Commit Graph

131 Commits

Author SHA1 Message Date
Jeff
871c3e3281
changeset for windows port
* wintun vpn platform for windows
* bundle config snippets into nsis installer for exit node, keyfile persisting, reduced hops mode.
* use wintun for vpn platform
* isolate all windows platform specific code into their own compilation units and libraries
* split up internal libraries into more specific components
* rename liblokinet.a target to liblokinet-amalgum.a to elimiate ambiguity with liblokinet.so
* DNS platform for win32
* rename llarp/ev/ev_libuv.{c,h}pp to llarp/ev/libuv.{c,h}pp as the old name was idiotic
* split up net platform into win32 and posix specific compilation units
* rename lokinet_init.c to easter_eggs.cpp as that is what they are for and it does not need to be a c compilation target
* add cmake option STRIP_SYMBOLS for seperating out debug symbols for windows builds
* intercept dns traffic on all interfaces on windows using windivert and feed it into lokinet
2022-09-08 14:24:59 -04:00
Jeff
d846bab0e1
unbreak android config loading 2022-09-08 14:23:53 -04:00
Jeff
74362149eb
refactor dns subsystem
we want to be able to have multiple locally bound dns sockets in lokinet so
i restructured most of the dns subsystem in order to make this easier.

specifically, we have a new structure to dns subsystem:

* dns::QueryJob_Base

base type for holding a dns query and response with virtual methods
in charge of sending a reply to whoever requested.

* dns::PacketSource_Base

base type for reading and writing dns messages to and from wherever they came from

* dns::Resolver_Base

base type for filtering and handling of dns messages asynchronously.

* dns::Server

contextualized per endpoint dns object, responsible for all dns related isms.

this change hides all impelementation details of all of the dns components.
adds some more helper functions for parsing dns and dealing with OwnedBuffer.

overall dns becomes less of a pain with this new structure. probably.
2022-09-08 14:23:52 -04:00
Jeff
68148e098f
* add mockable network functions
* add unit tests with ability to pretend to be different network setups
2022-07-20 13:36:03 -04:00
Jason Rhinelander
f6019210c3
oxen-logging update to handle level/type parsing exceptions 2022-07-19 13:39:00 -03:00
Jason Rhinelander
b81f7025c9
Replace logging with oxen-logger
Replaces custom logging system with spdlog-based oxen logging.  This
commit mainly replaces the backend logging with the spdlog-based system,
but doesn't (yet) convert all the existing LogWarn, etc. to use the new
format-based logging.

New logging statements will look like:

    llarp::log::warning(cat, "blah: {}", val);

where `cat` should be set up in each .cpp or cluster of .cpp files, as
described in the oxen-logging README.

As part of spdlog we get fmt, which gives us nice format strings, where
are applied generously in this commit.

Making types printable now requires two steps:
- add a ToString() method
- add this specialization:

      template <>
      constexpr inline bool llarp::IsToStringFormattable<llarp::Whatever> = true;

This will then allow the type to be printed as a "{}" value in a
fmt::format string.  This is applied to all our printable types here,
and all of the `operator<<` are removed.

This commit also:
- replaces various uses of `operator<<` to ToString()
- replaces various uses of std::stringstream with either fmt::format or
  plain std::string
- Rename some to_string and toString() methods to ToString() for
  consistency (and to work with fmt)
- Replace `stringify(...)` and `make_exception` usage with fmt::format
  (and remove stringify/make_exception from util/str.hpp).
2022-07-15 22:17:59 -03:00
Jeff
98b3860655
set source ip on service nodes for outbound link to not use all interfaces 2022-05-27 13:26:30 -04:00
Jeff
5050cd0299 add hashed password capability to endpoint auth by file 2022-04-20 15:26:39 -04:00
Jeff
a082ba4e77 add file auth for tokens 2022-04-20 15:26:39 -04:00
Jeff
9a6bfe6013 static endpoint auth codes 2022-04-20 15:26:39 -04:00
Jeff Becker
2428cc189e llarp::BootstrapConfig update
* make routers member a llarp::BootstrapList
2022-01-31 10:53:48 -05:00
Jeff
b3d9cd463f route poker: allow not blackholing routes.
allow runtime configuration to disable ip blackholing.
2022-01-14 13:03:01 -05:00
Jeff Becker
14ffdb6639
configurable route poker
this allows you to use exit nodes without forcing routes over the interface, useful for using lokinet with an exit and selectively routing over the lokinet interface using an external socks proxy or binding to device explicitly.

* make route poker configurable, defaults to enabled but allows disabling it on runtime if desired
* add config option [network]:auto-routing to enable/disable route poker
2021-12-15 18:42:22 -05:00
Jeff
388fc53380
match io loop event order on windows/apple to match linux.
on win32/apple reading packets from the interface does not count as an io operation.
manually trigger pump on win32/apple to pretend that it is an io event.
add platform quark function MaybeWakeUpperLayers on vpn::Interface to manaully wake up the other components on platforms that need that (ones on which packet io is not done via io events).
on non linux platforms, use uv_prepare_t instead of uv_check_t as the former triggers before blocking for io, instead of after. this better matches linux's order of operations in libuv.
2021-12-15 15:25:53 -05:00
Jeff Becker
a6fbaa7c7a
add dns hosts file option for user side dns filtering 2021-06-20 05:59:22 -04:00
Jeff Becker
a24b82119b
fix #1655
* make it so that we don't set up unbound resolver when we have no resolvers provided by config
* clean up dns codepath and make it use llarp::SockAddr instead of llarp::IpAddress
2021-06-20 05:59:22 -04:00
Jeff
c9b4ca85b2
[feature] optionally keep inbound convos mapped to same IP on restart (#1672)
* add option to persist address mappings between restarts using [network]:persist-addrmap-file

* make it work

* only persist address map for inbound convos

* turn persisting address map on by default

* dont load addrmap file if it has been modified last over a minute ago to prevent foot cannons fired from loading a really old version of it
2021-06-17 12:05:50 -04:00
Jeff Becker
54f9e1b44e
make path alignment timeout configuable
adds [network] section parameter called path-alignment-timeout that allows configring the timeout
for optional name lookup + introset lookup + aligned path build, used by tun endpoint dns, provided
as milliseconds.
2021-05-01 16:25:32 -04:00
Jeff Becker
b721b8d65b
finish wiring up config for #1595 2021-04-19 07:03:56 -04:00
Jeff Becker
fedc56e3f1
initial commit for #1595 2021-04-19 07:02:46 -04:00
Jeff Becker
545021aa3d
temp commit 2021-04-19 07:02:46 -04:00
Jeff Becker
2188b443e9
more liblokinet api stuff
* add lokinet_wait_for_ready to wait until we have published introsets and such
* optionally expose ports in lnproxy
* dont save profiles by default
2021-04-19 06:59:07 -04:00
Jeff Becker
95cd275cdd
liblokinet additions:
* add lokinet_add_bootstrap_rc function for adding an rc from memory
* prevent stack overflow on error closing connection in quic
* add in memory nodedb
* refactor how convotags are set as active
* add initial stubs for endpoint statistics
* refactor time stuff to be a bit cleaner
* update lnproxy script with more arguments
2021-04-19 06:59:07 -04:00
Jeff Becker
853cc52efb
wire up liblokinet 2021-04-19 06:59:06 -04:00
Jason Rhinelander
752879d712
QUIC lokinet integration refactor
Refactors how quic packets get handled: the actual tunnels now live in
tunnel.hpp's TunnelManager which holds and manages all the quic<->tcp
tunnelling.  service::Endpoint now holds a TunnelManager rather than a
quic::Server.  We only need one quic server, but we need a separate quic
client instance per outgoing quic tunnel, and TunnelManager handles all
that glue now.

Adds QUIC packet handling to get to the right tunnel code.  This
required multiplexing incoming quic packets, as follows:

Adds a very small quic tunnel packet header of 4 bytes:

    [1, SPORT, ECN] for client->server packets, where SPORT is our
    source "port" (really: just a uint16_t unique quic instance
    identifier)

or

    [2, DPORT, ECN] for server->client packets where the DPORT is the SPORT
    from above.

(This also reworks ECN bits to get properly carried over lokinet.)

We don't need a destination/source port for the server-side because
there is only ever one quic server (and we know we're going to it when
the first byte of the header is 1).

Removes the config option for quic exposing ports; a full lokinet will
simply accept anything incoming on quic and tunnel it to the requested
port on the the local endpoint IP (this handler will come in a following
commit).

Replace ConvoTags with full addresses: we need to carry the port, as
well, which the ConvoTag can't give us, so change those to more general
SockAddrs from which we can extract both the ConvoTag *and* the port.

Add a pending connection queue along with new quic-side handlers to call
when a stream becomes available (TunnelManager uses this to wire up
pending incoming conns with quic streams as streams open up).

Completely get rid of tunnel_server/tunnel_client.cpp code; it is now
moved to tunnel.hpp.

Add listen()/forget() methods in TunnelManager for setting up quic
listening sockets (for liblokinet usage).

Add open()/close() methods in TunnelManager for spinning up new quic
clients for outgoing quic connections.
2021-04-19 06:58:36 -04:00
Jeff Becker
1885b1cae9
more 2021-04-19 06:58:05 -04:00
Jeff
cb2254ba46
Merge pull request #1573 from jagerman/more-code-refactors
More code refactors
2021-03-23 16:22:23 -04:00
Jeff Becker
a83428297e
make ipv6 range used by exit traffic configurable.
* add ip6-range option to network section to control which range we want to use for ipv6 traffic
* make ip6-range able to disable ipv6 exits ( i dont like this but eh )
2021-03-18 11:59:02 -04:00
Jason Rhinelander
181953b4a6 Replace ::Hash nested structs with std::hash specializations 2021-03-10 11:19:52 -04:00
Thomas Winget
7caa87862e standardize include format and pragma once
All #ifndef guards on headers have been removed, I think,
in favor of #pragma once

Headers are now included as `#include "filename"` if the included file
resides in the same directory as the file including it, or any
subdirectory therein.  Otherwise they are included as
`#include <project/top/dir/relative/path/filename>`

The above does not include system/os headers.
2021-03-09 19:01:41 -05:00
Jeff
f2b234d6c3
Merge pull request #1539 from majestrate/path-algorithm-flavors-2021-02-18
add option to enforce unique netblocks per path.
2021-03-03 14:06:40 -05:00
Thomas Winget
4c630e0437 Large collection of changes to make android work
- Previous android java and jni code updated to work, but with much love
  still needed to make it work nicely, e.g. handling when the VPN is
  turned off.

- DNS handling refactored to allow android to intercept and handle DNS
  requests as we can't set the system DNS to use a high port
  (and apparently Chrome ignores system DNS settings anyway)

- add packet router structure to allow separate handling of specific
  intercepted traffic, e.g. UDP traffic to port 53 gets handled by our
  DNS handler rather than being naively forwarded as exit traffic.

- For now, android lokinet is exit-only and hard-coded to use exit.loki
  as its exit.  The exit will be configurable before release, but
  allowing to not use exit-only mode is more of a challenge.

- some old gitignore remnants which were matching to things we don't
  want them to (and are no longer relevant) removed

- some minor changes to CI configuration
2021-03-02 13:18:22 -05:00
Jeff Becker
f7424b8bbe
dont use std::optional 2021-03-02 07:20:29 -05:00
Jeff Becker
3425069b41
feedback from jason
* use emplace in PeerSectionConfig::Acceptable use insert everywhere else
* use const l-value references
* fix typos and spelling mistakes
2021-03-02 07:20:29 -05:00
Jeff Becker
9457da27d9
add option to enforce unique netblocks per path. 2021-03-02 07:20:28 -05:00
Jeff Becker
df4ea34a56
nodedb refactor
* bump zmq static dep
* lokimq -> oxenmq
* llarp_nodedb -> llarp::NodeDB
* remove all crufty api parts of NodeDB
* make NodeDB rc selection api not suck
* make path builder api not suck
* propagate all above changes so that unit tests work and it all compiles
2021-02-02 09:35:40 -05:00
Jeff
0e1e0aaef3
allow for relative file paths in config (#1432)
* llarp::Config constructor can take an empty fs::path now and it will default to fs::current_path
* llarp::ensureConfig now throws on fs error
* updates to daemon/main.cpp to reflect changes to llarp::ensureConfig's new throwability
* dowse parts of the code with holy water for the 0.8.1 tag
2020-10-30 09:38:17 -04:00
Jeff
12eb32a816
add conf.d directory for config overrides (#1410)
* add conf.d directory for config overrides

* refactor llarp::Config

* add explicit constructor with datadir as parameter
* have all config files be passed as std::optional
* make Config::LoadDefault private and use std::optional in Config::Load to remove ambiguity
* update rest of codebase to reflect above changes

* fix pybind

* rename bootstrap config skipBootstrap to seednode as it's more descriptive
* make seednode configurable
* make pybind layer compile
* make pybind layer run
2020-10-21 08:58:08 -04:00
Jeff
22acf0a537
Lns exits (#1407)
* lns exits

* try appeasing the clang

* clean up lambda
2020-10-21 05:39:01 -04:00
Jason Rhinelander
af6caf776a
Config file improvements (#1397)
* Config file API/comment improvements

API improvements:
=================

Make the config API use position-independent tag parameters (Required,
Default{123}, MultiValue) rather than a sequence of bools with
overloads.  For example, instead of:

    conf.defineOption<int>("a", "b", false, true, 123, [] { ... });

you now write:

    conf.defineOption<int>("a", "b", MultiValue, Default{123}, [] { ... });

The tags are:
- Required
- MultiValue
- Default{value}
plus new abilities (see below):
- Hidden
- RelayOnly
- ClientOnly
- Comment{"line1", "line2", "line3"}

Made option definition more powerful:
=====================================

- `Hidden` allows you to define an option that won't show up in the
  generated config file if it isn't set.

- `RelayOnly`/`ClientOnly` sets up an option that is only accepted and
  only shows up for relay or client configs.  (If neither is specified
  the option shows up in both modes).

- `Comment{...}` lets the option comments be specified as part of the
  defineOption.

Comment improvements
====================

- Rewrote comments for various options to expand on details.
- Inlined all the comments with the option definitions.
- Several options that were missing comments got comments added.
- Made various options for deprecated and or internal options hidden by
  default so that they don't show up in a default config file.
- show the section comment (but not option comments) *after* the
  [section] tag instead of before it as it makes more sense that way
  (particularly for the [bind] section which has a new long comment to
  describe how it works).

Disable profiling by default
============================

We had this weird state where we use and store profiling by default but
never *load* it when starting up.  This commit makes us just not use
profiling at all unless explicitly enabled.

Other misc changes:
===================

- change default worker threads to 0 (= num cpus) instead of 1, and fix
  it to allow 0.
- Actually apply worker-threads option
- fixed default data-dir value erroneously having quotes around it
- reordered ifname/ifaddr/mapaddr (was previously mapaddr/ifaddr/ifname)
  as mapaddr is a sort of specialization of ifaddr and so makes more
  sense to come after it (particularly because it now references ifaddr
  in its help message).
- removed peer-stats option (since we always require it for relays and
  never use it for clients)
- removed router profiles filename option (this doesn't need to be
  configurable)
- removed defunct `service-node-seed` option
- Change default logging output file to "" (which means stdout), and
  also made "-" work for stdout.

* Router hive compilation fixes

* Comments for SNApp SRV settings in ini file

* Add extra blank line after section comments

* Better deprecated option handling

Allow {client,relay}-only options in {relay,client} configs to be
specified as implicitly deprecated options: they warn, and don't set
anything.

Add an explicit `Deprecated` tag and move deprecated option handling
into definition.cpp.

* Move backwards compat options into section definitions

Keep the "addBackwardsCompatibleConfigOptions" only for options in
sections that no longer exist.

* Fix INI parsing issues & C++17-ify

- don't allow inline comments because it seems they aren't allowed in
ini formats in general, and is going to cause problems if there is a
comment character in a value (e.g. an exit auth string).  Additionally
it was breaking on a line such as:

    # some comment; see?

because it was treating only `; see?` as the comment and then producing
an error message about the rest of the line being invalid.

- make section parsing stricter: the `[` and `]` have to be at the
beginning at end of the line now (after stripping whitespace).

- Move whitespace stripping to the top since everything in here does it.

- chop off string_view suffix/prefix rather than maintaining position
values

- fix potential infinite loop/segfault when given a line such as `]foo[`

* Make config parsing failure fatal

Load() LogError's and returns false on failure, so we weren't aborting
on config file errors.

* Formatting: allow `{}` for empty functions/structs

Instead of using two lines when empty:

    {
    }

* Make default dns bind 127.0.0.1 on non-Linux

* Don't show empty section; fix tests

We can conceivably have sections that only make sense for clients or
relays, and so want to completely omit that section if we have no
options for the type of config being generated.

Also fixes missing empty lines between tests.

Co-authored-by: Thomas Winget <tewinget@gmail.com>
2020-10-07 18:22:58 -04:00
Jeff
8943be6c3a
serialize auth codes in rpc (#1369)
* serialize auth codes in rpc

* format

* format

* config and route fixups

* bump lokimq

* fix compile

* discard unknown members in service keys

* format
2020-09-29 09:26:45 -04:00
Thomas Winget
b1c14af938
SRV Record handling for introsets (#1331)
* update loki-mq submodule for tuple support

* srv record reply implementation

still need to encode srv records into intro sets / router contacts
as well as decode from them and match against queried service.proto

* inverted condition fix in config code

* SRV record struct (de-)serialization for intro sets

* parsing and using srv records from config (for/in introsets)

* adopt str utils from core and use for srv parsing

* changes to repeat requests

no longer drop repeat requests on the floor, but do not make
an *actual* request for them if one is in progress.

do not call reply hook for each reply for a request, as
each userland request is actually made into several lokinet
requests and this would result in duplicate replies.

* fetch SRVs from introsets for .loki

* make format

* dns and srv fixes, srv appears to be working
2020-08-31 16:07:17 -04:00
jeff
5391e6a66a initial config overriding on runtime 2020-08-27 12:43:53 +00:00
jeff
e3bfe76f98 add exit auth token awareness to config 2020-08-27 07:12:56 -04:00
Jeff Becker
ff130e2b5e
die if we are a relay and don't have any inbound links 2020-08-24 20:19:51 -04:00
Stephen Shelton
b0d8568452
Remove llarp C API usage from RouterHive 2020-07-02 10:24:19 -06:00
Stephen Shelton
2a30e7dac2
Add PeerDb to Router 2020-07-02 10:13:21 -06:00
Jeff Becker
a9109aa91b
* deprecate old unused lokid rpc options
* use lokimq::address in config and in lokid rpc
* bump lokimq submodule
2020-07-02 11:13:31 -04:00
Jeff Becker
80919a3b76
address feedback.
* use exceptions when fetching identity key instead of std::optional, will throw on fail
* fix up config options for endpoint auth and add better docs
* add llarp::serive::AuthType enum for controlling what kind of endpoint auth to use
2020-07-02 11:13:31 -04:00
Jeff Becker
0f21eeccb0
* rework exit codepath to allow multiple exits
* rework net code for ip ranges to be cleaner
* clean up endpoint auth code
* refactor config to validate network configs before setting up endpoints
* remove buildone from path/pathbuilder.cpp so we don't spam connection attempts
2020-07-02 11:13:30 -04:00