From: openbsd@systemfailure.net Subject: net/i2pd-2.52.0 To: ports@openbsd.org Cc: Solène Rapenne ,Stuart Henderson Date: Sat, 25 May 2024 20:44:41 +0000 Hello, Here's an update to i2pd's latest version, released 2 weeks ago. This new release contains mitigations for a novel and ongoing DDoS attack against the I2P network. The patch compiles and runs fine on amd64. On -current, it is very straightforward, but I mainly tested it on -stable (patch also included for those interested). Tunnel creation success rate is still not great, but better than with the previous release (anyway this metric depends more on the overall I2P network than one or two specific routers). Best regards. Index: Makefile =================================================================== RCS file: /cvs/ports/net/i2pd/Makefile,v retrieving revision 1.23 diff -u -p -r1.23 Makefile --- Makefile 16 Apr 2024 15:22:32 -0000 1.23 +++ Makefile 14 May 2024 13:33:04 -0000 @@ -2,7 +2,7 @@ COMMENT = client for the I2P anonymous n GH_ACCOUNT = PurpleI2P GH_PROJECT = i2pd -GH_TAGNAME = 2.51.0 +GH_TAGNAME = 2.52.0 CATEGORIES = net HOMEPAGE = https://i2pd.website Index: distinfo =================================================================== RCS file: /cvs/ports/net/i2pd/distinfo,v retrieving revision 1.18 diff -u -p -r1.18 distinfo --- distinfo 16 Apr 2024 15:22:32 -0000 1.18 +++ distinfo 14 May 2024 13:33:04 -0000 @@ -1,2 +1,2 @@ -SHA256 (i2pd-2.51.0.tar.gz) = 1+T+LFw8AKkRXwYbeXvj0vyBuyW+3bIKY2risMkSzjE= -SIZE (i2pd-2.51.0.tar.gz) = 670699 +SHA256 (i2pd-2.52.0.tar.gz) = 9fr6cAth0HkdN72O7gSRJYLqXj87HYDsM5vYFYowmVs= +SIZE (i2pd-2.52.0.tar.gz) = 677023 Index: Makefile =================================================================== RCS file: /cvs/ports/net/i2pd/Makefile,v retrieving revision 1.22 diff -u -p -r1.22 Makefile --- Makefile 13 Jan 2024 16:21:39 -0000 1.22 +++ Makefile 14 May 2024 14:40:43 -0000 @@ -2,7 +2,7 @@ COMMENT = client for the I2P anonymous n GH_ACCOUNT = PurpleI2P GH_PROJECT = i2pd -GH_TAGNAME = 2.50.2 +GH_TAGNAME = 2.52.0 CATEGORIES = net HOMEPAGE = https://i2pd.website Index: distinfo =================================================================== RCS file: /cvs/ports/net/i2pd/distinfo,v retrieving revision 1.17 diff -u -p -r1.17 distinfo --- distinfo 13 Jan 2024 16:21:39 -0000 1.17 +++ distinfo 14 May 2024 14:40:43 -0000 @@ -1,2 +1,2 @@ -SHA256 (i2pd-2.50.2.tar.gz) = ri7Ecyw4/acbS0jOg2JN2LLgUIPyyUoD0gyvthb2PKU= -SIZE (i2pd-2.50.2.tar.gz) = 663010 +SHA256 (i2pd-2.52.0.tar.gz) = 9fr6cAth0HkdN72O7gSRJYLqXj87HYDsM5vYFYowmVs= +SIZE (i2pd-2.52.0.tar.gz) = 677023 Index: pkg/PLIST =================================================================== RCS file: /cvs/ports/net/i2pd/pkg/PLIST,v retrieving revision 1.12 diff -u -p -r1.12 PLIST --- pkg/PLIST 20 Dec 2023 22:19:44 -0000 1.12 +++ pkg/PLIST 14 May 2024 14:40:43 -0000 @@ -50,6 +50,7 @@ include/i2pd/SSU2.h include/i2pd/SSU2Session.h include/i2pd/Signature.h include/i2pd/Siphash.h +include/i2pd/Socks5.h include/i2pd/Streaming.h include/i2pd/Tag.h include/i2pd/Timestamp.h @@ -131,6 +132,12 @@ share/examples/i2pd/certificates/reseed/ @sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/acetone_at_mail.i2p.crt @owner @group +share/examples/i2pd/certificates/reseed/admin_at_stormycloud.org.crt +@owner _i2pd +@group _i2pd +@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/admin_at_stormycloud.org.crt +@owner +@group share/examples/i2pd/certificates/reseed/arnavbhatt288_at_mail.i2p.crt @owner _i2pd @group _i2pd @@ -191,12 +198,6 @@ share/examples/i2pd/certificates/reseed/ @sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/ls_at_mail.i2p.crt @owner @group -share/examples/i2pd/certificates/reseed/null_at_i2pmail.org.crt -@owner _i2pd -@group _i2pd -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/null_at_i2pmail.org.crt -@owner -@group share/examples/i2pd/certificates/reseed/orignal_at_mail.i2p.crt @owner _i2pd @group _i2pd @@ -215,12 +216,6 @@ share/examples/i2pd/certificates/reseed/ @sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/rambler_at_mail.i2p.crt @owner @group -share/examples/i2pd/certificates/reseed/reheatedburger_at_protonmail.com.crt -@owner _i2pd -@group _i2pd -@sample ${LOCALSTATEDIR}/lib/i2pd/certificates/reseed/reheatedburger_at_protonmail.com.crt -@owner -@group share/examples/i2pd/certificates/reseed/reseed_at_diva.exchange.crt @owner _i2pd @group _i2pd @@ -237,3 +232,7 @@ share/examples/i2pd/tunnels.conf @owner _i2pd @group _i2pd @sample ${SYSCONFDIR}/i2pd/tunnels.conf +@owner +@group +share/examples/login.conf.d/i2pd +@sample ${SYSCONFDIR}/login.conf.d/i2pd Index: pkg/README =================================================================== RCS file: /cvs/ports/net/i2pd/pkg/README,v retrieving revision 1.3 diff -u -p -r1.3 README --- pkg/README 8 Nov 2022 12:41:42 -0000 1.3 +++ pkg/README 14 May 2024 14:40:43 -0000 @@ -5,20 +5,22 @@ Resource Limits: File Descriptors ================================= -By default, the i2pd process runs in the login(1) class of "daemon". -The default limits on file descriptors are insufficient to run i2pd; instead you -should put the _i2pd user and process in their own login(1) class with tuned -resources. -You should also raise the system-wide maxfiles limit. - -1. Configure i2pd login class in the login.conf(5) file: - - i2pd:\ - :openfiles-cur=8192:\ - :openfiles-max=8192:\ - :tc=daemon: +${PKGSTEM} needs to open a lot of file descriptors. -2. Adjust kern.maxfiles, if needed: +For a regular node, you should raise the system-wide maxfiles limit to +8192: + + # sysctl kern.maxfiles=8192 + # echo "kern.maxfiles=8192" >> /etc/sysctl.conf + +If you intend to run a floodfill, you should raise this limit even more: # sysctl kern.maxfiles=16000 # echo "kern.maxfiles=16000" >> /etc/sysctl.conf + +and also edit /etc/login.conf.d/i2pd: + + i2pd:\ + :openfiles-cur=8192:\ + :openfiles-max=8192:\ + :tc=daemon: Index: pkg/i2pd.login =================================================================== RCS file: pkg/i2pd.login diff -N pkg/i2pd.login --- /dev/null 1 Jan 1970 00:00:00 -0000 +++ pkg/i2pd.login 14 May 2024 14:40:43 -0000 @@ -0,0 +1,4 @@ +i2pd:\ + :openfiles-cur=4096:\ + :openfiles-max=4096:\ + :tc=daemon: