IRCaBot 2.1.0
GPLv3 © acetone, 2021-2022
#ls2
/2022/06/22
@eyedeekay
+R4SAS
+RN
+RN_
+T3s|4
+Xeha
+not_bob
+orignal
FreeRider
Irc2PGuest75862
Onn4l7h
Onn4|7h
T3s|4_
aargh3
acetone_
anon4
cancername
eyedeekay_bnc
profetikla
shiver_1
u5657
weko_
x74a6
zzz wb zlatinb
zlatinb good to be back :)
zzz how was it?
zlatinb well Lisbon is great, Monerokon was very casual
zlatinb by that I mean everyone smoked everything all the time everywhere
zzz nice
zlatinb but we did the presentations and had an interview with the monero talk podcast
zzz missed it all
zlatinb some people brought up Kovri so we had to be very diplomatic about it
zzz those people have long memories
zzz was the diva guy there or just the students?
zlatinb yes diva.exchange guy was there + 1 one of the students
zlatinb we should hear once the podcast is out I'm sure
zzz the diva guy seems solid but their blockchain stuff is a little fuzzy to me. Did you get a better handle on what they're up to and how to work together?
zlatinb the trust-less swaps are a bit fuzzy to me too; I think they just use I2P as a transport layer
zzz but they also have a sam lib, a reseed, a i2pd fork, sponsor research, ... so they're in pretty deep
zlatinb regarding the attack they presented I expect somone to propose making the default tunnel length variable between 3 and 4 as that practically defeats their colluding tunnel participants attack
zzz havent studied the slides yet
zzz now I wish I wasn't so lazy and had gone to the monerocon in miami a couple months back
zlatinb none of the developers we worked with on i2p-zero were in Lisbon so that was pity
zlatinb but people knew them
zzz yeah they were at the miami one
zzz I know idk made it because I was talking to him about the android issues
zzz we may need a postmortem
orignal zzz, let's come back to our sheeps
orignal can Alice request ipv6 peer test over ipv4 session with Bob?
zzz baaa?
orignal you don't know this famous phrase?
orignal no to which question?
zzz not famous here :)
orignal so can Alice do it?
zzz looking...
orignal even if her ipv6 doesn't work at all
orignal she only believes she has an ipv6 address
orignal zlatinb what did they say that i2pd is actually "russian" project?
zlatinb we were careful to say "developed by Russian expats"
zzz ok, here's the SSU 1 documentation about it:
zzz Alice sends the request to Bob using an existing session over the transport (IPv4 or IPv6) that she wishes to test. When Bob receives a request from Alice via IPv4, Bob must select a Charlie that advertises an IPv4 address. When Bob receives a request from Alice via IPv6, Bob must select a Charlie that advertises an IPv6 address. The actual Bob-Charlie communication may be via IPv4 or IPv6 (i.e., independent of Alice's
zzz address type).
zzz so the answer for SSU 1 is no
orignal expats?
orignal what does it mean?
orignal zzz ofc I'm asking about SSU2
zlatinb expat == someone who does not live in their home country afaik
zzz ex-patriots, i.e. emigrants
orignal I don't care about SSU1
orignal I know what word expat means
zzz I know, but that's how I get to the answer
orignal but most people live in Russia
zlatinb didn't know that
zzz so, since we don't say anything different in prop. 159, the answer for SSU 2 is also no, at least right now
orignal R4SAS, acetone, polistern
orignal zzz, my point is how to iterpret msg 4
zzz please explain
orignal if we allow ipv6 test over ipv4 msg 4 means nothing
orignal it even doesn't say if ipv6 for Alice works
orignal only msg 5 matters
orignal I'm working on the code for network status upon receieving messages
zzz you may not get 5 OR 7, only 4. Then you are totally blocked for inbound
orignal if I understand msg 5 means we are reachable
orignal 6 and 7 is test for symmertric NA
zzz right
zzz that's why 4 is important
orignal ofc it's important for msg 6
orignal but msg 4 doesn't change state
zzz not right away, but you set a timer to change state after getting 4
orignal in SSU1 I change state to Firewalled when receive 4 and change back to OK when receive 5
orignal ofc it's done more complicated
zzz because you may ever get 5
orignal my point is
orignal if I receive 4 in SSU1 and not 5
orignal I set status to Firewalled
zzz that sounds right
orignal if I don't receive even 4 it means testing failed
zzz yup
zzz so back to the original question
zzz can alice request v6 test over v4 connection to bob, or vice versa?
zzz I don't think it's necessary to support that
zzz if alice can't make a single outbound connection on v6, why does it need to be tested?
orignal I can tell you why
zzz or think of making the connection as the first part of the test
zzz please tell ))
orignal Alice needs ipv6 test but has ipv4 sessions only
orignal not worth to establish one more session just for test
orignal same logic as relay request
zzz I would say, at startup, prioritize a mix of v4 and v6 connections so you can run tests
orignal yes, that's fine
orignal but in long term run
zzz the other thing is, until you make an outbound connection and get an address block back, you may not "know" your IP address to send in a test request
orignal assume I have an ipv6 SSU2 session before
zzz so the process is:
zzz 1) make an outbound connection to discover your address
orignal hence I know my IP or I think I know
zzz 2) make a peer test request to test it
orignal 3. make a new peer test request after 1 hour
orignal and I don't have SSU2 ipv6 sessions anymore
orignal for whatever reason
zzz yeah the other thing is security. Bob can do checks that Alice is asking for a test for her IP, not any random IP
orignal at start yes you should create all new session to discover your IP
orignal Bob always has Alice's RI
orignal furtrhermore he has to send it for Charlie
orignal zlatinb I have heard that EU consider as Russian anybody who even born in RSFSR
zzz yeah but bob is the first line of defense that the IP isn't garbage
orignal and what code do we send if address is wrong?
zzz dunno, we could add one if you want
zzz alice's RI may not have the address in it if firewalled
zzz I think mixed v4/v6 would be much less secure than SSU 1, and we're trying to be more secure
zzz you want to add code 5 "unsupported address" ?
orignal probably
zzz ok, will do
orignal if Alice's RI doesn't have an address Bob still knows her endpoint
orignal should we also check it?
zzz bob should do some checking. I don't know what I do now
orignal that's why I'm asking what I shpuld do being Bob
zzz looking...
zzz right now I don't do any checking, because it's copied from SSU 1 where there is no ip/port in msg 1
zzz my standard checks, which I should do here, are:
zzz if (!TransportUtil.isValidPort(fromPort) ||
zzz (!_transport.isValid(fromIP)) ||
zzz _transport.isTooClose(fromIP) ||
zzz _context.blocklist().isBlocklisted(fromIP)) {
zzz and additional checks:
zzz same address type v4/v6
zzz check that the IP is the same or "close to" the session IP ?
orignal let's check it and add rejection code
orignal so you do have this phrase
dr|z3d no one says that, orignal *chuckle*
dr|z3d probably the closest thing, though not quite so euphemistic, would be "let's get back to the topic at hand" or similar.
orignal but we say it in Russian all the time
orignal zzz, I see strange thing
orignal I see you connected to 2RRY but don't see ih in your RI
orignal although I have re-requested it
orignal zzz, can ypu check you RelayResponse ?
orignal I receive messages SSU2: Block type 0 of size 17305
orignal from Java routers
orignal in response to RelayRequest
orignal I also see a bug on my side for Bob