrats orignal, lots of hard work to get here

orignal legit-anon we is process of development SSU2

orignal yes, you too

orignal most of stuff is successive

orignal will continue tonight

legit-anon ok

orignal have to run now

zzz good night

uis_ Вместо четырёх байтов на время использовать четыре байта на номер файлового дескриптора и ещё как минимум 4 килобайта(или какой стоит размер страницы) для дескриптора ядром. Память эффективно используется)))

` [Алёша] Да уймись ты наконец (с)Где-то-слыша

` л

` Показалось забавным.

ViktorShahter А уже есть какие-то тестовые сборки с SSU2 или пока всё закрыто от простых смертных?

uis_ Он толком не работает, какие тестовые сборки?

ViktorShahter uis, тем не менее, старые версии i2pd крашатся именно из-за появления в базе роутеров с SSU2. Значит что-то сырое уже есть.

` ViktorShahter, товарищ прапорщик, не палились бы так.

` Интересуется тут как сеть положить..

R4SAS так это давно известно