Merge remote-tracking branch 'origin/stable' into debian/sid

4 years ago · c42b12b042
parent 6554b49bfd 107b68df87
commit c42b12b042
176 changed files with 2823 additions and 1906 deletions
--- a/.clang-format
+++ b/.clang-format
@ -14,7 +14,23 @@ AlwaysBreakAfterDefinitionReturnType: All
 AlwaysBreakAfterReturnType: All
 AlwaysBreakTemplateDeclarations: 'true'
 BreakBeforeBinaryOperators: NonAssignment
-BreakBeforeBraces: Allman
+BreakBeforeBraces: Custom
 BraceWrapping:
  AfterCaseLabel: true
  AfterClass: true
  AfterControlStatement: true
  AfterEnum: true
  AfterFunction: true
  AfterNamespace: true
  AfterObjCDeclaration: true
  AfterStruct: true
  AfterUnion: true
  AfterExternBlock: true
  BeforeCatch: true
  BeforeElse: true
  SplitEmptyFunction: false
  SplitEmptyRecord: false
  SplitEmptyNamespace: false
 BreakBeforeTernaryOperators: 'true'
 BreakConstructorInitializersBeforeComma: 'true'
 Cpp11BracedListStyle: 'true'
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@ -1,7 +1,7 @@
 cmake_minimum_required(VERSION 3.10)  # bionic's cmake version
 # Has to be set before `project()`, and ignored on non-macos:
-set(CMAKE_OSX_DEPLOYMENT_TARGET 10.14 CACHE STRING "macOS deployment target (Apple clang only)")
+set(CMAKE_OSX_DEPLOYMENT_TARGET 10.12 CACHE STRING "macOS deployment target (Apple clang only)")
 find_program(CCACHE_PROGRAM ccache)
 if(CCACHE_PROGRAM)
@ -15,7 +15,7 @@ endif()
 set(PROJECT_NAME lokinet)
 project(${PROJECT_NAME}
-    VERSION 0.8.0
+    VERSION 0.8.1
    DESCRIPTION "lokinet - IP packet onion router"
    LANGUAGES C CXX)
@ -37,7 +37,7 @@ option(USE_AVX2 "enable avx2 code" OFF)
 option(USE_NETNS "enable networking namespace support. Linux only" OFF)
 option(NATIVE_BUILD "optimise for host system and FPU" ON)
 option(EMBEDDED_CFG "optimise for older hardware or embedded systems" OFF)
-option(BUILD_SHARED_LIBS "build lokinet libraries as shared libraries instead of static" ON)
+option(BUILD_SHARED_LIBS "build lokinet libraries as shared libraries instead of static" OFF)
 option(SHADOW "use shadow testing framework. linux only" OFF)
 option(XSAN "use sanitiser, if your system has it (requires -DCMAKE_BUILD_TYPE=Debug)" OFF)
 option(WITH_JEMALLOC "use jemalloc as allocator" OFF)
@ -271,17 +271,19 @@ if (NOT BUILD_STATIC_DEPS)
  target_link_libraries(libunbound INTERFACE PkgConfig::UNBOUND)
 endif()
-pkg_check_modules(SD libsystemd)
+pkg_check_modules(SD libsystemd IMPORTED_TARGET)
 # Default WITH_SYSTEMD to true if we found it
 option(WITH_SYSTEMD "enable systemd integration for sd_notify" ${SD_FOUND})
 # Base interface target where we set up global link libraries, definitions, includes, etc.
 add_library(base_libs INTERFACE)
 if(WITH_SYSTEMD AND (NOT ANDROID))
  if(NOT SD_FOUND)
    message(FATAL_ERROR "libsystemd not found")
  endif()
-  add_definitions(-DWITH_SYSTEMD)
+  target_link_libraries(base_libs INTERFACE PkgConfig::SD)
-  include_directories(${SD_INCLUDE_DIRS})
+  target_compile_definitions(base_libs INTERFACE WITH_SYSTEMD)
  set(SD_LIBS ${SD_LDFLAGS})
 endif()
 option(SUBMODULE_CHECK "Enables checking that vendored library submodules are up to date" ON)
@ -331,14 +333,13 @@ include_directories(SYSTEM external/sqlite_orm/include)
 add_subdirectory(vendor)
 if(ANDROID)
-  list(APPEND LIBS log)
+  target_link_libraries(base_libs INTERFACE log)
-  add_definitions(-DANDROID)
+  target_compile_definitions(base_libs INTERFACE ANDROID)
  set(ANDROID_PLATFORM_SRC android/ifaddrs.c)
 endif()
 set(LIBS ${MALLOC_LIB} ${LIBUV_LIBRARY} ${SD_LIBS})
 if(TRACY_ROOT)
-  list(APPEND LIBS -ldl)
+  target_link_libraries(base_libs INTERFACE dl)
 endif()
 if(WITH_HIVE)
@ -377,10 +378,6 @@ if(NOT TARGET uninstall)
 endif()
 if(BUILD_PACKAGE)
    include(cmake/installer.cmake)
 endif()
 if(BUILD_PACKAGE)
    include(cmake/installer.cmake)
 endif()
--- a/CROSSCOMPILE.md
+++ b/CROSSCOMPILE.md
@ -4,25 +4,33 @@ Currently supported targets:
 Tier 1:
 These builds are fully automated using [Drone CI](https://drone.io). Guaranteed to be fully reproducible.
 * Linux (arm/x86)
-* Windows (32 and 64 bit x86)
+* Windows 8+ (32 and 64 bit x86)
-* FreeBSD (amd64)
+
 Tier 2:
 These targets have no build automation available, but do not require patches to build or run.
 * Mac OSX (> 10.10)
 * Android (arm/x86)
 * Apple IOS
 * Linux PPC64 (little endian)
 * FreeBSD (amd64)
 Tier 3:
 These targets are somewhat obscure or possibly obsolete, and may require some patching to fix target specific issues.
 * Big Endian Linux
 * NetBSD
 * OpenBSD
 * Windows pre-8 (while this is technically possible, the requirement for [cryptographically reproducible builds](https://reproducible-builds.org/) precludes it.)
 * UNIX v5 (x86 AMD64)
-Unsupported (feel free to support this yourself)
+Unsupported 
 (feel free to support this yourself)
 we are completely unable to test these targets at all, proceed at your own risk
 * AIX
 * zOS
--- a/cmake/StaticBuild.cmake
+++ b/cmake/StaticBuild.cmake
@ -87,12 +87,6 @@ endfunction()
 if(WITH_LTO)
  set(flto "-flto")
 else()
  set(flto "")
 endif()
 set(cross_host "")
 set(cross_rc "")
 if(CMAKE_CROSSCOMPILING)
@ -142,6 +136,18 @@ if(ANDROID)
  set(deps_ar "${CMAKE_ANDROID_NDK}/toolchains/llvm/prebuilt/linux-x86_64/bin/${android_toolchain_prefix}-${android_toolchain_suffix}-ar")
 endif()
 set(deps_CFLAGS "-O2")
 set(deps_CXXFLAGS "-O2")
 if(WITH_LTO)
  set(deps_CFLAGS "${deps_CFLAGS} -flto")
 endif()
 if(APPLE)
  set(deps_CFLAGS "${deps_CFLAGS} -mmacosx-version-min=${CMAKE_OSX_DEPLOYMENT_TARGET}")
  set(deps_CXXFLAGS "${deps_CXXFLAGS} -mmacosx-version-min=${CMAKE_OSX_DEPLOYMENT_TARGET}")
 endif()
 # Builds a target; takes the target name (e.g. "readline") and builds it in an external project with
 # target name suffixed with `_external`.  Its upper-case value is used to get the download details
@ -150,7 +156,7 @@ endif()
 set(build_def_DEPENDS "")
 set(build_def_PATCH_COMMAND "")
 set(build_def_CONFIGURE_COMMAND ./configure ${cross_host} --disable-shared --prefix=${DEPS_DESTDIR} --with-pic
-    "CC=${deps_cc}" "CXX=${deps_cxx}" "CFLAGS=-O2 ${flto}" "CXXFLAGS=-O2 ${flto}" ${cross_rc})
+    "CC=${deps_cc}" "CXX=${deps_cxx}" "CFLAGS=${deps_CFLAGS}" "CXXFLAGS=${deps_CXXFLAGS}" ${cross_rc})
 set(build_def_BUILD_COMMAND make)
 set(build_def_INSTALL_COMMAND make install)
 set(build_def_BUILD_BYPRODUCTS ${DEPS_DESTDIR}/lib/lib___TARGET___.a ${DEPS_DESTDIR}/include/___TARGET___.h)
@ -199,7 +205,7 @@ build_external(openssl
  CONFIGURE_COMMAND ${CMAKE_COMMAND} -E env CC=${deps_cc} ${openssl_system_env} ./config
    --prefix=${DEPS_DESTDIR} ${openssl_extra_opts} no-shared no-capieng no-dso no-dtls1 no-ec_nistp_64_gcc_128 no-gost
    no-heartbeats no-md2 no-rc5 no-rdrand no-rfc3779 no-sctp no-ssl-trace no-ssl2 no-ssl3
-    no-static-engine no-tests no-weak-ssl-ciphers no-zlib no-zlib-dynamic "CFLAGS=-O2 ${flto}"
+    no-static-engine no-tests no-weak-ssl-ciphers no-zlib no-zlib-dynamic "CFLAGS=${deps_CFLAGS}"
  INSTALL_COMMAND make install_sw
  BUILD_BYPRODUCTS
    ${DEPS_DESTDIR}/lib/libssl.a ${DEPS_DESTDIR}/lib/libcrypto.a
@ -219,7 +225,7 @@ set(OPENSSL_VERSION 1.1.1)
 build_external(expat
  CONFIGURE_COMMAND ./configure ${cross_host} --prefix=${DEPS_DESTDIR} --enable-static
  --disable-shared --with-pic --without-examples --without-tests --without-docbook --without-xmlwf
-  "CC=${deps_cc}" "CFLAGS=-O2 ${flto}"
+  "CC=${deps_cc}" "CFLAGS=${deps_CFLAGS}"
 )
 add_static_target(expat expat_external libexpat.a)
@ -230,7 +236,7 @@ build_external(unbound
  --enable-static --with-libunbound-only --with-pic
  --$<IF:$<BOOL:${WITH_LTO}>,enable,disable>-flto --with-ssl=${DEPS_DESTDIR}
  --with-libexpat=${DEPS_DESTDIR}
-  "CC=${deps_cc}" "CFLAGS=-O2 ${flto}"
+  "CC=${deps_cc}" "CFLAGS=${deps_CFLAGS}"
 )
 add_static_target(libunbound unbound_external libunbound.a)
 if(NOT WIN32)
@ -242,7 +248,7 @@ endif()
 build_external(sodium CONFIGURE_COMMAND ./configure ${cross_host} ${cross_rc} --prefix=${DEPS_DESTDIR} --disable-shared
-          --enable-static --with-pic "CC=${deps_cc}" "CFLAGS=-O2 ${flto}")
+          --enable-static --with-pic "CC=${deps_cc}" "CFLAGS=${deps_CFLAGS}")
 add_static_target(sodium sodium_external libsodium.a)
 build_external(sqlite3)
@ -260,7 +266,7 @@ build_external(zmq
  CONFIGURE_COMMAND ./configure ${cross_host} --prefix=${DEPS_DESTDIR} --enable-static --disable-shared
    --disable-curve-keygen --enable-curve --disable-drafts --disable-libunwind --with-libsodium
    --without-pgm --without-norm --without-vmci --without-docs --with-pic --disable-Werror
-    "CC=${deps_cc}" "CXX=${deps_cxx}" "CFLAGS=-O2 -fstack-protector ${flto}" "CXXFLAGS=-O2 -fstack-protector ${flto}"
+    "CC=${deps_cc}" "CXX=${deps_cxx}" "CFLAGS=${deps_CFLAGS} -fstack-protector" "CXXFLAGS=${deps_CXXFLAGS} -fstack-protector"
    "sodium_CFLAGS=-I${DEPS_DESTDIR}/include" "sodium_LIBS=-L${DEPS_DESTDIR}/lib -lsodium"
 )
 add_static_target(libzmq zmq_external libzmq.a)
--- a/cmake/macos_installer_deps.cmake
+++ b/cmake/macos_installer_deps.cmake
@ -26,7 +26,7 @@ ExternalProject_Add(lokinet-gui
    GIT_REPOSITORY "${LOKINET_GUI_REPO}"
    GIT_TAG "${LOKINET_GUI_CHECKOUT}"
    CMAKE_ARGS -DMACOS_APP=ON -DCMAKE_INSTALL_PREFIX=${PROJECT_BINARY_DIR} -DMACOS_SIGN=${MACOS_SIGN_APP}
-        -DCMAKE_PREFIX_PATH=${CMAKE_PREFIX_PATH}
+        -DCMAKE_PREFIX_PATH=${CMAKE_PREFIX_PATH} -DBUILD_STATIC_DEPS=ON -DBUILD_SHARED_LIBS=OFF
    )
@ -60,16 +60,15 @@ set(CPACK_GENERATOR "productbuild")
 set(CPACK_PACKAGING_INSTALL_PREFIX "/opt/lokinet")
 set(CPACK_POSTFLIGHT_LOKINET_SCRIPT ${CMAKE_SOURCE_DIR}/contrib/macos/postinstall)
-# The GUI is GPLv3, and so the bundled core+GUI must be as well:
+set(CPACK_RESOURCE_FILE_LICENSE "${PROJECT_SOURCE_DIR}/LICENSE.txt")
 set(CPACK_RESOURCE_FILE_LICENSE "${PROJECT_SOURCE_DIR}/contrib/gpl-3.0.txt")
 set(CPACK_PRODUCTBUILD_IDENTITY_NAME "${MACOS_SIGN_PKG}")
 if(MACOS_SIGN_APP)
    add_custom_target(sign ALL
-        echo "Signing lokinet and lokinetctl binaries"
+        echo "Signing lokinet and lokinet-vpn binaries"
-        COMMAND codesign -s "${MACOS_SIGN_APP}" --strict --options runtime --force -vvv $<TARGET_FILE:lokinet> $<TARGET_FILE:lokinetctl>
+        COMMAND codesign -s "${MACOS_SIGN_APP}" --strict --options runtime --force -vvv $<TARGET_FILE:lokinet> $<TARGET_FILE:lokinet-vpn>
-        DEPENDS lokinet lokinetctl
+        DEPENDS lokinet lokinet-vpn
        )
 endif()
--- a/cmake/unix.cmake
+++ b/cmake/unix.cmake
@ -24,25 +24,20 @@ if (STATIC_LINK_RUNTIME OR STATIC_LINK)
 endif()
-option(DOWNLOAD_UV "statically compile in libuv" OFF)
+option(NO_SYSTEM_LIBUV "statically compile libuv without even trying to find a system copy" OFF)
-# Allow -DDOWNLOAD_UV=FORCE to download without even checking for a local libuv
+add_library(libuv INTERFACE)
-if(NOT DOWNLOAD_UV STREQUAL "FORCE")
+if(NOT BUILD_STATIC_DEPS)
  find_package(LibUV 1.28.0)
 endif()
 if(LibUV_FOUND)
  message(STATUS "using system libuv")
-elseif(DOWNLOAD_UV)
+  target_link_libraries(libuv INTERFACE ${LIBUV_LIBRARIES})
  target_include_directories(libuv INTERFACE ${LIBUV_INCLUDE_DIRS})
 else()
  message(STATUS "using libuv submodule")
-  set(LIBUV_ROOT ${CMAKE_SOURCE_DIR}/external/libuv)
+  add_subdirectory(${PROJECT_SOURCE_DIR}/external/libuv)
-  add_subdirectory(${LIBUV_ROOT})
+  target_link_libraries(libuv INTERFACE uv_a)
  set(LIBUV_INCLUDE_DIRS ${LIBUV_ROOT}/include)
  set(LIBUV_LIBRARY uv_a)
  if(NOT ANDROID)
    add_definitions(-D_LARGEFILE_SOURCE)
    add_definitions(-D_FILE_OFFSET_BITS=64)
  endif()
 endif()
 include_directories(${LIBUV_INCLUDE_DIRS})
 if(EMBEDDED_CFG OR ${CMAKE_SYSTEM_NAME} MATCHES "Linux")
  link_libatomic()
--- a/cmake/win32.cmake
+++ b/cmake/win32.cmake
@ -29,14 +29,6 @@ if (NOT STATIC_LINK AND NOT MSVC)
  message("for release builds, turn on STATIC_LINK in cmake options")
 endif()
 # win32 is the last platform for which we grab libuv manually
 # if you want to use the included submodule do
 # cmake .. -G Ninja -DLIBUV_ROOT=../external/libuv.
 # otherwise grab mine (github.com/despair86/libuv.git) if you need to run on older hardware
 # and clone to win32-setup/libuv
 # then
 # cmake .. -G Ninja -DLIBUV_ROOT=../win32-setup/libuv
 # it is literally upward compatible with current windows 10
 if (STATIC_LINK)
  set(LIBUV_USE_STATIC ON)
  if (WOW64_CROSS_COMPILE)
@ -46,14 +38,26 @@ if (STATIC_LINK)
  endif()
 endif()
 # win32 is the last platform for which we grab libuv manually.
 # If you want to run on older hardware try github.com/despair86/libuv.git and then:
 #     cmake .. -G Ninja -DLIBUV_ROOT=/path/to/libuv
 # Otherwise we'll try either a system one (if not under BUILD_STATIC_DEPS) or else use the submodule
 # in external/libuv.
 add_library(libuv INTERFACE)
 if(NOT LIBUV_ROOT AND NOT BUILD_STATIC_DEPS)
  find_package(LibUV 1.28.0)
 endif()
 if(LibUV_FOUND)
  message(STATUS "using system libuv")
  target_link_libraries(libuv INTERFACE ${LIBUV_LIBRARIES})
  target_include_directories(libuv INTERFACE ${LIBUV_INCLUDE_DIRS})
 else()
  if(LIBUV_ROOT)
    add_subdirectory(${LIBUV_ROOT})
-  set(LIBUV_INCLUDE_DIRS ${LIBUV_ROOT}/include)
+  else()
-  set(LIBUV_LIBRARY uv_a)
+    add_subdirectory(${PROJECT_SOURCE_DIR}/external/libuv)
-  add_definitions(-D_LARGEFILE_SOURCE)
+  endif()
-  add_definitions(-D_FILE_OFFSET_BITS=64)
+  target_link_libraries(libuv INTERFACE uv_a)
-elseif(NOT LIBUV_IN_SOURCE)
+  target_compile_definitions(libuv INTERFACE _LARGEFILE_SOURCE _FILE_OFFSET_BITS=64)
  find_package(LibUV 1.28.0 REQUIRED)
 endif()
 include_directories(${LIBUV_INCLUDE_DIRS})
--- a/cmake/win32_installer_deps.cmake
+++ b/cmake/win32_installer_deps.cmake
@ -1,9 +1,38 @@
 set(GUI_ZIP_URL "https://builds.lokinet.dev/loki-project/loki-network-control-panel/master/lokinet-gui-windows-32bit-20201106T142720Z-b92e5fd10.zip")
 set(GUI_ZIP_HASH SHA256=52868f7bf6d1f4fc7ca587cc79449fefd8000a485bb7917acbc29fdefdd55839)
 set(TUNTAP_URL "https://build.openvpn.net/downloads/releases/latest/tap-windows-latest-stable.exe")
 set(TUNTAP_EXE "${CMAKE_BINARY_DIR}/tuntap-install.exe")
 set(BOOTSTRAP_URL "https://seed.lokinet.org/lokinet.signed")
 set(BOOTSTRAP_FILE "${CMAKE_BINARY_DIR}/bootstrap.signed")
 file(DOWNLOAD
    ${TUNTAP_URL}
    ${TUNTAP_EXE})
 file(DOWNLOAD
    ${BOOTSTRAP_URL}
    ${BOOTSTRAP_FILE})
 file(DOWNLOAD
    ${GUI_ZIP_URL}
    ${CMAKE_BINARY_DIR}/lokinet-gui.zip
    EXPECTED_HASH ${GUI_ZIP_HASH})
 execute_process(COMMAND ${CMAKE_COMMAND} -E tar xf ${CMAKE_BINARY_DIR}/lokinet-gui.zip
  WORKING_DIRECTORY ${CMAKE_BINARY_DIR})
 install(DIRECTORY ${CMAKE_BINARY_DIR}/gui DESTINATION share COMPONENT gui)
 install(PROGRAMS ${TUNTAP_EXE} DESTINATION bin)
 install(FILES ${BOOTSTRAP_FILE} DESTINATION share)
 set(CPACK_PACKAGE_INSTALL_DIRECTORY "Lokinet")
 set(CPACK_NSIS_MUI_ICON "${CMAKE_SOURCE_DIR}/win32-setup/lokinet.ico")
 set(CPACK_NSIS_DEFINES "RequestExecutionLevel admin")
-set(CPACK_NSIS_EXTRA_INSTALL_COMMANDS "ExecWait '$INSTDIR\\\\bin\\\\tuntap-install.exe /S'")
+set(CPACK_NSIS_EXTRA_INSTALL_COMMANDS "ExecWait '$INSTDIR\\\\bin\\\\tuntap-install.exe /S'\\nExecWait '$INSTDIR\\\\bin\\\\lokinet.exe --install'\\nExecWait '$INSTDIR\\\\bin\\\\lokinet.exe -g C:\\\\ProgramData\\\\lokinet\\\\lokinet.ini'\\nCopyFiles '$INSTDIR\\\\share\\\\bootstrap.signed' C:\\\\ProgramData\\\\lokinet\\\\bootstrap.signed")
-set(CPACK_NSIS_EXTRA_UNINSTALL_COMMANDS "ExecWait 'C:\\\\Program Files\\\\TAP-Windows\\\\Uninstall.exe /S'")
+set(CPACK_NSIS_EXTRA_UNINSTALL_COMMANDS "ExecWait '$INSTDIR\\\\bin\\\\lokinet.exe --remove'\\nRMDir /r /REBOOTOK C:\\\\ProgramData\\\\lokinet")
 set(CPACK_NSIS_CREATE_ICONS_EXTRA
    "CreateShortCut '$SMPROGRAMS\\\\$STARTMENU_FOLDER\\\\Lokinet.lnk' '$INSTDIR\\\\share\\\\gui\\\\lokinet-gui.exe' '-platform windows:dpiawareness=0'"
 )
 set(CPACK_NSIS_DELETE_ICONS_EXTRA
    "Delete '$SMPROGRAMS\\\\$START_MENU\\\\Lokinet.lnk'"
 )
--- a/contrib/ci/drone-static-upload.sh
+++ b/contrib/ci/drone-static-upload.sh
@ -35,7 +35,7 @@ fi
 mkdir -v "$base"
 if [ -e daemon/lokinet.exe ]; then
-    cp -av daemon/lokinet.exe daemon/lokinet-vpn.exe ../lokinet-bootstrap.ps1 "$base"
+    cp -av lokinet-*.exe ../lokinet-bootstrap.ps1 "$base"
    # zipit up yo
    archive="$base.zip"
    zip -r "$archive" "$base"
--- a/contrib/lokinet-resolvconf
+++ b/contrib/lokinet-resolvconf
@ -0,0 +1,54 @@
 #!/bin/bash
 # Script to invoke resolvconf (if installed) to add/remove lokinet into/from the resolvconf DNS
 # server list.  This script does not add if any of these are true:
 #
 # - /sbin/resolvconf does not exist
 # - the systemd-resolved service is active
 # - a `no-resolvconf=1` item is present in the [dns] section of lokinet.ini
 #
 # It always attempts to remove if resolvconf is installed (so that commenting out while running,
 # then stopping still removes the added entry).
 #
 # Usage: lokinet-resolvconf {add|remove} /etc/loki/lokinet.ini
 set -e
 action="$1"
 conf="$2"
 if [[ ! ("$action" == "add" || "$action" == "remove") || ! -f "$conf" ]]; then
    echo "Usage: $0 {add|remove} /path/to/lokinet.ini" >&2
    exit 1
 fi
 if ! [ -x /sbin/resolvconf ]; then
    exit 0
 fi
 if [ -x /bin/systemctl ] && /bin/systemctl --quiet is-active systemd-resolved.service; then
    exit 0
 fi
 if [ "$action" == "add" ]; then
    if ! [ -x /sbin/resolvconf ]; then exit 0; fi
    lokinet_ns=$(perl -e '
    $ns = "127.3.2.1"; # default if none found in .ini
    while (<>) {
        if ((/^\[dns\]/ ... /^\[/)) {
            if (/^bind\s*=\s*([\d.]+)(?::53)?\s*$/) {
                $ns=$1;
            } elsif (/^no-resolvconf\s*=\s*1\s*/) {
                exit;
            }
        }
    }
    print $ns' "$conf")
    if [ -n "$lokinet_ns" ]; then
        echo "nameserver $lokinet_ns" | /sbin/resolvconf -a lo.000lokinet
    fi
 else
    /sbin/resolvconf -d lo.000lokinet
 fi
--- a/contrib/py/admin/lokinetmon
+++ b/contrib/py/admin/lokinetmon
@ -43,7 +43,8 @@ class Monitor:
    def update_data(self):
        """update data from lokinet"""
        try:
-            self.data = json.loads(self.rpc("llarp.status"))
+            data = json.loads(self.rpc("llarp.status"))
            self.data = data['result']
        except:
            self.data = None
        return self.data is not None and self._run
@ -248,7 +249,7 @@ class Monitor:
        """ display links """
        y_pos += 1
        self.win.move(y_pos, 1)
-        sessions = link["sessions"]["established"]
+        sessions = link["sessions"]["established"] or []
        for sess in sessions:
            y_pos = self.display_link_session(y_pos, sess)
        return y_pos
@ -311,7 +312,8 @@ class Monitor:
    def display_data(self):
        """ draw main window """
        if self.data is not None:
-            self.win.addstr(1, 1, self.rpc("llarp.version"))
+            if self.version:
                self.win.addstr(1, 1, self.version)
            services = self.data["services"] or {}
            y_pos = 3
            try:
@ -319,14 +321,19 @@ class Monitor:
                for key in services:
                    y_pos = self.display_service(y_pos, key, services[key])
                y_pos = self.display_dht(y_pos, self.data["dht"])
-            except Exception as e:
+            except:
-                print(e)
+                pass
        else:
            self.win.move(1, 1)
            self.win.addstr("lokinet offline")
    def run(self):
        """ run mainloop """
        try:
            self.version = json.loads(self.rpc("llarp.version"))['result']['version']
        except:
            self.version = None
        while self._run:
            if self.update_data():
                self.win.box()
--- a/daemon/lokinet-vpn.cpp
+++ b/daemon/lokinet-vpn.cpp
@ -55,14 +55,20 @@ main(int argc, char* argv[])
 {
  cxxopts::Options opts("lokinet-vpn", "LokiNET vpn control utility");
-  opts.add_options()("v,verbose", "Verbose", cxxopts::value<bool>())(
+  // clang-format off
-      "h,help", "help", cxxopts::value<bool>())("up", "put vpn up", cxxopts::value<bool>())(
+  opts.add_options()
-      "down", "put vpn down", cxxopts::value<bool>())(
+    ("v,verbose", "Verbose", cxxopts::value<bool>())
-      "exit", "specify exit node address", cxxopts::value<std::string>())(
+    ("h,help", "help", cxxopts::value<bool>())
-      "rpc", "rpc url for lokinet", cxxopts::value<std::string>())(
+    ("up", "put vpn up", cxxopts::value<bool>())
-      "endpoint", "endpoint to use", cxxopts::value<std::string>())(
+    ("down", "put vpn down", cxxopts::value<bool>())
-      "token", "exit auth token to use", cxxopts::value<std::string>());
+    ("exit", "specify exit node address", cxxopts::value<std::string>())
-
+    ("rpc", "rpc url for lokinet", cxxopts::value<std::string>())
    ("endpoint", "endpoint to use", cxxopts::value<std::string>())
    ("token", "exit auth token to use", cxxopts::value<std::string>())
    ("auth", "exit auth token to use", cxxopts::value<std::string>())
    ("status", "print status and exit", cxxopts::value<bool>())
    ;
  // clang-format on
  lokimq::address rpcURL("tcp://127.0.0.1:1190");
  std::string exitAddress;
  std::string endpoint = "default";
@ -70,6 +76,7 @@ main(int argc, char* argv[])
  lokimq::LogLevel logLevel = lokimq::LogLevel::warn;
  bool goUp = false;
  bool goDown = false;
  bool printStatus = false;
  try
  {
    const auto result = opts.parse(argc, argv);
@ -94,6 +101,7 @@ main(int argc, char* argv[])
    }
    goUp = result.count("up") > 0;
    goDown = result.count("down") > 0;
    printStatus = result.count("status") > 0;
    if (result.count("endpoint") > 0)
    {
@ -103,6 +111,10 @@ main(int argc, char* argv[])
    {
      token = result["token"].as<std::string>();
    }
    if (result.count("auth") > 0)
    {
      token = result["auth"].as<std::string>();
    }
  }
  catch (const cxxopts::option_not_exists_exception& ex)
  {
@ -115,7 +127,7 @@ main(int argc, char* argv[])
    std::cout << ex.what() << std::endl;
    return 1;
  }
-  if ((not goUp) and (not goDown))
+  if ((not goUp) and (not goDown) and (not printStatus))
  {
    std::cout << opts.help() << std::endl;
    return 1;
@ -149,9 +161,8 @@ main(int argc, char* argv[])
    return 1;
  }
-  std::vector<std::string> firstHops;
+  if (printStatus)
-  std::string ifname;
+  {
    const auto maybe_status = LMQ_Request(lmq, connID, "llarp.status");
    if (not maybe_status.has_value())
    {
@ -161,36 +172,27 @@ main(int argc, char* argv[])
    try
    {
-    // extract first hops
+      const auto& ep = maybe_status->at("result").at("services").at(endpoint);
-    const auto& links = maybe_status->at("result")["links"]["outbound"];
+      const auto exitMap = ep.at("exitMap");
-    for (const auto& link : links)
+      if (exitMap.empty())
    {
      const auto& sessions = link["sessions"]["established"];
      for (const auto& session : sessions)
      {
-        std::string addr = session["remoteAddr"];
+        std::cout << "no exits" << std::endl;
        const auto pos = addr.find(":");
        firstHops.push_back(addr.substr(0, pos));
      }
-    }
+      else
-    // get interface name
+      {
-#ifdef _WIN32
+        for (const auto& [range, exit] : exitMap.items())
    // strip off the "::ffff."
    ifname = maybe_status->at("result")["services"][endpoint]["ifaddr"];
    const auto pos = ifname.find("/");
    if (pos != std::string::npos)
        {
-      ifname = ifname.substr(0, pos);
+          std::cout << range << " via " << exit.get<std::string>() << std::endl;
        }
      }
 #else
    ifname = maybe_status->at("result")["services"][endpoint]["ifname"];
 #endif
    }
    catch (std::exception& ex)
    {
      std::cout << "failed to parse result: " << ex.what() << std::endl;
      return 1;
    }
    return 0;
  }
  if (goUp)
  {
    std::optional<nlohmann::json> maybe_result;
--- a/daemon/main.cpp
+++ b/daemon/main.cpp
@ -50,7 +50,7 @@ extern "C" LONG FAR PASCAL
 win32_signal_handler(EXCEPTION_POINTERS*);
 extern "C" VOID FAR PASCAL
 win32_daemon_entry(DWORD, LPTSTR*);
-VOID ReportSvcStatus(DWORD, DWORD, DWORD);
+BOOL ReportSvcStatus(DWORD, DWORD, DWORD);
 VOID
 insert_description();
 SERVICE_STATUS SvcStatus;
@ -250,19 +250,26 @@ uninstall_win32_daemon()
 /// this sets up, configures and runs the main context
 static void
-run_main_context(const fs::path confFile, const llarp::RuntimeOptions opts)
+run_main_context(std::optional<fs::path> confFile, const llarp::RuntimeOptions opts)
 {
  llarp::LogTrace("start of run_main_context()");
  try
  {
-    // this is important, can downgrade from Info though
+    std::unique_ptr<llarp::Config> conf;
-    llarp::LogDebug("Running from: ", fs::current_path().string());
+    if (confFile.has_value())
-    llarp::LogInfo("Using config file: ", confFile);
+    {
-
+      llarp::LogInfo("Using config file: ", *confFile);
-    llarp::Config conf;
+      conf = std::make_unique<llarp::Config>(confFile->parent_path());
-    conf.Load(confFile, opts.isRouter, confFile.parent_path());
+    }
    else
    {
      conf = std::make_unique<llarp::Config>(llarp::GetDefaultDataDir());
    }
    if (!conf->Load(confFile, opts.isRouter))
      throw std::runtime_error{"Config file parsing failed"};
    ctx = std::make_shared<llarp::Context>();
-    ctx->Configure(conf);
+    ctx->Configure(*conf);
    signal(SIGINT, handle_signal);
    signal(SIGTERM, handle_signal);
@ -289,6 +296,41 @@ run_main_context(const fs::path confFile, const llarp::RuntimeOptions opts)
  }
 }
 #ifdef _WIN32
 void
 TellWindowsServiceStopped()
 {
  ::WSACleanup();
  if (not start_as_daemon)
    return;
  llarp::LogInfo("Telling Windows the service has stopped.");
  if (not ReportSvcStatus(SERVICE_STOPPED, NO_ERROR, 0))
  {
    auto error_code = GetLastError();
    if (error_code == ERROR_INVALID_DATA)
      llarp::LogError(
          "SetServiceStatus failed: \"The specified service status structure is invalid.\"");
    else if (error_code == ERROR_INVALID_HANDLE)
      llarp::LogError("SetServiceStatus failed: \"The specified handle is invalid.\"");
    else
      llarp::LogError("SetServiceStatus failed with an unknown error.");
  }
  llarp::LogContext::Instance().ImmediateFlush();
 }
 class WindowsServiceStopped
 {
 public:
  WindowsServiceStopped() = default;
  ~WindowsServiceStopped()
  {
    TellWindowsServiceStopped();
  }
 };
 #endif
 int
 main(int argc, char* argv[])
 {
@ -318,9 +360,9 @@ lokinet_main(int argc, char* argv[])
  llarp::RuntimeOptions opts;
 #ifdef _WIN32
  WindowsServiceStopped stopped_raii;
  if (startWinsock())
    return -1;
  ReportSvcStatus(SERVICE_RUNNING, NO_ERROR, 0);
  SetConsoleCtrlHandler(handle_signal_win32, TRUE);
  // SetUnhandledExceptionFilter(win32_signal_handler);
@ -349,7 +391,7 @@ lokinet_main(int argc, char* argv[])
  bool genconfigOnly = false;
  bool overwrite = false;
-  fs::path configFile;
+  std::optional<fs::path> configFile;
  try
  {
    auto result = options.parse(argc, argv);
@ -426,32 +468,51 @@ lokinet_main(int argc, char* argv[])
    return 1;
  }
-  if (!configFile.empty())
+  if (configFile.has_value())
  {
    // when we have an explicit filepath
-    fs::path basedir = configFile.parent_path();
+    fs::path basedir = configFile->parent_path();
    if (genconfigOnly)
    {
-      llarp::ensureConfig(basedir, configFile, overwrite, opts.isRouter);
+      try
      {
        llarp::ensureConfig(basedir, *configFile, overwrite, opts.isRouter);
      }
      catch (std::exception& ex)
      {
        LogError("cannot generate config at ", *configFile, ": ", ex.what());
        return 1;
      }
    }
    else
    {
-      std::error_code ec;
+      try
-      if (!fs::exists(configFile, ec))
+      {
        if (!fs::exists(*configFile))
        {
-        llarp::LogError("Config file not found ", configFile);
+          llarp::LogError("Config file not found ", *configFile);
          return 1;
        }
      }
      catch (std::exception& ex)
      {
        LogError("cannot check if ", *configFile, " exists: ", ex.what());
        return 1;
      }
      if (ec)
        throw std::runtime_error(llarp::stringify("filesystem error: ", ec));
    }
  }
  else
  {
    try
    {
      llarp::ensureConfig(
          llarp::GetDefaultDataDir(), llarp::GetDefaultConfigPath(), overwrite, opts.isRouter);
    }
    catch (std::exception& ex)
    {
      llarp::LogError("cannot ensure config: ", ex.what());
      return 1;
    }
    configFile = llarp::GetDefaultConfigPath();
  }
@ -462,6 +523,11 @@ lokinet_main(int argc, char* argv[])
  std::thread main_thread{std::bind(&run_main_context, configFile, opts)};
  auto ftr = exit_code.get_future();
 #ifdef _WIN32
  ReportSvcStatus(SERVICE_RUNNING, NO_ERROR, 0);
 #endif
  do
  {
    // do periodic non lokinet related tasks here
@ -491,6 +557,9 @@ lokinet_main(int argc, char* argv[])
        LogError(wtf);
        llarp::LogContext::Instance().ImmediateFlush();
      }
 #ifdef _WIN32
      TellWindowsServiceStopped();
 #endif
      std::abort();
    }
  } while (ftr.wait_for(std::chrono::seconds(1)) != std::future_status::ready);
@ -515,10 +584,6 @@ lokinet_main(int argc, char* argv[])
  }
  llarp::LogContext::Instance().ImmediateFlush();
 #ifdef _WIN32
  ::WSACleanup();
  ReportSvcStatus(SERVICE_STOPPED, NO_ERROR, code);
 #endif
  if (ctx)
  {
    ctx.reset();
@ -527,7 +592,7 @@ lokinet_main(int argc, char* argv[])
 }
 #ifdef _WIN32
-VOID
+BOOL
 ReportSvcStatus(DWORD dwCurrentState, DWORD dwWin32ExitCode, DWORD dwWaitHint)
 {
  static DWORD dwCheckPoint = 1;
@ -548,7 +613,7 @@ ReportSvcStatus(DWORD dwCurrentState, DWORD dwWin32ExitCode, DWORD dwWaitHint)
    SvcStatus.dwCheckPoint = dwCheckPoint++;
  // Report the status of the service to the SCM.
-  SetServiceStatus(SvcStatusHandle, &SvcStatus);
+  return SetServiceStatus(SvcStatusHandle, &SvcStatus);
 }
 VOID FAR PASCAL
@ -595,7 +660,7 @@ win32_daemon_entry(DWORD argc, LPTSTR* argv)
  ReportSvcStatus(SERVICE_START_PENDING, NO_ERROR, 3000);
  // SCM clobbers startup args, regenerate them here
  argc = 2;
-  argv[1] = "c:/programdata/.lokinet/lokinet.ini";
+  argv[1] = "c:/programdata/lokinet/lokinet.ini";
  argv[2] = nullptr;
  lokinet_main(argc, argv);
 }
--- a/docs/exit-setup.md
+++ b/docs/exit-setup.md
@ -1,10 +1,18 @@
-to configure lokinet to be an exit add into `lokinet.ini` `[network]` section the following:
+to configure lokinet to be an exit add into `lokinet.ini`:
    [router]
    min-connections=8
    max-connections=16
    [network]
    exit=true
    keyfile=/var/lib/lokinet/exit.private
    reachable=1
    ifaddr=10.0.0.1/16
    hops=1
    paths=8
 post setup for exit (as root) given `eth0` is used to get to the internet:
--- a/external/libuv
+++ b/external/libuv
@ -1 +1 @@
-Subproject commit 25f4b8b8a3c0f934158cd37a37b0525d75ca488e
+Subproject commit 4e69e333252693bd82d6338d6124f0416538dbfc
--- a/external/loki-mq
+++ b/external/loki-mq
@ -1 +1 @@
-Subproject commit 53481cdfa9b0dc8d6dbbf04803401298754d7f44
+Subproject commit ea484729c7bb7b430259a422df373e86bdd95b55
--- a/jni/lokinet_jni_vpnio.hpp
+++ b/jni/lokinet_jni_vpnio.hpp
@ -133,18 +133,15 @@ struct lokinet_jni_vpnio : public lokinet::VPNIO
 {
  void
  InjectSuccess() override
-  {
+  {}
  }
  void
  InjectFail() override
-  {
+  {}
  }
  void
  Tick() override
-  {
+  {}
  }
 };
 #endif
--- a/llarp/CMakeLists.txt
+++ b/llarp/CMakeLists.txt
@ -64,7 +64,7 @@ add_library(lokinet-platform
  $<TARGET_OBJECTS:tuntap>
 )
-target_link_libraries(lokinet-platform PUBLIC lokinet-cryptography lokinet-util Threads::Threads ${LIBS})
+target_link_libraries(lokinet-platform PUBLIC lokinet-cryptography lokinet-util Threads::Threads base_libs libuv)
 if (ANDROID)
@ -235,7 +235,9 @@ target_link_libraries(liblokinet PRIVATE libunbound)
 if(BUILD_SHARED_LIBS)
-  install(TARGETS lokinet-util lokinet-platform liblokinet LIBRARY DESTINATION lib)
+  include(GNUInstallDirs)
  install(TARGETS lokinet-util lokinet-platform liblokinet LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR})
  if(WIN32)
    target_link_libraries(liblokinet PUBLIC ws2_32 iphlpapi)
  endif()
--- a/llarp/config/config.cpp
+++ b/llarp/config/config.cpp
--- a/llarp/config/config.hpp
+++ b/llarp/config/config.hpp
@ -63,7 +63,6 @@ namespace llarp
    std::string m_identityKeyFile;
    std::string m_transportKeyFile;
    bool m_enablePeerStats = false;
    bool m_isRelay = false;
    void
@ -73,7 +72,6 @@ namespace llarp
  struct NetworkConfig
  {
    std::optional<bool> m_enableProfiling;
    std::string m_routerProfilesFile;
    std::string m_strictConnect;
    std::string m_ifname;
    IPRange m_ifaddr;
@ -86,7 +84,11 @@ namespace llarp
    bool m_AllowExit = false;
    std::set<RouterID> m_snodeBlacklist;
    net::IPRangeMap<service::Address> m_ExitMap;
    net::IPRangeMap<std::string> m_LNSExitMap;
    std::unordered_map<service::Address, service::AuthInfo, service::Address::Hash> m_ExitAuths;
    std::unordered_map<std::string, service::AuthInfo> m_LNSExitAuths;
    std::unordered_map<huint128_t, service::Address> m_mapAddrs;
    service::AuthType m_AuthType = service::AuthType::eAuthTypeNone;
@ -153,7 +155,6 @@ namespace llarp
  struct LokidConfig
  {
    bool usingSNSeed = false;
    bool whitelistRouters = false;
    fs::path ident_keyfile;
    lokimq::address lokidRPCAddr;
@ -165,8 +166,7 @@ namespace llarp
  struct BootstrapConfig
  {
    std::vector<fs::path> routers;
-    /// for unit tests
+    bool seednode;
    bool skipBootstrap = false;
    void
    defineConfigOptions(ConfigDefinition& conf, const ConfigGenParameters& params);
  };
@ -183,6 +183,10 @@ namespace llarp
  struct Config
  {
    explicit Config(fs::path datadir);
    ~Config() = default;
    RouterConfig router;
    NetworkConfig network;
    ConnectConfig connect;
@ -204,10 +208,23 @@ namespace llarp
    void
    addBackwardsCompatibleConfigOptions(ConfigDefinition& conf);
-    // Load a config from the given file
+    // Load a config from the given file if the config file is not provided LoadDefault is called
    bool
-    Load(const fs::path fname, bool isRelay, fs::path defaultDataDir);
+    Load(std::optional<fs::path> fname = std::nullopt, bool isRelay = false);
    std::string
    generateBaseClientConfig();
    std::string
    generateBaseRouterConfig();
    void
    Save();
    void
    Override(std::string section, std::string key, std::string value);
   private:
    /// Load (initialize) a default config.
    ///
    /// This delegates to the ConfigDefinition to generate a default config,
@ -220,27 +237,17 @@ namespace llarp
    /// @param dataDir is a path representing a directory to be used as the data dir
    /// @return true on success, false otherwise
    bool
-    LoadDefault(bool isRelay, fs::path dataDir);
+    LoadDefault(bool isRelay);
    std::string
    generateBaseClientConfig(fs::path defaultDataDir);
    std::string
    generateBaseRouterConfig(fs::path defaultDataDir);
    void
    Save();
    void
-    Override(std::string section, std::string key, std::string value);
+    LoadOverrides();
   private:
    ConfigParser m_Parser;
    const fs::path m_DataDir;
  };
  void
-  ensureConfig(
+  ensureConfig(fs::path dataDir, fs::path confFile, bool overwrite, bool asRouter);
      const fs::path& defaultDataDir, const fs::path& confFile, bool overwrite, bool asRouter);
 }  // namespace llarp
--- a/llarp/config/definition.cpp
+++ b/llarp/config/definition.cpp
@ -1,22 +1,13 @@
 #include <config/definition.hpp>
 #include <util/logging/logger.hpp>
 #include <iterator>
 #include <sstream>
 #include <stdexcept>
 #include <cassert>
 namespace llarp
 {
  OptionDefinitionBase::OptionDefinitionBase(
      std::string section_, std::string name_, bool required_)
      : section(section_), name(name_), required(required_)
  {
  }
  OptionDefinitionBase::OptionDefinitionBase(
      std::string section_, std::string name_, bool required_, bool multiValued_)
      : section(section_), name(name_), required(required_), multiValued(multiValued_)
  {
  }
  template <>
  bool
  OptionDefinition<bool>::fromString(const std::string& input)
@ -32,17 +23,43 @@ namespace llarp
  ConfigDefinition&
  ConfigDefinition::defineOption(OptionDefinition_ptr def)
  {
-    auto sectionItr = m_definitions.find(def->section);
+    using namespace config;
-    if (sectionItr == m_definitions.end())
+    // If explicitly deprecated or is a {client,relay} option in a {relay,client} config then add a
    // dummy, warning option instead of this one.
    if (def->deprecated || (relay ? def->clientOnly : def->relayOnly))
    {
      return defineOption<std::string>(
          def->section,
          def->name,
          MultiValue,
          Hidden,
          [deprecated = def->deprecated,
           relay = relay,
           opt = "[" + def->section + "]:" + def->name](std::string_view) {
            LogWarn(
                "*** WARNING: The config option ",
                opt,
                (deprecated ? " is deprecated"
                            : relay ? " is not valid in service node configuration files"
                                    : " is not valid in client configuration files"),
                " and has been ignored.");
          });
    }
    auto [sectionItr, newSect] = m_definitions.try_emplace(def->section);
    if (newSect)
      m_sectionOrdering.push_back(def->section);
    auto& section = sectionItr->first;
-    auto& sectionDefinitions = m_definitions[def->section];
+    auto [it, added] = m_definitions[section].try_emplace(std::string{def->name}, std::move(def));
-    if (sectionDefinitions.find(def->name) != sectionDefinitions.end())
+    if (!added)
      throw std::invalid_argument(
          stringify("definition for [", def->section, "]:", def->name, " already exists"));
-    m_definitionOrdering[def->section].push_back(def->name);
+    m_definitionOrdering[section].push_back(it->first);
-    sectionDefinitions[def->name] = std::move(def);
+
    if (!it->second->comments.empty())
      addOptionComments(section, it->first, std::move(it->second->comments));
    return *this;
  }
@ -153,10 +170,13 @@ namespace llarp
      const std::string& section, const std::string& name, std::vector<std::string> comments)
  {
    auto& defComments = m_definitionComments[section][name];
-    for (size_t i = 0; i < comments.size(); ++i)
+    if (defComments.empty())
-    {
+      defComments = std::move(comments);
-      defComments.emplace_back(std::move(comments[i]));
+    else
-    }
+      defComments.insert(
          defComments.end(),
          std::make_move_iterator(comments.begin()),
          std::make_move_iterator(comments.end()));
  }
  std::string
@ -167,41 +187,49 @@ namespace llarp
    int sectionsVisited = 0;
    visitSections([&](const std::string& section, const DefinitionMap&) {
-      if (sectionsVisited > 0)
+      std::ostringstream sect_out;
        oss << "\n\n";
      // TODO: this will create empty objects as a side effect of map's operator[]
      // TODO: this also won't handle sections which have no definition
      for (const std::string& comment : m_sectionComments[section])
      {
        oss << "# " << comment << "\n";
      }
      oss << "[" << section << "]\n";
      visitDefinitions(section, [&](const std::string& name, const OptionDefinition_ptr& def) {
-        oss << "\n";
+        bool has_comment = false;
        // TODO: as above, this will create empty objects
        // TODO: as above (but more important): this won't handle definitions with no entries
        //       (i.e. those handled by UndeclaredValueHandler's)
        for (const std::string& comment : m_definitionComments[section][name])
        {
-          oss << "# " << comment << "\n";
+          sect_out << "\n# " << comment;
          has_comment = true;
        }
        if (useValues and def->getNumberFound() > 0)
        {
-          oss << name << "=" << def->valueAsString(false) << "\n";
+          sect_out << "\n" << name << "=" << def->valueAsString(false) << "\n";
        }
-        else
+        else if (not(def->hidden and not has_comment))
        {
          sect_out << "\n";
          if (not def->required)
-            oss << "#";
+            sect_out << "#";
-          oss << name << "=" << def->defaultValueAsString() << "\n";
+          sect_out << name << "=" << def->defaultValueAsString() << "\n";
        }
      });
      auto sect_str = sect_out.str();
      if (sect_str.empty())
        return;  // Skip sections with no options
      if (sectionsVisited > 0)
        oss << "\n\n";
      oss << "[" << section << "]\n";
      // TODO: this will create empty objects as a side effect of map's operator[]
      // TODO: this also won't handle sections which have no definition
      for (const std::string& comment : m_sectionComments[section])
      {
        oss << "# " << comment << "\n";
      }
      oss << "\n" << sect_str;
      sectionsVisited++;
    });
--- a/llarp/config/definition.hpp
+++ b/llarp/config/definition.hpp
@ -1,6 +1,9 @@
 #pragma once
 #include <initializer_list>
 #include <type_traits>
 #include <util/str.hpp>
 #include <util/fs.hpp>
 #include <iostream>
 #include <memory>
@ -15,19 +18,111 @@
 namespace llarp
 {
  namespace config
  {
    // Base class for the following option flag types
    struct option_flag
    {};
    struct Required_t : option_flag
    {};
    struct Hidden_t : option_flag
    {};
    struct MultiValue_t : option_flag
    {};
    struct RelayOnly_t : option_flag
    {};
    struct ClientOnly_t : option_flag
    {};
    struct Deprecated_t : option_flag
    {};
    /// Value to pass for an OptionDefinition to indicate that the option is required
    inline constexpr Required_t Required{};
    /// Value to pass for an OptionDefinition to indicate that the option should be hidden from the
    /// generate config file if it is unset (and has no comment).  Typically for deprecated, renamed
    /// options that still do something, and for internal dev options that aren't usefully exposed.
    /// (For do-nothing deprecated options use Deprecated instead).
    inline constexpr Hidden_t Hidden{};
    /// Value to pass for an OptionDefinition to indicate that the option takes multiple values
    inline constexpr MultiValue_t MultiValue{};
    /// Value to pass for an option that should only be set for relay configs. If found in a client
    /// config it be ignored (but will produce a warning).
    inline constexpr RelayOnly_t RelayOnly{};
    /// Value to pass for an option that should only be set for client configs. If found in a relay
    /// config it will be ignored (but will produce a warning).
    inline constexpr ClientOnly_t ClientOnly{};
    /// Value to pass for an option that is deprecated and does nothing and should be ignored (with
    /// a deprecation warning) if specified.  Note that Deprecated implies Hidden, and that
    /// {client,relay}-only options in a {relay,client} config are also considered Deprecated.
    inline constexpr Deprecated_t Deprecated{};
    /// Wrapper to specify a default value to an OptionDefinition
    template <typename T>
    struct Default
    {
      T val;
      constexpr explicit Default(T val) : val{std::move(val)}
      {}
    };
    /// Adds one or more comment lines to the option definition.
    struct Comment
    {
      std::vector<std::string> comments;
      explicit Comment(std::initializer_list<std::string> comments) : comments{std::move(comments)}
      {}
    };
    /// A convenience function that returns an acceptor which assigns to a reference.
    ///
    /// Note that this holds on to the reference; it must only be used when this is safe to do. In
    /// particular, a reference to a local variable may be problematic.
    template <typename T>
    auto
    AssignmentAcceptor(T& ref)
    {
      return [&ref](T arg) { ref = std::move(arg); };
    }
    // C++20 backport:
    template <typename T>
    using remove_cvref_t = std::remove_cv_t<std::remove_reference_t<T>>;
    template <typename T>
    constexpr bool is_default = false;
    template <typename T>
    constexpr bool is_default<Default<T>> = true;
    template <typename U>
    constexpr bool is_default<U&> = is_default<remove_cvref_t<U>>;
    template <typename T, typename Option>
    constexpr bool is_option =
        std::is_base_of_v<
            option_flag,
            remove_cvref_t<
                Option>> or std::is_same_v<Comment, Option> or is_default<Option> or std::is_invocable_v<remove_cvref_t<Option>, T>;
  }  // namespace config
  /// A base class for specifying config options and their constraints. The basic to/from string
  /// type functions are provided pure-virtual. The type-aware implementations which implement these
  /// functions are templated classes. One reason for providing a non-templated base class is so
  /// that they can all be mixed into the same containers (albiet as pointers).
  struct OptionDefinitionBase
  {
-    OptionDefinitionBase(std::string section_, std::string name_, bool required_);
+    template <typename... T>
-    OptionDefinitionBase(
+    OptionDefinitionBase(std::string section_, std::string name_, const T&...)
-        std::string section_, std::string name_, bool required_, bool multiValued_);
+        : section(std::move(section_))
-
+        , name(std::move(name_))
-    virtual ~OptionDefinitionBase()
+        , required{(std::is_same_v<T, config::Required_t> || ...)}
-    {
+        , multiValued{(std::is_same_v<T, config::MultiValue_t> || ...)}
-    }
+        , deprecated{(std::is_same_v<T, config::Deprecated_t> || ...)}
        , hidden{deprecated || (std::is_same_v<T, config::Hidden_t> || ...)}
        , relayOnly{(std::is_same_v<T, config::RelayOnly_t> || ...)}
        , clientOnly{(std::is_same_v<T, config::ClientOnly_t> || ...)}
    {}
    virtual ~OptionDefinitionBase() = default;
    /// Subclasses should provide their default value as a string
    ///
@ -65,6 +160,13 @@ namespace llarp
    std::string name;
    bool required = false;
    bool multiValued = false;
    bool deprecated = false;
    bool hidden = false;
    bool relayOnly = false;
    bool clientOnly = false;
    // Temporarily holds comments given during construction until the option is actually added to
    // the owning ConfigDefinition.
    std::vector<std::string> comments;
  };
  /// The primary type-aware implementation of OptionDefinitionBase, this templated class allows
@ -84,33 +186,53 @@ namespace llarp
    /// 2) as the output in defaultValueAsString(), used to generate config files
    /// 3) as the output in valueAsString(), used to generate config files
    ///
-    /// @param acceptor_ is an optional function whose purpose is to both validate the parsed
+    /// @param opts - 0 or more of config::Required, config::Hidden, config::Default{...}, etc.
-    ///        input and internalize it (e.g. copy it for runtime use). The acceptor should throw
+    /// tagged options or an invocable acceptor validate and internalize input (e.g. copy it for
-    ///        an exception with a useful message if it is not acceptable.
+    /// runtime use). The acceptor should throw an exception with a useful message if it is not
-    OptionDefinition(
+    /// acceptable.  Parameters may be passed in any order.
-        std::string section_,
+    template <
-        std::string name_,
+        typename... Options,
-        bool required_,
+        std::enable_if_t<(config::is_option<T, Options> && ...), int> = 0>
-        std::optional<T> defaultValue_,
+    OptionDefinition(std::string section_, std::string name_, Options&&... opts)
-        std::function<void(T)> acceptor_ = nullptr)
+        : OptionDefinitionBase(section_, name_, opts...)
        : OptionDefinitionBase(section_, name_, required_)
        , defaultValue(defaultValue_)
        , acceptor(acceptor_)
    {
      (extractDefault(std::forward<Options>(opts)), ...);
      (extractAcceptor(std::forward<Options>(opts)), ...);
      (extractComments(std::forward<Options>(opts)), ...);
    }
-    /// As above, but also takes a bool value for multiValued.
+    /// Extracts a default value from an config::Default<U>; ignores anything that isn't an
-    OptionDefinition(
+    /// config::Default<U>.
-        std::string section_,
+    template <typename U>
-        std::string name_,
+    void
-        bool required_,
+    extractDefault(U&& defaultValue_)
-        bool multiValued_,
+    {
-        std::optional<T> defaultValue_,
+      if constexpr (config::is_default<U>)
-        std::function<void(T)> acceptor_ = nullptr)
+      {
-        : OptionDefinitionBase(section_, name_, required_, multiValued_)
+        static_assert(
-        , defaultValue(defaultValue_)
+            std::is_convertible_v<decltype(std::forward<U>(defaultValue_).val), T>,
-        , acceptor(acceptor_)
+            "Cannot convert given llarp::config::Default to the required value type");
        defaultValue = std::forward<U>(defaultValue_).val;
      }
    }
    /// Extracts an acceptor (i.e. something callable with a `T`) from options; ignores anything
    /// that isn't callable.
    template <typename U>
    void
    extractAcceptor(U&& acceptor_)
    {
      if constexpr (std::is_invocable_v<U, T>)
        acceptor = std::forward<U>(acceptor_);
    }
    /// Extracts option Comments and forwards them addOptionComments.
    template <typename U>
    void
    extractComments(U&& comment)
    {
      if constexpr (std::is_same_v<config::remove_cvref_t<U>, config::Comment>)
        comments = std::forward<U>(comment).comments;
    }
    /// Returns the first parsed value, if available. Otherwise, provides the default value if the
@ -155,10 +277,14 @@ namespace llarp
    std::string
    defaultValueAsString() override
    {
      if (!defaultValue)
        return "";
      if constexpr (std::is_same_v<fs::path, T>)
        return defaultValue->string();
      std::ostringstream oss;
      if (defaultValue)
      oss << *defaultValue;
      return oss.str();
    }
@ -224,7 +350,7 @@ namespace llarp
      }
      // don't use default value if we are multi-valued and have no value
-      if (multiValued && parsedValues.size() == 0)
+      if (multiValued and parsedValues.size() == 0)
        return;
      if (acceptor)
@ -289,11 +415,14 @@ namespace llarp
  /// calls to addConfigValue()).
  struct ConfigDefinition
  {
-    /// Spefify the parameters and type of a configuration option. The parameters are members of
+    explicit ConfigDefinition(bool relay) : relay{relay}
    {}
    /// Specify the parameters and type of a configuration option. The parameters are members of
    /// OptionDefinitionBase; the type is inferred from OptionDefinition's template parameter T.
    ///
    /// This function should be called for every option that this Configuration supports, and should
-    /// be done before any other interractions involving that option.
+    /// be done before any other interactions involving that option.
    ///
    /// @param def should be a unique_ptr to a valid subclass of OptionDefinitionBase
    /// @return `*this` for chaining calls
@ -307,7 +436,7 @@ namespace llarp
    ConfigDefinition&
    defineOption(Params&&... args)
    {
-      return defineOption(std::make_unique<OptionDefinition<T>>(args...));
+      return defineOption(std::make_unique<OptionDefinition<T>>(std::forward<Params>(args)...));
    }
    /// Specify a config value for the given section and name. The value should be a valid string
@ -416,6 +545,9 @@ namespace llarp
    generateINIConfig(bool useValues = false);
   private:
    // If true skip client-only options; if false skip relay-only options.
    bool relay;
    OptionDefinition_ptr&
    lookupDefinitionOrThrow(std::string_view section, std::string_view name);
    const OptionDefinition_ptr&
@ -444,15 +576,4 @@ namespace llarp
    std::unordered_map<std::string, CommentsMap> m_definitionComments;
  };
  /// A convenience acceptor which takes a reference and later assigns it in its acceptor call.
  ///
  /// Note that this holds on to a reference; it must only be used when this is safe to do. In
  /// particular, a reference to a local variable may be problematic.
  template <typename T>
  std::function<void(T)>
  AssignmentAcceptor(T& ref)
  {
    return [&](T arg) mutable { ref = std::move(arg); };
  }
 }  // namespace llarp
--- a/llarp/config/ini.cpp
+++ b/llarp/config/ini.cpp
@ -72,62 +72,44 @@ namespace llarp
    std::string_view sectName;
    size_t lineno = 0;
-    for (const auto& line : lines)
+    for (auto line : lines)
    {
      lineno++;
-      std::string_view realLine;
+      // Trim whitespace
-      auto comment = line.find_first_of(';');
+      while (!line.empty() && whitespace(line.front()))
-      if (comment == std::string_view::npos)
+        line.remove_prefix(1);
-        comment = line.find_first_of('#');
+      while (!line.empty() && whitespace(line.back()))
-      if (comment == std::string_view::npos)
+        line.remove_suffix(1);
-        realLine = line;
+
-      else
+      // Skip blank lines and comments
-        realLine = line.substr(0, comment);
+      if (line.empty() or line.front() == ';' or line.front() == '#')
      // blank or commented line?
      if (realLine.size() == 0)
        continue;
-      // find delimiters
+
-      auto sectOpenPos = realLine.find_first_of('[');
+      if (line.front() == '[' && line.back() == ']')
      auto sectClosPos = realLine.find_first_of(']');
      auto kvDelim = realLine.find_first_of('=');
      if (sectOpenPos != std::string_view::npos && sectClosPos != std::string_view::npos
          && kvDelim == std::string_view::npos)
      {
        // section header
-
+        line.remove_prefix(1);
-        // clamp whitespaces
+        line.remove_suffix(1);
-        ++sectOpenPos;
+        sectName = line;
        while (whitespace(realLine[sectOpenPos]) && sectOpenPos != sectClosPos)
          ++sectOpenPos;
        --sectClosPos;
        while (whitespace(realLine[sectClosPos]) && sectClosPos != sectOpenPos)
          --sectClosPos;
        // set section name
        sectName = realLine.substr(sectOpenPos, sectClosPos);
      }
-      else if (kvDelim != std::string_view::npos)
+      else if (auto kvDelim = line.find('='); kvDelim != std::string_view::npos)
      {
        // key value pair
-        std::string_view k = realLine.substr(0, kvDelim);
+        std::string_view k = line.substr(0, kvDelim);
-        std::string_view v = realLine.substr(kvDelim + 1);
+        std::string_view v = line.substr(kvDelim + 1);
        // Trim inner whitespace
        while (!k.empty() && whitespace(k.back()))
          k.remove_suffix(1);
        while (!v.empty() && whitespace(v.front()))
          v.remove_prefix(1);
-        // clamp whitespaces
+        if (k.empty())
        for (auto* x : {&k, &v})
        {
          while (!x->empty() && whitespace(x->front()))
            x->remove_prefix(1);
          while (!x->empty() && whitespace(x->back()))
            x->remove_suffix(1);
        }
        if (k.size() == 0)
        {
          LogError(m_FileName, " invalid line (", lineno, "): '", line, "'");
          return false;
        }
-        SectionValues_t& sect = m_Config[std::string{sectName}];
+        LogDebug(m_FileName, ": [", sectName, "]:", k, "=", v);
-        LogDebug(m_FileName, ": ", sectName, ".", k, "=", v);
+        m_Config[std::string{sectName}].emplace(k, v);
        sect.emplace(k, v);
      }
      else  // malformed?
      {
@ -160,23 +142,20 @@ namespace llarp
  }
  void
-  ConfigParser::AddOverride(std::string section, std::string key, std::string value)
+  ConfigParser::AddOverride(fs::path fpath, std::string section, std::string key, std::string value)
  {
-    m_Overrides[section].emplace(key, value);
+    auto& data = m_Overrides[fpath];
    data[section].emplace(key, value);
  }
  void
  ConfigParser::Save()
  {
    // if we have no overrides keep the config the same on disk
    if (m_Overrides.empty())
      return;
    std::ofstream ofs(m_FileName);
    // write existing config data
    ofs.write(m_Data.data(), m_Data.size());
    // write overrides
-    ofs << std::endl << std::endl << "# overrides" << std::endl;
+    for (const auto& [fname, overrides] : m_Overrides)
-    for (const auto& [section, values] : m_Overrides)
+    {
      std::ofstream ofs(fname);
      for (const auto& [section, values] : overrides)
      {
        ofs << std::endl << "[" << section << "]" << std::endl;
        for (const auto& [key, value] : values)
@ -184,6 +163,7 @@ namespace llarp
          ofs << key << "=" << value << std::endl;
        }
      }
    }
    m_Overrides.clear();
  }
--- a/llarp/config/ini.hpp
+++ b/llarp/config/ini.hpp
@ -40,11 +40,11 @@ namespace llarp
    bool
    VisitSection(const char* name, std::function<bool(const SectionValues_t&)> visit) const;
-    /// add a config option that is appended at the end of the config buffer with no comments
+    /// add a config option that is appended in another file
    void
-    AddOverride(std::string section, std::string key, std::string value);
+    AddOverride(fs::path file, std::string section, std::string key, std::string value);
-    /// save config and any overrides to the file it was loaded from
+    /// save config overrides
    void
    Save();
@ -54,7 +54,7 @@ namespace llarp
    std::vector<char> m_Data;
    Config_impl_t m_Config;
-    Config_impl_t m_Overrides;
+    std::unordered_map<fs::path, Config_impl_t, util::FileHash> m_Overrides;
    fs::path m_FileName;
  };
--- a/llarp/config/key_manager.cpp
+++ b/llarp/config/key_manager.cpp
@ -9,8 +9,7 @@
 namespace llarp
 {
  KeyManager::KeyManager() : m_initialized(false), m_needBackup(false)
-  {
+  {}
  }
  bool
  KeyManager::initialize(const llarp::Config& config, bool genIfAbsent, bool isRouter)
--- a/llarp/constants/files.hpp
+++ b/llarp/constants/files.hpp
@ -22,6 +22,7 @@ namespace llarp
  {
 #ifdef _WIN32
    const fs::path homedir = getenv("APPDATA");
    return homedir / "lokinet";
 #else
    fs::path homedir;
@ -36,8 +37,8 @@ namespace llarp
      homedir = "/var/lib/lokinet";
      return homedir;
    }
 #endif
    return homedir / ".lokinet";
 #endif
  }
  inline fs::path
--- a/llarp/context.cpp
+++ b/llarp/context.cpp
@ -167,8 +167,7 @@ namespace llarp
  void
  Context::Reload()
-  {
+  {}
  }
  void
  Context::SigINT()
--- a/llarp/crypto/encrypted.hpp
+++ b/llarp/crypto/encrypted.hpp
@ -56,8 +56,7 @@ namespace llarp
    }
    Encrypted(size_t sz) : Encrypted(nullptr, sz)
-    {
+    {}
    }
    bool
    BEncode(llarp_buffer_t* buf) const
--- a/llarp/crypto/encrypted_frame.hpp
+++ b/llarp/crypto/encrypted_frame.hpp
@ -16,14 +16,12 @@ namespace llarp
  struct EncryptedFrame : public Encrypted<EncryptedFrameSize>
  {
    EncryptedFrame() : EncryptedFrame(EncryptedFrameBodySize)
-    {
+    {}
    }
    EncryptedFrame(size_t sz)
        : Encrypted<EncryptedFrameSize>(
            std::min(sz, EncryptedFrameBodySize) + EncryptedFrameOverheadSize)
-    {
+    {}
    }
    void
    Resize(size_t sz)
@ -70,8 +68,7 @@ namespace llarp
    AsyncFrameDecrypter(const SecretKey& secretkey, DecryptHandler h)
        : result(std::move(h)), seckey(secretkey)
-    {
+    {}
    }
    DecryptHandler result;
    const SecretKey& seckey;
--- a/llarp/crypto/types.hpp
+++ b/llarp/crypto/types.hpp
@ -20,16 +20,13 @@ namespace llarp
    PubKey() = default;
    explicit PubKey(const byte_t* ptr) : AlignedBuffer<SIZE>(ptr)
-    {
+    {}
    }
    explicit PubKey(const Data& data) : AlignedBuffer<SIZE>(data)
-    {
+    {}
    }
    explicit PubKey(const AlignedBuffer<SIZE>& other) : AlignedBuffer<SIZE>(other)
-    {
+    {}
    }
    std::string
    ToString() const;
@ -84,13 +81,11 @@ namespace llarp
    SecretKey() = default;
    explicit SecretKey(const byte_t* ptr) : AlignedBuffer<SECKEYSIZE>(ptr)
-    {
+    {}
    }
    // The full data
    explicit SecretKey(const AlignedBuffer<SECKEYSIZE>& seed) : AlignedBuffer<SECKEYSIZE>(seed)
-    {
+    {}
    }
    // Just the seed, we recalculate the pubkey
    explicit SecretKey(const AlignedBuffer<32>& seed)
@ -147,12 +142,10 @@ namespace llarp
    PrivateKey() = default;
    explicit PrivateKey(const byte_t* ptr) : AlignedBuffer<64>(ptr)
-    {
+    {}
    }
    explicit PrivateKey(const AlignedBuffer<64>& key_and_hash) : AlignedBuffer<64>(key_and_hash)
-    {
+    {}
    }
    /// Returns a pointer to the beginning of the 32-byte hash which is used for
    /// pseudorandomness when signing with this private key.
@ -195,8 +188,7 @@ namespace llarp
  struct IdentitySecret final : public AlignedBuffer<32>
  {
    IdentitySecret() : AlignedBuffer<32>()
-    {
+    {}
    }
    /// no copy constructor
    explicit IdentitySecret(const IdentitySecret&) = delete;
--- a/llarp/dht/bucket.hpp
+++ b/llarp/dht/bucket.hpp
@ -20,8 +20,7 @@ namespace llarp
      using Random_t = std::function<uint64_t()>;
      Bucket(const Key_t& us, Random_t r) : nodes(XorMetric(us)), random(std::move(r))
-      {
+      {}
      }
      util::StatusObject
      ExtractStatus() const
--- a/llarp/dht/explorenetworkjob.hpp
+++ b/llarp/dht/explorenetworkjob.hpp
@ -12,8 +12,7 @@ namespace llarp
    {
      ExploreNetworkJob(const RouterID& peer, AbstractContext* ctx)
          : TX<RouterID, RouterID>(TXOwner{}, peer, ctx)
-      {
+      {}
      }
      bool
      Validate(const RouterID&) const override
--- a/llarp/dht/kademlia.hpp
+++ b/llarp/dht/kademlia.hpp
@ -13,8 +13,7 @@ namespace llarp
      const Key_t us;
      XorMetric(const Key_t& ourKey) : us(ourKey)
-      {
+      {}
      }
      bool
      operator()(const Key_t& left, const Key_t& right) const
--- a/llarp/dht/key.hpp
+++ b/llarp/dht/key.hpp
@ -13,20 +13,16 @@ namespace llarp
    struct Key_t : public AlignedBuffer<32>
    {
      explicit Key_t(const byte_t* buf) : AlignedBuffer<SIZE>(buf)
-      {
+      {}
      }
      explicit Key_t(const Data& data) : AlignedBuffer<SIZE>(data)
-      {
+      {}
      }
      explicit Key_t(const AlignedBuffer<SIZE>& data) : AlignedBuffer<SIZE>(data)
-      {
+      {}
      }
      Key_t() : AlignedBuffer<SIZE>()
-      {
+      {}
      }
      /// get snode address string
      std::string
--- a/llarp/dht/localrouterlookup.cpp
+++ b/llarp/dht/localrouterlookup.cpp
@ -16,8 +16,7 @@ namespace llarp
        const PathID_t& path, uint64_t txid, const RouterID& _target, AbstractContext* ctx)
        : RecursiveRouterLookup(TXOwner{ctx->OurKey(), txid}, _target, ctx, nullptr)
        , localPath(path)
-    {
+    {}
    }
    void
    LocalRouterLookup::SendReply()
--- a/llarp/dht/localserviceaddresslookup.cpp
+++ b/llarp/dht/localserviceaddresslookup.cpp
@ -20,8 +20,7 @@ namespace llarp
        __attribute__((unused)) const Key_t& askpeer)
        : ServiceAddressLookup(TXOwner{ctx->OurKey(), txid}, addr, ctx, relayOrder, nullptr)
        , localPath(pathid)
-    {
+    {}
    }
    void
    LocalServiceAddressLookup::SendReply()
--- a/llarp/dht/localtaglookup.cpp
+++ b/llarp/dht/localtaglookup.cpp
@ -13,8 +13,7 @@ namespace llarp
    LocalTagLookup::LocalTagLookup(
        const PathID_t& path, uint64_t txid, const service::Tag& _target, AbstractContext* ctx)
        : TagLookup(TXOwner{ctx->OurKey(), txid}, _target, ctx, 0), localPath(path)
-    {
+    {}
    }
    void
    LocalTagLookup::SendReply()
--- a/llarp/dht/message.cpp
+++ b/llarp/dht/message.cpp
@ -22,8 +22,7 @@ namespace llarp
      bool relayed = false;
      MessageDecoder(const Key_t& from, bool wasRelayed) : From(from), relayed(wasRelayed)
-      {
+      {}
      }
      bool
      operator()(llarp_buffer_t* buffer, llarp_buffer_t* key)
@ -105,8 +104,7 @@ namespace llarp
    {
      ListDecoder(bool hasRelayed, const Key_t& from, std::vector<IMessage::Ptr_t>& list)
          : relayed(hasRelayed), From(from), l(list)
-      {
+      {}
      }
      bool relayed;
      const Key_t& From;
--- a/llarp/dht/message.hpp
+++ b/llarp/dht/message.hpp
@ -20,8 +20,7 @@ namespace llarp
      /// construct
      IMessage(const Key_t& from) : From(from)
-      {
+      {}
      }
      using Ptr_t = std::unique_ptr<IMessage>;
--- a/llarp/dht/messages/findintro.hpp
+++ b/llarp/dht/messages/findintro.hpp
@ -26,8 +26,7 @@ namespace llarp
      FindIntroMessage(const llarp::service::Tag& tag, uint64_t txid)
          : IMessage({}), tagName(tag), txID(txid)
-      {
+      {}
      }
      explicit FindIntroMessage(uint64_t txid, const Key_t& addr, uint64_t order)
          : IMessage({}), location(addr), txID(txid), relayOrder(order)
--- a/llarp/dht/messages/findname.cpp
+++ b/llarp/dht/messages/findname.cpp
@ -11,8 +11,7 @@ namespace llarp::dht
 {
  FindNameMessage::FindNameMessage(const Key_t& from, Key_t namehash, uint64_t txid)
      : IMessage(from), NameHash(std::move(namehash)), TxID(txid)
-  {
+  {}
  }
  bool
  FindNameMessage::BEncode(llarp_buffer_t* buf) const
--- a/llarp/dht/messages/findrouter.hpp
+++ b/llarp/dht/messages/findrouter.hpp
@ -10,14 +10,12 @@ namespace llarp
    {
      // inbound parsing
      FindRouterMessage(const Key_t& from) : IMessage(from)
-      {
+      {}
      }
      // find by routerid
      FindRouterMessage(uint64_t id, const RouterID& target)
          : IMessage({}), targetKey(target), txid(id)
-      {
+      {}
      }
      // exploritory
      FindRouterMessage(uint64_t id) : IMessage({}), exploritory(true), txid(id)
@ -48,8 +46,7 @@ namespace llarp
    struct RelayedFindRouterMessage final : public FindRouterMessage
    {
      RelayedFindRouterMessage(const Key_t& from) : FindRouterMessage(from)
-      {
+      {}
      }
      /// handle a relayed FindRouterMessage, do a lookup on the dht and inform
      /// the path of the result
--- a/llarp/dht/messages/gotintro.cpp
+++ b/llarp/dht/messages/gotintro.cpp
@ -15,8 +15,7 @@ namespace llarp
  {
    GotIntroMessage::GotIntroMessage(std::vector<service::EncryptedIntroSet> results, uint64_t tx)
        : IMessage({}), found(std::move(results)), txid(tx)
-    {
+    {}
    }
    bool
    GotIntroMessage::HandleMessage(
--- a/llarp/dht/messages/gotintro.hpp
+++ b/llarp/dht/messages/gotintro.hpp
@ -23,8 +23,7 @@ namespace llarp
      std::optional<Key_t> closer;
      GotIntroMessage(const Key_t& from) : IMessage(from)
-      {
+      {}
      }
      GotIntroMessage(const GotIntroMessage& other)
          : IMessage(other.From), found(other.found), txid(other.txid), closer(other.closer)
@ -35,8 +34,7 @@ namespace llarp
      /// for iterative reply
      GotIntroMessage(const Key_t& from, const Key_t& _closer, uint64_t _txid)
          : IMessage(from), txid(_txid), closer(_closer)
-      {
+      {}
      }
      /// for recursive reply
      GotIntroMessage(std::vector<service::EncryptedIntroSet> results, uint64_t txid);
@ -56,8 +54,7 @@ namespace llarp
    struct RelayedGotIntroMessage final : public GotIntroMessage
    {
      RelayedGotIntroMessage() : GotIntroMessage({})
-      {
+      {}
      }
      bool
      HandleMessage(llarp_dht_context* ctx, std::vector<IMessage::Ptr_t>& replies) const override;
--- a/llarp/dht/messages/gotrouter.hpp
+++ b/llarp/dht/messages/gotrouter.hpp
@ -14,23 +14,19 @@ namespace llarp
    struct GotRouterMessage final : public IMessage
    {
      GotRouterMessage(const Key_t& from, bool tunneled) : IMessage(from), relayed(tunneled)
-      {
+      {}
      }
      GotRouterMessage(
          const Key_t& from, uint64_t id, const std::vector<RouterContact>& results, bool tunneled)
          : IMessage(from), foundRCs(results), txid(id), relayed(tunneled)
-      {
+      {}
      }
      GotRouterMessage(const Key_t& from, const Key_t& closer, uint64_t id, bool tunneled)
          : IMessage(from), closerTarget(new Key_t(closer)), txid(id), relayed(tunneled)
-      {
+      {}
      }
      GotRouterMessage(uint64_t id, std::vector<RouterID> _near, bool tunneled)
          : IMessage({}), nearKeys(std::move(_near)), txid(id), relayed(tunneled)
-      {
+      {}
      }
      /// gossip message
      GotRouterMessage(const RouterContact rc) : IMessage({}), foundRCs({rc}), txid(0)
--- a/llarp/dht/messages/pubintro.hpp
+++ b/llarp/dht/messages/pubintro.hpp
@ -18,8 +18,7 @@ namespace llarp
      uint64_t relayOrder = 0;
      uint64_t txID = 0;
      PublishIntroMessage(const Key_t& from, bool relayed_) : IMessage(from), relayed(relayed_)
-      {
+      {}
      }
      PublishIntroMessage(
          const llarp::service::EncryptedIntroSet& introset_,
@ -27,8 +26,7 @@ namespace llarp
          bool relayed_,
          uint64_t relayOrder_)
          : IMessage({}), introset(introset_), relayed(relayed_), relayOrder(relayOrder_), txID(tx)
-      {
+      {}
      }
      ~PublishIntroMessage() override;
--- a/llarp/dht/node.hpp
+++ b/llarp/dht/node.hpp
@ -21,8 +21,7 @@ namespace llarp
      }
      RCNode(const RouterContact& other) : rc(other), ID(other.pubkey)
-      {
+      {}
      }
      util::StatusObject
      ExtractStatus() const
--- a/llarp/dht/publishservicejob.cpp
+++ b/llarp/dht/publishservicejob.cpp
@ -20,8 +20,7 @@ namespace llarp
        : TX<TXOwner, service::EncryptedIntroSet>(asker, asker, ctx)
        , relayOrder(relayOrder_)
        , introset(introset_)
-    {
+    {}
    }
    bool
    PublishServiceJob::Validate(const service::EncryptedIntroSet& value) const
@ -56,8 +55,7 @@ namespace llarp
        AbstractContext* ctx,
        uint64_t relayOrder)
        : PublishServiceJob(peer, introset, ctx, relayOrder), localPath(fromID), txid(_txid)
-    {
+    {}
    }
    void
    LocalPublishServiceJob::SendReply()
--- a/llarp/dht/taglookup.hpp
+++ b/llarp/dht/taglookup.hpp
@ -15,8 +15,7 @@ namespace llarp
      TagLookup(
          const TXOwner& asker, const service::Tag& tag, AbstractContext* ctx, uint64_t recursion)
          : TX<service::Tag, service::EncryptedIntroSet>(asker, tag, ctx), recursionDepth(recursion)
-      {
+      {}
      }
      bool
      Validate(const service::EncryptedIntroSet& introset) const override;
--- a/llarp/dht/tx.hpp
+++ b/llarp/dht/tx.hpp
@ -26,8 +26,7 @@ namespace llarp
      TX(const TXOwner& asker, const K& k, AbstractContext* p)
          : target(k), parent(p), whoasked(asker)
-      {
+      {}
      }
      virtual ~TX() = default;
--- a/llarp/dht/txowner.hpp
+++ b/llarp/dht/txowner.hpp
@ -22,8 +22,7 @@ namespace llarp
      operator=(const TXOwner&) = default;
      TXOwner(const Key_t& k, uint64_t id) : node(k), txid(id)
-      {
+      {}
      }
      util::StatusObject
      ExtractStatus() const
--- a/llarp/dns/message.cpp
+++ b/llarp/dns/message.cpp
@ -55,8 +55,7 @@ namespace llarp
        , answers(std::move(other.answers))
        , authorities(std::move(other.authorities))
        , additional(std::move(other.additional))
-    {
+    {}
    }
    Message::Message(const Message& other)
        : hdr_id(other.hdr_id)
@ -65,8 +64,7 @@ namespace llarp
        , answers(other.answers)
        , authorities(other.authorities)
        , additional(other.additional)
-    {
+    {}
    }
    Message::Message(const MessageHeader& hdr) : hdr_id(hdr.id), hdr_fields(hdr.fields)
    {
@ -324,6 +322,32 @@ namespace llarp
      }
    }
    void
    Message::AddTXTReply(std::string str, RR_TTL_t ttl)
    {
      auto& rec = answers.emplace_back();
      rec.rr_name = questions[0].qname;
      rec.rr_class = qClassIN;
      rec.rr_type = qTypeTXT;
      rec.ttl = ttl;
      std::array<byte_t, 1024> tmp{};
      llarp_buffer_t buf(tmp);
      while (not str.empty())
      {
        const auto left = std::min(str.size(), size_t{256});
        const auto sub = str.substr(0, left);
        uint8_t byte = left;
        *buf.cur = byte;
        buf.cur++;
        if (not buf.write(sub.begin(), sub.end()))
          throw std::length_error("text record too big");
        str = str.substr(left);
      }
      buf.sz = buf.cur - buf.base;
      rec.rData.resize(buf.sz);
      std::copy_n(buf.base, buf.sz, rec.rData.data());
    }
    void Message::AddNXReply(RR_TTL_t)
    {
      if (questions.size())
--- a/llarp/dns/message.hpp
+++ b/llarp/dns/message.hpp
@ -74,6 +74,9 @@ namespace llarp
      void
      AddNSReply(std::string name, RR_TTL_t ttl = 1);
      void
      AddTXTReply(std::string value, RR_TTL_t ttl = 1);
      bool
      Encode(llarp_buffer_t* buf) const override;
--- a/llarp/dns/question.cpp
+++ b/llarp/dns/question.cpp
@ -12,12 +12,10 @@ namespace llarp
        : qname(std::move(other.qname))
        , qtype(std::move(other.qtype))
        , qclass(std::move(other.qclass))
-    {
+    {}
    }
    Question::Question(const Question& other)
        : qname(other.qname), qtype(other.qtype), qclass(other.qclass)
-    {
+    {}
    }
    bool
    Question::Encode(llarp_buffer_t* buf) const
@ -66,6 +64,13 @@ namespace llarp
      return (qname == "localhost.loki." or llarp::ends_with(qname, ".localhost.loki."));
    }
    bool
    Question::HasSubdomains() const
    {
      const auto parts = split(qname, ".", true);
      return parts.size() >= 3;
    }
    std::string
    Question::Subdomains() const
    {
--- a/llarp/dns/question.hpp
+++ b/llarp/dns/question.hpp
@ -44,6 +44,10 @@ namespace llarp
      bool
      IsLocalhost() const;
      /// return true if we have subdomains in ths question
      bool
      HasSubdomains() const;
      /// get subdomain(s), if any, from qname
      std::string
      Subdomains() const;
--- a/llarp/dns/rr.cpp
+++ b/llarp/dns/rr.cpp
@ -14,8 +14,7 @@ namespace llarp
        , rr_class(other.rr_class)
        , ttl(other.ttl)
        , rData(other.rData)
-    {
+    {}
    }
    ResourceRecord::ResourceRecord(ResourceRecord&& other)
        : rr_name(std::move(other.rr_name))
@ -23,8 +22,7 @@ namespace llarp
        , rr_class(std::move(other.rr_class))
        , ttl(std::move(other.ttl))
        , rData(std::move(other.rData))
-    {
+    {}
    }
    bool
    ResourceRecord::Encode(llarp_buffer_t* buf) const
--- a/llarp/dns/server.cpp
+++ b/llarp/dns/server.cpp
@ -32,6 +32,8 @@ namespace llarp
    void
    Proxy::Stop()
    {
      if (m_UnboundResolver)
        m_UnboundResolver->Stop();
    }
    bool
@ -41,6 +43,7 @@ namespace llarp
      {
        if (not SetupUnboundResolver(resolvers))
        {
          llarp::LogError("Failed to add upstream resolvers during DNS server setup.");
          return false;
        }
      }
@ -50,10 +53,8 @@ namespace llarp
      LogicCall(m_ClientLogic, [=]() {
        llarp_ev_add_udp(self->m_ClientLoop.get(), &self->m_Client, any.createSockAddr());
      });
-      LogicCall(m_ServerLogic, [=]() {
+      return (
-        llarp_ev_add_udp(self->m_ServerLoop.get(), &self->m_Server, addr.createSockAddr());
+          llarp_ev_add_udp(self->m_ServerLoop.get(), &self->m_Server, addr.createSockAddr()) == 0);
      });
      return true;
    }
    static Proxy::Buffer_t
@ -68,11 +69,8 @@ namespace llarp
    Proxy::HandleUDPRecv_server(llarp_udp_io* u, const SockAddr& from, ManagedBuffer buf)
    {
      Buffer_t msgbuf = CopyBuffer(buf.underlying);
-      auto self = static_cast<Proxy*>(u->user)->shared_from_this();
+      auto self = static_cast<Proxy*>(u->user);
-      // yes we use the server loop here because if the server loop is not the
+      self->HandlePktServer(from, msgbuf);
      // client loop we'll crash again
      LogicCall(
          self->m_ServerLogic, [self, from, msgbuf]() { self->HandlePktServer(from, msgbuf); });
    }
    void
@ -137,13 +135,13 @@ namespace llarp
    void
    Proxy::HandleTick(llarp_udp_io*)
-    {
+    {}
    }
    void
    Proxy::SendServerMessageBufferTo(const SockAddr& to, const llarp_buffer_t& buf)
    {
-      llarp_ev_udp_sendto(&m_Server, to, buf);
+      if (llarp_ev_udp_sendto(&m_Server, to, buf) < 0)
        llarp::LogError("dns reply failed");
    }
    void
@ -247,7 +245,6 @@ namespace llarp
        return;
      }
      TX tx = {hdr.id, from};
      Message msg(hdr);
      if (!msg.Decode(&pkt))
      {
--- a/llarp/dns/unbound_resolver.cpp
+++ b/llarp/dns/unbound_resolver.cpp
@ -13,61 +13,38 @@ namespace llarp::dns
  };
  void
-  UnboundResolver::Reset()
+  UnboundResolver::Stop()
  {
    started = false;
    if (unboundContext)
  {
-      DeregisterPollFD();
+    Reset();
      ub_ctx_delete(unboundContext);
    }
    unboundContext = nullptr;
  }
  void
-  UnboundResolver::DeregisterPollFD()
+  UnboundResolver::Reset()
  {
-#ifdef _WIN32
+    started = false;
-    runnerThread->join();
+    if (runner)
 #else
    eventLoop->deregister_poll_fd_readable(ub_fd(unboundContext));
 #endif
  }
  void
  UnboundResolver::RegisterPollFD()
    {
-#ifdef _WIN32
+      runner->join();
-    runnerThread = std::make_unique<std::thread>([self = shared_from_this()]() {
+      runner.reset();
-      while (self->started)
+    }
    if (unboundContext)
    {
-        ub_wait(self->unboundContext);
+      ub_ctx_delete(unboundContext);
    }
-    });
+    unboundContext = nullptr;
 #else
    eventLoop->register_poll_fd_readable(
        ub_fd(unboundContext), [=]() { ub_process(unboundContext); });
 #endif
  }
  UnboundResolver::UnboundResolver(llarp_ev_loop_ptr loop, ReplyFunction reply, FailFunction fail)
      : unboundContext(nullptr)
      , started(false)
      , eventLoop(loop)
 #ifdef _WIN32
      // on win32 we use another thread for io because LOL windows
      , replyFunc([loop, reply](auto source, auto buf) {
        loop->call_soon([source, buf, reply]() { reply(source, buf); });
      })
      , failFunc([loop, fail](auto source, auto message) {
        loop->call_soon([source, message, fail]() { fail(source, message); });
      })
-#else
+  {}
      , replyFunc(reply)
      , failFunc(fail)
 #endif
  {
  }
  // static callback
  void
@ -87,10 +64,9 @@ namespace llarp::dns
      ub_resolve_free(result);
      return;
    }
-
+    std::vector<byte_t> pkt(result->answer_len);
-    llarp_buffer_t buf;
+    std::copy_n(static_cast<byte_t*>(result->answer_packet), pkt.size(), pkt.data());
-    buf.base = buf.cur = static_cast<byte_t*>(result->answer_packet);
+    llarp_buffer_t buf(pkt);
    buf.sz = result->answer_len;
    MessageHeader hdr;
    hdr.Decode(&buf);
@ -99,10 +75,7 @@ namespace llarp::dns
    buf.cur = buf.base;
    hdr.Encode(&buf);
-    std::vector<byte_t> buf_copy(buf.sz);
+    this_ptr->replyFunc(lookup->source, std::move(pkt));
    std::copy_n(buf.base, buf.sz, buf_copy.begin());
    this_ptr->replyFunc(lookup->source, std::move(buf_copy));
    ub_resolve_free(result);
  }
@ -121,8 +94,17 @@ namespace llarp::dns
    {
      return false;
    }
    ub_ctx_async(unboundContext, 1);
    runner = std::make_unique<std::thread>([&]() {
      while (started)
      {
        if (unboundContext)
          ub_wait(unboundContext);
        std::this_thread::sleep_for(25ms);
      }
    });
    started = true;
    RegisterPollFD();
    return true;
  }
--- a/llarp/dns/unbound_resolver.hpp
+++ b/llarp/dns/unbound_resolver.hpp
@ -24,12 +24,9 @@ namespace llarp::dns
  {
   private:
    ub_ctx* unboundContext;
 #ifdef _WIN32
    /// windows needs to run as blocking in another thread to work at all becuase LOL windows
    std::unique_ptr<std::thread> runnerThread;
 #endif
    std::atomic<bool> started;
    std::unique_ptr<std::thread> runner;
    llarp_ev_loop_ptr eventLoop;
    ReplyFunction replyFunc;
@ -38,17 +35,16 @@ namespace llarp::dns
    void
    Reset();
    void
    DeregisterPollFD();
    void
    RegisterPollFD();
   public:
    UnboundResolver(llarp_ev_loop_ptr eventLoop, ReplyFunction replyFunc, FailFunction failFunc);
    static void
    Callback(void* data, int err, ub_result* result);
    // stop resolver thread
    void
    Stop();
    // upstream resolver IP can be IPv4 or IPv6
    bool
    Init();
--- a/llarp/ev/ev.cpp
+++ b/llarp/ev/ev.cpp
@ -37,10 +37,14 @@ int
 llarp_ev_add_udp(struct llarp_ev_loop* ev, struct llarp_udp_io* udp, const llarp::SockAddr& src)
 {
  if (ev == nullptr or udp == nullptr)
  {
    llarp::LogError("Attempting llarp_ev_add_udp() with null event loop or udp io struct.");
    return -1;
  }
  udp->parent = ev;
  if (ev->udp_listen(udp, src))
    return 0;
  llarp::LogError("llarp_ev_add_udp() call to udp_listen failed.");
  return -1;
 }
--- a/llarp/ev/ev.h
+++ b/llarp/ev/ev.h
@ -21,10 +21,6 @@
 #include <cstdint>
 #include <cstdlib>
 #if !defined(WIN32)
 #include <uv.h>
 #endif
 #include <constants/evloop.hpp>
 /**
--- a/llarp/ev/ev.hpp
+++ b/llarp/ev/ev.hpp
@ -101,8 +101,7 @@ namespace llarp
      {
        llarp_ev_loop_ptr loop;
        GetNow(llarp_ev_loop_ptr l) : loop(l)
-        {
+        {}
        }
        llarp_time_t
        operator()() const
@ -115,8 +114,7 @@ namespace llarp
      {
        llarp_ev_loop_ptr loop;
        PutTime(llarp_ev_loop_ptr l) : loop(l)
-        {
+        {}
        }
        void
        operator()(WriteBuffer& buf)
        {
@ -143,8 +141,7 @@ namespace llarp
    /// for tcp
    win32_ev_io(intptr_t f, LosslessWriteQueue_t* q) : fd(f), m_BlockingWriteQueue(q)
-    {
+    {}
    }
    virtual void
    error()
@ -304,8 +301,7 @@ namespace llarp
      {
        llarp_ev_loop_ptr loop;
        GetNow(llarp_ev_loop_ptr l) : loop(std::move(l))
-        {
+        {}
        }
        llarp_time_t
        operator()() const
@ -318,8 +314,7 @@ namespace llarp
      {
        llarp_ev_loop_ptr loop;
        PutTime(llarp_ev_loop_ptr l) : loop(std::move(l))
-        {
+        {}
        }
        void
        operator()(WriteBuffer& writebuf)
        {
@ -355,18 +350,15 @@ namespace llarp
 #endif
    posix_ev_io(int f) : fd(f)
-    {
+    {}
    }
    /// for tun
    posix_ev_io(int f, LossyWriteQueue_t* q) : fd(f), m_LossyWriteQueue(q)
-    {
+    {}
    }
    /// for tcp
    posix_ev_io(int f, LosslessWriteQueue_t* q) : fd(f), m_BlockingWriteQueue(q)
-    {
+    {}
    }
    virtual void
    error()
@ -425,8 +417,7 @@ namespace llarp
    virtual void
    before_flush_write()
-    {
+    {}
    }
    /// called in event loop when fd is ready for writing
    /// requeues anything not written
@ -659,8 +650,7 @@ namespace llarp
 struct llarp_fd_promise
 {
  void Set(std::pair<int, int>)
-  {
+  {}
  }
  int
  Get()
@ -673,8 +663,7 @@ struct llarp_fd_promise
 {
  using promise_val_t = std::pair<int, int>;
  llarp_fd_promise(std::promise<promise_val_t>* p) : _impl(p)
-  {
+  {}
  }
  std::promise<promise_val_t>* _impl;
  void
@ -710,8 +699,7 @@ struct llarp_ev_loop
  virtual void
  update_time()
-  {
+  {}
  }
  virtual llarp_time_t
  time_now() const
--- a/llarp/ev/ev_libuv.cpp
+++ b/llarp/ev/ev_libuv.cpp
@ -6,7 +6,11 @@
 namespace libuv
 {
-#define LoopCall(h, ...) LogicCall(static_cast<Loop*>((h)->loop->data)->m_Logic, __VA_ARGS__)
+#define LoopCall(h, ...)    \
  {                         \
    auto __f = __VA_ARGS__; \
    __f();                  \
  }
  struct glue
  {
@ -294,8 +298,10 @@ namespace libuv
    static void
    OnTick(uv_check_t* t)
    {
      llarp::LogTrace("conn_glue::OnTick() start");
      conn_glue* conn = static_cast<conn_glue*>(t->data);
      conn->Tick();
      llarp::LogTrace("conn_glue::OnTick() end");
    }
    void
@ -367,10 +373,12 @@ namespace libuv
    static void
    OnTick(uv_check_t* t)
    {
      llarp::LogTrace("ticker_glue::OnTick() start");
      ticker_glue* ticker = static_cast<ticker_glue*>(t->data);
      ticker->func();
      Loop* loop = static_cast<Loop*>(t->loop->data);
      loop->FlushLogic();
      llarp::LogTrace("ticker_glue::OnTick() end");
    }
    bool
@ -446,8 +454,10 @@ namespace libuv
    static void
    OnTick(uv_check_t* t)
    {
      llarp::LogTrace("udp_glue::OnTick() start");
      udp_glue* udp = static_cast<udp_glue*>(t->data);
      udp->Tick();
      llarp::LogTrace("udp_glue::OnTick() end");
    }
    void
@ -464,13 +474,20 @@ namespace libuv
      if (self == nullptr)
        return -1;
      auto buf = uv_buf_init((char*)ptr, sz);
-      return uv_udp_try_send(&self->m_Handle, &buf, 1, to);
+      auto ret = uv_udp_try_send(
          &self->m_Handle, &buf, 1, (const sockaddr*)static_cast<const sockaddr_in*>(to));
      if (ret < 0)
      {
        llarp::LogError("udp sendto failed: ", uv_strerror(ret));
      }
      return ret;
    }
    bool
    Bind()
    {
-      auto ret = uv_udp_bind(&m_Handle, m_Addr, 0);
+      auto ret =
          uv_udp_bind(&m_Handle, (const sockaddr*)static_cast<const sockaddr_in*>(m_Addr), 0);
      if (ret)
      {
        llarp::LogError("failed to bind to ", m_Addr, " ", uv_strerror(ret));
@ -570,8 +587,10 @@ namespace libuv
    static void
    OnTick(uv_check_t* h)
    {
      llarp::LogTrace("pipe_glue::OnTick() start");
      pipe_glue* pipe = static_cast<pipe_glue*>(h->data);
      LoopCall(h, std::bind(&pipe_glue::Tick, pipe));
      llarp::LogTrace("pipe_glue::OnTick() end");
    }
    bool
@ -613,8 +632,10 @@ namespace libuv
    static void
    OnTick(uv_check_t* timer)
    {
      llarp::LogTrace("tun_glue::OnTick() start");
      tun_glue* tun = static_cast<tun_glue*>(timer->data);
      tun->Tick();
      llarp::LogTrace("tun_glue::OnTick() end");
    }
    static void
@ -740,16 +761,19 @@ namespace libuv
  void
  Loop::FlushLogic()
  {
    llarp::LogTrace("Loop::FlushLogic() start");
    while (not m_LogicCalls.empty())
    {
      auto f = m_LogicCalls.popFront();
      f();
    }
    llarp::LogTrace("Loop::FlushLogic() end");
  }
  static void
  OnAsyncWake(uv_async_t* async_handle)
  {
    llarp::LogTrace("OnAsyncWake, ticking event loop.");
    Loop* loop = static_cast<Loop*>(async_handle->data);
    loop->update_time();
    loop->process_timer_queue();
@ -762,8 +786,7 @@ namespace libuv
  Loop::Loop(size_t queue_size)
      : llarp_ev_loop(), m_LogicCalls(queue_size), m_timerQueue(20), m_timerCancelQueue(20)
-  {
+  {}
  }
  bool
  Loop::init()
@ -826,6 +849,7 @@ namespace libuv
  int
  Loop::run()
  {
    llarp::LogTrace("Loop::run()");
    m_EventLoopThreadID = std::this_thread::get_id();
    return uv_run(&m_Impl, UV_RUN_DEFAULT);
  }
@ -872,6 +896,7 @@ namespace libuv
  uint32_t
  Loop::call_after_delay(llarp_time_t delay_ms, std::function<void(void)> callback)
  {
    llarp::LogTrace("Loop::call_after_delay()");
 #ifdef TESTNET_SPEED
    delay_ms *= TESTNET_SPEED;
 #endif
@ -983,6 +1008,7 @@ namespace libuv
    {
      return true;
    }
    llarp::LogError("Loop::udp_listen failed to bind");
    delete impl;
    return false;
  }
@ -1062,18 +1088,10 @@ namespace libuv
    }
    const auto inEventLoop = *m_EventLoopThreadID == std::this_thread::get_id();
-    while (m_LogicCalls.full() and inEventLoop)
+    if (inEventLoop and m_LogicCalls.full())
    {
      FlushLogic();
    }
    if (inEventLoop)
    {
      if (m_LogicCalls.tryPushBack(f) != llarp::thread::QueueReturn::Success)
      {
        LogError("logic job queue is full");
      }
    }
    else
    m_LogicCalls.pushBack(f);
    uv_async_send(&m_WakeUp);
  }
--- a/llarp/ev/ev_win32.cpp
+++ b/llarp/ev/ev_win32.cpp
@ -3,6 +3,7 @@
 #ifdef _WIN32
 #include <util/logging/logger.hpp>
 #include <atomic>
 // a single event queue for the TUN interface
 static HANDLE tun_event_queue = INVALID_HANDLE_VALUE;
@ -136,6 +137,7 @@ tun_ev_loop(void* u)
  asio_evt_pkt* pkt = nullptr;
  BOOL alert;
  std::atomic_flag tick_queued;
  while (true)
  {
    alert = GetQueuedCompletionStatus(tun_event_queue, &size, &listener, &ovl, EV_TICK_INTERVAL);
@ -145,15 +147,21 @@ tun_ev_loop(void* u)
      // tick listeners on io timeout, this is required to be done every tick
      // cycle regardless of any io being done, this manages the internal state
      // of the tun logic
      if (tick_queued.test_and_set())
        continue;  // if tick queued, don't queue another
      logic->call_soon([&]() {
        for (const auto& tun : tun_listeners)
        {
        logic->call_soon([tun]() {
          tun->flush_write();
          if (tun->t->tick)
            tun->t->tick(tun->t);
        });
        }
-      continue;  // let's go at it once more
+        tick_queued.clear();
      });
      continue;
    }
    if (listener == (ULONG_PTR)~0)
      break;
@ -172,12 +180,7 @@ tun_ev_loop(void* u)
      byte_t* readbuf = (byte_t*)malloc(1500);
      ev->read(readbuf, 1500);
    }
-    else
+
    {
      // ok let's queue another read!
      byte_t* readbuf = (byte_t*)malloc(1500);
      ev->read(readbuf, 1500);
    }
    logic->call_soon([ev]() {
      ev->flush_write();
      if (ev->t->tick)
--- a/llarp/ev/ev_win32.hpp
+++ b/llarp/ev/ev_win32.hpp
@ -40,8 +40,7 @@ namespace llarp
    udp_listener(int fd, llarp_udp_io* u) : ev_io(fd), udp(u){};
    ~udp_listener()
-    {
+    {}
    }
    bool
    tick();
--- a/llarp/ev/pipe.cpp
+++ b/llarp/ev/pipe.cpp
@ -8,8 +8,7 @@
 llarp_ev_pkt_pipe::llarp_ev_pkt_pipe(llarp_ev_loop_ptr loop)
    : llarp::ev_io(-1, new LosslessWriteQueue_t()), m_Loop(std::move(loop))
-{
+{}
 }
 bool
 llarp_ev_pkt_pipe::StartPipe()
--- a/llarp/ev/vpnio.hpp
+++ b/llarp/ev/vpnio.hpp
@ -18,18 +18,15 @@ struct llarp_vpn_pkt_queue
 };
 struct llarp_vpn_pkt_writer : public llarp_vpn_pkt_queue
-{
+{};
 };
 struct llarp_vpn_pkt_reader : public llarp_vpn_pkt_queue
-{
+{};
 };
 struct llarp_vpn_io_impl
 {
  llarp_vpn_io_impl(llarp::Context* c, llarp_vpn_io* io) : ctx(c), parent(io)
-  {
+  {}
  }
  ~llarp_vpn_io_impl() = default;
  llarp::Context* ctx;
--- a/llarp/exit/context.cpp
+++ b/llarp/exit/context.cpp
@ -7,8 +7,7 @@ namespace llarp
  namespace exit
  {
    Context::Context(AbstractRouter* r) : m_Router(r)
-    {
+    {}
    }
    Context::~Context() = default;
    void
--- a/llarp/exit/endpoint.hpp
+++ b/llarp/exit/endpoint.hpp
@ -124,8 +124,7 @@ namespace llarp
      struct UpstreamBuffer
      {
        UpstreamBuffer(const llarp::net::IPPacket& p, uint64_t c) : pkt(p), counter(c)
-        {
+        {}
        }
        llarp::net::IPPacket pkt;
        uint64_t counter;
--- a/llarp/exit/exit_messages.hpp
+++ b/llarp/exit/exit_messages.hpp
@ -22,8 +22,7 @@ namespace llarp
      llarp::Signature Z;
      ObtainExitMessage() : IMessage()
-      {
+      {}
      }
      ~ObtainExitMessage() override = default;
--- a/llarp/exit/session.cpp
+++ b/llarp/exit/session.cpp
@ -58,7 +58,7 @@ namespace llarp
    {
      if (BuildCooldownHit(now))
        return false;
-      const size_t expect = (1 + (numPaths / 2));
+      const size_t expect = (1 + (numDesiredPaths / 2));
      // check 30 seconds into the future and see if we need more paths
      const llarp_time_t future = now + 30s + buildIntervalLimit;
      return NumPathsExistingAt(future) < expect;
@ -250,7 +250,7 @@ namespace llarp
    bool
    BaseSession::IsReady() const
    {
-      const size_t expect = (1 + (numPaths / 2));
+      const size_t expect = (1 + (numDesiredPaths / 2));
      return AvailablePaths(llarp::path::ePathRoleExit) >= expect;
    }
@ -265,9 +265,9 @@ namespace llarp
    {
      if (BuildCooldownHit(now))
        return false;
-      if (!IsReady())
+      if (IsReady() and NumInStatus(path::ePathBuilding) < numDesiredPaths)
        return NumInStatus(path::ePathBuilding) < numPaths;
        return path::Builder::UrgentBuild(now);
      return false;
    }
    bool
--- a/llarp/exit/session.hpp
+++ b/llarp/exit/session.hpp
@ -179,8 +179,7 @@ namespace llarp
          size_t hoplen,
          bool bundleRC)
          : BaseSession(snodeRouter, writepkt, r, numpaths, hoplen, bundleRC)
-      {
+      {}
      }
      ~ExitSession() override = default;
--- a/llarp/handlers/exit.cpp
+++ b/llarp/handlers/exit.cpp
@ -551,6 +551,13 @@ namespace llarp
      m_UpstreamResolvers = dnsConfig.m_upstreamDNS;
      m_OurRange = networkConfig.m_ifaddr;
      if (!m_OurRange.addr.h)
      {
        const auto maybe = llarp::FindFreeRange();
        if (not maybe.has_value())
          throw std::runtime_error("cannot find free interface range");
        m_OurRange = *maybe;
      }
      const auto host_str = m_OurRange.BaseAddressString();
      // string, or just a plain char array?
      strncpy(m_Tun.ifaddr, host_str.c_str(), sizeof(m_Tun.ifaddr) - 1);
@ -570,12 +577,19 @@ namespace llarp
          m_HigestAddr);
      m_UseV6 = not m_OurRange.IsV4();
-      if (networkConfig.m_ifname.length() >= sizeof(m_Tun.ifname))
+      std::string ifname = networkConfig.m_ifname;
      if (ifname.empty())
      {
        const auto maybe = llarp::FindFreeTun();
        if (not maybe.has_value())
          throw std::runtime_error("cannot find free interface name");
        ifname = *maybe;
      }
      if (ifname.length() >= sizeof(m_Tun.ifname))
      {
-        throw std::invalid_argument(
+        throw std::invalid_argument(stringify(Name() + " ifname '", ifname, "' is too long"));
            stringify(Name() + " ifname '", networkConfig.m_ifname, "' is too long"));
      }
-      strncpy(m_Tun.ifname, networkConfig.m_ifname.c_str(), sizeof(m_Tun.ifname) - 1);
+      strncpy(m_Tun.ifname, ifname.c_str(), sizeof(m_Tun.ifname) - 1);
      LogInfo(Name(), " set ifname to ", m_Tun.ifname);
      // TODO: "exit-whitelist" and "exit-blacklist"
--- a/llarp/handlers/null.hpp
+++ b/llarp/handlers/null.hpp
@ -12,12 +12,11 @@ namespace llarp
    {
      NullEndpoint(AbstractRouter* r, llarp::service::Context* parent)
          : llarp::service::Endpoint(r, parent)
-      {
+      {}
      }
      virtual bool
      HandleInboundPacket(
-          const service::ConvoTag, const llarp_buffer_t&, service::ProtocolType) override
+          const service::ConvoTag, const llarp_buffer_t&, service::ProtocolType, uint64_t) override
      {
        return true;
      }
--- a/llarp/handlers/tun.cpp
+++ b/llarp/handlers/tun.cpp
@ -31,10 +31,14 @@ namespace llarp
  namespace handlers
  {
    void
-    TunEndpoint::FlushToUser(std::function<bool(net::IPPacket&)> send)
+    TunEndpoint::FlushToUser(std::function<bool(const net::IPPacket&)> send)
    {
      // flush network to user
-      m_NetworkToUserPktQueue.Process(send);
+      while (not m_NetworkToUserPktQueue.empty())
      {
        send(m_NetworkToUserPktQueue.top().pkt);
        m_NetworkToUserPktQueue.pop();
      }
    }
    bool
@ -47,6 +51,7 @@ namespace llarp
    void
    TunEndpoint::tunifTick(llarp_tun_io* tun)
    {
      llarp::LogTrace("TunEndpoint::tunifTick()");
      auto* self = static_cast<TunEndpoint*>(tun->user);
      self->Flush();
    }
@ -54,7 +59,6 @@ namespace llarp
    TunEndpoint::TunEndpoint(AbstractRouter* r, service::Context* parent, bool lazyVPN)
        : service::Endpoint(r, parent)
        , m_UserToNetworkPktQueue("endpoint_sendq", r->netloop(), r->netloop())
        , m_NetworkToUserPktQueue("endpoint_recvq", r->netloop(), r->netloop())
        , m_Resolver(std::make_shared<dns::Proxy>(
              r->netloop(), r->logic(), r->netloop(), r->logic(), this))
    {
@ -196,6 +200,13 @@ namespace llarp
      }
      std::string ifname = conf.m_ifname;
      if (ifname.empty())
      {
        const auto maybe = llarp::FindFreeTun();
        if (not maybe.has_value())
          throw std::runtime_error("cannot find free interface name");
        ifname = *maybe;
      }
      if (tunif)
      {
        if (ifname.length() >= sizeof(tunif->ifname))
@ -207,6 +218,16 @@ namespace llarp
        llarp::LogInfo(Name() + " setting ifname to ", tunif->ifname);
        m_OurRange = conf.m_ifaddr;
        if (!m_OurRange.addr.h)
        {
          const auto maybe = llarp::FindFreeRange();
          if (not maybe.has_value())
          {
            throw std::runtime_error("cannot find free address range");
          }
          m_OurRange = *maybe;
        }
        m_UseV6 = not m_OurRange.IsV4();
        tunif->netmask = m_OurRange.HostmaskBits();
        const auto addr = m_OurRange.BaseAddressString();
@ -223,13 +244,6 @@ namespace llarp
      return m_IPToAddr.find(ip) != m_IPToAddr.end();
    }
    bool
    TunEndpoint::QueueOutboundTraffic(llarp::net::IPPacket&& pkt)
    {
      return m_NetworkToUserPktQueue.EmplaceIf(
          [](llarp::net::IPPacket&) -> bool { return true; }, std::move(pkt));
    }
    void
    TunEndpoint::Flush()
    {
@ -298,13 +312,6 @@ namespace llarp
                                         service::Address addr, auto msg, bool isV6) -> bool {
        using service::Address;
        using service::OutboundContext;
        if (self->HasAddress(addr))
        {
          const auto ip = self->ObtainIPForAddr(addr, false);
          msg->AddINReply(ip, isV6);
          reply(*msg);
          return true;
        }
        return self->EnsurePathToService(
            addr,
            [=](const Address&, OutboundContext* ctx) {
@ -374,8 +381,64 @@ namespace llarp
        lnsName = nameparts[nameparts.size() - 2];
        lnsName += ".loki"sv;
      }
      if (msg.questions[0].qtype == dns::qTypeTXT)
      {
        RouterID snode;
        if (snode.FromString(qname))
        {
          m_router->LookupRouter(snode, [reply, msg = std::move(msg)](const auto& found) mutable {
            if (found.empty())
            {
              msg.AddNXReply();
            }
            else
            {
              std::stringstream ss;
              for (const auto& rc : found)
                rc.ToTXTRecord(ss);
              msg.AddTXTReply(ss.str());
            }
            reply(msg);
          });
          return true;
        }
        else if (msg.questions[0].IsLocalhost() and msg.questions[0].HasSubdomains())
        {
          const auto subdomain = msg.questions[0].Subdomains();
          if (subdomain == "exit")
          {
            if (HasExit())
            {
              std::stringstream ss;
              m_ExitMap.ForEachEntry([&ss](const auto& range, const auto& exit) {
                ss << range.ToString() << "=" << exit.ToString() << "; ";
              });
              msg.AddTXTReply(ss.str());
            }
            else
            {
              msg.AddNXReply();
            }
          }
          else if (subdomain == "netid")
          {
            std::stringstream ss;
            ss << "netid=" << m_router->rc().netID.ToString() << ";";
            msg.AddTXTReply(ss.str());
          }
          else
          {
            msg.AddNXReply();
          }
        }
        else
        {
          msg.AddNXReply();
        }
-      if (msg.questions[0].qtype == dns::qTypeMX)
+        reply(msg);
      }
      else if (msg.questions[0].qtype == dns::qTypeMX)
      {
        // mx record
        service::Address addr;
@ -398,6 +461,19 @@ namespace llarp
          else
            msg.AddNXReply();
        }
        else if (msg.questions[0].IsLocalhost() and msg.questions[0].HasSubdomains())
        {
          const auto subdomain = msg.questions[0].Subdomains();
          if (subdomain == "exit" and HasExit())
          {
            m_ExitMap.ForEachEntry(
                [&msg](const auto&, const auto& exit) { msg.AddCNAMEReply(exit.ToString(), 1); });
          }
          else
          {
            msg.AddNXReply();
          }
        }
        else if (is_localhost_loki(msg))
        {
          size_t counter = 0;
@ -438,22 +514,34 @@ namespace llarp
        }
        else if (is_localhost_loki(msg))
        {
-          size_t counter = 0;
+          const bool lookingForExit = msg.questions[0].Subdomains() == "exit";
-          context->ForEachService(
+          huint128_t ip = GetIfAddr();
              [&](const std::string&, const std::shared_ptr<service::Endpoint>& service) -> bool {
                if (!service->HasIfAddr())
                  return true;
                huint128_t ip = service->GetIfAddr();
          if (ip.h)
          {
            if (lookingForExit)
            {
              if (HasExit())
              {
                m_ExitMap.ForEachEntry(
                    [&msg](const auto&, const auto& exit) { msg.AddCNAMEReply(exit.ToString()); });
                msg.AddINReply(ip, isV6);
                  ++counter;
              }
-                return true;
+              else
-              });
+              {
          if (counter == 0)
                msg.AddNXReply();
              }
            }
            else
            {
              msg.AddCNAMEReply(m_Identity.pub.Name(), 1);
              msg.AddINReply(ip, isV6);
            }
          }
          else
          {
            msg.AddNXReply();
          }
        }
        else if (addr.FromString(qname, ".loki"))
        {
          if (isV4 && SupportsV6())
@ -495,7 +583,6 @@ namespace llarp
                  return;
                }
                LogInfo(name, " ", lnsName, " resolved to ", maybe->ToString());
                msg->AddCNAMEReply(maybe->ToString());
                ReplyToLokiDNSWhenReady(*maybe, msg, isV6);
              });
        }
@ -669,7 +756,7 @@ namespace llarp
        llarp::LogInfo(Name(), " got vpn interface");
        auto self = shared_from_this();
        // function to queue a packet to send to vpn interface
-        auto sendpkt = [self](net::IPPacket& pkt) -> bool {
+        auto sendpkt = [self](const net::IPPacket& pkt) -> bool {
          // drop if no endpoint
          auto impl = self->GetVPNImpl();
          // drop if no vpn interface
@ -687,6 +774,7 @@ namespace llarp
        };
        // event loop ticker
        auto ticker = [self, sendpkt]() {
          llarp::LogTrace("TunEndpoint ticker() start");
          TunEndpoint* ep = self.get();
          const bool running = not ep->IsStopped();
          auto impl = ep->GetVPNImpl();
@ -711,6 +799,7 @@ namespace llarp
          // if impl has a tick function call it
          if (impl && impl->parent && impl->parent->tick)
            impl->parent->tick(impl->parent);
          llarp::LogTrace("TunEndpoint ticker() end");
        };
        if (not loop->add_ticker(ticker))
        {
@ -814,9 +903,8 @@ namespace llarp
      }
      if (!m_Resolver->Start(m_LocalResolverAddr, m_UpstreamResolvers))
      {
-        // downgrade DNS server failure to a warning
+        llarp::LogError(Name(), " failed to start DNS server");
-        llarp::LogWarn(Name(), " failed to start dns server");
+        return false;
        // return false;
      }
      return true;
    }
@ -830,6 +918,8 @@ namespace llarp
    bool
    TunEndpoint::Stop()
    {
      if (m_Resolver)
        m_Resolver->Stop();
      return llarp::service::Endpoint::Stop();
    }
@ -860,7 +950,7 @@ namespace llarp
            const auto icmp = pkt.MakeICMPUnreachable();
            if (icmp.has_value())
            {
-              HandleWriteIPPacket(icmp->ConstBuffer(), dst, src);
+              HandleWriteIPPacket(icmp->ConstBuffer(), dst, src, 0);
            }
          }
          else
@ -927,7 +1017,10 @@ namespace llarp
    bool
    TunEndpoint::HandleInboundPacket(
-        const service::ConvoTag tag, const llarp_buffer_t& buf, service::ProtocolType t)
+        const service::ConvoTag tag,
        const llarp_buffer_t& buf,
        service::ProtocolType t,
        uint64_t seqno)
    {
      if (t != service::eProtocolTrafficV4 && t != service::eProtocolTrafficV6
          && t != service::eProtocolExit)
@ -972,15 +1065,18 @@ namespace llarp
        src = ObtainIPForAddr(addr, snode);
        dst = m_OurIP;
      }
-      HandleWriteIPPacket(buf, src, dst);
+      HandleWriteIPPacket(buf, src, dst, seqno);
      return true;
    }
    bool
-    TunEndpoint::HandleWriteIPPacket(const llarp_buffer_t& b, huint128_t src, huint128_t dst)
+    TunEndpoint::HandleWriteIPPacket(
        const llarp_buffer_t& b, huint128_t src, huint128_t dst, uint64_t seqno)
    {
      ManagedBuffer buf(b);
-      return m_NetworkToUserPktQueue.EmplaceIf([buf, src, dst](net::IPPacket& pkt) -> bool {
+      WritePacket write;
      write.seqno = seqno;
      auto& pkt = write.pkt;
      // load
      if (!pkt.Load(buf))
        return false;
@ -992,8 +1088,8 @@ namespace llarp
      {
        pkt.UpdateIPv6Address(src, dst);
      }
      m_NetworkToUserPktQueue.push(std::move(write));
      return true;
      });
    }
    huint128_t
@ -1097,8 +1193,8 @@ namespace llarp
      // called in the isolated network thread
      auto* self = static_cast<TunEndpoint*>(tun->user);
      self->Flush();
-      self->FlushToUser([self, tun](net::IPPacket& pkt) -> bool {
+      self->FlushToUser([self, tun](const net::IPPacket& pkt) -> bool {
-        if (not llarp_ev_tun_async_write(tun, pkt.Buffer()))
+        if (not llarp_ev_tun_async_write(tun, pkt.ConstBuffer()))
        {
          llarp::LogWarn(self->Name(), " packet dropped");
        }
--- a/llarp/handlers/tun.hpp
+++ b/llarp/handlers/tun.hpp
@ -12,6 +12,7 @@
 #include <util/thread/threading.hpp>
 #include <future>
 #include <queue>
 namespace llarp
 {
@ -87,11 +88,15 @@ namespace llarp
      /// overrides Endpoint
      bool
      HandleInboundPacket(
-          const service::ConvoTag tag, const llarp_buffer_t& pkt, service::ProtocolType t) override;
+          const service::ConvoTag tag,
          const llarp_buffer_t& pkt,
          service::ProtocolType t,
          uint64_t seqno) override;
      /// handle inbound traffic
      bool
-      HandleWriteIPPacket(const llarp_buffer_t& buf, huint128_t src, huint128_t dst);
+      HandleWriteIPPacket(
          const llarp_buffer_t& buf, huint128_t src, huint128_t dst, uint64_t seqno);
      /// queue outbound packet to the world
      bool
@ -190,8 +195,21 @@ namespace llarp
      /// queue for sending packets over the network from us
      PacketQueue_t m_UserToNetworkPktQueue;
      struct WritePacket
      {
        uint64_t seqno;
        net::IPPacket pkt;
        bool
        operator<(const WritePacket& other) const
        {
          return other.seqno < seqno;
        }
      };
      /// queue for sending packets to user from network
-      PacketQueue_t m_NetworkToUserPktQueue;
+      std::priority_queue<WritePacket> m_NetworkToUserPktQueue;
      /// return true if we have a remote loki address for this ip address
      bool
      HasRemoteForIP(huint128_t ipv4) const;
@ -279,7 +297,7 @@ namespace llarp
      /// send function returns true to indicate stop iteration and do codel
      /// drop
      void
-      FlushToUser(std::function<bool(net::IPPacket&)> sendfunc);
+      FlushToUser(std::function<bool(const net::IPPacket&)> sendfunc);
    };
  }  // namespace handlers
--- a/llarp/iwp/linklayer.cpp
+++ b/llarp/iwp/linklayer.cpp
@ -24,8 +24,7 @@ namespace llarp
        : ILinkLayer(
            keyManager, getrc, h, sign, before, est, reneg, timeout, closed, pumpDone, worker)
        , permitInbound{allowInbound}
-    {
+    {}
    }
    LinkLayer::~LinkLayer() = default;
--- a/llarp/iwp/message_buffer.cpp
+++ b/llarp/iwp/message_buffer.cpp
@ -115,8 +115,7 @@ namespace llarp
    InboundMessage::InboundMessage(uint64_t msgid, uint16_t sz, ShortHash h, llarp_time_t now)
        : m_Data(size_t{sz}), m_Digset{std::move(h)}, m_MsgID(msgid), m_LastActiveAt{now}
-    {
+    {}
    }
    void
    InboundMessage::HandleData(uint16_t idx, const llarp_buffer_t& buf, llarp_time_t now)
--- a/llarp/link/server.cpp
+++ b/llarp/link/server.cpp
@ -37,8 +37,7 @@ namespace llarp
      , QueueWork(std::move(work))
      , m_RouterEncSecret(keyManager->encryptionKey)
      , m_SecretKey(keyManager->transportKey)
-  {
+  {}
  }
  ILinkLayer::~ILinkLayer() = default;
--- a/llarp/messages/discard.hpp
+++ b/llarp/messages/discard.hpp
@ -11,8 +11,7 @@ namespace llarp
  struct DiscardMessage final : public ILinkMessage
  {
    DiscardMessage() : ILinkMessage()
-    {
+    {}
    }
    bool
    BEncode(llarp_buffer_t* buf) const override
--- a/llarp/messages/link_intro.hpp
+++ b/llarp/messages/link_intro.hpp
@ -14,8 +14,7 @@ namespace llarp
    static constexpr size_t MaxSize = MAX_RC_SIZE + 256;
    LinkIntroMessage() : ILinkMessage()
-    {
+    {}
    }
    RouterContact rc;
    KeyExchangeNonce N;
--- a/llarp/messages/link_message_parser.cpp
+++ b/llarp/messages/link_message_parser.cpp
@ -30,8 +30,7 @@ namespace llarp
  LinkMessageParser::LinkMessageParser(AbstractRouter* _router)
      : router(_router), from(nullptr), msg(nullptr), holder(std::make_unique<msg_holder_t>())
-  {
+  {}
  }
  LinkMessageParser::~LinkMessageParser() = default;
--- a/llarp/messages/relay_commit.hpp
+++ b/llarp/messages/relay_commit.hpp
@ -52,8 +52,7 @@ namespace llarp
    LR_CommitMessage(std::array<EncryptedFrame, 8> _frames)
        : ILinkMessage(), frames(std::move(_frames))
-    {
+    {}
    }
    LR_CommitMessage() = default;
--- a/llarp/messages/relay_status.cpp
+++ b/llarp/messages/relay_status.cpp
@ -38,8 +38,7 @@ namespace llarp
        , path(std::move(_path))
        , router(_router)
        , pathid(pathid)
-    {
+    {}
    }
    ~LRSM_AsyncHandler() = default;
--- a/llarp/messages/relay_status.hpp
+++ b/llarp/messages/relay_status.hpp
@ -60,8 +60,7 @@ namespace llarp
    LR_StatusMessage(std::array<EncryptedFrame, 8> _frames)
        : ILinkMessage(), frames(std::move(_frames))
-    {
+    {}
    }
    LR_StatusMessage() = default;
--- a/llarp/net/exit_info.hpp
+++ b/llarp/net/exit_info.hpp
@ -26,8 +26,7 @@ namespace llarp
    ExitInfo() = default;
    ExitInfo(const PubKey& pk, const IpAddress& address) : ipAddress(address), pubkey(pk)
-    {
+    {}
    }
    bool
    BEncode(llarp_buffer_t* buf) const;
--- a/llarp/net/ip_address.cpp
+++ b/llarp/net/ip_address.cpp
@ -11,8 +11,7 @@ namespace llarp
  IpAddress::IpAddress(const IpAddress& other)
      : m_empty(other.m_empty), m_ipAddress(other.m_ipAddress), m_port(other.m_port)
-  {
+  {}
  }
  IpAddress::IpAddress(std::string_view str, std::optional<uint16_t> port)
  {
--- a/llarp/net/ip_packet.hpp
+++ b/llarp/net/ip_packet.hpp
@ -84,7 +84,8 @@ struct ipv6_header_preamble
 struct ipv6_header
 {
-  union {
+  union
  {
    ipv6_header_preamble preamble;
    uint32_t flowlabel;
  } preamble;
@ -144,8 +145,7 @@ namespace llarp
      {
        llarp_ev_loop_ptr loop;
        PutTime(llarp_ev_loop_ptr evloop) : loop(std::move(evloop))
-        {
+        {}
        }
        void
        operator()(IPPacket& pkt) const
        {
@ -157,8 +157,7 @@ namespace llarp
      {
        llarp_ev_loop_ptr loop;
        GetNow(llarp_ev_loop_ptr evloop) : loop(std::move(evloop))
-        {
+        {}
        }
        llarp_time_t
        operator()() const
        {
--- a/llarp/net/ip_range_map.hpp
+++ b/llarp/net/ip_range_map.hpp
@ -78,6 +78,18 @@ namespace llarp
        return transformed;
      }
      // get a value for this exact range
      std::optional<Value_t>
      GetExact(Range_t range) const
      {
        for (const auto& [r, value] : m_Entries)
        {
          if (r == range)
            return value;
        }
        return std::nullopt;
      }
      /// return a set of all values who's range contains this IP
      std::set<Value_t>
      FindAll(const IP_t& addr) const
--- a/llarp/net/route.cpp
+++ b/llarp/net/route.cpp
@ -445,6 +445,8 @@ namespace llarp::net
      std::string interface_name{interface_str.data()};
      if ((!gateway.S_un.S_addr) and interface_name != ifname)
      {
        llarp::LogTrace(
            "Win32 find gateway: Adding gateway (", interface_name, ") to list of gateways.");
        gateways.push_back(std::move(interface_name));
      }
    });
--- a/llarp/net/sock_addr.cpp
+++ b/llarp/net/sock_addr.cpp
@ -1,5 +1,5 @@
 #include <net/sock_addr.hpp>
-
+#include <net/net_bits.hpp>
 #include <util/str.hpp>
 #include <util/logging/logger.hpp>
 #include <util/mem.hpp>
@ -12,10 +12,15 @@ namespace llarp
  /// shared utility functions
  ///
  constexpr auto addrIsV4 = [](const in6_addr& addr) -> bool {
    return addr.s6_addr[10] == 0xff and addr.s6_addr[11] == 0xff;
  };
  void
  SockAddr::init()
  {
    llarp::Zero(&m_addr, sizeof(m_addr));
    llarp::Zero(&m_addr4, sizeof(m_addr4));
  }
  void
@ -96,7 +101,8 @@ namespace llarp
    // avoid byte order conversion (this is NBO -> NBO)
    memcpy(m_addr.sin6_addr.s6_addr + 12, &other.sin_addr.s_addr, sizeof(in_addr));
    m_addr.sin6_port = other.sin_port;
-
+    m_addr4.sin_addr.s_addr = other.sin_addr.s_addr;
    m_addr4.sin_port = other.sin_port;
    m_empty = false;
    return *this;
@ -113,7 +119,13 @@ namespace llarp
    init();
    memcpy(&m_addr, &other, sizeof(sockaddr_in6));
-
+    if (addrIsV4(other.sin6_addr))
      setIPv4(
          other.sin6_addr.s6_addr[12],
          other.sin6_addr.s6_addr[13],
          other.sin6_addr.s6_addr[14],
          other.sin6_addr.s6_addr[15]);
    setPort(ntohs(other.sin6_port));
    m_empty = false;
    return *this;
@ -130,7 +142,8 @@ namespace llarp
    init();
    memcpy(&m_addr.sin6_addr.s6_addr, &other.s6_addr, sizeof(m_addr.sin6_addr.s6_addr));
-
+    if (addrIsV4(other))
      setIPv4(other.s6_addr[12], other.s6_addr[13], other.s6_addr[14], other.s6_addr[15]);
    m_empty = false;
    return *this;
@ -141,6 +154,11 @@ namespace llarp
    return (sockaddr*)&m_addr;
  }
  SockAddr::operator const sockaddr_in*() const
  {
    return &m_addr4;
  }
  SockAddr::operator const sockaddr_in6*() const
  {
    return &m_addr;
@ -244,15 +262,9 @@ namespace llarp
      // treat SIIT like IPv4
      constexpr auto MaxIPv4PlusPortStringSize = 22;
      str.reserve(MaxIPv4PlusPortStringSize);
-
+      char buf[128] = {0x0};
-      // TODO: ensure these don't each incur a memory allocation
+      inet_ntop(AF_INET, &m_addr4.sin_addr.s_addr, buf, sizeof(buf));
-      str.append(std::to_string(ip6[12]));
+      str.append(buf);
      str.append(1, '.');
      str.append(std::to_string(ip6[13]));
      str.append(1, '.');
      str.append(std::to_string(ip6[14]));
      str.append(1, '.');
      str.append(std::to_string(ip6[15]));
    }
    else
    {
@ -281,7 +293,7 @@ namespace llarp
  void
  SockAddr::setIPv4(uint8_t a, uint8_t b, uint8_t c, uint8_t d)
  {
-    m_addr.sin6_family = AF_INET6;
+    m_addr.sin6_family = AF_INET;
    uint8_t* ip6 = m_addr.sin6_addr.s6_addr;
    llarp::Zero(ip6, sizeof(m_addr.sin6_addr.s6_addr));
@ -292,7 +304,9 @@ namespace llarp
    ip6[13] = b;
    ip6[14] = c;
    ip6[15] = d;
-
+    const auto ip = ipaddr_ipv4_bits(a, b, c, d);
    m_addr4.sin_addr.s_addr = htonl(ip.h);
    m_addr4.sin_family = AF_INET;
    m_empty = false;
  }
@ -300,6 +314,7 @@ namespace llarp
  SockAddr::setPort(uint16_t port)
  {
    m_addr.sin6_port = htons(port);
    m_addr4.sin_port = htons(port);
  }
  uint16_t
--- a/llarp/net/sock_addr.hpp
+++ b/llarp/net/sock_addr.hpp
@ -49,6 +49,7 @@ namespace llarp
    operator=(const in6_addr& addr);
    operator const sockaddr*() const;
    operator const sockaddr_in*() const;
    operator const sockaddr_in6*() const;
    bool
@ -82,6 +83,7 @@ namespace llarp
   private:
    bool m_empty = true;
    sockaddr_in6 m_addr;
    sockaddr_in m_addr4;
    void
    init();
--- a/llarp/net/uint128.hpp
+++ b/llarp/net/uint128.hpp
@ -24,13 +24,11 @@ namespace llarp
    // Initializes with 0s
    constexpr uint128_t() : uint128_t{0, 0}
-    {
+    {}
    }
    // Initializes with least-significant value
    constexpr uint128_t(uint64_t lower) : uint128_t{0, lower}
-    {
+    {}
    }
    // Initializes with upper and lower values
    constexpr uint128_t(uint64_t upper, uint64_t lower)
@ -41,8 +39,7 @@ namespace llarp
        : lower{lower}, upper{upper}
 #endif
    // clang-format on
-    {
+    {}
    }
    constexpr uint128_t(const uint128_t&) = default;
    constexpr uint128_t(uint128_t&&) = default;
--- a/llarp/nodedb.cpp
+++ b/llarp/nodedb.cpp
@ -21,8 +21,7 @@ static const std::string RC_FILE_EXT = ".signed";
 llarp_nodedb::NetDBEntry::NetDBEntry(llarp::RouterContact value)
    : rc(std::move(value)), inserted(llarp::time_now_ms())
-{
+{}
 }
 bool
 llarp_nodedb::Remove(const llarp::RouterID& pk)
@ -436,7 +435,7 @@ llarp_nodedb::LoadAll()
 size_t
 llarp_nodedb::num_loaded() const
 {
-  std::shared_lock l{access};
+  llarp::util::Lock l{access};
  return entries.size();
 }
--- a/llarp/nodedb.hpp
+++ b/llarp/nodedb.hpp
@ -32,8 +32,7 @@ struct llarp_nodedb
  explicit llarp_nodedb(const std::string rootdir, DiskCaller_t diskCaller)
      : disk(std::move(diskCaller)), nodePath(rootdir)
-  {
+  {}
  }
  ~llarp_nodedb()
  {
--- a/llarp/path/path_context.cpp
+++ b/llarp/path/path_context.cpp
@ -13,8 +13,7 @@ namespace llarp
    PathContext::PathContext(AbstractRouter* router)
        : m_Router(router), m_AllowTransit(false), m_PathLimits(DefaultPathBuildLimit)
-    {
+    {}
    }
    void
    PathContext::AllowTransit()
@ -321,6 +320,7 @@ namespace llarp
        {
          if (itr->second->Expired(now))
          {
            itr->second->m_PathSet->RemovePath(itr->second);
            itr = map.erase(itr);
          }
          else
@ -358,7 +358,6 @@ namespace llarp
    }
    void PathContext::RemovePathSet(PathSet_ptr)
-    {
+    {}
    }
  }  // namespace path
 }  // namespace llarp
--- a/llarp/path/pathbuilder.cpp
+++ b/llarp/path/pathbuilder.cpp
@ -136,13 +136,15 @@ namespace llarp
        if (status == SendStatus::Success)
        {
          ctx->router->pathContext().AddOwnPath(ctx->pathset, ctx->path);
-          ctx->pathset->PathBuildStarted(ctx->path);
+          ctx->pathset->PathBuildStarted(std::move(ctx->path));
        }
        else
        {
          LogError(ctx->pathset->Name(), " failed to send LRCM to ", ctx->path->Upstream());
-          ctx->pathset->HandlePathBuildFailed(ctx->path);
+          ctx->path->EnterState(path::ePathFailed, ctx->router->Now());
        }
        ctx->path = nullptr;
        ctx->pathset = nullptr;
      };
      if (ctx->router->SendToOrQueue(remote, msg, sentHandler))
      {
@ -150,7 +152,10 @@ namespace llarp
        ctx->router->PersistSessionUntil(remote, ctx->path->ExpireTime());
      }
      else
      {
        LogError(ctx->pathset->Name(), " failed to queue LRCM to ", remote);
        sentHandler(SendStatus::NoLink);
      }
    }
  }
@ -191,7 +196,7 @@ namespace llarp
    {
      util::StatusObject obj{{"buildStats", m_BuildStats.ExtractStatus()},
                             {"numHops", uint64_t(numHops)},
-                             {"numPaths", uint64_t(numPaths)}};
+                             {"numPaths", uint64_t(numDesiredPaths)}};
      std::transform(
          m_Paths.begin(),
          m_Paths.end(),
@ -476,7 +481,7 @@ namespace llarp
    void
    Builder::HandlePathBuildTimeout(Path_ptr p)
    {
-      m_router->routerProfiling().MarkPathFail(p.get());
+      m_router->routerProfiling().MarkPathTimeout(p.get());
      PathSet::HandlePathBuildTimeout(p);
      DoPathBuildBackoff();
    }
--- a/llarp/path/pathbuilder.hpp
+++ b/llarp/path/pathbuilder.hpp
@ -44,7 +44,7 @@ namespace llarp
      llarp_time_t buildIntervalLimit = MIN_PATH_BUILD_INTERVAL;
      /// construct
-      Builder(AbstractRouter* p_router, size_t numPaths, size_t numHops);
+      Builder(AbstractRouter* p_router, size_t numDesiredPaths, size_t numHops);
      virtual ~Builder() = default;
--- a/llarp/path/pathset.cpp
+++ b/llarp/path/pathset.cpp
@ -11,19 +11,18 @@ namespace llarp
 {
  namespace path
  {
-    PathSet::PathSet(size_t num) : numPaths(num)
+    PathSet::PathSet(size_t num) : numDesiredPaths(num)
-    {
+    {}
    }
    bool
    PathSet::ShouldBuildMore(llarp_time_t now) const
    {
      (void)now;
      const auto building = NumInStatus(ePathBuilding);
-      if (building >= numPaths)
+      if (building >= numDesiredPaths)
        return false;
      const auto established = NumInStatus(ePathEstablished);
-      return established < numPaths;
+      return established < numDesiredPaths;
    }
    bool
@ -338,6 +337,12 @@ namespace llarp
      m_BuildStats.fails++;
    }
    void
    PathSet::HandlePathDied(Path_ptr p)
    {
      LogWarn(Name(), " path ", p->ShortName(), " died");
    }
    void
    PathSet::PathBuildStarted(Path_ptr p)
    {
--- a/llarp/path/pathset.hpp
+++ b/llarp/path/pathset.hpp
@ -97,8 +97,8 @@ namespace llarp
      /// maximum number of paths a path set can maintain
      static constexpr size_t max_paths = 32;
      /// construct
-      /// @params numPaths the number of paths to maintain
+      /// @params numDesiredPaths the number of paths to maintain
-      PathSet(size_t numPaths);
+      PathSet(size_t numDesiredPaths);
      /// get a shared_ptr of ourself
      virtual PathSet_ptr
@ -136,7 +136,7 @@ namespace llarp
      /// a path died now what?
      virtual void
-      HandlePathDied(Path_ptr path) = 0;
+      HandlePathDied(Path_ptr path);
      bool
      GetNewestIntro(service::Introduction& intro) const;
@ -296,7 +296,7 @@ namespace llarp
      void
      DownstreamFlush(AbstractRouter* r);
-      size_t numPaths;
+      size_t numDesiredPaths;
     protected:
      BuildStats m_BuildStats;
--- a/Show More
+++ b/Show More
		`@ -1 +1 @@`
			`Subproject commit 25f4b8b8a3c0f934158cd37a37b0525d75ca488e`				`Subproject commit 4e69e333252693bd82d6338d6124f0416538dbfc`
		`@ -1 +1 @@`
			`Subproject commit 53481cdfa9b0dc8d6dbbf04803401298754d7f44`				`Subproject commit ea484729c7bb7b430259a422df373e86bdd95b55`