13:32 <+bridge_> [ddnet] <Lexin> formated pc and dl newest version of ddnet and i had mini lags/fps drops. dl version 10.8.6 no lags and no problem
13:32 <+bridge_> [ddnet] <Lexin> am i stuck with 10.x forever now? =/
15:29 <+bridge_> [ddnet] <Blindhero> idk, what's the current technique for preventing DDoS? or how do they attack? random or chosen ips for spoofing?
15:37 <+bridge_> [ddnet] <deen> @Lexin Can you describe / show the drops? are they visible in ctrl-shift-d ctrl-shift-g? with opengl3 off?
15:38 <+bridge_> [ddnet] <Jupstar ✪> @deen you know that you have less FPS too, can't you? i asked you to profile, but you never did xD
15:39 <+bridge_> [ddnet] <Jupstar ✪> @deen you know that you have less FPS too, don't you? i asked you to profile, but you never did xD
15:39 <+bridge_> [ddnet] <deen> Nope, I just noticed that the old fps counter was really bad
15:39 <+bridge_> [ddnet] <deen> if you change the counter then of course the numbers look different
15:39 <+bridge_> [ddnet] <Jupstar ✪> i said, the counter might be strange, but it's unlikely that its completly wrong
15:39 <+bridge_> [ddnet] <Jupstar ✪> so you changed the fps counter in the old version?
15:39 <+bridge_> [ddnet] <deen> how do you want it profiled?
15:40 <+bridge_> [ddnet] <Jupstar ✪> and then it was same?
15:40 <+bridge_> [ddnet] <deen> nope, I just noticed that the counter kept increasing all the time
15:40 <+bridge_> [ddnet] <Jupstar ✪> well easiest is just use some external fps meassurement
15:40 <+bridge_> [ddnet] <deen> no idea how to do that
15:41 <+bridge_> [ddnet] <Jupstar ✪> mhh, but if you want just use any common cpu profiler.. the problem is most probably a CPU problem anyway
15:41 <+bridge_> [ddnet] <Jupstar ✪> i also did profiling, but didnt find anything suspecious
15:42 <+bridge_> [ddnet] <deen> well, if I use valgrind then you're unlikely to see anything interesting, since it slows down execution by a factor of 100-1000
15:42 <+bridge_> [ddnet] <Jupstar ✪> yeah probs the best to test
16:04 <+bridge_> [ddnet] <Jupstar ✪> @deen can you confirm that the new client exports all function symbols? atleast it seems so, dunno if that can affect runtime
17:53 <+bridge_> [ddnet] <Lexin> @deen
17:53 <+bridge_> [ddnet] <Lexin> https://cdn.discordapp.com/attachments/293493549758939136/511584326337560586/Hell_1_V2_2018-11-12_17-50-35.demo
17:54 <+bridge_> [ddnet] <Lexin> i can do another one with ctrl+shift+d if u want
17:54 <+bridge_> [ddnet] <Lexin> i can do another one with ctrl+shift+d if u want/need
17:54 <+bridge_> [ddnet] <Lexin> this pretty much shows the drops, its a drop in fps aswell
17:54 <+bridge_> [ddnet] <n000b> Virus.  never saw such an strange name for a file. It even ends in .demo wth.:troll:
17:56 <+bridge_> [ddnet] <n000b> @Learath2 is it you or heinrich who was/is working on anti ddos software stuff? Blindhero was wondering and i dunno if his message wil be burried.
17:57 <+bridge_> [ddnet] <Learath2> anti ddos software? There is no such thing
17:58 <+bridge_> [ddnet] <n000b> Well you reduce packages and stuff or idk what. I am no specialist
17:59 <+bridge_> [ddnet] <n000b> But you can read his message up there👆   @15:29
17:59 <+bridge_> [ddnet] <Learath2> There is no solution to ddos at our price range. Best we can do is to get a server with more bandwidth and more cores to drop garbage quicker
18:01 <+bridge_> [ddnet] <Learath2> It'd maybe help with the current weak ddos, but when the actually serious attackers come by it's way more then what we can hope to process anyways
18:03 <+bridge_> [ddnet] <n000b> @Roman here is your answer.
18:04 <+bridge_> [ddnet] <Blindhero> hm..
18:04 <+bridge_> [ddnet] <Blindhero> i mean, usually incoming packets are dropped at a specific layer for a given filter
18:04 <+bridge_> [ddnet] <Blindhero> the lower the layer, the more efficient is it i think, right?
18:05 <+bridge_> [ddnet] <Im 'corneum> so you made up some witchcraft to monitor all players 24/7 but u cant whitelist ips?
18:06 <+bridge_> [ddnet] <Learath2> At nfoservers we have a very sophisticated firewall at a low layer. So I can go in and filter attacks on a case by case basis. But not all attacks actually have a pattern, nor can you employ proper protocol parsing at the router level (not at this price anyways) to check if packets are actually valid.
18:06 <@heinrich5991> Learath2: can you enable the bridge again?
18:06 <+bridge_> [ddnet] <Learath2> Even if all the attacks had a pattern someone would need to sit in front of a computer 7/24 to write up the filters 😛
18:07 <+bridge_> [ddnet] <♪♫> those packets still have to get filtered ( eg analysed )
18:08 <+bridge_> [ddnet] <Learath2> Now there is hardware that can actually do the parsing and even employ machine learning to filter stuff but they are like 500 euros a month at a more expensive host like leaseweb
18:08 <+bridge_> [ddnet] <Blindhero> :(
18:10 <+bridge_> [ddnet] <Learath2> When/if the attacks get more serious I might get GER2 again. I couldn't test it the last time around because I wasn't here. Want to see how a quad core with a gigabit link handles the load. But people really don't seem to want to play on anything except GER 😃
18:10 <+bridge_> [ddnet] <Blindhero> i have a ping of 6-8 there, would be a reason enough
18:11 <+bridge_> [ddnet] <♪♫> What type of ddos is usually happening ? i'll try to ddoss my vps to see how to included protection handles it
18:11 <+bridge_> [ddnet] <Learath2> hmm, not sure if I really want to say which type is the most effective
18:12 <+bridge_> [ddnet] <Learath2> but we get synfloods, spoofed protocol packets (these aim to drown the teeworlds server itself), udp garbage
18:13 <+bridge_> [ddnet] <Blindhero> couldn't you filter "not connected ips" for the spoofed protocol packets?
18:13 <+bridge_> [ddnet] <Learath2> Also a quick note, even if the included protection "handles" it it's bad for us. We need legit packets to get through. Automated filters usually see a pattern and block it. The pattern doesn't have to be invalid
18:13 <+bridge_> [ddnet] <Blindhero> and just let some of them in? i mean for certain rules
18:13 <+bridge_> [ddnet] <Blindhero> and just let some of them in? i mean with certain rules
18:14 <+bridge_> [ddnet] <Learath2> @Blindhero this is exactly what I was thinking but then we need a better way to whitelist ips then using the game servers themselves
18:14 <+bridge_> [ddnet] <♪♫> rgr, yeah those automated ddos protection thingy often blocks entire coutrys and so on ^^
18:14 <+bridge_> [ddnet] <Blindhero> glad to hear, that it's not a dumb idea
18:14 <+bridge_> [ddnet] <Learath2> or we get spoofed connect flood, even with challange response it still drowns the server
18:14 <+bridge_> [ddnet] <Blindhero> oh..
18:16 <+bridge_> [ddnet] <Learath2> I was thinking of a fake teeworlds server that just emulates the connection, put it behind a load balancer and run it on a couple virtual machines on digitalocean or sth. But then you'd first have to connect to that before being able to connect normal ddnet servers
18:16 <+bridge_> [ddnet] <Learath2> which might be weird
18:16 <+bridge_> [ddnet] <Learath2> and it wouldn't work on any host except GER, as only nfoservers has a proper firewall
18:17 <+bridge_> [ddnet] <Blindhero> isn't there a possibilty to forward the client to another server? i think i've seen it on some blocker maps
18:17 <+bridge_> [ddnet] <Blindhero> isn't there a possibilty to forward the client to another server? i think i've seen it on some blocker servers
18:17 <+bridge_> [ddnet] <♪♫> might get laggy but that's a good idea and pretty straigtforward
18:17 <+bridge_> [ddnet] <Learath2> not possible
18:17 <+bridge_> [ddnet] <Blindhero> hm.. how did they do it then? there was something like a teleporter, and as soon as you passed it, the client connected to somewhere
18:18 <+bridge_> [ddnet] <Learath2> they employ hacks such as a front facing proxy, you don't actually connect to a new server, you only get packets from a different backend server, very unreliable solution under ddos
18:18 <+bridge_> [ddnet] <Learath2> or they just run multiple maps on one server, I've seen them aswell
18:18 <+bridge_> [ddnet] <Blindhero> hm.. okay
18:18 <+bridge_> [ddnet] <Learath2> there is however no way to force the client to connect to a new ip (it'd be a security issue :P)
18:18 <+bridge_> [ddnet] <Blindhero> i bet you will find a good solution
18:18 <+bridge_> [ddnet] <Blindhero> yeah sure
18:19 <+bridge_> [ddnet] <Learath2> I doubt I'll find any good solution tbh
18:19 <+bridge_> [ddnet] <Learath2> Best I can come up with is a clunky gatekeeper server you have to connect to before you connect to other servers
18:19 <+bridge_> [ddnet] <Learath2> might work if we only do it under attack
18:19 <+bridge_> [ddnet] <Learath2> but it's an ugly solution at best 🙂
18:21 <+bridge_> [ddnet] <Blindhero> why is it actually UDP and not TCP? because of the latency?
18:21 <+bridge_> [ddnet] <Blindhero> or would it have any effect on ddos?
18:22 <+bridge_> [ddnet] <Learath2> Overhead, the game is pretty timing sensitive tcp might add way too much overhead
18:22 <+bridge_> [ddnet] <Blindhero> i thought so
18:22 <+bridge_> [ddnet] <Learath2> even if it's just a couple ms it'll throw off people that have been training for years
18:23 <+bridge_> [ddnet] <Learath2> besides I doubt tcp would help much in this case tbh
18:24 <+bridge_> [ddnet] <Blindhero> okay then
18:28 <+bridge_> [ddnet] <Learath2> The recent attacks are mostly small scale, around 10-20M, a serious attack gets pretty ridiculous. Like 
18:28 <+bridge_> [ddnet] <Learath2> ```Sum 65.506.000 packets/300s (218.353 packets/s), 3.530 flows/300s (11 flows/s), 27,752 GByte/300s (757 MBit/s)```
18:29 <+bridge_> [ddnet] <Blindhero> wow
18:30 <+bridge_> [ddnet] <Learath2> That's around 100M/s
18:32 <+bridge_> [ddnet] <Blindhero> yeah i know
18:34 <+bridge_> [ddnet] <Learath2> Just didn't want to leave the units different 😛
21:25 <+bridge_> [ddnet] <deen> @Jupstar ✪ Nope, the version we release says "no symbols"
21:26 <+bridge_> [ddnet] <deen> but the executable certainly has grown in size
21:27 <+bridge_> [ddnet] <deen> @heinrich5991 Are we linking in too much stuff? File size changes: DDNet: 4.1 MB -> 6.9, DDNet-Server: 0.8 MB -> 5.3 MB, etc
21:27 <@heinrich5991> hmm
21:28 <@heinrich5991> did we add curl to the server recently?
21:28 <+bridge_> [ddnet] <Cellegen> well my mapres is going to be over 400mb so what damage could it make? 😁
21:28 <@heinrich5991> I don't remember whether we already did that for some reason
21:32 <+bridge_> [ddnet] <deen> @heinrich5991 11.1.9 was still fine-ish, 11.2 is huge
21:32 <+Learath2> that message didn't go to discord either
21:32 <+Learath2> but this one did ^^ huh
21:33 <@heinrich5991> ah yea, we link curl for modhelp stuff
21:33 <+bridge_> [ddnet] <deen> @heinrich5991 yeah, curl was added, sounds like a probable culprit
21:34 <@heinrich5991> that can be removed I guess
21:34 <@heinrich5991> however we'll probably link to curl in the long term
21:34 <@heinrich5991> so we might also figure out a solution to this instead
21:34 <@heinrich5991> e.g. by not linking to libcrypto (I think) statically
21:34 <+bridge_> [ddnet] <deen> but why is the client also bigger?
21:34 <+bridge_> [ddnet] <deen> didn't it always link curl?
21:35 <+bridge_> [ddnet] <deen> ah, client already was bigger in 11.1.9, so that's something else
21:36 <+bridge_> [ddnet] <deen> anyway, that's probably not what's causing the fps drops, I'll try getting @Jupstar ✪'s fps fix into 10.8.6 and see what it does
21:38 <+bridge_> [ddnet] <deen> Not moving in the correct direction generally :/
21:38 <+bridge_> [ddnet] <deen> https://cdn.discordapp.com/attachments/293493549758939136/511640950334947328/screenshot-20181112213806.png
21:40 <+Learath2> hmm, is there a tool that shows up what takes space in a binary?
21:45 <+bridge_> [ddnet] <deen> yes
21:46 <+bridge_> [ddnet] <deen> there's a way to tell the linker to warn about unused library linkages
21:46 <+bridge_> [ddnet] <deen> you can use bloaty to see what's in the binary: https://github.com/google/bloaty
21:46 <+bridge_> [ddnet] <deen> and we could also use LTO and --gc-sections to get rid of useless stuff
22:04 <+bridge_> [ddnet] <deen> @Jupstar ✪ so what should I cherry-pick?
22:05 <+bridge_> [ddnet] <deen> With https://github.com/ddnet/ddnet/pull/1055 cherry-picked on top of 10.8.6 i get the exact same FPS numbers as in current client
22:25 <+bridge_> [ddnet] <Lexin> deen, did u see my post above?^^
22:26 <+bridge_> [ddnet] <deen> @Lexin yes, but for me there is no difference, so I can't debug it
22:42 <+bridge_> [ddnet] <Jupstar ✪> @deen but that does only affect cl_refresh_rate and gfx_refresh_rate  anyway
22:42 <+bridge_> [ddnet] <Jupstar ✪> the guy in general chat said it happens regardless of the settings
22:47 <+bridge_> [ddnet] <Jupstar ✪> @deen gdb -> info functions clearly shows that the binary exports symbols. to be precise it doesn't strip the fvisbility= effect from gcc. when i add fvisbility=hidden and strip the client it's insanly much smaller.
22:47 <+bridge_> [ddnet] <Jupstar ✪> but i don't know if that can affect runtime, since it's just some symbols
22:47 <+bridge_> [ddnet] <Jupstar ✪> 
22:47 <+bridge_> [ddnet] <Jupstar ✪> the possibilities are:
22:47 <+bridge_> [ddnet] <Jupstar ✪>  - something doesnt compile like with bam, which was still the case in 10.8.6
22:47 <+bridge_> [ddnet] <Jupstar ✪>  - the new text renderer, however unluckely to affect a GTX 1060, like from the guy in gen chat
22:47 <+bridge_> [ddnet] <Jupstar ✪>  - some changes from heinrcih bcs of the async tasks that were removed
22:47 <+bridge_> [ddnet] <Jupstar ✪>  - other code i don't know, that was added to the loop, i'd need your memory and insight too know
22:48 <+bridge_> [ddnet] <Jupstar ✪> @deen gdb -> info functions clearly shows that the binary exports symbols. to be precise it doesn't strip the fvisbility= effect from gcc. when i add fvisbility=hidden and strip the client it's insanly much smaller.(i also added -s and -g0 to be safe)
22:48 <+bridge_> [ddnet] <Jupstar ✪> but i don't know if that can affect runtime, since it's just some symbols
22:48 <+bridge_> [ddnet] <Jupstar ✪> 
22:48 <+bridge_> [ddnet] <Jupstar ✪> the possibilities are:
22:48 <+bridge_> [ddnet] <Jupstar ✪>  - something doesnt compile like with bam, which was still the case in 10.8.6
22:48 <+bridge_> [ddnet] <Jupstar ✪>  - the new text renderer, however unluckely to affect a GTX 1060, like from the guy in gen chat
22:48 <+bridge_> [ddnet] <Jupstar ✪>  - some changes from heinrcih bcs of the async tasks that were removed
22:48 <+bridge_> [ddnet] <Jupstar ✪>  - other code i don't know, that was added to the loop, i'd need your memory and insight too know
22:50 <+bridge_> [ddnet] <Lexin> yeah, i tried different settings, didnt rly change anything. I'll stick with 10.8.6 for now
22:53 <+bridge_> [ddnet] <Jupstar ✪> @deen gdb -> info functions clearly shows that the binary exports symbols. to be precise it doesn't strip the fvisbility= effect from gcc. when i add fvisbility=hidden and strip the client it's insanly much smaller.(i also added -s and -g0 to be safe)
22:53 <+bridge_> [ddnet] <Jupstar ✪> but i don't know if that can affect runtime, since it's just some symbols
22:53 <+bridge_> [ddnet] <Jupstar ✪> 
22:53 <+bridge_> [ddnet] <Jupstar ✪> the possibilities are:
22:53 <+bridge_> [ddnet] <Jupstar ✪>  - something doesnt compile like with bam, which was still the case in 10.8.6
22:53 <+bridge_> [ddnet] <Jupstar ✪>  - the new text renderer, however unluckely to affect a GTX 1060, like from the guy in gen chat
22:53 <+bridge_> [ddnet] <Jupstar ✪>  - some changes from heinrcih bcs of the async tasks that were removed
22:53 <+bridge_> [ddnet] <Jupstar ✪>  - other code i don't know, that was added to the loop, i'd need your memory and insight to know
22:53 <+bridge_> [ddnet] <fokkonaut> i have a 1060, working fine @Jupstar ✪
22:53 <+bridge_> [ddnet] <Jupstar ✪> yeah it's more likely that he has a worse CPU than you
22:54 <+bridge_> [ddnet] <fokkonaut> probably
22:54 <+bridge_> [ddnet] <Jupstar ✪> and then it's more likely to be some code fault
22:54 <+bridge_> [ddnet] <fokkonaut> ohh
23:34 <+bridge_> [ddnet] <Lexin> i just looked at the demo from the other client and it doesnt lag? wat xd
23:34 <+bridge_> [ddnet] <Lexin> teeworlds is too weird man