.merges

.merge+ 7175 7176

Added

v0.17.1.7 is being killed due to OOM after running several hours. Is it a known issue? Never seen this in previous version.

ziyzhou[m]: do you run a public rpc node?

also how much RAM does your system have?

.network

I wrote in monero but i think it fits here too: I'm spinning another node and i used --add-priority-node to point to another node of mine which is fully synced and doesn't have problems (at least afaict).

The problem is that this node gets automatically banned by my syncing node. It's the only node that it's getting banned as far as i can see.

Ok. Right now my node blocked another node too

ErCiccione[m]: are both nodes on the same network?

hmm, can you run with --log-level 1 and check what they are getting banned for exactly?

same network -> yes. I started to sync with add-exclusive-node pointing at the same node.

sure

alright, let's see if i catch it

Will you HODL Monero or dump it for Tari when it comes out?

selsta: yes, public node, 2G RAM.

ziyzhou[m]: 2GB might be not enough for a public rpc node, a regular node should be fine with 2GB RAM

also there currently seems to be some DoS attack against public rpc nodes which can cause higher CPU usage

v0.17.1.8 should have mitigations against the current DoS attack

ok

.merge+ 7172

Added

¯\_(ツ)_/¯ no more bans

I got the gui and CLI wallets compiled and running on the Raspberry PI 4 (64 bit) by disabling hardware AES. Any drawbacks (besides slow mining) that I should be aware of?

None that I can think of.

Note thatn you do a little bit of that mining when verifying txes.

at the impressive rate of 40 hash/sec

moneromooo: good to know thanks!

What's the best way to get involved with development?

You could look at github issues and see if you like anything there.

Then discuss here or there.

The best way to get into a project is to see something that annoys you and fix it.

Though of course it has to not go agianst the project's goals. Like, for an extreme example, say you're annoyed you can't see amounts on a block explorer, you don't get to fix it :)

Or you could list what you're good at, what you like doing, and people here might have ideas for you.

moneromooo: thanks! I'll take a look. C/C++, system stuff is my bg.

Expand on system ?

general OS unix/linux/kernel internals

Familiar with network ?

moneromooo: that too but more from a VOIP perspective (NAT/TURN) etc.

One longstanding thing we've been needing is someone who groks networks well to improve the DoS resistance of our net code.

sounds interesting. Do you have any bg info I can read on the issue?

I'm assuming this is beyond the blacklisting support added recently?

Hackerone entries I think.

do you have a link?

Yes, I'm thinking mostly of things like QoS, connection timeouts based on in/out traffic (ie, slowloris type of attacks), etc.

Hmm. The search thing on hackerone doesn't seem to work (or needs JS maybe).

Anyway, there wasn't much really IIRC.

so something like maintain an active table of existing connections and when something seems wonky have a real-time reaction (block, etc.) ?

We have a drop/block system. It's more about tuning detection of what looks wonky.

Like, for example, I have a connection timeout, and extend it for every byte received.

ok I see. better detectors

But it's crude, and I don't think it's actually effective.

So someone with network experience would already know what works, what doesn't, how to tune these things so false positives are minimized, etc.

Can you point me to the code that does that?

abstract_tcp_server2.inl mostly

Warning: this file has lots of random tabs in for some reason, so it looks bad.

sounds like a test suite of simulating a bunch of attacks could be useful. (Or maybe it already exists?)

It doesn't really.

ok sounds interesting. I've got the code checked out. I'll take a look later today when I have some time.

Cool, thanks :)

<coffeeroaster "ok sounds interesting. I've got "> Great to have someone new jumping in, welcome coffeeroaster :)

sethsimmons: thanks!

i was just thinking that a test suite of attacks and other such would be cool to have... to test code and also to test new nodes and such...

#6262 sounds like RNG running out of entropy

We'd get a stack trace stuck in handshake surely ?

Or some similar api.

high CPU usage do to tries to read 1 byte from RNG ?

due to tries

in non blocking mode

hm ture, should see it in handshake code yeah

true

is there any reason we don't have something like an rpc_clients <max number> command/setting in monerod?

Just that nobody added yet AFAIK.

I may take a look. setting ulimit on monerod interferes with DNSSEC lookups

seems it may be a way to DoS itself. if you set a low limit, you may no longer be able to issue commands to it

allow a whitelist that bypasses the limit, add localhost to the whitelist by default

looks like more work than I have time for right now, maybe someone else will be motivated to do it