Hello,
Here's an update to i2pd's latest version, released 2 weeks ago. This new
release contains mitigations for a novel and ongoing DDoS attack against the
I2P network.
The patch compiles and runs fine on amd64. On -current, it is very
straightforward, but I mainly tested it on -stable (patch also included for
those interested). Tunnel creation success rate is still not great, but better
than with the previous release (anyway this metric depends more on the overall
I2P network than one or two specific routers).
Best regards.
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/i2pd/Makefile,v
retrieving revision 1.23
diff -u -p -r1.23 Makefile
--- Makefile 16 Apr 2024 15:22:32 -0000 1.23
+++ Makefile 14 May 2024 13:33:04 -0000
@@ -2,7 +2,7 @@ COMMENT = client for the I2P anonymous n
GH_ACCOUNT = PurpleI2P
GH_PROJECT = i2pd
-GH_TAGNAME = 2.51.0
+GH_TAGNAME = 2.52.0
CATEGORIES = net
HOMEPAGE = https://i2pd.website
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/i2pd/distinfo,v
retrieving revision 1.18
diff -u -p -r1.18 distinfo
--- distinfo 16 Apr 2024 15:22:32 -0000 1.18
+++ distinfo 14 May 2024 13:33:04 -0000
@@ -1,2 +1,2 @@
-SHA256 (i2pd-2.51.0.tar.gz) = 1+T+LFw8AKkRXwYbeXvj0vyBuyW+3bIKY2risMkSzjE=
-SIZE (i2pd-2.51.0.tar.gz) = 670699
+SHA256 (i2pd-2.52.0.tar.gz) = 9fr6cAth0HkdN72O7gSRJYLqXj87HYDsM5vYFYowmVs=
+SIZE (i2pd-2.52.0.tar.gz) = 677023
Index: Makefile
===================================================================
RCS file: /cvs/ports/net/i2pd/Makefile,v
retrieving revision 1.22
diff -u -p -r1.22 Makefile
--- Makefile 13 Jan 2024 16:21:39 -0000 1.22
+++ Makefile 14 May 2024 14:40:43 -0000
@@ -2,7 +2,7 @@ COMMENT = client for the I2P anonymous n
GH_ACCOUNT = PurpleI2P
GH_PROJECT = i2pd
-GH_TAGNAME = 2.50.2
+GH_TAGNAME = 2.52.0
CATEGORIES = net
HOMEPAGE = https://i2pd.website
Index: distinfo
===================================================================
RCS file: /cvs/ports/net/i2pd/distinfo,v
retrieving revision 1.17
diff -u -p -r1.17 distinfo
--- distinfo 13 Jan 2024 16:21:39 -0000 1.17
+++ distinfo 14 May 2024 14:40:43 -0000
@@ -1,2 +1,2 @@
-SHA256 (i2pd-2.50.2.tar.gz) = ri7Ecyw4/acbS0jOg2JN2LLgUIPyyUoD0gyvthb2PKU=
-SIZE (i2pd-2.50.2.tar.gz) = 663010
+SHA256 (i2pd-2.52.0.tar.gz) = 9fr6cAth0HkdN72O7gSRJYLqXj87HYDsM5vYFYowmVs=
+SIZE (i2pd-2.52.0.tar.gz) = 677023
Index: pkg/PLIST
===================================================================
RCS file: /cvs/ports/net/i2pd/pkg/PLIST,v
retrieving revision 1.12
diff -u -p -r1.12 PLIST
--- pkg/PLIST 20 Dec 2023 22:19:44 -0000 1.12
+++ pkg/PLIST 14 May 2024 14:40:43 -0000
@@ -50,6 +50,7 @@ include/i2pd/SSU2.h
include/i2pd/SSU2Session.h
include/i2pd/Signature.h
include/i2pd/Siphash.h
+include/i2pd/Socks5.h
include/i2pd/Streaming.h
include/i2pd/Tag.h
include/i2pd/Timestamp.h
@@ -131,6 +132,12 @@ share/examples/i2pd/certificates/reseed/
@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/acetone_at_mail.i2p.crt
@owner
@group
+share/examples/i2pd/certificates/reseed/admin_at_stormycloud.org.crt
+@owner _i2pd
+@group _i2pd
+@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/admin_at_stormycloud.org.crt
+@owner
+@group
share/examples/i2pd/certificates/reseed/arnavbhatt288_at_mail.i2p.crt
@owner _i2pd
@group _i2pd
@@ -191,12 +198,6 @@ share/examples/i2pd/certificates/reseed/
@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/ls_at_mail.i2p.crt
@owner
@group
-share/examples/i2pd/certificates/reseed/null_at_i2pmail.org.crt
-@owner _i2pd
-@group _i2pd
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/null_at_i2pmail.org.crt
-@owner
-@group
share/examples/i2pd/certificates/reseed/orignal_at_mail.i2p.crt
@owner _i2pd
@group _i2pd
@@ -215,12 +216,6 @@ share/examples/i2pd/certificates/reseed/
@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/rambler_at_mail.i2p.crt
@owner
@group
-share/examples/i2pd/certificates/reseed/reheatedburger_at_protonmail.com.crt
-@owner _i2pd
-@group _i2pd
-@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/reheatedburger_at_protonmail.com.crt
-@owner
-@group
share/examples/i2pd/certificates/reseed/reseed_at_diva.exchange.crt
@owner _i2pd
@group _i2pd
@@ -237,3 +232,7 @@ share/examples/i2pd/tunnels.conf
@owner _i2pd
@group _i2pd
@sample ${SYSCONFDIR}/i2pd/tunnels.conf
+@owner
+@group
+share/examples/login.conf.d/i2pd
+@sample ${SYSCONFDIR}/login.conf.d/i2pd
Index: pkg/README
===================================================================
RCS file: /cvs/ports/net/i2pd/pkg/README,v
retrieving revision 1.3
diff -u -p -r1.3 README
--- pkg/README 8 Nov 2022 12:41:42 -0000 1.3
+++ pkg/README 14 May 2024 14:40:43 -0000
@@ -5,20 +5,22 @@
Resource Limits: File Descriptors
=================================
-By default, the i2pd process runs in the login(1) class of "daemon".
-The default limits on file descriptors are insufficient to run i2pd; instead you
-should put the _i2pd user and process in their own login(1) class with tuned
-resources.
-You should also raise the system-wide maxfiles limit.
-
-1. Configure i2pd login class in the login.conf(5) file:
-
- i2pd:\
- :openfiles-cur=8192:\
- :openfiles-max=8192:\
- :tc=daemon:
+${PKGSTEM} needs to open a lot of file descriptors.
-2. Adjust kern.maxfiles, if needed:
+For a regular node, you should raise the system-wide maxfiles limit to
+8192:
+
+ # sysctl kern.maxfiles=8192
+ # echo "kern.maxfiles=8192" >> /etc/sysctl.conf
+
+If you intend to run a floodfill, you should raise this limit even more:
# sysctl kern.maxfiles=16000
# echo "kern.maxfiles=16000" >> /etc/sysctl.conf
+
+and also edit /etc/login.conf.d/i2pd:
+
+ i2pd:\
+ :openfiles-cur=8192:\
+ :openfiles-max=8192:\
+ :tc=daemon:
Index: pkg/i2pd.login
===================================================================
RCS file: pkg/i2pd.login
diff -N pkg/i2pd.login
--- /dev/null 1 Jan 1970 00:00:00 -0000
+++ pkg/i2pd.login 14 May 2024 14:40:43 -0000
@@ -0,0 +1,4 @@
+i2pd:\
+ :openfiles-cur=4096:\
+ :openfiles-max=4096:\
+ :tc=daemon: