- oxen-logging updated to bump fmt version
- version bump oxen-logging to fix fmt version
- version bump oxen-mq to solve uniform distribution error
- misc errors introduced by above version bumps
- clang-format 14 -> 15
when setting libunbound's upstream dns, we need to not pass in the square braces of an ipv6 address.
we also net udp handles have ipv6 address for the local ip.
This allows bencode-dump.py autodetect hex input and decode it on the
fly, which is quite convenient when working with binary-containing
bencoded data strings.
in rpc client, contention on a null lock happened.
fix this by making the sending of pings always done in the logic
thread. this is done by wrapping the lambda we made with EventLoop::make_caller()
-- Moved all RPCServer initialization logic to rpcserver constructor
-- Fixed config logic, fxn binding to rpc address, fxn adding rpc cats
-- router hive failed CI/CD resulting from outdated reference to rpcBindAddr
-- ipc socket as default hidden from windows (for now)
refactored config endpoint
- added rpc call script (contrib/omq-rpc.py)
- added new fxns to .ini config stuff
- added delete .ini file functionality to config endpoint
- added edge case control for config endpoint
add commented out line in clang-form for header reorg later
* Updated RpcServer Initialization and Logic
-- Moved all RPCServer initialization logic to rpcserver constructor
-- Fixed config logic, fxn binding to rpc address, fxn adding rpc cats
-- router hive failed CI/CD resulting from outdated reference to rpcBindAddr
-- ipc socket as default hidden from windows (for now)
Previously oxen-logging was erroneously hard-coded to use the target
"lokinet" for system logs. Obviously this is wrong for anything else
which uses oxen-logging and the system log. This changes our call to
add_sink to pass "lokinet" as the target rather than the config
filename, and updates oxen-logging to use that argument correctly.
Default & Required makes no sense: if we have a default it makes no
sense to make it required. The previous behaviour when this was
specified was to force an (uncommented) value in the config with the
value, but this was only used in the test suite.
Required & Hidden makes no sense either: if it's required to be
specified we definitely don't want to hide it from the generated config
file.
These are now compile-time failures.
When running as a service node we can't do anything without a lokid rpc
URL, and we don't necessarily have a good default for it.
This makes it required so that we fail with an appropriate error message
(rather than connect timeouts) if it is not specified.
At some point between 0.9.9 and 0.9.10 we removed the printing of option
names when a value doesn't have a default, but this means the config is
littered with things like:
# This option sets the greater foo value.
with no actual option name printed out when there is no default.
This fixes it by always printing the option name in such a case, just
with an empty value, e.g.:
# This option sets the greater foo value.
#big-foo=
The bg has to get encoded in a multi-format TIFF to make it work.
Also increase the vertical size a bit so that it still looks okay in
case you are a crazy person with a bunch of toolbars and other junk
cluttering up the window.
certain files needed to include either fstream and our shim for std::filesystem.
this includes fstream into our shim and includes this shim in places
that require fstream. this is done because some toolchains (cough
cough broke af arch linux amalgums) can have weird subsets of the
requirements of C++17 that overlap, except when they dont, denoted by
unknowable undisclosed circumstances.
this issue was reported by a user in the wild, and this fixes it.
previously we had a checking style function that passes in an optional
defaulting to nullopt as a micro optimzation, this makes the code
unnessarily obtuse.
simplify this by splitting up into 2 functions,
one for getting the unique endpoints and one for checking if the
number of them is above the minimum.
add overload for ReadyToDoLookup() that checks against constant but
can do more in the future if desired to reduce the burden on future contributors.
Query->Cancel() will remove the Query, but that introduces a race
condition where unbound may still try to invoke the callback (with a
no-longer-valid pointer) if we do it before the ub_ctx_delete call.
Move to it afterwards so that we only cancel things that unbound didn't
Occasionally during shutdown windivert will crash because a thread tries
sending after we've called wd::shutdown, which isn't allowed. Add an
atomic bool to prevent this.
we were calling llarp::Context::HandleSignal from a non mainloop
thread when running as a win32 service. this caused issues with a non
clean destruction.
call our signal handler instead of llarp::Context::HandleSignal
Get rid of the --win32-daemon hack (which was removed from the service
itself earlier in this PR, by mistake) and replace it with detection of
the error code for "not running as a service" that windows gives us back
if we try to set up service controller dispatching but aren't a service.
If wintun fails it seems to take about 15s, so extend the startup
timeout so that it can fail gracefully (and let us clean up before
exiting).
Also refactors the timeouts to chrono constants.
Fixes windows shutdown crashes:
- windivert wasn't handling an ERROR_NO_DATA, which it gets when
finished handling everything after a shutdown.
- wintun ReadPacket still gets invoked after end_session is called, but
shouldn't be. This adds an atomic<bool> to early return.
- fixes up some settings we send for windows service manager notify
- win32_platform.cpp is dead
- win32_platform.hpp is useless
Style changes from clang-tidy warnings:
- remove `virtual` from some definitions that already have `override`
- remove virtual destructor from NetworkInterface because it already has
a virtual destructor via the base type (and clang-tiny warns about it)
the win32 and sd_notify components provided a disjointed set of
similar high level functionality so we consolidate these duplicate
code paths into one that has the same lifecycle regardless of platform
to reduce complexity of this feature.
this new component is responsible for reporting state changes to the
system layer and optionally propagating state change to lokinet
requested by the system layer (used by windows service).
We should send STOP_PENDING rather than STOPPED while we aren't yet
actually stopped; STOPPED is already sent when we actually finish
stopping.
Also fixes some silly argc/argv shenanigans, I think.
We're defining formats for std::chrono types, which feels wrong (because
fmt itself also has these), so just replace them with functions:
short_time_from_now(...) gives a short "in 14m12s" or "5.123s ago" time
span relative to now, given a time point. Precision gets reduced for
larger deviations from now (e.g. "4h12m ago").
ToString(Duration_t) gives a string such as "-3h22m02.123s" for a
duration.
The time_delta<T> was using the wrong duration type when formatting, so
was outputting millisecond precision in the systemd status string which
is pointless (and unintended).
Currently you can't use GUI_EXE without BUILD_GUI, but BUILD_GUI also
requires the yarn command (even though it will never use it when GUI_EXE
is set).
This commit fixes it:
- Make `GUI_EXE` a windows-only top-level project options, rather than
being guarded by `BUILD_GUI`.
- Make `BUILD_GUI` control *building* the GUI instead of bundling it.
- GUI_EXE and BUILD_GUI are now mutually exclusive.
The options we need in rsvg-convert are apparently too new for bullseye,
so split the build so that we do the gui separately (in the nodejs-lts
container) and then build lokinet in bookworm.
The iterator here to skip an obsolete bootstrap wasn't properly
reassigning the iterator, so "didn't work" (though why it was hanging
for me is entirely non-obvious).
Also refactored it to simplify/clarify it a bit.
- Move logging initialization to early in Configure rather than at the
end of FromConfig so that we can add debug logging inside
Configure/FromConfig/etc.
- add said debug logging to Configure/FromConfig/etc.
Without this, old config (with now-irrelevant settings) won't work in
newer lokinet, making lokinet fatal error on startup if one of the
no-longer-used options is still present.
when read/writing a .loki privkey file we dont rewind a llarp_buffer_t
after use. this is an argument in favor of just removing that type
from the code entirely.
fixes by using 2 distinct locally scoped llarp_buffer_t, one for read,
one for write.
Set -D_WIN32_WINNT for static deps; unbound, in particular, needs this
as the latest version appears to rely on something only provided in
non-ancient windows to build properly.
This required moving _winver into the toolchain file so that it is
available earlier in cmake code (StaticBuild is included long before
win32.cmake), but also this seems a more appropriate place for it.
- cd .. after the build, before running extra_cmds, because the scripts
we invoke expect to be in the root, not in the build dir (and it's
dirtier for the build function to not undo the `cd build` that it
runs).
- fix unclosed parenthesis in mac static lib checker
cpr: 1.9.2
cxxopts: 3.0.0
ghc-filesystem: 1.5.12
nlohmann-json: 3.11.2
pybind11: 2.10.0
sqlite_orm: 1.7.1
Plus other updates need to make these work:
- cpr needs a cprver.h configured with the version (cmake code copied
from oxen-core).
Currently (from a recent PR) we aren't pinging oxend if not active, but
that behaviour ended up being quite wrong because lokinet needs to ping
even when decommissioned or deregistered (when decommissioned we need
the ping to get commissioned again, and if not registered we need the
ping to get past the "lokinet isn't pinging" nag screen to prepare a
registration).
This considerably revises the pinging behaviour:
- We ping oxend *unless* there is a specific error with our connections
(i.e. we *should* be establishing peer connections but don't have any)
- If we do have such an error, we send a new oxend "error" ping to
report the error to oxend and get oxend to hold off on sending uptime
proofs.
Along the way this also changes how we handle the current node state:
instead of just tracking deregistered/decommissioned, we now track three
states:
- LooksRegistered -- which means the SN is known to the network (but not
necessarily active or fully staked)
- LooksFunded -- which means it is known *and* is fully funded, but not
necessarily active
- LooksDecommissioned -- which means it is known, funded, and not
currently active (which implies decommissioned).
The funded (or more precisely, unfunded) state is now tracked in
rc_lookup_handler in a "greenlist" -- i.e. new SNs that are so new (i.e.
"green") that they aren't even fully staked or active yet.
This aligns service node updating logic a bit closer to what happens in
storage server, and should make it a bit more resilient, hopefully
tracking down the (off-Github) reported issue where lokinet sometimes
doesn't see itself as active.
- Initiate a service node list update in the 30s timer lokinet ping
timer (in case we miss a block notify for some reason); although this
is expensive, the next point mitigates it:
- Retrieve the block hash with the SN state update, and feed it back
into the next get_service_nodes call (as "poll_block_hash") so that
oxend just sends back a mostly-empty response when the block hasn't
changed, allowing both oxend and lokinet to skip nearly all of the
work of a service node list update when the block hasn't changed since
the last poll. (This was already partially implemenated--we were
already looking for "unchanged"--but without a block hash to get from
and pass back to oxend we'd never actually get an "unchanged" result).
- Tighten up the service node list handling by moving the "unchanged"
handling into the get_service_nodes response handler: this way the
HandleNewServiceNodeList function is only handling the list but not
the logic as to whether there actually is a new list or not.
Lots and lots of places in the code had broken < operators because they
are returning something like:
foo < other.foo or bar < other.bar;
but this breaks both the strict weak ordering requirements that are
required for the "Compare" requirement for things like
std::map/set/priority_queue.
For example:
a = {.foo=1, .bar=3}
b = {.foo=3, .bar=1}
does not have an ordering over a and b (both `a < b` and `b < a` are
satisfied at the same time).
This needs to be instead something like:
foo < other.foo or (foo == other.foo and bar < other.bar)
but that's a bit clunkier, and it is easier to use std::tie for tuple's
built-in < comparison which does the right thing:
std::tie(foo, bar) < std::tie(other.foo, other.bar)
(Initially I noticed this in SockAddr/sockaddr_in6, but upon further
investigation this extends to the major of multi-field `operator<`'s.)
This fixes it by using std::tie (or something similar) everywhere we are
doing multi-field inequalities.
The non-mac icon was an old version with white foreground and a
completely transparent background, but this looks bad (or invisible)
depending on where you view it. This updates it based on the macos
icon, but with a round white circle background instead of the macos
"squircle" background.
This also replaces the .ico file for the installer with one that we
build during the win32 build rather than a pregenerated one.
Bumps the gui as well to a version with the new icons in place.
If we get back an IPv6 address as the first gateway then we won't have
the expected IPv4 gateway that the route poker needs to operate.
This iterates through them separately so that we treat the IPv4 and IPv6
sides of an address as separate interfaces which should allow the route
poker to find the one it wants (and just skip the IPv6 one).
DRY a chunk of repeated code for finding a free private range.
Also fix it so that it will consider 10.255.0.1/16 and 192.168.255.1/24
(previously it would only check up to octet 254).
If running as a service node, we ping core on a regular interval to
inform it we're running and in a good state. If we're an active
(not decommissioned or deregistered) service node and have too few
peers and thus we're not actually connected to lokinet, we should skip
that ping so core doesn't think we're ok.
Adds a fallback bootstrap file path parameter to CMake, specify
-DBOOTSTRAP_SYSTEM_PATH="/path/to/file" to use.
Adds a list of (currently 1) obsolete bootstrap RouterIDs to check
bootstrap RCs against. Will not use bootstrap RCs if they're on that
list.
Log an error periodically if we appear to be an active service node but
have fewer than a set number (5) known peers.
Bumps oxen-logging version for literal _format.
The `sign` target on macos was not working properly -- the signing
script would run before the build is finished. This was caused by
cmake/macos.cmake having an `if(BUILD_GUI)`, but BUILD_GUI isn't defined
as an option until cmake/gui.cmake, which hadn't been included yet where
macos.cmake was included.
This extracts just the `option(BUIL_GUI)` from gui.cmake into a separate
gui-option.cmake file that we can load earlier to fix it.
While here I also noticed the GUI_EXE setting was defined as an option,
but isn't actually a boolean value, as an option, but isn't actually a
boolean value, so fixed it by making it a `set(... CACHE FILEPATH ...)`.
If you stop/start the GUI but it doesn't exit on start, the second
--start (when lokinet is already running) waits for a state change that
doesn't come (because lokinet is already running). This add a check for
already-running so that we exit right away in such a case.
The tools to create a dmg on Apple are flakey, of course, and fail in
cryptic ways if the file already exists, so purge it in the
contrib/mac.sh script.
No more llarp_buffer_t here!
(I was tracking down a segfault which led me in here and it was easier
to rewrite this to use bt_dict_{consumer,producer} than to decipher all
the cursed llarp_buffer_t and bencode callback nest).
We have basically this same bit of code in tons of places; consolidate
it into llarp::util::slurp_file/llarp::util::dump_file.
Also renames all the extra junk that crept into llarp/util/fs.hpp out of
there into llarp/util/file.hpp instead.
The old one was way too big on mac relative to other icons. This scales
the background down, while keeping the black logo parts the same, and
changes the rounding of the corners to match native macos apps.
This also rewrites it from scratch to use a useful coordinate system
which allows drawing all the fundamentals in much more useful units.
- Add a function to extract a value from parsed options, to DRY out the
code a little bit.
- Add a exit_error function to format a message to stdout and then
return the code, to simplify the repeated print-and-return code used
when errors occur.
- Use fmt for output formatting
- Add an error if multiple modes are specified at once
(--up/--down/--status/--exit)
- Add error printing around unmap
- Accept empty string or `null` for token to mean "no token."
- Accept `null` for range to mean "default range."
- Don't use a default range (::0/0) in lokinet-vpn because this will
fail if IPv6 ranges aren't supported on the platform (e.g. on
Windows), and isn't necessary: if we omit it then the rpc code already
uses ::0/0 or 0.0.0.0/0 by default, as needed.
This is not likely to be usable to many people, and people who it *is*
useful for are knowledgeable enough to modify it themselves. Most users
get no use at all and it most likely just confuses them instead.
- ANDROID_NDK_ROOT must be set in env
- cmake should be setting `-DANDROID_API=23`
- specify the correct android API via a define when building openssl; it
has to be in CPPFLAGS (not CFLAGS) because otherwise openssl's
configure script doesn't notice and overrides our define with the
latest API version.
- openssl configure puts $(ANDROID_NDK_ROOT) in the makefile, so we have
to be sure that we put it in the environment for the build command,
too.
- Split up mac.sh into a configure + build scripts (like Windows).
- Don't attempt to build the 'package' target in CI: apparently you have
to have a logged in user at the GUI in order to build a .dmg because
being obtuse is the Apple way.
- Upload the raw Lokinet unsigned app in a .tar.xz, rather than dmg,
because of the above.
- make mac.sh respect JOBS (pun not intended (but still good))
- ReconfigureDNS wasn't returning the old servers; made it void instead
(the Apple code can just store a copy of the original upstream
servers instead).
- Reconfiguring DNS reset the unbound context but didn't replace it, so
a Down()/Up() would crash.
- Simplify Resolver() destructor to just call Down(), and make it final
just so that no one tries to inherit from us (so that calling a
virtual function from the destructor is safe).
- Rename CancelPendingQueries() to Down(); the former cancelled but also
shut down the object, so the name seemed a bit misleading.
- Rename SetInternalState in Resolver_Base to ResetResolver, so that we
aren't conflicting with ResetInternalState from Endpoint (which was a
problem because TunEndpoint inherited from both; it could be resolved
through the different argument type if we removed the default, but
that seems gross).
- Make Resolver use a bare unbound context pointer rather than a
shared_ptr; since Resolver (now) entirely manages it already we don't
need an extra management layer, and it saves a bunch of `.get()`s.
On Apple, the network extension is outside the tunnel routing, so we
cannot have libunbound talk directly to upstream (it would leak DNS when
exit mode is enabled). Instead unbound *always* talks to a localhost
port where we have a "dns trampoline" that takes UDP packets and shoves
them through the tunnel.
We were doing that already, but recent changes here were overwriting the
libunbound settings with.
This also moves the upstream DNS configuration part of `Up()` into its
own method.
We don't have a resolver on macos, so we were running through this loop
with fails == 0 == m_Impls.size() and throwing, crashing the process.
Early return to avoid the failure and fix macos crash.
Apple supports anything here that Clang supports and should have them
set the same as everywhere else.
Most importantly this gives apple the -Wno-deprecated-declarations flag
which has been driving me nuts on macos.
This also version-gates the -Wno-deprecated-declarations so that it
will turn on again when we bump the version beyond .10.
We were requiring `->Next` be true, which means we skipped the last (and
often only) entry of the linked lists and so never properly found the
gateway.
- We need to pass a flag to get Windows to include gateway info.
- Refactor it to use microsoft's recommended magic default 15000 buffer
size and repeat in a loop a few times until it works. Developers,
developers, developers, developers!
- a `static` is less verbose and otherwise identical to an empty
namespace for a single declaration like this.
- operator== on two optionals already does exactly what the `is_equal`
lambda here is doing.
- formatting
- windivert was being set up *before* DNS is set up, so the DNS port was
nullopt and thus we couldn't properly identify upstream DNS traffic.
- close() doesn't close a socket on Windows, so the socket-bind-close
approach to get a free UDP port wasn't actually closing, and thus
unbound upstream constrained to the given port were completely
failing.
- The unbound thread was accessing the same shared_ptr instance as the
outer code, which isn't thread-safe; changed it to copy a weak_ptr
into the lambda instead.
- Exclude upstream DNS traffic in the filter rather than capturing and
reinjecting it.
The inner lambda here wasn't keeping the `Query` (`this`) alive, so
`src` wasn't valid anymore. This changes it to copy the `src`
shared_ptr into the lambda instead of capturing `this`, and fixes it.
The current code isn't working and gives a 0 (which then fails unbound
initialization). This replaces it by doing a socket+bind to find a free
port then immediately closes (but passes the port we got into unbound).
- Replaces RAII handling of DLLs with global function pointers. (We
don't unload the dll this way, but that seems unnecessary anyway).
- Simplifies code by just needing to call an init function, but not
needing to pass around an object holding the function pointers.
- Adds a templated dll loader that takes the dll and a list of
name/pointer pairs to load the dll and set the pointers in one shot.
ip_header wasn't 20 bytes on windows compilations for some unholy
reason. This restructures it to avoid the template and just use two
different structs for le/be with a condition_t for the ifdef, which
resolves it (and *also* apparently avoids the need for the pack).
Also add a static_assert to check the size.
Also do the same for ipv6.
Cast via an ordinary function pointer rather than a function pointer
reference to avoid the warning.
Also make the pointer in `Func_t` explicit rather than implicit (deduced
into the `Func_t` type) to make it clearer what is going on here.
3.13...3.xx means "minimum is 3.13, but use any new cmake policies
introduced up to 3.xx".
There was, in particular, a policy w.r.t. external project timestamps
causing warnings under 3.24.
Lots of tools struggle with non-default DNS port, so keep a listener on
127.3.2.1:53 (by default).
This required various changes to the config handling to hold a vector
(instead of an optional) of defaults and values, and now allows passing
in an array of defaults instead of just a single default.
It didn't do equality, it did "does the remaining space start with the
argument" (and so the replacement in the previous commit was broken).
This renames it to avoid the confusion and restores to what it was doing
on dev.
errno is only set if read returns < 0 and won't be set to 0 if read
succeeds, so we were bailing here frequently on successful reads
(whenever errno happened to be non-0).
This class is cursed, but also broken under gcc-12. Apply some lipstick
to get it moving again (but we really need to refactor this because it
is a mess).
add jason's suggested changes for artifact upload
use lokinet-ci-nodejs-lts as base image so we can build the installer
update ci pipeline for windows to have building gui toggle-able
by default we will build the gui from this repo, but this allows it to
easily run using a custom gui asset if needed
* wintun vpn platform for windows
* bundle config snippets into nsis installer for exit node, keyfile persisting, reduced hops mode.
* use wintun for vpn platform
* isolate all windows platform specific code into their own compilation units and libraries
* split up internal libraries into more specific components
* rename liblokinet.a target to liblokinet-amalgum.a to elimiate ambiguity with liblokinet.so
* DNS platform for win32
* rename llarp/ev/ev_libuv.{c,h}pp to llarp/ev/libuv.{c,h}pp as the old name was idiotic
* split up net platform into win32 and posix specific compilation units
* rename lokinet_init.c to easter_eggs.cpp as that is what they are for and it does not need to be a c compilation target
* add cmake option STRIP_SYMBOLS for seperating out debug symbols for windows builds
* intercept dns traffic on all interfaces on windows using windivert and feed it into lokinet
* allow specifying a custom yarn binary for building the gui using -DYARN= cmake option
* unset DISPLAY when calling wine because i hate popups
* do not rebuild gui when building for windows
* by setting the magical undocumented env var USE_SYSTEM_7ZA to 'true' we can have the pile of npm bullshit code use our system's local 7z binary instead of the probably not backdoored binary from npm, yes for real. i hate nodejs so god damn much you have no fucking idea
* allow providing a custom gui from a zip file via -DGUI_ZIP_FILE cmake option
we want to be able to have multiple locally bound dns sockets in lokinet so
i restructured most of the dns subsystem in order to make this easier.
specifically, we have a new structure to dns subsystem:
* dns::QueryJob_Base
base type for holding a dns query and response with virtual methods
in charge of sending a reply to whoever requested.
* dns::PacketSource_Base
base type for reading and writing dns messages to and from wherever they came from
* dns::Resolver_Base
base type for filtering and handling of dns messages asynchronously.
* dns::Server
contextualized per endpoint dns object, responsible for all dns related isms.
this change hides all impelementation details of all of the dns components.
adds some more helper functions for parsing dns and dealing with OwnedBuffer.
overall dns becomes less of a pain with this new structure. probably.
Even if we aren't codesigning, things like the `package` target expect
to be able to depend on `notarize` (and thus implicitly sign ->
assemble) to require a built package.
Also add a `-UNSIGNED` into the built dmg filename.
Apple introduced a bug in macOS 11 that they can't be arsed to fix which
breaks PNG loading into icns files by dropping the blue channel of the
last pixel, leaving a streak of yellow pixels at the bottom of the
image.
This hacks around it by setting a fully transparent, non-white (actually
yellow) pixel in the bottom-right corner of the images.
This is such inexcusable trash.
- Add the version number into the .dmg filename
- Set the lokinet icon on the .dmg. This is done via a swift program
because all the Apple CLI tools to do this are deprecated.
The macOS PR that was merged accidentally dropped a cmake option that
result in the extension's provisioning profile not getting copied into
place (but was working locally because I was using a build dir where the
variable was still set). This restores the option to fix the
codesigning.
CMake apparently doesn't do anything with CMAKE_OSX_DEPLOYMENT_TARGET
for swift, which results in a 12+ minimum version. This fixes it
(albeit in a hacky way since the only apple-sanctioned way to properly
set this appears to be "use xcode").
Shame on Apple, as usual.
* make socket bind errors have a distinct message reported when caught using their own exception type
* omit printing banner in setup when we run from the lokinet executable (but not the liblokinet.so entry point)
Apple's servers have a gateway timeout a small but noticeable percentage
of the time, which was breaking the script. Detect such Apple flakiness
and keep trying.
Adds support for building Lokinet as a system extension, and fixes
various problems in the macos implementation found during development of
the system extension support.
outbound=:1234
outbound=0.0.0.0:1234
outbound=
outbound=0.0.0.0
now all default to use the inbound= IP. (If multiple inbound= IPs are
given, we raise an exception to abort startup).
Only applies to routers (since clients don't have inbound IPs), and
eliminates potential weird edge cases with local system IP and routing
shenanigans.
The general section comments contained all the descriptions for the
inbound/outbound settings, while inbound/outbound had no comment at all.
This moves the comments around to the individual settings, plus updates
some of the wording in the section.
We were failing when using `inbound=:1234`, rather than looking for a
default IP. This fixes it to still use the default IP, and change only
the default port.
Outbound behaviour should remain unchanged: i.e. `outbound=:2345` means
bind-to-wildcard-IP with a specific port.
Fixes:
- tighten reserved name detection to not match fooloki.loki, but instead
only match "foo.loki.loki" and "loki.loki" (and similar for reserved
name "snode.loki").
- IPv6 PTR parsing was completely broken.
- Added tests for the above two issues.
Cleanups:
- Eliminate llarp::dns::Name_t typedef for std::string
- Use optional return instead of bool + output param
- Use string_views; we were doing a *lot* of string substr's during
parsing, each of which allocates a new string.
- Use fmt instead of stringstream
- Simplify IPv4 PTR parsing
Using constructor inheritance DRYs the code, but unfortunately confuses
GCC as to where the proper "required from here" location is, which makes
debugging formatting errors very difficult. Avoid it (and update
oxen-logging to avoid it there as well).
Replaces custom logging system with spdlog-based oxen logging. This
commit mainly replaces the backend logging with the spdlog-based system,
but doesn't (yet) convert all the existing LogWarn, etc. to use the new
format-based logging.
New logging statements will look like:
llarp::log::warning(cat, "blah: {}", val);
where `cat` should be set up in each .cpp or cluster of .cpp files, as
described in the oxen-logging README.
As part of spdlog we get fmt, which gives us nice format strings, where
are applied generously in this commit.
Making types printable now requires two steps:
- add a ToString() method
- add this specialization:
template <>
constexpr inline bool llarp::IsToStringFormattable<llarp::Whatever> = true;
This will then allow the type to be printed as a "{}" value in a
fmt::format string. This is applied to all our printable types here,
and all of the `operator<<` are removed.
This commit also:
- replaces various uses of `operator<<` to ToString()
- replaces various uses of std::stringstream with either fmt::format or
plain std::string
- Rename some to_string and toString() methods to ToString() for
consistency (and to work with fmt)
- Replace `stringify(...)` and `make_exception` usage with fmt::format
(and remove stringify/make_exception from util/str.hpp).
Having it there (even defaulted, like this) means endpoint.hpp doesn't
have to include endpoint_state.hpp (which it otherwise would need,
because of the std::unique_ptr<EndpointState> default deleter
requirements).
We only check for definedness, not truth, in the code so make the cmake
definitions agree with that.
This also avoids warnings when building on macos (because swift only
allowed defined/undefined but not values)
We shouldn't be compiling these .cpp files at all on other platforms,
rather than compiling empty .cpp files (which later results in "... has
no symbols" warnings).
Currently I maintain a patch in the debs to do the same thing here, but
it fails to apply often enough; this change makes the behaviour
consistent with oxen-core/oxen-ss and will let me drop that patch and
just pass in the cmake option.
(Recommend ignore-whitespace for viewing the diff)
Fixes a bug on older cmake linking against oxenmq (older cmake hates the
direct oxenmq::oxenmq -> PkgConfig::OXENMQ alias), and also makes it
easier to handle things like nlohmann::json (which we can use from the
system *or* submodule).
Borrowed from oxen-ss/oxen-core.
message(STATUS"Enabling notarization with account ${MACOS_NOTARIZE_ASC}/${MACOS_NOTARIZE_USER}")
else()
message(WARNING"You have not set one or more of MACOS_NOTARIZE_USER, MACOS_NOTARIZE_PASS, MACOS_NOTARIZE_ASC: notarization will fail; see contrib/macos/README.txt")
endif()
else()
message(WARNING"Codesigning disabled; the resulting build will not run on most macOS systems")
message(WARNING"Missing a ${prof} provisioning profile: Apple will most likely log an uninformative error message to the system log and then kill harmless kittens if you try to run the result")
elseif(NOTEXISTS"${${prof}}")
message(FATAL_ERROR"Provisioning profile ${${prof}} does not exist; fix your -D${prof} path")
Lokinet uses dns are its primary interface for resolving, mapping and querying resources inside of lokinet.
This was done not because DNS is *good* protocol, but because there is almost no relevent userland applications that are incapable of interacting with DNS, across every platform.
Using DNS in lokinet allows for the most zero config setup possible with the current set of standard protocols.
Lokinet provides 2 internal gtld, `.loki` and `.snode`
## .snode
The `.snode` gtld is used to address a lokinet router in the form of `<zbase32 encoded public ed25519 identity key>.snode`.
Traffic bound to a `.snode` tld will have its source authenticatable only if it originates from another valid lokinet router.
Clients can also send traffic to and from addresses mapped to `.snode` addresses, but the source address on the service node side is ephemeral.
In both cases, ip traffic to addresses mapped to `.snode` addresses will have the destination ip rewritten by the lokinet router to be its local interface ip, this ensures traffic stays on the lokinet router' interface for snode traffic and preventing usage as an exit node.
## .loki
The `.loki` gtld is used to address anonymously published routes to lokinet clients on the network.
<!-- (todo: keyblinding info) -->
## What RR are provided?
All `.loki` domains by default have the following dns rr synthesized by lokinet:
* `A` record for initiating address mapping
* `MX` record pointing to the synthesizesd `A` record
* free wildcard entries for all of the above.
Wildard entries are currently only pointing
All `.snode` domains have by defult just an `A` record for initiating address mapping.
Additionally both `.loki` and `.snode` can optionally provide multiple `SRV` records to advertise existence of services on or off of the name.
<!-- (//todo: document and verify srv record limitations) -->
Lokinet is an onion routed authenticated unicast IP network. It exposes an IP tunnel to the user and provides a dns resolver that maps `.loki` and `.snode` gtld onto a user defined ip range.
Lokinet allows users to tunnel arbitrary ip ranges to go to a `.loki` address to act as a tunnel broker via another network accessible via another lokinet client. This is commonly known as an "exit node" but the way lokinet does this is much more generic so that term is not very accurate given what it actually does.
The `.snode` gtld refers to a router on the network by its public ed25519 key.
The `.loki` gtld refers to clients that publish the existence anonymously to the network by their ed25519 public key. (`.loki` also has the ability to use short names resolved via external consensus method, like a blockchain).
# How Do I use Lokinet?
set system dns resolver to use the dns resolver provided by lokinet, make sure the upstream dns provider that lokinet uses for non lokinet gtlds is set as desired (see lokinet.ini `[dns]` section)
configure exit traffic provider if you want to tunnel ip traffic via lokinet, by default this is off as we cannot provide a sane defualt that makes everyone happy. to enable an exit node, see lokinet.ini `[network]` section, add multiple `exit-node=exitaddrgoeshere.loki` lines for each endpoint you want to use for exit traffic. each `exit-node` entry will be used to randomly stripe across per IP you are sending to.
note: per flow (ip+proto/port) isolation is trivial on a technical level but currently not implemented at this time.
# Can I run lokinet on a soho router
Yes and that is the best way to run it in practice.
## The "easy" way
We have a community maintained solution for ARM SBCs like rasperry pi: https://github.com/necro-nemesis/LabyrinthAP
## The "fun" way (DIY)
It is quite nice to DIY. if you choose to do so there is some assembly required:
on the lokinet side, make sure that the...
* ip ranges for `.loki` and `.snode` are statically set (see lokinet.ini `[network]` section `ifaddr=` option)
* network interace used by lokinet is statically set (see lokinet.ini `[network]` section `ifname=` option)
* dns socket is bound to an address the soho router's dns resolver can talk to, see `[dns]` section `bind=` option)
on the soho router side:
* route queries for `.loki` and `.snode` gtld to go to lokinet dns on soho router's dns resolver
* use dhcp options to set dns to use the soho router's dns resolver
* make sure that the ip ranges for lokinet are reachable via the LAN interface
* if you are tunneling over an exit ensure that LAN traffic will only forward to go over the lokinet vpn interface
If you are simply looking to install Lokinet and don't want to compile it yourself we provide several options for platforms to run on:
Tier 1:
* [Linux](#linux-install)
* [Windows](#windows-install)
* [MacOS](#macos-install)
Tier 2:
* [FreeBSD](#freebsd-install)
Currently Unsupported Platforms: (maintainers welcome)
* [Android](#apk-install)
* Apple iPhone
* Homebrew
* \[Insert Flavor of the Month windows package manager here\]
## Official Builds
### Windows / MacOS <spanid="windows-install"/><spanid="macos-install"/>
You can get the latest stable release for lokinet on windows or macos from https://lokinet.org/ or check the [releases page on github](https://github.com/oxen-io/lokinet/releases).
### Linux <spanid="linux-install"/>
You do not have to build from source if you do not wish to, we provide [apt](#deb-install) and [rpm](#rpm-install) repos.
#### APT repository <spanid="deb-install"/>
You can install debian packages from `deb.oxen.io` by adding the apt repo to your system.
This apt repo is also available via lokinet at `http://deb.loki`
Once added you can install lokinet with:
$ sudo apt update
$ sudo apt install lokinet
When running from debian package the following steps are not needed as it is already running and ready to use. You can stop/start/restart it using `systemctl start lokinet`, `systemctl stop lokinet`, etc.
#### RPM <spanid="rpm-install"/>
We also provide an RPM repo, see `rpm.oxen.io`, also available on lokinet at `rpm.loki`
## Bleeding Edge dev builds <spanid="ci-builds"/>
automated builds from dev branches for the brave or impatient can be found from our CI pipeline [here](https://oxen.rocks/oxen-io/lokinet/). (warning: these nightly builds may or may not consume your first born child.)
## Building
Build requirements:
* Git
* CMake
* C++ 17 capable C++ compiler
* libuv >= 1.27.0
* libsodium >= 1.0.18
* libssl (for lokinet-bootstrap)
* libcurl (for lokinet-bootstrap)
* libunbound
* libzmq
* cppzmq
### Linux Compile
If you want to build from source: <spanid="linux-compile"/>
This requires the binary to have the proper capabilities which is usually set by `make install` on the binary. If you have errors regarding permissions to open a new interface this can be resolved using:
#### Arch Linux <spanid="mom-cancel-my-meetings-arch-linux-broke-again"/>
Due to [circumstances beyond our control](https://github.com/oxen-io/lokinet/discussions/1823) a working `PKGBUILD` can be found [here](https://raw.githubusercontent.com/oxen-io/lokinet/makepkg/contrib/archlinux/PKGBUILD).
#### Cross Compile For Linux <spanid="linux-cross"/>
current cross targets:
* aarch64-linux-gnu
* arm-linux-gnueabihf
* mips-linux-gnu
* mips64-linux-gnuabi64
* mipsel-linux-gnu
* powerpc64le-linux-gnu
install the toolchain (this one is for `aarch64-linux-gnu`, you can provide your own toolchain if you want)
$ sudo apt install g{cc,++}-aarch64-linux-gnu
build 1 or many cross targets:
$ ./contrib/cross.sh arch_1 arch_2 ... arch_n
### Building For Windows <spanid="win32-cross"/>
windows builds are cross compiled from debian/ubuntu linux
additional build requirements:
* nsis
* cpack
* rsvg-convert (`librsvg2-bin` package on Debian/Ubuntu)
Source code compilation of Lokinet by end users is not supported or permitted by apple on their platforms, see [this](../contrib/macos/README.txt) for more information.
If you find this disagreeable consider using a platform that permits compiling from source.
### FreeBSD <spanid="freebsd-install"/>
Currently has no VPN Platform code, see issue `#1513`
for all codepaths for traffic over lokinet, there is 2 parts, the "frontend" and the "backend".
the "backend" is responsible for sending and recieving data inside lokinet using our internal formats via paths, it handles flow management, lookups, timeouts, handover, and all state we have inside lokinet.
the "fontend", is a translation layer that takes in IP Packets from the OS, and send it to the backend to go where ever it wants to go, and recieves data from the "backend" and sends it to the OS as an IP Packet.
there are 2 'backends': `.snode` and `.loki`
there are 2 'frontends': "tun" (generic OS vpn interface) and "null" (does nothing)
* `//TODO: the backends need to be split up into multiple sub components as they are a kitchen sink.`
* `//TODO: the frontends blend into the backend too much and need to have their boundery clearer.`
### `/llarp/ev` / `/llarp/net` / `/llarp/vpn`
these contain most of the os/platform specific bits
* `//TODO: untangle these`
### `/llarp/link` / `/llarp/iwp`
node to node traffic logic and wire protocol dialects
* `//TODO: make better definitions of interfaces`
* `//TODO: separte implementation details from interfaces`
## platform contrib code `(/contrib)`
grab bag directory for non core related platform specific non source code
* `/contrib/format.sh`: clang-format / jsonnetfmt / swiftformat helper, will check or correct code style.
the desired outcome of this refactor will be splitting the existing code up into a stack of new components.
a layer hides all functionality of the layer below it to reduce the complexity like the OSI stack intends to.
the refactor starts at the top layer, wiring up the old implementation piecewise to the top layer.
once the top layer is wired up to the old implementation we will move down to the next layer.
this will repeat until we reach the bottom layer.
once the old implementation is wired up into these new clearly defined layers, we can fixup or replace different parts of each layer one at a time as needed.
working down from each layer will let us pick apart the old implementation (if needed) that we would wire up to the new base classes for that layer we are defining now without worrying about what is below it (yet).
this refactor is very able to be split up into small work units that (ideally) do not confict with each other.
this is the top layer, it is responsibile ONLY to act as a handler of reading data from the "user" (via tun interface or whatever) to forward to the flow layer as desired, and to take data from the flow layer and send it to the "user".
any kind of IP/dns mapping or traffic isolation details are done here. embedded lokinet would be implemented in this layer as well, as it is without a full tun interface.
Platform layer PDU are what the OS gives us and we internally convert them into flow layer PDU and hand them off to the flow layer.
## Flow Layer
this layer is tl;dr mean to multiplex data from the platform layer across the routing layer and propagating PDU from the routing to the platform layer if needed.
the flow layer is responsible for sending platform layer PDU across path we have already established.
this layer is informed by the routing layer below it of state changes in what paths are available for use.
the flow layer requests from the layer below to make new paths if it wishes to get new ones on demand.
this layer will recieve routing layer PDU from the routing layer and apply any congestion control needed to buffer things to the os if it is needed at all.
flow layer PDU are (data, ethertype, src-pubkey, dst-pubkey, isolation-metric) tuples.
data is the datum we are tunneling over lokinet. ethertype tells us what kind of datum this is, e.g. plainquic/ipv4/ipv6/auth/etc.
src-pubkey and dst-pubkey are public the ed25519 public keys of each end of the flow in use.
the isolation metric is a piece of metadata we use to distinguish unique flows (convotag). in this new seperation convotags explicitly do not hand over across paths.
## Routing Layer
this layer is tl;dr meant for path management but not path building.
the routing layer is responsible for sending/recieving flow layer PDU, DHT requests/responses, latency testing PDU and any other kind of PDU we send/recieve over the onion layer.
this layer will be responsible for managing paths we have already built across lokinet.
the routing layer will periodically measure path status/latency, and do any other kinds of perioidic path related tasks post build.
this layer when asked for a new path from the flow layer will use one that has been prebuilt already and if the number of prebuilt paths is below a threshold we will tell the onion layer to build more paths.
the routing layer will recieve path build results be their success/fail/timeout from the onion layer that were requested and apply any congestion control needed at the pivot router.
routing layer PDU are (data, src-path, dst-path) tuples.
data is the datum we are transferring between paths.
src-path and dst-path are (pathid, router id) tuples, the source being which path this routing layer PDU originated from, destination being which path it is going to.
in the old model, router id is always the router that recieves it as the pivot router, this remains the same unless we explicitly provide router-id.
this lets us propagate hints to DHT related PDU held inside the datum.
## Onion Layer
the onion layer is repsonsible for path builds, path selection logic and low level details of encrypted/decrypting PDU that are onion routed over paths.
this layer is requested by the routing layer to build a path to a pivot router with an optional additional constraints (e.g. unique cidr/operator/geoip/etc, latency constaints, hop length, path lifetime).
the onion layer will encrypt PDU and send them to link layer as (frame/edge router id) tuples, and recieve link layer frames from edge routers, decrypt them and propagate them as needed to the routing layer.
this layer also handles transit onion traffic and transit path build responsibilities as a snode and apply congestion control as needed per transit path.
the onion layer PDU are (data, src-path, dst-path) tuples.
src-path and dst-path are (router-id, path-id) tuples which contain the ed25519 pubkey of the node and the 128 bit path-id it was associated with.
data is some datum we are onion routing that we would apply symettric encryption as needed before propagating to upper or lower layers.
## Link Layer
the link layer is responsbile for transmission of frames between nodes.
this layer will handle queuing and congestion control between wire proto sessions between nodes.
the link layer is will initate and recieve wire session to/from remote nodes.
the link layer PDU is (data, src-router-id, dst-router-id) tuples.
data is a datum of a link layer frame.
src-router-id and dst-router-id are (ed25519-pubkey, net-addr, wire-proto-info) tuples.
the ed25519 pubkey is a .snode address, (clients have these too but they are ephemeral).
net-addr is an (ip, port) tuple the node is reachable via the wire protocol.
wire-proto-info is dialect specific wire protocol specific info.
## Wire Layer
the wire layer is responsible for transmitting link layer frames between nodes.
all details here are specific to each wire proto dialect.
option(SUBMODULE_CHECK"Enables checking that vendored library submodules are up to date"ON)
if(SUBMODULE_CHECK)
find_package(Git)
@ -12,13 +11,22 @@ if(SUBMODULE_CHECK)
else()
message(FATAL_ERROR"Submodule 'external/${relative_path}' is not up-to-date. Please update with\ngit submodule update --init --recursive\nor run cmake with -DSUBMODULE_CHECK=OFF")
message(FATAL_ERROR"Nested submodule '${relative_path}/${submod}' is not up-to-date. Please update with\ngit submodule update --init --recursive\nor run cmake with -DSUBMODULE_CHECK=OFF")