[ { "path": ".clang-format", "content": "BasedOnStyle: Google\n\n# alignment\nAlignAfterOpenBracket: AlwaysBreak\nAlignConsecutiveAssignments: 'false'\nAlignConsecutiveDeclarations: 'false'\nAlignEscapedNewlinesLeft: 'true'\nAlignOperands: 'false'\nAlignTrailingComments: 'true'\nColumnLimit: 120\nPointerAlignment: Left\nQualifierAlignment: Custom\nQualifierOrder: ['inline', 'static', 'constexpr', 'const', 'type']\nReferenceAlignment: Left\n\n# bracing\nBreakBeforeBraces: Custom\nBraceWrapping:\n AfterCaseLabel: true\n AfterClass: true\n AfterControlStatement: true\n AfterEnum: true\n AfterFunction: true\n AfterNamespace: true\n AfterObjCDeclaration: true\n AfterStruct: true\n AfterUnion: true\n AfterExternBlock: true\n BeforeCatch: true\n BeforeElse: true\n SplitEmptyFunction: false\n SplitEmptyRecord: false\n SplitEmptyNamespace: false\n\n# breaking\nAlwaysBreakAfterDefinitionReturnType: None\nAlwaysBreakAfterReturnType: None\nAlwaysBreakTemplateDeclarations: 'true'\nBreakBeforeBinaryOperators: NonAssignment\nBreakBeforeTernaryOperators: 'true'\nBreakConstructorInitializers: BeforeColon\n\n# indentation\nAccessModifierOffset: -2\nConstructorInitializerIndentWidth: 4\nContinuationIndentWidth: 4\nIndentWidth: 4\nNamespaceIndentation: All\n\n# shorties\nAllowShortBlocksOnASingleLine: 'false'\nAllowShortCaseLabelsOnASingleLine: 'false'\nAllowShortFunctionsOnASingleLine: All\nAllowShortIfStatementsOnASingleLine: 'false'\nAllowShortLoopsOnASingleLine: 'false'\n\n# spacing\nKeepEmptyLinesAtTheStartOfBlocks: 'false'\nPenaltyBreakString: '3'\nSpaceBeforeParens: ControlStatements\nSpacesInAngles: 'false'\nSpacesInContainerLiterals: 'false'\nSpacesInParentheses: 'false'\nSpacesInSquareBrackets: 'false'\nStandard: c++20\nUseTab: Never\n\n# wrapping\nPackConstructorInitializers: NextLine\nBinPackParameters: 'false'\nBinPackArguments: 'false'\n\n# Include block sorting in the following order:\n# - Main header for source file (clang-format default prioritizes this first)\n# - Relative path includes in quotation marks\n# - Absolute path includes in angle brackets\n# - External dependencies\n# - System dependencies\nSortIncludes: CaseInsensitive\nIncludeBlocks: Regroup\nIncludeCategories:\n - Regex: '\".+\\.h'\n Priority: 2\n - Regex: '^'\n Priority: 4\n - Regex: ''\n Priority: 5\n - Regex: '^<.*\\.h(pp)?>$'\n Priority: 6\n - Regex: '(<)(.)+(>)'\n Priority: 7\n" }, { "path": ".clang-tidy", "content": "HeaderFilterRegex: 'llarp/.*'\nChecks: \n'readability-else-after-return,\nclang-analyzer-core-*,modernize-*,\n-modernize-use-trailing-return-type,\n-modernize-use-nodiscard,\nbugprone-*,\n-bugprone-easily-swappable-parameters'\n" }, { "path": ".dir-locals.el", "content": "((c++-mode\n (eval add-hook 'before-save-hook #'clang-format-buffer nil t))\n (c-mode\n (eval add-hook 'before-save-hook #'clang-format-buffer nil t)))\n" }, { "path": ".dockerignore", "content": "build/\n.vscode/\nlokinet\nlokinet.exe\n" }, { "path": ".drone.jsonnet", "content": "local default_deps_base = std.set([\n 'g++',\n 'libcli11-dev',\n 'libcurl4-openssl-dev',\n 'libevent-dev',\n 'libfmt-dev',\n 'libgnutls28-dev',\n 'libsodium-dev',\n 'libspdlog-dev',\n 'libsqlite3-dev',\n 'libssl-dev',\n 'libsystemd-dev',\n 'libunbound-dev',\n 'libzmq3-dev',\n 'libzstd-dev',\n 'make',\n 'nettle-dev',\n 'nlohmann-json3-dev',\n 'python3-dev',\n]);\nlocal default_deps(add=[], remove=[]) = std.setDiff(\n std.setUnion(default_deps_base, if std.isArray(add) then std.set(add) else [add]),\n std.set(if std.isArray(remove) then std.set(remove) else [remove])\n);\nlocal static_deps = std.set(['g++', 'python3-dev', 'automake', 'libtool']);\nlocal oxen_repo_default = ['liboxen-logging-dev', 'liboxenmq-dev', 'liboxenc-dev', 'liboxen-quic-dev'];\nlocal docker_base = 'registry.oxen.rocks/';\n\n\nlocal submodule_commands = [\n 'git fetch --tags',\n 'git submodule update --init --recursive --depth=1 --jobs=4',\n];\nlocal submodules = {\n name: 'submodules',\n image: 'drone/git',\n commands: submodule_commands,\n};\n\n// cmake options for static deps mirror\nlocal ci_dep_mirror(want_mirror) = (if want_mirror then ' -DLOCAL_MIRROR=https://oxen.rocks/deps ' else '');\n\nlocal apt_get_quiet = 'apt-get -o=Dpkg::Use-Pty=0 -q';\n\nlocal kitware_repo(distro) = [\n 'eatmydata ' + apt_get_quiet + ' install -y curl ca-certificates',\n 'curl -sSL https://apt.kitware.com/keys/kitware-archive-latest.asc 2>/dev/null | gpg --dearmor - >/usr/share/keyrings/kitware-archive-keyring.gpg',\n 'echo \"deb [signed-by=/usr/share/keyrings/kitware-archive-keyring.gpg] https://apt.kitware.com/ubuntu/ ' + distro + ' main\" >/etc/apt/sources.list.d/kitware.list',\n 'eatmydata ' + apt_get_quiet + ' update',\n];\n\nlocal debian_backports(distro, pkgs) = [\n 'echo \"deb http://deb.debian.org/debian ' + distro + '-backports main\" >/etc/apt/sources.list.d/' + distro + '-backports.list',\n 'eatmydata ' + apt_get_quiet + ' update',\n 'eatmydata ' + apt_get_quiet + ' install -y ' + std.join(' ', std.map(function(x) x + '/' + distro + '-backports', pkgs)),\n];\n\n// Regular build on a debian-like system:\nlocal debian_pipeline(name,\n image,\n arch='amd64',\n deps=default_deps(),\n extra_setup=[],\n build_type='Release',\n lto=false,\n werror=true,\n cmake_extra='',\n local_mirror=true,\n extra_cmds=[],\n jobs=6,\n tests=false, // FIXME TODO: temporary until test suite is fixed\n oxen_repo=oxen_repo_default,\n allow_fail=false) = {\n kind: 'pipeline',\n type: 'docker',\n name: name,\n platform: { arch: arch },\n trigger: { branch: { exclude: ['debian/*', 'ubuntu/*'] } },\n steps: [\n submodules,\n {\n name: 'build',\n image: image,\n pull: 'always',\n [if allow_fail then 'failure']: 'ignore',\n environment: { SSH_KEY: { from_secret: 'SSH_KEY' } },\n commands: [\n 'echo \"Building on ${DRONE_STAGE_MACHINE}\"',\n 'echo \"man-db man-db/auto-update boolean false\" | debconf-set-selections',\n apt_get_quiet + ' update',\n apt_get_quiet + ' install -y eatmydata',\n ] + (\n if std.length(oxen_repo) > 0 then [\n 'eatmydata ' + apt_get_quiet + ' install --no-install-recommends -y lsb-release',\n 'cp contrib/deb.oxen.io.gpg /etc/apt/trusted.gpg.d',\n 'echo deb http://deb.oxen.io $$(lsb_release -sc) main >/etc/apt/sources.list.d/oxen.list',\n 'eatmydata ' + apt_get_quiet + ' update',\n apt_get_quiet + ' install -y ' + std.join(' ', oxen_repo),\n ] else []\n ) + extra_setup\n + [\n 'eatmydata ' + apt_get_quiet + ' dist-upgrade -y',\n 'eatmydata ' + apt_get_quiet + ' install --no-install-recommends -y gdb cmake git pkg-config ccache ' + std.join(' ', deps),\n 'mkdir build',\n 'cd build',\n 'cmake .. -DWITH_SETCAP=OFF -DCMAKE_CXX_FLAGS=-fdiagnostics-color=always -DCMAKE_BUILD_TYPE=' + build_type + ' ' +\n '-DWARN_DEPRECATED=OFF ' +\n (if werror then '-DWARNINGS_AS_ERRORS=ON ' else '') +\n '-DWITH_LTO=' + (if lto then 'ON ' else 'OFF ') +\n '-DWITH_TESTS=' + (if tests then 'ON ' else 'OFF ') +\n cmake_extra +\n ci_dep_mirror(local_mirror),\n 'VERBOSE=1 make -j' + jobs,\n 'cd ..',\n ]\n + (if tests then ['./contrib/ci/drone-gdb.sh ./build/test/testAll --use-colour yes'] else [])\n + extra_cmds,\n },\n ],\n};\nlocal apk_builder(name, image, extra_cmds=[], allow_fail=false, jobs=6) = {\n kind: 'pipeline',\n type: 'docker',\n name: name,\n platform: { arch: 'amd64' },\n trigger: { branch: { exclude: ['debian/*', 'ubuntu/*'] } },\n steps: [\n submodules,\n {\n name: 'build',\n image: image,\n pull: 'always',\n [if allow_fail then 'failure']: 'ignore',\n environment: { SSH_KEY: { from_secret: 'SSH_KEY' }, ANDROID: 'android' },\n commands: [\n 'VERBOSE=1 JOBS=' + jobs + ' NDK=/usr/lib/android-ndk ./contrib/android.sh',\n 'git clone https://github.com/oxen-io/lokinet-flutter-app lokinet-mobile',\n 'cp -av build-android/out/* lokinet-mobile/lokinet_lib/android/src/main/jniLibs/',\n 'cd lokinet-mobile',\n 'flutter build apk --debug',\n 'cd ..',\n 'cp lokinet-mobile/build/app/outputs/apk/debug/app-debug.apk lokinet.apk',\n ] + extra_cmds,\n },\n ],\n};\n// windows cross compile on debian\nlocal windows_cross_pipeline(name,\n image,\n gui_image=docker_base + 'nodejs-lts',\n arch='amd64',\n build_type='Release',\n lto=false,\n werror=false,\n cmake_extra='',\n local_mirror=true,\n extra_cmds=[],\n jobs=6,\n allow_fail=false) = {\n kind: 'pipeline',\n type: 'docker',\n name: name,\n platform: { arch: arch },\n trigger: { branch: { exclude: ['debian/*', 'ubuntu/*'] } },\n steps: [\n submodules,\n {\n name: 'GUI',\n image: gui_image,\n pull: 'always',\n [if allow_fail then 'failure']: 'ignore',\n commands: [\n 'echo \"Building on ${DRONE_STAGE_MACHINE}\"',\n 'echo \"man-db man-db/auto-update boolean false\" | debconf-set-selections',\n apt_get_quiet + ' update',\n apt_get_quiet + ' install -y eatmydata',\n 'eatmydata ' + apt_get_quiet + ' install --no-install-recommends -y p7zip-full wine',\n 'cd gui',\n 'yarn install --frozen-lockfile',\n 'USE_SYSTEM_7ZA=true DISPLAY= WINEDEBUG=-all yarn win32',\n ],\n },\n {\n name: 'build',\n image: image,\n pull: 'always',\n [if allow_fail then 'failure']: 'ignore',\n environment: { SSH_KEY: { from_secret: 'SSH_KEY' }, WINDOWS_BUILD_NAME: 'x64' },\n commands: [\n 'echo \"Building on ${DRONE_STAGE_MACHINE}\"',\n 'echo \"man-db man-db/auto-update boolean false\" | debconf-set-selections',\n apt_get_quiet + ' update',\n apt_get_quiet + ' install -y eatmydata',\n 'eatmydata ' + apt_get_quiet + ' install --no-install-recommends -y build-essential cmake git pkg-config ccache g++-mingw-w64-x86-64-posix nsis zip icoutils automake libtool librsvg2-bin bison',\n 'JOBS=' + jobs + ' VERBOSE=1 ./contrib/windows.sh -DSTRIP_SYMBOLS=ON -DGUI_EXE=$${DRONE_WORKSPACE}/gui/release/Lokinet-GUI_portable.exe' +\n ci_dep_mirror(local_mirror),\n ] + extra_cmds,\n },\n ],\n};\n\n// linux cross compile on debian\nlocal linux_cross_pipeline(name,\n cross_targets,\n arch='amd64',\n build_type='Release',\n cmake_extra='',\n local_mirror=true,\n extra_cmds=[],\n jobs=6,\n allow_fail=false) = {\n kind: 'pipeline',\n type: 'docker',\n name: name,\n platform: { arch: arch },\n trigger: { branch: { exclude: ['debian/*', 'ubuntu/*'] } },\n steps: [\n submodules,\n {\n name: 'build',\n image: docker_base + 'debian-stable-cross',\n pull: 'always',\n [if allow_fail then 'failure']: 'ignore',\n environment: { SSH_KEY: { from_secret: 'SSH_KEY' }, CROSS_TARGETS: std.join(':', cross_targets) },\n commands: [\n 'echo \"Building on ${DRONE_STAGE_MACHINE}\"',\n 'VERBOSE=1 JOBS=' + jobs + ' ./contrib/cross.sh ' + std.join(' ', cross_targets) +\n ' -- ' + cmake_extra + ci_dep_mirror(local_mirror),\n ],\n },\n ],\n};\n\n// Builds a snapshot .deb on a debian-like system by merging into the debian/* or ubuntu/* branch\nlocal deb_builder(image, distro, distro_branch, arch='amd64', oxen_repo=oxen_repo_default) = {\n kind: 'pipeline',\n type: 'docker',\n name: 'DEB (' + distro + (if arch == 'amd64' then '' else '/' + arch) + ')',\n platform: { arch: arch },\n environment: { distro_branch: distro_branch, distro: distro },\n steps: [\n submodules,\n {\n name: 'build',\n image: image,\n pull: 'always',\n failure: 'ignore',\n environment: { SSH_KEY: { from_secret: 'SSH_KEY' } },\n commands: [\n 'echo \"Building on ${DRONE_STAGE_MACHINE}\"',\n 'echo \"man-db man-db/auto-update boolean false\" | debconf-set-selections',\n ] + (if oxen_repo then [\n 'cp contrib/deb.oxen.io.gpg /etc/apt/trusted.gpg.d',\n 'echo deb http://deb.oxen.io $${distro} main >/etc/apt/sources.list.d/oxen.list',\n ] else []) + [\n apt_get_quiet + ' update',\n apt_get_quiet + ' install -y eatmydata',\n 'eatmydata ' + apt_get_quiet + ' install --no-install-recommends -y git devscripts equivs ccache git-buildpackage python3-dev',\n |||\n # Look for the debian branch in this repo first, try upstream if that fails.\n if ! git checkout $${distro_branch}; then\n git remote add --fetch upstream https://github.com/oxen-io/lokinet.git &&\n git checkout $${distro_branch}\n fi\n |||,\n // Tell the merge how to resolve conflicts in the source .drone.jsonnet (we don't\n // care about it at all since *this* .drone.jsonnet is already loaded).\n 'git config merge.ours.driver true',\n 'echo .drone.jsonnet merge=ours >>.gitattributes',\n\n 'git merge ${DRONE_COMMIT}',\n 'export DEBEMAIL=\"${DRONE_COMMIT_AUTHOR_EMAIL}\" DEBFULLNAME=\"${DRONE_COMMIT_AUTHOR_NAME}\"',\n 'gbp dch -S -s \"HEAD^\" --spawn-editor=never -U low',\n 'eatmydata mk-build-deps --install --remove --tool \"' + apt_get_quiet + ' -o Debug::pkgProblemResolver=yes --no-install-recommends -y\"',\n 'export DEB_BUILD_OPTIONS=\"parallel=$$(nproc)\"',\n //'grep -q lib debian/lokinet-bin.install || echo \"/usr/lib/lib*.so*\" >>debian/lokinet-bin.install',\n 'debuild -e CCACHE_DIR -b',\n './contrib/ci/drone-debs-upload.sh ' + distro,\n ],\n },\n ],\n};\n\nlocal clang(version) = debian_pipeline(\n 'Debian sid/clang-' + version,\n docker_base + 'debian-sid-clang',\n deps=default_deps(add='clang-' + version, remove='g++'),\n cmake_extra='-DCMAKE_C_COMPILER=clang-' + version + ' -DCMAKE_CXX_COMPILER=clang++-' + version + ' '\n);\n\nlocal full_llvm(version) = debian_pipeline(\n 'Debian sid/llvm-' + version,\n docker_base + 'debian-sid-clang',\n deps=default_deps(add=['clang-' + version, ' lld-' + version, ' libc++-' + version + '-dev', 'libc++abi-' + version + '-dev', 'libngtcp2-crypto-gnutls-dev', 'libngtcp2-dev'],\n remove='g++'),\n oxen_repo=[],\n cmake_extra='-DCMAKE_C_COMPILER=clang-' + version +\n ' -DCMAKE_CXX_COMPILER=clang++-' + version +\n ' -DCMAKE_CXX_FLAGS=-stdlib=libc++ ' +\n std.join(' ', [\n '-DCMAKE_' + type + '_LINKER_FLAGS=-fuse-ld=lld-' + version\n for type in ['EXE', 'MODULE', 'SHARED']\n ]) +\n ' -DOXEN_LOGGING_FORCE_SUBMODULES=ON'\n);\n\n// Macos build\nlocal mac_builder(name,\n build_type='Release',\n arch='arm64',\n werror=true,\n cmake_extra='',\n local_mirror=true,\n extra_cmds=[],\n jobs=6,\n codesign='-DCODESIGN=OFF',\n allow_fail=false) = {\n kind: 'pipeline',\n type: 'exec',\n name: name,\n platform: { os: 'darwin', arch: arch },\n steps: [\n { name: 'submodules', commands: submodule_commands },\n {\n name: 'build',\n environment: { SSH_KEY: { from_secret: 'SSH_KEY' } },\n commands: [\n 'echo \"Building on ${DRONE_STAGE_MACHINE}\"',\n // If you don't do this then the C compiler doesn't have an include path containing\n // basic system headers. WTF apple:\n 'export SDKROOT=\"$(xcrun --sdk macosx --show-sdk-path)\"',\n 'ulimit -n 1024', // because macos sets ulimit to 256 for some reason yeah idk\n './contrib/mac-configure.sh ' + ci_dep_mirror(local_mirror) + '-DWARN_DEPRECATED=OFF ' + codesign,\n 'cd build-mac',\n // We can't use the 'package' target here because making a .dmg requires an active logged in\n // macos gui to invoke Finder to invoke the partitioning tool to create a partitioned (!)\n // disk image. Most likely the GUI is required because if you lose sight of how pretty the\n // surface of macOS is you might see how ugly the insides are.\n 'ninja -j' + jobs + ' assemble_gui',\n 'cd ..',\n ] + extra_cmds,\n },\n ],\n};\n\nlocal docs_pipeline(name, image, extra_cmds=[], allow_fail=false) = {\n kind: 'pipeline',\n type: 'docker',\n name: name,\n platform: { arch: 'amd64' },\n trigger: { branch: { exclude: ['debian/*', 'ubuntu/*'] } },\n steps: [\n submodules,\n {\n name: 'build',\n image: image,\n pull: 'always',\n [if allow_fail then 'failure']: 'ignore',\n environment: { SSH_KEY: { from_secret: 'SSH_KEY' } },\n commands: [\n 'cmake -S . -B build-docs',\n 'make -C build-docs doc',\n ] + extra_cmds,\n },\n ],\n};\n\n\n[\n {\n name: 'lint check',\n kind: 'pipeline',\n type: 'docker',\n steps: [{\n name: 'build',\n image: docker_base + 'lint',\n pull: 'always',\n commands: [\n 'echo \"Building on ${DRONE_STAGE_MACHINE}\"',\n apt_get_quiet + ' update',\n apt_get_quiet + ' install -y eatmydata',\n 'eatmydata ' + apt_get_quiet + ' install --no-install-recommends -y git clang-format-16 jsonnet',\n './contrib/ci/drone-format-verify.sh',\n ],\n }],\n },\n // documentation builder\n //docs_pipeline('Documentation',\n // docker_base + 'docbuilder',\n // extra_cmds=['UPLOAD_OS=docs ./contrib/ci/drone-static-upload.sh']),\n\n // Debian sid\n debian_pipeline('Debian sid', docker_base + 'debian-sid'),\n debian_pipeline('Debian sid/debug', docker_base + 'debian-sid', build_type='Debug'),\n debian_pipeline('Debian sid/debug [arm64]', docker_base + 'debian-sid', build_type='Debug', arch='arm64', jobs=4),\n\n clang(17),\n full_llvm(17),\n clang(19),\n full_llvm(19),\n\n // Debian 14\n debian_pipeline('Debian 14', docker_base + 'debian-forky'),\n debian_pipeline('Debian 14 [i386]', docker_base + 'debian-forky/i386'),\n debian_pipeline('Debian 14 [arm64]', docker_base + 'debian-forky', arch='arm64', jobs=4),\n debian_pipeline('Debian 14 [armhf]', docker_base + 'debian-forky/arm32v7', arch='arm64', jobs=4),\n\n // Debian 13\n debian_pipeline('Debian 13', docker_base + 'debian-trixie'),\n debian_pipeline('Debian 13 [arm64]', docker_base + 'debian-trixie', arch='arm64', jobs=4),\n\n // Debian 12\n debian_pipeline('Debian 12', docker_base + 'debian-bookworm'),\n debian_pipeline('Debian 12 static/debug',\n docker_base + 'debian-bookworm',\n build_type='Debug',\n deps=static_deps,\n oxen_repo=[],\n cmake_extra='-DBUILD_STATIC_DEPS=ON -DBUILD_SHARED_LIBS=OFF -DSTATIC_LINK=ON'),\n\n // Static debian 12 armhf (upload to builds.lokinet.dev)\n debian_pipeline('Debian 12 static [armhf]',\n docker_base + 'debian-bookworm/arm32v7',\n arch='arm64',\n deps=static_deps,\n oxen_repo=[],\n cmake_extra='-DBUILD_STATIC_DEPS=ON -DBUILD_SHARED_LIBS=OFF -DSTATIC_LINK=ON ' +\n '-DCMAKE_CXX_FLAGS=\"-march=armv7-a+fp -Wno-psabi\" -DCMAKE_C_FLAGS=\"-march=armv7-a+fp\" ' +\n '-DNATIVE_BUILD=OFF -DWITH_SYSTEMD=OFF -DWITH_BOOTSTRAP=OFF',\n extra_cmds=[\n './contrib/ci/drone-check-static-libs.sh',\n 'UPLOAD_OS=linux-armhf ./contrib/ci/drone-static-upload.sh',\n ],\n jobs=4),\n\n // Ubuntu\n debian_pipeline('Ubuntu latest', docker_base + 'ubuntu-rolling'),\n debian_pipeline('Ubuntu 24.04', docker_base + 'ubuntu-noble'),\n debian_pipeline('Ubuntu 22.04', docker_base + 'ubuntu-jammy'),\n\n // Static ubuntu jammy amd64 build (upload to builds.lokinet.dev)\n debian_pipeline('Ubuntu 22.04 static',\n docker_base + 'ubuntu-jammy',\n deps=static_deps,\n lto=true,\n tests=false,\n oxen_repo=[],\n cmake_extra='-DBUILD_STATIC_DEPS=ON -DBUILD_SHARED_LIBS=OFF -DSTATIC_LINK=ON ' +\n '-DCMAKE_CXX_FLAGS=\"-march=x86-64 -mtune=haswell\" ' +\n '-DCMAKE_C_FLAGS=\"-march=x86-64 -mtune=haswell\" ' +\n '-DNATIVE_BUILD=OFF -DWITH_SYSTEMD=OFF -DWITH_BOOTSTRAP=OFF -DBUILD_LIBLOKINET=OFF',\n extra_cmds=[\n './contrib/ci/drone-check-static-libs.sh',\n './contrib/ci/drone-static-upload.sh',\n ]),\n\n\n // cross compile targets\n // Aug 11: these are exhibiting some dumb failures in libsodium and external deps, TOFIX later\n //linux_cross_pipeline('Cross Compile (arm/arm64)', cross_targets=['arm-linux-gnueabihf', 'aarch64-linux-gnu']),\n //linux_cross_pipeline('Cross Compile (ppc64le)', cross_targets=['powerpc64le-linux-gnu']),\n\n // Not currently building successfully:\n //linux_cross_pipeline('Cross Compile (mips)', cross_targets=['mips-linux-gnu', 'mipsel-linux-gnu']),\n\n // android apk builder\n // Aug 11: this is also failing in openssl, TOFIX later\n //apk_builder('android apk', docker_base + 'flutter', extra_cmds=['UPLOAD_OS=android ./contrib/ci/drone-static-upload.sh']),\n\n // Windows builds (x64)\n /*\n windows_cross_pipeline('Windows (x64)',\n docker_base + 'debian-win32-cross',\n extra_cmds=[\n './contrib/ci/drone-static-upload.sh',\n ]),\n */\n\n /*\n // integration tests\n debian_pipeline('Router Hive',\n docker_base + 'ubuntu-lts',\n deps=default_deps(add=['python3-dev', 'python3-pytest', 'python3-pybind11']),\n cmake_extra='-DWITH_HIVE=ON'),\n\n // Deb builds:\n deb_builder(docker_base + 'debian-sid-builder', 'sid', 'debian/sid'),\n deb_builder(docker_base + 'debian-bullseye-builder', 'bullseye', 'debian/bullseye'),\n deb_builder(docker_base + 'ubuntu-jammy-builder', 'jammy', 'ubuntu/jammy'),\n deb_builder(docker_base + 'debian-sid-builder', 'sid', 'debian/sid', arch='arm64'),\n */\n\n // Macos builds:\n /*\n mac_builder('macOS (Release, arm64)', extra_cmds=[\n './contrib/ci/drone-check-static-libs.sh',\n './contrib/ci/drone-static-upload.sh',\n ]),\n mac_builder('macOS (Debug, arm64)', build_type='Debug'),\n */\n]\n" }, { "path": ".gitattributes", "content": "external/date/test export-ignore\nexternal/nlohmann/doc export-ignore\nexternal/nlohmann/test export-ignore\nexternal/nlohmann/benchmarks/data export-ignore\n*.signed binary\n" }, { "path": ".github/CONTRIBUTING.md", "content": "\n* RUN `make format && make lint -j8` BEFORE COMMITING ALWAYS.\n\n* no tabs\n" }, { "path": ".github/ISSUE_TEMPLATE/bug_report.md", "content": "---\nname: Bug report\nabout: Create a report to help us improve\ntitle: ''\nlabels: bug\nassignees: ''\n\n---\n\n**Describe the bug**\nA clear and concise description of what the bug is.\n\n**To Reproduce**\nSteps to reproduce the behavior:\n\n**Screenshots Or Logs**\nIf applicable, add screenshots or log files to help explain your problem.\n\n**Device and Operating system (please complete the following information):**\n - OS: [e.g. iOS, Windows, Android]\n- Device: [ e.g. Mac, PC, IPhone]\n - Lokinet Version number or Git commit hash:\n" }, { "path": ".github/workflows/clean_issues.yml", "content": "name: Close incomplete issues\non:\n schedule:\n - cron: \"30 1 * * *\"\n\njobs:\n close-issues:\n runs-on: ubuntu-latest\n permissions:\n issues: write\n steps:\n - uses: actions/stale@v4.1.1\n with:\n only-labels: incomplete\n days-before-issue-stale: 14\n days-before-issue-close: 7\n stale-issue-label: \"stale\"\n stale-issue-message: \"This issue is stale because it has been 'incomplete' for 14 days with no activity.\"\n close-issue-message: \"This issue was closed because it has been inactive for 7 days since being marked as stale.\"\n days-before-pr-stale: -1\n days-before-pr-close: -1\n repo-token: ${{ secrets.GITHUB_TOKEN }}\n" }, { "path": ".gitignore", "content": "*~\n*\\#*\n\n*.a\n*.o\n*.so\n\n/build*/\n**/__pycache__/**\n\nllarpd\n*.test\n*.bin\n\n*.ninja\ncmake_install.cmake\nCMakeFiles\nCMakeCache.txt\n.ninja_log\n.ninja_deps\n/.cache/\n/compile_commands.json\n\ncallgrind.*\n.gdb_history\n\n*.sig\n*.signed\n!/contrib/bootstrap/mainnet.signed\n!/contrib/bootstrap/testnet.signed\n*.key\n\nshadow.data\nshadow.config.xml\n*.log\n*.pdf\n*.xz\n\ntestnet_tmp\n\n\n*.pid\nvsproject/\n.vs\n\n*.ini\n\n\n.gradle/\n.idea\n.vscode\nbuild64/\nbuild2/\n/contrib/lokinet-bootstrap-winnt/cacert.pem\n/contrib/lokinet-bootstrap-winnt/data.enc\n/contrib/lokinet-bootstrap-winnt/out.bine\ndefault.profraw\n\n# ctags shit\nGTAGS\nGRTAGS\nGPATH\nversion.txt\n\nlokinet-bootstrap.exe\nregdbhelper.dll\n# xcode\nxcuserdata/\n\nscc.py\n" }, { "path": ".gitmodules", "content": "[submodule \"external/nlohmann\"]\n\tpath = external/nlohmann\n\turl = https://github.com/nlohmann/json.git\n[submodule \"test/Catch2\"]\n\tpath = test/Catch2\n\turl = https://github.com/catchorg/Catch2\n[submodule \"external/pybind11\"]\n\tpath = external/pybind11\n\turl = https://github.com/pybind/pybind11\n\tbranch = stable\n[submodule \"external/sqlite_orm\"]\n\tpath = external/sqlite_orm\n\turl = https://github.com/fnc12/sqlite_orm\n[submodule \"external/oxen-mq\"]\n\tpath = external/oxen-mq\n\turl = https://github.com/oxen-io/oxen-mq\n[submodule \"gui\"]\n\tpath = gui\n\turl = https://github.com/oxen-io/lokinet-gui.git\n[submodule \"external/CLI11\"]\n\tpath = external/CLI11\n\turl = https://github.com/CLIUtils/CLI11.git\n[submodule \"external/oxen-libquic\"]\n\tpath = external/oxen-libquic\n\turl = https://github.com/oxen-io/oxen-libquic.git\n" }, { "path": ".swift-version", "content": "5.4.2\n" }, { "path": "CMakeLists.txt", "content": "cmake_minimum_required(VERSION 3.13...3.24) # 3.13 is buster's version\n\n# Cmake 3.24+ breaks extraction timestamps by default, hurray, but the option to not break\n# timestamps fails in cmake <3.24, extra hurray!\nif(CMAKE_VERSION VERSION_GREATER_EQUAL 3.24)\n cmake_policy(SET CMP0135 OLD)\nendif()\n\nset(CMAKE_EXPORT_COMPILE_COMMANDS ON)\n\n# Has to be set before `project()`, and ignored on non-macos:\nset(CMAKE_OSX_DEPLOYMENT_TARGET 10.15 CACHE STRING \"macOS deployment target (Apple clang only)\")\n\nset(lokinet_full_def ON)\nif(IOS)\n set(lokinet_full_def OFF)\nendif()\n\n# These two are not exclusive: daemon requires full platform, but the main lokinet library itself\n# can support both.\noption(LOKINET_FULL \"build with full client/relay support. Disabling this will only allow embedded lokinet usage\" ${lokinet_full_def})\noption(LOKINET_DAEMON \"build lokinet daemon and associated utils (requires LOKINET_FULL)\" ${LOKINET_FULL})\n\nif(LOKINET_DAEMON AND NOT LOKINET_FULL)\n message(FATAL_ERROR \"Cannot use LOKINET_DAEMON without LOKINET_FULL platform support!\")\nendif()\n\noption(LOKINET_GRAPH_DEPENDENCIES \"Produce graphviz representation of cmake dependencies\" OFF)\n\noption(LOKINET_VERSION_SO \"Add the project version to the shared library filename, e.g. liblokinet1.2.3.so instead of liblokinet.so\" OFF)\n\nset(LANGS C CXX)\nif(APPLE AND LOKINET_DAEMON)\n set(LANGS ${LANGS} OBJC Swift)\nendif()\n\nfind_program(CCACHE_PROGRAM ccache)\nif(CCACHE_PROGRAM)\n foreach(lang ${LANGS})\n if(NOT DEFINED CMAKE_${lang}_COMPILER_LAUNCHER AND NOT CMAKE_${lang}_COMPILER MATCHES \".*/ccache\")\n message(STATUS \"Enabling ccache for ${lang}\")\n set(CMAKE_${lang}_COMPILER_LAUNCHER ${CCACHE_PROGRAM} CACHE STRING \"\")\n endif()\n endforeach()\nendif()\n\n\nproject(lokinet\n VERSION 0.10.0\n DESCRIPTION \"lokinet - IP packet onion router\"\n LANGUAGES ${LANGS})\n\nif(APPLE)\n # Apple build number: must be incremented to submit a new build for the same lokinet version,\n # should be reset to 0 when the lokinet version increments.\n set(LOKINET_APPLE_BUILD 5)\nendif()\n\nlist(APPEND CMAKE_MODULE_PATH \"${CMAKE_CURRENT_LIST_DIR}/cmake\")\n\n# Core options\noption(LOKINET_AVX2 \"enable avx2 code\" OFF)\noption(LOKINET_NATIVE_BUILD \"optimise for host system and FPU\" ON)\noption(LOKINET_XSAN \"use sanitiser, if your system has it (requires -DCMAKE_BUILD_TYPE=Debug)\" OFF)\noption(LOKINET_JEMALLOC \"Link to jemalloc for memory allocations, if found (requires non-static build)\" ON)\noption(LOKINET_COVERAGE \"generate coverage data\" OFF)\noption(LOKINET_WARNINGS_AS_ERRORS \"treat all warnings as errors. turn off for development, on for release\" OFF)\noption(LOKINET_TESTS \"build unit tests\" OFF)\noption(LOKINET_HIVE \"build simulation stubs\" OFF)\noption(LOKINET_PACKAGE \"builds extra components for making an installer (with 'make package')\" OFF)\noption(LOKINET_PEERSTATS \"build with experimental peerstats db support\" OFF)\noption(LOKINET_STRIP \"strip off all debug symbols into an external archive for all executables built\" OFF)\noption(LOKINET_DEBUG_PATH_SEED \"enable support for the debug-mode [paths]:debug-path-seed option for reproducible, non-random paths\" OFF)\n\nset(LOKINET_BOOTSTRAP_FALLBACK_MAINNET \"${PROJECT_SOURCE_DIR}/contrib/bootstrap/mainnet.signed\" CACHE PATH \"Fallback bootstrap path (mainnet)\")\nset(LOKINET_BOOTSTRAP_FALLBACK_TESTNET \"${PROJECT_SOURCE_DIR}/contrib/bootstrap/testnet.signed\" CACHE PATH \"Fallback bootstrap path (testnet)\")\n\ninclude(cmake/enable_lto.cmake)\n\noption(CROSS_PLATFORM \"cross compiler platform\" \"Linux\")\noption(CROSS_PREFIX \"toolchain cross compiler prefix\" \"\")\n\noption(BUILD_SHARED_LIBS \"Build shared library\" OFF)\noption(BUILD_STATIC_DEPS \"Download, build, and statically link against core dependencies\" OFF)\noption(STATIC_LINK \"link statically against dependencies\" ${BUILD_STATIC_DEPS})\nif(BUILD_STATIC_DEPS AND NOT STATIC_LINK)\n message(FATAL_ERROR \"Option BUILD_STATIC_DEPS requires STATIC_LINK to be enabled as well\")\nendif()\n\nif(BUILD_STATIC_DEPS AND BUILD_SHARED_LIBS)\n message(FATAL_ERROR \"Incompatible options: BUILD_STATIC_DEPS cannot be used with BUILD_SHARED_LIBS\")\nendif()\n\nif(BUILD_STATIC_DEPS)\n set(CMAKE_FIND_PACKAGE_PREFER_CONFIG TRUE)\n include(cmake/StaticBuild.cmake)\nendif()\n\nif(NOT CMAKE_BUILD_TYPE)\n set(CMAKE_BUILD_TYPE RelWithDebInfo)\nendif()\n\n# set(debug OFF)\n# if(CMAKE_BUILD_TYPE MATCHES \"[Dd][Ee][Bb][Uu][Gg]\")\n# set(debug ON)\n# add_definitions(-DLOKINET_DEBUG)\n# endif()\n\noption(LOKINET_WARN_DEPRECATED \"show deprecation warnings\" OFF)\n\ninclude(CheckCXXSourceCompiles)\ninclude(CheckLibraryExists)\n\nset(CMAKE_CXX_STANDARD 20)\nset(CMAKE_CXX_STANDARD_REQUIRED ON)\nset(CMAKE_CXX_EXTENSIONS OFF)\nset(CMAKE_C_STANDARD 11)\nset(CMAKE_C_STANDARD_REQUIRED ON)\n\ninclude(cmake/target_link_libraries_system.cmake)\ninclude(cmake/add_import_library.cmake)\ninclude(cmake/libatomic.cmake)\n\nif (STATIC_LINK)\n set(CMAKE_FIND_LIBRARY_SUFFIXES ${CMAKE_STATIC_LIBRARY_SUFFIX})\n message(STATUS \"setting static library suffix search\")\nendif()\n\ninclude(cmake/gui-option.cmake)\n\ninclude(cmake/solaris.cmake)\ninclude(cmake/win32.cmake)\ninclude(cmake/macos.cmake)\n\n# No in-source building\ninclude(MacroEnsureOutOfSourceBuild)\nmacro_ensure_out_of_source_build(\"${PROJECT_NAME} requires an out-of-source build. Create a build directory and run 'cmake ${CMAKE_SOURCE_DIR} [options]'.\")\n\n# Always build PIC\nset(CMAKE_POSITION_INDEPENDENT_CODE ON)\n\ninclude(cmake/unix.cmake)\n\nif(NOT WIN32)\n if(IOS OR ANDROID)\n set(NON_PC_TARGET ON)\n else()\n include(TargetArch)\n target_architecture(COMPILE_ARCH)\n if(COMPILE_ARCH MATCHES i386 OR COMPILE_ARCH MATCHES x86_64)\n set(NON_PC_TARGET OFF)\n else()\n set(NON_PC_TARGET ON)\n endif()\n endif()\nendif()\n\nfind_package(PkgConfig REQUIRED)\n\nif(NOT TARGET sodium)\n # Allow -DLOKINET_DOWNLOAD_SODIUM=FORCE to download without even checking for a local libsodium\n option(LOKINET_DOWNLOAD_SODIUM \"Allow libsodium to be downloaded and built locally if not found on the system\" OFF)\n if(NOT LOKINET_DOWNLOAD_SODIUM STREQUAL \"FORCE\" AND NOT BUILD_STATIC_DEPS)\n pkg_check_modules(SODIUM libsodium>=1.0.18 IMPORTED_TARGET)\n endif()\n\n add_library(sodium INTERFACE)\n if(SODIUM_FOUND AND NOT LOKINET_DOWNLOAD_SODIUM STREQUAL \"FORCE\" AND NOT BUILD_STATIC_DEPS)\n target_link_libraries(sodium INTERFACE PkgConfig::SODIUM)\n else()\n if(NOT LOKINET_DOWNLOAD_SODIUM AND NOT BUILD_STATIC_DEPS)\n message(FATAL_ERROR \"Could not find libsodium >= 1.0.18; either install it on your system or use -DLOKINET_DOWNLOAD_SODIUM=ON to download and build an internal copy\")\n endif()\n message(STATUS \"Sodium >= 1.0.18 not found, but LOKINET_DOWNLOAD_SODIUM specified, so downloading it\")\n include(DownloadLibSodium)\n target_link_libraries(sodium INTERFACE sodium_vendor)\n endif()\n\n # Need this target export so that loki-mq properly picks up sodium\n export(TARGETS sodium NAMESPACE sodium:: FILE sodium-exports.cmake)\nendif()\n\nset(warning_flags -Wall -Wextra -Wno-unknown-pragmas -Wno-unused-function -Werror=vla)\n\nif(CMAKE_CXX_COMPILER_ID MATCHES \"Clang\")\n list(APPEND warning_flags -Wno-unknown-warning-option)\nendif()\n\nif(LOKINET_WARNINGS_AS_ERRORS)\n list(APPEND warning_flags -Werror -Wno-error=array-bounds)\nendif()\n\n# GCC 12's stringop-overflow warnings are really broken, with tons and tons of false positives all\n# over the place (not just in our code, but also in its own stdlibc++ code). It's better in 13\n# w.r.t. stdlibc++, but our code still throws tons of warnings, so disable it for now.\nif (CMAKE_CXX_COMPILER_ID STREQUAL \"GNU\" AND CMAKE_CXX_COMPILER_VERSION VERSION_LESS 13)\n list(APPEND warning_flags -Wno-stringop-overflow)\nendif()\nlist(APPEND warning_flags -Wno-deprecated-declarations)\n\nadd_library(lokinet-base-internal_warnings INTERFACE)\n\n# If we blindly add these directly as compile_options then they get passed to swiftc on Apple and\n# break, so we use a generate expression to set them only for C++/C/ObjC\ntarget_compile_options(lokinet-base-internal_warnings INTERFACE \"$<$,$,$>:${warning_flags}>\")\n\nif(LOKINET_XSAN)\n string(APPEND CMAKE_CXX_FLAGS_DEBUG \" -fsanitize=${LOKINET_XSAN} -fno-omit-frame-pointer -fno-sanitize-recover\")\n foreach(type EXE MODULE SHARED STATIC)\n string(APPEND CMAKE_${type}_LINKER_FLAGS_DEBUG \" -fsanitize=${LOKINET_XSAN} -fno-omit-frame-pointer -fno-sanitize-recover\")\n endforeach()\n message(STATUS \"Doing a ${LOKINET_XSAN} sanitizer build\")\nendif()\n\ninclude(cmake/coverage.cmake)\n\n# these vars are set by the cmake toolchain spec\nif (WOW64_CROSS_COMPILE OR WIN64_CROSS_COMPILE)\n include(cmake/cross_compile.cmake)\nendif()\n\nif(NOT APPLE)\n if(LOKINET_NATIVE_BUILD)\n if(CMAKE_SYSTEM_PROCESSOR STREQUAL ppc64le)\n add_compile_options(-mcpu=native -mtune=native)\n else()\n add_compile_options(-march=native -mtune=native)\n endif()\n elseif(NOT NON_PC_TARGET)\n if (LOKINET_AVX2)\n add_compile_options(-march=haswell -mtune=haswell -mfpmath=sse)\n else()\n # Public binary releases\n add_compile_options(-march=nocona -mtune=haswell -mfpmath=sse)\n endif()\n endif()\nendif()\n\n# now have libevent2.21 w/ pthreads\nset(CMAKE_THREAD_PREFER_PTHREAD TRUE)\nset(THREADS_PREFER_PTHREAD_FLAG TRUE)\nfind_package(Threads REQUIRED)\n\nunset(GIT_VERSION)\nunset(GIT_VERSION_REAL)\n\nif(NOT GIT_VERSION)\n exec_program(\"git\" ${CMAKE_CURRENT_SOURCE_DIR} ARGS \"rev-parse --short HEAD\" OUTPUT_VARIABLE GIT_VERSION_UNSTRIP)\n string(STRIP \"${GIT_VERSION_UNSTRIP}\" GIT_VERSION)\nendif()\n\nstring(REGEX REPLACE \"^fatal.*$\" nogit GIT_VERSION_REAL \"${GIT_VERSION}\")\n\nfind_package(PkgConfig REQUIRED)\n\nif (NOT BUILD_STATIC_DEPS)\n pkg_check_modules(UNBOUND libunbound REQUIRED IMPORTED_TARGET)\n add_library(libunbound INTERFACE)\n target_link_libraries(libunbound INTERFACE PkgConfig::UNBOUND)\n\n pkg_check_modules(SD libsystemd IMPORTED_TARGET)\n # Default WITH_SYSTEMD to true if we found it\n option(WITH_SYSTEMD \"enable systemd integration for sd_notify\" ${SD_FOUND})\nendif()\n\nadd_subdirectory(external)\n\n# interface library for setting common includes, linkage and flags\nadd_library(lokinet-base INTERFACE)\ntarget_include_directories(lokinet-base INTERFACE . include)\ntarget_link_libraries(lokinet-base INTERFACE oxen::quic fmt::fmt nlohmann_json::nlohmann_json)\n\ntarget_compile_features(lokinet-base INTERFACE cxx_std_20)\n\nadd_library(lokinet-base-internal INTERFACE)\ntarget_include_directories(lokinet-base-internal INTERFACE include/lokinet)\nif(NOT LOKINET_FULL)\n target_compile_definitions(lokinet-base-internal INTERFACE LOKINET_EMBEDDED_ONLY)\nendif()\n\ntarget_link_libraries(lokinet-base-internal INTERFACE lokinet-base-internal_warnings)\n\nif (TARGET lokinet_static_deps)\n target_link_libraries(lokinet-base-internal INTERFACE lokinet_static_deps)\nendif()\n\nif(WITH_SYSTEMD AND (NOT ANDROID))\n if(NOT SD_FOUND)\n message(FATAL_ERROR \"libsystemd not found\")\n endif()\n target_link_libraries(lokinet-base INTERFACE PkgConfig::SD)\n target_compile_definitions(lokinet-base INTERFACE WITH_SYSTEMD)\nendif()\n\nif(LOKINET_JEMALLOC AND NOT STATIC_LINK)\n pkg_check_modules(JEMALLOC jemalloc IMPORTED_TARGET)\n if(JEMALLOC_FOUND)\n target_link_libraries(lokinet-base INTERFACE PkgConfig::JEMALLOC)\n else()\n message(STATUS \"jemalloc not found, not linking to jemalloc\")\n endif()\nelse()\n message(STATUS \"jemalloc support disabled\")\nendif()\n\n\nif(ANDROID)\n target_link_libraries(lokinet-base INTERFACE log)\n target_compile_definitions(lokinet-base INTERFACE ANDROID)\n set(ANDROID_PLATFORM_SRC android/ifaddrs.c)\nendif()\n\nif(LOKINET_HIVE)\n add_definitions(-DLOKINET_HIVE)\nendif()\n\nadd_subdirectory(llarp)\n\nif(LOKINET_DAEMON)\n add_subdirectory(daemon)\nendif()\n\nif(LOKINET_HIVE)\n add_subdirectory(pybind)\nendif()\nif(LOKINET_TESTS OR LOKINET_HIVE)\n add_subdirectory(test)\nendif()\nif(ANDROID)\n add_subdirectory(jni)\nendif()\n\nadd_subdirectory(docs)\n\ninclude(cmake/gui.cmake)\n\nif(APPLE AND LOKINET_FULL)\n macos_target_setup()\nendif()\n\nadd_executable(liblokinet_jank_test EXCLUDE_FROM_ALL contrib/liblokinet_jank_test.cpp)\ntarget_link_libraries(liblokinet_jank_test PRIVATE liblokinet)\n\n# uninstall target\nif(NOT TARGET uninstall)\n configure_file(\n \"${CMAKE_CURRENT_SOURCE_DIR}/cmake/cmake_uninstall.cmake.in\"\n \"${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake\"\n IMMEDIATE @ONLY)\n\n add_custom_target(uninstall\n COMMAND ${CMAKE_COMMAND} -P ${CMAKE_CURRENT_BINARY_DIR}/cmake_uninstall.cmake)\nendif()\n\nif(LOKINET_PACKAGE AND NOT APPLE)\n include(cmake/installer.cmake)\nendif()\n\nif(TARGET package)\n add_dependencies(package assemble_gui)\nendif()\n" }, { "path": "CONTRIBUTING.md", "content": "[EspaƱol](CONTRIBUTING_es.md)\n# Do\n\n* Act like a responsible adult.\n\n* RUN `./contrib/format.sh` BEFORE COMMITING ALWAYS.\n\n# Do NOT\n\n* Bring off topic or non technical issues to the issue tracker.\n\n* Pester contributors.\n\n# We WILL\n\n* Merge Spelling mistake corrections (I have lots of those because spelling is HARD)\n\n* Merge code based on its correctness, Including patches via email from (pseudo/fully) anonymous contributors.\n\n# We WILL NOT\n\n* Accept patches with tabs\n\n* Merge large and pointless or pedantic changes, (i.e. code formatting shift)\n\n## additional notes\n\ngithub's ui doesn't seem accept this file as a real code of conduct.\n" }, { "path": "CONTRIBUTING_es.md", "content": "[Ingles](CONTRIBUTING.md)\n# Lo que debe\n\n* Actuar como un adulto responsable.\n\n* CORRER `make format` SIEMPRE ANTES DEL COMMIT.\n\n# Lo que NO debe\n\n* Plantear asuntos fuera de lugar o que no son tecnicos en el registro de problemas.\n\n* Ser un contribuyente molestoso.\n\n# Lo que nosotros HAREMOS\n\n* Integrar correcciones de Ortografia (Yo tengo un monton porque la ortografia es COMPLICADA)\n\n* Integrar codigo en base a que tan correcto es, Incluyendo parches recibidos por correo electronico de contribuyentes (pseudo/completamente) anonimos.\n\n# Lo que nosotros NO HAREMOS\n\n* Aceptar parches con tabulaciones\n\n* Integrar cambios grandes sin sentido o pedantes, (por ejemplo codigo con cambios de formato)\n\n## notas adicionales\n\ngithub no parece aceptar este archivo como un codigo de conducta real.\n" }, { "path": "LICENSE", "content": " GNU GENERAL PUBLIC LICENSE\n Version 3, 29 June 2007\n\n Copyright (C) 2007 Free Software Foundation, Inc. \n Everyone is permitted to copy and distribute verbatim copies\n of this license document, but changing it is not allowed.\n\n Preamble\n\n The GNU General Public License is a free, copyleft license for\nsoftware and other kinds of works.\n\n The licenses for most software and other practical works are designed\nto take away your freedom to share and change the works. By contrast,\nthe GNU General Public License is intended to guarantee your freedom to\nshare and change all versions of a program--to make sure it remains free\nsoftware for all its users. We, the Free Software Foundation, use the\nGNU General Public License for most of our software; it applies also to\nany other work released this way by its authors. You can apply it to\nyour programs, too.\n\n When we speak of free software, we are referring to freedom, not\nprice. Our General Public Licenses are designed to make sure that you\nhave the freedom to distribute copies of free software (and charge for\nthem if you wish), that you receive source code or can get it if you\nwant it, that you can change the software or use pieces of it in new\nfree programs, and that you know you can do these things.\n\n To protect your rights, we need to prevent others from denying you\nthese rights or asking you to surrender the rights. Therefore, you have\ncertain responsibilities if you distribute copies of the software, or if\nyou modify it: responsibilities to respect the freedom of others.\n\n For example, if you distribute copies of such a program, whether\ngratis or for a fee, you must pass on to the recipients the same\nfreedoms that you received. You must make sure that they, too, receive\nor can get the source code. And you must show them these terms so they\nknow their rights.\n\n Developers that use the GNU GPL protect your rights with two steps:\n(1) assert copyright on the software, and (2) offer you this License\ngiving you legal permission to copy, distribute and/or modify it.\n\n For the developers' and authors' protection, the GPL clearly explains\nthat there is no warranty for this free software. For both users' and\nauthors' sake, the GPL requires that modified versions be marked as\nchanged, so that their problems will not be attributed erroneously to\nauthors of previous versions.\n\n Some devices are designed to deny users access to install or run\nmodified versions of the software inside them, although the manufacturer\ncan do so. This is fundamentally incompatible with the aim of\nprotecting users' freedom to change the software. The systematic\npattern of such abuse occurs in the area of products for individuals to\nuse, which is precisely where it is most unacceptable. Therefore, we\nhave designed this version of the GPL to prohibit the practice for those\nproducts. If such problems arise substantially in other domains, we\nstand ready to extend this provision to those domains in future versions\nof the GPL, as needed to protect the freedom of users.\n\n Finally, every program is threatened constantly by software patents.\nStates should not allow patents to restrict development and use of\nsoftware on general-purpose computers, but in those that do, we wish to\navoid the special danger that patents applied to a free program could\nmake it effectively proprietary. To prevent this, the GPL assures that\npatents cannot be used to render the program non-free.\n\n The precise terms and conditions for copying, distribution and\nmodification follow.\n\n TERMS AND CONDITIONS\n\n 0. Definitions.\n\n \"This License\" refers to version 3 of the GNU General Public License.\n\n \"Copyright\" also means copyright-like laws that apply to other kinds of\nworks, such as semiconductor masks.\n\n \"The Program\" refers to any copyrightable work licensed under this\nLicense. Each licensee is addressed as \"you\". \"Licensees\" and\n\"recipients\" may be individuals or organizations.\n\n To \"modify\" a work means to copy from or adapt all or part of the work\nin a fashion requiring copyright permission, other than the making of an\nexact copy. The resulting work is called a \"modified version\" of the\nearlier work or a work \"based on\" the earlier work.\n\n A \"covered work\" means either the unmodified Program or a work based\non the Program.\n\n To \"propagate\" a work means to do anything with it that, without\npermission, would make you directly or secondarily liable for\ninfringement under applicable copyright law, except executing it on a\ncomputer or modifying a private copy. Propagation includes copying,\ndistribution (with or without modification), making available to the\npublic, and in some countries other activities as well.\n\n To \"convey\" a work means any kind of propagation that enables other\nparties to make or receive copies. Mere interaction with a user through\na computer network, with no transfer of a copy, is not conveying.\n\n An interactive user interface displays \"Appropriate Legal Notices\"\nto the extent that it includes a convenient and prominently visible\nfeature that (1) displays an appropriate copyright notice, and (2)\ntells the user that there is no warranty for the work (except to the\nextent that warranties are provided), that licensees may convey the\nwork under this License, and how to view a copy of this License. If\nthe interface presents a list of user commands or options, such as a\nmenu, a prominent item in the list meets this criterion.\n\n 1. Source Code.\n\n The \"source code\" for a work means the preferred form of the work\nfor making modifications to it. \"Object code\" means any non-source\nform of a work.\n\n A \"Standard Interface\" means an interface that either is an official\nstandard defined by a recognized standards body, or, in the case of\ninterfaces specified for a particular programming language, one that\nis widely used among developers working in that language.\n\n The \"System Libraries\" of an executable work include anything, other\nthan the work as a whole, that (a) is included in the normal form of\npackaging a Major Component, but which is not part of that Major\nComponent, and (b) serves only to enable use of the work with that\nMajor Component, or to implement a Standard Interface for which an\nimplementation is available to the public in source code form. A\n\"Major Component\", in this context, means a major essential component\n(kernel, window system, and so on) of the specific operating system\n(if any) on which the executable work runs, or a compiler used to\nproduce the work, or an object code interpreter used to run it.\n\n The \"Corresponding Source\" for a work in object code form means all\nthe source code needed to generate, install, and (for an executable\nwork) run the object code and to modify the work, including scripts to\ncontrol those activities. However, it does not include the work's\nSystem Libraries, or general-purpose tools or generally available free\nprograms which are used unmodified in performing those activities but\nwhich are not part of the work. For example, Corresponding Source\nincludes interface definition files associated with source files for\nthe work, and the source code for shared libraries and dynamically\nlinked subprograms that the work is specifically designed to require,\nsuch as by intimate data communication or control flow between those\nsubprograms and other parts of the work.\n\n The Corresponding Source need not include anything that users\ncan regenerate automatically from other parts of the Corresponding\nSource.\n\n The Corresponding Source for a work in source code form is that\nsame work.\n\n 2. Basic Permissions.\n\n All rights granted under this License are granted for the term of\ncopyright on the Program, and are irrevocable provided the stated\nconditions are met. This License explicitly affirms your unlimited\npermission to run the unmodified Program. The output from running a\ncovered work is covered by this License only if the output, given its\ncontent, constitutes a covered work. This License acknowledges your\nrights of fair use or other equivalent, as provided by copyright law.\n\n You may make, run and propagate covered works that you do not\nconvey, without conditions so long as your license otherwise remains\nin force. You may convey covered works to others for the sole purpose\nof having them make modifications exclusively for you, or provide you\nwith facilities for running those works, provided that you comply with\nthe terms of this License in conveying all material for which you do\nnot control copyright. Those thus making or running the covered works\nfor you must do so exclusively on your behalf, under your direction\nand control, on terms that prohibit them from making any copies of\nyour copyrighted material outside their relationship with you.\n\n Conveying under any other circumstances is permitted solely under\nthe conditions stated below. Sublicensing is not allowed; section 10\nmakes it unnecessary.\n\n 3. Protecting Users' Legal Rights From Anti-Circumvention Law.\n\n No covered work shall be deemed part of an effective technological\nmeasure under any applicable law fulfilling obligations under article\n11 of the WIPO copyright treaty adopted on 20 December 1996, or\nsimilar laws prohibiting or restricting circumvention of such\nmeasures.\n\n When you convey a covered work, you waive any legal power to forbid\ncircumvention of technological measures to the extent such circumvention\nis effected by exercising rights under this License with respect to\nthe covered work, and you disclaim any intention to limit operation or\nmodification of the work as a means of enforcing, against the work's\nusers, your or third parties' legal rights to forbid circumvention of\ntechnological measures.\n\n 4. Conveying Verbatim Copies.\n\n You may convey verbatim copies of the Program's source code as you\nreceive it, in any medium, provided that you conspicuously and\nappropriately publish on each copy an appropriate copyright notice;\nkeep intact all notices stating that this License and any\nnon-permissive terms added in accord with section 7 apply to the code;\nkeep intact all notices of the absence of any warranty; and give all\nrecipients a copy of this License along with the Program.\n\n You may charge any price or no price for each copy that you convey,\nand you may offer support or warranty protection for a fee.\n\n 5. Conveying Modified Source Versions.\n\n You may convey a work based on the Program, or the modifications to\nproduce it from the Program, in the form of source code under the\nterms of section 4, provided that you also meet all of these conditions:\n\n a) The work must carry prominent notices stating that you modified\n it, and giving a relevant date.\n\n b) The work must carry prominent notices stating that it is\n released under this License and any conditions added under section\n 7. This requirement modifies the requirement in section 4 to\n \"keep intact all notices\".\n\n c) You must license the entire work, as a whole, under this\n License to anyone who comes into possession of a copy. This\n License will therefore apply, along with any applicable section 7\n additional terms, to the whole of the work, and all its parts,\n regardless of how they are packaged. This License gives no\n permission to license the work in any other way, but it does not\n invalidate such permission if you have separately received it.\n\n d) If the work has interactive user interfaces, each must display\n Appropriate Legal Notices; however, if the Program has interactive\n interfaces that do not display Appropriate Legal Notices, your\n work need not make them do so.\n\n A compilation of a covered work with other separate and independent\nworks, which are not by their nature extensions of the covered work,\nand which are not combined with it such as to form a larger program,\nin or on a volume of a storage or distribution medium, is called an\n\"aggregate\" if the compilation and its resulting copyright are not\nused to limit the access or legal rights of the compilation's users\nbeyond what the individual works permit. Inclusion of a covered work\nin an aggregate does not cause this License to apply to the other\nparts of the aggregate.\n\n 6. Conveying Non-Source Forms.\n\n You may convey a covered work in object code form under the terms\nof sections 4 and 5, provided that you also convey the\nmachine-readable Corresponding Source under the terms of this License,\nin one of these ways:\n\n a) Convey the object code in, or embodied in, a physical product\n (including a physical distribution medium), accompanied by the\n Corresponding Source fixed on a durable physical medium\n customarily used for software interchange.\n\n b) Convey the object code in, or embodied in, a physical product\n (including a physical distribution medium), accompanied by a\n written offer, valid for at least three years and valid for as\n long as you offer spare parts or customer support for that product\n model, to give anyone who possesses the object code either (1) a\n copy of the Corresponding Source for all the software in the\n product that is covered by this License, on a durable physical\n medium customarily used for software interchange, for a price no\n more than your reasonable cost of physically performing this\n conveying of source, or (2) access to copy the\n Corresponding Source from a network server at no charge.\n\n c) Convey individual copies of the object code with a copy of the\n written offer to provide the Corresponding Source. This\n alternative is allowed only occasionally and noncommercially, and\n only if you received the object code with such an offer, in accord\n with subsection 6b.\n\n d) Convey the object code by offering access from a designated\n place (gratis or for a charge), and offer equivalent access to the\n Corresponding Source in the same way through the same place at no\n further charge. You need not require recipients to copy the\n Corresponding Source along with the object code. If the place to\n copy the object code is a network server, the Corresponding Source\n may be on a different server (operated by you or a third party)\n that supports equivalent copying facilities, provided you maintain\n clear directions next to the object code saying where to find the\n Corresponding Source. Regardless of what server hosts the\n Corresponding Source, you remain obligated to ensure that it is\n available for as long as needed to satisfy these requirements.\n\n e) Convey the object code using peer-to-peer transmission, provided\n you inform other peers where the object code and Corresponding\n Source of the work are being offered to the general public at no\n charge under subsection 6d.\n\n A separable portion of the object code, whose source code is excluded\nfrom the Corresponding Source as a System Library, need not be\nincluded in conveying the object code work.\n\n A \"User Product\" is either (1) a \"consumer product\", which means any\ntangible personal property which is normally used for personal, family,\nor household purposes, or (2) anything designed or sold for incorporation\ninto a dwelling. In determining whether a product is a consumer product,\ndoubtful cases shall be resolved in favor of coverage. For a particular\nproduct received by a particular user, \"normally used\" refers to a\ntypical or common use of that class of product, regardless of the status\nof the particular user or of the way in which the particular user\nactually uses, or expects or is expected to use, the product. A product\nis a consumer product regardless of whether the product has substantial\ncommercial, industrial or non-consumer uses, unless such uses represent\nthe only significant mode of use of the product.\n\n \"Installation Information\" for a User Product means any methods,\nprocedures, authorization keys, or other information required to install\nand execute modified versions of a covered work in that User Product from\na modified version of its Corresponding Source. The information must\nsuffice to ensure that the continued functioning of the modified object\ncode is in no case prevented or interfered with solely because\nmodification has been made.\n\n If you convey an object code work under this section in, or with, or\nspecifically for use in, a User Product, and the conveying occurs as\npart of a transaction in which the right of possession and use of the\nUser Product is transferred to the recipient in perpetuity or for a\nfixed term (regardless of how the transaction is characterized), the\nCorresponding Source conveyed under this section must be accompanied\nby the Installation Information. But this requirement does not apply\nif neither you nor any third party retains the ability to install\nmodified object code on the User Product (for example, the work has\nbeen installed in ROM).\n\n The requirement to provide Installation Information does not include a\nrequirement to continue to provide support service, warranty, or updates\nfor a work that has been modified or installed by the recipient, or for\nthe User Product in which it has been modified or installed. Access to a\nnetwork may be denied when the modification itself materially and\nadversely affects the operation of the network or violates the rules and\nprotocols for communication across the network.\n\n Corresponding Source conveyed, and Installation Information provided,\nin accord with this section must be in a format that is publicly\ndocumented (and with an implementation available to the public in\nsource code form), and must require no special password or key for\nunpacking, reading or copying.\n\n 7. Additional Terms.\n\n \"Additional permissions\" are terms that supplement the terms of this\nLicense by making exceptions from one or more of its conditions.\nAdditional permissions that are applicable to the entire Program shall\nbe treated as though they were included in this License, to the extent\nthat they are valid under applicable law. If additional permissions\napply only to part of the Program, that part may be used separately\nunder those permissions, but the entire Program remains governed by\nthis License without regard to the additional permissions.\n\n When you convey a copy of a covered work, you may at your option\nremove any additional permissions from that copy, or from any part of\nit. (Additional permissions may be written to require their own\nremoval in certain cases when you modify the work.) You may place\nadditional permissions on material, added by you to a covered work,\nfor which you have or can give appropriate copyright permission.\n\n Notwithstanding any other provision of this License, for material you\nadd to a covered work, you may (if authorized by the copyright holders of\nthat material) supplement the terms of this License with terms:\n\n a) Disclaiming warranty or limiting liability differently from the\n terms of sections 15 and 16 of this License; or\n\n b) Requiring preservation of specified reasonable legal notices or\n author attributions in that material or in the Appropriate Legal\n Notices displayed by works containing it; or\n\n c) Prohibiting misrepresentation of the origin of that material, or\n requiring that modified versions of such material be marked in\n reasonable ways as different from the original version; or\n\n d) Limiting the use for publicity purposes of names of licensors or\n authors of the material; or\n\n e) Declining to grant rights under trademark law for use of some\n trade names, trademarks, or service marks; or\n\n f) Requiring indemnification of licensors and authors of that\n material by anyone who conveys the material (or modified versions of\n it) with contractual assumptions of liability to the recipient, for\n any liability that these contractual assumptions directly impose on\n those licensors and authors.\n\n All other non-permissive additional terms are considered \"further\nrestrictions\" within the meaning of section 10. If the Program as you\nreceived it, or any part of it, contains a notice stating that it is\ngoverned by this License along with a term that is a further\nrestriction, you may remove that term. If a license document contains\na further restriction but permits relicensing or conveying under this\nLicense, you may add to a covered work material governed by the terms\nof that license document, provided that the further restriction does\nnot survive such relicensing or conveying.\n\n If you add terms to a covered work in accord with this section, you\nmust place, in the relevant source files, a statement of the\nadditional terms that apply to those files, or a notice indicating\nwhere to find the applicable terms.\n\n Additional terms, permissive or non-permissive, may be stated in the\nform of a separately written license, or stated as exceptions;\nthe above requirements apply either way.\n\n 8. Termination.\n\n You may not propagate or modify a covered work except as expressly\nprovided under this License. Any attempt otherwise to propagate or\nmodify it is void, and will automatically terminate your rights under\nthis License (including any patent licenses granted under the third\nparagraph of section 11).\n\n However, if you cease all violation of this License, then your\nlicense from a particular copyright holder is reinstated (a)\nprovisionally, unless and until the copyright holder explicitly and\nfinally terminates your license, and (b) permanently, if the copyright\nholder fails to notify you of the violation by some reasonable means\nprior to 60 days after the cessation.\n\n Moreover, your license from a particular copyright holder is\nreinstated permanently if the copyright holder notifies you of the\nviolation by some reasonable means, this is the first time you have\nreceived notice of violation of this License (for any work) from that\ncopyright holder, and you cure the violation prior to 30 days after\nyour receipt of the notice.\n\n Termination of your rights under this section does not terminate the\nlicenses of parties who have received copies or rights from you under\nthis License. If your rights have been terminated and not permanently\nreinstated, you do not qualify to receive new licenses for the same\nmaterial under section 10.\n\n 9. Acceptance Not Required for Having Copies.\n\n You are not required to accept this License in order to receive or\nrun a copy of the Program. Ancillary propagation of a covered work\noccurring solely as a consequence of using peer-to-peer transmission\nto receive a copy likewise does not require acceptance. However,\nnothing other than this License grants you permission to propagate or\nmodify any covered work. These actions infringe copyright if you do\nnot accept this License. Therefore, by modifying or propagating a\ncovered work, you indicate your acceptance of this License to do so.\n\n 10. Automatic Licensing of Downstream Recipients.\n\n Each time you convey a covered work, the recipient automatically\nreceives a license from the original licensors, to run, modify and\npropagate that work, subject to this License. You are not responsible\nfor enforcing compliance by third parties with this License.\n\n An \"entity transaction\" is a transaction transferring control of an\norganization, or substantially all assets of one, or subdividing an\norganization, or merging organizations. If propagation of a covered\nwork results from an entity transaction, each party to that\ntransaction who receives a copy of the work also receives whatever\nlicenses to the work the party's predecessor in interest had or could\ngive under the previous paragraph, plus a right to possession of the\nCorresponding Source of the work from the predecessor in interest, if\nthe predecessor has it or can get it with reasonable efforts.\n\n You may not impose any further restrictions on the exercise of the\nrights granted or affirmed under this License. For example, you may\nnot impose a license fee, royalty, or other charge for exercise of\nrights granted under this License, and you may not initiate litigation\n(including a cross-claim or counterclaim in a lawsuit) alleging that\nany patent claim is infringed by making, using, selling, offering for\nsale, or importing the Program or any portion of it.\n\n 11. Patents.\n\n A \"contributor\" is a copyright holder who authorizes use under this\nLicense of the Program or a work on which the Program is based. The\nwork thus licensed is called the contributor's \"contributor version\".\n\n A contributor's \"essential patent claims\" are all patent claims\nowned or controlled by the contributor, whether already acquired or\nhereafter acquired, that would be infringed by some manner, permitted\nby this License, of making, using, or selling its contributor version,\nbut do not include claims that would be infringed only as a\nconsequence of further modification of the contributor version. For\npurposes of this definition, \"control\" includes the right to grant\npatent sublicenses in a manner consistent with the requirements of\nthis License.\n\n Each contributor grants you a non-exclusive, worldwide, royalty-free\npatent license under the contributor's essential patent claims, to\nmake, use, sell, offer for sale, import and otherwise run, modify and\npropagate the contents of its contributor version.\n\n In the following three paragraphs, a \"patent license\" is any express\nagreement or commitment, however denominated, not to enforce a patent\n(such as an express permission to practice a patent or covenant not to\nsue for patent infringement). To \"grant\" such a patent license to a\nparty means to make such an agreement or commitment not to enforce a\npatent against the party.\n\n If you convey a covered work, knowingly relying on a patent license,\nand the Corresponding Source of the work is not available for anyone\nto copy, free of charge and under the terms of this License, through a\npublicly available network server or other readily accessible means,\nthen you must either (1) cause the Corresponding Source to be so\navailable, or (2) arrange to deprive yourself of the benefit of the\npatent license for this particular work, or (3) arrange, in a manner\nconsistent with the requirements of this License, to extend the patent\nlicense to downstream recipients. \"Knowingly relying\" means you have\nactual knowledge that, but for the patent license, your conveying the\ncovered work in a country, or your recipient's use of the covered work\nin a country, would infringe one or more identifiable patents in that\ncountry that you have reason to believe are valid.\n\n If, pursuant to or in connection with a single transaction or\narrangement, you convey, or propagate by procuring conveyance of, a\ncovered work, and grant a patent license to some of the parties\nreceiving the covered work authorizing them to use, propagate, modify\nor convey a specific copy of the covered work, then the patent license\nyou grant is automatically extended to all recipients of the covered\nwork and works based on it.\n\n A patent license is \"discriminatory\" if it does not include within\nthe scope of its coverage, prohibits the exercise of, or is\nconditioned on the non-exercise of one or more of the rights that are\nspecifically granted under this License. You may not convey a covered\nwork if you are a party to an arrangement with a third party that is\nin the business of distributing software, under which you make payment\nto the third party based on the extent of your activity of conveying\nthe work, and under which the third party grants, to any of the\nparties who would receive the covered work from you, a discriminatory\npatent license (a) in connection with copies of the covered work\nconveyed by you (or copies made from those copies), or (b) primarily\nfor and in connection with specific products or compilations that\ncontain the covered work, unless you entered into that arrangement,\nor that patent license was granted, prior to 28 March 2007.\n\n Nothing in this License shall be construed as excluding or limiting\nany implied license or other defenses to infringement that may\notherwise be available to you under applicable patent law.\n\n 12. No Surrender of Others' Freedom.\n\n If conditions are imposed on you (whether by court order, agreement or\notherwise) that contradict the conditions of this License, they do not\nexcuse you from the conditions of this License. If you cannot convey a\ncovered work so as to satisfy simultaneously your obligations under this\nLicense and any other pertinent obligations, then as a consequence you may\nnot convey it at all. For example, if you agree to terms that obligate you\nto collect a royalty for further conveying from those to whom you convey\nthe Program, the only way you could satisfy both those terms and this\nLicense would be to refrain entirely from conveying the Program.\n\n 13. Use with the GNU Affero General Public License.\n\n Notwithstanding any other provision of this License, you have\npermission to link or combine any covered work with a work licensed\nunder version 3 of the GNU Affero General Public License into a single\ncombined work, and to convey the resulting work. The terms of this\nLicense will continue to apply to the part which is the covered work,\nbut the special requirements of the GNU Affero General Public License,\nsection 13, concerning interaction through a network will apply to the\ncombination as such.\n\n 14. Revised Versions of this License.\n\n The Free Software Foundation may publish revised and/or new versions of\nthe GNU General Public License from time to time. Such new versions will\nbe similar in spirit to the present version, but may differ in detail to\naddress new problems or concerns.\n\n Each version is given a distinguishing version number. If the\nProgram specifies that a certain numbered version of the GNU General\nPublic License \"or any later version\" applies to it, you have the\noption of following the terms and conditions either of that numbered\nversion or of any later version published by the Free Software\nFoundation. If the Program does not specify a version number of the\nGNU General Public License, you may choose any version ever published\nby the Free Software Foundation.\n\n If the Program specifies that a proxy can decide which future\nversions of the GNU General Public License can be used, that proxy's\npublic statement of acceptance of a version permanently authorizes you\nto choose that version for the Program.\n\n Later license versions may give you additional or different\npermissions. However, no additional obligations are imposed on any\nauthor or copyright holder as a result of your choosing to follow a\nlater version.\n\n 15. Disclaimer of Warranty.\n\n THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY\nAPPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT\nHOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM \"AS IS\" WITHOUT WARRANTY\nOF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,\nTHE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\nPURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM\nIS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF\nALL NECESSARY SERVICING, REPAIR OR CORRECTION.\n\n 16. Limitation of Liability.\n\n IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING\nWILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS\nTHE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY\nGENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE\nUSE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF\nDATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD\nPARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),\nEVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF\nSUCH DAMAGES.\n\n 17. Interpretation of Sections 15 and 16.\n\n If the disclaimer of warranty and limitation of liability provided\nabove cannot be given local legal effect according to their terms,\nreviewing courts shall apply local law that most closely approximates\nan absolute waiver of all civil liability in connection with the\nProgram, unless a warranty or assumption of liability accompanies a\ncopy of the Program in return for a fee.\n\n END OF TERMS AND CONDITIONS\n\n How to Apply These Terms to Your New Programs\n\n If you develop a new program, and you want it to be of the greatest\npossible use to the public, the best way to achieve this is to make it\nfree software which everyone can redistribute and change under these terms.\n\n To do so, attach the following notices to the program. It is safest\nto attach them to the start of each source file to most effectively\nstate the exclusion of warranty; and each file should have at least\nthe \"copyright\" line and a pointer to where the full notice is found.\n\n \n Copyright (C) \n\n This program is free software: you can redistribute it and/or modify\n it under the terms of the GNU General Public License as published by\n the Free Software Foundation, either version 3 of the License, or\n (at your option) any later version.\n\n This program is distributed in the hope that it will be useful,\n but WITHOUT ANY WARRANTY; without even the implied warranty of\n MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n GNU General Public License for more details.\n\n You should have received a copy of the GNU General Public License\n along with this program. If not, see .\n\nAlso add information on how to contact you by electronic and paper mail.\n\n If the program does terminal interaction, make it output a short\nnotice like this when it starts in an interactive mode:\n\n Copyright (C) \n This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'.\n This is free software, and you are welcome to redistribute it\n under certain conditions; type `show c' for details.\n\nThe hypothetical commands `show w' and `show c' should show the appropriate\nparts of the General Public License. Of course, your program's commands\nmight be different; for a GUI interface, you would use an \"about box\".\n\n You should also get your employer (if you work as a programmer) or school,\nif any, to sign a \"copyright disclaimer\" for the program, if necessary.\nFor more information on this, and how to apply and follow the GNU GPL, see\n.\n\n The GNU General Public License does not permit incorporating your program\ninto proprietary programs. If your program is a subroutine library, you\nmay consider it more useful to permit linking proprietary applications with\nthe library. If this is what you want to do, use the GNU Lesser General\nPublic License instead of this License. But first, please read\n." }, { "path": "cmake/CMakeGraphVizOptions.cmake", "content": "set(GRAPHVIZ_GRAPH_NAME \"graph.dot\" CACHE STRING \"\")\nset(GRAPHVIZ_GENERATE_PER_TARGET FALSE CACHE BOOL \"\")\nset(GRAPHVIZ_GENERATE_DEPENDERS FALSE CACHE BOOL \"\")\nset(GRAPHVIZ_OBJECT_LIBS OFF CACHE BOOL \"\")\n" }, { "path": "cmake/DownloadLibSodium.cmake", "content": "set(LIBSODIUM_PREFIX ${CMAKE_BINARY_DIR}/libsodium)\nset(LIBSODIUM_URL https://github.com/jedisct1/libsodium/releases/download/1.0.18-RELEASE/libsodium-1.0.18.tar.gz https://download.libsodium.org/libsodium/releases/libsodium-1.0.18.tar.gz)\nset(LIBSODIUM_HASH SHA512=17e8638e46d8f6f7d024fe5559eccf2b8baf23e143fadd472a7d29d228b186d86686a5e6920385fe2020729119a5f12f989c3a782afbd05a8db4819bb18666ef)\n\nif(SODIUM_TARBALL_URL)\n # make a build time override of the tarball url so we can fetch it if the original link goes away\n set(LIBSODIUM_URL ${SODIUM_TARBALL_URL})\nendif()\n\n\nfile(MAKE_DIRECTORY ${LIBSODIUM_PREFIX}/include)\n\ninclude(ExternalProject)\ninclude(ProcessorCount)\nProcessorCount(PROCESSOR_COUNT)\nif(PROCESSOR_COUNT EQUAL 0)\n set(PROCESSOR_COUNT 1)\nendif()\n\nset(sodium_cc ${CMAKE_C_COMPILER})\nif(CCACHE_PROGRAM)\n set(sodium_cc \"${CCACHE_PROGRAM} ${sodium_cc}\")\nendif()\nset(SODIUM_CONFIGURE ./configure --prefix=${LIBSODIUM_PREFIX} --enable-static --disable-shared --with-pic --quiet CC=${sodium_cc})\nif (CMAKE_C_COMPILER_ARG1)\n set(SODIUM_CONFIGURE ${SODIUM_CONFIGURE} CPPFLAGS=${CMAKE_C_COMPILER_ARG1})\nendif()\n\nif (CROSS_TARGET)\n set(SODIUM_CONFIGURE ${SODIUM_CONFIGURE} --target=${CROSS_TARGET} --host=${CROSS_TARGET})\nendif()\n\n\nExternalProject_Add(libsodium_external\n BUILD_IN_SOURCE ON\n PREFIX ${LIBSODIUM_PREFIX}\n URL ${LIBSODIUM_URL}\n URL_HASH ${LIBSODIUM_HASH}\n CONFIGURE_COMMAND ${SODIUM_CONFIGURE}\n PATCH_COMMAND patch -p1 -d < ${CMAKE_SOURCE_DIR}/win32-setup/libsodium-1.0.18-win32.patch\n BUILD_COMMAND make -j${PROCESSOR_COUNT}\n INSTALL_COMMAND ${MAKE}\n BUILD_BYPRODUCTS ${LIBSODIUM_PREFIX}/lib/libsodium.a ${LIBSODIUM_PREFIX}/include\n )\n\nadd_library(sodium_vendor STATIC IMPORTED GLOBAL)\nadd_dependencies(sodium_vendor libsodium_external)\nset_target_properties(sodium_vendor PROPERTIES\n IMPORTED_LOCATION ${LIBSODIUM_PREFIX}/lib/libsodium.a\n INTERFACE_INCLUDE_DIRECTORIES ${LIBSODIUM_PREFIX}/include\n )\n" }, { "path": "cmake/FindJemalloc.cmake", "content": "#\n# Find the JEMALLOC client includes and library\n# \n\n# This module defines\n# JEMALLOC_INCLUDE_DIR, where to find jemalloc.h\n# JEMALLOC_LIBRARIES, the libraries to link against\n# JEMALLOC_FOUND, if false, you cannot build anything that requires JEMALLOC\n\n# also defined, but not for general use are\n# JEMALLOC_LIBRARY, where to find the JEMALLOC library.\n\nset( JEMALLOC_FOUND 0 )\n\nif ( UNIX )\n FIND_PATH( JEMALLOC_INCLUDE_DIR\n NAMES\n jemalloc/jemalloc.h\n PATHS\n /usr/include\n /usr/include/jemalloc\n /usr/local/include\n /usr/local/include/jemalloc\n $ENV{JEMALLOC_ROOT}\n $ENV{JEMALLOC_ROOT}/include\n DOC\n \"Specify include-directories that might contain jemalloc.h here.\"\n )\n FIND_LIBRARY( JEMALLOC_LIBRARY \n NAMES\n jemalloc libjemalloc JEMALLOC\n PATHS\n /usr/lib\n /usr/lib/jemalloc\n /usr/local/lib\n /usr/local/lib/jemalloc\n /usr/local/jemalloc/lib\n $ENV{JEMALLOC_ROOT}/lib\n $ENV{JEMALLOC_ROOT}\n DOC \"Specify library-locations that might contain the jemalloc library here.\"\n )\n\n if ( JEMALLOC_LIBRARY )\n if ( JEMALLOC_INCLUDE_DIR )\n set( JEMALLOC_FOUND 1 )\n message( STATUS \"Found JEMALLOC library: ${JEMALLOC_LIBRARY}\")\n message( STATUS \"Found JEMALLOC headers: ${JEMALLOC_INCLUDE_DIR}\")\n else ( JEMALLOC_INCLUDE_DIR )\n message(FATAL_ERROR \"Could not find jemalloc headers! Please install jemalloc libraries and headers\")\n endif ( JEMALLOC_INCLUDE_DIR )\n endif ( JEMALLOC_LIBRARY )\n add_library(jemalloc SHARED IMPORTED)\n set_target_properties(jemalloc PROPERTIES\n INTERFACE_INCLUDE_DIRECTORIES \"${JEMALLOC_INCLUDE_DUR}\"\n IMPORTED_LOCATION \"${JEMALLOC_LIBRARY}\")\n mark_as_advanced( JEMALLOC_FOUND JEMALLOC_LIBRARY JEMALLOC_EXTRA_LIBRARIES JEMALLOC_INCLUDE_DIR )\nendif (UNIX)\n" }, { "path": "cmake/GenVersion.cmake", "content": "# Copyright (c) 2014-2019, The Monero Project\n# Copyright (c) 2019, The Loki Project\n# \n# All rights reserved.\n# \n# Redistribution and use in source and binary forms, with or without modification, are\n# permitted provided that the following conditions are met:\n# \n# 1. Redistributions of source code must retain the above copyright notice, this list of\n# conditions and the following disclaimer.\n# \n# 2. Redistributions in binary form must reproduce the above copyright notice, this list\n# of conditions and the following disclaimer in the documentation and/or other\n# materials provided with the distribution.\n# \n# 3. Neither the name of the copyright holder nor the names of its contributors may be\n# used to endorse or promote products derived from this software without specific\n# prior written permission.\n# \n# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\" AND ANY\n# EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF\n# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL\n# THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,\n# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,\n# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS\n# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,\n# STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF\n# THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n# \n# Parts of this file are originally copyright (c) 2012-2013 The Cryptonote developers\n\n# Check what commit we're on\nexecute_process(COMMAND \"${GIT}\" rev-parse --short HEAD RESULT_VARIABLE RET OUTPUT_VARIABLE COMMIT OUTPUT_STRIP_TRAILING_WHITESPACE)\n\nif(RET)\n\t# Something went wrong, set the version tag to -unknown\n message(WARNING \"Cannot determine current commit. Make sure that you are building either from a Git working tree or from a source archive.\")\n set(VERSIONTAG \"unknown\")\nelse()\n\tmessage(STATUS \"You are currently on commit ${COMMIT}\")\n\n\t# Get all the tags\n\texecute_process(COMMAND \"${GIT}\" rev-list --tags --max-count=1 --abbrev-commit RESULT_VARIABLE RET OUTPUT_VARIABLE TAGGEDCOMMIT OUTPUT_STRIP_TRAILING_WHITESPACE)\n\n if(NOT TAGGEDCOMMIT)\n message(WARNING \"Cannot determine most recent tag. Make sure that you are building either from a Git working tree or from a source archive.\")\n set(VERSIONTAG \"${COMMIT}\")\n else()\n # Check if we're building that tagged commit or a different one\n if(COMMIT STREQUAL TAGGEDCOMMIT)\n message(STATUS \"${COMMIT} is a tagged release; setting version tag to 'release'\")\n set(VERSIONTAG \"release\")\n else()\n message(STATUS \"You are not building a tagged release; setting version tag to '${COMMIT}'\")\n set(VERSIONTAG \"${COMMIT}\")\n endif()\n endif()\nendif()\n\nconfigure_file(\"${SRC}\" \"${DEST}\" @ONLY)\n" }, { "path": "cmake/MacroEnsureOutOfSourceBuild.cmake", "content": "# - MACRO_ENSURE_OUT_OF_SOURCE_BUILD()\n# MACRO_ENSURE_OUT_OF_SOURCE_BUILD()\n\n# Copyright (c) 2006, Alexander Neundorf, \n#\n# Redistribution and use is allowed according to the terms of the BSD license:\n# \n# Redistribution and use in source and binary forms, with or without\n# modification, are permitted provided that the following conditions\n# are met:\n# \n# 1. Redistributions of source code must retain the copyright\n# notice, this list of conditions and the following disclaimer.\n# 2. Redistributions in binary form must reproduce the copyright\n# notice, this list of conditions and the following disclaimer in the\n# documentation and/or other materials provided with the distribution.\n# 3. The name of the author may not be used to endorse or promote products \n# derived from this software without specific prior written permission.\n# \n# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR\n# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES\n# OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.\n# IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,\n# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT\n# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,\n# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY\n# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF\n# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n\nmacro (MACRO_ENSURE_OUT_OF_SOURCE_BUILD _errorMessage)\n\n string(COMPARE EQUAL \"${CMAKE_SOURCE_DIR}\" \"${CMAKE_BINARY_DIR}\" _insource)\n if (_insource)\n message(SEND_ERROR \"${_errorMessage}\")\n message(FATAL_ERROR \"Remove the file CMakeCache.txt in ${CMAKE_SOURCE_DIR} first.\")\n endif (_insource)\n\nendmacro (MACRO_ENSURE_OUT_OF_SOURCE_BUILD)\n" }, { "path": "cmake/StaticBuild.cmake", "content": "# cmake bits to do a full static build, downloading and building all dependencies.\n\n# Most of these are CACHE STRINGs so that you can override them using -DWHATEVER during cmake\n# invocation to override.\n\ninclude_guard(GLOBAL)\n\ninclude(\"${CMAKE_CURRENT_LIST_DIR}/../external/oxen-libquic/cmake/StaticBuild.cmake\")\n\nset(LOCAL_MIRROR \"\" CACHE STRING \"local mirror path/URL for lib downloads\")\n\nset(EXPAT_VERSION 2.7.1 CACHE STRING \"expat version\")\nstring(REPLACE \".\" \"_\" EXPAT_TAG \"R_${EXPAT_VERSION}\")\nset(EXPAT_MIRROR ${LOCAL_MIRROR} https://github.com/libexpat/libexpat/releases/download/${EXPAT_TAG}\n CACHE STRING \"expat download mirror(s)\")\nset(EXPAT_SOURCE expat-${EXPAT_VERSION}.tar.xz)\nset(EXPAT_HASH SHA512=4c9a6c1c1769d2c4404da083dd3013dbc73883da50e2b7353db2349a420e9b6d27cac7dbcb645991d6c7cdbf79bd88486fc1ac353084ce48e61081fb56e13d46\n CACHE STRING \"expat source hash\")\n\nset(UNBOUND_VERSION 1.23.0 CACHE STRING \"unbound version\")\nset(UNBOUND_MIRROR ${LOCAL_MIRROR} https://nlnetlabs.nl/downloads/unbound CACHE STRING \"unbound download mirror(s)\")\nset(UNBOUND_SOURCE unbound-${UNBOUND_VERSION}.tar.gz)\nset(UNBOUND_HASH SHA512=9b5ca48f4f5189f168f76396f5895f39262a4333e589f8c64bb9298a55c6266f626a4a4399370c68edd9f6318215a401146bf9e16a101c54decf623668a398af\n CACHE STRING \"unbound source hash\")\n\nset(SQLITE3_VERSION 3500200 CACHE STRING \"sqlite3 version\")\nset(SQLITE3_MIRROR ${LOCAL_MIRROR} https://www.sqlite.org/2025\n CACHE STRING \"sqlite3 download mirror(s)\")\nset(SQLITE3_SOURCE sqlite-autoconf-${SQLITE3_VERSION}.tar.gz)\nset(SQLITE3_HASH SHA3_256=e4d2b4332988f479ec032ccff00963a9bbd24a3a0f0222b4e249653fa680b4c0\n CACHE STRING \"sqlite3 source hash\")\n\nset(SODIUM_VERSION 1.0.20 CACHE STRING \"libsodium version\")\nset(SODIUM_MIRROR ${LOCAL_MIRROR}\n https://download.libsodium.org/libsodium/releases\n https://github.com/jedisct1/libsodium/releases/download/${SODIUM_VERSION}-RELEASE\n CACHE STRING \"libsodium mirror(s)\")\nset(SODIUM_SOURCE libsodium-${SODIUM_VERSION}.tar.gz)\nset(SODIUM_HASH SHA512=7ea165f3c1b1609790e30a16348b9dfdc5731302da00c07c65e125c8ab115c75419a5631876973600f8a4b560ca2c8267001770b68f2eb3eebc9ba095d312702\n CACHE STRING \"libsodium source hash\")\n\nset(ZMQ_VERSION 4.3.5 CACHE STRING \"libzmq version\")\nset(ZMQ_MIRROR ${LOCAL_MIRROR} https://github.com/zeromq/libzmq/releases/download/v${ZMQ_VERSION}\n CACHE STRING \"libzmq mirror(s)\")\nset(ZMQ_SOURCE zeromq-${ZMQ_VERSION}.tar.gz)\nset(ZMQ_HASH SHA512=a71d48aa977ad8941c1609947d8db2679fc7a951e4cd0c3a1127ae026d883c11bd4203cf315de87f95f5031aec459a731aec34e5ce5b667b8d0559b157952541\n CACHE STRING \"libzmq source hash\")\n\nset(ZLIB_VERSION 1.3.1 CACHE STRING \"zlib version\")\nset(ZLIB_MIRROR ${LOCAL_MIRROR} https://zlib.net\n CACHE STRING \"zlib mirror(s)\")\nset(ZLIB_SOURCE zlib-${ZLIB_VERSION}.tar.xz)\nset(ZLIB_HASH SHA256=38ef96b8dfe510d42707d9c781877914792541133e1870841463bfa73f883e32\n CACHE STRING \"zlib source hash\")\n\nset(ZSTD_VERSION 1.5.7 CACHE STRING \"zstd version\")\nset(ZSTD_MIRROR ${LOCAL_MIRROR} https://github.com/facebook/zstd/releases/download/v${ZSTD_VERSION}\n CACHE STRING \"zstd mirror(s)\")\nset(ZSTD_SOURCE zstd-${ZSTD_VERSION}.tar.gz)\nset(ZSTD_HASH SHA256=eb33e51f49a15e023950cd7825ca74a4a2b43db8354825ac24fc1b7ee09e6fa3\n CACHE STRING \"zstd source hash\")\n\ninclude(ExternalProject)\n\nset(DEPS_DESTDIR ${CMAKE_BINARY_DIR}/static-deps)\nset(DEPS_SOURCEDIR ${CMAKE_BINARY_DIR}/static-deps-sources)\n\ninclude_directories(BEFORE SYSTEM ${DEPS_DESTDIR}/include)\n\nfile(MAKE_DIRECTORY ${DEPS_DESTDIR}/include)\n\nset(deps_cc \"${CMAKE_C_COMPILER}\")\nset(deps_cxx \"${CMAKE_CXX_COMPILER}\")\nif(CMAKE_C_COMPILER_LAUNCHER)\n set(deps_cc \"${CMAKE_C_COMPILER_LAUNCHER} ${deps_cc}\")\nendif()\nif(CMAKE_CXX_COMPILER_LAUNCHER)\n set(deps_cxx \"${CMAKE_CXX_COMPILER_LAUNCHER} ${deps_cxx}\")\nendif()\n\n\nfunction(expand_urls output source_file)\n set(expanded)\n foreach(mirror ${ARGN})\n list(APPEND expanded \"${mirror}/${source_file}\")\n endforeach()\n set(${output} \"${expanded}\" PARENT_SCOPE)\nendfunction()\n\n\nadd_library(lokinet_static_deps INTERFACE)\n\nfunction(add_static_target target ext_target libname)\n add_library(${target} STATIC IMPORTED GLOBAL)\n add_dependencies(${target} ${ext_target})\n target_link_libraries(lokinet_static_deps INTERFACE ${target})\n set_target_properties(${target} PROPERTIES\n IMPORTED_LOCATION ${DEPS_DESTDIR}/lib/${libname}\n )\n if (ARGN)\n target_link_libraries(${target} INTERFACE ${ARGN})\n endif()\nendfunction()\n\n\nset(cross_host \"\")\nset(cross_rc \"\")\nif(CMAKE_CROSSCOMPILING)\n set(cross_host \"--host=${ARCH_TRIPLET}\")\n if (ARCH_TRIPLET MATCHES mingw AND CMAKE_RC_COMPILER)\n set(cross_rc \"WINDRES=${CMAKE_RC_COMPILER}\")\n endif()\nendif()\nif(ANDROID)\n set(android_toolchain_suffix linux-android)\n set(android_compiler_suffix linux-android23)\n if(CMAKE_ANDROID_ARCH_ABI MATCHES x86_64)\n set(android_machine x86_64)\n set(cross_host \"--host=x86_64-linux-android\")\n set(android_compiler_prefix x86_64)\n set(android_compiler_suffix linux-android23)\n set(android_toolchain_prefix x86_64)\n set(android_toolchain_suffix linux-android)\n elseif(CMAKE_ANDROID_ARCH_ABI MATCHES x86)\n set(android_machine x86)\n set(cross_host \"--host=i686-linux-android\")\n set(android_compiler_prefix i686)\n set(android_compiler_suffix linux-android23)\n set(android_toolchain_prefix i686)\n set(android_toolchain_suffix linux-android)\n elseif(CMAKE_ANDROID_ARCH_ABI MATCHES armeabi-v7a)\n set(android_machine arm)\n set(cross_host \"--host=armv7a-linux-androideabi\")\n set(android_compiler_prefix armv7a)\n set(android_compiler_suffix linux-androideabi23)\n set(android_toolchain_prefix arm)\n set(android_toolchain_suffix linux-androideabi)\n elseif(CMAKE_ANDROID_ARCH_ABI MATCHES arm64-v8a)\n set(android_machine arm64)\n set(cross_host \"--host=aarch64-linux-android\")\n set(android_compiler_prefix aarch64)\n set(android_compiler_suffix linux-android23)\n set(android_toolchain_prefix aarch64)\n set(android_toolchain_suffix linux-android)\n else()\n message(FATAL_ERROR \"unknown android arch: ${CMAKE_ANDROID_ARCH_ABI}\")\n endif()\n set(deps_cc \"${CMAKE_ANDROID_NDK}/toolchains/llvm/prebuilt/linux-x86_64/bin/${android_compiler_prefix}-${android_compiler_suffix}-clang\")\n set(deps_cxx \"${CMAKE_ANDROID_NDK}/toolchains/llvm/prebuilt/linux-x86_64/bin/${android_compiler_prefix}-${android_compiler_suffix}-clang++\")\n set(deps_ld \"${CMAKE_ANDROID_NDK}/toolchains/llvm/prebuilt/linux-x86_64/bin/${android_compiler_prefix}-${android_toolchain_suffix}-ld\")\n set(deps_ranlib \"${CMAKE_ANDROID_NDK}/toolchains/llvm/prebuilt/linux-x86_64/bin/${android_toolchain_prefix}-${android_toolchain_suffix}-ranlib\")\n set(deps_ar \"${CMAKE_ANDROID_NDK}/toolchains/llvm/prebuilt/linux-x86_64/bin/${android_toolchain_prefix}-${android_toolchain_suffix}-ar\")\nendif()\n\nset(deps_CFLAGS \"-O2\")\nset(deps_CXXFLAGS \"-O2\")\n\nif(WITH_LTO)\n set(deps_CFLAGS \"${deps_CFLAGS} -flto\")\nendif()\n\nif(APPLE)\n set(deps_CFLAGS \"${deps_CFLAGS} -mmacosx-version-min=${CMAKE_OSX_DEPLOYMENT_TARGET}\")\n set(deps_CXXFLAGS \"${deps_CXXFLAGS} -mmacosx-version-min=${CMAKE_OSX_DEPLOYMENT_TARGET}\")\nendif()\n\nif(_winver)\n set(deps_CFLAGS \"${deps_CFLAGS} -D_WIN32_WINNT=${_winver}\")\n set(deps_CXXFLAGS \"${deps_CXXFLAGS} -D_WIN32_WINNT=${_winver}\")\nendif()\n\n\nif(\"${CMAKE_GENERATOR}\" STREQUAL \"Unix Makefiles\")\n set(_make $(MAKE))\nelse()\n set(_make make)\nendif()\n\n\n# Builds a target; takes the target name (e.g. \"readline\") and builds it in an external project with\n# target name suffixed with `_external`. Its upper-case value is used to get the download details\n# (from the variables set above). The following options are supported and passed through to\n# ExternalProject_Add if specified. If omitted, these defaults are used:\nset(build_def_DEPENDS \"\")\nset(build_def_PATCH_COMMAND \"\")\nset(build_def_CONFIGURE_COMMAND ./configure ${cross_host} --disable-shared --prefix=${DEPS_DESTDIR} --with-pic\n \"CC=${deps_cc}\" \"CXX=${deps_cxx}\" \"CFLAGS=${deps_CFLAGS}\" \"CXXFLAGS=${deps_CXXFLAGS}\" ${cross_rc})\nset(build_def_BUILD_COMMAND ${_make})\nset(build_def_INSTALL_COMMAND ${_make} install)\nset(build_def_BUILD_BYPRODUCTS ${DEPS_DESTDIR}/lib/lib___TARGET___.a ${DEPS_DESTDIR}/include/___TARGET___.h)\n\nfunction(build_external target)\n set(options DEPENDS PATCH_COMMAND CONFIGURE_COMMAND BUILD_COMMAND INSTALL_COMMAND BUILD_BYPRODUCTS)\n cmake_parse_arguments(PARSE_ARGV 1 arg \"\" \"\" \"${options}\")\n foreach(o ${options})\n if(NOT DEFINED arg_${o})\n set(arg_${o} ${build_def_${o}})\n endif()\n endforeach()\n string(REPLACE ___TARGET___ ${target} arg_BUILD_BYPRODUCTS \"${arg_BUILD_BYPRODUCTS}\")\n\n if(arg_CONFIGURE_COMMAND MATCHES \"^DEFAULT_CMAKE\")\n string(REGEX REPLACE \"^DEFAULT_CMAKE(;?)\" \"CMAKE_ARGS;-DCMAKE_INSTALL_PREFIX=${DEPS_DESTDIR}\\\\1\" configure \"${arg_CONFIGURE_COMMAND}\")\n else()\n set(configure CONFIGURE_COMMAND ${arg_CONFIGURE_COMMAND})\n endif()\n\n string(TOUPPER \"${target}\" prefix)\n expand_urls(urls ${${prefix}_SOURCE} ${${prefix}_MIRROR})\n ExternalProject_Add(\"${target}_external\"\n DEPENDS ${arg_DEPENDS}\n BUILD_IN_SOURCE ON\n PREFIX ${DEPS_SOURCEDIR}\n URL ${urls}\n URL_HASH ${${prefix}_HASH}\n DOWNLOAD_NO_PROGRESS ON\n PATCH_COMMAND ${arg_PATCH_COMMAND}\n ${configure}\n BUILD_COMMAND ${arg_BUILD_COMMAND}\n INSTALL_COMMAND ${arg_INSTALL_COMMAND}\n BUILD_BYPRODUCTS ${arg_BUILD_BYPRODUCTS}\n )\nendfunction()\n\nif(NOT TARGET sodium)\n build_external(sodium CONFIGURE_COMMAND ./configure ${cross_host} ${cross_rc} --prefix=${DEPS_DESTDIR} --disable-shared\n --enable-static --with-pic \"CC=${deps_cc}\" \"CFLAGS=${deps_CFLAGS}\")\n add_static_target(sodium sodium_external libsodium.a)\nendif()\n\n\nif(LOKINET_PEERSTATS)\n build_external(sqlite3)\n add_static_target(sqlite3 sqlite3_external libsqlite3.a)\nendif()\n\n\nif(NOT TARGET libzstd::static)\n build_external(zstd\n CONFIGURE_COMMAND DEFAULT_CMAKE\n -DZSTD_BUILD_PROGRAMS=OFF -DZSTD_BUILD_TESTS=OFF -DZSTD_BUILD_STATIC=ON -DZSTD_BUILD_SHARED=OFF -DZSTD_BUILD_DICTBUILDER=OFF\n SOURCE_SUBDIR build/cmake\n BUILD_BYPRODUCTS\n ${DEPS_DESTDIR}/lib/libzstd.a\n ${DEPS_DESTDIR}/include/zstd.h\n )\n # Use the same libzstd::static target name as libsession-util so that we can use libsession's\n # static zstd if we are being built as part of libsession:\n add_static_target(libzstd::static zstd_external libzstd.a)\nendif()\n\n\nif(LOKINET_FULL)\n\n build_external(zlib\n CONFIGURE_COMMAND ${CMAKE_COMMAND} -E env \"CC=${deps_cc}\" \"CFLAGS=${deps_CFLAGS} -fPIC\" ${cross_extra} ./configure --prefix=${DEPS_DESTDIR} --static\n BUILD_BYPRODUCTS\n ${DEPS_DESTDIR}/lib/libz.a\n ${DEPS_DESTDIR}/include/zlib.h\n )\n add_static_target(zlib zlib_external libz.a)\n\n build_external(expat\n CONFIGURE_COMMAND ./configure ${cross_host} --prefix=${DEPS_DESTDIR} --enable-static\n --disable-shared --with-pic --without-examples --without-tests --without-docbook --without-xmlwf\n \"CC=${deps_cc}\" \"CFLAGS=${deps_CFLAGS}\"\n )\n add_static_target(expat expat_external libexpat.a)\n\n\n if(WIN32)\n set(unbound_patch\n PATCH_COMMAND ${PROJECT_SOURCE_DIR}/contrib/apply-patches.sh\n ${PROJECT_SOURCE_DIR}/contrib/patches/unbound-delete-crash-fix.patch)\n endif()\n build_external(unbound\n DEPENDS nettle_external expat_external\n ${unbound_patch}\n CONFIGURE_COMMAND ./configure ${cross_host} ${cross_rc} --prefix=${DEPS_DESTDIR}\n --with-libunbound-only --disable-shared --enable-static\n --with-pic --$,enable,disable>-flto\n --with-nettle=${DEPS_DESTDIR} --with-libexpat=${DEPS_DESTDIR}\n --without-ssl\n \"CC=${deps_cc}\" \"CFLAGS=${deps_CFLAGS}\" \"LDFLAGS=${unbound_ldflags}\"\n )\n add_static_target(libunbound unbound_external libunbound.a)\n if(NOT WIN32)\n set_target_properties(libunbound PROPERTIES INTERFACE_LINK_LIBRARIES \"hogweed::hogweed;nettle::nettle\")\n else()\n set_target_properties(libunbound PROPERTIES INTERFACE_LINK_LIBRARIES \"hogweed::hogweed;nettle::nettle;ws2_32;crypt32;iphlpapi\")\n endif()\n\n\n\n if(ARCH_TRIPLET MATCHES mingw)\n option(WITH_WEPOLL \"use wepoll zmq poller (crashy)\" OFF)\n if(WITH_WEPOLL)\n set(zmq_extra --with-poller=wepoll)\n endif()\n endif()\n\n\n build_external(zmq\n DEPENDS sodium_external\n CONFIGURE_COMMAND ./configure ${cross_host} --prefix=${DEPS_DESTDIR} --enable-static --disable-shared\n --disable-curve-keygen --enable-curve --disable-drafts --disable-libunwind --with-libsodium\n --without-pgm --without-norm --without-vmci --without-docs --with-pic --disable-Werror --disable-libbsd ${zmq_extra}\n \"CC=${deps_cc}\" \"CXX=${deps_cxx}\" \"CFLAGS=${deps_CFLAGS} -fstack-protector\" \"CXXFLAGS=${deps_CXXFLAGS} -fstack-protector\"\n \"sodium_CFLAGS=-I${DEPS_DESTDIR}/include\" \"sodium_LIBS=-L${DEPS_DESTDIR}/lib -lsodium\"\n )\n add_static_target(libzmq zmq_external libzmq.a)\n\n\n set(libzmq_link_libs \"sodium\")\n if(CMAKE_CROSSCOMPILING AND ARCH_TRIPLET MATCHES mingw)\n list(APPEND libzmq_link_libs iphlpapi)\n endif()\n\n set_target_properties(libzmq PROPERTIES\n INTERFACE_LINK_LIBRARIES \"${libzmq_link_libs}\"\n INTERFACE_COMPILE_DEFINITIONS \"ZMQ_STATIC\")\n\nendif(LOKINET_FULL)\n" }, { "path": "cmake/TargetArch.cmake", "content": "# Based on the Qt 5 processor detection code, so should be very accurate\n# https://qt.gitorious.org/qt/qtbase/blobs/master/src/corelib/global/qprocessordetection.h\n# Currently handles arm (v5, v6, v7), x86 (32/64), ia64, and ppc (32/64)\n\n# Regarding POWER/PowerPC, just as is noted in the Qt source,\n# \"There are many more known variants/revisions that we do not handle/detect.\"\n\nset(archdetect_c_code \"\n#if defined(__arm__) || defined(__TARGET_ARCH_ARM)\n #if defined(__ARM_ARCH_7__) \\\\\n || defined(__ARM_ARCH_7A__) \\\\\n || defined(__ARM_ARCH_7R__) \\\\\n || defined(__ARM_ARCH_7M__) \\\\\n || (defined(__TARGET_ARCH_ARM) && __TARGET_ARCH_ARM-0 >= 7)\n #error cmake_ARCH armv7\n #elif defined(__ARM_ARCH_6__) \\\\\n || defined(__ARM_ARCH_6J__) \\\\\n || defined(__ARM_ARCH_6T2__) \\\\\n || defined(__ARM_ARCH_6Z__) \\\\\n || defined(__ARM_ARCH_6K__) \\\\\n || defined(__ARM_ARCH_6ZK__) \\\\\n || defined(__ARM_ARCH_6M__) \\\\\n || (defined(__TARGET_ARCH_ARM) && __TARGET_ARCH_ARM-0 >= 6)\n #error cmake_ARCH armv6\n #elif defined(__ARM_ARCH_5TEJ__) \\\\\n || (defined(__TARGET_ARCH_ARM) && __TARGET_ARCH_ARM-0 >= 5)\n #error cmake_ARCH armv5\n #else\n #error cmake_ARCH arm\n #endif\n#elif defined(__i386) || defined(__i386__) || defined(_M_IX86)\n #error cmake_ARCH i386\n#elif defined(__x86_64) || defined(__x86_64__) || defined(__amd64) || defined(_M_X64)\n #error cmake_ARCH x86_64\n#elif defined(__ia64) || defined(__ia64__) || defined(_M_IA64)\n #error cmake_ARCH ia64\n#elif defined(__ppc__) || defined(__ppc) || defined(__powerpc__) \\\\\n || defined(_ARCH_COM) || defined(_ARCH_PWR) || defined(_ARCH_PPC) \\\\\n || defined(_M_MPPC) || defined(_M_PPC)\n #if defined(__ppc64__) || defined(__powerpc64__) || defined(__64BIT__)\n #error cmake_ARCH ppc64\n #else\n #error cmake_ARCH ppc\n #endif\n#endif\n\n#error cmake_ARCH unknown\n\")\n\n# Set ppc_support to TRUE before including this file or ppc and ppc64\n# will be treated as invalid architectures since they are no longer supported by Apple\n\nfunction(target_architecture output_var)\n if(APPLE AND CMAKE_OSX_ARCHITECTURES)\n # On OS X we use CMAKE_OSX_ARCHITECTURES *if* it was set\n # First let's normalize the order of the values\n\n # Note that it's not possible to compile PowerPC applications if you are using\n # the OS X SDK version 10.6 or later - you'll need 10.4/10.5 for that, so we\n # disable it by default\n # See this page for more information:\n # http://stackoverflow.com/questions/5333490/how-can-we-restore-ppc-ppc64-as-well-as-full-10-4-10-5-sdk-support-to-xcode-4\n\n # Architecture defaults to i386 or ppc on OS X 10.5 and earlier, depending on the CPU type detected at runtime.\n # On OS X 10.6+ the default is x86_64 if the CPU supports it, i386 otherwise.\n\n foreach(osx_arch ${CMAKE_OSX_ARCHITECTURES})\n if(\"${osx_arch}\" STREQUAL \"ppc\" AND ppc_support)\n set(osx_arch_ppc TRUE)\n elseif(\"${osx_arch}\" STREQUAL \"i386\")\n set(osx_arch_i386 TRUE)\n elseif(\"${osx_arch}\" STREQUAL \"x86_64\")\n set(osx_arch_x86_64 TRUE)\n elseif(\"${osx_arch}\" STREQUAL \"ppc64\" AND ppc_support)\n set(osx_arch_ppc64 TRUE)\n else()\n message(FATAL_ERROR \"Invalid OS X arch name: ${osx_arch}\")\n endif()\n endforeach()\n\n # Now add all the architectures in our normalized order\n if(osx_arch_ppc)\n list(APPEND ARCH ppc)\n endif()\n\n if(osx_arch_i386)\n list(APPEND ARCH i386)\n endif()\n\n if(osx_arch_x86_64)\n list(APPEND ARCH x86_64)\n endif()\n\n if(osx_arch_ppc64)\n list(APPEND ARCH ppc64)\n endif()\n else()\n file(WRITE \"${CMAKE_BINARY_DIR}/arch.c\" \"${archdetect_c_code}\")\n\n enable_language(C)\n\n # Detect the architecture in a rather creative way...\n # This compiles a small C program which is a series of ifdefs that selects a\n # particular #error preprocessor directive whose message string contains the\n # target architecture. The program will always fail to compile (both because\n # file is not a valid C program, and obviously because of the presence of the\n # #error preprocessor directives... but by exploiting the preprocessor in this\n # way, we can detect the correct target architecture even when cross-compiling,\n # since the program itself never needs to be run (only the compiler/preprocessor)\n try_run(\n run_result_unused\n compile_result_unused\n \"${CMAKE_BINARY_DIR}\"\n \"${CMAKE_BINARY_DIR}/arch.c\"\n COMPILE_OUTPUT_VARIABLE ARCH\n CMAKE_FLAGS CMAKE_OSX_ARCHITECTURES=${CMAKE_OSX_ARCHITECTURES}\n )\n\n # Parse the architecture name from the compiler output\n string(REGEX MATCH \"cmake_ARCH ([a-zA-Z0-9_]+)\" ARCH \"${ARCH}\")\n\n # Get rid of the value marker leaving just the architecture name\n string(REPLACE \"cmake_ARCH \" \"\" ARCH \"${ARCH}\")\n\n # If we are compiling with an unknown architecture this variable should\n # already be set to \"unknown\" but in the case that it's empty (i.e. due\n # to a typo in the code), then set it to unknown\n if (NOT ARCH)\n set(ARCH unknown)\n endif()\n endif()\n\n set(${output_var} \"${ARCH}\" PARENT_SCOPE)\nendfunction()\n" }, { "path": "cmake/Version.cmake", "content": "# We do this via a custom command that re-invokes a cmake script because we need the DEPENDS on .git/index so that we will re-run it (to regenerate the commit tag in the version) whenever the current commit changes. If we used a configure_file directly here, it would only re-run when something else causes cmake to re-run.\n\nif(LOKINET_VERSIONTAG)\n set(VERSIONTAG \"${LOKINET_VERSIONTAG}\")\n configure_file(\"${CMAKE_CURRENT_SOURCE_DIR}/constants/version.cpp.in\" \"${CMAKE_CURRENT_BINARY_DIR}/constants/version.cpp\" @ONLY)\nelse()\n set(VERSIONTAG \"${GIT_VERSION}\")\n set(GIT_INDEX_FILE \"${PROJECT_SOURCE_DIR}/.git/index\")\n find_package(Git)\n if(EXISTS \"${GIT_INDEX_FILE}\" AND ( GIT_FOUND OR Git_FOUND) )\n message(STATUS \"Found Git: ${GIT_EXECUTABLE}\")\n set(genversion_args \"-DGIT=${GIT_EXECUTABLE}\")\n foreach(v lokinet_VERSION lokinet_VERSION_MAJOR lokinet_VERSION_MINOR lokinet_VERSION_PATCH RELEASE_MOTTO)\n list(APPEND genversion_args \"-D${v}=${${v}}\")\n endforeach()\n\n add_custom_command(\n OUTPUT \"${CMAKE_CURRENT_BINARY_DIR}/constants/version.cpp\"\n COMMAND \"${CMAKE_COMMAND}\"\n ${genversion_args}\n \"-D\" \"SRC=${CMAKE_CURRENT_SOURCE_DIR}/constants/version.cpp.in\"\n \"-D\" \"DEST=${CMAKE_CURRENT_BINARY_DIR}/constants/version.cpp\"\n \"-P\" \"${CMAKE_CURRENT_LIST_DIR}/GenVersion.cmake\"\n DEPENDS \"${CMAKE_CURRENT_SOURCE_DIR}/constants/version.cpp.in\"\n \"${GIT_INDEX_FILE}\")\n else()\n configure_file(\"${CMAKE_CURRENT_SOURCE_DIR}/constants/version.cpp.in\" \"${CMAKE_CURRENT_BINARY_DIR}/constants/version.cpp\" @ONLY)\n endif()\nendif()\n\n\nif(WIN32)\n foreach(exe IN ITEMS lokinet lokinet-vpn lokinet-bootstrap)\n set(lokinet_EXE_NAME \"${exe}.exe\")\n configure_file(\"${CMAKE_CURRENT_SOURCE_DIR}/win32/version.rc.in\" \"${CMAKE_BINARY_DIR}/${exe}.rc\" @ONLY)\n set_property(SOURCE \"${CMAKE_BINARY_DIR}/${exe}.rc\" PROPERTY GENERATED 1)\n endforeach()\nendif()\n\nadd_custom_target(genversion_cpp DEPENDS \"${CMAKE_CURRENT_BINARY_DIR}/constants/version.cpp\")\nif(WIN32)\n add_custom_target(genversion_rc DEPENDS \"${CMAKE_BINARY_DIR}/lokinet.rc\" \"${CMAKE_BINARY_DIR}/lokinet-vpn.rc\" \"${CMAKE_BINARY_DIR}/lokinet-bootstrap.rc\")\nelse()\n add_custom_target(genversion_rc)\nendif()\nadd_custom_target(genversion DEPENDS genversion_cpp genversion_rc)\n" }, { "path": "cmake/add_import_library.cmake", "content": "function(add_import_library libname)\n add_library(libname SHARED IMPORTED)\n if(NOT TARGET libname)\n message(FATAL \"unable to find library ${libname}\")\n endif()\nendfunction()\n" }, { "path": "cmake/cmake_uninstall.cmake.in", "content": "if(NOT EXISTS \"@CMAKE_BINARY_DIR@/install_manifest.txt\")\n message(FATAL_ERROR \"Cannot find install manifest: @CMAKE_BINARY_DIR@/install_manifest.txt\")\nendif()\n\nfile(READ \"@CMAKE_BINARY_DIR@/install_manifest.txt\" files)\nstring(REGEX REPLACE \"\\n\" \";\" files \"${files}\")\nforeach(file ${files})\n message(STATUS \"Uninstalling $ENV{DESTDIR}${file}\")\n if(IS_SYMLINK \"$ENV{DESTDIR}${file}\" OR EXISTS \"$ENV{DESTDIR}${file}\")\n exec_program(\n \"@CMAKE_COMMAND@\" ARGS \"-E remove \\\"$ENV{DESTDIR}${file}\\\"\"\n OUTPUT_VARIABLE rm_out\n RETURN_VALUE rm_retval\n )\n if(NOT \"${rm_retval}\" STREQUAL 0)\n message(FATAL_ERROR \"Problem when removing $ENV{DESTDIR}${file}\")\n endif()\n else(IS_SYMLINK \"$ENV{DESTDIR}${file}\" OR EXISTS \"$ENV{DESTDIR}${file}\")\n message(STATUS \"File $ENV{DESTDIR}${file} does not exist.\")\n endif()\nendforeach()\n" }, { "path": "cmake/coverage.cmake", "content": "if (LOKINET_COVERAGE)\n if (CMAKE_CXX_COMPILER_ID MATCHES \"Clang\")\n add_compile_options( -fprofile-instr-generate -fcoverage-mapping )\n link_libraries( -fprofile-instr-generate )\n else()\n add_compile_options( --coverage -g0 )\n link_libraries( --coverage )\n endif()\nendif()\n" }, { "path": "cmake/cross_compile.cmake", "content": "# dynamic linking does this all the time\nif (CMAKE_CXX_COMPILER_ID MATCHES \"Clang\")\n option(NO_LIBGCC \"use libunwind+compiler-rt instead, must already be installed in mingw-w64 sysroot\" OFF)\n add_compile_options(-Wno-unused-command-line-argument -Wno-c++11-narrowing)\n add_compile_options($<$:-Wno-bad-function-cast>)\n if (NO_LIBGCC)\n find_library(UNWIND_LIB unwind)\n link_libraries(${UNWIND_LIB})\n find_library(PSAPI_LIB psapi)\n link_libraries(${PSAPI_LIB})\n endif(NO_LIBGCC)\nelse()\n # found it. this is GNU only\n add_compile_options(-Wno-cast-function-type)\nendif()\n" }, { "path": "cmake/enable_lto.cmake", "content": "# -flto\ninclude(CheckIPOSupported)\noption(WITH_LTO \"enable lto on compile time\" ON)\nif(WITH_LTO)\n if(WIN32)\n message(FATAL_ERROR \"LTO not supported on win32 targets, please set -DWITH_LTO=OFF\")\n endif()\n check_ipo_supported(RESULT IPO_ENABLED OUTPUT ipo_error)\n if(IPO_ENABLED)\n message(STATUS \"LTO enabled\")\n else()\n message(WARNING \"LTO not supported by compiler: ${ipo_error}\")\n endif()\nelse()\n message(STATUS \"LTO disabled\")\n set(IPO_ENABLED OFF)\nendif()\n\nfunction(enable_lto)\n if(IPO_ENABLED)\n set_target_properties(${ARGN} PROPERTIES INTERPROCEDURAL_OPTIMIZATION ON)\n endif()\nendfunction()\n" }, { "path": "cmake/gui-option.cmake", "content": "set(default_build_gui OFF)\nif(LOKINET_DAEMON AND (APPLE OR WIN32))\n set(default_build_gui ON)\nendif()\n\nif(WIN32)\n set(GUI_EXE \"\" CACHE FILEPATH \"path to a pre-built Windows GUI .exe to use (implies -DLOKINET_GUI=OFF)\")\n if(GUI_EXE)\n set(default_build_gui OFF)\n endif()\nendif()\n\noption(LOKINET_GUI \"build electron gui from 'gui' submodule source\" ${default_build_gui})\n\nif(LOKINET_GUI AND GUI_EXE)\n message(FATAL_ERROR \"-DGUI_EXE=... and -DLOKINET_GUI=ON are mutually exclusive\")\nendif()\n" }, { "path": "cmake/gui.cmake", "content": "\nif(WIN32 AND GUI_EXE)\n message(STATUS \"using pre-built lokinet gui executable: ${GUI_EXE}\")\n execute_process(COMMAND ${CMAKE_COMMAND} -E copy_if_different \"${GUI_EXE}\" \"${PROJECT_BINARY_DIR}/gui/lokinet-gui.exe\")\nelseif(LOKINET_GUI)\n message(STATUS \"Building lokinet-gui from source\")\n\n set(default_gui_target pack)\n if(APPLE)\n set(default_gui_target macos:raw)\n elseif(WIN32)\n set(default_gui_target win32)\n endif()\n\n set(GUI_YARN_TARGET \"${default_gui_target}\" CACHE STRING \"yarn target for building the GUI\")\n set(GUI_YARN_EXTRA_OPTS \"\" CACHE STRING \"extra options to pass into the yarn build command\")\n\n # allow manually specifying yarn with -DYARN=\n if(NOT YARN)\n find_program(YARN NAMES yarnpkg yarn REQUIRED)\n endif()\n message(STATUS \"Building lokinet-gui with yarn ${YARN}, target ${GUI_YARN_TARGET}\")\n\n if(NOT WIN32)\n add_custom_target(lokinet-gui\n COMMAND ${YARN} install --frozen-lockfile &&\n ${YARN} ${GUI_YARN_EXTRA_OPTS} ${GUI_YARN_TARGET}\n WORKING_DIRECTORY \"${PROJECT_SOURCE_DIR}/gui\")\n endif()\n\n if(APPLE)\n add_custom_target(assemble_gui ALL\n DEPENDS assemble lokinet-gui\n COMMAND mkdir \"${lokinet_app}/Contents/Helpers\"\n COMMAND cp -a \"${PROJECT_SOURCE_DIR}/gui/release/mac/Lokinet-GUI.app\" \"${lokinet_app}/Contents/Helpers/\"\n COMMAND mkdir -p \"${lokinet_app}/Contents/Resources/en.lproj\"\n COMMAND cp \"${PROJECT_SOURCE_DIR}/contrib/macos/InfoPlist.strings\" \"${lokinet_app}/Contents/Resources/en.lproj/\"\n COMMAND cp \"${lokinet_app}/Contents/Resources/icon.icns\" \"${lokinet_app}/Contents/Helpers/Lokinet-GUI.app/Contents/Resources/icon.icns\"\n COMMAND cp \"${PROJECT_SOURCE_DIR}/contrib/macos/InfoPlist.strings\" \"${lokinet_app}/Contents/Helpers/Lokinet-GUI.app/Contents/Resources/en.lproj/\"\n COMMAND /usr/libexec/PlistBuddy\n -c \"Delete :CFBundleDisplayName\"\n -c \"Add :LSHasLocalizedDisplayName bool true\"\n -c \"Add :CFBundleDevelopmentRegion string en\"\n -c \"Set :CFBundleShortVersionString ${lokinet_VERSION}\"\n -c \"Set :CFBundleVersion ${lokinet_VERSION}.${LOKINET_APPLE_BUILD}\"\n \"${lokinet_app}/Contents/Helpers/Lokinet-GUI.app/Contents/Info.plist\"\n )\n elseif(WIN32)\n file(MAKE_DIRECTORY \"${PROJECT_BINARY_DIR}/gui\")\n add_custom_command(OUTPUT \"${PROJECT_BINARY_DIR}/gui/lokinet-gui.exe\"\n COMMAND ${YARN} install --frozen-lockfile &&\n USE_SYSTEM_7ZA=true DISPLAY= WINEDEBUG=-all WINEPREFIX=\"${PROJECT_BINARY_DIR}/wineprefix\" ${YARN} ${GUI_YARN_EXTRA_OPTS} ${GUI_YARN_TARGET}\n COMMAND ${CMAKE_COMMAND} -E copy_if_different\n \"${PROJECT_SOURCE_DIR}/gui/release/Lokinet-GUI_portable.exe\"\n \"${PROJECT_BINARY_DIR}/gui/lokinet-gui.exe\"\n WORKING_DIRECTORY \"${PROJECT_SOURCE_DIR}/gui\")\n add_custom_target(assemble_gui ALL COMMAND \"true\" DEPENDS \"${PROJECT_BINARY_DIR}/gui/lokinet-gui.exe\")\n else()\n message(FATAL_ERROR \"Building/bundling the GUI from this repository is not supported on this platform\")\n endif()\nelse()\n message(STATUS \"not building gui\")\nendif()\n\nif(NOT TARGET assemble_gui)\n add_custom_target(assemble_gui COMMAND \"true\")\nendif()\n" }, { "path": "cmake/installer.cmake", "content": "set(CPACK_PACKAGE_VENDOR \"lokinet.org\")\nset(CPACK_PACKAGE_HOMEPAGE_URL \"https://lokinet.org/\")\nset(CPACK_RESOURCE_FILE_README \"${PROJECT_SOURCE_DIR}/contrib/readme-installer.txt\")\nset(CPACK_RESOURCE_FILE_LICENSE \"${PROJECT_SOURCE_DIR}/LICENSE\")\n\nif(WIN32)\n include(cmake/win32_installer_deps.cmake)\n install(FILES ${CMAKE_SOURCE_DIR}/contrib/configs/00-exit.ini DESTINATION share/conf.d COMPONENT exit_configs)\n install(FILES ${CMAKE_SOURCE_DIR}/contrib/configs/00-keyfile.ini DESTINATION share/conf.d COMPONENT keyfile_configs)\n install(FILES ${CMAKE_SOURCE_DIR}/contrib/configs/00-debug-log.ini DESTINATION share/conf.d COMPONENT debug_configs)\n get_cmake_property(CPACK_COMPONENTS_ALL COMPONENTS)\n list(REMOVE_ITEM CPACK_COMPONENTS_ALL \"Unspecified\" \"lokinet\" \"gui\" \"exit_configs\" \"keyfile_configs\" \"debug_configs\")\n list(APPEND CPACK_COMPONENTS_ALL \"lokinet\" \"gui\" \"exit_configs\" \"keyfile_configs\" \"debug_configs\")\nelseif(APPLE)\n set(CPACK_GENERATOR DragNDrop;ZIP)\n get_cmake_property(CPACK_COMPONENTS_ALL COMPONENTS)\n list(REMOVE_ITEM CPACK_COMPONENTS_ALL \"Unspecified\")\nendif()\n\ninclude(CPack)\n\nif(WIN32)\n cpack_add_component(lokinet\n DISPLAY_NAME \"lokinet\"\n DESCRIPTION \"core required lokinet files\"\n REQUIRED)\n\n cpack_add_component(gui\n DISPLAY_NAME \"lokinet gui\"\n DESCRIPTION \"electron based control panel for lokinet\")\n\n cpack_add_component(exit_configs\n DISPLAY_NAME \"auto-enable exit\"\n DESCRIPTION \"automatically enable usage of exit.loki as an exit node\\n\"\n DISABLED)\n\n cpack_add_component(keyfile_configs\n DISPLAY_NAME \"persist address\"\n DESCRIPTION \"persist .loki address across restarts of lokinet\\nnot recommended when enabling exit nodes\"\n DISABLED)\n\n cpack_add_component(debug_configs\n DISPLAY_NAME \"debug logging\"\n DESCRIPTION \"enable debug spew log level by default\"\n DISABLED)\nendif()\n" }, { "path": "cmake/libatomic.cmake", "content": "function(check_working_cxx_atomics64 varname)\n set(OLD_CMAKE_REQUIRED_FLAGS ${CMAKE_REQUIRED_FLAGS})\n if (EMBEDDED_CFG)\n set(CMAKE_REQUIRED_FLAGS \"${CMAKE_REQUIRED_FLAGS} -m32 -march=i486\")\n elseif(MSVC OR MSVC_VERSION)\n set(CMAKE_REQUIRED_FLAGS \"${CMAKE_REQUIRED_FLAGS} -arch:IA32 -std:c++14\")\n else()\n # CMAKE_CXX_STANDARD does not propagate to cmake compile tests\n set(CMAKE_REQUIRED_FLAGS \"${CMAKE_REQUIRED_FLAGS} -std=c++14\")\n endif()\n check_cxx_source_compiles(\"\n#include \n#include \nstd::atomic x (0);\nint main() {\n uint64_t i = x.load(std::memory_order_relaxed);\n return 0;\n}\n\" ${varname})\n set(CMAKE_REQUIRED_FLAGS ${OLD_CMAKE_REQUIRED_FLAGS})\nendfunction()\n\nfunction(link_libatomic)\n check_working_cxx_atomics64(HAVE_CXX_ATOMICS64_WITHOUT_LIB)\n\n if(HAVE_CXX_ATOMICS64_WITHOUT_LIB)\n message(STATUS \"Have working 64bit atomics\")\n return()\n endif()\n\n if (NOT MSVC AND NOT MSVC_VERSION)\n check_library_exists(atomic __atomic_load_8 \"\" HAVE_CXX_LIBATOMICS64)\n if (HAVE_CXX_LIBATOMICS64)\n message(STATUS \"Have 64bit atomics via library\")\n list(APPEND CMAKE_REQUIRED_LIBRARIES \"atomic\")\n check_working_cxx_atomics64(HAVE_CXX_ATOMICS64_WITH_LIB)\n if (HAVE_CXX_ATOMICS64_WITH_LIB)\n message(STATUS \"Can link with libatomic\")\n link_libraries(-latomic)\n return()\n endif()\n endif()\n endif()\n if (MSVC OR MSVC_VERSION)\n message(FATAL_ERROR \"Host compiler must support 64-bit std::atomic! (What does MSVC do to inline atomics?)\")\n else()\n message(FATAL_ERROR \"Host compiler must support 64-bit std::atomic!\")\n endif()\nendfunction()\n" }, { "path": "cmake/macos.cmake", "content": "if((NOT APPLE) OR NOT LOKINET_DAEMON)\n return()\nendif()\n\n\noption(MACOS_SYSTEM_EXTENSION\n \"Build the network extension as a system extension rather than a plugin. This must be ON for non-app store release builds, and must be OFF for dev builds and Mac App Store distribution builds\"\n OFF)\noption(CODESIGN \"codesign the resulting app and extension\" ON)\nset(CODESIGN_ID \"\" CACHE STRING \"codesign the macos app using this key identity; if empty we'll try to guess\")\nset(default_profile_type \"dev\")\nif(MACOS_SYSTEM_EXTENSION)\n set(default_profile_type \"release\")\nendif()\nset(CODESIGN_PROFILE \"${PROJECT_SOURCE_DIR}/contrib/macos/lokinet.${default_profile_type}.provisionprofile\" CACHE FILEPATH\n \"Path to a .provisionprofile to use for the main app\")\nset(CODESIGN_EXT_PROFILE \"${PROJECT_SOURCE_DIR}/contrib/macos/lokinet-extension.${default_profile_type}.provisionprofile\" CACHE FILEPATH\n \"Path to a .provisionprofile to use for the lokinet extension\")\n\nif(CODESIGN AND NOT CODESIGN_ID)\n if(MACOS_SYSTEM_EXTENSION)\n set(codesign_cert_pattern \"Developer ID Application\")\n else()\n set(codesign_cert_pattern \"Apple Development\")\n endif()\n execute_process(\n COMMAND security find-identity -v -p codesigning\n COMMAND sed -n \"s/^ *[0-9][0-9]*) *\\\\([A-F0-9]\\\\{40\\\\}\\\\) *\\\"\\\\(${codesign_cert_pattern}.*\\\\)\\\"\\$/\\\\1 \\\\2/p\"\n RESULT_VARIABLE find_id_exit_code\n OUTPUT_VARIABLE find_id_output)\n if(NOT find_id_exit_code EQUAL 0)\n message(FATAL_ERROR \"Finding signing identities with security find-identity failed; try specifying an id using -DCODESIGN_ID=...\")\n endif()\n\n string(REGEX MATCHALL \"(^|\\n)[0-9A-F]+\" find_id_sign_id \"${find_id_output}\")\n if(NOT find_id_sign_id)\n message(FATAL_ERROR \"Did not find any \\\"${codesign_cert_pattern}\\\" identity; try specifying an id using -DCODESIGN_ID=...\")\n endif()\n if (find_id_sign_id MATCHES \";\")\n message(FATAL_ERROR \"Found multiple \\\"${codesign_cert_pattern}\\\" identities:\\n${find_id_output}\\nSpecify an identify using -DCODESIGN_ID=...\")\n endif()\n set(CODESIGN_ID \"${find_id_sign_id}\" CACHE STRING \"\" FORCE)\nendif()\n\nif(CODESIGN)\n message(STATUS \"Codesigning using ${CODESIGN_ID}\")\n\n if (NOT MACOS_NOTARIZE_USER AND NOT MACOS_NOTARIZE_PASS AND NOT MACOS_NOTARIZE_ASC AND EXISTS \"$ENV{HOME}/.notarization.cmake\")\n message(STATUS \"Loading notarization info from ~/.notarization.cmake\")\n include(\"$ENV{HOME}/.notarization.cmake\")\n endif()\n\n if (MACOS_NOTARIZE_USER AND MACOS_NOTARIZE_PASS AND MACOS_NOTARIZE_ASC)\n message(STATUS \"Enabling notarization with account ${MACOS_NOTARIZE_ASC}/${MACOS_NOTARIZE_USER}\")\n else()\n message(WARNING \"You have not set one or more of MACOS_NOTARIZE_USER, MACOS_NOTARIZE_PASS, MACOS_NOTARIZE_ASC: notarization will fail; see contrib/macos/README.txt\")\n endif()\n\nelse()\n message(WARNING \"Codesigning disabled; the resulting build will not run on most macOS systems\")\nendif()\n\n\nforeach(prof IN ITEMS CODESIGN_PROFILE CODESIGN_EXT_PROFILE)\n if(NOT ${prof})\n message(WARNING \"Missing a ${prof} provisioning profile: Apple will most likely log an uninformative error message to the system log and then kill harmless kittens if you try to run the result\")\n elseif(NOT EXISTS \"${${prof}}\")\n message(FATAL_ERROR \"Provisioning profile ${${prof}} does not exist; fix your -D${prof} path\")\n endif()\nendforeach()\nmessage(STATUS \"Using ${CODESIGN_PROFILE} app provisioning profile\")\nmessage(STATUS \"Using ${CODESIGN_EXT_PROFILE} extension provisioning profile\")\n\n\n\nset(lokinet_installer \"${PROJECT_BINARY_DIR}/Lokinet ${PROJECT_VERSION}\")\nif(NOT CODESIGN)\n set(lokinet_installer \"${lokinet_installer}-UNSIGNED\")\nendif()\nset(lokinet_app \"${lokinet_installer}/Lokinet.app\")\n\n\nif(MACOS_SYSTEM_EXTENSION)\n set(lokinet_ext_dir Contents/Library/SystemExtensions)\nelse()\n set(lokinet_ext_dir Contents/PlugIns)\nendif()\n\nif(CODESIGN)\n if(MACOS_SYSTEM_EXTENSION)\n set(LOKINET_ENTITLEMENTS_TYPE sysext)\n set(notarize_py_is_sysext True)\n else()\n set(LOKINET_ENTITLEMENTS_TYPE plugin)\n set(notarize_py_is_sysext False)\n endif()\n\n configure_file(\n \"${PROJECT_SOURCE_DIR}/contrib/macos/sign.sh.in\"\n \"${PROJECT_BINARY_DIR}/sign.sh\"\n @ONLY)\n\n add_custom_target(\n sign\n DEPENDS \"${PROJECT_BINARY_DIR}/sign.sh\"\n COMMAND \"${PROJECT_BINARY_DIR}/sign.sh\"\n )\n\n if(MACOS_NOTARIZE_USER AND MACOS_NOTARIZE_PASS AND MACOS_NOTARIZE_ASC)\n configure_file(\n \"${PROJECT_SOURCE_DIR}/contrib/macos/notarize.py.in\"\n \"${PROJECT_BINARY_DIR}/notarize.py\"\n @ONLY)\n add_custom_target(\n notarize\n DEPENDS \"${PROJECT_BINARY_DIR}/notarize.py\" sign\n COMMAND \"${PROJECT_BINARY_DIR}/notarize.py\"\n )\n else()\n message(WARNING \"You have not set one or more of MACOS_NOTARIZE_USER, MACOS_NOTARIZE_PASS, MACOS_NOTARIZE_ASC: notarization disabled\")\n endif()\nelse()\n add_custom_target(sign COMMAND \"true\")\n add_custom_target(notarize DEPENDS sign COMMAND \"true\")\nendif()\n\nset(mac_icon \"${PROJECT_BINARY_DIR}/lokinet.icns\")\nadd_custom_command(OUTPUT \"${mac_icon}\"\n COMMAND ${PROJECT_SOURCE_DIR}/contrib/macos/mk-icns.sh ${PROJECT_SOURCE_DIR}/contrib/lokinet-mac.svg \"${mac_icon}\"\n DEPENDS ${PROJECT_SOURCE_DIR}/contrib/lokinet-mac.svg ${PROJECT_SOURCE_DIR}/contrib/macos/mk-icns.sh)\nadd_custom_target(icon DEPENDS \"${mac_icon}\")\n\nif(LOKINET_PACKAGE)\n add_executable(seticon \"${PROJECT_SOURCE_DIR}/contrib/macos/seticon.swift\")\n add_custom_command(OUTPUT \"${lokinet_installer}.dmg\"\n DEPENDS notarize seticon\n COMMAND create-dmg\n --volname \"Lokinet ${PROJECT_VERSION}\"\n --volicon lokinet.icns\n --background \"${PROJECT_SOURCE_DIR}/contrib/macos/installer.tiff\"\n --text-size 16\n --icon-size 128\n --window-size 555 440\n --icon Lokinet.app 151 196\n --hide-extension Lokinet.app\n --app-drop-link 403 196\n --eula \"${PROJECT_SOURCE_DIR}/LICENSE\"\n --no-internet-enable\n \"${lokinet_installer}.dmg\"\n \"${lokinet_installer}\"\n COMMAND ./seticon lokinet.icns \"${lokinet_installer}.dmg\"\n )\n add_custom_target(dmg DEPENDS \"${lokinet_installer}.dmg\")\nendif()\n\n\n# Called later to set things up, after the main lokinet targets are set up\nfunction(macos_target_setup)\n\n if(NOT LOKINET_DAEMON)\n return()\n endif()\n\n if(MACOS_SYSTEM_EXTENSION)\n target_compile_definitions(lokinet PRIVATE MACOS_SYSTEM_EXTENSION)\n endif()\n\n set_target_properties(lokinet\n PROPERTIES\n OUTPUT_NAME Lokinet\n MACOSX_BUNDLE TRUE\n MACOSX_BUNDLE_INFO_STRING \"Lokinet IP Packet Onion Router\"\n MACOSX_BUNDLE_BUNDLE_NAME \"Lokinet\"\n MACOSX_BUNDLE_BUNDLE_VERSION \"${lokinet_VERSION}\"\n MACOSX_BUNDLE_LONG_VERSION_STRING \"${lokinet_VERSION}\"\n MACOSX_BUNDLE_SHORT_VERSION_STRING \"${lokinet_VERSION_MAJOR}.${lokinet_VERSION_MINOR}\"\n MACOSX_BUNDLE_GUI_IDENTIFIER \"org.lokinet\"\n MACOSX_BUNDLE_INFO_PLIST \"${PROJECT_SOURCE_DIR}/contrib/macos/lokinet.Info.plist.in\"\n MACOSX_BUNDLE_COPYRIGHT \"Ā© 2022, The Oxen Project\"\n )\n\n add_custom_target(copy_bootstrap\n DEPENDS lokinet-extension\n COMMAND ${CMAKE_COMMAND} -E copy_if_different ${PROJECT_SOURCE_DIR}/contrib/bootstrap/mainnet.signed\n $/Contents/Resources/bootstrap.signed\n )\n\n\n add_dependencies(lokinet lokinet-extension icon)\n\n\n if(CODESIGN_PROFILE)\n add_custom_target(copy_prov_prof\n DEPENDS lokinet\n COMMAND ${CMAKE_COMMAND} -E copy_if_different ${CODESIGN_PROFILE}\n $/Contents/embedded.provisionprofile\n )\n else()\n add_custom_target(copy_prov_prof COMMAND true)\n endif()\n\n add_custom_target(assemble ALL\n DEPENDS lokinet lokinet-extension icon copy_prov_prof copy_bootstrap\n COMMAND rm -rf \"${lokinet_app}\"\n COMMAND mkdir -p \"${lokinet_installer}\"\n COMMAND cp -a $ \"${lokinet_app}\"\n COMMAND mkdir -p \"${lokinet_app}/${lokinet_ext_dir}\"\n COMMAND cp -a $ \"${lokinet_app}/${lokinet_ext_dir}/\"\n COMMAND mkdir -p \"${lokinet_app}/Contents/Resources\"\n COMMAND cp -a \"${mac_icon}\" \"${lokinet_app}/Contents/Resources/icon.icns\"\n )\n\n if(LOKINET_GUI)\n add_dependencies(sign assemble_gui)\n else()\n add_dependencies(sign assemble)\n endif()\nendfunction()\n" }, { "path": "cmake/ngtcp2_lib.cmake", "content": "# ngtcp2's top-level CMakeLists.txt loads a bunch of crap we don't want (examples, a conflicting\n# 'check' target, etc.); instead we directly include it's lib subdirectory to build just the\n# library, but we have to set up a couple things to make that work:\nfunction(add_ngtcp2_lib)\n file(STRINGS ngtcp2/CMakeLists.txt ngtcp2_project_line REGEX \"^project\\\\(ngtcp2 \")\n if(NOT ngtcp2_project_line MATCHES \"^project\\\\(ngtcp2 VERSION ([0-9]+)\\\\.([0-9]+)\\\\.([0-9]+)\\\\)$\")\n message(FATAL_ERROR \"Unable to extract ngtcp2 version from ngtcp2/CMakeLists.txt (found '${ngtcp2_project_line}')\")\n endif()\n\n set(PACKAGE_VERSION \"${CMAKE_MATCH_1}.${CMAKE_MATCH_2}.${CMAKE_MATCH_3}\")\n include(ngtcp2/cmake/Version.cmake)\n HexVersion(PACKAGE_VERSION_NUM ${CMAKE_MATCH_1} ${CMAKE_MATCH_2} ${CMAKE_MATCH_3})\n configure_file(\"ngtcp2/lib/includes/ngtcp2/version.h.in\" \"ngtcp2/lib/includes/ngtcp2/version.h\" @ONLY)\n\n set(BUILD_SHARED_LIBS OFF)\n\n # Checks for header files.\n include(CheckIncludeFile)\n check_include_file(\"arpa/inet.h\" HAVE_ARPA_INET_H)\n check_include_file(\"netinet/in.h\" HAVE_NETINET_IN_H)\n check_include_file(\"stddef.h\" HAVE_STDDEF_H)\n check_include_file(\"stdint.h\" HAVE_STDINT_H)\n check_include_file(\"stdlib.h\" HAVE_STDLIB_H)\n check_include_file(\"string.h\" HAVE_STRING_H)\n check_include_file(\"unistd.h\" HAVE_UNISTD_H)\n check_include_file(\"sys/endian.h\" HAVE_SYS_ENDIAN_H)\n check_include_file(\"endian.h\" HAVE_ENDIAN_H)\n check_include_file(\"byteswap.h\" HAVE_BYTESWAP_H)\n\n include(CheckTypeSize)\n check_type_size(\"ssize_t\" SIZEOF_SSIZE_T)\n if(SIZEOF_SSIZE_T STREQUAL \"\")\n set(ssize_t ptrdiff_t)\n endif()\n\n include(CheckSymbolExists)\n if(HAVE_ENDIAN_H)\n check_symbol_exists(be64toh \"endian.h\" HAVE_BE64TOH)\n endif()\n if(NOT HAVE_BE64TO AND HAVE_SYS_ENDIAN_H)\n check_symbol_exists(be64toh \"sys/endian.h\" HAVE_BE64TOH)\n endif()\n\n check_symbol_exists(bswap_64 \"byteswap.h\" HAVE_BSWAP_64)\n\n configure_file(ngtcp2/cmakeconfig.h.in ngtcp2/config.h)\n include_directories(\"${CMAKE_CURRENT_BINARY_DIR}/ngtcp2\") # for config.h\n set(ENABLE_STATIC_LIB ON FORCE BOOL)\n set(ENABLE_SHARED_LIB OFF FORCE BOOL)\n add_subdirectory(ngtcp2/lib EXCLUDE_FROM_ALL)\n\n target_compile_definitions(ngtcp2_static PRIVATE -DHAVE_CONFIG_H -D_GNU_SOURCE)\nendfunction()\n" }, { "path": "cmake/solaris.cmake", "content": "if(${CMAKE_SYSTEM_NAME} MATCHES \"SunOS\")\n set(SOLARIS ON)\n set(CMAKE_CXX_STANDARD_LIBRARIES \"${CMAKE_CXX_STANDARD_LIBRARIES} -lsocket -lnsl\")\n add_definitions(-D_POSIX_PTHREAD_SEMANTICS)\nendif()\n" }, { "path": "cmake/target_link_libraries_system.cmake", "content": "# This adds a dependency as a \"system\" dep - e.g -isystem\nfunction(target_link_libraries_system target)\n set(libs ${ARGN})\n foreach(lib ${libs})\n get_target_property(lib_include_dirs ${lib} INTERFACE_INCLUDE_DIRECTORIES)\n target_include_directories(${target} SYSTEM PUBLIC ${lib_include_dirs})\n target_link_libraries(${target} PUBLIC ${lib})\n endforeach(lib)\nendfunction()\n" }, { "path": "cmake/unix.cmake", "content": "if(NOT ANDROID)\n if(NOT UNIX)\n return()\n endif()\nendif()\n\ninclude(CheckCXXSourceCompiles)\ninclude(CheckLibraryExists)\n\nadd_definitions(-DUNIX)\nadd_definitions(-DPOSIX)\n\nif(EMBEDDED_CFG OR ${CMAKE_SYSTEM_NAME} MATCHES \"Linux\")\n link_libatomic()\nendif()\n\nif (${CMAKE_SYSTEM_NAME} MATCHES \"OpenBSD\")\n add_definitions(-D_BSD_SOURCE)\n add_definitions(-D_GNU_SOURCE)\n add_definitions(-D_XOPEN_SOURCE=700)\nendif()\n" }, { "path": "cmake/win32.cmake", "content": "if(NOT WIN32)\n return()\nendif()\nif (NOT STATIC_LINK)\n message(FATAL_ERROR \"windows requires static builds (thanks balmer)\")\nendif()\n\nenable_language(RC)\n\noption(WITH_WINDOWS_32 \"build 32 bit windows\" OFF)\n\n# unlike unix where you get a *single* compiler ID string in .comment\n# GNU ld sees fit to merge *all* the .ident sections in object files\n# to .r[o]data section one after the other!\nadd_compile_options(-fno-ident -Wa,-mbig-obj)\n\nfunction(expand_urls output source_file)\n set(expanded)\n foreach(mirror ${ARGN})\n list(APPEND expanded \"${mirror}/${source_file}\")\n endforeach()\n set(${output} \"${expanded}\" PARENT_SCOPE)\nendfunction()\n\nfunction(add_static_target target ext_target libname)\n add_library(${target} STATIC IMPORTED GLOBAL)\n add_dependencies(${target} ${ext_target})\n set_target_properties(${target} PROPERTIES\n IMPORTED_LOCATION ${DEPS_DESTDIR}/lib/${libname}\n )\nendfunction()\n\nif(EMBEDDED_CFG)\n link_libatomic()\nendif()\n\nset(WINTUN_VERSION 0.14.1 CACHE STRING \"wintun version\")\nset(WINTUN_MIRROR ${LOCAL_MIRROR} https://www.wintun.net/builds\n CACHE STRING \"wintun mirror(s)\")\nset(WINTUN_SOURCE wintun-${WINTUN_VERSION}.zip)\nset(WINTUN_HASH SHA256=07c256185d6ee3652e09fa55c0b673e2624b565e02c4b9091c79ca7d2f24ef51\n CACHE STRING \"wintun source hash\")\n\nset(WINDIVERT_VERSION 2.2.2-A CACHE STRING \"windivert version\")\nset(WINDIVERT_MIRROR ${LOCAL_MIRROR} https://reqrypt.org/download\n CACHE STRING \"windivert mirror(s)\")\nset(WINDIVERT_SOURCE WinDivert-${WINDIVERT_VERSION}.zip)\nset(WINDIVERT_HASH SHA512=92eb2ef98ced175d44de1cdb7c52f2ebc534b6a997926baeb83bfe94cba9287b438f796aff11f6163918bcdbc25bcd4e3383715f139f690d207ce219f846a345\n CACHE STRING \"windivert source hash\")\n\nexpand_urls(WINTUN_URL ${WINTUN_SOURCE} ${WINTUN_MIRROR})\nexpand_urls(WINDIVERT_URL ${WINDIVERT_SOURCE} ${WINDIVERT_MIRROR})\n\nmessage(STATUS \"Downloading wintun from ${WINTUN_URL}\")\nfile(DOWNLOAD ${WINTUN_URL} ${CMAKE_BINARY_DIR}/wintun.zip EXPECTED_HASH ${WINTUN_HASH})\nmessage(STATUS \"Downloading windivert from ${WINDIVERT_URL}\")\nfile(DOWNLOAD ${WINDIVERT_URL} ${CMAKE_BINARY_DIR}/windivert.zip EXPECTED_HASH ${WINDIVERT_HASH})\n\nexecute_process(COMMAND ${CMAKE_COMMAND} -E tar x ${CMAKE_BINARY_DIR}/wintun.zip\n WORKING_DIRECTORY ${CMAKE_BINARY_DIR})\n\nexecute_process(COMMAND ${CMAKE_COMMAND} -E tar x ${CMAKE_BINARY_DIR}/windivert.zip\n WORKING_DIRECTORY ${CMAKE_BINARY_DIR})\n" }, { "path": "cmake/win32_installer_deps.cmake", "content": "install(DIRECTORY ${CMAKE_BINARY_DIR}/gui DESTINATION share COMPONENT gui)\n\nif(WITH_WINDOWS_32)\n install(FILES ${CMAKE_BINARY_DIR}/wintun/bin/x86/wintun.dll DESTINATION bin COMPONENT lokinet)\n install(FILES ${CMAKE_BINARY_DIR}/WinDivert-${WINDIVERT_VERSION}/x86/WinDivert.sys DESTINATION lib COMPONENT lokinet)\n install(FILES ${CMAKE_BINARY_DIR}/WinDivert-${WINDIVERT_VERSION}/x86/WinDivert.dll DESTINATION bin COMPONENT lokinet)\nelse()\n install(FILES ${CMAKE_BINARY_DIR}/wintun/bin/amd64/wintun.dll DESTINATION bin COMPONENT lokinet)\n install(FILES ${CMAKE_BINARY_DIR}/WinDivert-${WINDIVERT_VERSION}/x64/WinDivert64.sys DESTINATION lib COMPONENT lokinet)\n install(FILES ${CMAKE_BINARY_DIR}/WinDivert-${WINDIVERT_VERSION}/x64/WinDivert.dll DESTINATION bin COMPONENT lokinet)\nendif()\n\nset(BOOTSTRAP_FILE \"${PROJECT_SOURCE_DIR}/contrib/bootstrap/mainnet.signed\")\ninstall(FILES ${BOOTSTRAP_FILE} DESTINATION share COMPONENT lokinet RENAME bootstrap.signed)\n\nset(win_ico \"${PROJECT_BINARY_DIR}/lokinet.ico\")\nadd_custom_command(OUTPUT \"${win_ico}\"\n COMMAND ${PROJECT_SOURCE_DIR}/contrib/make-ico.sh ${PROJECT_SOURCE_DIR}/contrib/lokinet.svg \"${win_ico}\"\n DEPENDS ${PROJECT_SOURCE_DIR}/contrib/lokinet.svg ${PROJECT_SOURCE_DIR}/contrib/make-ico.sh)\nadd_custom_target(icon ALL DEPENDS \"${win_ico}\")\n\nset(CPACK_PACKAGE_INSTALL_DIRECTORY \"Lokinet\")\nset(CPACK_NSIS_MUI_ICON \"${PROJECT_BINARY_DIR}/lokinet.ico\")\nset(CPACK_NSIS_DEFINES \"RequestExecutionLevel admin\")\nset(CPACK_NSIS_ENABLE_UNINSTALL_BEFORE_INSTALL ON)\n\nfunction(read_nsis_file filename outvar)\n file(STRINGS \"${filename}\" _outvar)\n list(TRANSFORM _outvar REPLACE \"\\\\\\\\\" \"\\\\\\\\\\\\\\\\\")\n list(JOIN _outvar \"\\\\n\" out)\n set(${outvar} ${out} PARENT_SCOPE)\nendfunction()\n\nread_nsis_file(\"${CMAKE_SOURCE_DIR}/win32-setup/extra_preinstall.nsis\" _extra_preinstall)\nread_nsis_file(\"${CMAKE_SOURCE_DIR}/win32-setup/extra_install.nsis\" _extra_install)\nread_nsis_file(\"${CMAKE_SOURCE_DIR}/win32-setup/extra_uninstall.nsis\" _extra_uninstall)\nread_nsis_file(\"${CMAKE_SOURCE_DIR}/win32-setup/extra_create_icons.nsis\" _extra_create_icons)\nread_nsis_file(\"${CMAKE_SOURCE_DIR}/win32-setup/extra_delete_icons.nsis\" _extra_delete_icons)\n\nset(CPACK_NSIS_EXTRA_PREINSTALL_COMMANDS \"${_extra_preinstall}\")\nset(CPACK_NSIS_EXTRA_INSTALL_COMMANDS \"${_extra_install}\")\nset(CPACK_NSIS_EXTRA_UNINSTALL_COMMANDS \"${_extra_uninstall}\")\nset(CPACK_NSIS_CREATE_ICONS_EXTRA \"${_extra_create_icons}\")\nset(CPACK_NSIS_DELETE_ICONS_EXTRA \"${_extra_delete_icons}\")\n\nset(CPACK_NSIS_COMPRESSOR \"/SOLID lzma\")\n" }, { "path": "contrib/NetworkManager/dnsmasq/README.md", "content": "Place in `/etc/NetworkManager/dnsmasq.d/lokinet.conf`.\n\nTo make use of this, first install dnsmasq.\n\nThen enable NetworkManager dnsmasq backend by editing `/etc/NetworkManager/NetworkManager.conf` to something like:\n```\n[main]\ndns=dnsmasq\n```\nIf NetworkManager is currently running, restart it for changes to take effect:\n```\nsudo systemctl restart NetworkManager\n```\n" }, { "path": "contrib/NetworkManager/dnsmasq/lokinet.conf", "content": "server=/loki/snode/127.3.2.1\n" }, { "path": "contrib/android-configure.sh", "content": "#!/bin/bash\nset -e\n\ndefault_abis=\"armeabi-v7a arm64-v8a x86_64\"\nbuild_abis=${ABIS:-$default_abis}\n\ntest x$NDK = x && test -e /usr/lib/android-ndk && export NDK=/usr/lib/android-ndk\ntest x$NDK = x && exit 1\n\necho \"building abis: $build_abis\"\n\nroot=$(readlink -f \"$1\")\nshift\nbuild=$(readlink -f \"$1\")\nshift\nmkdir -p $build\ncd $build\n\nfor abi in $build_abis; do\n mkdir -p build-$abi\n cd build-$abi\n cmake \\\n -S \"$root\" -B . \\\n -G 'Unix Makefiles' \\\n -DANDROID=ON \\\n -DANDROID_ABI=$abi \\\n -DANDROID_ARM_MODE=arm \\\n -DANDROID_PLATFORM=android-23 \\\n -DANDROID_API=23 \\\n -DANDROID_STL=c++_static \\\n -DCMAKE_TOOLCHAIN_FILE=$NDK/build/cmake/android.toolchain.cmake \\\n -DBUILD_STATIC_DEPS=ON \\\n -DLOKINET_PACKAGE=ON \\\n -DBUILD_SHARED_LIBS=OFF \\\n -DBUILD_TESTING=OFF \\\n -DLOKINET_TESTS=OFF \\\n -DLOKINET_BOOTSTRAP=OFF \\\n -DLOKINET_NATIVE_BUILD=OFF \\\n -DSTATIC_LINK=ON \\\n -DWITH_SYSTEMD=OFF \\\n -DFORCE_OXENMQ_SUBMODULE=ON \\\n -DFORCE_OXENC_SUBMODULE=ON \\\n -DFORCE_FMT_SUBMODULE=ON \\\n -DFORCE_SPDLOG_SUBMODULE=ON \\\n -DFORCE_NLOHMANN_SUBMODULE=ON \\\n -DSUBMODULE_CHECK=OFF \\\n -DWITH_LTO=OFF \\\n -DCMAKE_BUILD_TYPE=Release \\\n \"$@\"\n cd -\ndone\nrm -f $build/Makefile\necho \"# generated makefile\" >> $build/Makefile\necho \"all: $build_abis\" >> $build/Makefile\nfor abi in $build_abis; do\n echo -ne \"$abi:\\n\\t\" >> $build/Makefile\n echo -ne '$(MAKE) -C ' >> $build/Makefile\n echo \"build-$abi lokinet-android\" >> $build/Makefile\n echo -ne \"\\tmkdir -p out/$abi && cp build-$abi/jni/liblokinet-android.so out/$abi/liblokinet-android.so\\n\\n\" >> $build/Makefile\n echo -ne \"clean-$abi:\\n\\t\" >> $build/Makefile\n echo -ne '$(MAKE) -C ' >> $build/Makefile\n echo \"build-$abi clean\" >> $build/Makefile\ndone\n\necho -ne \"clean:\" >> $build/Makefile\nfor targ in $build_abis ; do echo -ne \" clean-$targ\" >> $build/Makefile ; done\necho \"\" >> $build/Makefile\n" }, { "path": "contrib/android.sh", "content": "#!/bin/bash\nset -e\nset +x\n\nroot=\"$(readlink -f $(dirname $0)/../)\"\ncd \"$root\"\n./contrib/android-configure.sh . build-android \"$@\"\nmake -C build-android -j ${JOBS:-$(nproc)}\n" }, { "path": "contrib/apparmor/usr.bin.lokinet", "content": "# Last Modified: Fri 05 Feb 2021 08:13:58 PM UTC\n#include \n\nprofile lokinet /usr/bin/lokinet {\n #include \n #include \n\n capability net_admin,\n capability net_bind_service,\n\n network inet dgram,\n network inet6 dgram,\n network netlink raw,\n\n /etc/loki/lokinet.ini r,\n /dev/net/tun rw,\n /usr/bin/lokinet mr,\n\n owner /{var/,}lib/lokinet/ rw,\n owner /{var/,}lib/lokinet/** rwk,\n owner ${HOME}/.lokinet/ rw,\n owner ${HOME}/.lokinet/** rwk,\n owner @{PROC}/@{pid}/task/@{pid}/comm rw,\n owner /tmp/lokinet.*/{**,} rw,\n\n #include if exists \n}\n" }, { "path": "contrib/apply-patches.sh", "content": "#!/usr/bin/env bash\nfor f in \"$@\" ; do\n patch -p1 -i \"$f\"\ndone\n" }, { "path": "contrib/bencode-dump.py", "content": "#!/usr/bin/python3\n\nimport sys\nimport pprint\n\nif len(sys.argv) == 1 or (len(sys.argv) == 2 and sys.argv[1] == '-'):\n f = sys.stdin.buffer\nelif len(sys.argv) != 2 or sys.argv[1].startswith('-'):\n print(\"Usage: {} FILE -- dumps a bencoded file\".format(sys.argv[0]), file=sys.stderr)\n sys.exit(1)\nelse:\n f = open(sys.argv[1], 'rb')\n\n\ninitial = f.peek(2)\nis_hex = False\nif initial.startswith(b'64') or initial.startswith(b'6c'):\n print(\"Input looks like hex bencoded data; parsing as hex input\", file=sys.stderr)\n is_hex = True\n\nclass HexPrinter():\n def __init__(self, data):\n self.data = data\n\n def __repr__(self):\n return \"hex({} bytes):'{}'\".format(len(self.data), self.data.hex())\n\n\ndef next_byte():\n if is_hex:\n pair = f.read(2)\n assert pair is not None and len(pair) == 2\n b = int(pair, 16).to_bytes(1, 'big')\n else:\n b = f.read(1)\n assert b is not None and len(b) == 1\n return b\n\n\ndef parse_int():\n s = b''\n x = next_byte()\n while x in b\"0123456789-\":\n s += x\n x = next_byte()\n assert x == b'e' and len(s) > 0, \"Invalid integer encoding\"\n return int(s)\n\n\ndef parse_string(s):\n x = next_byte()\n while x in b\"0123456789\":\n s += x\n x = next_byte()\n assert x == b':', \"Invalid string encoding\"\n s = int(s)\n if is_hex:\n data = bytes.fromhex(f.read(2*s).decode('ascii'))\n else:\n data = f.read(s)\n assert len(data) == s, \"Truncated string data\"\n # If the string is ascii then convert to string:\n if all(0x20 <= b <= 0x7e for b in data):\n return data.decode()\n # Otherwise display as hex:\n return HexPrinter(data)\n\n\ndef parse_dict():\n d = {}\n last_key = None\n while True:\n t = next_byte()\n if t == b'e':\n return d\n assert t in b\"0123456789\", \"Invalid dict: dict keys must be strings\"\n key = parse_string(t)\n raw_key = key.data if isinstance(key, HexPrinter) else key.encode()\n if last_key is not None and raw_key <= last_key:\n print(\"Warning: found out-of-order dict keys ({} after {})\".format(raw_key, last_key), file=sys.stderr)\n last_key = raw_key\n t = next_byte()\n d[key] = parse_thing(t)\n\n\ndef parse_list():\n l = []\n while True:\n t = next_byte()\n if t == b'e':\n return l\n l.append(parse_thing(t))\n\n\ndef parse_thing(t):\n if t == b'd':\n return parse_dict()\n if t == b'l':\n return parse_list()\n if t == b'i':\n return parse_int()\n if t in b\"0123456789\":\n return parse_string(t)\n assert False, \"Parsing error: encountered invalid type '{}'\".format(t)\n\n\npprint.PrettyPrinter(\n indent=2\n ).pprint(parse_thing(next_byte()))\n" }, { "path": "contrib/bootstrap/make-bootstrap-list.sh", "content": "#!/usr/bin/env bash\necho -n 'l'\nfor arg in $@ ; do cat \"$arg\" ; done\necho -n 'e'\n" }, { "path": "contrib/bootstrap/readme.txt", "content": "usage:\n\n./make-bootstrap-list.sh $(find $HOME/.lokinet/netdb | grep \\\\.signed$) > bootstrap.signed\n" }, { "path": "contrib/ci/docker/readme.md", "content": "## drone-ci docker jizz\n\nTo rebuild all ci images and push them to the oxen registry server do:\n\n $ docker login registry.oxen.rocks\n $ ./rebuild-docker-images.py\n\nIf you aren't part of the Oxen team, you'll likely need to set up your own registry and change\nregistry.oxen.rocks to your own domain name in order to do anything useful with this.\n" }, { "path": "contrib/ci/docker/rebuild-docker-images.py", "content": "#!/usr/bin/env python3\n\nimport subprocess\nimport tempfile\nimport optparse\nimport sys\nfrom concurrent.futures import ThreadPoolExecutor\nimport threading\n\nparser = optparse.OptionParser()\nparser.add_option(\"--no-cache\", action=\"store_true\",\n help=\"Run `docker build` with the `--no-cache` option to ignore existing images\")\nparser.add_option(\"--parallel\", \"-j\", type=\"int\", default=1,\n help=\"Run up to this many builds in parallel\")\nparser.add_option(\"--distro\", type=\"string\", default=\"\",\n help=\"Build only this distro; should be DISTRO-CODE or DISTRO-CODE/ARCH, \"\n \"e.g. debian-sid/amd64\")\n(options, args) = parser.parse_args()\n\nregistry_base = 'registry.oxen.rocks/lokinet-ci-'\n\ndistros = [*(('debian', x) for x in ('sid', 'stable', 'testing', 'bullseye', 'buster')),\n *(('ubuntu', x) for x in ('rolling', 'lts', 'impish', 'hirsute', 'focal', 'bionic'))]\n\nif options.distro:\n d = options.distro.split('-')\n if len(d) != 2 or d[0] not in ('debian', 'ubuntu') or not d[1]:\n print(\"Bad --distro value '{}'\".format(options.distro), file=sys.stderr)\n sys.exit(1)\n distros = [(d[0], d[1].split('/')[0])]\n\n\nmanifests = {} # \"image:latest\": [\"image/amd64\", \"image/arm64v8\", ...]\nmanifestlock = threading.Lock()\n\n\ndef arches(distro):\n if options.distro and '/' in options.distro:\n arch = options.distro.split('/')\n if arch not in ('amd64', 'i386', 'arm64v8', 'arm32v7'):\n print(\"Bad --distro value '{}'\".format(options.distro), file=sys.stderr)\n sys.exit(1)\n return [arch]\n\n a = ['amd64', 'arm64v8', 'arm32v7']\n if distro[0] == 'debian' or distro == ('ubuntu', 'bionic'):\n a.append('i386') # i386 builds don't work on later ubuntu\n return a\n\n\nhacks = {\n registry_base + 'ubuntu-bionic-builder': \"\"\"g++-8 \\\n && mkdir -p /usr/lib/x86_64-linux-gnu/pgm-5.2/include\"\"\",\n}\n\n\nfailure = False\n\nlineno = 0\nlinelock = threading.Lock()\n\n\ndef print_line(myline, value):\n linelock.acquire()\n global lineno\n if sys.__stdout__.isatty():\n jump = lineno - myline\n print(\"\\033[{jump}A\\r\\033[K{value}\\033[{jump}B\\r\".format(jump=jump, value=value), end='')\n sys.stdout.flush()\n else:\n print(value)\n linelock.release()\n\n\ndef run_or_report(*args, myline):\n try:\n subprocess.run(\n args, check=True, stdout=subprocess.PIPE, stderr=subprocess.STDOUT, encoding='utf8')\n except subprocess.CalledProcessError as e:\n with tempfile.NamedTemporaryFile(suffix=\".log\", delete=False) as log:\n log.write(\"Error running {}: {}\\n\\nOutput:\\n\\n\".format(' '.join(args), e).encode())\n log.write(e.output.encode())\n global failure\n failure = True\n print_line(myline, \"\\033[31;1mError! See {} for details\".format(log.name))\n raise e\n\n\ndef build_tag(tag_base, arch, contents):\n if failure:\n raise ChildProcessError()\n\n linelock.acquire()\n global lineno\n myline = lineno\n lineno += 1\n print()\n linelock.release()\n\n with tempfile.NamedTemporaryFile() as dockerfile:\n dockerfile.write(contents.encode())\n dockerfile.flush()\n\n tag = '{}/{}'.format(tag_base, arch)\n print_line(myline, \"\\033[33;1mRebuilding \\033[35;1m{}\\033[0m\".format(tag))\n run_or_report('docker', 'build', '--pull', '-f', dockerfile.name, '-t', tag,\n *(('--no-cache',) if options.no_cache else ()), '.', myline=myline)\n print_line(myline, \"\\033[33;1mPushing \\033[35;1m{}\\033[0m\".format(tag))\n run_or_report('docker', 'push', tag, myline=myline)\n print_line(myline, \"\\033[32;1mFinished build \\033[35;1m{}\\033[0m\".format(tag))\n\n latest = tag_base + ':latest'\n global manifests\n manifestlock.acquire()\n if latest in manifests:\n manifests[latest].append(tag)\n else:\n manifests[latest] = [tag]\n manifestlock.release()\n\n\ndef base_distro_build(distro, arch):\n tag = '{r}{distro[0]}-{distro[1]}-base'.format(r=registry_base, distro=distro)\n codename = 'latest' if distro == ('ubuntu', 'lts') else distro[1]\n build_tag(tag, arch, \"\"\"\nFROM {}/{}:{}\nRUN /bin/bash -c 'echo \"man-db man-db/auto-update boolean false\" | debconf-set-selections'\nRUN apt-get -o=Dpkg::Use-Pty=0 -q update \\\n && apt-get -o=Dpkg::Use-Pty=0 -q dist-upgrade -y \\\n && apt-get -o=Dpkg::Use-Pty=0 -q autoremove -y \\\n {hacks}\n\"\"\".format(arch, distro[0], codename, hacks=hacks.get(tag, '')))\n\n\ndef distro_build(distro, arch):\n prefix = '{r}{distro[0]}-{distro[1]}'.format(r=registry_base, distro=distro)\n fmtargs = dict(arch=arch, distro=distro, prefix=prefix)\n\n # (distro)-(codename)-base: Base image from upstream: we sync the repos, but do nothing else.\n if (distro, arch) != (('debian', 'stable'), 'amd64'): # debian-stable-base/amd64 already built\n base_distro_build(distro, arch)\n\n # (distro)-(codename)-builder: Deb builder image used for building debs; we add the basic tools\n # we use to build debs, not including things that should come from the dependencies in the\n # debian/control file.\n build_tag(prefix + '-builder', arch, \"\"\"\nFROM {prefix}-base/{arch}\nRUN apt-get -o=Dpkg::Use-Pty=0 -q update \\\n && apt-get -o=Dpkg::Use-Pty=0 -q dist-upgrade -y \\\n && apt-get -o=Dpkg::Use-Pty=0 --no-install-recommends -q install -y \\\n ccache \\\n devscripts \\\n equivs \\\n g++ \\\n git \\\n git-buildpackage \\\n openssh-client \\\n {hacks}\n\"\"\".format(**fmtargs, hacks=hacks.get(prefix + '-builder', '')))\n\n # (distro)-(codename): Basic image we use for most builds. This takes the -builder and adds\n # most dependencies found in our packages.\n build_tag(prefix, arch, \"\"\"\nFROM {prefix}-builder/{arch}\nRUN apt-get -o=Dpkg::Use-Pty=0 -q update \\\n && apt-get -o=Dpkg::Use-Pty=0 -q dist-upgrade -y \\\n && apt-get -o=Dpkg::Use-Pty=0 --no-install-recommends -q install -y \\\n automake \\\n ccache \\\n cmake \\\n eatmydata \\\n g++ \\\n gdb \\\n git \\\n libboost-program-options-dev \\\n libboost-serialization-dev \\\n libboost-thread-dev \\\n libcurl4-openssl-dev \\\n libevent-dev \\\n libgtest-dev \\\n libhidapi-dev \\\n libjemalloc-dev \\\n libminiupnpc-dev \\\n libreadline-dev \\\n libsodium-dev \\\n libsqlite3-dev \\\n libssl-dev \\\n libsystemd-dev \\\n libtool \\\n libunbound-dev \\\n libunwind8-dev \\\n libusb-1.0.0-dev \\\n libuv1-dev \\\n libzmq3-dev \\\n lsb-release \\\n make \\\n nettle-dev \\\n ninja-build \\\n openssh-client \\\n patch \\\n pkg-config \\\n pybind11-dev \\\n python3-dev \\\n python3-pip \\\n python3-pybind11 \\\n python3-pytest \\\n python3-setuptools \\\n qttools5-dev \\\n {hacks}\n\"\"\".format(**fmtargs, hacks=hacks.get(prefix, '')))\n\n\n# Android and flutter builds on top of debian-stable-base and adds a ton of android crap; we\n# schedule this job as soon as the debian-sid-base/amd64 build finishes, because they easily take\n# the longest and are by far the biggest images.\ndef android_builds():\n build_tag(registry_base + 'android', 'amd64', \"\"\"\nFROM {r}debian-stable-base\nRUN /bin/bash -c 'sed -i \"s/main/main contrib/g\" /etc/apt/sources.list'\nRUN apt-get -o=Dpkg::Use-Pty=0 -q update \\\n && apt-get -o=Dpkg::Use-Pty=0 -q dist-upgrade -y \\\n && apt-get -o=Dpkg::Use-Pty=0 -q install --no-install-recommends -y \\\n android-sdk \\\n automake \\\n ccache \\\n cmake \\\n curl \\\n git \\\n google-android-ndk-installer \\\n libtool \\\n make \\\n openssh-client \\\n patch \\\n pkg-config \\\n wget \\\n xz-utils \\\n zip \\\n && git clone https://github.com/Shadowstyler/android-sdk-licenses.git /tmp/android-sdk-licenses \\\n && cp -a /tmp/android-sdk-licenses/*-license /usr/lib/android-sdk/licenses \\\n && rm -rf /tmp/android-sdk-licenses\n\"\"\".format(r=registry_base))\n\n build_tag(registry_base + 'flutter', 'amd64', \"\"\"\nFROM {r}android\nRUN cd /opt \\\n && curl https://storage.googleapis.com/flutter_infra_release/releases/stable/linux/flutter_linux_2.2.2-stable.tar.xz \\\n | tar xJv \\\n && ln -s /opt/flutter/bin/flutter /usr/local/bin/ \\\n && flutter precache\n\"\"\".format(r=registry_base))\n\n\n# lint is a tiny build (on top of debian-stable-base) with just formatting checking tools\ndef lint_build():\n build_tag(registry_base + 'lint', 'amd64', \"\"\"\nFROM {r}debian-stable-base\nRUN apt-get -o=Dpkg::Use-Pty=0 -q install --no-install-recommends -y \\\n clang-format-11 \\\n eatmydata \\\n git \\\n jsonnet\n\"\"\".format(r=registry_base))\n\n\ndef nodejs_build():\n build_tag(registry_base + 'nodejs', 'amd64', \"\"\"\nFROM node:14.16.1\nRUN /bin/bash -c 'echo \"man-db man-db/auto-update boolean false\" | debconf-set-selections'\nRUN apt-get -o=Dpkg::Use-Pty=0 -q update \\\n && apt-get -o=Dpkg::Use-Pty=0 -q dist-upgrade -y \\\n && apt-get -o=Dpkg::Use-Pty=0 -q install --no-install-recommends -y \\\n ccache \\\n cmake \\\n eatmydata \\\n g++ \\\n gdb \\\n git \\\n make \\\n ninja-build \\\n openssh-client \\\n patch \\\n pkg-config \\\n wine\n\"\"\")\n\n\n# Start debian-stable-base/amd64 on its own, because other builds depend on it and we want to get\n# those (especially android/flutter) fired off as soon as possible (because it's slow and huge).\nif ('debian', 'stable') in distros:\n base_distro_build(['debian', 'stable'], 'amd64')\n\nexecutor = ThreadPoolExecutor(max_workers=max(options.parallel, 1))\n\nif options.distro:\n jobs = []\nelse:\n jobs = [executor.submit(b) for b in (android_builds, lint_build, nodejs_build)]\n\nfor d in distros:\n for a in arches(d):\n jobs.append(executor.submit(distro_build, d, a))\nwhile len(jobs):\n j = jobs.pop(0)\n try:\n j.result()\n except (ChildProcessError, subprocess.CalledProcessError):\n for k in jobs:\n k.cancel()\n\n\nif failure:\n print(\"Error(s) occured, aborting!\", file=sys.stderr)\n sys.exit(1)\n\n\nprint(\"\\n\\n\\033[32;1mAll builds finished successfully; pushing manifests...\\033[0m\\n\")\n\n\ndef push_manifest(latest, tags):\n if failure:\n raise ChildProcessError()\n\n linelock.acquire()\n global lineno\n myline = lineno\n lineno += 1\n print()\n linelock.release()\n\n subprocess.run(['docker', 'manifest', 'rm', latest], stderr=subprocess.DEVNULL, check=False)\n print_line(myline, \"\\033[33;1mCreating manifest \\033[35;1m{}\\033[0m\".format(latest))\n run_or_report('docker', 'manifest', 'create', latest, *tags, myline=myline)\n print_line(myline, \"\\033[33;1mPushing manifest \\033[35;1m{}\\033[0m\".format(latest))\n run_or_report('docker', 'manifest', 'push', latest, myline=myline)\n print_line(myline, \"\\033[32;1mFinished manifest \\033[35;1m{}\\033[0m\".format(latest))\n\n\nfor latest, tags in manifests.items():\n jobs.append(executor.submit(push_manifest, latest, tags))\n\nwhile len(jobs):\n j = jobs.pop(0)\n try:\n j.result()\n except (ChildProcessError, subprocess.CalledProcessError):\n for k in jobs:\n k.cancel()\n\n\nprint(\"\\n\\n\\033[32;1mAll done!\\n\")\n" }, { "path": "contrib/ci/drone-check-static-libs.sh", "content": "#!/usr/bin/env bash\n\n# Script used with Drone CI to check that a statically build lokinet only links against the expected\n# base system libraries. Expects to be run with pwd of the project directory with a build in\n# `build` or $1 (if given).\n\nset -o errexit\n\nbuild=${1:-build}\n\nbad=\nif [ \"$DRONE_STAGE_OS\" == \"darwin\" ]; then\n if otool -L ${build}/llarp/apple/org.lokinet.network-extension.systemextension/Contents/MacOS/org.lokinet.network-extension | \\\n grep -Ev '^llarp/apple:|^\\t(/usr/lib/lib(System\\.|c\\+\\+|objc))|/System/Library/Frameworks/(CoreFoundation|NetworkExtension|Foundation|Network)\\.framework'; then\n bad=1\n fi\nelif [ \"$DRONE_STAGE_OS\" == \"linux\" ]; then\n if ldd ${build}/daemon/lokinet | grep -Ev '(linux-vdso|ld-linux-(x86-64|armhf|aarch64)|lib(pthread|dl|rt|stdc\\+\\+|gcc_s|c|m))\\.so'; then\n bad=1\n fi\nelse\n echo -e \"\\n\\n\\n\\n\\e[31;1mDon't know how to check linked libs on $DRONE_STAGE_OS\\e[0m\\n\\n\\n\"\n exit 1\nfi\n\nif [ -n \"$bad\" ]; then\n echo -e \"\\n\\n\\n\\n\\e[31;1mlokinet links to unexpected libraries\\e[0m\\n\\n\\n\"\n exit 1\nfi\n\necho -e \"\\n\\n\\n\\n\\e[32;1mNo unexpected linked libraries found\\e[0m\\n\\n\\n\"\n" }, { "path": "contrib/ci/drone-debs-upload.sh", "content": "#!/bin/bash\n\n# Script used with Drone CI to upload debs from the deb building pipelines (because specifying all\n# this in .drone.jsonnet is too painful). This is expected to run from the base project dir after\n# having build with debuild (which will leave the debs in ..).\n\nset -o errexit\n\ndistro=\"$1\"\n\nif [ -z \"$distro\" ]; then\n echo \"Bad usage: need distro name as first argument\"\n exit 1\nfi\n\nif [ -z \"$SSH_KEY\" ]; then\n echo -e \"\\n\\n\\n\\e[31;1mUnable to upload debs: SSH_KEY not set\\e[0m\"\n # Just warn but don't fail, so that this doesn't trigger a build failure for untrusted builds\n exit 0\nfi\n\necho \"$SSH_KEY\" >~/ssh_key\n\nset -o xtrace # Don't start tracing until *after* we write the ssh key\n\nchmod 600 ~/ssh_key\n\nupload_to=\"oxen.rocks/debs/${DRONE_REPO// /_}@${DRONE_BRANCH// /_}/$(date --date=@$DRONE_BUILD_CREATED +%Y%m%dT%H%M%SZ)-${DRONE_COMMIT:0:9}/$distro/$DRONE_STAGE_ARCH\"\n\n# sftp doesn't have any equivalent to mkdir -p, so we have to split the above up into a chain of\n# -mkdir a/, -mkdir a/b/, -mkdir a/b/c/, ... commands. The leading `-` allows the command to fail\n# without error.\nupload_dirs=(${upload_to//\\// })\nmkdirs=\ndir_tmp=\"\"\nfor p in \"${upload_dirs[@]}\"; do\n dir_tmp=\"$dir_tmp$p/\"\n mkdirs=\"$mkdirs\n-mkdir $dir_tmp\"\ndone\n\nsftp -i ~/ssh_key -b - -o StrictHostKeyChecking=off drone@oxen.rocks <ssh_key\n\nset -o xtrace # Don't start tracing until *after* we write the ssh key\n\nchmod 600 ssh_key\n\nos=\"$UPLOAD_OS\"\nif [ -z \"$os\" ]; then\n if [ \"$DRONE_STAGE_OS\" == \"darwin\" ]; then\n os=\"macos-$DRONE_STAGE_ARCH\"\n elif [ -n \"$WINDOWS_BUILD_NAME\" ]; then\n os=\"windows-$WINDOWS_BUILD_NAME\"\n else\n os=\"$DRONE_STAGE_OS-$DRONE_STAGE_ARCH\"\n fi\nfi\n\nif [ -n \"$DRONE_TAG\" ]; then\n # For a tag build use something like `lokinet-linux-amd64-v1.2.3`\n base=\"lokinet-$os-$DRONE_TAG\"\nelse\n # Otherwise build a length name from the datetime and commit hash, such as:\n # lokinet-linux-amd64-20200522T212342Z-04d7dcc54\n base=\"lokinet-$os-$(date --date=@$DRONE_BUILD_CREATED +%Y%m%dT%H%M%SZ)-${DRONE_COMMIT:0:9}\"\nfi\n\nmkdir -v \"$base\"\nif [ -e build/win32 ]; then\n # save debug symbols\n cp -av build/win32/daemon/debug-symbols.tar.xz \"$base-debug-symbols.tar.xz\"\n # save installer\n cp -av build/win32/*.exe \"$base\"\n # zipit up yo\n archive=\"$base.zip\"\n zip -r \"$archive\" \"$base\"\nelif [ -e lokinet.apk ] ; then\n # android af ngl\n archive=\"$base.apk\"\n cp -av lokinet.apk \"$archive\"\nelif [ -e build-docs ]; then\n archive=\"$base.tar.xz\"\n cp -av build-docs/docs/mkdocs.yml build-docs/docs/markdown \"$base\"\n tar cJvf \"$archive\" \"$base\"\nelif [ -e build-mac ]; then\n archive=\"$base.tar.xz\"\n mv build-mac/Lokinet*/ \"$base\"\n tar cJvf \"$archive\" \"$base\"\nelse\n cp -av build/daemon/lokinet{,-cntrl} \"$base\"\n cp -av contrib/bootstrap/mainnet.signed \"$base/bootstrap.signed\"\n # tar dat shiz up yo\n archive=\"$base.tar.xz\"\n tar cJvf \"$archive\" \"$base\"\nfi\n\nupload_to=\"oxen.rocks/${DRONE_REPO// /_}/${DRONE_BRANCH// /_}\"\n\n# sftp doesn't have any equivalent to mkdir -p, so we have to split the above up into a chain of\n# -mkdir a/, -mkdir a/b/, -mkdir a/b/c/, ... commands. The leading `-` allows the command to fail\n# without error.\nupload_dirs=(${upload_to//\\// })\nput_debug=\nmkdirs=\ndir_tmp=\"\"\nfor p in \"${upload_dirs[@]}\"; do\n dir_tmp=\"$dir_tmp$p/\"\n mkdirs=\"$mkdirs\n-mkdir $dir_tmp\"\ndone\nif [ -e \"$base-debug-symbols.tar.xz\" ] ; then\n put_debug=\"put $base-debug-symbols.tar.xz $upload_to\"\nfi\nsftp -i ssh_key -b - -o StrictHostKeyChecking=off drone@oxen.rocks < build-cross/Makefile\nfor arch in $archs ; do\n mkdir -p $root/build-cross/build-$arch\n cd $root/build-cross/build-$arch\n cmake \\\n -G 'Unix Makefiles' \\\n -DCROSS_PLATFORM=$platform \\\n -DCROSS_PREFIX=$arch \\\n -DCMAKE_EXE_LINKER_FLAGS=-fstack-protector \\\n -DCMAKE_CXX_FLAGS=-fdiagnostics-color=always \\\n -DCMAKE_TOOLCHAIN_FILE=$root/contrib/cross/cross.toolchain.cmake \\\n -DBUILD_STATIC_DEPS=ON \\\n -DSTATIC_LINK=ON \\\n -DBUILD_SHARED_LIBS=OFF \\\n -DBUILD_TESTING=OFF \\\n -DBUILD_LIBLOKINET=OFF \\\n -DLOKINET_TESTS=OFF \\\n -DLOKINET_NATIVE_BUILD=OFF \\\n -DSTATIC_LINK=ON \\\n -DWITH_SYSTEMD=OFF \\\n -DFORCE_OXENMQ_SUBMODULE=ON \\\n -DSUBMODULE_CHECK=OFF \\\n -DWITH_LTO=OFF \\\n -DLOKINET_BOOTSTRAP=OFF \\\n -DCMAKE_BUILD_TYPE=RelWithDeb \\\n \"${cmake_extra[@]}\" \\\n $root\n cd $root/build-cross\n echo -ne \"$arch:\\n\\t\\$(MAKE) -C build-$arch\\n\" >> $root/build-cross/Makefile\n\ndone\ncd $root\nmake -j${JOBS:-$(nproc)} -C build-cross\n" }, { "path": "contrib/format-version.sh", "content": "\nCLANG_FORMAT_DESIRED_VERSION=19\n\nCLANG_FORMAT=$(command -v clang-format-$CLANG_FORMAT_DESIRED_VERSION 2>/dev/null)\nif [ $? -ne 0 ]; then\n CLANG_FORMAT=$(command -v clang-format-mp-$CLANG_FORMAT_DESIRED_VERSION 2>/dev/null)\nfi\nif [ $? -ne 0 ]; then\n CLANG_FORMAT=$(command -v clang-format 2>/dev/null)\n if [ $? -ne 0 ]; then\n echo \"Please install clang-format version $CLANG_FORMAT_DESIRED_VERSION and re-run this script.\"\n exit 1\n fi\n version=$(clang-format --version)\n if [[ ! $version == *\"clang-format version $CLANG_FORMAT_DESIRED_VERSION\"* ]]; then\n echo \"Please install clang-format version $CLANG_FORMAT_DESIRED_VERSION and re-run this script.\"\n exit 1\n fi\nfi\n" }, { "path": "contrib/format.sh", "content": "#!/usr/bin/env bash\n\n# set -x\nset -e\n\n. $(dirname $0)/format-version.sh\n\ncd \"$(dirname $0)/../\"\n\nsources=($(find jni daemon llarp include pybind | grep -E '\\.([hc](pp)?|m(m)?)$' | grep -v '#'))\n\nincl_pat='^(#include +)\"(llarp|libntrup|oxen|oxenc|oxenmq|quic|CLI|cpr|nlohmann|ghc|fmt|spdlog|uvw?)([/.][^\"]*)\"'\n\nif [ \"$1\" = \"verify\" ] ; then\n if [ $($CLANG_FORMAT --output-replacements-xml \"${sources[@]}\" | grep '' | wc -l) -ne 0 ] ; then\n exit 2\n fi\n\n if grep --color -E \"$incl_pat\" \"${sources[@]}\"; then\n exit 5\n fi\nelse\n $CLANG_FORMAT -i \"${sources[@]}\" &> /dev/null\n\n perl -pi -e \"s{$incl_pat}\"'{$1<$2$3>}' \"${sources[@]}\" &> /dev/null\nfi\n\n# Some includes just shouldn't exist anywhere, but need to be fixed manually:\nif grep --color -E '^#include ([<\"]external/|/dev/null)\nif [ $? -eq 0 ]; then\n if [ \"$1\" = \"verify\" ] ; then\n for f in $(find daemon | grep -E '\\.swift$' | grep -v '#') ; do\n if [ $($swift_format --quiet --dryrun < \"$f\" | diff \"$f\" - | wc -l) -ne 0 ] ; then\n exit 3\n fi\n done\n else\n $swift_format --quiet $(find daemon | grep -E '\\.swift$' | grep -v '#')\n fi\n\nfi\n\njsonnet_format=$(command -v jsonnetfmt 2>/dev/null)\nif [ $? -eq 0 ]; then\n if [ \"$1\" = \"verify\" ]; then\n if ! $jsonnet_format --test .drone.jsonnet; then\n exit 4\n fi\n else\n $jsonnet_format --in-place .drone.jsonnet\n fi\nfi\n" }, { "path": "contrib/git-hook-pre-push.sh", "content": "#!/bin/bash\n#\n# pre-push hook for git\n# this script is probably overkill for most contributors\n#\n# \"i use this to prevent foot cannons caused by commiting broken code\"\n#\n# ~ jeff (lokinet author and crazy person)\n#\n#\n# to use this as a git hook do this in the root of the repo:\n#\n# cp contrib/git-hook-pre-push.sh .git/hooks/pre-push\n#\n\n\nset -e\n\ncd \"$(dirname $0)/../..\"\necho \"check format...\"\n./contrib/format.sh verify\necho \"format is gucci af fam\"\n\necho \"remove old test build directory...\"\nrm -rf build-git-hook\nmkdir build-git-hook\necho \"configuring test build jizz...\"\ncmake -S . -B build-git-hook -DWITH_LTO=OFF -DLOKINET_HIVE=ON -G Ninja\necho \"ensure this shit compiles...\"\nninja -C build-git-hook all\necho \"ensure unit tests aren't fucked...\"\nninja -C build-git-hook check\n\necho \"we gud UmU\"\necho \"\"\n" }, { "path": "contrib/hex-to-base32z.py", "content": "#!/usr/bin/python3\n\nimport sys\n\nbase32z_dict = 'ybndrfg8ejkmcpqxot1uwisza345h769'\nbase32z_map = {base32z_dict[i]: i for i in range(len(base32z_dict))}\n\ndef lokinet_snode_addr(pk_hex):\n \"\"\"Returns the lokinet snode address from a hex ed25519 pubkey\"\"\"\n assert(len(pk_hex) == 64)\n bits = 0\n val = 0\n result = ''\n for x in pk_hex:\n bits += 4\n val = (val << 4) + int(x, 16)\n if bits >= 5:\n bits -= 5\n v = val >> bits\n val &= (1 << bits) - 1\n result += base32z_dict[v]\n result += base32z_dict[val << (5 - bits)]\n return result + \".snode\"\n\n\ndef hex_from_snode(b32z):\n \"\"\"undoes what the above does; b32z should have '.snode' already stripped off\"\"\"\n assert(len(b32z) == 52)\n val = 0\n bits = 0\n for x in b32z:\n val = (val << 5) | base32z_map[x] # Arbitrary precision integers FTW\n\n # `val` is now a 260 bit value (52 * 5 bits per char); but we only use the first bit of the last\n # value (which is why lokinet addresses always end with y or o)\n assert(b32z[-1] in 'yo')\n val >>= 4\n\n return \"{:64x}\".format(val)\n\n\nreverse = False\nif len(sys.argv) >= 2 and sys.argv[1] == '-r':\n reverse = True\n del sys.argv[1]\n\nif len(sys.argv) < 2 or (\n any(len(x) not in (52, 58) for x in sys.argv[1:])\n if reverse else\n any(len(x) != 64 for x in sys.argv[1:])\n ):\n print(\"Usage: {} PUBKEY [PUBKEY ...] -- converts ed25519 pubkeys to .snode addresses\".format(sys.argv[0]))\n print(\"Usage: {} -r SNODE [SNODE ...] -- converts snode addresses to ed25519 pubkeys\".format(sys.argv[0]))\n sys.exit(1)\n\nif reverse:\n for key in sys.argv[1:]:\n print(\"{}.snode -> {}\".format(key[0:52], hex_from_snode(key[0:52])))\nelse:\n for key in sys.argv[1:]:\n print(\"{} -> {}\".format(key, lokinet_snode_addr(key)))\n" }, { "path": "contrib/keygen.py", "content": "#!/usr/bin/env python3\n#\n# .loki secret key generator script\n# makes keyfile contents\n#\n# usage: python3 keygen.py out.private\n# python3 keygen.py > /some/where/over/the/rainbow\n#\nfrom nacl.bindings import crypto_sign_keypair\nimport sys\n\nout = sys.stdout\n\nclose_out = lambda : None\nargs = sys.argv[1:]\n\nif args and args[0] != '-':\n out = open(args[0], 'wb')\n close_out = out.close\n\npk, sk = crypto_sign_keypair()\nout.write(b'64:')\nout.write(sk)\nout.flush()\nclose_out()\n\n" }, { "path": "contrib/liblokinet/CMakeLists.txt", "content": "\ncmake_minimum_required(VERSION 3.10)\n\nproject(udptest LANGUAGES CXX)\n\nset(CMAKE_CXX_STANDARD 17)\nadd_executable(udptest udptest.cpp)\ninclude_directories(../../include)\ntarget_link_libraries(udptest PUBLIC lokinet)\n\n" }, { "path": "contrib/liblokinet/readme.md", "content": "# liblokinet examples\n\nbuilding:\n\n $ mkdir -p build\n $ cd build\n $ cp /path/to/liblokinet.so .\n $ cmake .. -DCMAKE_EXE_LINKER_FLAGS='-L.'\n $ make\n\nrunning:\n\n $ ./udptest /path/to/bootstrap.signed\n" }, { "path": "contrib/liblokinet/udptest.cpp", "content": "#include \n\n#include \n\n#include \n#include \n#include \n#include \n#include \n#include \n#include \n#include \n#include \n\nbool _run{true};\n\nusing Lokinet_ptr = std::shared_ptr;\n\n[[nodiscard]] auto\nMakeLokinet(const std::vector& bootstrap)\n{\n auto ctx = std::shared_ptr(lokinet_context_new(), lokinet_context_free);\n if (auto err = lokinet_add_bootstrap_rc(bootstrap.data(), bootstrap.size(), ctx.get()))\n throw std::runtime_error{strerror(err)};\n if (lokinet_context_start(ctx.get()))\n throw std::runtime_error{\"could not start context\"};\n return ctx;\n}\n\nvoid\nWaitForReady(const Lokinet_ptr& ctx)\n{\n while (_run and lokinet_wait_for_ready(1000, ctx.get()))\n {\n std::cout << \"waiting for context...\" << std::endl;\n }\n}\n\nclass Flow\n{\n lokinet_udp_flowinfo const _info;\n lokinet_context* const _ctx;\n\n public:\n explicit Flow(const lokinet_udp_flowinfo* info, lokinet_context* ctx) : _info{*info}, _ctx{ctx}\n {}\n\n lokinet_context*\n Context() const\n {\n return _ctx;\n }\n\n std::string\n String() const\n {\n std::stringstream ss;\n ss << std::string{_info.remote_host} << \":\" << std::to_string(_info.remote_port)\n << \" on socket \" << _info.socket_id;\n return ss.str();\n }\n};\n\nstruct ConnectJob\n{\n lokinet_udp_flowinfo remote;\n lokinet_context* ctx;\n};\n\nvoid\nCreateOutboundFlow(void* user, void** flowdata, int* timeout)\n{\n auto* job = static_cast(user);\n Flow* flow = new Flow{&job->remote, job->ctx};\n *flowdata = flow;\n *timeout = 30;\n std::cout << \"made outbound flow: \" << flow->String() << std::endl;\n ;\n}\n\nint\nProcessNewInboundFlow(void* user, const lokinet_udp_flowinfo* remote, void** flowdata, int* timeout)\n{\n auto* ctx = static_cast(user);\n Flow* flow = new Flow{remote, ctx};\n std::cout << \"new udp flow: \" << flow->String() << std::endl;\n *flowdata = flow;\n *timeout = 30;\n\n return 0;\n}\n\nvoid\nDeleteFlow(const lokinet_udp_flowinfo* remote, void* flowdata)\n{\n auto* flow = static_cast(flowdata);\n std::cout << \"udp flow from \" << flow->String() << \" timed out\" << std::endl;\n delete flow;\n}\n\nvoid\nHandleUDPPacket(const lokinet_udp_flowinfo* remote, const char* pkt, size_t len, void* flowdata)\n{\n auto* flow = static_cast(flowdata);\n std::cout << \"we got \" << len << \" bytes of udp from \" << flow->String() << std::endl;\n}\n\nvoid\nBounceUDPPacket(const lokinet_udp_flowinfo* remote, const char* pkt, size_t len, void* flowdata)\n{\n auto* flow = static_cast(flowdata);\n std::cout << \"bounce \" << len << \" bytes of udp from \" << flow->String() << std::endl;\n if (auto err = lokinet_udp_flow_send(remote, pkt, len, flow->Context()))\n {\n std::cout << \"bounce failed: \" << strerror(err) << std::endl;\n }\n}\n\nLokinet_ptr sender, recip;\n\nvoid\nsignal_handler(int)\n{\n _run = false;\n}\n\nint\nmain(int argc, char* argv[])\n{\n if (argc == 1)\n {\n std::cout << \"usage: \" << argv[0] << \" bootstrap.signed\" << std::endl;\n return 1;\n }\n\n /*\n signal(SIGINT, signal_handler);\n signal(SIGTERM, signal_handler);\n */\n\n std::vector bootstrap;\n\n // load bootstrap.signed\n {\n std::ifstream inf{argv[1], std::ifstream::ate | std::ifstream::binary};\n size_t len = inf.tellg();\n inf.seekg(0);\n bootstrap.resize(len);\n inf.read(bootstrap.data(), bootstrap.size());\n }\n\n if (auto* loglevel = getenv(\"LOKINET_LOG\"))\n lokinet_log_level(loglevel);\n else\n lokinet_log_level(\"none\");\n\n std::cout << \"starting up\" << std::endl;\n\n recip = MakeLokinet(bootstrap);\n WaitForReady(recip);\n\n lokinet_udp_bind_result recipBindResult{};\n\n const auto port = 10000;\n\n if (auto err = lokinet_udp_bind(\n port,\n ProcessNewInboundFlow,\n BounceUDPPacket,\n DeleteFlow,\n recip.get(),\n &recipBindResult,\n recip.get()))\n {\n std::cout << \"failed to bind recip udp socket \" << strerror(err) << std::endl;\n return 0;\n }\n\n std::cout << \"bound recip udp\" << std::endl;\n\n sender = MakeLokinet(bootstrap);\n WaitForReady(sender);\n\n std::string recipaddr{lokinet_address(recip.get())};\n\n std::cout << \"recip ready at \" << recipaddr << std::endl;\n\n lokinet_udp_bind_result senderBindResult{};\n\n if (auto err = lokinet_udp_bind(\n port,\n ProcessNewInboundFlow,\n HandleUDPPacket,\n DeleteFlow,\n sender.get(),\n &senderBindResult,\n sender.get()))\n {\n std::cout << \"failed to bind sender udp socket \" << strerror(err) << std::endl;\n return 0;\n }\n\n ConnectJob connect{};\n connect.remote.socket_id = senderBindResult.socket_id;\n connect.remote.remote_port = port;\n std::copy_n(recipaddr.c_str(), recipaddr.size(), connect.remote.remote_host);\n connect.ctx = sender.get();\n\n std::cout << \"bound sender udp\" << std::endl;\n\n do\n {\n std::cout << \"try establish to \" << connect.remote.remote_host << std::endl;\n if (auto err =\n lokinet_udp_establish(CreateOutboundFlow, &connect, &connect.remote, sender.get()))\n {\n std::cout << \"failed to establish to recip: \" << strerror(err) << std::endl;\n usleep(100000);\n }\n else\n break;\n } while (true);\n std::cout << \"sender established\" << std::endl;\n\n const std::string buf{\"liblokinet\"};\n\n const std::string senderAddr{lokinet_address(sender.get())};\n\n do\n {\n std::cout << senderAddr << \" send to remote: \" << buf << std::endl;\n if (auto err = lokinet_udp_flow_send(&connect.remote, buf.data(), buf.size(), sender.get()))\n {\n std::cout << \"send failed: \" << strerror(err) << std::endl;\n }\n usleep(100000);\n } while (_run);\n return 0;\n}\n" }, { "path": "contrib/liblokinet_jank_test.cpp", "content": "#include \n\n#include \n#include \n#include \n#include \n#include \n\nusing namespace std::literals;\n\nint main(int argc, char** argv)\n{\n if (argc <= 1)\n {\n std::cerr << \"USAGE: \" << argv[0] << \" {WHATEVER.loki | WHATEVER.snode}\\n\";\n return 1;\n }\n\n std::string target{argv[1]};\n\n lokinet::Lokinet loki{std::filesystem::path{\"lokinet.ini\"}};\n\n std::promise prom;\n loki.on_connected([&] {\n std::cout << \"\\n\\x1b[32;1mLokinet connected!\\x1b[0m\\n\\n\\x1b[33;1mINITIATING SESSION TO \" << target\n << \"\\x1b[0m\\n\\n\"\n << std::flush;\n loki.establish_udp(\n target,\n 12345,\n [](auto udp_info) {\n std::cout << \"\\n\\x1b[32;1mUDP bound to port \" << udp_info.local_port << \"\\x1b[0m\\n\\n\" << std::flush;\n },\n [&prom](std::string_view fail_msg) {\n try\n {\n throw std::runtime_error{std::string{fail_msg}};\n }\n catch (...)\n {\n prom.set_exception(std::current_exception());\n }\n });\n });\n try\n {\n prom.get_future().get();\n }\n catch (const std::exception& e)\n {\n std::cerr << \"\\n\\n\\x1b[31;1mError establishing session to \" << target << \": \" << e.what() << \"\\x1b[0m\\n\\n\";\n return 1;\n }\n\n /*\n loki.map_tcp_remote_port(std::string{argv[1]}, 12345,\n [&](auto tunnel_info) {\n std::cout << \"\\n\\nTCP bound to port \" << tunnel_info.local_port << \"\\n\\n\";\n },\n [&](auto error_str) {\n std::cerr << \"\\nTCP Tunnel map error: \" << error_str << \"\\n\";\n });\n */\n std::cout << \"\\nPRESS ENTER TO EXIT\\n\";\n std::string ignored;\n std::getline(std::cin, ignored);\n std::cout << \"\\nEXITING\\n\";\n}\n" }, { "path": "contrib/lokinet-resolvconf", "content": "#!/bin/bash\n\n# Script to invoke resolvconf (if installed) to add/remove lokinet into/from the resolvconf DNS\n# server list. This script does not add if any of these are true:\n#\n# - /sbin/resolvconf does not exist\n# - the systemd-resolved service is active\n# - a `no-resolvconf=1` item is present in the [dns] section of lokinet.ini\n#\n# It always attempts to remove if resolvconf is installed (so that commenting out while running,\n# then stopping still removes the added entry).\n#\n# Usage: lokinet-resolvconf {add|remove} /etc/loki/lokinet.ini\n\nset -e\n\naction=\"$1\"\nconf=\"$2\"\n\nif [[ ! (\"$action\" == \"add\" || \"$action\" == \"remove\") || ! -f \"$conf\" ]]; then\n echo \"Usage: $0 {add|remove} /path/to/lokinet.ini\" >&2\n exit 1\nfi\n\nif ! [ -x /sbin/resolvconf ]; then\n exit 0\nfi\n\nif [ -x /bin/systemctl ] && /bin/systemctl --quiet is-active systemd-resolved.service; then\n exit 0\nfi\n\nif [ \"$action\" == \"add\" ]; then\n if ! [ -x /sbin/resolvconf ]; then exit 0; fi\n\n lokinet_ns=$(perl -e '\n $ns = \"127.3.2.1\"; # default if none found in .ini\n while (<>) {\n if ((/^\\[dns\\]/ ... /^\\[/)) {\n if (/^bind\\s*=\\s*([\\d.]+)(?::53)?\\s*$/) {\n $ns=$1;\n } elsif (/^no-resolvconf\\s*=\\s*1\\s*/) {\n exit;\n }\n }\n }\n print $ns' \"$conf\")\n\n if [ -n \"$lokinet_ns\" ]; then\n echo \"nameserver $lokinet_ns\" | /sbin/resolvconf -a lo.000lokinet\n fi\nelse\n /sbin/resolvconf -d lo.000lokinet\nfi\n" }, { "path": "contrib/mac-configure.sh", "content": "#!/bin/bash\n\nset -e\nset -x\n\nif ! [ -f LICENSE ] || ! [ -d llarp ]; then\n echo \"You need to run this as ./contrib/mac.sh from the top-level lokinet project directory\" >&2\n exit 1\nfi\n\nmkdir -p build-mac\ncd build-mac\ncmake \\\n -G Ninja \\\n -DBUILD_STATIC_DEPS=ON \\\n -DLOKINET_TESTS=OFF \\\n -DLOKINET_BOOTSTRAP=OFF \\\n -DLOKINET_NATIVE_BUILD=OFF \\\n -DWITH_LTO=ON \\\n -DCMAKE_BUILD_TYPE=Release \\\n -DMACOS_SYSTEM_EXTENSION=ON \\\n -DCODESIGN=ON \\\n -DLOKINET_PACKAGE=ON \\\n \"$@\" \\\n ..\n\necho \"cmake build configured in build-mac\"\n" }, { "path": "contrib/mac.sh", "content": "#!/bin/bash\n#\n# Build the shit on mac\n#\n# You will generally need to add: -DCODESIGN_APP=... to make this work, and (unless you are a\n# lokinet team member) will need to pay Apple money for your own team ID and arse around with\n# provisioning profiles. See macos/README.txt.\n#\n\nset -e\nset -x\n\nif ! [ -f LICENSE ] || ! [ -d llarp ]; then\n echo \"You need to run this as ./contrib/mac.sh from the top-level lokinet project directory\" >&2\n exit 1\nfi\n\n./contrib/mac-configure.sh \"$@\"\n\ncd build-mac\nrm -rf Lokinet\\ *\nninja -j${JOBS:-1} dmg\ncd ..\n\necho -e \"Build complete, your app is here:\\n\"\nls -lad $(pwd)/build-mac/Lokinet\\ *\necho \"\"\n" }, { "path": "contrib/macos/lokinet-extension.Info.plist.in", "content": "\n\n\n\t\n\t\tCFBundleDevelopmentRegion\n\t\ten\n\n\t\tCFBundleDisplayName\n\t\tLokinet Network Extension\n\n\t\tCFBundleExecutable\n\t\torg.lokinet.network-extension\n\n\t\tCFBundleIdentifier\n\t\torg.lokinet.network-extension\n\n\t\tCFBundleInfoDictionaryVersion\n\t\t6.0\n\n\t\tCFBundlePackageType\n\t\tSYSX\n\t\t\n\t\tCFBundleName\n\t\torg.lokinet.network-extension\n\n\t\tCFBundleVersion\n\t\t@lokinet_VERSION@.@LOKINET_APPLE_BUILD@\n\n\t\tCFBundleShortVersionString\n\t\t@lokinet_VERSION@\n\n\t\tCFBundleSupportedPlatforms\n\t\t\n\t\t\tMacOSX\n\t\t\n\n\t\tITSAppUsesNonExemptEncryption\n\t\t\n\n\t\tLSMinimumSystemVersion\n\t\t10.15\n\n NSHumanReadableCopyright\n Copyright Ā© 2022 The Oxen Project, licensed under GPLv3-or-later\n\n\t\tNSSystemExtensionUsageDescription\n\t\tProvides Lokinet Network connectivity.\n\n\t\tNetworkExtension\n\t\t\n\t\t\tNEMachServiceName\n\t\t\tSUQ8J2PCT7.org.lokinet.network-extension\n\n\t\t\tNEProviderClasses\n\t\t\t\n\t\t\t\tcom.apple.networkextension.packet-tunnel\n\t\t\t\tLLARPPacketTunnel\n\n\t\t\t\tcom.apple.networkextension.dns-proxy\n\t\t\t\tLLARPDNSProxy\n\t\t\t\n\t\t\n\t\n\n" }, { "path": "contrib/macos/lokinet-extension.plugin.entitlements.plist", "content": "\n\n\n\t\n\t\tcom.apple.application-identifier\n\t\tSUQ8J2PCT7.org.lokinet.network-extension\n\n\t\tcom.apple.developer.networking.networkextension\n\t\t\n\t\t\tpacket-tunnel-provider\n\t\t\tdns-proxy\n\t\t\n\n\t\tcom.apple.developer.team-identifier\n\t\tSUQ8J2PCT7\n\n\t\tcom.apple.security.app-sandbox\n\t\t\n\n\t\tcom.apple.security.network.client\n\t\t\n\n\t\tcom.apple.security.network.server\n\t\t\n\n\t\n\n" }, { "path": "contrib/macos/lokinet-extension.sysext.entitlements.plist", "content": "\n\n\n\t\n\t\tcom.apple.application-identifier\n\t\tSUQ8J2PCT7.org.lokinet.network-extension\n\n\t\tcom.apple.developer.networking.networkextension\n\t\t\n\t\t\tpacket-tunnel-provider-systemextension\n\t\t\tdns-proxy-systemextension\n\t\t\n\n\t\tcom.apple.developer.team-identifier\n\t\tSUQ8J2PCT7\n\n\t\tcom.apple.security.app-sandbox\n\t\t\n\n com.apple.security.application-groups\n \n SUQ8J2PCT7.org.lokinet\n \n\n\t\tcom.apple.security.network.client\n\t\t\n\n\t\tcom.apple.security.network.server\n\t\t\n\n\t\n\n" }, { "path": "contrib/macos/lokinet-newsyslog.conf", "content": "/var/log/lokinet.log 644 5 5M $D0 J" }, { "path": "contrib/macos/lokinet.Info.plist.in", "content": "\n\n\n\t\n\t\tCFBundleDevelopmentRegion\n\t\ten\n\n\t\tCFBundleExecutable\n\t\tLokinet\n\n\t\tCFBundleIdentifier\n\t\torg.lokinet\n\n\t\tCFBundleInfoDictionaryVersion\n\t\t6.0\n\n\t\tCFBundleName\n\t\tLokinet\n\n\t\tCFBundleIconFile\n\t\ticon.icns\n\n\t\tCFBundlePackageType\n\t\tAPPL\n\n\t\tCFBundleShortVersionString\n\t\t@lokinet_VERSION@\n\n\t\tCFBundleVersion\n\t\t@lokinet_VERSION@.@LOKINET_APPLE_BUILD@\n\n\t\tLSMinimumSystemVersion\n\t\t10.15\n\n\t\tNSHumanReadableCopyright\n\t\tCopyright Ā© 2022 The Oxen Project, licensed under GPLv3-or-later\n\n\t\tLSUIElement\n\t\t\n\n\t\tLSHasLocalizedDisplayName\n\t\t\n\n\t \n\n" }, { "path": "contrib/macos/lokinet.plugin.entitlements.plist", "content": "\n\n\n\t\n\t\tcom.apple.application-identifier\n\t\tSUQ8J2PCT7.org.lokinet\n\n\t\tcom.apple.developer.networking.networkextension\n\t\t\n\t\t\tpacket-tunnel-provider\n\t\t\tdns-proxy\n\t\t\tdns-settings\n\t\t\n\n\t\tcom.apple.developer.team-identifier\n\t\tSUQ8J2PCT7\n\n\t\tcom.apple.security.app-sandbox\n\t\t\n\n\t\tcom.apple.security.network.client\n\t\t\n\n\t\tcom.apple.security.network.server\n\t\t\n\n\t\n\n" }, { "path": "contrib/macos/lokinet.sysext.entitlements.plist", "content": "\n\n\n\t\n\t\tcom.apple.application-identifier\n\t\tSUQ8J2PCT7.org.lokinet\n\n\t\tcom.apple.developer.networking.networkextension\n\t\t\n\t\t\tpacket-tunnel-provider-systemextension\n\t\t\tdns-proxy-systemextension\n\t\t\tdns-settings\n\t\t\n\n\t\tcom.apple.developer.team-identifier\n\t\tSUQ8J2PCT7\n\n com.apple.developer.system-extension.install\n \n\n\t\tcom.apple.security.app-sandbox\n\t\t\n\n com.apple.security.application-groups\n \n SUQ8J2PCT7.org.lokinet\n \n\n\t\tcom.apple.security.network.client\n\t\t\n\n\t\tcom.apple.security.network.server\n\t\t\n\n\t\n\n" }, { "path": "contrib/macos/mk-icns.sh", "content": "#!/bin/bash\n\n# Invoked from cmake as mk-icns.sh /path/to/icon.svg /path/to/output.icns\nsvg=\"$1\"\nout=\"$2\"\noutdir=\"${out/%.icns/.iconset}\"\n\nset -e\n\n# Apple's PNG encoding/decoding is buggy and likes to inject yellow lines, particularly for the\n# smaller images. This is apparently a known issue since macOS 11 that apple just doesn't give a\n# shit about fixing (https://en.wikipedia.org/wiki/Apple_Icon_Image_format#Known_issues).\n#\n# So moral of the story: we have to arse around and edit the png to put a tranparent pixel in the\n# bottom-left corner but that pixel *must* be different from the preceeding color, otherwise Apple's\n# garbage breaks exposing the dumpster fire that lies beneath and drops the blue channel from the\n# last pixel (or run of pixels, if they are the same color (ignoring transparency). So, just to be\n# consistent, we make *all* 4 corners transparent yellow, because it seems unlikely for our logo to\n# have full-on yellow in the corner, and the color itself is irrelevant because it is fully\n# transparent.\n#\n# Why is there so much broken, buggy crap in the macOS core???\n\nno_r_kelly() {\n size=$1\n last=$((size - 1))\n for x in 0 $last; do\n for y in 0 $last; do\n echo -n \"color $x,$y point \"\n done\n done\n}\n\n\n\nmkdir -p \"${outdir}\"\nfor size in 32 64 128 256 512 1024; do\n # Yay Apple thanks for this utter trash OS.\n last=$((size - 1))\n convert -background none -resize \"${size}x${size}\" \"$svg\" \\\n -fill '#ff00' -draw \"$(no_r_kelly $size)\" \\\n -strip \"png32:${outdir}/icon_${size}x${size}.png\"\ndone\n\n\n# Outputs the imagemagick -draw command to color the corner-adjacent pixels as half-transparent\n# white. We use this for the 16x16 (the others pick up corner transparency from the svg).\nsemitransparent_off_corners() {\n size=$1\n for x in 1 $((size - 2)); do\n for y in 0 $((size - 1)); do\n echo -n \"color $x,$y point \"\n done\n done\n for x in 0 $((size -1)); do\n for y in 1 $((size - 2)); do\n echo -n \"color $x,$y point \"\n done\n done\n}\n\n# For 16x16 we crop the image to 5/8 of its regular size before resizing which effectively zooms in\n# on it a bit because if we resize the full icon it ends up a fuzzy mess, while the crop and resize\n# lets us retain some detail of the logo. (We don't do this for the 16x16@2x because that is really\n# 32x32 where it retains enough detail).\nconvert -background none -resize 512x512 \"$svg\" -gravity Center -extent 320x320 -resize 16x16 \\\n -fill '#ff00' -draw \"$(no_r_kelly 16)\" \\\n -fill '#fff8' -draw \"$(semitransparent_off_corners 16)\" \\\n -strip \"png32:$outdir/icon_16x16.png\"\n\n# Create all the \"@2x\" versions which are just the double-size versions\nrm -f \"${outdir}/icon_*@2x.png\"\nmv \"${outdir}/icon_1024x1024.png\" \"${outdir}/icon_512x512@2x.png\"\nfor size in 16 32 128 256; do\n double=$((size * 2))\n ln -f \"${outdir}/icon_${double}x${double}.png\" \"${outdir}/icon_${size}x${size}@2x.png\"\ndone\n\niconutil -c icns \"${outdir}\"\n" }, { "path": "contrib/macos/notarize.py.in", "content": "#!/usr/bin/env python3\n\nimport sys\nimport plistlib\nimport subprocess\nimport time\nimport os\nimport os.path\n\ndef bold_red(x):\n return \"\\x1b[31;1m\" + x + \"\\x1b[0m\"\n\nif not @notarize_py_is_sysext@:\n print(bold_red(\"\\nUnable to notarize: this lokinet is not built as a system extension\\n\"), file=sys.stderr)\n sys.exit(1)\n\nif not all((\"@MACOS_NOTARIZE_USER@\", \"@MACOS_NOTARIZE_PASS@\", \"@MACOS_NOTARIZE_ASC@\")):\n print(bold_red(\"\\nUnable to notarize: one or more required notarization variable not set; see contrib/macos/README.txt\\n\") +\n \" Called with -DMACOS_NOTARIZE_USER=@MACOS_NOTARIZE_USER@\\n\"\n \" -DMACOS_NOTARIZE_PASS=@MACOS_NOTARIZE_PASS@\\n\"\n \" -DMACOS_NOTARIZE_ASC=@MACOS_NOTARIZE_ASC@\\n\",\n file=sys.stderr)\n sys.exit(1)\n\nos.chdir(\"@PROJECT_BINARY_DIR@\")\napp = \"@lokinet_app@\"\nzipfile = f\"Lokinet.app.notarize.zip\"\nprint(f\"Creating {zipfile} from {app}\")\nif os.path.exists(zipfile):\n os.remove(zipfile)\nsubprocess.run(['ditto', '-v', '-c', '-k', '--sequesterRsrc', '--keepParent', app, zipfile])\n\nuserpass = ('--username', \"@MACOS_NOTARIZE_USER@\", '--password', \"@MACOS_NOTARIZE_PASS@\")\nprint(\"Submitting {} for notarization; this may take a minute...\".format(zipfile))\n\nstarted = time.time()\ncommand = [\n 'xcrun', 'altool',\n '--notarize-app',\n '--primary-bundle-id', 'org.lokinet.@PROJECT_VERSION@',\n *userpass,\n '--asc-provider', \"@MACOS_NOTARIZE_ASC@\",\n '--file', zipfile,\n '--output-format', 'xml'\n ]\nprint(command)\nresult = subprocess.run(command, stdout=subprocess.PIPE)\n\ndata = plistlib.loads(result.stdout)\nif 'success-message' not in data or 'notarization-upload' not in data or 'RequestUUID' not in data['notarization-upload']:\n print(\"Something failed, leaving you with this nice XML to figure out:\\n{}\".format(data))\n sys.exit(1)\n\nuuid = data['notarization-upload']['RequestUUID']\nelapsed = time.time() - started\nmins, secs = int(elapsed // 60), elapsed % 60\nprint(\"Notarization submitted with request uuid = {} in {:d}m{:05.2f}s\".format(uuid, mins, secs))\nprint(data['success-message'])\n\nprint(\"Begin polling for notarization result\")\nstarted_waiting = time.time()\ndone = False\nsuccess = False\nwhile not done:\n time.sleep(5)\n result = subprocess.run([\n 'xcrun', 'altool',\n '--notarization-info', uuid,\n *userpass,\n '--output-format', 'xml'\n ], stdout=subprocess.PIPE, stderr=subprocess.PIPE)\n if result.returncode == 1 and b'Gateway Timeout' in result.stderr:\n status = \"Apple's servers are trash (aka Gateway Timeout)\"\n else:\n result.check_returncode()\n data = plistlib.loads(result.stdout)\n if 'notarization-info' not in data or 'Status' not in data['notarization-info']:\n status = 'Request failed'\n else:\n status = data['notarization-info']['Status Message'] if 'Status Message' in data['notarization-info'] else ''\n st = data['notarization-info']['Status']\n if st == 'success':\n success = True\n done = True\n elif st == 'invalid':\n done = True\n elif st == 'in progress' and len(status) == 0:\n status = 'Notarization in progress'\n\n if done and 'LogFileURL' in data['notarization-info']:\n status += '\\n\\nlog file: {}'.format(data['notarization-info']['LogFileURL'])\n\n elapsed = time.time() - started_waiting\n mins, secs = int(elapsed // 60), int(elapsed % 60)\n\n print(\"\\033[1K\\r(+{:d}m{:02d}s) {}: {}\".format(mins, secs, st, status), end='', flush=True)\n\nprint(\"\\n\")\nif not success:\n sys.exit(42)\n\nif os.path.exists(zipfile):\n os.remove(zipfile)\n\nprint(\"Stapling {}...\".format(app), end='')\nresult = subprocess.run(['xcrun', 'stapler', 'staple', app])\n\nresult.check_returncode()\n\nwith open(\"macos-notarized.stamp\", 'w'):\n pass\n\nprint(\" success.\\n\")\n" }, { "path": "contrib/macos/seticon.swift", "content": "import Foundation\nimport AppKit\n\n// Apple deprecated their command line tools to set images on things and replaced them with a\n// barely-documented swift function. Yay!\n\n// Usage: ./seticon /path/to/my.icns /path/to/some.dmg\n\nlet args = CommandLine.arguments\n\nif args.count != 3 {\n print(\"Error: usage: ./seticon /path/to/my.icns /path/to/some.dmg\")\n exit(1)\n}\n\nvar icns = args[1]\nvar dmg = args[2]\n\nvar img = NSImage(byReferencingFile: icns)!\n\nif NSWorkspace.shared.setIcon(img, forFile: dmg) {\n print(\"Set \\(dmg) icon to \\(icns) [\\(img.size)]\")\n} else {\n print(\"Setting icon failed, don't know why\")\n exit(2)\n}\n" }, { "path": "contrib/macos/sign.sh.in", "content": "#!/usr/bin/env bash\n\nset -e\n\nif [ \"@CODESIGN@\" != \"ON\" ]; then\n echo \"Cannot codesign: this build was not configured with codesigning\" >&2\n exit 1\nfi\n\nsignit() {\n target=\"$1\"\n entitlements=\"$2\"\n echo -e \"\\n\\e[33;1mSigning ${target/*\\/Lokinet.app/Lokinet.app}...\\e[0m\" >&2\n codesign \\\n --verbose=4 \\\n --force \\\n -s \"@CODESIGN_ID@\" \\\n --entitlements \"$entitlements\" \\\n --strict \\\n --timestamp \\\n --options=runtime \\\n \"$target\"\n}\n\ngui_entitlements=\"@PROJECT_SOURCE_DIR@/gui/node_modules/app-builder-lib/templates/entitlements.mac.plist\"\next_entitlements=\"@PROJECT_SOURCE_DIR@/contrib/macos/lokinet-extension.@LOKINET_ENTITLEMENTS_TYPE@.entitlements.plist\"\napp_entitlements=\"@PROJECT_SOURCE_DIR@/contrib/macos/lokinet.@LOKINET_ENTITLEMENTS_TYPE@.entitlements.plist\"\n\nSIGN_TARGET=\"@PROJECT_BINARY_DIR@/Lokinet @PROJECT_VERSION@/Lokinet.app\"\n\nfor ext in systemextension appex; do\n netext=\"$SIGN_TARGET/@lokinet_ext_dir@/org.lokinet.network-extension.$ext\"\n if [ -e \"$netext\" ]; then\n signit \"$netext\" \"$ext_entitlements\"\n fi\ndone\n\nif [ \"@LOKINET_GUI@\" == \"ON\" ]; then\n gui_app=\"$SIGN_TARGET\"/Contents/Helpers/Lokinet-GUI.app\n gui_sign_targets=()\n for bundle in \\\n \"$gui_app\"/Contents/Frameworks/*.framework \\\n \"$gui_app\"/Contents/Frameworks/*.app\n do\n\n if [ -d \"$bundle/Libraries\" ]; then\n gui_sign_targets+=(\"$bundle\"/Libraries/*.dylib)\n fi\n if [ -d \"$bundle/Helpers\" ]; then\n gui_sign_targets+=(\"$bundle\"/Helpers/*)\n fi\n if [ -d \"$bundle/Resources\" ]; then\n for f in \"$bundle/Resources\"/*; do\n if [[ -f \"$f\" && -x \"$f\" && \"$(file -b \"$f\")\" == Mach-O* ]]; then\n gui_sign_targets+=(\"$f\")\n fi\n done\n fi\n\n gui_sign_targets+=(\"$bundle\")\n done\n\n gui_sign_targets+=(\"$gui_app\")\n\n for target in \"${gui_sign_targets[@]}\"; do\n signit \"$target\" \"$gui_entitlements\"\n done\n\n signit \"$SIGN_TARGET\"/Contents/MacOS/Lokinet \"$app_entitlements\"\nfi\n\nsignit \"$SIGN_TARGET\" \"$app_entitlements\"\n\ntouch \"@PROJECT_BINARY_DIR@\"/macos-signed.stamp\n" }, { "path": "contrib/make-ico.sh", "content": "#!/bin/bash\n\n# Invoked from cmake as make-ico.sh /path/to/icon.svg /path/to/output.ico\nsvg=\"$1\"\nout=\"$2\"\noutdir=\"$out.d\"\n\nset -e\n\nsizes=(16 24 32 40 48 64 96 192 256)\nouts=\"\"\n\nmkdir -p \"${outdir}\"\nfor size in \"${sizes[@]}\"; do\n outf=\"${outdir}/${size}x${size}.png\"\n if [ $size -lt 32 ]; then\n # For 16x16 and 24x24 we crop the image to 2/3 of its regular size make it all white\n # (instead of transparent) to zoom in on it a bit because if we resize the full icon to the\n # target size it ends up a fuzzy mess, while the crop and resize lets us retain some detail\n # of the logo.\n rsvg-convert -b white \\\n --page-height $size --page-width $size \\\n -w $(($size*3/2)) -h $(($size*3/2)) --left \" -$(($size/4))\" --top \" -$(($size/4))\" \\\n \"$svg\" >\"$outf\"\n else\n rsvg-convert -b transparent -w $size -h $size \"$svg\" >\"$outf\"\n fi\n outs=\"-r $outf $outs\"\ndone\n\nicotool -c -b 32 -o \"$out\" $outs\n" }, { "path": "contrib/omq-rpc.py", "content": "#!/usr/bin/env python3\n\nimport nacl.bindings as sodium\nfrom nacl.public import PrivateKey\nfrom nacl.signing import SigningKey, VerifyKey\nimport nacl.encoding\nimport requests\nimport zmq\nimport zmq.utils.z85\nimport sys\nimport re\nimport time\nimport random\nimport shutil\n\n\ncontext = zmq.Context()\nsocket = context.socket(zmq.DEALER)\nsocket.setsockopt(zmq.CONNECT_TIMEOUT, 5000)\nsocket.setsockopt(zmq.HANDSHAKE_IVL, 5000)\n#socket.setsockopt(zmq.IMMEDIATE, 1)\n\nif len(sys.argv) > 1 and any(sys.argv[1].startswith(x) for x in (\"ipc://\", \"tcp://\", \"curve://\")):\n remote = sys.argv[1]\n del sys.argv[1]\nelse:\n remote = \"ipc://./rpc.sock\"\n\ncurve_pubkey = b''\nmy_privkey, my_pubkey = b'', b''\n\n# If given a curve://whatever/pubkey argument then transform it into 'tcp://whatever' and put the\n# 'pubkey' back into argv to be handled below.\nif remote.startswith(\"curve://\"):\n pos = remote.rfind('/')\n pkhex = remote[pos+1:]\n remote = \"tcp://\" + remote[8:pos]\n if len(pkhex) != 64 or not all(x in \"0123456789abcdefABCDEF\" for x in pkhex):\n print(\"curve:// addresses must be in the form curve://HOST:PORT/REMOTE_PUBKEY_HEX\", file=sys.stderr)\n sys.exit(1)\n sys.argv[1:0] = [pkhex]\n\nif len(sys.argv) > 1 and len(sys.argv[1]) == 64 and all(x in \"0123456789abcdefABCDEF\" for x in sys.argv[1]):\n curve_pubkey = bytes.fromhex(sys.argv[1])\n del sys.argv[1]\n socket.curve_serverkey = curve_pubkey\n if len(sys.argv) > 1 and len(sys.argv[1]) == 64 and all(x in \"0123456789abcdefABCDEF\" for x in sys.argv[1]):\n my_privkey = bytes.fromhex(sys.argv[1])\n del sys.argv[1]\n my_pubkey = zmq.utils.z85.decode(zmq.curve_public(zmq.utils.z85.encode(my_privkey)))\n else:\n my_privkey = PrivateKey.generate()\n my_pubkey = my_privkey.public_key.encode()\n my_privkey = my_privkey.encode()\n\n print(\"No curve client privkey given; generated a random one (pubkey: {}, privkey: {})\".format(\n my_pubkey.hex(), my_privkey.hex()), file=sys.stderr)\n socket.curve_secretkey = my_privkey\n socket.curve_publickey = my_pubkey\n\nif not 2 <= len(sys.argv) <= 3 or any(x in y for x in (\"--help\", \"-h\") for y in sys.argv[1:]):\n print(\"Usage: {} [ipc:///path/to/sock|tcp://1.2.3.4:5678] [SERVER_CURVE_PUBKEY [LOCAL_CURVE_PRIVKEY]] COMMAND ['JSON']\".format(\n sys.argv[0]), file=sys.stderr)\n sys.exit(1)\n\nbeginning_of_time = time.clock_gettime(time.CLOCK_MONOTONIC)\n\nprint(\"Connecting to {}\".format(remote), file=sys.stderr)\nsocket.connect(remote)\nto_send = [sys.argv[1].encode(), b'tagxyz123']\nto_send += (x.encode() for x in sys.argv[2:])\nprint(\"Sending {}\".format(to_send[0]), file=sys.stderr)\nsocket.send_multipart(to_send)\nif socket.poll(timeout=5000):\n m = socket.recv_multipart()\n recv_time = time.clock_gettime(time.CLOCK_MONOTONIC)\n if len(m) < 3 or m[0:2] != [b'REPLY', b'tagxyz123']:\n print(\"Received unexpected {}-part reply:\".format(len(m)), file=sys.stderr)\n for x in m:\n print(\"- {}\".format(x))\n else: # m[2] is numeric value, m[3] is data part, and will become m[2] <- changed\n print(\"Received reply in {:.6f}s:\".format(recv_time - beginning_of_time), file=sys.stderr)\n if len(m) < 3:\n print(\"(empty reply data)\", file=sys.stderr)\n else:\n for x in m[2:]:\n print(\"{} bytes data part:\".format(len(x)), file=sys.stderr)\n if any(x.startswith(y) for y in (b'd', b'l', b'i')) and x.endswith(b'e'):\n sys.stdout.buffer.write(x)\n else:\n print(x.decode(), end=\"\\n\\n\")\n\nelse:\n print(\"Request timed out\", file=sys.stderr)\n socket.close(linger=0)\n sys.exit(1)\n\n# sample usage:\n# ./omq-rpc.py ipc://$HOME/.oxen/testnet/oxend.sock 'llarp.get_service_nodes' | jq\n" }, { "path": "contrib/patches/libzmq-mingw-unistd.patch", "content": "diff --git a/tests/testutil.hpp b/tests/testutil.hpp\nindex c6f5e4de78..09b9fa77e5 100644\n--- a/tests/testutil.hpp\n+++ b/tests/testutil.hpp\n@@ -41,6 +41,9 @@\n // For AF_INET and IPPROTO_TCP\n #if defined _WIN32\n #include \"../src/windows.hpp\"\n+#if defined(__MINGW32__)\n+#include \n+#endif\n #else\n #include \n #include \n" }, { "path": "contrib/patches/libzmq-mingw-wepoll.patch", "content": "diff --git a/external/wepoll/wepoll.c b/external/wepoll/wepoll.c\n--- a/external/wepoll/wepoll.c\n+++ b/external/wepoll/wepoll.c\n@@ -140,9 +140,9 @@\n #pragma warning(push, 1)\n #endif\n \n-#include \n-#include \n-#include \n+#include \n+#include \n+#include \n \n #ifndef __GNUC__\n #pragma warning(pop)\n" }, { "path": "contrib/patches/unbound-delete-crash-fix.patch", "content": "commit 56d816014d5e8a7eb055169c7e13a303dad5e50f\nAuthor: Jason Rhinelander \nDate: Mon Oct 31 22:07:03 2022 -0300\n\n Set tube->ev_listen to NULL to prevent double unregister\n \n On windows when using threaded mode (i.e. `ub_ctx_async(ctx, 1)`)\n tube_remove_bg_listen gets called twice: once when the thread does its\n own cleanup, then again in `tube_delete()`. Because `ev_listen` doesn't\n get cleared, however, we end we calling ub_winsock_unregister_wsaevent\n with a freed pointer.\n \n This doesn't always manifest because, apparently, for various compilers\n and settings that memory *might* be overwritten in which case the\n additional check for ev->magic will prevent anything actually happening,\n but in my case under mingw32 that doesn't happen and we end up\n eventually crashing.\n \n This fixes the crash by properly NULLing the pointer so that the second\n ub_winsock_unregister_wsaevent(...) becomes a no-op.\n\ndiff --git a/util/tube.c b/util/tube.c\nindex 43455fee..a92dfa77 100644\n--- a/util/tube.c\n+++ b/util/tube.c\n@@ -570,6 +570,7 @@ void tube_remove_bg_listen(struct tube* tube)\n {\n \tverbose(VERB_ALGO, \"tube remove_bg_listen\");\n \tub_winsock_unregister_wsaevent(tube->ev_listen);\n+\ttube->ev_listen = NULL;\n }\n \n void tube_remove_bg_write(struct tube* tube)\n" }, { "path": "contrib/py/.gitignore", "content": "*.egg-info\nv\n__pycache__\ndist" }, { "path": "contrib/py/admin/.gitignore", "content": "v/" }, { "path": "contrib/py/admin/lokinetmon", "content": "#!/usr/bin/env python3\n\nimport curses\nimport json\nimport sys\nimport time\nimport platform\nimport os\nimport re\nfrom argparse import ArgumentParser as AP\n\nis_windows = lambda : platform.system().lower() == 'windows'\nis_linux = lambda : platform.system().lower() == 'linux'\n\n\ntry:\n import zmq\nexcept ImportError:\n print(\"zmq module not found\")\n print()\n if is_linux():\n print(\"for debian-based linux do:\")\n print(\"\\tsudo apt install python3-zmq\")\n print(\"for other linuxs do:\")\n print(\"\\tpip3 install --user zmq\")\n else:\n print(\"install it with:\")\n print(\"\\tpip3 install --user zmq\")\n sys.quit()\n\ngeo = None\n\ntry:\n import GeoIP\nexcept ImportError:\n print(\"geoip module not found\")\n print()\n if is_linux():\n print(\"for debian-based linux do:\")\n print(\"\\tsudo apt install python3-geoip\")\n print(\"for other linuxs do:\")\n print(\"\\tpip3 install --user geoip\")\n print(\"for other linuxs you are responsible for obtaining your owen geoip databases, glhf\")\n time.sleep(1)\n else:\n print(\"install it with:\")\n print(\"\\tpip3 install --user geoip\")\n print()\n print(\"press enter to continue without geoip\")\n sys.stdin.read(1)\nelse:\n try:\n geoip_env_var = 'GEOIP_DB_FILE'\n if is_windows():\n geoip_default_db = '.\\\\GeoIP.dat'\n else:\n geoip_default_db = \"/usr/share/GeoIP/GeoIP.dat\"\n geoip_db_file = geoip_env_var in os.environ and os.environ[geoip_env_var] or geoip_default_db\n if not os.path.exists(geoip_db_file):\n print(\"no geoip database found at {}\".format(geoip_db_file))\n print(\"you can override the path to it using the {} environmental variable\".format(geoip_env_var))\n sys.quit()\n geo = GeoIP.open(geoip_db_file, GeoIP.GEOIP_STANDARD)\n except Exception as ex:\n print('failed to load geoip database: {}'.format(ex))\n time.sleep(1)\n\nnow = lambda : int(time.time()) * 1000\n\n\ndef ip_to_flag(ip):\n \"\"\"\n convert an ip to a flag emoji\n \"\"\"\n # bail if no geoip available\n if not geo:\n return ''\n # trim off excess ipv6 jizz\n ip = ip.replace(\"::ffff:\", \"\")\n # get the country code\n cc = geo.country_code_by_addr(ip)\n # Unicode flag sequences are just country codes transposed into the REGIONAL\n # INDICATOR SYMBOL LETTER A ... Z range (U+1F1E6 ... U+1F1FF):\n flag = ''.join(chr(0x1f1e6 + ord(i) - ord('A')) for i in cc)\n return '({}) {}'.format(cc, flag)\n\n\nclass Monitor:\n\n _sample_size = 12\n filter = lambda x : True\n\n def __init__(self, url, introsetMode=False):\n self.txrate = 0\n self.rxrate = 0\n self.data = dict()\n self.win = curses.initscr()\n curses.start_color()\n curses.init_pair(1, curses.COLOR_RED, curses.COLOR_BLACK)\n self._rpc_context = zmq.Context()\n self._rpc_socket = self._rpc_context.socket(zmq.DEALER)\n self._rpc_socket.setsockopt(zmq.CONNECT_TIMEOUT, 5000)\n self._rpc_socket.setsockopt(zmq.HANDSHAKE_IVL, 5000)\n self._rpc_socket.connect(url)\n self._speed_samples = [(0,0,0,0)] * self._sample_size\n self._run = True\n self._introsetMode = introsetMode\n\n def rpc(self, method):\n self._rpc_socket.send_multipart([method.encode(), b'lokinetmon'+method.encode()])\n if not self._rpc_socket.poll(timeout=50):\n return\n reply = self._rpc_socket.recv_multipart()\n if len(reply) >= 3 and reply[0:2] == [b'REPLY', b'lokinetmon'+method.encode()]:\n return reply[2].decode()\n\n def _close(self):\n self._rpc_socket.close(linger=0)\n self._run = False\n curses.endwin()\n\n def update_data(self):\n \"\"\"update data from lokinet\"\"\"\n try:\n data = json.loads(self.rpc(\"llarp.status\"))\n self.data = data['result']\n except:\n self.data = None\n return self.data is not None and self._run\n\n def _render_path(self, y_pos, path, name):\n \"\"\"render a path at current position\"\"\"\n self.win.move(y_pos, 1)\n self.win.addstr(\"({}) \".format(name))\n y_pos += 1\n self.win.move(y_pos, 1)\n y_pos += 1\n self.win.addstr(\"[tx:\\t{}]\\t[rx:\\t{}]\".format(\n self.speed_of(path['txRateCurrent']), self.speed_of(path['rxRateCurrent'])))\n self.win.move(y_pos, 1)\n y_pos += 1\n self.win.addstr(\"me -> \")\n for hop in path[\"hops\"]:\n hopstr = hop['router'][:4]\n if 'ip' in hop:\n hopstr += ' {}'.format(ip_to_flag(hop['ip']))\n self.win.addstr(\" {} ->\".format(hopstr))\n\n self.win.addstr(\" [{} ms latency]\".format(path[\"intro\"][\"latency\"]))\n self.win.addstr(\" [expires: {}]\".format(self.time_to(path[\"expiresAt\"])))\n if path[\"expiresSoon\"]:\n self.win.addstr(\"(expiring)\")\n elif path[\"expired\"]:\n self.win.addstr(\"(expired)\")\n return y_pos\n\n @staticmethod\n def time_to(timestamp):\n \"\"\" return time until timestamp formatted\"\"\"\n if timestamp:\n unit = 'seconds'\n val = (timestamp - now()) / 1000.0\n if abs(val) > 60.0:\n val /= 60.0\n unit = 'minutes'\n if val < 0:\n return \"{:.2f} {} ago\".format(0-val, unit)\n else:\n return \"in {:.2f} {}\".format(val, unit)\n else:\n return 'never'\n\n @staticmethod\n def speed_of(rate):\n \"\"\"turn int speed into string formatted\"\"\"\n units = [\"b\", \"Kb\", \"Mb\", \"Gb\"]\n idx = 0\n rate *= 8\n while rate > 1000 and idx < len(units):\n rate /= 1000.0\n idx += 1\n return \"{} {}ps\".format(\"%.2f\" % rate, units[idx])\n\n def get_all_paths(self):\n \"\"\" yield all paths in current data \"\"\"\n for key in self.data['services']:\n status = self.data['services'][key]\n for path in (status['paths'] or []):\n yield path\n for sess in (status['remoteSessions'] or []):\n for path in sess['paths']:\n yield path\n for sess in (status['snodeSessions'] or []):\n for path in sess['paths']:\n yield path\n\n def display_service(self, y_pos, name, status):\n \"\"\"display a service at current position\"\"\"\n self.win.move(y_pos, 1)\n self.win.addstr(\"service [{}]\".format(name))\n build = status[\"buildStats\"]\n ratio = build[\"success\"] / (build[\"attempts\"] or 1)\n y_pos += 1\n self.win.move(y_pos, 1)\n self.win.addstr(\"build success: {} %\".format(int(100 * ratio)))\n y_pos += 1\n self.win.move(y_pos, 1)\n paths = status[\"paths\"]\n self.win.addstr(\"paths: {}\".format(len(paths)))\n for path in paths:\n if self.filter('localhost.loki'):\n y_pos = self._render_path(y_pos, path, \"localhost.loki\")\n for session in (status[\"remoteSessions\"] or []):\n for path in session[\"paths\"]:\n if self.filter(session[\"remoteIdentity\"]):\n y_pos = self._render_path(\n y_pos, path, \"[active] {}\".format(session[\"currentConvoTag\"])\n )\n for session in (status[\"snodeSessions\"] or []):\n for path in session[\"paths\"]:\n if self.filter(session[\"endpoint\"]):\n y_pos = self._render_path(y_pos, path, \"[snode]\")\n return y_pos\n\n def display_links(self, y_pos, data):\n \"\"\" display links section \"\"\"\n self.txrate = 0\n self.rxrate = 0\n for link in data[\"outbound\"]:\n y_pos += 1\n self.win.move(y_pos, 1)\n self.win.addstr(\"outbound sessions:\")\n y_pos = self.display_link(y_pos, link)\n for link in data[\"inbound\"]:\n y_pos += 1\n self.win.move(y_pos, 1)\n self.win.addstr(\"inbound sessions:\")\n y_pos = self.display_link(y_pos, link)\n y_pos += 2\n self.win.move(y_pos, 1)\n self.win.addstr(\n \"throughput:\\t\\t[{}\\ttx]\\t[{}\\trx]\".format(\n self.speed_of(self.txrate), self.speed_of(self.rxrate)\n )\n )\n bloat_tx, bloat_rx = self.calculate_bloat(self.data['links']['outbound'])\n y_pos += 1\n self.win.move(y_pos, 1)\n self.win.addstr(\"goodput:\\t\\t[{}\\ttx]\\t[{}\\trx]\".format(\n self.speed_of(self.txrate-bloat_tx), self.speed_of(self.rxrate-bloat_rx)))\n y_pos += 1\n self.win.move(y_pos, 1)\n self.win.addstr(\"overhead:\\t\\t[{}\\ttx]\\t[{}\\trx]\".format(\n self.speed_of(bloat_tx), self.speed_of(bloat_rx)))\n self._speed_samples.append((self.txrate, self.rxrate, bloat_tx, bloat_rx))\n while len(self._speed_samples) > self._sample_size:\n self._speed_samples.pop(0)\n return self.display_speedgraph(y_pos + 2)\n\n @staticmethod\n def _scale(_x, _n):\n while _n > 0:\n _x /= 2\n _n -= 1\n return int(_x)\n\n\n @staticmethod\n def _makebar(samp, badsamp, maxsamp):\n barstr = \"#\" * (samp - badsamp)\n pad = \" \" * (maxsamp - samp)\n return pad, barstr, '#' * badsamp\n\n def display_speedgraph(self, y_pos, maxsz=40):\n \"\"\" display global speed graph \"\"\"\n txmax, rxmax = 1024, 1024\n for _tx, _rx, b_tx, b_rx in self._speed_samples:\n if _tx > txmax:\n txmax = _tx\n if _rx > rxmax:\n rxmax = _rx\n\n rxscale = 0\n while rxmax > maxsz:\n rxscale += 1\n rxmax /= 2\n\n txscale = 0\n while txmax > maxsz:\n txscale += 1\n txmax /= 2\n\n txlabelpad = int(txmax / 2)\n rxlabelpad = int(rxmax / 2)\n if txlabelpad <= 0:\n txlabelpad = 1\n if rxlabelpad <= 0:\n rxlabelpad = 1\n txlabelpad_str = \" \" * txlabelpad\n rxlabelpad_str = \" \" * rxlabelpad\n y_pos += 1\n self.win.move(y_pos, 1)\n for val in [txlabelpad_str, 'tx', txlabelpad_str, rxlabelpad_str, 'rx', rxlabelpad_str]:\n self.win.addstr(val)\n for _tx, _rx, b_tx, b_rx in self._speed_samples:\n y_pos += 1\n self.win.move(y_pos, 1)\n txpad, txbar, btxbar = self._makebar(self._scale(_tx, txscale), self._scale(b_tx, txscale), int(txmax))\n rxpad, rxbar, brxbar = self._makebar(self._scale(_rx, rxscale), self._scale(b_rx, rxscale), int(rxmax))\n self.win.addstr(txpad)\n self.win.addstr(btxbar, curses.color_pair(1))\n self.win.addstr(txbar)\n self.win.addstr('|')\n self.win.addstr(rxbar)\n self.win.addstr(brxbar, curses.color_pair(1))\n self.win.addstr(rxpad)\n return y_pos + 2\n\n def calculate_bloat(self, links):\n \"\"\"\n calculate bandwith overhead\n \"\"\"\n paths = self.get_all_paths()\n lltx = 0\n llrx = 0\n _tx = 0\n _rx = 0\n for link in links:\n sessions = link[\"sessions\"][\"established\"]\n for sess in sessions:\n lltx += sess['tx']\n llrx += sess['rx']\n for path in paths:\n _tx += path['txRateCurrent']\n _rx += path['rxRateCurrent']\n lltx -= _tx\n llrx -= _rx\n if lltx < 0:\n lltx = 0\n if llrx < 0:\n llrx = 0\n return lltx, llrx\n\n def display_link(self, y_pos, link):\n \"\"\" display links \"\"\"\n y_pos += 1\n self.win.move(y_pos, 1)\n sessions = link[\"sessions\"][\"established\"] or []\n for sess in sessions:\n y_pos = self.display_link_session(y_pos, sess)\n return y_pos\n\n def display_link_session(self, y_pos, sess):\n \"\"\" display link sessions \"\"\"\n y_pos += 1\n self.win.move(y_pos, 1)\n self.txrate += sess[\"txRateCurrent\"]\n self.rxrate += sess[\"rxRateCurrent\"]\n addr = sess['remoteAddr']\n if geo:\n ip = addr.split(':')[0]\n addr += '\\t{}'.format(ip_to_flag(ip))\n self.win.addstr(\n \"{}\\t[{}\\ttx]\\t[{}\\trx]\".format(\n addr, self.speed_of(sess[\"txRateCurrent\"]), self.speed_of(sess[\"rxRateCurrent\"])\n )\n )\n if (sess['txMsgQueueSize'] or 0) > 1:\n self.win.addstr(\" [out window: {}]\".format(sess['txMsgQueueSize']))\n if (sess['rxMsgQueueSize'] or 0) > 1:\n self.win.addstr(\" [in window: {}]\".format(sess['rxMsgQueueSize']))\n def display(acks, label, num='acks', dem='packets'):\n if acks[dem] > 0:\n self.win.addstr(\" [{}: {}]\".format(label, round(float(acks[num]) / float(acks[dem]), 2)))\n if ('recvMACKs' in sess) and ('sendMACKs' in sess):\n display(sess['sendMACKs'], 'out MACK density')\n display(sess['recvMACKs'], 'in MACK density')\n dats = {'recvAcks': 'in acks',\n 'sendAcks': 'out acks',\n 'recvRTX': 'in RTX',\n 'sendRTX': 'out RTX'}\n for key in dats:\n val = dats[key]\n if (key in sess) and (sess[key] > 0):\n self.win.addstr(\" [{}: {}]\".format(val, sess[key]))\n return y_pos\n\n def display_dht(self, y_pos, data):\n \"\"\" display dht window \"\"\"\n y_pos += 2\n self.win.move(y_pos, 1)\n self.win.addstr(\"DHT:\")\n y_pos += 1\n self.win.move(y_pos, 1)\n self.win.addstr(\"introset lookups\")\n y_pos = self.display_bucket(y_pos, data[\"pendingIntrosetLookups\"])\n y_pos += 1\n self.win.move(y_pos, 1)\n self.win.addstr(\"router lookups\")\n return self.display_bucket(y_pos, data[\"pendingRouterLookups\"])\n\n def display_bucket(self, y_pos, data):\n \"\"\" display dht bucket \"\"\"\n txs = data[\"tx\"]\n self.win.addstr(\" ({} lookups)\".format(len(txs)))\n for transaction in txs:\n y_pos += 1\n self.win.move(y_pos, 1)\n self.win.addstr(\"search for {}\".format(transaction[\"tx\"][\"target\"]))\n return y_pos\n\n\n\n def display_introsets(self, y_pos, service):\n \"\"\"\n display introsets on a service\n \"\"\"\n y_pos += 1\n self.win.move(y_pos, 1)\n if self.filter(\"localhost.loki\"):\n self.win.addstr(\"localhost.loki\")\n y_pos = self._display_our_introset(y_pos, service)\n y_pos += 1\n remotes = service['remoteSessions'] or []\n for session in remotes:\n if self.filter(session['remoteIdentity']):\n y_pos = self._display_session_introset(y_pos, session)\n\n def _display_intro(self, y_pos, intro, label, paths):\n y_pos += 1\n self.win.move(y_pos, 1)\n path = 'path' in intro and intro['path'][:4] or '????'\n self.win.addstr('{}: ({}|{}) [expires: {}] [{} paths]'.format(label, intro['router'][:8], path, self.time_to(intro['expiresAt']), self.count_endpoints_in_path(paths, intro['router'])))\n return y_pos\n\n @staticmethod\n def count_endpoints_in_path(paths, endpoint):\n num = 0\n for path in paths:\n if path['hops'][-1]['router'] == endpoint and path['ready']:\n num += 1\n return num\n\n @staticmethod\n def count_ready_paths(paths):\n num = 0\n for path in paths:\n if path['ready']:\n num += 1\n return num\n\n\n\n @staticmethod\n def make_bar(timestamp, scale=1, char='#'):\n if timestamp > 0:\n return int((abs(timestamp - now()) / 1000) / scale) * char\n return ''\n\n def _display_our_introset(self, y_pos, context):\n for intro in context['introset']['intros'] or []:\n y_pos = self._display_intro(y_pos, intro, \"introset intro\", context['paths'])\n for path in context['paths']:\n y_pos = self._display_intro(y_pos, path['intro'], \"inbound path [created {}]\".format(self.time_to(path['buildStarted'])), context['paths'])\n return y_pos\n\n\n def _display_session_introset(self, y_pos, context):\n #print(context.keys())\n y_pos += 1\n self.win.move(y_pos, 1)\n readyState = context['readyToSend'] and 'ļøāœ…' or 'āŒ'\n self.win.addstr('{} ({}) [{}]'.format(context['remoteIdentity'], context['currentConvoTag'], readyState))\n y_pos += 1\n self.win.move(y_pos, 1)\n self.win.addstr('created: {}'.format(self.time_to(context['sessionCreatedAt'])))\n y_pos += 1\n self.win.move(y_pos, 1)\n self.win.addstr('last good send: {}'.format(self.time_to(context['lastGoodSend'])))\n y_pos += 1\n self.win.move(y_pos, 1)\n self.win.addstr(self.make_bar(context['lastGoodSend']))\n y_pos += 1\n self.win.move(y_pos, 1)\n self.win.addstr('last recv: {}'.format(self.time_to(context['lastRecv'])))\n y_pos += 1\n self.win.move(y_pos, 1)\n self.win.addstr(self.make_bar(context['lastRecv']))\n y_pos += 1\n self.win.move(y_pos, 1)\n self.win.addstr('last introset update: {}'.format(self.time_to(context['lastIntrosetUpdate'])))\n y_pos += 1\n self.win.move(y_pos, 1)\n self.win.addstr(self.make_bar(context['lastIntrosetUpdate'], 30))\n y_pos += 2\n\n self.win.move(y_pos, 1)\n self.win.addstr('last shift: {}'.format(self.time_to(context['lastShift'])))\n\n paths = context['paths'] or []\n\n y_pos = self._display_intro(y_pos + 1, context['nextIntro'], 'next intro', paths) + 1\n y_pos = self._display_intro(y_pos, context['remoteIntro'], 'current intro', paths) + 1\n for intro in context['currentRemoteIntroset']['intros'] or []:\n y_pos = self._display_intro(y_pos, intro, \"introset intro\", paths)\n y_pos += 1\n return y_pos\n\n def display_data(self):\n \"\"\" draw main window \"\"\"\n if self.data is not None:\n if self.version:\n self.win.addstr(1, 1, self.version)\n services = self.data[\"services\"] or {}\n y_pos = 3\n try:\n if not self._introsetMode:\n y_pos = self.display_links(y_pos, self.data[\"links\"])\n for key in services:\n y_pos = self.display_service(y_pos, key, services[key])\n y_pos = self.display_dht(y_pos, self.data[\"dht\"])\n else:\n for key in services:\n y_pos = self.display_introsets(y_pos, services[key])\n except Exception as ex:\n print('{}'.format(ex))\n else:\n self.win.move(1, 1)\n self.win.addstr(\"lokinet offline\")\n\n def run(self):\n \"\"\" run mainloop \"\"\"\n try:\n self.version = json.loads(self.rpc(\"llarp.version\"))['result']['version']\n except:\n self.version = None\n\n while self._run:\n if self.update_data():\n self.win.box()\n self.display_data()\n elif self._run:\n self.win.addstr(1, 1, \"offline\")\n else:\n self._close()\n return\n self.win.refresh()\n try:\n time.sleep(1)\n except:\n self._close()\n return\n self.win.clear()\n\ndef main():\n \"\"\" main function \"\"\"\n\n ap = AP()\n\n ap.add_argument(\"--introset\", action='store_const', const=True, default=False, help=\"run in introset inspection mode\")\n ap.add_argument(\"--url\", default='tcp://127.0.0.1:1190', type=str, help='url to lokinet rpc')\n ap.add_argument('--filter', default='.+', type=str, help=\"regex to filter entries\")\n ap.add_argument('--invert-filter', const=True, default=False, action='store_const', help='invert regex filter matching')\n\n args = ap.parse_args()\n\n mon = Monitor(\n args.url,\n args.introset\n )\n mon.filter = lambda x : re.match(args.filter, x) is not None\n if args.invert_filter:\n old_filter = mon.filter\n mon.filter = lambda x : not old_filter(x)\n mon.run()\n\nif __name__ == \"__main__\":\n main()\n" }, { "path": "contrib/py/admin/requirements.txt", "content": "requests" }, { "path": "contrib/py/ffi-example/lokinet.py", "content": "#!/usr/bin/env python3\n\n\nfrom ctypes import *\nimport signal\nimport time\nimport threading\nimport os\n\nlib_file = os.path.join(os.path.realpath('.'), 'liblokinet.so')\n\nclass LokiNET(threading.Thread):\n\n lib = None\n ctx = None\n\n def load(self, lib, conf):\n self.lib = CDLL(lib)\n self.lib.llarp_ensure_config(conf)\n self.ctx = self.lib.llarp_main_init(conf)\n return self.ctx != 0\n\n def inform_fail(self):\n \"\"\"\n inform lokinet crashed\n \"\"\"\n\n def inform_end(self):\n \"\"\"\n inform lokinet ended clean\n \"\"\"\n\n\n def signal(self, sig):\n if self.ctx and self.lib:\n self.lib.llarp_main_signal(self.ctx, int(sig))\n\n def run(self):\n code = self.lib.llarp_main_run(self.ctx)\n print(\"llarp_main_run exited with status {}\".format(code))\n if code:\n self.inform_fail()\n else:\n self.inform_end()\n \n def close(self):\n if self.lib and self.ctx:\n self.lib.llarp_main_free(self.ctx)\n\ndef main():\n loki = LokiNET()\n if loki.load(lib_file, b'daemon.ini'):\n if loki.configure():\n loki.start()\n else:\n print(\"failed to configure lokinet context\")\n try:\n while True:\n time.sleep(1)\n except KeyboardInterrupt:\n llarp.signal(signal.SIGINT)\n finally:\n loki.close()\n return\n\n\nif __name__ == '__main__':\n main()\n" }, { "path": "contrib/py/keygen/.gitignore", "content": "*.private" }, { "path": "contrib/py/keygen/keygen.py", "content": "#!/usr/bin/env python3\n\"\"\"\nkeygen tool for lokinet\n\"\"\"\n\nfrom argparse import ArgumentParser as AP\nfrom base64 import b32encode\n\nfrom nacl.signing import SigningKey\n\ndef base32z(data):\n \"\"\" base32 z encode \"\"\"\n return b32encode(data).translate(\n bytes.maketrans(\n b'ABCDEFGHIJKLMNOPQRSTUVWXYZ234567',\n b'ybndrfg8ejkmcpqxot1uwisza345h769')).decode().rstrip('=')\n\n\ndef main():\n \"\"\"\n main function for keygen\n \"\"\"\n argparser = AP()\n argparser.add_argument('--keyfile', type=str, required=True, help='place to put generated keys')\n args = argparser.parse_args()\n secret = SigningKey.generate()\n with open(args.keyfile, 'wb') as wfile:\n wfile.write(b'd1:s64:')\n wfile.write(secret.encode())\n wfile.write(secret.verify_key.encode())\n wfile.write(b'e')\n print(\"{}.loki\".format(base32z(secret.verify_key.encode())))\n\nif __name__ == '__main__':\n main()\n" }, { "path": "contrib/py/keygen/readme.md", "content": "# lokinet key generator\n\nrequires:\n\n* python3.7 or higher\n* pynacl\n\nusage:\n\n```bash\n./keygen.py --keyfile somekeyfile.private\n```\n\nthis will overwrite the keyfile with new keys\n" }, { "path": "contrib/py/lnproxy/lnproxy/__main__.py", "content": "#!/usr/bin/env python3\n\nfrom http.server import ThreadingHTTPServer as Server\nfrom http.server import BaseHTTPRequestHandler as BaseHandler\n\n\nbootstrapFromURL = True\ntry:\n import requests\nexcept ImportError:\n bootstrapFromURL = False\n\nimport ctypes\nfrom ctypes.util import find_library\n\nimport selectors\nimport socket\n\nimport os\n\nclass ResultStruct(ctypes.Structure):\n _pack_ = 1\n _fields_ = [\n (\"err\", ctypes.c_int),\n (\"local_address\", ctypes.c_char * 256),\n (\"local_port\", ctypes.c_int),\n (\"stream_id\", ctypes.c_int)\n ]\n\n def __repr__(self):\n return \"\".format(self.err, self.local_address, self.local_port, self.stream_id)\n\n\nclass LNContext(ctypes.Structure):\n pass\n\nclass Context:\n \"\"\"\n wrapper around liblokinet\n \"\"\"\n\n def __init__(self, debug=False):\n self._ln = ctypes.CDLL(find_library(\"lokinet\"))\n self._c = ctypes.CDLL(find_library(\"c\"))\n self._ln.lokinet_context_new.restype = ctypes.POINTER(LNContext)\n self._ln.lokinet_address.restype = ctypes.c_char_p\n self._ln.lokinet_address.argtypes = (ctypes.POINTER(LNContext), )\n self._ln.lokinet_outbound_stream.restype = ctypes.POINTER(ResultStruct)\n self._ln.lokinet_outbound_stream.argtypes = (ctypes.POINTER(ResultStruct), ctypes.c_char_p, ctypes.c_char_p, ctypes.POINTER(LNContext))\n self._ctx = self._ln.lokinet_context_new()\n self._addrmap = dict()\n self._debug = debug\n lvl = 'none'\n if self._debug:\n lvl = 'debug'\n self._ln.lokinet_log_level(ctypes.create_string_buffer(lvl.encode('ascii')))\n\n\n def free(self, ptr):\n self._c.free(ptr)\n\n def add_bootstrap(self, data):\n ptr = ctypes.create_string_buffer(data)\n ptrlen = ctypes.c_size_t(len(data))\n return self.ln_call(\"lokinet_add_bootstrap_rc\", ptr, ptrlen)\n\n def wait_for_ready(self, ms):\n return self.ln_call(\"lokinet_wait_for_ready\", ms) == 0\n\n def ready(self):\n return self.ln_call(\"lokinet_status\") == 0\n\n def addr(self):\n return self._ln.lokinet_address(self._ctx).decode('ascii')\n\n def expose(self, port):\n return self.ln_call('lokinet_inbound_stream', port)\n\n def ln_call(self, funcname, *args):\n args += (self._ctx,)\n if self._debug:\n print(\"call {}{}\".format(funcname, args))\n return self._ln[funcname](*args)\n\n def expose(self, port):\n port = int(port)\n print(\"exposing loopback port: {}\".format(port))\n return self.ln_call(\"lokinet_inbound_stream\", port)\n\n def start(self):\n return self.ln_call(\"lokinet_context_start\")\n\n def stop(self):\n self.ln_call(\"lokinet_context_stop\")\n\n def hasAddr(self, addr):\n return addr in self._addrmap\n\n def putAddr(self, addr, val):\n self._addrmap[addr] = val\n\n def getAddr(self, addr):\n if addr in self._addrmap:\n return self._addrmap[addr]\n\n def delAddr(self, addr):\n if addr in self._addrmap:\n del self._addrmap[addr]\n\n def __del__(self):\n self.stop()\n self._ln_call(\"lokinet_context_free\")\n\n def set_netid(self, netid):\n self._ln.lokinet_set_netid(ctypes.create_string_buffer(netid.encode('ascii')))\n\nclass Stream:\n\n def __init__(self, ctx):\n self._ctx = ctx\n self._id = None\n\n def connect(self, remote):\n result = ResultStruct()\n self._ctx.ln_call(\"lokinet_outbound_stream\", ctypes.cast(ctypes.addressof(result), ctypes.POINTER(ResultStruct)), ctypes.create_string_buffer(remote.encode()), ctypes.c_char_p(0))\n\n if result.err:\n print(result.err)\n return\n addr = result.local_address.decode('ascii')\n port = result.local_port\n self._id = result.stream_id\n print(\"connection to {} made via {}:{} via {}\".format(remote, addr, port, self._id))\n return addr, port\n\n\n def close(self):\n if self._id is not None:\n self._ctx.ln_call(\"lokinet_close_stream\", self._id)\n\ndef read_and_forward_or_close(readfd, writefd):\n read = 0\n while True:\n data = os.read(readfd, 1024)\n read += len(data)\n if data and len(data) > 0:\n writefd.write(data)\n writefd.flush()\n return True\n else:\n return read > 0\n\nctx = None\n\n\nclass Handler(BaseHandler):\n\n def do_CONNECT(self):\n self.connect(self.path)\n\n def connect(self, host):\n global ctx\n if not ctx.ready():\n self.send_error(501)\n return\n\n if not ctx.hasAddr(host):\n stream = Stream(ctx)\n result = None\n try:\n result = stream.connect(host)\n except:\n pass\n if not result:\n self.send_error(503)\n return\n ctx.putAddr(host, result)\n\n sock = socket.socket()\n try:\n sock.connect(ctx.getAddr(host))\n except:\n ctx.delAddr(host)\n self.send_error(504)\n return\n\n self.send_response_only(200)\n self.end_headers()\n sel = selectors.DefaultSelector()\n sock.setblocking(False)\n sockfd = sock.makefile('rwb')\n sel.register(self.rfile.fileno(), selectors.EVENT_READ, lambda x : read_and_forward_or_close(x, sockfd))\n sel.register(sock.fileno(), selectors.EVENT_READ, lambda x : read_and_forward_or_close(x, self.wfile))\n while True:\n events = sel.select(1)\n if not events:\n continue\n for key, mask in events:\n if not key.data(key.fileobj):\n sel.unregister(self.rfile)\n sel.unregister(sock)\n sel.close()\n return\n\nimport os\nimport sys\nfrom argparse import ArgumentParser as AP\n\nap = AP()\nap.add_argument(\"--ip\", type=str, help=\"ip to bind to\", default=\"127.0.0.1\")\nap.add_argument(\"--port\", type=int, help=\"port to bind to\", default=3000)\nap.add_argument(\"--expose\", type=int, help=\"expose a port to loopback\")\nap.add_argument(\"--bootstrap\", type=str, help=\"bootstrap file\", default=\"bootstrap.signed\")\nap.add_argument(\"--netid\", type=str, help=\"override network id\")\nap.add_argument(\"--debug\", action=\"store_const\", const=True, default=False, help=\"enable verose logging\")\nif bootstrapFromURL:\n ap.add_argument(\"--bootstrap-url\", type=str, help=\"bootstrap from remote url\", default=\"https://seed.lokinet.org/lokinet.signed\")\n\nargs = ap.parse_args()\naddr = (args.ip, args.port)\nserver = Server(addr, Handler)\n\nctx = Context(args.debug)\n\nif args.netid is not None:\n print(\"overriding netid: {}\".format(args.netid))\n ctx.set_netid(args.netid)\n\nif os.path.exists(args.bootstrap):\n with open(args.bootstrap, 'rb') as f:\n if ctx.add_bootstrap(f.read()) == 0:\n print(\"loaded {}\".format(args.bootstrap))\n\nif args.bootstrap_url is not None:\n print('getting bootstrap info from {}'.format(args.bootstrap_url))\n resp = requests.get(args.bootstrap_url)\n if resp.status_code == 200 and ctx.add_bootstrap(resp.content) == 0:\n pass\n else:\n print(\"failed\")\n\nprint(\"starting up...\")\nif ctx.start() != 0:\n print(\"failed to start\")\n ctx.stop()\n sys.exit(-1)\n\nid = None\n\ntry:\n while not ctx.wait_for_ready(500):\n print(\"waiting for lokinet...\")\n lokiaddr = ctx.addr()\n print(\"we are {}\".format(lokiaddr))\n if args.expose:\n id = ctx.expose(args.expose)\n print(\"exposed {}:{}\".format(lokiaddr, args.expose))\n print(\"serving on {}:{}\".format(*addr))\n server.serve_forever()\nfinally:\n if id is not None:\n ctx.ln_call(\"lokinet_close_stream\", id)\n ctx.stop()\n" }, { "path": "contrib/py/lnproxy/readme.md", "content": "# LN Proxy\n\nembedded lokinet that provides an http tunnel proxy (using http connect)\n\nif `python3-requests` is installed then we can bootstrap from url using `--bootstrap-url` flag\n\nusage:\n\n $ python3 -m lnproxy [--ip ip | --port port]\n" }, { "path": "contrib/py/quic_tester.py", "content": "#!/usr/bin/env python3\n\nimport nacl.bindings as sodium\nfrom nacl.public import PrivateKey\nfrom nacl.signing import SigningKey, VerifyKey\nimport nacl.encoding\nimport requests\nimport zmq\nimport zmq.utils.z85\nimport sys\nimport os\nimport re\nimport time\nimport random\nimport shutil\n\nimport json\n\ncontext = zmq.Context()\nsocket = context.socket(zmq.DEALER)\nsocket.setsockopt(zmq.CONNECT_TIMEOUT, 5000)\nsocket.setsockopt(zmq.HANDSHAKE_IVL, 5000)\n#socket.setsockopt(zmq.IMMEDIATE, 1)\n\nif len(sys.argv) > 1 and any(sys.argv[1].startswith(x) for x in (\"ipc://\", \"tcp://\")):\n remote = sys.argv[1]\n del sys.argv[1]\nelse:\n remote = \"ipc://./loki.sock\"\n\ncurve_pubkey = b''\nmy_privkey, my_pubkey = b'', b''\nif len(sys.argv) > 1 and len(sys.argv[1]) == 64 and all(x in \"0123456789abcdefABCDEF\" for x in sys.argv[1]):\n curve_pubkey = bytes.fromhex(sys.argv[1])\n del sys.argv[1]\n socket.curve_serverkey = curve_pubkey\n if len(sys.argv) > 1 and len(sys.argv[1]) == 64 and all(x in \"0123456789abcdefABCDEF\" for x in sys.argv[1]):\n my_privkey = bytes.fromhex(sys.argv[1])\n del sys.argv[1]\n my_pubkey = zmq.utils.z85.decode(zmq.curve_public(zmq.utils.z85.encode(my_privkey)))\n else:\n my_privkey = PrivateKey.generate()\n my_pubkey = my_privkey.public_key.encode()\n my_privkey = my_privkey.encode()\n\n print(\"No curve client privkey given; generated a random one (pubkey: {}, privkey: {})\".format(\n my_pubkey.hex(), my_privkey.hex()), file=sys.stderr)\n socket.curve_secretkey = my_privkey\n socket.curve_publickey = my_pubkey\n\nif not 2 <= len(sys.argv) or any(x in y for x in (\"--help\", \"-h\") for y in sys.argv[1:]):\n print(\"Usage: {} [ipc:///path/to/sock|tcp://1.2.3.4:5678] [connect|listen] host port\".format(\n sys.argv[0]), file=sys.stderr)\n sys.exit(1)\n\naction = sys.argv[1].lower()\nhost = sys.argv[2]\nport = int(sys.argv[3])\nrequest_path = len(sys.argv) >= 5 and sys.argv[4] or '/'\n\nbeginning_of_time = time.clock_gettime(time.CLOCK_MONOTONIC)\n\n#print(\"Connecting to {}\".format(remote), file=sys.stderr)\nsocket.connect(remote)\n\n\ndef rpc(method, args, timeout=15000):\n to_send = [method.encode(), b'tagxyz123']\n to_send += (x.encode() for x in [json.dumps(args)])\n #print(\"Sending {}\".format(to_send[0]), file=sys.stderr)\n socket.send_multipart(to_send)\n if socket.poll(timeout=timeout):\n m = socket.recv_multipart()\n recv_time = time.clock_gettime(time.CLOCK_MONOTONIC)\n if len(m) < 3 or m[0:2] != [b'REPLY', b'tagxyz123']:\n pass\n else:\n return json.loads(m[2].decode())\n\n\nargs = {\"host\":host, \"port\":port}\n\ndef success_or_die(response):\n if response:\n if 'error' in response and response['error']:\n print(\"error: {}\".format(response['error']))\n socket.close(linger=0)\n sys.exit(1)\n if response and 'result' in response:\n return response[\"result\"]\n else:\n print(\"no response\")\n socket.close(linger=0)\n sys.exit(1)\n\nif action == \"connect\":\n result = success_or_die(rpc(\"llarp.quic_connect\", args))\n print(result)\n cmd = \"curl -vv http://{}{} -o /dev/null\".format(result[\"addr\"], request_path)\n print(\"{}\".format(cmd))\n os.system(cmd)\nif action == \"listen\":\n result = success_or_die(rpc(\"llarp.quic_listener\", args))\n print(\"ID={} addr={}\".format(result[\"id\"], result[\"addr\"]))\n" }, { "path": "contrib/readme-installer.txt", "content": "Lokinet is the reference implementation of LLARP (low latency anonymous routing protocol), a layer 3 onion routing protocol.\n\nThis installer provides the needed control panel to get up an running on Lokinet.\n\nYou can view additional documentation and information on Lokinet at https://lokinet.org\n" }, { "path": "contrib/systemd-resolved/README.md", "content": "Lokinet now talks to systemd directly via sdbus to set up DNS, but in order for this to work the\nuser running lokinet (assumed `_lokinet` in these example files) needs permission to set dns servers\nand domains.\n\nTo set up the permissions:\n\n- If lokinet is running as some user other than `_lokinet` the change the `_lokinet` username inside\n `lokinet.rules` and `lokinet.pkla`.\n\n- If on a Debian or Debian-derived distribution (such as Ubuntu) using polkit 105,\n copy `lokinet.pkla` to `/var/lib/polkit-1/localauthority/10-vendor.d/lokinet.pkla` (for a distro\n install) or `/etc/polkit-1/localauthority.conf.d/` (for a local install).\n\n- Copy `lokinet.rules` to `/usr/share/polkit-1/rules.d/` (distro install) or `/etc/polkit-1/rules.d`\n (local install).\n\nMake use of it by switching to systemd-resolved:\n```\nsudo ln -sf /run/systemd/resolve/stub-resolv.conf /etc/resolv.conf\nsudo systemctl enable --now systemd-resolved\n```\n" }, { "path": "contrib/systemd-resolved/lokinet.pkla", "content": "[Allow lokinet to set DNS settings]\nIdentity=unix-user:_lokinet\nAction=org.freedesktop.resolve1.set-dns-servers;org.freedesktop.resolve1.set-domains\nResultAny=yes\n" }, { "path": "contrib/systemd-resolved/lokinet.rules", "content": "/* Allow lokinet to set DNS settings */\npolkit.addRule(function(action, subject) {\n if ((action.id == \"org.freedesktop.resolve1.set-dns-servers\" ||\n action.id == \"org.freedesktop.resolve1.set-domains\") &&\n subject.user == \"_lokinet\") {\n return polkit.Result.YES;\n }\n});\n\n" }, { "path": "contrib/tarball.sh", "content": "#!/usr/bin/env bash\n#\n# create signed release tarball with submodules bundled\n# usage: ./contrib/tarball.sh [keyid]\n#\nrepo=$(readlink -e $(dirname $0)/..)\nbranch=$(test -e $repo/.git/ && git rev-parse --abbrev-ref HEAD)\nout=\"lokinet-$(git describe --exact-match --tags $(git log -n1 --pretty='%h') 2> /dev/null || ( echo -n $branch- && git rev-parse --short HEAD)).tar.xz\"\ngit-archive-all -C $repo --force-submodules $out && rm -f $out.sig && (gpg -u ${1:-jeff@lokinet.io} --sign --detach $out &> /dev/null && gpg --verify $out.sig)\n" }, { "path": "contrib/windows-configure.sh", "content": "#!/bin/bash\nset -e\nset -x\n\n# Usage: windows-configure.sh [rootdir [builddir]] -DWHATEVER=BLAH ...\n\nif [ $# -ge 1 ] && [[ \"$1\" != -* ]]; then\n root=\"$1\"\n shift\nelse\n root=\"$(dirname $0)\"/..\nfi\nroot=\"$(readlink -f \"$root\")\"\n\nif [ $# -ge 1 ] && [[ \"$1\" != -* ]]; then\n build=\"$(readlink -f \"$1\")\"\n shift\nelse\n build=\"$root/build/win32\"\n echo \"Setting up build in $build\"\nfi\n\nmkdir -p \"$build\"\ncmake \\\n -S \"$root\" -B \"$build\" \\\n -G 'Unix Makefiles' \\\n -DCMAKE_EXE_LINKER_FLAGS=-fstack-protector \\\n -DCMAKE_CXX_FLAGS=-fdiagnostics-color=always \\\n -DCMAKE_TOOLCHAIN_FILE=\"$root/contrib/cross/mingw64.cmake\" \\\n -DCMAKE_BUILD_TYPE=Release \\\n -DBUILD_STATIC_DEPS=ON \\\n -DLOKINET_PACKAGE=ON \\\n -DBUILD_SHARED_LIBS=OFF \\\n -DBUILD_TESTING=OFF \\\n -DLOKINET_TESTS=OFF \\\n -DLOKINET_BOOTSTRAP=OFF \\\n -DLOKINET_NATIVE_BUILD=OFF \\\n -DSTATIC_LINK=ON \\\n -DWITH_SYSTEMD=OFF \\\n -DFORCE_OXENMQ_SUBMODULE=ON \\\n -DFORCE_OXENC_SUBMODULE=ON \\\n -DFORCE_FMT_SUBMODULE=ON \\\n -DFORCE_SPDLOG_SUBMODULE=ON \\\n -DFORCE_NLOHMANN_SUBMODULE=ON \\\n -DWITH_LTO=OFF \\\n \"$@\"\n" }, { "path": "contrib/windows.sh", "content": "#!/bin/bash\n#\n# helper script for me for when i cross compile for windows\n# t. jeff\n#\n\nset -e\nset +x\nroot=\"$(readlink -f $(dirname $0)/../)\"\nmkdir -p $root/build/win32\n$root/contrib/windows-configure.sh $root $root/build/win32 \"$@\"\nmake package -j${JOBS:-$(nproc)} -C $root/build/win32\n\n" }, { "path": "daemon/CMakeLists.txt", "content": "set(exetargets lokinet)\n\nadd_library(lokinet_daemon STATIC utils.cpp)\ntarget_link_libraries(lokinet_daemon PUBLIC liblokinet)\n\nif(APPLE)\n add_executable(lokinet lokinet.swift)\n target_compile_options(lokinet BEFORE PRIVATE -target x86_64-apple-macos${CMAKE_OSX_DEPLOYMENT_TARGET})\nelse()\n add_executable(lokinet lokinet.cpp)\nendif()\n\nadd_executable(lokinet-cntrl lokinet-cntrl.cpp)\nenable_lto(lokinet lokinet-cntrl)\nlist(APPEND exetargets lokinet-cntrl)\n\n\nset(should_install ON)\nset(SETCAP)\n\nif(CMAKE_SYSTEM_NAME MATCHES \"Linux\")\n option(WITH_SETCAP \"use setcap when installing\" ON)\n if(WITH_SETCAP)\n find_program(SETCAP NAMES setcap HINTS /sbin /usr/sbin)\n if(SETCAP)\n message(STATUS \"Found setcap binary: ${SETCAP}\")\n else()\n message(WARNING \"cannot find setcap binary you will not be able use the install targets unless you use -DWITH_SETCAP=OFF\")\n set(should_install OFF)\n endif()\n endif()\nendif()\n\n# cmake interface library for bunch of cmake hacks to fix final link order\nadd_library(hax_and_shims_for_cmake INTERFACE)\nif(WIN32)\n target_link_libraries(hax_and_shims_for_cmake INTERFACE uvw oxenmq::oxenmq -lws2_32 -lshlwapi -ldbghelp -luser32 -liphlpapi -lpsapi -luserenv)\nendif()\n\nforeach(exe ${exetargets})\n if(WIN32)\n target_sources(${exe} PRIVATE ${CMAKE_BINARY_DIR}/${exe}.rc)\n target_link_libraries(${exe} PRIVATE -static-libstdc++ -static-libgcc --static -Wl,--pic-executable,-e,mainCRTStartup,--subsystem,console:5.00)\n elseif(CMAKE_SYSTEM_NAME MATCHES \"FreeBSD\")\n target_link_directories(${exe} PRIVATE /usr/local/lib)\n endif()\n target_link_libraries(${exe} PRIVATE lokinet_daemon)\n if(LOKINET_STRIP)\n add_custom_command(TARGET ${exe}\n POST_BUILD\n COMMAND ${CMAKE_OBJCOPY} ARGS --only-keep-debug $ $.debug\n COMMAND ${CMAKE_STRIP} ARGS --strip-all $)\n endif()\n target_include_directories(${exe} PUBLIC \"${PROJECT_SOURCE_DIR}\")\n if(should_install)\n if(APPLE)\n install(TARGETS ${exe}\n BUNDLE DESTINATION \"${PROJECT_BINARY_DIR}\"\n RUNTIME DESTINATION \".\"\n COMPONENT lokinet)\n else()\n install(TARGETS ${exe} RUNTIME DESTINATION bin COMPONENT lokinet)\n endif()\n endif()\nendforeach()\n\ntarget_link_libraries(lokinet PRIVATE CLI11)\ntarget_link_libraries(lokinet-cntrl PRIVATE CLI11)\n\nif(WITH_SETCAP)\n install(CODE \"execute_process(COMMAND ${SETCAP} cap_net_admin,cap_net_bind_service=+eip ${CMAKE_INSTALL_PREFIX}/bin/lokinet)\")\nendif()\n\nif(LOKINET_STRIP)\n add_custom_target(symbols ALL\n COMMAND ${CMAKE_COMMAND} -E tar cJf ${CMAKE_CURRENT_BINARY_DIR}/debug-symbols.tar.xz $.debug\n DEPENDS lokinet)\nendif()\n" }, { "path": "daemon/lokinet-cntrl.cpp", "content": "#include \"utils.hpp\"\n\n#include \n#include \n#include \n\nusing namespace llarp;\nusing namespace nlohmann;\n\nnamespace\n{\n /**\n Startup CLI options:\n - verbose\n - config file pathways\n - log level\n - loki controller RPC client URL\n\n Runtime CLI subcommands:\n - list\n - refresh\n - instance\n - init\n - status\n - close\n - stop\n */\n\n struct cli_opts\n {\n bool verbose{false};\n\n std::vector rpc_paths{\n {\"tcp://127.0.0.1:1190\"}, {\"tcp://127.0.0.1:1189\"}, {\"tcp://127.0.0.1:1188\"}};\n\n omq::address rpc_url{};\n std::string log_level{\"info\"};\n log::Level oxen_log_level{log::Level::info};\n };\n\n struct app_data\n {\n std::mutex m;\n std::deque input_que{};\n std::condition_variable cv;\n std::atomic running{false};\n };\n\n} // namespace\n\nnamespace\n{\n static std::shared_ptr runtime_data;\n\n template \n static int exit_now(bool is_error, fmt::format_string format, T&&... args)\n {\n if (is_error)\n log::error(controller::logcat, format, std::forward(args)...);\n else\n log::info(controller::logcat, format, std::forward(args)...);\n\n runtime_data->running = false;\n runtime_data->cv.notify_all();\n\n return is_error ? 1 : 0;\n }\n\n auto prefigure = []() -> int {\n if (not runtime_data)\n runtime_data = std::make_shared();\n\n return 0;\n };\n\n static void app_loop(cli_opts&& options, std::promise&& p)\n {\n controller::rpc_controller rpc;\n\n if (not rpc.start(options.rpc_paths))\n {\n log::critical(controller::logcat, \"RPC controller failed to bind; exiting...\");\n p.set_value_at_thread_exit();\n return;\n }\n\n size_t index{};\n std::string address{};\n std::string pubkey{};\n\n CLI::App app{};\n auto app_fmt = app.get_formatter();\n app_fmt->column_width(40);\n app.set_help_flag(\"\");\n\n // inner app options\n auto* hcom = app.add_subcommand(\"help\", \"Print help menu\")->silent();\n hcom->callback([&]() {\n app.clear();\n std::cout << app.help(\"\", CLI::AppFormatMode::Normal) << std::endl;\n for (auto& com : app.get_subcommands(nullptr))\n {\n std::cout << com->help(\"\", CLI::AppFormatMode::Sub) << std::endl;\n for (auto& c : com->get_subcommands(nullptr))\n std::cout << c->help(\"\", CLI::AppFormatMode::Sub) << std::endl;\n }\n })\n ->immediate_callback();\n\n auto* list_subcom =\n app.add_subcommand(\"list\", \"List all lokinet instances currently running on the local machine\");\n list_subcom->callback([&]() { rpc.list_all(); })->immediate_callback();\n\n auto* refresh_subcom = app.add_subcommand(\"refresh\", \"Refresh local lokinet instance information\");\n refresh_subcom->callback([&]() { rpc.refresh(); });\n\n auto* instance_subcom =\n app.add_subcommand(\"instance\", \"Select a lokinet instance\")->require_option(1)->require_subcommand(1);\n auto* aopt = instance_subcom->add_option(\"-a, --address\", address, \"Local RPC address of lokinet instance\")\n ->type_name(\"IP:PORT\");\n auto* iopt =\n instance_subcom->add_option(\"-i, --index\", index, \"Index of local lokinet instance (use 'list' to query!)\");\n\n aopt->excludes(iopt);\n iopt->excludes(aopt);\n\n auto* init_subcom =\n instance_subcom->add_subcommand(\"init\", \"Initiate session to a remote instance\")->require_option(1);\n init_subcom->add_option(\"-p, --pubkey\", pubkey, \"PubKey of remote lokinet instance\");\n\n init_subcom->callback([&]() {\n if (not address.empty())\n rpc.initiate(omq::address{std::move(address)}, std::move(pubkey));\n else\n rpc.initiate(index, std::move(pubkey));\n });\n\n auto* status_subcom = instance_subcom->add_subcommand(\"status\", \"Query status of local lokinet instance\");\n\n status_subcom->callback([&]() {\n if (not address.empty())\n rpc.status(omq::address{std::move(address)});\n else\n rpc.status(index);\n });\n\n auto* close_subcom =\n instance_subcom->add_subcommand(\"close\", \"Close session to a remote instance\")->require_option(1);\n close_subcom->add_option(\"-p, --pubkey\", pubkey, \"PubKey of remote lokinet instance\");\n\n close_subcom->callback([&]() {\n if (not address.empty())\n rpc.close(omq::address{std::move(address)}, std::move(pubkey));\n else\n rpc.close(index, std::move(pubkey));\n });\n\n auto* halt_subcom = instance_subcom->add_subcommand(\"halt\", \"Immediately halt lokinet instance\");\n\n halt_subcom->callback([&]() {\n if (not address.empty())\n rpc.halt(omq::address{std::move(address)});\n else\n rpc.halt(index);\n });\n\n // notify startup successful\n runtime_data->running = true;\n p.set_value();\n\n while (runtime_data->running)\n {\n try\n {\n std::deque copy{};\n\n {\n std::unique_lock lock{runtime_data->m, std::defer_lock};\n runtime_data->cv.wait(\n lock, []() { return !runtime_data->input_que.empty() || !runtime_data->running; });\n copy.swap(runtime_data->input_que);\n }\n\n if (!copy.empty())\n {\n log::debug(controller::logcat, \"processing input...\");\n while (!copy.empty())\n {\n auto line = copy.front();\n copy.pop_front();\n log::debug(controller::logcat, \"input: {}\", line);\n app.parse(line);\n }\n }\n }\n catch (const std::exception& e)\n {\n log::warning(controller::logcat, \"Exception: {}\", e.what());\n }\n\n app.clear();\n }\n }\n\n static void input_loop()\n {\n log::info(controller::logcat, \"input loop started...\");\n\n std::string input;\n while (runtime_data->running)\n {\n std::getline(std::cin, input);\n\n if (input == \"exit\")\n {\n runtime_data->running = false;\n runtime_data->cv.notify_all();\n break;\n }\n\n {\n std::lock_guard lock{runtime_data->m};\n runtime_data->input_que.push_back(std::move(input));\n }\n\n log::debug(controller::logcat, \"dispatched...\");\n runtime_data->cv.notify_all();\n }\n\n log::info(controller::logcat, \"input loop exiting...\");\n }\n} // namespace\n\nint main(int argc, char* argv[])\n{\n if (auto rv = prefigure(); rv != 0)\n return rv;\n\n CLI::App cli{\"loki controller - lokinet instance control utility\", \"lokinet-cntrl\"};\n cli.get_formatter()->column_width(50);\n cli_opts options{};\n\n // initial options\n cli.add_flag(\"-v, --verbose\", options.verbose, \"Verbose logging (equivalent to passing '--log-level=debug')\");\n cli.add_option(\n \"-r, --rpc\",\n options.rpc_paths,\n \"Specify RPC bind addresses for loki controller to connect to (accepts multiple args)\")\n ->type_name(\"PATH(S)\")\n ->capture_default_str();\n cli.add_option(\n \"-l, --log-level\", options.log_level, \"Log verbosity level ('error', 'warn', 'info', 'debug', 'trace')\")\n ->type_name(\"LEVEL\")\n ->capture_default_str();\n\n try\n {\n cli.parse(argc, argv);\n }\n catch (const CLI::ParseError& e)\n {\n return exit_now(true, \"Exception: {}\", e.what());\n }\n catch (const std::exception& e)\n {\n return exit_now(true, \"Exception: {}\", e.what());\n }\n\n options.oxen_log_level = log::level_from_string(options.log_level);\n\n if (options.verbose)\n options.oxen_log_level = log::Level::debug;\n\n log::add_sink(log::Type::Print, \"stderr\");\n log::reset_level(options.oxen_log_level);\n\n log::info(controller::logcat, \"initializing...\");\n\n try\n {\n std::promise p;\n auto f = p.get_future();\n\n std::thread app_thread{app_loop, std::move(options), std::move(p)};\n\n f.get();\n\n std::thread input_thread{input_loop};\n\n app_thread.join();\n input_thread.join();\n }\n catch (const std::exception& e)\n {\n return exit_now(true, \"Exception: {}\", e.what());\n }\n\n log::info(controller::logcat, \"exiting...\");\n return 0;\n}\n" }, { "path": "daemon/lokinet.cpp", "content": "#include \n#include // for ensure_config\n#include \n#include \n#include \n#include \n#include \n\n#include \n#include \n#include \n#include \n\n#include \n#include \n#include \n#include \n\n#ifdef _WIN32\n#include \n#else\n#include \n#endif\n\nnamespace\n{\n struct command_line_options\n {\n // bool options\n bool help = false;\n bool version = false;\n bool generate = false;\n bool generate_embedded = false;\n bool router = false;\n bool config = false;\n bool overwrite = false;\n\n // string options\n // TODO: change this to use a std::filesystem::path once we stop using ghc::filesystem on\n // some platforms\n std::string configPath;\n\n // windows options\n bool win_install = false;\n bool win_remove = false;\n };\n\n // windows-specific function declarations\n int startWinsock();\n void install_win32_daemon();\n void uninstall_win32_daemon();\n\n // operational function definitions\n int lokinet_main(int, char**);\n void handle_signal(int sig);\n static void start_lokinet(std::optional confFile, bool snode);\n\n // variable declarations\n static auto logcat = llarp::log::Cat(\"daemon\");\n std::unique_ptr ctx;\n\n // operational function definitions\n void handle_signal(int sig)\n {\n llarp::log::info(logcat, \"Handling signal {}\", sig);\n\n if (ctx)\n ctx->signal(sig);\n else\n std::cerr << \"Received signal \" << sig << \", but have no context yet. Ignoring!\" << std::endl;\n }\n\n // Windows specific code\n#ifdef _WIN32\n extern \"C\" LONG FAR PASCAL win32_signal_handler(EXCEPTION_POINTERS*);\n extern \"C\" VOID FAR PASCAL win32_daemon_entry(DWORD, LPTSTR*);\n VOID insert_description();\n\n extern \"C\" BOOL FAR PASCAL handle_signal_win32(DWORD fdwCtrlType)\n {\n UNREFERENCED_PARAMETER(fdwCtrlType);\n handle_signal(SIGINT);\n return TRUE; // probably unreachable\n };\n\n int startWinsock()\n {\n WSADATA wsockd;\n int err;\n err = ::WSAStartup(MAKEWORD(2, 2), &wsockd);\n if (err)\n {\n perror(\"Failed to start Windows Sockets\");\n return err;\n }\n ::CreateMutex(nullptr, FALSE, \"lokinet_win32_daemon\");\n return 0;\n }\n\n void install_win32_daemon()\n {\n SC_HANDLE schSCManager;\n SC_HANDLE schService;\n std::array szPath{};\n\n if (!GetModuleFileName(nullptr, szPath.data(), MAX_PATH))\n {\n llarp::log::error(logcat, \"Cannot install service {}\", GetLastError());\n return;\n }\n\n // Get a handle to the SCM database.\n schSCManager = OpenSCManager(\n nullptr, // local computer\n nullptr, // ServicesActive database\n SC_MANAGER_ALL_ACCESS); // full access rights\n\n if (nullptr == schSCManager)\n {\n llarp::log::error(logcat, \"OpenSCManager failed {}\", GetLastError());\n return;\n }\n\n // Create the service\n schService = CreateService(\n schSCManager, // SCM database\n strdup(\"lokinet\"), // name of service\n \"Lokinet for Windows\", // service name to display\n SERVICE_ALL_ACCESS, // desired access\n SERVICE_WIN32_OWN_PROCESS, // service type\n SERVICE_DEMAND_START, // start type\n SERVICE_ERROR_NORMAL, // error control type\n szPath.data(), // path to service's binary\n nullptr, // no load ordering group\n nullptr, // no tag identifier\n nullptr, // no dependencies\n nullptr, // LocalSystem account\n nullptr); // no password\n\n if (schService == nullptr)\n {\n llarp::log::error(logcat, \"CreateService failed {}\", GetLastError());\n CloseServiceHandle(schSCManager);\n return;\n }\n else\n llarp::log::info(logcat, \"Service installed successfully\");\n\n CloseServiceHandle(schService);\n CloseServiceHandle(schSCManager);\n insert_description();\n }\n\n VOID insert_description()\n {\n SC_HANDLE schSCManager;\n SC_HANDLE schService;\n SERVICE_DESCRIPTION sd;\n LPTSTR szDesc = strdup(\n \"LokiNET is a free, open source, private, \"\n \"decentralized, \\\"market based sybil resistant\\\" \"\n \"and IP based onion routing network\");\n // Get a handle to the SCM database.\n schSCManager = OpenSCManager(\n NULL, // local computer\n NULL, // ServicesActive database\n SC_MANAGER_ALL_ACCESS); // full access rights\n\n if (nullptr == schSCManager)\n {\n llarp::log::error(logcat, \"OpenSCManager failed {}\", GetLastError());\n return;\n }\n\n // Get a handle to the service.\n schService = OpenService(\n schSCManager, // SCM database\n \"lokinet\", // name of service\n SERVICE_CHANGE_CONFIG); // need change config access\n\n if (schService == nullptr)\n {\n llarp::log::error(logcat, \"OpenService failed {}\", GetLastError());\n CloseServiceHandle(schSCManager);\n return;\n }\n\n // Change the service description.\n sd.lpDescription = szDesc;\n\n if (!ChangeServiceConfig2(\n schService, // handle to service\n SERVICE_CONFIG_DESCRIPTION, // change: description\n &sd)) // new description\n {\n llarp::log::error(logcat, \"ChangeServiceConfig2 failed\");\n }\n else\n llarp::log::info(log_cat, \"Service description updated successfully.\");\n\n CloseServiceHandle(schService);\n CloseServiceHandle(schSCManager);\n }\n\n void uninstall_win32_daemon()\n {\n SC_HANDLE schSCManager;\n SC_HANDLE schService;\n\n // Get a handle to the SCM database.\n schSCManager = OpenSCManager(\n nullptr, // local computer\n nullptr, // ServicesActive database\n SC_MANAGER_ALL_ACCESS); // full access rights\n\n if (nullptr == schSCManager)\n {\n llarp::log::error(logcat, \"OpenSCManager failed {}\", GetLastError());\n return;\n }\n\n // Get a handle to the service.\n schService = OpenService(\n schSCManager, // SCM database\n \"lokinet\", // name of service\n 0x10000); // need delete access\n\n if (schService == nullptr)\n {\n llarp::log::error(logcat, \"OpenService failed {}\", GetLastError());\n CloseServiceHandle(schSCManager);\n return;\n }\n\n // Delete the service.\n if (!DeleteService(schService))\n {\n llarp::log::error(logcat, \"DeleteService failed {}\", GetLastError());\n }\n else\n llarp::log::info(logcat, \"Service deleted successfully\");\n\n CloseServiceHandle(schService);\n CloseServiceHandle(schSCManager);\n }\n\n /// minidump generation for windows jizz\n /// will make a coredump when there is an unhandled exception\n LONG GenerateDump(EXCEPTION_POINTERS* pExceptionPointers)\n {\n const auto flags = (MINIDUMP_TYPE)(MiniDumpWithFullMemory | MiniDumpWithFullMemoryInfo | MiniDumpWithHandleData\n | MiniDumpWithUnloadedModules | MiniDumpWithThreadInfo);\n\n const std::string fname = fmt::format(\"C:\\\\ProgramData\\\\lokinet\\\\crash-{}.dump\", llarp::time_now_ms().count());\n\n HANDLE hDumpFile;\n SYSTEMTIME stLocalTime;\n GetLocalTime(&stLocalTime);\n MINIDUMP_EXCEPTION_INFORMATION ExpParam{};\n\n hDumpFile = CreateFile(\n fname.c_str(), GENERIC_READ | GENERIC_WRITE, FILE_SHARE_WRITE | FILE_SHARE_READ, 0, CREATE_ALWAYS, 0, 0);\n\n ExpParam.ExceptionPointers = pExceptionPointers;\n ExpParam.ClientPointers = TRUE;\n\n MiniDumpWriteDump(GetCurrentProcess(), GetCurrentProcessId(), hDumpFile, flags, &ExpParam, NULL, NULL);\n\n return 1;\n }\n\n VOID FAR PASCAL SvcCtrlHandler(DWORD dwCtrl)\n {\n // Handle the requested control code.\n\n switch (dwCtrl)\n {\n case SERVICE_CONTROL_STOP:\n // tell service we are stopping\n llarp::log::debug(logcat, \"Windows service controller gave SERVICE_CONTROL_STOP\");\n llarp::sys::service_manager->system_changed_our_state(llarp::sys::ServiceState::Stopping);\n handle_signal(SIGINT);\n return;\n\n case SERVICE_CONTROL_INTERROGATE:\n // report status\n llarp::log::debug(logcat, \"Got win32 service interrogate signal\");\n llarp::sys::service_manager->report_changed_state();\n return;\n\n default:\n llarp::log::debug(logcat, \"Got win32 unhandled signal {}\", dwCtrl);\n break;\n }\n }\n\n // The win32 daemon entry point is where we go when invoked as a windows service; we do the\n // required service dance and then pretend we were invoked via main().\n VOID FAR PASCAL win32_daemon_entry(DWORD, LPTSTR* argv)\n {\n // Register the handler function for the service\n auto* svc = dynamic_cast(llarp::sys::service_manager);\n svc->handle = RegisterServiceCtrlHandler(\"lokinet\", SvcCtrlHandler);\n\n if (svc->handle == nullptr)\n {\n llarp::log::error(logcat, \"failed to register daemon control handler\");\n return;\n }\n\n // we hard code the args to lokinet_main.\n // we yoink argv[0] (lokinet.exe path) and pass in the new args.\n std::array args = {\n reinterpret_cast(argv[0]),\n reinterpret_cast(strdup(\"c:\\\\programdata\\\\lokinet\\\\lokinet.ini\")),\n reinterpret_cast(0)};\n lokinet_main(args.size() - 1, args.data());\n }\n\n#endif\n\n int lokinet_main(int argc, char** argv)\n {\n#ifdef _WIN32\n if (startWinsock())\n return -1;\n SetConsoleCtrlHandler(handle_signal_win32, TRUE);\n#endif\n\n CLI::App cli{\n \"Lokinet is a free, open source, private, decentralized, market-based sybil resistant \"\n \"and IP based onion routing network lokinet\"};\n command_line_options options{};\n\n // flags: boolean values in command_line_options struct\n cli.add_flag(\"--version\", options.version, \"Lokinet version\");\n cli.add_flag(\"-g,--generate\", options.generate, \"Generate default configuration and exit\");\n cli.add_flag(\"-r,--router\", options.router, \"Run lokinet in routing mode instead of client-only mode\");\n cli.add_flag(\n \"-e,--generate-embedded\",\n options.generate_embedded,\n \"Generate a default config file for an embedded clients and exit\");\n cli.add_flag(\"-f,--force\", options.overwrite, \"Force writing config even if file exists\");\n\n // options: string\n cli.add_option(\"config,--config\", options.configPath, \"Path to lokinet.ini configuration file\")\n ->capture_default_str();\n\n if constexpr (llarp::platform::is_windows)\n {\n cli.add_flag(\"--install\", options.win_install, \"Install win32 daemon to SCM\");\n cli.add_flag(\"--remove\", options.win_remove, \"Remove win32 daemon from SCM\");\n }\n\n try\n {\n cli.parse(argc, argv);\n }\n catch (const CLI::ParseError& e)\n {\n return cli.exit(e);\n }\n\n std::optional configFile;\n\n try\n {\n if (options.version)\n {\n std::cout << llarp::LOKINET_VERSION_FULL << std::endl;\n return 0;\n }\n\n if constexpr (llarp::platform::is_windows)\n {\n if (options.win_install)\n {\n install_win32_daemon();\n return 0;\n }\n if (options.win_remove)\n {\n uninstall_win32_daemon();\n return 0;\n }\n }\n\n if (not options.configPath.empty())\n {\n configFile = options.configPath;\n }\n }\n catch (const CLI::OptionNotFound& e)\n {\n cli.exit(e);\n }\n catch (const CLI::Error& e)\n {\n cli.exit(e);\n }\n\n auto type = options.generate_embedded ? llarp::config::Type::EmbeddedClient\n : options.router ? llarp::config::Type::Relay\n : llarp::config::Type::FullClient;\n\n if (configFile.has_value())\n {\n // when we have an explicit filepath\n std::filesystem::path basedir = configFile->parent_path();\n if (options.generate || options.generate_embedded)\n {\n try\n {\n llarp::ensure_config(basedir, *configFile, options.overwrite, type);\n }\n catch (std::exception& ex)\n {\n llarp::log::error(logcat, \"cannot generate config at {}: {}\", *configFile, ex.what());\n return 1;\n }\n }\n else\n {\n try\n {\n if (!exists(*configFile))\n {\n llarp::log::error(logcat, \"Config file not found {}\", *configFile);\n return 1;\n }\n }\n catch (std::exception& ex)\n {\n llarp::log::error(logcat, \"cannot check if \", *configFile, \" exists: \", ex.what());\n return 1;\n }\n }\n }\n else\n {\n try\n {\n llarp::ensure_config(\n llarp::GetDefaultDataDir(), llarp::GetDefaultConfigPath(), options.overwrite, type);\n }\n catch (std::exception& ex)\n {\n llarp::log::error(logcat, \"cannot ensure config: {}\", ex.what());\n return 1;\n }\n configFile = llarp::GetDefaultConfigPath();\n }\n\n if (options.generate || options.generate_embedded)\n return 0;\n\n#ifdef _WIN32\n SetUnhandledExceptionFilter(&GenerateDump);\n#endif\n\n try\n {\n start_lokinet(configFile, options.router);\n }\n catch (const std::exception& e)\n {\n std::cerr << \"\\nLokinet failed to start: \" << e.what() << \"\\n\\n\";\n return 1;\n }\n\n std::promise watchdog_stop;\n std::thread watchdog{[ftr = watchdog_stop.get_future()] {\n llarp::util::SetThreadName(\"llarp-watchdog\");\n while (ftr.wait_for(1s) != std::future_status::ready)\n {\n // do periodic non lokinet related tasks here\n if (ctx and ctx->is_up() and not ctx->looks_alive())\n {\n auto deadlock_cat = llarp::log::Cat(\"deadlock\");\n llarp::log::critical(deadlock_cat, \"Router has deadlocked!\");\n llarp::log::flush();\n llarp::sys::service_manager->failed();\n std::abort();\n }\n }\n }};\n\n ctx->wait();\n watchdog_stop.set_value();\n watchdog.join();\n\n llarp::log::flush();\n llarp::sys::service_manager->stopped();\n ctx.reset();\n return 0;\n }\n\n // this sets up, configures and runs the main context\n static void start_lokinet(std::optional confFile, bool snode)\n {\n llarp::log::info(logcat, \"starting up {}\", llarp::LOKINET_VERSION_FULL);\n try\n {\n auto type = snode ? llarp::config::Type::Relay : llarp::config::Type::FullClient;\n std::optional conf;\n try\n {\n conf = confFile ? llarp::Config{type, *confFile} : llarp::Config{type, \"\", llarp::GetDefaultDataDir()};\n }\n catch (const std::exception& e)\n {\n llarp::log::error(logcat, \"Failed to load config: {}\", e.what());\n throw;\n }\n\n ctx = std::make_unique(/*embedded=*/false);\n\n signal(SIGINT, handle_signal);\n signal(SIGTERM, handle_signal);\n signal(SIGKILL, handle_signal);\n\n llarp::util::SetThreadName(\"llarp-main\");\n ctx->start(std::move(*conf));\n }\n catch (llarp::util::bind_socket_error& ex)\n {\n auto msg = \"{}; is lokinet already running?\"_format(ex.what());\n llarp::log::error(logcat, \"{}\", msg);\n throw std::runtime_error{msg};\n }\n catch (const std::exception& ex)\n {\n // Don't need to log here: context has already error logged the exception message\n throw;\n }\n }\n\n} // namespace\n\nint main(int argc, char* argv[])\n{\n // Set up a default, stderr logging for very early logging; we'll replace this later once we\n // read the desired log info from config.\n oxen::log::add_sink(llarp::log::Type::Print, \"stderr\");\n oxen::log::reset_level(llarp::log::Level::info);\n // oxen::log::set_level(\"quic\", oxen::log::Level::info);\n\n // TODO FIXME: this seems to be segfaulting?\n // llarp::logRingBuffer = std::make_shared(100);\n // oxen::log::add_sink(llarp::logRingBuffer, llarp::log::DEFAULT_PATTERN_MONO);\n\n#ifndef _WIN32\n return lokinet_main(argc, argv);\n#else\n if (auto hntdll = GetModuleHandle(\"ntdll.dll\"))\n {\n if (GetProcAddress(hntdll, \"wine_get_version\"))\n {\n static const char* text = \"Don't run lokinet in wine, aborting startup\";\n static const char* title = \"Lokinet Wine Error\";\n MessageBoxA(NULL, text, title, MB_ICONHAND);\n std::abort();\n }\n }\n\n SERVICE_TABLE_ENTRY DispatchTable[] = {\n {strdup(\"lokinet\"), (LPSERVICE_MAIN_FUNCTION)win32_daemon_entry}, {NULL, NULL}};\n\n // Try first to run as a service; if this works it fires off to win32_daemon_entry and doesn't\n // return until the service enters STOPPED state.\n if (StartServiceCtrlDispatcher(DispatchTable))\n return 0;\n\n auto error = GetLastError();\n\n // We'll get this error if not invoked as a service, which is fine: we can just run directly\n if (error == ERROR_FAILED_SERVICE_CONTROLLER_CONNECT)\n {\n llarp::sys::service_manager->disable();\n return lokinet_main(argc, argv);\n }\n else\n {\n llarp::log::critical(logcat, \"Error launching service: {}\", std::system_category().message(error));\n return 1;\n }\n#endif\n}\n" }, { "path": "daemon/lokinet.swift", "content": "import AppKit\nimport Foundation\nimport NetworkExtension\nimport SystemExtensions\n\nlet app = NSApplication.shared\n\nlet START = \"--start\"\nlet STOP = \"--stop\"\n\nlet HELP_STRING = \"usage: lokinet {--start|--stop}\"\n\nclass LokinetMain: NSObject, NSApplicationDelegate {\n var vpnManager = NETunnelProviderManager()\n var mode = START\n let netextBundleId = \"org.lokinet.network-extension\"\n\n func applicationDidFinishLaunching(_: Notification) {\n if mode == START {\n startNetworkExtension()\n } else if mode == STOP {\n tearDownVPNTunnel()\n } else {\n result(msg: HELP_STRING)\n }\n }\n\n func bail() {\n app.terminate(self)\n }\n\n func result(msg: String) {\n NSLog(msg)\n // TODO: does lokinet continue after this?\n bail()\n }\n\n func tearDownVPNTunnel() {\n NSLog(\"Stopping Lokinet\")\n NETunnelProviderManager.loadAllFromPreferences { [self] (savedManagers: [NETunnelProviderManager]?, error: Error?) in\n if let error = error {\n self.result(msg: error.localizedDescription)\n return\n }\n\n if let savedManagers = savedManagers {\n for manager in savedManagers {\n if (manager.protocolConfiguration as? NETunnelProviderProtocol)?.providerBundleIdentifier == self.netextBundleId {\n manager.connection.stopVPNTunnel()\n self.result(msg: \"Lokinet Down\")\n }\n }\n }\n self.result(msg: \"Lokinet is not up\")\n }\n }\n\n func startNetworkExtension() {\n #if MACOS_SYSTEM_EXTENSION\n NSLog(\"Loading Lokinet network extension\")\n // Start by activating the system extension\n let activationRequest = OSSystemExtensionRequest.activationRequest(forExtensionWithIdentifier: netextBundleId, queue: .main)\n activationRequest.delegate = self\n OSSystemExtensionManager.shared.submitRequest(activationRequest)\n #else\n setupVPNTunnel()\n #endif\n }\n\n func setupVPNTunnel() {\n NSLog(\"Starting up Lokinet tunnel\")\n NETunnelProviderManager.loadAllFromPreferences { [self] (savedManagers: [NETunnelProviderManager]?, error: Error?) in\n if let error = error {\n self.result(msg: error.localizedDescription)\n return\n }\n\n if let savedManagers = savedManagers {\n for manager in savedManagers {\n if (manager.protocolConfiguration as? NETunnelProviderProtocol)?.providerBundleIdentifier == self.netextBundleId {\n NSLog(\"Found saved VPN Manager\")\n self.vpnManager = manager\n }\n }\n }\n let providerProtocol = NETunnelProviderProtocol()\n providerProtocol.serverAddress = \"loki.loki\" // Needs to be set to some non-null dummy value\n providerProtocol.username = \"anonymous\"\n providerProtocol.providerBundleIdentifier = self.netextBundleId\n if #available(macOS 11, *) {\n providerProtocol.enforceRoutes = true\n }\n // macos seems to have trouble when this is true, and reports are that this breaks and\n // doesn't do what it says on the tin in the first place. Needs more testing.\n providerProtocol.includeAllNetworks = false\n self.vpnManager.protocolConfiguration = providerProtocol\n self.vpnManager.isEnabled = true\n // self.vpnManager.isOnDemandEnabled = true\n self.vpnManager.localizedDescription = \"lokinet\"\n self.vpnManager.saveToPreferences(completionHandler: { [self] error -> Void in\n if error != nil {\n NSLog(\"Error saving to preferences\")\n self.result(msg: error!.localizedDescription)\n } else {\n self.vpnManager.loadFromPreferences(completionHandler: { error in\n if error != nil {\n NSLog(\"Error loading from preferences\")\n self.result(msg: error!.localizedDescription)\n } else {\n do {\n NSLog(\"Trying to start\")\n self.initializeConnectionObserver()\n try self.vpnManager.connection.startVPNTunnel()\n } catch let error as NSError {\n self.result(msg: error.localizedDescription)\n } catch {\n self.result(msg: \"There was a fatal error\")\n }\n\n // Check if we are already connected because, if so, we won't get a\n // status change and will just hang waiting for one.\n if self.vpnManager.connection.status == .connected {\n self.result(msg: \"VPN already connected\");\n }\n }\n })\n }\n })\n }\n }\n\n func initializeConnectionObserver() {\n NotificationCenter.default.addObserver(forName: NSNotification.Name.NEVPNStatusDidChange, object: vpnManager.connection, queue: OperationQueue.main) { [self] _ -> Void in\n if self.vpnManager.connection.status == .invalid {\n self.result(msg: \"VPN configuration is invalid\")\n } else if self.vpnManager.connection.status == .disconnected {\n self.result(msg: \"VPN is disconnected.\")\n } else if self.vpnManager.connection.status == .connecting {\n NSLog(\"VPN is connecting...\")\n } else if self.vpnManager.connection.status == .reasserting {\n NSLog(\"VPN is reasserting...\")\n } else if self.vpnManager.connection.status == .disconnecting {\n NSLog(\"VPN is disconnecting...\")\n } else if self.vpnManager.connection.status == .connected {\n self.result(msg: \"VPN Connected\")\n }\n }\n }\n}\n\n#if MACOS_SYSTEM_EXTENSION\n\n extension LokinetMain: OSSystemExtensionRequestDelegate {\n func request(_: OSSystemExtensionRequest, didFinishWithResult result: OSSystemExtensionRequest.Result) {\n guard result == .completed else {\n NSLog(\"Unexpected result %d for system extension request\", result.rawValue)\n return\n }\n NSLog(\"Lokinet system extension loaded\")\n setupVPNTunnel()\n }\n\n func request(_: OSSystemExtensionRequest, didFailWithError error: Error) {\n NSLog(\"System extension request failed: %@\", error.localizedDescription)\n self.bail()\n }\n\n func requestNeedsUserApproval(_ request: OSSystemExtensionRequest) {\n NSLog(\"Extension %@ requires user approval\", request.identifier)\n }\n\n func request(_ request: OSSystemExtensionRequest,\n actionForReplacingExtension existing: OSSystemExtensionProperties,\n withExtension extension: OSSystemExtensionProperties) -> OSSystemExtensionRequest.ReplacementAction\n {\n NSLog(\"Replacing extension %@ version %@ with version %@\", request.identifier, existing.bundleShortVersion, `extension`.bundleShortVersion)\n return .replace\n }\n }\n\n#endif\n\nlet args = CommandLine.arguments\n\n// If we are invoked with no arguments then exec the gui. This is dumb, but there doesn't seem to\n// be a nicer way to do this on Apple's half-baked platform because:\n// - we have three \"bundles\" we need to manage: the GUI app, the system extension, and the Lokinet\n// app (this file) which loads the system extension.\n// - if we embed the system extension directly inside the GUI then it fails to launch because the\n// electron GUI's requirements (needed for JIT) conflict with the ability to load a system\n// extensions.\n// - if we embed Lokinet.app inside Lokinet-GUI.app and then the system extension inside Lokinet.app\n// then it works, but macos loses track of the system extension and doesn't remove it when you\n// remove the application. (It breaks your system, leaving an impossible-to-remove system\n// extension, in just the same way it breaks if you don't use Finder to remove the Application.\n// Apple used to say (around 2 years ago as of writing) that they would fix this situation \"soon\",\n// but hasn't, and has stopped saying anything about it.)\n// - if we try to use multiple executables (one to launch the system extension, one simple shell\n// script to execs the embedded GUI app) inside the Lokinet.app and make the GUI the default for\n// the application then Lokinet gets killed by gatekeeper because code signing only applies the\n// (required-for-system-extensions) provisioningprofile to the main binary in the app.\n//\n// So we are left needing *one* single binary that isn't the GUI but has to do double-duty for both\n// exec'ing the binary and loading lokinet, depending on how it is called.\n//\n// But of course there is no way to specify command-line arguments to the default binary macOS runs,\n// so we can't use a `--gui` flag or anything so abhorrent to macos purity, thus this nasty\n// solution:\n// - no args -- exec the GUI\n// - `--start` -- load the system extension and start lokinet\n// - `--stop` -- stop lokinet\n//\n// macOS: land of half-baked implementations and nasty hacks to make anything work.\n\nif args.count == 1 {\n let gui_path = Bundle.main.resourcePath! + \"/../Helpers/Lokinet-GUI.app\"\n if !FileManager.default.fileExists(atPath: gui_path) {\n NSLog(\"Could not find gui app at %@\", gui_path)\n exit(1)\n }\n let gui_url = URL(fileURLWithPath: gui_path, isDirectory: false)\n let gui_app_conf = NSWorkspace.OpenConfiguration()\n let group = DispatchGroup()\n group.enter()\n NSWorkspace.shared.openApplication(at: gui_url, configuration: gui_app_conf,\n completionHandler: { (app, error) in\n if error != nil {\n NSLog(\"Error launching gui: %@\", error!.localizedDescription)\n } else {\n NSLog(\"Lauched GUI\");\n }\n group.leave()\n })\n group.wait()\n\n} else if args.count == 2 {\n let delegate = LokinetMain()\n delegate.mode = args[1]\n app.delegate = delegate\n app.run()\n} else {\n NSLog(HELP_STRING)\n}\n" }, { "path": "daemon/utils.cpp", "content": "#include \"utils.hpp\"\n\n#include \n\n#include \n\nnamespace llarp::controller\n{\n size_t lokinet_instance::next_id = 0;\n\n rpc_controller::rpc_controller() : _omq{std::make_shared()} {}\n\n void rpc_controller::_initiate(omq::address src, std::string remote)\n {\n log::info(\n logcat,\n \"Instructing lokinet instance (bind:{}) to initiate session to remote:{}\",\n src.full_address(),\n remote);\n\n nlohmann::json req;\n req[\"pk\"] = remote;\n\n if (auto it = _binds.find(src); it != _binds.end())\n _omq->request(\n it->second.cid,\n \"llarp.session_init\",\n [&](bool success, std::vector data) {\n if (success)\n {\n auto res = nlohmann::json::parse(data[0]);\n log::info(logcat, \"RPC call to initiate session succeeded: {}\", res.dump());\n }\n else\n log::critical(logcat, \"RPC call to initiate session failed!\");\n },\n req.dump());\n else\n log::critical(\n logcat, \"Could not find connection ID to RPC bind {} for `session_init` command\", src.full_address());\n }\n\n void rpc_controller::_status(omq::address src)\n {\n log::info(logcat, \"Querying lokinet instance (bind:{}) for router status\", src.full_address());\n\n if (auto it = _binds.find(src); it != _binds.end())\n _omq->request(it->second.cid, \"llarp.status\", [&](bool success, std::vector data) {\n if (success)\n {\n auto res = nlohmann::json::parse(data[0]);\n log::info(logcat, \"RPC call to query router status succeeded: \\n{}\\n\", res.dump(4));\n }\n else\n log::critical(logcat, \"RPC call to query router status failed!\");\n });\n else\n log::critical(\n logcat, \"Could not find connection ID to RPC bind {} for `status` command\", src.full_address());\n }\n\n void rpc_controller::_close(omq::address src, std::string remote)\n {\n log::info(\n logcat, \"Querying lokinet instance (bind:{}) to close session to remote:{}\", src.full_address(), remote);\n\n nlohmann::json req;\n req[\"pk\"] = remote;\n\n if (auto it = _binds.find(src); it != _binds.end())\n _omq->request(\n it->second.cid,\n \"llarp.session_close\",\n [&](bool success, std::vector data) {\n if (success)\n {\n auto res = nlohmann::json::parse(data[0]);\n log::info(logcat, \"RPC call to close session succeeded: {}\", res.dump());\n }\n else\n log::critical(logcat, \"RPC call to close session failed!\");\n },\n req.dump());\n else\n log::critical(\n logcat, \"Could not find connection ID to RPC bind {} for `session_close` command\", src.full_address());\n }\n\n void rpc_controller::_halt(omq::address src)\n {\n log::info(logcat, \"Instructing lokinet instance (bind:{}) to halt\", src.full_address());\n\n if (auto it = _binds.find(src); it != _binds.end())\n {\n _omq->request(it->second.cid, \"llarp.halt\", [&](bool success, std::vector data) {\n if (success)\n {\n auto res = nlohmann::json::parse(data[0]);\n log::info(logcat, \"RPC call to halt instance succeeded: {}\", res.dump());\n }\n else\n log::critical(logcat, \"RPC call to halt instance failed!\");\n });\n }\n else\n log::critical(logcat, \"Could not find connection ID to RPC bind {} for `halt` command\", src.full_address());\n }\n\n bool rpc_controller::_omq_connect(const std::vector& bind_addrs)\n {\n int i = 0;\n std::vector> connect_proms{bind_addrs.size()};\n\n for (auto& b : bind_addrs)\n {\n omq::address bind{b};\n log::info(logcat, \"RPC controller connecting to RPC bind address ({})\", bind.full_address());\n\n auto cid = _omq->connect_remote(\n bind,\n [&, idx = i](auto) {\n log::info(logcat, \"Loki controller successfully connected to RPC bind ({})\", bind.full_address());\n connect_proms[idx].set_value(true);\n },\n [&, idx = i](auto, std::string_view msg) {\n log::info(\n logcat, \"Loki controller failed to connect to RPC bind ({}): {}\", bind.full_address(), msg);\n connect_proms[idx].set_value(false);\n });\n\n auto it = _binds.emplace(bind, lokinet_instance{cid}).first;\n _indexes.emplace(it->second.ID, it->first);\n i += 1;\n }\n\n bool ret = true;\n\n for (auto& p : connect_proms)\n ret &= p.get_future().get();\n\n return ret;\n }\n\n bool rpc_controller::start(std::vector& bind_addrs)\n {\n _omq->start();\n return _omq_connect(bind_addrs);\n }\n\n void rpc_controller::list_all() const\n {\n auto msg = \"\\n\\n\\tLokinet RPC controller connected to {} RPC binds:\\n\"_format(_binds.size());\n for (auto& [idx, addr] : _indexes)\n msg += \"\\t\\tID:{} | Address:{}\\n\"_format(idx, addr.full_address());\n\n log::info(logcat, \"{}\", msg);\n }\n\n void rpc_controller::refresh() { log::critical(logcat, \"TODO: implement this!\"); }\n\n void rpc_controller::initiate(size_t idx, std::string remote)\n {\n if (auto it = _indexes.find(idx); it != _indexes.end())\n _initiate(it->second, std::move(remote));\n else\n log::warning(logcat, \"Could not find instance with given index: {}\", idx);\n }\n\n void rpc_controller::initiate(omq::address src, std::string remote)\n {\n return _initiate(std::move(src), std::move(remote));\n }\n\n void rpc_controller::status(omq::address src) { return _status(std::move(src)); };\n\n void rpc_controller::status(size_t idx)\n {\n if (auto it = _indexes.find(idx); it != _indexes.end())\n _status(it->second);\n else\n log::warning(logcat, \"Could not find instance with given index: {}\", idx);\n }\n\n void rpc_controller::close(omq::address src, std::string remote)\n {\n return _close(std::move(src), std::move(remote));\n }\n\n void rpc_controller::close(size_t idx, std::string remote)\n {\n if (auto it = _indexes.find(idx); it != _indexes.end())\n _close(it->second, std::move(remote));\n else\n log::warning(logcat, \"Could not find instance with given index: {}\", idx);\n }\n\n void rpc_controller::halt(omq::address src) { return _halt(std::move(src)); }\n\n void rpc_controller::halt(size_t idx)\n {\n if (auto it = _indexes.find(idx); it != _indexes.end())\n _halt(it->second);\n else\n log::warning(logcat, \"Could not find instance with given index: {}\", idx);\n }\n} // namespace llarp::controller\n" }, { "path": "daemon/utils.hpp", "content": "#pragma once\n\n#include \n#include \n#include \n\n#include \n\nnamespace omq = oxenmq;\n\nnamespace llarp::controller\n{\n static auto logcat = log::Cat(\"rpc-controller\");\n\n struct rpc_controller;\n\n struct lokinet_instance\n {\n friend struct rpc_controller;\n\n private:\n static size_t next_id;\n\n public:\n lokinet_instance(omq::ConnectionID c) : ID{++next_id}, cid{std::move(c)} {}\n\n const size_t ID;\n omq::ConnectionID cid;\n };\n\n struct rpc_controller\n {\n rpc_controller();\n\n private:\n std::shared_ptr _omq;\n std::unordered_map _binds;\n std::map _indexes;\n\n void _initiate(omq::address src, std::string remote);\n void _status(omq::address src);\n void _close(omq::address src, std::string remote);\n void _halt(omq::address src);\n\n bool _omq_connect(const std::vector& bind_addrs);\n\n public:\n bool start(std::vector& bind_addrs);\n\n void list_all() const;\n\n void refresh();\n\n void initiate(omq::address src, std::string remote);\n void initiate(size_t idx, std::string remote);\n\n void status(omq::address src);\n void status(size_t idx);\n\n void close(omq::address src, std::string remote);\n void close(size_t idx, std::string remote);\n\n void halt(omq::address src);\n void halt(size_t idx);\n };\n} // namespace llarp::controller\n" }, { "path": "docs/CMakeLists.txt", "content": "find_program(DOXYGEN doxygen)\nif (NOT DOXYGEN)\n message(STATUS \"Documentation generation disabled (doxygen not found)\")\n return()\nendif()\n\nfind_program(MKDOCS mkdocs)\nif (NOT MKDOCS)\n message(STATUS \"Documentation generation disabled (mkdocs not found)\")\n return()\nendif()\n\nset(lokinet_doc_sources \"${DOCS_SRC}\")\nstring(REPLACE \";\" \" \" lokinet_doc_sources_spaced \"${lokinet_doc_sources}\")\n\nadd_custom_target(clean_xml COMMAND ${CMAKE_COMMAND} -E rm -rf doxyxml)\nadd_custom_target(clean_markdown COMMAND ${CMAKE_COMMAND} -E rm -rf markdown)\n\nadd_custom_command(\n OUTPUT doxyxml/index.xml\n COMMAND ${DOXYGEN} Doxyfile\n DEPENDS\n clean_xml\n ${CMAKE_CURRENT_BINARY_DIR}/Doxyfile\n ${lokinet_doc_sources}\n)\n\n# find doxybook2\nfind_program(DOXYBOOK2 doxybook2)\nif(NOT DOXYBOOK2)\n if(NOT DOXYBOOK2_ZIP_URL)\n set(DOXYBOOK2_VERSION v1.4.0 CACHE STRING \"doxybook2 version\")\n set(DOXYBOOK2_ZIP_URL \"https://github.com/matusnovak/doxybook2/releases/download/${DOXYBOOK2_VERSION}/doxybook2-linux-amd64-${DOXYBOOK2_VERSION}.zip\")\n set(DOXYBOOK2_ZIP_HASH_OPTS EXPECTED_HASH SHA256=bab9356f5daa550cbf21d8d9b554ea59c8be039716a2caf6e96dee52713fccb0)\n endif()\n\n file(DOWNLOAD\n ${DOXYBOOK2_ZIP_URL}\n ${CMAKE_CURRENT_BINARY_DIR}/doxybook2.zip\n ${DOXYBOOK2_ZIP_HASH_OPTS})\n\n execute_process(COMMAND ${CMAKE_COMMAND} -E tar xf ${CMAKE_CURRENT_BINARY_DIR}/doxybook2.zip\n WORKING_DIRECTORY ${CMAKE_CURRENT_BINARY_DIR})\n set(DOXYBOOK2 ${CMAKE_CURRENT_BINARY_DIR}/bin/doxybook2)\n set(doxybook_localbin ${DOXYBOOK2})\nendif()\n\nadd_custom_command(\n OUTPUT gen\n COMMAND ${DOXYBOOK2} --input ${CMAKE_CURRENT_BINARY_DIR}/doxyxml --output ${CMAKE_CURRENT_BINARY_DIR}/gen --config config.json\n DEPENDS\n ${doxybook_localbin}\n ${CMAKE_CURRENT_BINARY_DIR}/gen/index.md\n ${CMAKE_CURRENT_BINARY_DIR}/config.json\n ${CMAKE_CURRENT_BINARY_DIR}/doxyxml/index.xml)\n\nadd_custom_target(clean_html COMMAND ${CMAKE_COMMAND} -E rm -rf html)\n\nadd_custom_command(\n OUTPUT markdown\n COMMAND find ${CMAKE_CURRENT_BINARY_DIR}/gen/ -type f -name '*.md' -exec ${CMAKE_CURRENT_SOURCE_DIR}/fix-markdown.sh {} \"\\;\" && ${CMAKE_COMMAND} -E copy_directory ${CMAKE_CURRENT_BINARY_DIR}/gen ${CMAKE_CURRENT_BINARY_DIR}/markdown\n DEPENDS gen\n)\n\nadd_custom_command(\n OUTPUT html\n COMMAND ${MKDOCS} build\n DEPENDS\n clean_html\n ${CMAKE_CURRENT_BINARY_DIR}/markdown)\n\nadd_custom_target(doc DEPENDS markdown)\n\nconfigure_file(Doxyfile.in Doxyfile @ONLY)\nconfigure_file(index.md.in index.md @ONLY)\n\nconfigure_file(config.json config.json COPYONLY)\nconfigure_file(mkdocs.yml mkdocs.yml COPYONLY)\n\n# we seperate this step out so we force clean_markdown to run before markdown target\nadd_custom_command(\n OUTPUT gen/index.md\n COMMAND ${CMAKE_COMMAND} -E copy index.md gen/index.md\n DEPENDS clean_markdown)\n" }, { "path": "docs/Doxyfile.in", "content": "PROJECT_NAME = \"Lokinet\"\nPROJECT_NUMBER = v@lokinet_VERSION@\nPROJECT_BRIEF = \"Anonymous, decentralized and IP based overlay network for the internet.\"\nOUTPUT_DIRECTORY = @CMAKE_CURRENT_BINARY_DIR@\nSTRIP_FROM_PATH = @PROJECT_SOURCE_DIR@ @PROJECT_BINARY_DIR@\nJAVADOC_AUTOBRIEF = YES\nALIASES = \"rst=\\verbatim embed:rst\"\nALIASES += \"endrst=\\endverbatim\"\nBUILTIN_STL_SUPPORT = YES\nINPUT = @lokinet_doc_sources_spaced@\nINCLUDE_PATH = @PROJECT_SOURCE_DIR@/include @PROJECT_SOURCE_DIR@/llarp @PROJECT_SOURCE_DIR@/external/ghc-filesystem/include/\nRECURSIVE = YES\nCLANG_ASSISTED_PARSING = NO\n#CLANG_OPTIONS = -std=c++17 -Wno-pragma-once-outside-header\nGENERATE_HTML = NO\nHTML_OUTPUT = doxyhtml\nGENERATE_LATEX = NO\nGENERATE_XML = YES\nXML_OUTPUT = doxyxml\nMACRO_EXPANSION = YES\n" }, { "path": "docs/LICENSE", "content": "Low Latency Anonymous Routing Protocol Specification\nWritten in 2017 by Jeff Becker \n\nTo the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to \nthis protocol specfication to the public domain worldwide. This software is distributed without any warranty.\nYou should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see \n.\n" }, { "path": "docs/architecture.md", "content": "# High-Level Architecture\n\n## Path Building\n\n

\n \n

\n\nStarting from the top, here's a high-level overview of how the lokinet client builds a path to a terminating node\n\n1. Client semi-randomly selects SN's for hops 2 and 3 using Introset Hash Ring (IHR)\n - First hop is sticky: upon initialization of lokinet, 4-5 first hops are selected\n\n2. Message sent to hop 1\n - Message consists of eight records in a linked list. Four hops are typically used, leaving the last 4 links as dummy records\n - Each record contains a TX (upstream) path ID and RX (downstream) path ID\n - Each record has a pointer to the next record, except for the final hops' record; the pointer here is recursive, signalling the end of the path-build\n\n3. Hop 2 pops top record, appends metadata, and pushes record to the back of linked list\n - Hop adds metadata to the record, such as optional lifetime, pubkey to derive shared secret, etc\n\n4. Steps 2-3 are repeated for the remaining hops until destination is reached\n - Final hop reads the recursive pointer signalling the end of the path-build process\n\n5. Upon completion, plain-text reply is propagated backwards, where the client can then decrypt all records\n\n6. Client measures latency\n - A) Routing message is sequentially encrypted using hop 4's key through hop 1's key\n - At each iteration, the nonce is permuted by XOR'ing the previous nonce with the hash of the secret key of each hop\n - B) Routing message is sent s.t. each hop can decrypt, with final hop receiving plain-text\n - Each hop appends latency and expiration time data, with the final hop interpreting the plain-text as a routing message and sending it back to the client\n\n7. Introset is published to IHR upon successful completion; introset contains:\n - Path ID's of routers\n - Latency and expiration time for each hop\n - DNS SRV records\n - etc\n\n### Failure Cases\n\n1. Next hop is an invalid SN\n2. Cannot connect to SN\n\nIn either case, the path-build status is sent backwards with an error flag. Once received by the client, metadata related to the prospective path is wiped and the path forgotten\n\n\n" }, { "path": "docs/config.json", "content": "{\n \"baseUrl\": \"\",\n \"indexInFolders\": false,\n \"linkSuffix\": \".md\",\n \"mainPageInRoot\": false,\n \"mainPageName\": \"index\",\n \"linkLowercase\": false,\n \"foldersToGenerate\": [\"files\", \"classes\", \"namespaces\"]\n}\n" }, { "path": "docs/dns-overview.md", "content": "# DNS in Lokinet\n\nLokinet uses dns are its primary interface for resolving, mapping and querying resources inside of lokinet.\nThis was done not because DNS is *good* protocol, but because there is almost no relevent userland applications that are incapable of interacting with DNS, across every platform.\nUsing DNS in lokinet allows for the most zero config setup possible with the current set of standard protocols.\n\nLokinet provides 2 internal gtld, `.loki` and `.snode`\n\n## .snode\n\nThe `.snode` gtld is used to address a lokinet router in the form of `.snode`.\nTraffic bound to a `.snode` tld will have its source authenticatable only if it originates from another valid lokinet router.\nClients can also send traffic to and from addresses mapped to `.snode` addresses, but the source address on the service node side is ephemeral.\nIn both cases, ip traffic to addresses mapped to `.snode` addresses will have the destination ip rewritten by the lokinet router to be its local interface ip, this ensures traffic stays on the lokinet router' interface for snode traffic and preventing usage as an exit node.\n\n## .loki\n\nThe `.loki` gtld is used to address anonymously published routes to lokinet clients on the network.\n\n\n\n## What RR are provided?\n\nAll `.loki` domains by default have the following dns rr synthesized by lokinet:\n\n* `A` record for initiating address mapping\n* `MX` record pointing to the synthesizesd `A` record\n* free wildcard entries for all of the above.\n\nWildard entries are currently only pointing\n\nAll `.snode` domains have by defult just an `A` record for initiating address mapping.\n\nAdditionally both `.loki` and `.snode` can optionally provide multiple `SRV` records to advertise existence of services on or off of the name.\n\n\n" }, { "path": "docs/doxygen.md", "content": "\n# Doxygen\n\nbuilding doxygen docs requires the following:\n\n* cmake\n* doxygen\n* sphinx-build\n* sphinx readthedocs theme\n* breathe\n* exhale\n\ninstall packages:\n\n $ sudo apt install make cmake doxygen python3-sphinx python3-sphinx-rtd-theme python3-breathe python3-pip\n $ pip3 install --user exhale\n \nbuild docs:\n\n $ mkdir -p build-docs\n $ cd build-docs\n $ cmake .. && make doc \n\nserve built docs via http, will be served at http://127.0.0.1:8000/\n\n $ python3 -m http.server -d docs/html\n \n" }, { "path": "docs/exit-setup.md", "content": "\nto configure lokinet to be an exit add into `lokinet.ini`:\n\n [router]\n min-connections=8\n max-connections=16\n\n [network]\n exit=true\n keyfile=/var/lib/lokinet/exit.private\n reachable=1\n ifaddr=10.0.0.1/16\n hops=2\n paths=8\n\n\npost setup for exit (as root) given `eth0` is used to get to the internet:\n\n # echo 1 > /proc/sys/net/ipv4/ip_forward\n # iptables -t nat -A POSTROUTING -s 10.0.0.0/16 -o eth0 -j MASQUERADE\n" }, { "path": "docs/fix-markdown.sh", "content": "#!/bin/bash\n# apply markdown file content quarks\n\n\n# rewrite br tags\nsed -i 's|
|
|g' $@ \n" }, { "path": "docs/ideal-ux.md", "content": "# What does Lokinet actually do?\n\nLokinet is an onion routed authenticated unicast IP network. It exposes an IP tunnel to the user and provides a dns resolver that maps `.loki` and `.snode` gtld onto a user defined ip range.\n\nLokinet allows users to tunnel arbitrary ip ranges to go to a `.loki` address to act as a tunnel broker via another network accessible via another lokinet client. This is commonly known as an \"exit node\" but the way lokinet does this is much more generic so that term is not very accurate given what it actually does.\n\nThe `.snode` gtld refers to a router on the network by its public ed25519 key.\n\nThe `.loki` gtld refers to clients that publish the existence anonymously to the network by their ed25519 public key. (`.loki` also has the ability to use short names resolved via external consensus method, like a blockchain).\n\n# How do I use Lokinet?\n\nset system dns resolver to use the dns resolver provided by lokinet, make sure the upstream dns provider that lokinet uses for non lokinet gtlds is set as desired (see lokinet.ini `[dns]` section)\n\nconfigure exit traffic provider if you want to tunnel ip traffic via lokinet, by default this is off as we cannot provide a sane defualt that makes everyone happy. to enable an exit node, see lokinet.ini `[network]` section, add multiple `exit-node=exitaddrgoeshere.loki` lines for each endpoint you want to use for exit traffic. each `exit-node` entry will be used to randomly stripe across per IP you are sending to. \n\nnote: per flow (ip+proto/port) isolation is trivial on a technical level but currently not implemented at this time.\n\n# Can I run lokinet on a soho router?\n\nYes and that is the best way to run it in practice. \n\n## The \"easy\" way\n\nWe have a community maintained solution for ARM SBCs like rasperry pi: https://github.com/necro-nemesis/LabyrinthAP\n\n## The \"fun\" way (DIY)\n\nIt is quite nice to DIY. if you choose to do so there is some assembly required:\n\non the lokinet side, make sure that the...\n\n* ip ranges for `.loki` and `.snode` are statically set (see lokinet.ini `[network]` section `ifaddr=` option)\n* network interace used by lokinet is statically set (see lokinet.ini `[network]` section `ifname=` option)\n* dns socket is bound to an address the soho router's dns resolver can talk to, see `[dns]` section `bind=` option) \n\non the soho router side:\n\n* route queries for `.loki` and `.snode` gtld to go to lokinet dns on soho router's dns resolver\n* use dhcp options to set dns to use the soho router's dns resolver\n* make sure that the ip ranges for lokinet are reachable via the LAN interface \n* if you are tunneling over an exit ensure that LAN traffic will only forward to go over the lokinet vpn interface\n" }, { "path": "docs/index.md.in", "content": "# Lokinet @lokinet_VERSION@ (git rev: @GIT_VERSION@)\n\nsummary goes here\n\n## Overview\n\n[code internals](index_namespaces.md)\n" }, { "path": "docs/install.md", "content": "# Installing\n\nIf you are simply looking to install Lokinet and don't want to compile it yourself we provide several options for platforms to run on:\n\nTier 1:\n\n* [Linux](#linux-install)\n* [Windows](#windows-install)\n* [MacOS](#macos-install)\n\nTier 2:\n\n* [FreeBSD](#freebsd-install)\n\nCurrently Unsupported Platforms: (maintainers welcome)\n\n* [Android](#apk-install)\n* Apple iPhone \n* Homebrew\n* \\[Insert Flavor of the Month windows package manager here\\]\n\n\n## Official Builds\n\n### Windows / MacOS \n\nYou can get the latest stable release for lokinet on windows or macos from https://lokinet.org/ or check the [releases page on github](https://github.com/oxen-io/lokinet/releases).\n\n### Linux \n\nYou do not have to build from source if you do not wish to, we provide [apt](#deb-install) and [rpm](#rpm-install) repos.\n\n#### APT Repository \n\nYou can install debian packages from `deb.oxen.io` by adding the apt repo to your system.\n\n $ sudo curl -so /etc/apt/trusted.gpg.d/oxen.gpg https://deb.oxen.io/pub.gpg\n $ echo \"deb https://deb.oxen.io $(lsb_release -sc) main\" | sudo tee /etc/apt/sources.list.d/oxen.list\n \nThis apt repo is also available via lokinet at `http://deb.loki`\n\nOnce added you can install lokinet with:\n\n $ sudo apt update\n $ sudo apt install lokinet\n\nWhen running from debian package the following steps are not needed as it is already running and ready to use. You can stop/start/restart it using `systemctl start lokinet`, `systemctl stop lokinet`, etc.\n\n#### RPM \n\nWe also provide an RPM repo, see `rpm.oxen.io`, also available on lokinet at `rpm.loki`\n \n## Bleeding Edge dev builds \n\nautomated builds from dev branches for the brave or impatient can be found from our CI pipeline [here](https://oxen.rocks/oxen-io/lokinet/). (warning: these nightly builds may or may not consume your first born child.)\n\n## Building\n\nBuild requirements:\n\n* Git\n* CMake\n* C++ 17 capable C++ compiler\n* libuv >= 1.27.0\n* libsodium >= 1.0.18\n* libssl (for lokinet-bootstrap)\n* libcurl (for lokinet-bootstrap)\n* libunbound\n* libzmq\n* cppzmq\n\n### Linux Compile\n\nIf you want to build from source: \n\n $ sudo apt install build-essential cmake git libcap-dev pkg-config automake libtool libuv1-dev libsodium-dev libzmq3-dev libcurl4-openssl-dev libevent-dev nettle-dev libunbound-dev libssl-dev nlohmann-json3-dev\n $ git clone --recursive https://github.com/oxen-io/lokinet\n $ cd lokinet\n $ mkdir build\n $ cd build\n $ cmake .. -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=OFF\n $ make -j$(nproc)\n $ sudo make install\n\nset up the initial configs:\n\n $ lokinet -g\n $ lokinet-bootstrap\n\nafter you create default config, run it:\n\n $ lokinet\n\nThis requires the binary to have the proper capabilities which is usually set by `make install` on the binary. If you have errors regarding permissions to open a new interface this can be resolved using:\n\n $ sudo setcap cap_net_admin,cap_net_bind_service=+eip /usr/local/bin/lokinet\n\n\n#### Arch Linux \n\nDue to [circumstances beyond our control](https://github.com/oxen-io/lokinet/discussions/1823) a working `PKGBUILD` can be found [here](https://raw.githubusercontent.com/oxen-io/lokinet/makepkg/contrib/archlinux/PKGBUILD).\n\n#### Cross Compile For Linux \n\ncurrent cross targets:\n\n* aarch64-linux-gnu\n* arm-linux-gnueabihf\n* mips-linux-gnu\n* mips64-linux-gnuabi64\n* mipsel-linux-gnu\n* powerpc64le-linux-gnu\n\ninstall the toolchain (this one is for `aarch64-linux-gnu`, you can provide your own toolchain if you want)\n\n $ sudo apt install g{cc,++}-aarch64-linux-gnu\n\nbuild 1 or many cross targets:\n\n $ ./contrib/cross.sh arch_1 arch_2 ... arch_n\n\n### Building For Windows \n\nwindows builds are cross compiled from debian/ubuntu linux\n\nadditional build requirements:\n\n* nsis\n* cpack\n* rsvg-convert (`librsvg2-bin` package on Debian/Ubuntu)\n\nsetup:\n\n $ sudo apt install build-essential cmake git pkg-config mingw-w64 nsis cpack automake libtool\n $ sudo update-alternatives --set x86_64-w64-mingw32-gcc /usr/bin/x86_64-w64-mingw32-gcc-posix\n $ sudo update-alternatives --set x86_64-w64-mingw32-g++ /usr/bin/x86_64-w64-mingw32-g++-posix\n\nbuilding:\n\n $ git clone --recursive https://github.com/oxen-io/lokinet\n $ cd lokinet\n $ ./contrib/windows.sh\n \n### Compiling for MacOS \n\nSource code compilation of Lokinet by end users is not supported or permitted by apple on their platforms, see [this](../contrib/macos/README.txt) for more information.\n\nIf you find this disagreeable consider using a platform that permits compiling from source.\n\n### FreeBSD \n\nCurrently has no VPN Platform code, see issue `#1513`\n\nbuild:\n\n $ pkg install cmake git pkgconf\n $ git clone --recursive https://github.com/oxen-io/lokinet\n $ cd lokinet\n $ mkdir build\n $ cd build\n $ cmake -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=OFF -DSTATIC_LINK=ON -DBUILD_STATIC_DEPS=ON ..\n $ make\n\ninstall (root):\n\n # make install\n \n### Android \n\nWe have an Android APK for lokinet VPN via android VPN API. \n\nComing to F-Droid whenever that happens. [[issue]](https://github.com/oxen-io/lokinet-flutter-app/issues/8)\n\n* [source code](https://github.com/oxen-io/lokinet-flutter-app)\n" }, { "path": "docs/liblokinet-dev-guide.md", "content": "# Embedding Lokinet into an existing application\n\nWhen all else fails and you want to deploy lokinet inside your app without the OS caring you can embed an entire lokinet client and a few of the upper network layers into your application manually.\n\n## Why you should avoid this route \n\n`// TODO: this`\n\n## When you cannot avoid this route, how do i use it?\n\n`// TODO: this`\n" }, { "path": "docs/macos-signing.txt", "content": "If you are reading this to try to build Lokinet for yourself for an Apple operating system and\nsimultaneously care about open source, privacy, or freedom then you, my friend, are a walking\ncontradiction: you are trying to get Lokinet to work on a platform that actively despises open\nsource, privacy, and freedom. Even Windows is a better choice in all of these categories than\nApple.\n\nThis directory contains the magical incantations and random voodoo symbols needed to coax an Apple\nbuild. There's no reason builds have to be this stupid, except that Apple wants to funnel everyone\ninto the no-CI, no-help, undocumented, non-toy-apps-need-not-apply modern Apple culture.\n\nThis is disgusting.\n\nBut it gets worse.\n\nThe following two files, in particular, are the very worst manifestations of this already toxic\nApple cancer: they are required for proper permissions to run on macOS, are undocumented, and can\nonly be regenerated through the entirely closed source Apple Developer backend, for which you have\nto pay money first to get a team account (a personal account will not work), and they lock the\nresulting binaries to only run on individually selected Apple computers selected at the time the\nprofile is provisioned (with no ability to allow it to run anywhere).\n\n lokinet.dev.provisionprofile\n lokinet-extension.dev.provisionprofile\n\nThis is actively hostile to open source development, but that is nothing new for Apple.\n\nThere are also release provisioning profiles\n\n lokinet.release.provisionprofile\n lokinet-extension.release.provisionprofile\n\nThese ones allow distribution of the app, but only if notarized, and again require notarization plus\nsigning by a (paid) Apple developer account.\n\nIn order to make things work, you'll have to replace these provisioning profiles with your own\n(after paying Apple for the privilege of developing on their platform, of course) and change all the\nteam/application/bundle IDs to reference your own team, matching the provisioning profiles. The dev\nprovisioning profiles must be a \"macOS Development\" provisioning profile, and must include the\nsigning keys and the authorized devices on which you want to run it. (The profiles bundled in this\nrepository contains the lokinet team's \"Apple Development\" keys associated with the Oxen project,\nand mac dev boxes. This is *useless* for anyone else).\n\nFor release builds, you still need a provisioning profile, but it must be a \"Distribution: Developer\nID\" provisioning profile, and are tied to a (paid) Developer ID. The ones in the repository are\nattached to the Oxen Project Developer ID and are useless to anyone else.\n\nOnce you have that in place, you need to build and sign the package using a certificate matching\nyour provisioning profile before your Apple system will allow it to run. (That's right, your $2000\nbox won't let you run programs you build from source on it unless you also subscribe to a $100/year\nApple developer account).\n\nOkay, so now that you have paid Apple more money for the privilege of using your own computer,\nhere's how you make a signed lokinet app:\n\n1) Decide which type of build you are doing: a lokinet system extension, or an app extension. The\n former must be signed and notarized and will only work when placed in the /Applications folder,\n but will not work as a dev build and cannot be distributed outside the Mac App Store. The latter\n is usable as a dev build, but still requires a signature and Apple-provided provisioningprofile\n listing the limited number of devices on which it is allowed to run.\n\n For system extension builds you want to add the -DMACOS_SYSTEM_EXTENSION=ON flag to cmake.\n\n2) Figure out the certificate to use for signing and make sure you have it installed. For a\n distributable system extension build you need a \"Developer ID Application\" key and certificate,\n issued by your paid developer.apple.com account. For dev builds you need a \"Apple Development\"\n certificate.\n\n In most cases you don't need to specify these; the default cmake script will figure them out.\n (If it can't, e.g. because you have multiple of the right type installed, it will error with the\n keys it found).\n\n To be explicit, use `security find-identity -v` to list your keys, then list the key identity\n with -DCODESIGN_ID=.....\n\n3) If you are doing a system extension build you will need to provide notarization login information by adding:\n\n -DMACOS_NOTARIZE_ASC=XYZ123 -DMACOS_NOTARIZE_USER=me@example.com -DMACOS_NOTARIZE_PASS=@keychain:codesigning-password\n\n a) The first value (XYZ123) needs to be the organization-specific unique value, and is printed in\n brackets in the certificate description. For example:\n\n 15095CD1E6AF441ABC69BDC52EE186A18200A49F \"Developer ID Application: Some Developer (ABC123XYZ9)\"\n\n would require ABC123XYZ9 for this field.\n\n b) The USER field is your Apple Developer login e-mail address.\n\n c) The PASS field is a keychain reference holding your \"Application-Specific Password\". To set\n up such a password for your account, consult Apple documentation. Once you have it, load it\n into your keychain via:\n\n export HISTFILE='' # Don't want to store this in the shell history\n xcrun altool --store-password-in-keychain-item \"codesigning-password\" -u \"user\" -p \"password\"\n\n You can change \"codesigning-password\" to whatever you want (just make sure it agrees with the\n -DMACOS_NOTARIZE_PASS option you build with). \"user\" and \"password\" should be your developer\n account device-specific login credentials provided by Apple.\n\n To make your life easier, stash these settings into a `~/.notarization.cmake` file inside your\n home directory; if you have not specified them in the build, and this file exists, lokinet's\n cmake will load it:\n\n set(MACOS_NOTARIZE_USER \"me@example.com\")\n set(MACOS_NOTARIZE_PASS \"@keychain:codesigning-password\")\n set(MACOS_NOTARIZE_ASC \"ABC123XYZ9\")\n\n4) Build and sign the package; there is a script `contrib/mac.sh` that can help (extra cmake options\n you need can be appended to the end), or you can build yourself in a build directory. See the\n script for the other cmake options that are typically needed. Note that `-G Ninja` (as well as a\n working ninja builder) are required.\n\n If you get an error `errSecInternalComponent` this is Apple's highly descriptive way of telling\n you that you need to unlock your keychain, which you can do by running `security unlock`.\n\n If doing it yourself, `ninja sign` will build and then sign the app.\n\n If you need to also notarize (e.g. for a system extension build) run `./notarize.py` from the\n build directory (or alternatively `ninja notarize`, but the former gives you status output while\n it runs).\n\n5) Packaging the app: you want to use `-DLOKINET_PACKAGE=ON` when configuring with cmake and then,\n once all signing and notarization is complete, run `cpack` which will give you a .dmg and a .zip\n containing the release.\n" }, { "path": "docs/mkdocs.yml", "content": "site_name: Lokinet\ntheme:\n name: 'readthedocs'\ndocs_dir: markdown\nsite_dir: html\n" }, { "path": "docs/net-comparisons.md", "content": "# How is lokinet different than ...\n\n## Tor Browser\n\nTor browser is a hardened Firefox Web Browser meant exclusively to surf http(s) sites via Tor. It is meant to be a complete self contained browser you open and run to surf the Web (not the internet) anonymously.\nLokinet does not provide a web browser at this time because that is not a small task to do at all, and an even larger task to do in a way that is secure, robust and private. Community Contribuitions Welcomed.\n\n## Tor/Onion Services\n\nWhile Tor Browser is the main user facing product made by Tor Project, the main powerhouse is Tor itself. Tor provides a way to anonymize tcp connections made by an initiator and optionally additionally the recipient, when using a .onion address. Lokinet provides a similar feature set but can carry anything that can be encapsulated in an IP packet (currently only unicast traffic). \n\nThe Lokinet UX differs greatly from that of Tor. By default we do not provide exit connectivity. Because each user's threat model greatly varies in scope and breadth, there exists no one size fits all way to do exit connectivity. Users obtain their exit node information out-of-band at the moment. In the future we want to add decentralized network wide service discovery not limited to just exit providers, but this is currently unimplemented. We think that by being hands-off with respect to exit node requirements a far more diverse set of exit nodes can exist. In addition to having totally open unrestrcited exits, there is merit to permitting \"specialized\" exit providers that are allowed to do excessive filtering or geo blocking for security theatre checkbox compliance.\n\nLokinet additionally encourages the manual selection and pinning of edge connections to fit each user's threat model.\n\n## I2P\n\nIntegrating applications to utilize i2p's network layer is painful and greatly stunts mainstream adoption.\nLokinet takes the inverse approach of i2p: make app integration in lokinet should require zero custom shims or modifications to code to make it work.\n\n## DVPNs / Commercial VPN Proxies\n\nOne Hop VPNs can see your real IP and all of the traffic you tunnel over them. They are able to turn your data over to authorities even if they claim to not log.\n\nLokinet can see only 1 of these 2 things, but NEVER both:\n\n* Encrypted data coming from your real IP going to the first hop Lokinet Router forwarded to another Lokinet Router.\n* A lokinet exit sees traffic coming from a `.loki` address but has no idea what the real IP is for it.\n\nOne Hop Commericial VPN Tunnels are no log by **policy**. You just have to trust that they are telling the truth.\n\nLokinet is no log by **design** it doesn't have a choice in this matter because the technology greatly hampers efforts to do so.\n\nAny Lokinet Client can be an exit if they want to and it requires no service node stakes. Exits are able to charge users for exiting to the internet, tooling for orechestrating this is in development.\n" }, { "path": "docs/project-structure.md", "content": "# Lokinet Project Structure \n\nthis codebase is a bit large. this is a high level map of the current code structure.\n\n## Lokinet executable main functions `(/daemon)`\n\n* `lokinet.cpp`: lokinet daemon executable\n* `lokinet.swift`: macos sysex/appex executable\n* `lokinet-vpn.cpp`: lokinet rpc tool for controlling exit node usage\n* `lokinet-bootstrap.cpp`: legacy util for windows, downloads a bootstrap file via https\n\n\n## Lokinet public headers `(/include)`\n\n`lokinet.h and lokinet/*.h`: C headers for embedded lokinet \n\n`llarp.hpp`: semi-internal C++ header for lokinet executables\n\n\n## Lokinet core library `(/llarp)` \n\n* `/llarp`: contains a few straggling compilation units\n* `/llarp/android`: android platform compat shims\n* `/llarp/apple`: all apple platform specific code\n* `/llarp/config`: configuration structs, generation/parsing/validating of config files\n* `/llarp/consensus`: network consenus and inter relay testing \n* `/llarp/constants`: contains all compile time constants \n* `/llarp/crypto`: cryptography interface and implementation, includes various secure helpers\n* `/llarp/dht`: dht message structs, parsing, validation and handlers of dht related parts of the protocol \n* `/llarp/dns`: dns subsytem, dns udp wire parsers, resolver, server, rewriter/interceptor, the works\n* `/llarp/ev`: event loop interfaces and implementations \n* `/llarp/exit`: `.snode` endpoint \"backend\"\n* `/llarp/handlers`: packet endpoint \"frontends\"\n* `/llarp/iwp`: \"internet wire protocol\", hacky homegrown durable udp wire protocol used in lokinet\n* `/llarp/link`: linklayer (node to node) communcation subsystem\n* `/llarp/messages`: linklayer message parsing and handling \n* `/llarp/net`: wrappers and helpers for ip addresses / ip ranges / sockaddrs, hides platform specific implemenation details\n* `/llarp/path`: onion routing path logic, both client and relay side, path selection algorithms.\n* `/llarp/peerstats`: deprecated\n* `/llarp/quic`: plainquic shims for quic protocol inside lokinet \n* `/llarp/router`: the relm of the god objects\n* `/llarp/routing`: routing messages (onion routed messages sent over paths), parsing, validation and handler interfaces.\n* `/llarp/rpc`: lokinet zmq rpc server and zmq client for externalizing logic (like with blockchain state and custom `.loki` endpoint orchestration)\n* `/llarp/service`: `.loki` endpoint \"backend\"\n* `/llarp/simulation`: network simulation shims\n* `/llarp/tooling`: network simulation tooling\n* `/llarp/util`: utility function dumping ground\n* `/llarp/vpn`: vpn tunnel implemenation for each supported platform\n* `/llarp/win32`: windows specific code\n\n\n## Component relations\n\n### `/llarp/service` / `/llarp/handlers` / `/llarp/exit`\n\nfor all codepaths for traffic over lokinet, there is 2 parts, the \"frontend\" and the \"backend\".\n\nthe \"backend\" is responsible for sending and recieving data inside lokinet using our internal formats via paths, it handles flow management, lookups, timeouts, handover, and all state we have inside lokinet.\n\nthe \"fontend\", is a translation layer that takes in IP Packets from the OS, and send it to the backend to go where ever it wants to go, and recieves data from the \"backend\" and sends it to the OS as an IP Packet.\n\nthere are 2 'backends': `.snode` and `.loki`\n\nthere are 2 'frontends': \"tun\" (generic OS vpn interface) and \"null\" (does nothing)\n\n* `//TODO: the backends need to be split up into multiple sub components as they are a kitchen sink.`\n* `//TODO: the frontends blend into the backend too much and need to have their boundery clearer.`\n\n\n### `/llarp/ev` / `/llarp/net` / `/llarp/vpn`\n\nthese contain most of the os/platform specific bits\n\n* `//TODO: untangle these`\n\n\n### `/llarp/link` / `/llarp/iwp`\n\nnode to node traffic logic and wire protocol dialects \n\n* `//TODO: make better definitions of interfaces`\n* `//TODO: separte implementation details from interfaces`\n\n\n## Platform contrib code `(/contrib)`\n\ngrab bag directory for non core related platform specific non source code\n\n* `/contrib/format.sh`: clang-format / jsonnetfmt / swiftformat helper, will check or correct code style.\n\nsystem layer and packaging related:\n \n* `/contrib/NetworkManager`\n* `/contrib/apparmor`\n* `/contrib/systemd-resolved`\n* `/contrib/lokinet-resolvconf`\n* `/contrib/bootstrap`\n\nbuild shims / ci helpers\n\n* `/contrib/ci`\n* `/contrib/patches`\n* `/contrib/cross`\n* `/contrib/android.sh`\n* `/contrib/android-configure.sh`\n* `/contrib/windows.sh`\n* `/contrib/windows-configure.sh`\n* `/contrib/mac.sh`\n* `/contrib/ios.sh`\n* `/contrib/cross.sh`\n" }, { "path": "docs/readme.md", "content": "# Lokinet Docs\n\nThis is where Lokinet documentation lives.\n\n## Contents:\n\n### Local Environment Set-Up\n - [Installing Lokinet](install.md)\n - [Using Lokinet](ideal-ux.md)\n\n\n### High Level Overview\n - [Lokinet versus \\[insert network technology name here\\]](net-comparisons.md)\n - [Lokinet architecture](architecture.md)\n - [Lokinet and DNS](dns-overview.md)\n - [Limitations of Lokinet](we-cannot-make-sandwiches.md)\n\n\n### Lokinet Internals\n - [Git repo layout and project structure](project-structure.md)\n - [Building Doxygen Docs for internals](doxygen.md)\n\n\n### Lokinet (SN)Application Developer Portal\n - [SNapps development overview](snapps-dev-guide.md)\n - [Embedded Lokinet](liblokinet-dev-guide.md)\n" }, { "path": "docs/refactor_notes.md", "content": "# High Level Iterative Approach\n\nthe desired outcome of this refactor will be splitting the existing code up into a stack of new components.\na layer hides all functionality of the layer below it to reduce the complexity like the OSI stack intends to.\nthe refactor starts at the top layer, wiring up the old implementation piecewise to the top layer.\nonce the top layer is wired up to the old implementation we will move down to the next layer.\nthis will repeat until we reach the bottom layer.\nonce the old implementation is wired up into these new clearly defined layers, we can fixup or replace different parts of each layer one at a time as needed.\n\nworking down from each layer will let us pick apart the old implementation (if needed) that we would wire up to the new base classes for that layer we are defining now without worrying about what is below it (yet).\n\nthis refactor is very able to be split up into small work units that (ideally) do not confict with each other.\n\n\nPDU: https://en.wikipedia.org/wiki/Protocol_data_unit\n\n# The New Layers\n\nfrom top to bottom the new layers are:\n\n* Platform Layer\n* Flow Layer\n* Routing Layer\n* Onion Layer\n* Link Layer\n* Wire Layer\n\n\n## Platform Layer\n\nthis is the top layer, it is responsibile ONLY to act as a handler of reading data from the \"user\" (via tun interface or whatever) to forward to the flow layer as desired, and to take data from the flow layer and send it to the \"user\".\nany kind of IP/dns mapping or traffic isolation details are done here. embedded lokinet would be implemented in this layer as well, as it is without a full tun interface.\n\nPlatform layer PDU are what the OS gives us and we internally convert them into flow layer PDU and hand them off to the flow layer.\n\n\n## Flow Layer\n\nthis layer is tl;dr mean to multiplex data from the platform layer across the routing layer and propagating PDU from the routing to the platform layer if needed.\n\nthe flow layer is responsible for sending platform layer PDU across path we have already established.\nthis layer is informed by the routing layer below it of state changes in what paths are available for use.\nthe flow layer requests from the layer below to make new paths if it wishes to get new ones on demand.\nthis layer will recieve routing layer PDU from the routing layer and apply any congestion control needed to buffer things to the os if it is needed at all.\n\nflow layer PDU are (data, ethertype, src-pubkey, dst-pubkey, isolation-metric) tuples.\ndata is the datum we are tunneling over lokinet. ethertype tells us what kind of datum this is, e.g. plainquic/ipv4/ipv6/auth/etc.\nsrc-pubkey and dst-pubkey are public the ed25519 public keys of each end of the flow in use.\nthe isolation metric is a piece of metadata we use to distinguish unique flows (convotag). in this new seperation convotags explicitly do not hand over across paths.\n\n\n## Routing Layer\n\nthis layer is tl;dr meant for path management but not path building.\n\nthe routing layer is responsible for sending/recieving flow layer PDU, DHT requests/responses, latency testing PDU and any other kind of PDU we send/recieve over the onion layer.\nthis layer will be responsible for managing paths we have already built across lokinet.\nthe routing layer will periodically measure path status/latency, and do any other kinds of perioidic path related tasks post build.\nthis layer when asked for a new path from the flow layer will use one that has been prebuilt already and if the number of prebuilt paths is below a threshold we will tell the onion layer to build more paths.\nthe routing layer will recieve path build results be their success/fail/timeout from the onion layer that were requested and apply any congestion control needed at the pivot router.\n\nrouting layer PDU are (data, src-path, dst-path) tuples.\ndata is the datum we are transferring between paths.\nsrc-path and dst-path are (pathid, router id) tuples, the source being which path this routing layer PDU originated from, destination being which path it is going to.\nin the old model, router id is always the router that recieves it as the pivot router, this remains the same unless we explicitly provide router-id.\nthis lets us propagate hints to DHT related PDU held inside the datum.\n\n\n## Onion Layer\n\nthe onion layer is repsonsible for path builds, path selection logic and low level details of encrypted/decrypting PDU that are onion routed over paths.\nthis layer is requested by the routing layer to build a path to a pivot router with an optional additional constraints (e.g. unique cidr/operator/geoip/etc, latency constaints, hop length, path lifetime).\nthe onion layer will encrypt PDU and send them to link layer as (frame/edge router id) tuples, and recieve link layer frames from edge routers, decrypt them and propagate them as needed to the routing layer.\nthis layer also handles transit onion traffic and transit path build responsibilities as a snode and apply congestion control as needed per transit path.\n\nthe onion layer PDU are (data, src-path, dst-path) tuples.\nsrc-path and dst-path are (router-id, path-id) tuples which contain the ed25519 pubkey of the node and the 128 bit path-id it was associated with.\ndata is some datum we are onion routing that we would apply symettric encryption as needed before propagating to upper or lower layers.\n\n\n## Link Layer\n\nthe link layer is responsbile for transmission of frames between nodes.\nthis layer will handle queuing and congestion control between wire proto sessions between nodes.\nthe link layer is will initate and recieve wire session to/from remote nodes.\n\nthe link layer PDU is (data, src-router-id, dst-router-id) tuples.\ndata is a datum of a link layer frame.\nsrc-router-id and dst-router-id are (ed25519-pubkey, net-addr, wire-proto-info) tuples.\nthe ed25519 pubkey is a .snode address, (clients have these too but they are ephemeral).\nnet-addr is an (ip, port) tuple the node is reachable via the wire protocol.\nwire-proto-info is dialect specific wire protocol specific info.\n\n## Wire Layer\n\nthe wire layer is responsible for transmitting link layer frames between nodes.\nall details here are specific to each wire proto dialect.\n" }, { "path": "docs/snapps-dev-guide.md", "content": "# (SN)Apps Development Guide\n\n\n## Our approach\n\n`// TODO: this`\n\n## Differences From Other approaches\n\n`// TODO: this`\n\n### SOCKS Proxy/HTTP Tunneling\n\n`// TODO: this`\n\n### Embedding a network stack\n\n`// TODO: this`\n\n## High Level Code Practices\n\n`// TODO: this`\n\n### Goodisms\n\n`// TODO: this`\n\n### Badisms\n\n`// TODO: this`\n" }, { "path": "docs/spanish/LICENSE", "content": "Especificaciones del Protocolo de Enrutado AnĆ³nimo de Baja Latencia - Low Latency Anonymous Routing Protocol\nEscrito en el 2017 por Jeff Becker \n\nEn el alcance de lo posible dentro de la ley, el (los) autor(es) dedica(ron) al dominio pĆŗblico mundial todo \nel derecho de copia y los derechos relacionados y semejantes relacionados a esta especificaciĆ³n del protocolo.\nEste software se distribuido sin garantia alguna. Usted deberia tener una copia de la DedicaciĆ³n de Dominio PĆŗblico\nCC0 junto con este software. En caso contrario, vea .\n" }, { "path": "docs/spanish/README", "content": "Carpeta de las Especificaciones del Protocolo\n\nTodo los documentos de esta carpeta estĆ”n licenciados como CC0 y son del dominio pĆŗblico.\n\nPor favor tome nota que la implementaciĆ³n de referencia de LokiNET estĆ” licenciada bajo la licencia ZLIB.\n" }, { "path": "docs/spanish/vision-general.txt", "content": "LLARP - Low Latency Anon Routing Protocol - Protocolo de Enrutado AnĆ³nimo de Baja Latencia\n\n\tResumen TL;DR: un router onion con una interfaz tun para transportar paquetes ip\n\tde forma anĆ³nima entre usted y la internet, y desde dentro de ella hacia otros usuarios.\n\t\n\tEste documento describe la visiĆ³n general de LLARP, detalla todas las metas\n\tdel proyecto, lo que no son metas y la arquitectura de la red desde una perspectiva\n\tgeneral.\t\n\t\n\tPrefacio\t\n\t\n\tTrabajar en I2P ha sido experiencia realmente grande para todo el que se involucra.\n\tDespuĆ©s bastante deliberaciĆ³n, yo decidĆ­ empezar a construir un protocolo onion de\n\t\"proxima generacion\". LLARP es especĆ­ficamente (en la actualidad) un proyecto de\n\tinvestigaciĆ³n para explorar la siguiente cuestiĆ³n: \n\n\n\t\"ĀæQue hubiera sido si I2P fuera construido en el aƱo presente (2018)? ĀæQue hubiera\n\tsido diferente?\"\t\n\n\t\n\tLo que No son Metas del Proyecto: \n\t\n\n\tEste proyecto no intenta resolver la correlaciĆ³n por la forma del trĆ”fico o ataques a\n\tla red patrocinadas por el estado. Lo primero es una propiedad inherente de las redes\n\tcomputacionales de baja latencia que yo personalmente no pienso que es posible\n\tcompletamente \"resolver\" de forma apropiada. Lo segundo es una amenaza que por el\n\tmomento se encuentra fuera de los alcances de las herramientas actuales que me estĆ”n \n\tdisponibles. \n\t\n\tEste proyecto no pretende ser la aplicaciĆ³n mĆ”gica de nivel curalotodo para la\n\taplicaciĆ³n o la seguridad del usuario final. DespuĆ©s de todo, eso es un problema que\n\texiste entre la silla y el teclado.\n\n\t\n\tLa ƚnica Meta del Proyecto:\n\t\n\t\n\tLLARP en una suite de protocolos que pretende mantener anĆ³nima la IP mediante el\n\tofrecimiento de un agente de tĆŗnel anĆ³nimo a nivel red (IPv4/IPv6) tanto para\n\t\"servicios ocultos\" y la comunicaciĆ³n de regreso a la \"red transparente\" (la Internet \n\tcomun). Tanto las comunicaciĆ³n del servicio oculto y la red transparente DEBEN\n\tpermitir tanto el trafico de salida y el trĆ”fico de entrada a nivel red sin implementar\n\tNAT alguna (con excepciĆ³n de la IPv4 de la cual la NAT es permitida debido a la\n\tescasez de direcciones).\n\t\n\t\n\tEn concreto, Queremos permitir tanto la salida y la entrada anonima del trafico\n\ta nivel red entre las redes habilitadas por LLARP y la Internet.\n\t\n\tLas razones de porque empezar desde cero:\n\n\tA pesar de los mejores esfuerzos del Proyecto Tor para popularizar el uso de Tor,\n\tTor2Web parece ser ampliamente popular para las personas que no desean optar estar\n\tdentro del ecosistema. Mi solucion propuesta seria permitir el trĆ”fico de entrada desde\n\tlos \"nodos de salida\" en adiciĆ³n de permitir el trĆ”fico de salida. No tengo idea\n\ten cĆ³mo pudiera hacer esto los protocolos actuales en Tor, o si es posible o\n\trecomendable intentar tal cosa ya que no estoy familiarizado con su ecosistema.\n\t\n\t\n\tI2P se hubiera usado como un medio para transito anonimo IP cifrado pero la red actual\n\ttiene problemas con la latencia y el rendimiento. Avanzar I2P sobre criptografĆ­a\n\tmoderna estĆ” en proceso dentro de I2P, proceso que ya lleva por lo menos 5 aƱos y con\n\tmenos progreso que lo deseado. AsĆ­ como algunos antes de mi, yo he llegado a la \n\tconclusiĆ³n que seria mas rapido rehacer todo el stack \"de la forma correcta\" que estar \n\tesperando a que I2P termine sus avances. Dicho esto, nada estĆ” previniendo a I2P en ser \n\tusado para el transito de trafico anonimo IP cifrado dentro de un futuro en que I2P\n\ttermine sus migraciones de protocolo, pero yo no quiero esperarlo.\n\t\n\t\n\t\n\tEn concreto, yo quiero tomar las \"mejores partes\" de Tor e I2P, y hacer una nueva\n\tsuite de protocolos.\n\n\t\n\tPara ambos, tanto Tor e I2P, les tengo 2 categorĆ­as de sus atributos.\n\t\n\t\n\tlo bueno\t\n\tlo malo y lo feo\n\t\n\t\n\tLo bueno (I2P):\n\t\n\t\n\tI2P apunta a proveer una capa de red anĆ³nima de carga balanceada insuplantable.\n\t\n\t\n\tYo quiero esta caracterĆ­stica\n\t\n\t\n\tI2P tiene agilidad de confianza, no necesita tener alguna confianza integrada en el\n\tcĆ³digo dentro de su arquitectura de red. Incluso la fase de arranque de la red puede \n\trealizarse desde un solo router, si el usuario lo desea (aunque esto estĆ© desaconsejado)\n\t\n\n\tYo quiero esta caracterĆ­stica\t\n\t\n\n\tLo bueno (Tor):\t\n\t\n\t\n\tTor abarca la realidad de la actual infraestructura de la Internet al tener una\n\tarquitectura cliente/servidor. Esto permite tener barreras de acceso muy bajas\n\tpara usar la red Tor, y barreras mĆ”s altas de acceso para contribuir a la \n\tinfraestructura de enrutado. Esto promueve una forma saludable de red con servidores\n\tde alta capacidad ofreciendo servicios a clientes de baja capacidad que \"se cuelgan \n\tdel extremo\" de la red.\n\n\t\n\tYo quiero esta caracterĆ­stica\n\t\n\t\n\tLo malo y lo feo (I2P):\n\t\n\t\n\tMalo: I2P usa criptografia vieja, en especial ElGamal de 2048 bits usando primos no\n\testandares. El uso de ElGamal es tan constante a traves del stack del protocolo I2P\n\tque existe en cada nivel suyo. Removerlo es una tarea masiva que estĆ” tomando\n\tmucho MUCHO tiempo.\n\t\n\t\n\tYo no quiero esta caracterĆ­stica\n\t\n\n\tFeo: I2P no puede actualmente mitigar la mayorĆ­a de los ataques Sybil, con su\n\tactual arquitectura de red. I2P recientemente aƱadiĆ³ algunas soluciones de listas de \n\tbloqueo que estĆ”n firmadas por los firmantes de lanzamiento, pero esto es probable que\n\tno escale en el evento de una ataque \"grande\". AdemĆ”s I2P tampoco tiene el personal \n\tpara ese tipo de ataques.\n\t\n\t\n\tEste es un problema difĆ­cil de resolver en que la red Loki pudiera ayudar con la \n\tcreaciĆ³n de una barrera financiera para correr mĆŗltiples relays.\n\t\n\t\n\tLo malo y lo feo (Tor):\n\t\n\t\n\tMalo: Tor estĆ” estrictamente orientado al TCP.\n\t\n\tYo no quiero esta caracterĆ­stica\n\n\n\n" }, { "path": "docs/tcp-over-quic.md", "content": "# \"liblokinet\" TCP-over-QUIC\n\nIn order for lokinet to work in an embedded version (which I will call \"liblokinet\" in this\ndocument), which lokinet cannot create TUN device (either because the host OS doesn't support them,\nor because lokinet needs to run without permissions to manage them) lokinet needs a solution for\nsending TCP data from the device to a remote lokinet client (i.e. a snapp, a snode, or another\nliblokinet client). Since the vast majority of network connectivity relies on TCP stream\nconnections, not supporting them would be a severe limitation of a lokinet library that would make\nit nearly useless.\n\nTraditional \"full\" lokinet does not need to solve this problem: it creates virtual IPs on the TUN\ninterface that map to every looked-up `.loki` address and then the host system's in-kernel TCP layer\nhandles the intricacies of TCP including acknowledgement, retry, and so on. While there are\nuser-space TCP implementations available, they are generally incomplete, unmaintained, or both,\nwhich would mean substantial work and ongoing maintenance for us to adopt or reimplement such a\nuser-space TCP layer, for which we would most likely be the only user and contributor.\n\nInstead this proposal is for lokinet to support a tunneled TCP stream mode where TCP traffic is\ncarried over lokinet via a subset of the\n[QUIC](https://datatracker.ietf.org/doc/draft-ietf-quic-transport/) protocol. Unlike TCP, QUIC has\nseveral well-maintained user-space implementations which allow us to use, rather than create, a\nwell-maintained QUIC implementation.\n\n## Overview\n\nThe high-level strategy of how we handle such a stream connection is to have TCP connections\nestablished only within the local device. A liblokinet application would invoke a lokinet call to\nestablish such a connection to proxy to a remote host by lokinet name and TCP port. This would\nfirst establish a lokinet connection to the remote host, then open a QUIC connection over it and\nstart listening for TCP connections on a local port. When a new TCP connection is established on\nthis port lokinet will establish a new QUIC stream over the existing connection, specifying the\ndestination port while initializing the stream. (The client is free to establish as many TCP\nconnections as it wants: each one becomes a separate QUIC stream).\n\nThe situation is similar for the receiving lokinet client: it would listen for incoming QUIC\nconnections on the local lokinet IP and, when establishing a QUIC stream, would establish a local\nTCP connection to the requested port on the lokinet IP. Any incoming stream data is then forwarded\ninto this TCP connection, and any responses are sent back via the QUIC stream.\n\n## Example\n\nFor example, suppose `snap7.loki` is a lokinet snapp with a web server listening on port 80 and a\nliblokinet client `omg42.loki` wants to connect to it to retrieve a cat photo. With a full\nlokinet client, the DNS request for `omg56789.loki` triggers creation of a virtual IP on the TUN\ndevice, returns the IP to the system, and any TCP packets sent to this IP are forwarded to the\nprimary lokinet IP of `azfoj123.loki`, where an HTTP server is ready and waiting to provide cat\nphotos.\n\nWith a liblokinet client, this process will looks a little different: the client will first make a\ncall to the liblokinet library (rather than a DNS request) specifying the lokinet host name and TCP\nport it wants to connect to (note that this is pseudo-code; the actual implementation calls will\nhave to deal with various details such as connection delays and timeouts that are omitted here):\n\n result = lokinet_stream_connect(lokinet_addr, port)\n if result->connection_established:\n http_get(\"http://\" + result->local_address + \":\" + result->local_port + \"/cat.jpg\")\n\nHere `http_get` would need no knowledge of lokinet at all: it will simply connect via TCP to an\naddress such as `127.0.0.1:4716` for the HTTP request. It will send the request, and receive it,\nover this localhost TCP socket.\n\nInternally, lokinet will have established a QUIC connection to the remote host, and started\nlistening for TCP connections on the localhost port. When `http_get` establishes a TCP connection\non this local port it will create a QUIC stream on the established QUIC connection and forward all\nstream data received from the TCP connection into the QUIC stream, and any data that comes back over\nthe QUIC stream will similarly be copied into the localhost TCP connection.\n\nEffectively the data path of data send from the app on omg42.loki to the HTTP snapp on omg42.loki\nlooks like this:\n\n ā”Œomg42.lokiā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā” ā”Œsnap7.lokiā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”\n ā”‚ Main app thread ā”‚ ā”‚ HTTP ā”‚\n ā”‚ TCP localhost:4567 ā”€>ā”‚ā”€ā” ā”‚ TCP 172.16.0.1:80 <ā”€ā”‚ā”€ā”\n ā”œā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”¤ ā”‚ ā•žā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•ā•” ā”‚\n ā”‚ liblokinet (in app) ā”‚ ā”‚ ā”‚ lokinet (on host) ā”‚ ā”‚\n ā”‚ TCP localhost:4567 <ā”€ā”‚ā”€ā”˜ ā”Œ>ā”‚ā”€> QUIC UDP ā”‚ ā”‚\n ā”‚ QUIC UDP ā”€>ā”‚ā”€ā”€ā”€... Lokinet routers ...ā”€ā”˜ ā”‚ TCP 172.16.0.1:80 ā”€>ā”‚ā”€ā”˜\n ā””ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”˜ ā””ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”€ā”˜\n\n(These connections are all bi-direction, so any TCP stream data replied from omg42.loki follows the\nsame path in reverse.)\n\n## Implementation details/notes\n\nImplementation library: `ngtcp2` is a robust, maintained library that fits our needs well.\n\n### Not a general QUIC server/client\n\nThe QUIC tunnel described here is *only* for Lokinet TCP streams; it is not intended to be\ninteroperable with general QUIC clients, which allows us some leeway to not support some aspects of\nQUIC that are of no advantage over a lokinet conversation.\n\n### No encryption\n\nSince lokinet traffic is itself encrypted and private, the built-in TLS layers of QUIC are something\nthat we don't need or want. Thus the QUIC implementation used will simply use no-op encryption to\npass data and avoid/ignore certificates. (`ngtcp2`, in particular, allows pluggable authentication\nto allow this).\n\n### No address verification\n\nQUIC recommends address verification (among other things, to avoid amplification attacks). Lokinet\nconnections already provide this and so we can safely not use it.\n\n### Stream establishing\n\nEstablishing a QUIC stream requires sending additional information during connection: namely the\ntarget connection port. Thus establishing a new stream will require some additional data to be\npassed, likely as the initial stream data. (Specification of how this data is to be encoded is not\nyet specified).\n\n### Incoming TCP-over-QUIC connections\n\nHandling of incoming connections to a liblokinet client will require a similar process, but in\nreverse:\n\n- the client starts listening on a localhost TCP port\n- the client makes a call to liblokinet to inform it of this available listening port\n- incoming QUIC tunneled streams attempting to connect to that registered port are accepted and\n establish a new TCP connection as long as the stream stays open; data is forwarded between the two\n connections.\n- Should the client require end-point verification liblokinet will provide a function that can look\n up the remote lokinet address based on the source port of the TCP connection. (This is different\n from but analogous to a snapp doing a reverse DNS lookup on the source address to determine the\n remote address).\n\nNote: to be externally reachable by other lokinet clients, a liblokinet client would have to publish\nan introset; this introset would also include an additional flag indicating that TCP connections\nmust be tunneled through a TCP-over-QUIC connection.\n\nNote 2: we additionally may want to signal during connection that new TCP connections back to us\nshould be done over a QUIC tunnel, which requires also adding a flag when establishing the\nlokinet conversation.\n\n### Non-tunneled incoming TCP connections\n\nWithout a controllable TCP stack we have no ability to accept these, however since the introset (and\nconversation initiation) indicates that TCP should be tunneled, we should just drop these packets.\n\n## Lokinet implementation notes\n\n### Outbound connections -- liblokinet\n\nThe application makes a liblokinet library call such as\n\n lokinet_stream_result res;\n lokinet_outbound_stream(&res, \"some-snapp.loki\", 2345);\n\nThis initiates an outbound connection to the given lokinet remote, asking to connect to port 2345 on\nthe remote. Plainquic begins listening on a random localhost port, and returns this via an entry in\n`res`. New connections establishes to this localhost port initiate new streams on the quic\nconnection which are tunneled to the remote end.\n\n### Inbound connections -- liblokinet\n\nThe application needs to start listening on one or more TCP ports (e.g. on localhost, but doesn't\nhave to be) and then registers a callback with lokinet about the availability of this port for\nincoming plainquic connections by setting up a callback:\n\n```C\n int accept_inbound(const char *lokinet_addr, uint16_t port, sockaddr *addr, void *context) {\n // lokinet_addr is the remote lokinet client trying to establish a stream\n // port is the port they are trying to reach\n // If the client is allowed then set the local TCP socket address that the tunnel should\n // connect to in `addr` (which is big enough to allow either sockaddr_in or sockaddr_in6)\n sockaddr_in* a = (sockaddr_in*)addr;\n a->sin_family = AF_INET;\n a->sin_addr = INADDR_LOOPBACK;\n a->sin_port = htons(5678); // NB: Doesn't have to be the passed-in `port`\n return 0;\n // If this callback doesn't handle the requested port (will try other callbacks):\n return -1;\n // If this callback does handle it and the connection should be refused:\n return -2;\n // (Return values other than 0/-1/-2 are reserved and should not be used).\n }\n lokinet_inbound_stream(&accept_inbound, NULL /*context*/);\n```\nor, for the very simple case where connections should be available on some localhost port:\n```C\n // All incoming tunneled connections for port 5678 should go to localhost:5678\n lokinet_inbound_stream_simple(5678);\n```\n\nWhen a new plainquic connection arrives, if such a callback has been registered it will be called to\ndetermine whether the connection should be accepted and, if it is, where streams opened on that\nconnection should be sent. (For the simple version, all inbound connections on port 5678 would be\naccepted and would be forwarded to localhost:5678; inbound connections for other ports would be\nrefused).\n\nEach new plainquic stream initiated by the remote connection then establishes a new TCP connection\nto the IP/port set by the callback.\n\n### Outbound connections - full lokinet\n\nWhen attempting to connect to a client who has indicated in its introset that it requires plainquic\nconnections then plainquic will bind to and listen on the virtual (tun) TCP/IP port and establish a\nplainquic connection to the remote liblokinet on the given port. (Future connections to this port\nwill establish new streams on the existing connection).\n\nSetting up the initial listener involves intercepting the initial TCP connection attempt (i.e. the\nSYN packet), starting to listen on it while simultaneously initiating the plainquic connection over\nlokinet. It may work sufficiently well (investigation required) to simply drop this initial SYN\npacket and let the initiator retry in a few moments to attack to the new listener which now goes\ninto the plainquic listener which establishes a new stream.\n\nThereafter the local application simply talks to this local listener and all stream data gets\ntunneled over lokinet to the remote liblokinet.\n\n### Inbound connections - full lokinet\n\nThis is fairly simple: when incoming quic-tunneled packets arrive we start up a plainquic server (if\nnot already running), deliver the packets into it, and it tunnels incoming stream data into TCP\nconnections to the primary lokinet IP (using the IP mapped to the lokinet endpoint as the source\naddress).\n\n\nTODO:\n- Add quic protocol type to llarp/service/protocol_types.hpp\n- Convert stuff in plainquic code to use lokinet structures (e.g. logging, address encapsulation)\n- Add handler for QUIC packets to llarp/handlers/tun.cpp that see that protocol type and forward the\n packet off to the quic server to handle.\n- Get at the uvw event loop from the quic code so that we can put the plainquic stuff onto it rather\n than spinning up its own event loop. I was thinking about something like:\n `virtual std::shared_ptr get_uvw_loop() { return nullptr; }` in ev.h, and an override that\n returns the uvw event loop in the ev_libuv.h subclass (the type erasure through the shared_ptr\n means ev.h doesn't have to depend on any uvw.h headers). Then the quic code can just do something\n like:\n auto uv_loop = std::static_pointer_cast(ev->get_uvw_loop());\n if (not uv_loop) { die(\"horribly\"); }\n- convert the crap in the `main` functions copied from plainquic test code to exposed library calls.\n- decide whether we start up a quic server and/or client on demand, or just always start it.\n\n\nOutgoing conns:\n- Add \"supported protocols\" item to introset and (for liblokinet) leave off IPv4/v6 flags, but add\n quic protocol flag.\n\n" }, { "path": "docs/we-cannot-make-sandwiches.md", "content": "# What Lokinet can't do \n\nLokinet does a few things very well, but obviously can't do everything.\n\n## Anonymize OS/Application Fingerprints\n\nMitigating OS/Application Fingerprinting is the responsibility of the OS and Applications. Lokinet is an Unspoofable IP Packet Onion router, tuning OS fingerprints to be uniform would be a great thing to have in general even outside of the context of Lokinet. The creation of such an OS bundle is a great idea, but outside the scope of Lokinet. We welcome others to develop a solution for this.\n\n## Malware\n\nLokinet cannot prevent running of malicious programs. Computer security unfortunately cannot be solved unilaterally by networking software without simply dropping all incoming and outgoing traffic.\n\n## Phoning Home\n\nLokinet cannot prevent software which sends arbitrary usage data or private information to Microsoft/Apple/Google/Amazon/Facebook/etc. If you are using a service that requires the ability to phone home in order to work, that is a price you pay to use that service.\n\n## Make Sandwiches\n\nAt its core, Lokinet is technology that anonymizes and authenticates IP traffic. At this current time Lokinet cannot make you a sandwich. No, not even as root.\n" }, { "path": "external/CMakeLists.txt", "content": "option(SUBMODULE_CHECK \"Enables checking that vendored library submodules are up to date\" ON)\nif(SUBMODULE_CHECK)\n find_package(Git)\n if(GIT_FOUND)\n function(check_submodule relative_path)\n execute_process(COMMAND git rev-parse \"HEAD\" WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/${relative_path} OUTPUT_VARIABLE localHead)\n execute_process(COMMAND git rev-parse \"HEAD:external/${relative_path}\" WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR} OUTPUT_VARIABLE checkedHead)\n string(COMPARE EQUAL \"${localHead}\" \"${checkedHead}\" upToDate)\n if (upToDate)\n message(STATUS \"Submodule 'external/${relative_path}' is up-to-date\")\n else()\n message(FATAL_ERROR \"Submodule 'external/${relative_path}' is not up-to-date. Please update with\\ngit submodule update --init --recursive\\nor run cmake with -DSUBMODULE_CHECK=OFF\")\n endif()\n\n # Extra arguments check nested submodules\n foreach(submod ${ARGN})\n execute_process(COMMAND git rev-parse \"HEAD\" WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/${relative_path}/${submod} OUTPUT_VARIABLE localHead)\n execute_process(COMMAND git rev-parse \"HEAD:${submod}\" WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR}/${relative_path} OUTPUT_VARIABLE checkedHead)\n string(COMPARE EQUAL \"${localHead}\" \"${checkedHead}\" upToDate)\n if (NOT upToDate)\n message(FATAL_ERROR \"Nested submodule '${relative_path}/${submod}' is not up-to-date. Please update with\\ngit submodule update --init --recursive\\nor run cmake with -DSUBMODULE_CHECK=OFF\")\n endif()\n endforeach()\n endfunction ()\n\n message(STATUS \"Checking submodules\")\n check_submodule(CLI11)\n check_submodule(nlohmann)\n check_submodule(oxen-libquic)\n check_submodule(oxen-mq)\n check_submodule(pybind11)\n check_submodule(sqlite_orm)\n endif()\nendif()\n\nmacro(system_or_submodule BIGNAME smallname target pkgconf subdir)\n if(NOT TARGET ${target})\n option(FORCE_${BIGNAME}_SUBMODULE \"force using ${smallname} submodule\" OFF)\n if(NOT BUILD_STATIC_DEPS AND NOT FORCE_${BIGNAME}_SUBMODULE AND NOT FORCE_ALL_SUBMODULES)\n pkg_check_modules(${BIGNAME} ${pkgconf} IMPORTED_TARGET)\n endif()\n if(${BIGNAME}_FOUND)\n add_library(${smallname} INTERFACE)\n if(NOT TARGET PkgConfig::${BIGNAME} AND CMAKE_VERSION VERSION_LESS \"3.21\")\n # Work around cmake bug 22180 (PkgConfig::THING not set if no flags needed)\n else()\n target_link_libraries(${smallname} INTERFACE PkgConfig::${BIGNAME})\n endif()\n message(STATUS \"Found system ${smallname} ${${BIGNAME}_VERSION}\")\n else()\n message(STATUS \"using ${smallname} submodule ${subdir}\")\n add_subdirectory(${subdir} EXCLUDE_FROM_ALL)\n endif()\n if(NOT TARGET ${target})\n add_library(${target} ALIAS ${smallname})\n endif()\n endif()\nendmacro()\n\nsystem_or_submodule(OXENC oxenc oxenc::oxenc liboxenc>=1.5.0 oxen-libquic/external/oxen-encoding)\nsystem_or_submodule(OXENLOGGING oxen-logging oxen::logging liboxen-logging>=1.2.0 oxen-libquic/external/oxen-logging)\nif(LOKINET_FULL)\n system_or_submodule(OXENMQ oxenmq oxenmq::oxenmq liboxenmq>=1.3 oxen-mq)\nendif()\nsystem_or_submodule(FMT fmt fmt::fmt fmt>=9 oxen-libquic/external/oxen-logging/fmt)\n\nset(JSON_BuildTests OFF CACHE INTERNAL \"\")\nset(JSON_Install OFF CACHE INTERNAL \"\")\nsystem_or_submodule(NLOHMANN nlohmann_json nlohmann_json::nlohmann_json nlohmann_json>=3.7.0 nlohmann)\n\n\nif(LOKINET_HIVE)\n add_subdirectory(pybind11 EXCLUDE_FROM_ALL)\nendif()\n\n\nsystem_or_submodule(CLI11 CLI11 CLI11::CLI11 CLI11>=2.3.0 CLI11)\n\n\nif(LOKINET_PEERSTATS)\n add_library(sqlite_orm INTERFACE)\n target_include_directories(sqlite_orm SYSTEM INTERFACE sqlite_orm/include)\n if(NOT TARGET sqlite3)\n add_library(sqlite3 INTERFACE)\n pkg_check_modules(SQLITE3 REQUIRED IMPORTED_TARGET sqlite3)\n target_link_libraries(sqlite3 INTERFACE PkgConfig::SQLITE3)\n endif()\n target_link_libraries(sqlite_orm INTERFACE sqlite3)\nendif()\n\n\nset(LIBQUIC_BUILD_TESTS OFF CACHE BOOL \"\")\nsystem_or_submodule(OXENQUIC quic oxen::quic liboxenquic>=1.6 oxen-libquic)\n\n\n# libcrypt defaults, only on with macos and non static linux\nset(default_libcrypt OFF)\n\nif(CMAKE_SYSTEM_NAME MATCHES \"Linux\" AND NOT STATIC_LINK)\n pkg_check_modules(LIBCRYPT libcrypt IMPORTED_TARGET)\n if(LIBCRYPTO_FOUND)\n set(default_libcrypt ON)\n endif()\nendif()\nif(MACOS)\n set(default_libcrypt ON)\nendif()\n\noption(WITH_LIBCRYPT \"enable fast password hash with libcrypt\" ${default_libcrypt})\n\nadd_library(lokinet-libcrypt INTERFACE)\nif(WITH_LIBCRYPT)\n pkg_check_modules(LIBCRYPT libcrypt IMPORTED_TARGET REQUIRED)\n target_compile_definitions(lokinet-libcrypt INTERFACE LOKINET_HAVE_CRYPT)\n target_link_libraries(lokinet-libcrypt INTERFACE PkgConfig::LIBCRYPT)\n message(STATUS \"using libcrypt ${LIBCRYPT_VERSION}\")\nelse()\n # TODO static build lib crypt?\n message(STATUS \"not building with libcrypt\")\nendif()\n" }, { "path": "include/llarp.hpp", "content": "#pragma once\n\n#include \n#include \n#include \n\nnamespace oxen::quic\n{\n class Loop;\n}\n\nnamespace llarp\n{\n namespace vpn\n {\n class Platform;\n }\n\n struct Config;\n class Router;\n\n // Helper \"context\" that aids in starting up Lokinet.\n //\n // Note that this class is *not* thread-safe: only one thread should attempt to hold and\n // interact with it to manage Lokinet.\n //\n // TODO FIXME this class seems unnecessary, we should get rid of it.\n struct Context\n {\n std::unique_ptr router;\n\n explicit Context(bool embedded);\n ~Context();\n\n // Starts Lokinet; returns as soon as Lokinet is up and running (or throws if startup\n // fails). The loop may be provided in order to use an existing loop, but otherwise a new\n // one will be started.\n void start(Config conf, std::shared_ptr loop = nullptr);\n\n // Waits for Lokinet to finish. Note that this does not *trigger* such a shutdown; for that\n // you would call `stop()` before this.\n void wait();\n\n // Call this to deliver a signal, such as SIGTERM or SIGINT to stop Lokinet if currently\n // running. (This can be called from any thread).\n void signal(int sig);\n\n // Initiates Lokinet shutdown, and returns immediately (without waiting for shutdown). Call\n // `wait()` after this if you also want to wait for shutdown to complete.\n void stop();\n\n bool is_up() const;\n\n bool is_stopping() const;\n\n // Returns true if Lokinet has stopped and `wait()` needs to be called to finish\n // destruction.\n bool is_waiting() const;\n\n bool looks_alive() const;\n\n int androidFD = -1;\n\n private:\n bool embedded;\n std::future lifetime_waiter;\n };\n} // namespace llarp\n" }, { "path": "include/lokinet/addr.h", "content": "#pragma once\n#include \"context.h\"\n\n#ifdef __cplusplus\nextern \"C\"\n{\n#endif\n\n /// get a free()-able null terminated string that holds our .loki address\n /// returns NULL if we dont have one right now\n char* EXPORT lokinet_address(struct lokinet_context*);\n#ifdef __cplusplus\n}\n#endif\n" }, { "path": "include/lokinet/context.h", "content": "#pragma once\n\n#include \"export.h\"\n\n#include \n#include \n#include \n\n#ifdef __cplusplus\nextern \"C\"\n{\n#endif\n\n struct lokinet_context;\n\n /// allocate a new lokinet context\n struct lokinet_context* EXPORT lokinet_context_new();\n\n /// free a context allocated by lokinet_context_new\n void EXPORT lokinet_context_free(struct lokinet_context*);\n\n /// spawn all the threads needed for operation and start running\n /// return 0 on success\n /// return non zero on fail\n int EXPORT lokinet_context_start(struct lokinet_context*);\n\n /// return 0 if we our endpoint has published on the network and is ready to send\n /// return -1 if we don't have enough paths ready\n /// retrun -2 if we look deadlocked\n /// retrun -3 if context was null or not started yet\n int EXPORT lokinet_status(struct lokinet_context*);\n\n /// wait at most N milliseconds for lokinet to build paths and get ready\n /// return 0 if we are ready\n /// return nonzero if we are not ready\n int EXPORT lokinet_wait_for_ready(int N, struct lokinet_context*);\n\n /// stop all operations on this lokinet context\n void EXPORT lokinet_context_stop(struct lokinet_context*);\n\n /// load a bootstrap RC from memory\n /// return 0 on success\n /// return non zero on fail\n int EXPORT lokinet_add_bootstrap_rc(const char*, size_t, struct lokinet_context*);\n\n#ifdef __cplusplus\n}\n#endif\n" }, { "path": "include/lokinet/export.h", "content": "#pragma once\n\n#ifdef _WIN32\n#define EXPORT __cdecl\n#else\n#define EXPORT\n#endif\n" }, { "path": "include/lokinet/misc.h", "content": "#pragma once\n#include \"export.h\"\n#ifdef __cplusplus\nextern \"C\"\n{\n#endif\n\n /// change our network id globally across all contexts\n void EXPORT lokinet_set_netid(const char* netid);\n\n /// get our current netid\n /// must be free()'d after use\n const char* EXPORT lokinet_get_netid();\n\n /// set log level\n /// possible values: trace, debug, info, warn, error, critical, none\n /// return 0 on success\n /// return non zero on fail\n int EXPORT lokinet_log_level(const char* level);\n\n /// Function pointer to invoke with lokinet log messages\n typedef void (*lokinet_logger_func)(const char* message, void* context);\n\n /// Optional function to call when flushing lokinet log messages; can be NULL if flushing is not\n /// meaningful for the logging system.\n typedef void (*lokinet_logger_sync)(void* context);\n\n /// set a custom logger function; it is safe (and often desirable) to call this before calling\n /// initializing lokinet via lokinet_context_new.\n void EXPORT lokinet_set_syncing_logger(lokinet_logger_func func, lokinet_logger_sync sync, void* context);\n\n /// shortcut for calling `lokinet_set_syncing_logger` with a NULL sync\n void EXPORT lokinet_set_logger(lokinet_logger_func func, void* context);\n\n /// @brief take in hex and turn it into base32z\n /// @return value must be free()'d later\n char* EXPORT lokinet_hex_to_base32z(const char* hex);\n\n#ifdef __cplusplus\n}\n#endif\n" }, { "path": "include/lokinet/srv.h", "content": "#pragma once\n\n#include \"context.h\"\n\n#ifdef __cplusplus\nextern \"C\"\n{\n#endif\n\n // a single srv record\n struct lokinet_srv_record\n {\n /// the srv priority of the record\n uint16_t priority;\n /// the weight of this record\n uint16_t weight;\n /// null terminated string of the hostname\n char target[256];\n /// the port to use\n int port;\n };\n\n /// private members of a srv lookup\n struct lokinet_srv_lookup_private;\n\n /// the result of an srv lookup\n struct lokinet_srv_lookup_result\n {\n /// set to zero on success otherwise is the error code\n int error;\n /// pointer to internal members\n /// dont touch me\n struct lokinet_srv_lookup_private* internal;\n };\n\n /// do a srv lookup on host for service\n /// caller MUST call lokinet_srv_lookup_done when they are done handling the result\n int EXPORT lokinet_srv_lookup(\n char* host, char* service, struct lokinet_srv_lookup_result* result, struct lokinet_context* ctx);\n\n /// a hook function to handle each srv record in a srv lookup result\n /// passes in NULL when we are at the end of iteration\n /// passes in void * user data\n /// hook should NOT free the record\n typedef void (*lokinet_srv_record_iterator)(struct lokinet_srv_record*, void*);\n\n /// iterate over each srv record in a lookup result\n /// user is passes into hook and called for each result and then with NULL as the result on the\n /// end of iteration\n void EXPORT\n lokinet_for_each_srv_record(struct lokinet_srv_lookup_result* result, lokinet_srv_record_iterator iter, void* user);\n\n /// free internal members of a srv lookup result after use of the result\n void EXPORT lokinet_srv_lookup_done(struct lokinet_srv_lookup_result* result);\n\n#ifdef __cplusplus\n}\n#endif\n" }, { "path": "include/lokinet/stream.h", "content": "#pragma once\n\n#include \"context.h\"\n\n#ifdef __cplusplus\nextern \"C\"\n{\n#endif\n\n /// the result of a lokinet stream mapping attempt\n struct lokinet_stream_result\n {\n /// set to zero on success otherwise the error that happened\n /// use strerror(3) to get printable string of this error\n int error;\n\n /// the local ip address we mapped the remote endpoint to\n /// null terminated\n char local_address[256];\n /// the local port we mapped the remote endpoint to\n int local_port;\n /// the id of the stream we created\n int stream_id;\n };\n\n /// connect out to a remote endpoint\n /// remoteAddr is in the form of \"name:port\"\n /// localAddr is either NULL for any or in the form of \"ip:port\" to bind to an explicit address\n void EXPORT lokinet_outbound_stream(\n struct lokinet_stream_result* result,\n const char* remoteAddr,\n const char* localAddr,\n struct lokinet_context* context);\n\n /// stream accept filter determines if we should accept a stream or not\n /// return 0 to accept\n /// return -1 to explicitly reject\n /// return -2 to silently drop\n typedef int (*lokinet_stream_filter)(const char* remote, uint16_t port, void* userdata);\n\n /// set stream accepter filter\n /// passes user parameter into stream filter as void *\n /// returns stream id\n int EXPORT\n lokinet_inbound_stream_filter(lokinet_stream_filter acceptFilter, void* user, struct lokinet_context* context);\n\n /// simple stream acceptor\n /// simple variant of lokinet_inbound_stream_filter that maps port to localhost:port\n int EXPORT lokinet_inbound_stream(uint16_t port, struct lokinet_context* context);\n\n void EXPORT lokinet_close_stream(int stream_id, struct lokinet_context* context);\n\n#ifdef __cplusplus\n}\n#endif\n" }, { "path": "include/lokinet/udp.h", "content": "#pragma once\n\n#include \"context.h\"\n\n#ifdef __cplusplus\nextern \"C\"\n{\n#endif\n\n /// information about a udp flow\n struct lokinet_udp_flowinfo\n {\n /// remote endpoint's .loki or .snode address\n char remote_host[256];\n /// remote endpont's port\n uint16_t remote_port;\n /// the socket id for this flow used for i/o purposes and closing this socket\n int socket_id;\n };\n\n /// a result from a lokinet_udp_bind call\n struct lokinet_udp_bind_result\n {\n /// a socket id used to close a lokinet udp socket\n int socket_id;\n };\n\n /// flow acceptor hook, return 0 success, return nonzero with errno on failure\n typedef int (*lokinet_udp_flow_filter)(\n void* userdata, const struct lokinet_udp_flowinfo* remote_address, void** flow_userdata, int* timeout_seconds);\n\n /// callback to make a new outbound flow\n typedef void(lokinet_udp_create_flow_func)(void* userdata, void** flow_userdata, int* timeout_seconds);\n\n /// hook function for handling packets\n typedef void (*lokinet_udp_flow_recv_func)(\n const struct lokinet_udp_flowinfo* remote_address,\n const char* pkt_data,\n size_t pkt_length,\n void* flow_userdata);\n\n /// hook function for flow timeout\n typedef void (*lokinet_udp_flow_timeout_func)(\n const struct lokinet_udp_flowinfo* remote_address, void* flow_userdata);\n\n /// inbound listen udp socket\n /// expose udp port exposePort to the void\n ////\n /// @param filter MUST be non null, pointing to a flow filter for accepting new udp flows,\n /// called with user data\n ///\n /// @param recv MUST be non null, pointing to a packet handler function for each flow, called\n /// with per flow user data provided by filter function if accepted\n ///\n /// @param timeout MUST be non null,\n /// pointing to a cleanup function to clean up a stale flow, staleness determined by the value\n /// given by the filter function returns 0 on success\n ///\n /// @returns nonzero on error in which it is an errno value\n int EXPORT lokinet_udp_bind(\n uint16_t exposedPort,\n lokinet_udp_flow_filter filter,\n lokinet_udp_flow_recv_func recv,\n lokinet_udp_flow_timeout_func timeout,\n void* user,\n struct lokinet_udp_bind_result* result,\n struct lokinet_context* ctx);\n\n /// @brief establish a udp flow to remote endpoint\n ///\n /// @param create_flow the callback to create the new flow if we establish one\n ///\n /// @param user passed to new_flow as user data\n ///\n /// @param remote the remote address to establish to\n ///\n /// @param ctx the lokinet context to use\n ///\n /// @return 0 on success, non zero errno on fail\n int EXPORT lokinet_udp_establish(\n lokinet_udp_create_flow_func create_flow,\n void* user,\n const struct lokinet_udp_flowinfo* remote,\n struct lokinet_context* ctx);\n\n /// @brief send on an established flow to remote endpoint\n /// blocks until we have sent the packet\n ///\n /// @param flowinfo remote flow to use for sending\n ///\n /// @param ptr pointer to data to send\n ///\n /// @param len the length of the data\n ///\n /// @param ctx the lokinet context to use\n ///\n /// @returns 0 on success and non zero errno on fail\n int EXPORT lokinet_udp_flow_send(\n const struct lokinet_udp_flowinfo* remote, const void* ptr, size_t len, struct lokinet_context* ctx);\n\n /// @brief close a bound udp socket\n /// closes all flows immediately\n ///\n /// @param socket_id the bound udp socket's id\n ///\n /// @param ctx lokinet context\n void EXPORT lokinet_udp_close(int socket_id, struct lokinet_context* ctx);\n\n#ifdef __cplusplus\n}\n#endif\n" }, { "path": "include/lokinet.h", "content": "#pragma once\n\n#include \"lokinet/addr.h\"\n#include \"lokinet/context.h\"\n#include \"lokinet/misc.h\"\n#include \"lokinet/srv.h\"\n#include \"lokinet/stream.h\"\n#include \"lokinet/udp.h\"\n" }, { "path": "include/lokinet.hpp", "content": "#pragma once\n\n#include \n#include \n#include \n#include \n#include \n#include \n\nnamespace llarp\n{\n struct Context;\n struct Config;\n} // namespace llarp\n\nnamespace oxen::quic\n{\n class Loop;\n}\n\nnamespace lokinet\n{\n enum class Network\n {\n MAINNET,\n TESTNET\n };\n\n /// Metadata returned when establishing a session for a TCP or UDP tunnel.\n struct tunnel_info\n {\n /// The requested remote address. If an ONS entry was requested, this will be the resolved\n /// \"fulladdress.loki\" rather than the ONS entry value.\n std::string remote;\n\n /// The requested remote port. Packets sent to the `local_port` are delivered to this\n /// remote port, and returning packets from that remote back to the incoming source are\n /// routed back to the client and delivered to the source port that sent the original\n /// packet. Multiple connections to the same address are possible: each different source\n /// port establishes a separate connection (actual TCP connections for TCP, a remembered\n /// mapping for UDP).\n uint16_t remote_port;\n\n /// The bound local port. After establishing a lokinet session, clients connect (TCP) or\n /// send (UDP) to this port (on address 127.0.0.1) to reach the destination through lokinet.\n uint16_t local_port;\n\n /// A suggested maximum MTU for the connection. If the application supports a configurable\n /// MTU, this value is the recommended value that avoids some additional overhead from\n /// packet splitting, which can slightly reduce latency and jitter. If the application\n /// doesn't support MTU configuration then this value can simply be ignored and Lokinet will\n /// split any \"too large\" packets into two.\n uint16_t suggested_mtu;\n };\n\n class Lokinet\n {\n std::unique_ptr context;\n\n struct path_ctor\n {};\n Lokinet(path_ctor, const std::filesystem::path& p, std::shared_ptr loop);\n\n public:\n // Starts an embedded lokinet that loads the given string contents as a config file.\n explicit Lokinet(std::string config, std::shared_ptr existing_loop = nullptr);\n\n // Starts an embedded lokinet instance with extra configuration specified in the given\n // config file. (Templatized to avoid ambiguous implicit conversion from std::string\n // conflicting with the constructor above.)\n template FSPath>\n explicit Lokinet(const FSPath& config, std::shared_ptr existing_loop = nullptr)\n : Lokinet{path_ctor{}, config, std::move(existing_loop)}\n {}\n\n // Starts an embedded lokinet with default config that runs on the given network with\n // default settings.\n explicit Lokinet(Network network, std::shared_ptr existing_loop = nullptr);\n\n // Destructor stops the lokinet instance. The destructor blocks until shutdown is complete.\n ~Lokinet();\n\n // Schedules the given callback to be fired when Lokinet edge connections are mostly\n // established (and thus Lokinet is ready to start building paths). If lokinet is already\n // established, this will schedule an immediate invocation of the callback.\n //\n // If persist is true then the callback will be stored and called *each* time Lokinet enters\n // the connected state (i.e. it will be called again if Lokinet loses all connectivity and\n // then regains connections).\n void on_connected(std::function callback, bool persist = false);\n\n // Schedules the given callback to be fired when Lokinet becomes fully disconnected, i.e.\n // loses all established edge connections. If persist is true then the callback will be\n // fired *each* time Lokinet transitions from connected to disconnected state. If Lokinet\n // is not currently connected then the callback will be scheduled immediately.\n void on_disconnected(std::function callback, bool persist = false);\n\n // Establishes a UDP session to the given remote (.loki or .snode) and port. When the\n // lokinet session to the remote is established, the callback is invoked with the info\n // corresponding to the session and tunnel. This call can happen instantly (before this\n // function call returns) if a session to the given address is already established, but\n // otherwise the callback will be called at some future point when the callback is\n // established.\n //\n // If a connection cannot be established for whatever reason, the `on_failed` callback is\n // invoked with a string giving a descriptive reason. Like `on_established`, it is possible\n // for this to fire immediately, such as for an unparseable address or if Lokinet can\n // determine immediately that the connection will fail.\n //\n // The callbacks must not block as they are called from Lokinet's logic thread (and so any\n // blocking will stall Lokinet).\n void establish_udp(\n std::string_view remote_view,\n uint16_t port,\n std::function on_established,\n std::function on_failed);\n\n // Simple synchronous wrapper around the above: this blocks until either `on_established` or\n // `on_failed` is called then returns the tunnel info (success) or throws the error message\n // (failure). This is provided for quick-and-dirty implementation code; generally code\n // should prefer the callback-based async version, above.\n tunnel_info establish_udp_blocking(std::string_view remote, uint16_t port);\n };\n\n template Lokinet::Lokinet(const std::filesystem::path&, std::shared_ptr);\n\n} // namespace lokinet\n" }, { "path": "jni/CMakeLists.txt", "content": "add_library(lokinet-android\n SHARED\n lokinet_config.cpp\n lokinet_daemon.cpp)\ntarget_link_libraries(lokinet-android lokinet-amalgum)\n" }, { "path": "jni/java/src/network/loki/lokinet/LokinetConfig.java", "content": "package network.loki.lokinet;\n\nimport java.nio.ByteBuffer;\n\npublic class LokinetConfig\n{\n static {\n System.loadLibrary(\"lokinet-android\");\n }\n\n private static native ByteBuffer Obtain(String dataDir);\n private static native void Free(ByteBuffer buf);\n\n /*** load config file from disk */\n public native boolean Load();\n /*** save chages to disk */\n public native boolean Save();\n\n \n /** override default config value before loading from config file */\n public native void AddDefaultValue(String section, String key, String value);\n \n private final ByteBuffer impl;\n\n public LokinetConfig(String dataDir)\n {\n impl = Obtain(dataDir);\n if(impl == null)\n throw new RuntimeException(\"cannot obtain config from \"+dataDir);\n }\n\n public void finalize()\n {\n if (impl != null)\n {\n Free(impl);\n }\n }\n}\n" }, { "path": "jni/java/src/network/loki/lokinet/LokinetDaemon.java", "content": "package network.loki.lokinet;\n\nimport java.lang.Thread;\nimport java.nio.ByteBuffer;\nimport java.io.File;\n\nimport android.net.VpnService;\nimport android.util.Log;\nimport android.content.Intent;\nimport android.os.ParcelFileDescriptor;\n\npublic class LokinetDaemon extends VpnService\n{\n static {\n System.loadLibrary(\"lokinet-android\");\n }\n\n private static native ByteBuffer Obtain();\n private static native void Free(ByteBuffer buf);\n public native boolean Configure(LokinetConfig config);\n public native int Mainloop();\n public native boolean IsRunning();\n public native boolean Stop();\n public native void InjectVPNFD();\n public native int GetUDPSocket();\n\n private static native String DetectFreeRange();\n\n public native String DumpStatus();\n\n\n public static final String LOG_TAG = \"LokinetDaemon\";\n\n ByteBuffer impl = null;\n ParcelFileDescriptor iface;\n int m_FD = -1;\n int m_UDPSocket = -1;\n\n @Override\n public void onCreate()\n {\n super.onCreate();\n }\n\n @Override\n public void onDestroy()\n {\n super.onDestroy();\n\n if (IsRunning())\n {\n Stop();\n }\n if (impl != null)\n {\n Free(impl);\n impl = null;\n }\n }\n\n public int onStartCommand(Intent intent, int flags, int startID)\n {\n Log.d(LOG_TAG, \"onStartCommand()\");\n\n if (!IsRunning())\n {\n if (impl != null)\n {\n Free(impl);\n impl = null;\n }\n impl = Obtain();\n if (impl == null)\n {\n Log.e(LOG_TAG, \"got nullptr when creating llarp::Context in jni\");\n return START_NOT_STICKY;\n }\n\n String dataDir = getFilesDir().toString();\n LokinetConfig config;\n try\n {\n config = new LokinetConfig(dataDir);\n }\n catch(RuntimeException ex)\n {\n Log.e(LOG_TAG, ex.toString());\n return START_NOT_STICKY;\n }\n\n // FIXME: make these configurable\n String exitNode = \"exit.loki\";\n String upstreamDNS = \"1.1.1.1\";\n String ourRange = DetectFreeRange();\n\n if(ourRange.isEmpty())\n {\n Log.e(LOG_TAG, \"cannot detect free range\");\n return START_NOT_STICKY;\n }\n\n\n // set up config values\n config.AddDefaultValue(\"network\", \"exit-node\", exitNode);\n config.AddDefaultValue(\"network\", \"ifaddr\", ourRange);\n config.AddDefaultValue(\"dns\", \"upstream\", upstreamDNS);\n\n\n if (!config.Load())\n {\n Log.e(LOG_TAG, \"failed to load (or create) config file at: \" + dataDir + \"/lokinet.ini\");\n return START_NOT_STICKY;\n }\n\n VpnService.Builder builder = new VpnService.Builder();\n\n builder.setMtu(1500);\n\n String[] parts = ourRange.split(\"/\");\n String ourIPv4 = parts[0];\n int ourMask = Integer.parseInt(parts[1]);\n\n // set ip4\n builder.addAddress(ourIPv4, ourMask);\n builder.addRoute(\"0.0.0.0\", 0);\n // set ip6\n // TODO: convert ipv4 to fd00::/8 range for ipv6\n // builder.addAddress(ourIPv6, ourMask + 96);\n // builder.addRoute(\"::\", 0);\n\n builder.addDnsServer(upstreamDNS);\n builder.setSession(\"Lokinet\");\n builder.setConfigureIntent(null);\n\n iface = builder.establish();\n if (iface == null)\n {\n Log.e(LOG_TAG, \"VPN Interface from builder.establish() came back null\");\n return START_NOT_STICKY;\n }\n\n m_FD = iface.detachFd();\n\n InjectVPNFD();\n\n new Thread(() -> {\n Configure(config);\n m_UDPSocket = GetUDPSocket();\n protect(m_UDPSocket);\n Mainloop();\n }).start();\n\n Log.d(LOG_TAG, \"started successfully!\");\n }\n else\n {\n Log.d(LOG_TAG, \"already running\");\n }\n\n return START_STICKY;\n }\n}\n" }, { "path": "jni/lokinet_config.cpp", "content": "#include \"lokinet_jni_common.hpp\"\n#include \"network_loki_lokinet_LokinetConfig.h\"\n\n#include \n#include \n\nextern \"C\"\n{\n JNIEXPORT jobject JNICALL Java_network_loki_lokinet_LokinetConfig_Obtain(JNIEnv* env, jclass, jstring dataDir)\n {\n auto conf = VisitStringAsStringView(\n env, dataDir, [](std::string_view val) -> llarp::Config* { return new llarp::Config{val}; });\n\n if (conf == nullptr)\n return nullptr;\n return env->NewDirectByteBuffer(conf, sizeof(llarp::Config));\n }\n\n JNIEXPORT void JNICALL Java_network_loki_lokinet_LokinetConfig_Free(JNIEnv* env, jclass, jobject buf)\n {\n auto ptr = FromBuffer(env, buf);\n delete ptr;\n }\n\n JNIEXPORT jboolean JNICALL Java_network_loki_lokinet_LokinetConfig_Load(JNIEnv* env, jobject self)\n {\n auto conf = GetImpl(env, self);\n if (conf == nullptr)\n return JNI_FALSE;\n if (conf->Load())\n {\n return JNI_TRUE;\n }\n return JNI_FALSE;\n }\n\n JNIEXPORT jboolean JNICALL Java_network_loki_lokinet_LokinetConfig_Save(JNIEnv* env, jobject self)\n {\n auto conf = GetImpl(env, self);\n if (conf == nullptr)\n return JNI_FALSE;\n try\n {\n conf->Save();\n }\n catch (...)\n {\n return JNI_FALSE;\n }\n return JNI_TRUE;\n }\n\n JNIEXPORT void JNICALL Java_network_loki_lokinet_LokinetConfig_AddDefaultValue(\n JNIEnv* env, jobject self, jstring section, jstring key, jstring value)\n {\n auto convert = [](std::string_view str) -> std::string { return std::string{str}; };\n\n const auto sect = VisitStringAsStringView(env, section, convert);\n const auto k = VisitStringAsStringView(env, key, convert);\n const auto v = VisitStringAsStringView(env, value, convert);\n\n auto conf = GetImpl(env, self);\n if (conf)\n {\n conf->AddDefault(sect, k, v);\n }\n }\n}\n" }, { "path": "jni/lokinet_daemon.cpp", "content": "#include \"lokinet_jni_common.hpp\"\n#include \"network_loki_lokinet_LokinetDaemon.h\"\n\n#include \n#include \n#include \n\nextern \"C\"\n{\n JNIEXPORT jobject JNICALL Java_network_loki_lokinet_LokinetDaemon_Obtain(JNIEnv* env, jclass)\n {\n auto* ptr = new llarp::Context();\n if (ptr == nullptr)\n return nullptr;\n return env->NewDirectByteBuffer(ptr, sizeof(llarp::Context));\n }\n\n JNIEXPORT void JNICALL Java_network_loki_lokinet_LokinetDaemon_Free(JNIEnv* env, jclass, jobject buf)\n {\n auto ptr = FromBuffer(env, buf);\n delete ptr;\n }\n\n JNIEXPORT jboolean JNICALL\n Java_network_loki_lokinet_LokinetDaemon_Configure(JNIEnv* env, jobject self, jobject conf)\n {\n auto ptr = GetImpl(env, self);\n auto config = GetImpl(env, conf);\n if (ptr == nullptr || config == nullptr)\n return JNI_FALSE;\n try\n {\n llarp::RuntimeOptions opts{};\n\n // janky make_shared deep copy because jni + shared pointer = scary\n ptr->Configure(std::make_shared(*config));\n ptr->Setup(opts);\n }\n catch (...)\n {\n return JNI_FALSE;\n }\n return JNI_TRUE;\n }\n\n JNIEXPORT jint JNICALL Java_network_loki_lokinet_LokinetDaemon_Mainloop(JNIEnv* env, jobject self)\n {\n auto ptr = GetImpl(env, self);\n if (ptr == nullptr)\n return -1;\n llarp::RuntimeOptions opts{};\n return ptr->Run(opts);\n }\n\n JNIEXPORT jboolean JNICALL Java_network_loki_lokinet_LokinetDaemon_IsRunning(JNIEnv* env, jobject self)\n {\n auto ptr = GetImpl(env, self);\n return (ptr != nullptr && ptr->IsUp()) ? JNI_TRUE : JNI_FALSE;\n }\n\n JNIEXPORT jboolean JNICALL Java_network_loki_lokinet_LokinetDaemon_Stop(JNIEnv* env, jobject self)\n {\n auto ptr = GetImpl(env, self);\n if (ptr == nullptr)\n return JNI_FALSE;\n if (not ptr->IsUp())\n return JNI_FALSE;\n ptr->CloseAsync();\n ptr->Wait();\n return ptr->IsUp() ? JNI_FALSE : JNI_TRUE;\n }\n\n JNIEXPORT void JNICALL Java_network_loki_lokinet_LokinetDaemon_InjectVPNFD(JNIEnv* env, jobject self)\n {\n if (auto ptr = GetImpl(env, self))\n ptr->androidFD = GetObjectMemberAsInt(env, self, \"m_FD\");\n }\n\n JNIEXPORT jint JNICALL Java_network_loki_lokinet_LokinetDaemon_GetUDPSocket(JNIEnv* env, jobject self)\n {\n if (auto ptr = GetImpl(env, self); ptr and ptr->router)\n return ptr->router->outbound_socket();\n return -1;\n }\n\n JNIEXPORT jstring JNICALL Java_network_loki_lokinet_LokinetDaemon_DetectFreeRange(JNIEnv* env, jclass)\n {\n std::string rangestr{};\n if (auto maybe = llarp::net::Platform::Default_ptr()->FindFreeRange())\n {\n rangestr = maybe->ToString();\n }\n return env->NewStringUTF(rangestr.c_str());\n }\n\n JNIEXPORT jstring JNICALL Java_network_loki_lokinet_LokinetDaemon_DumpStatus(JNIEnv* env, jobject self)\n {\n std::string status{};\n if (auto ptr = GetImpl(env, self))\n {\n if (ptr->IsUp())\n {\n std::promise result;\n ptr->CallSafe([&result, router = ptr->router]() {\n const auto status = router->ExtractStatus();\n result.set_value(status.dump());\n });\n status = result.get_future().get();\n }\n }\n return env->NewStringUTF(status.c_str());\n }\n}\n" }, { "path": "jni/lokinet_jni_common.hpp", "content": "#pragma once\n\n#include \n\n#include \n#include \n\n/// visit string as native bytes\n/// jvm uses some unholy encoding internally so we convert it to utf-8\ntemplate \nstatic T VisitStringAsStringView(JNIEnv* env, jobject str, V visit)\n{\n const jclass stringClass = env->GetObjectClass(str);\n const jmethodID getBytes = env->GetMethodID(stringClass, \"getBytes\", \"(Ljava/lang/String;)[B\");\n\n const jstring charsetName = env->NewStringUTF(\"UTF-8\");\n const jbyteArray stringJbytes = (jbyteArray)env->CallObjectMethod(str, getBytes, charsetName);\n env->DeleteLocalRef(charsetName);\n\n const size_t length = env->GetArrayLength(stringJbytes);\n jbyte* pBytes = env->GetByteArrayElements(stringJbytes, NULL);\n\n T result = visit(std::string_view((const char*)pBytes, length));\n\n env->ReleaseByteArrayElements(stringJbytes, pBytes, JNI_ABORT);\n env->DeleteLocalRef(stringJbytes);\n\n return result;\n}\n\n/// cast jni buffer to T *\ntemplate \nstatic T* FromBuffer(JNIEnv* env, jobject o)\n{\n if (o == nullptr)\n return nullptr;\n return static_cast(env->GetDirectBufferAddress(o));\n}\n\n/// get T * from object member called membername\ntemplate \nstatic T* FromObjectMember(JNIEnv* env, jobject self, const char* membername)\n{\n jclass cl = env->GetObjectClass(self);\n jfieldID name = env->GetFieldID(cl, membername, \"Ljava/nio/ByteBuffer;\");\n jobject buffer = env->GetObjectField(self, name);\n return FromBuffer(env, buffer);\n}\n\n/// visit object string member called membername as bytes\ntemplate \nstatic T VisitObjectMemberStringAsStringView(JNIEnv* env, jobject self, const char* membername, V v)\n{\n jclass cl = env->GetObjectClass(self);\n jfieldID name = env->GetFieldID(cl, membername, \"Ljava/lang/String;\");\n jobject str = env->GetObjectField(self, name);\n return VisitStringAsStringView(env, str, v);\n}\n\n/// get object member int called membername\ntemplate \nInt_t GetObjectMemberAsInt(JNIEnv* env, jobject self, const char* membername)\n{\n jclass cl = env->GetObjectClass(self);\n jfieldID name = env->GetFieldID(cl, membername, \"I\");\n return env->GetIntField(self, name);\n}\n\n/// get implementation on jni type\ntemplate \nT* GetImpl(JNIEnv* env, jobject self)\n{\n return FromObjectMember(env, self, \"impl\");\n}\n" }, { "path": "jni/network_loki_lokinet_LokinetConfig.h", "content": "/* DO NOT EDIT THIS FILE - it is machine generated */\n#include \n/* Header for class network_loki_lokinet_LokinetConfig */\n\n#ifndef _Included_network_loki_lokinet_LokinetConfig\n#define _Included_network_loki_lokinet_LokinetConfig\n#ifdef __cplusplus\nextern \"C\"\n{\n#endif\n /*\n * Class: network_loki_lokinet_LokinetConfig\n * Method: Obtain\n * Signature: (Ljava/lang/String;)Ljava/nio/ByteBuffer;\n */\n JNIEXPORT jobject JNICALL Java_network_loki_lokinet_LokinetConfig_Obtain(JNIEnv*, jclass, jstring);\n\n /*\n * Class: network_loki_lokinet_LokinetConfig\n * Method: Free\n * Signature: (Ljava/nio/ByteBuffer;)V\n */\n JNIEXPORT void JNICALL Java_network_loki_lokinet_LokinetConfig_Free(JNIEnv*, jclass, jobject);\n\n /*\n * Class: network_loki_lokinet_LokinetConfig\n * Method: Load\n * Signature: ()Z\n */\n JNIEXPORT jboolean JNICALL Java_network_loki_lokinet_LokinetConfig_Load(JNIEnv*, jobject);\n\n /*\n * Class: network_loki_lokinet_LokinetConfig\n * Method: Save\n * Signature: ()Z\n */\n JNIEXPORT jboolean JNICALL Java_network_loki_lokinet_LokinetConfig_Save(JNIEnv*, jobject);\n\n /*\n * Class: network_loki_lokinet_LokinetConfig\n * Method: AddDefaultValue\n * Signature: (Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)V\n */\n JNIEXPORT void JNICALL\n Java_network_loki_lokinet_LokinetConfig_AddDefaultValue(JNIEnv*, jobject, jstring, jstring, jstring);\n\n#ifdef __cplusplus\n}\n#endif\n#endif\n" }, { "path": "jni/network_loki_lokinet_LokinetDaemon.h", "content": "/* DO NOT EDIT THIS FILE - it is machine generated */\n#include \n/* Header for class network_loki_lokinet_LokinetDaemon */\n\n#ifndef _Included_network_loki_lokinet_LokinetDaemon\n#define _Included_network_loki_lokinet_LokinetDaemon\n#ifdef __cplusplus\nextern \"C\"\n{\n#endif\n /*\n * Class: network_loki_lokinet_LokinetDaemon\n * Method: Obtain\n * Signature: ()Ljava/nio/ByteBuffer;\n */\n JNIEXPORT jobject JNICALL Java_network_loki_lokinet_LokinetDaemon_Obtain(JNIEnv*, jclass);\n\n /*\n * Class: network_loki_lokinet_LokinetDaemon\n * Method: Free\n * Signature: (Ljava/nio/ByteBuffer;)V\n */\n JNIEXPORT void JNICALL Java_network_loki_lokinet_LokinetDaemon_Free(JNIEnv*, jclass, jobject);\n\n /*\n * Class: network_loki_lokinet_LokinetDaemon\n * Method: Configure\n * Signature: (Lnetwork/loki/lokinet/LokinetConfig;)Z\n */\n JNIEXPORT jboolean JNICALL Java_network_loki_lokinet_LokinetDaemon_Configure(JNIEnv*, jobject, jobject);\n\n /*\n * Class: network_loki_lokinet_LokinetDaemon\n * Method: Mainloop\n * Signature: ()I\n */\n JNIEXPORT jint JNICALL Java_network_loki_lokinet_LokinetDaemon_Mainloop(JNIEnv*, jobject);\n\n /*\n * Class: network_loki_lokinet_LokinetDaemon\n * Method: IsRunning\n * Signature: ()Z\n */\n JNIEXPORT jboolean JNICALL Java_network_loki_lokinet_LokinetDaemon_IsRunning(JNIEnv*, jobject);\n\n /*\n * Class: network_loki_lokinet_LokinetDaemon\n * Method: Stop\n * Signature: ()Z\n */\n JNIEXPORT jboolean JNICALL Java_network_loki_lokinet_LokinetDaemon_Stop(JNIEnv*, jobject);\n\n /*\n * Class: network_loki_lokinet_LokinetDaemon\n * Method: InjectVPNFD\n * Signature: ()V\n */\n JNIEXPORT void JNICALL Java_network_loki_lokinet_LokinetDaemon_InjectVPNFD(JNIEnv*, jobject);\n\n /*\n * Class: network_loki_lokinet_LokinetDaemon\n * Method: GetUDPSocket\n * Signature: ()I\n */\n JNIEXPORT jint JNICALL Java_network_loki_lokinet_LokinetDaemon_GetUDPSocket(JNIEnv*, jobject);\n\n /*\n * Class: network_loki_lokinet_LokinetDaemon\n * Method: DetectFreeRange\n * Signature: ()Ljava/lang/String;\n */\n JNIEXPORT jstring JNICALL Java_network_loki_lokinet_LokinetDaemon_DetectFreeRange(JNIEnv*, jclass);\n\n /*\n * Class: network_loki_lokinet_LokinetDaemon\n * Method: DumpStatus\n * Signature: ()Ljava/lang/String;\n */\n JNIEXPORT jstring JNICALL Java_network_loki_lokinet_LokinetDaemon_DumpStatus(JNIEnv*, jobject);\n\n#ifdef __cplusplus\n}\n#endif\n#endif\n" }, { "path": "jni/network_loki_lokinet_LokinetVPN.h", "content": "/* DO NOT EDIT THIS FILE - it is machine generated */\n#include \n/* Header for class network_loki_lokinet_LokinetVPN */\n\n#ifndef _Included_network_loki_lokinet_LokinetVPN\n#define _Included_network_loki_lokinet_LokinetVPN\n#ifdef __cplusplus\nextern \"C\"\n{\n#endif\n /*\n * Class: network_loki_lokinet_LokinetVPN\n * Method: PacketSize\n * Signature: ()I\n */\n JNIEXPORT jint JNICALL Java_network_loki_lokinet_LokinetVPN_PacketSize(JNIEnv*, jclass);\n\n /*\n * Class: network_loki_lokinet_LokinetVPN\n * Method: Alloc\n * Signature: ()Ljava/nio/Buffer;\n */\n JNIEXPORT jobject JNICALL Java_network_loki_lokinet_LokinetVPN_Alloc(JNIEnv*, jclass);\n\n /*\n * Class: network_loki_lokinet_LokinetVPN\n * Method: Free\n * Signature: (Ljava/nio/Buffer;)V\n */\n JNIEXPORT void JNICALL Java_network_loki_lokinet_LokinetVPN_Free(JNIEnv*, jclass, jobject);\n\n /*\n * Class: network_loki_lokinet_LokinetVPN\n * Method: Stop\n * Signature: ()V\n */\n JNIEXPORT void JNICALL Java_network_loki_lokinet_LokinetVPN_Stop(JNIEnv*, jobject);\n\n /*\n * Class: network_loki_lokinet_LokinetVPN\n * Method: ReadPkt\n * Signature: (Ljava/nio/ByteBuffer;)I\n */\n JNIEXPORT jint JNICALL Java_network_loki_lokinet_LokinetVPN_ReadPkt(JNIEnv*, jobject, jobject);\n\n /*\n * Class: network_loki_lokinet_LokinetVPN\n * Method: WritePkt\n * Signature: (Ljava/nio/ByteBuffer;)Z\n */\n JNIEXPORT jboolean JNICALL Java_network_loki_lokinet_LokinetVPN_WritePkt(JNIEnv*, jobject, jobject);\n\n /*\n * Class: network_loki_lokinet_LokinetVPN\n * Method: SetInfo\n * Signature: (Lnetwork/loki/lokinet/LokinetVPN/VPNInfo;)V\n */\n JNIEXPORT void JNICALL Java_network_loki_lokinet_LokinetVPN_SetInfo(JNIEnv*, jobject, jobject);\n#ifdef __cplusplus\n}\n#endif\n#endif\n" }, { "path": "jni/network_loki_lokinet_LokinetVPN_VPNInfo.h", "content": "/* DO NOT EDIT THIS FILE - it is machine generated */\n#include \n/* Header for class network_loki_lokinet_LokinetVPN_VPNInfo */\n\n#ifndef _Included_network_loki_lokinet_LokinetVPN_VPNInfo\n#define _Included_network_loki_lokinet_LokinetVPN_VPNInfo\n#ifdef __cplusplus\nextern \"C\"\n{\n#endif\n#ifdef __cplusplus\n}\n#endif\n#endif\n" }, { "path": "jni/network_loki_lokinet_Lokinet_JNI.h", "content": "/* DO NOT EDIT THIS FILE - it is machine generated */\n#include \n/* Header for class network_loki_lokinet_Lokinet_JNI */\n\n#ifndef _Included_network_loki_lokinet_Lokinet_JNI\n#define _Included_network_loki_lokinet_Lokinet_JNI\n#ifdef __cplusplus\nextern \"C\"\n{\n#endif\n /*\n * Class: network_loki_lokinet_Lokinet_JNI\n * Method: getABICompiledWith\n * Signature: ()Ljava/lang/String;\n */\n JNIEXPORT jstring JNICALL Java_network_loki_lokinet_Lokinet_1JNI_getABICompiledWith(JNIEnv*, jclass);\n\n /*\n * Class: network_loki_lokinet_Lokinet_JNI\n * Method: startLokinet\n * Signature: (Ljava/lang/String;)Ljava/lang/String;\n */\n JNIEXPORT jstring JNICALL Java_network_loki_lokinet_Lokinet_1JNI_startLokinet(JNIEnv*, jclass, jstring);\n\n JNIEXPORT jstring JNICALL Java_network_loki_lokinet_Lokinet_1JNI_getIfAddr(JNIEnv*, jclass);\n\n JNIEXPORT jint JNICALL Java_network_loki_lokinet_Lokinet_1JNI_getIfRange(JNIEnv*, jclass);\n\n /*\n * Class: network_loki_lokinet_Lokinet_JNI\n * Method: stopLokinet\n * Signature: ()V\n */\n JNIEXPORT void JNICALL Java_network_loki_lokinet_Lokinet_1JNI_stopLokinet(JNIEnv*, jclass);\n\n JNIEXPORT void JNICALL Java_network_loki_lokinet_Lokinet_1JNI_setVPNFileDescriptor(JNIEnv*, jclass, jint, jint);\n\n /*\n * Class: network_loki_lokinet_Lokinet_JNI\n * Method: onNetworkStateChanged\n * Signature: (Z)V\n */\n JNIEXPORT void JNICALL Java_network_loki_lokinet_Lokinet_1JNI_onNetworkStateChanged(JNIEnv*, jclass, jboolean);\n\n#ifdef __cplusplus\n}\n#endif\n#endif\n" }, { "path": "jni/readme.md", "content": "jni binding for lokinet vpn using android vpn api\n" }, { "path": "llarp/CMakeLists.txt", "content": "include(Version)\n\n# Add an internal lokinet static library target, enables LTO (if enabled) on the target,\n# and links it to the common lokinet-base interface.\n# Invoke with the target/library name (e.g. \"lokinet-foo\") and list of source files, e.g.\n# lokinet_add_library(lokinet-foo foo/source1.cpp foo/source2.cpp)\nfunction(lokinet_add_library libname)\n add_library(${libname} STATIC ${ARGN})\n target_link_libraries(${libname} PUBLIC lokinet-base PRIVATE lokinet-base-internal)\n enable_lto(${libname})\nendfunction()\n\nlokinet_add_library(lokinet-cryptography\n crypto/crypto.cpp\n crypto/key_manager.cpp\n crypto/keys.cpp\n crypto/types.cpp\n)\n\nif(LOKINET_FULL)\n lokinet_add_library(lokinet-exit-auth\n auth/auth.cpp\n auth/file.cpp\n auth/session.cpp\n )\nendif()\n\n# Functional objects use by lokinet-core and other libraries\n# needed by vpn/ router/ rpc/ handlers/ net/ link/\nlokinet_add_library(lokinet-core-utils\n handlers/session.cpp\n\n messages/common.cpp\n messages/dht.cpp\n messages/fetch.cpp\n messages/path.cpp\n)\n\nif (LOKINET_FULL)\n target_sources(lokinet-core-utils PRIVATE handlers/tun.cpp vpn/egres_packet_router.cpp)\nendif()\n\nlokinet_add_library(lokinet-core\n context.cpp\n \n link/connection.cpp\n link/endpoint.cpp\n link/link_manager.cpp\n\n router/router.cpp\n\n session/session.cpp\n)\n\nif (LOKINET_FULL)\n target_sources(lokinet-core\n PRIVATE\n router/route_poker.cpp\n consensus/reachability_testing.cpp\n )\nendif()\n\nif (LOKINET_FULL)\n lokinet_add_library(lokinet-rpc\n rpc/json_binary_proxy.cpp\n rpc/json_conversions.cpp\n rpc/oxend_rpc.cpp\n rpc/rpc_request_parser.cpp\n rpc/rpc_server.cpp\n )\nendif()\n\n# config, crypto, timeplace, nodedb, net, router\nlokinet_add_library(lokinet-utils\n ${CMAKE_CURRENT_BINARY_DIR}/constants/version.cpp\n util/buffer.cpp\n util/file.cpp\n util/logging.cpp\n util/mem.cpp\n util/str.cpp\n util/thread/queue_manager.cpp \n util/thread/threading.cpp\n util/time.cpp\n util/zstd.cpp\n)\n\nadd_dependencies(lokinet-utils genversion)\n\nlokinet_add_library(lokinet-contact\n contact/client_contact.cpp\n contact/client_intro.cpp\n contact/contactdb.cpp\n contact/relay_contact.cpp\n contact/router_id.cpp\n contact/sns.cpp\n)\n\n# Network interface files used for mediating ip traffic\nlokinet_add_library(lokinet-ip\n net/ip_packet.cpp\n net/policy.cpp\n net/utils.cpp\n)\n\n# Addressing and event loop files used by lokinet-core and other libraries\n# needed by rpc/ link/ config/ path/ dht/\nlokinet_add_library(lokinet-addressing\n address/address.cpp\n address/ip_range.cpp\n address/utils.cpp\n\n ev/fd_poller.cpp\n ev/tcp.cpp\n)\n\nlokinet_add_library(lokinet-dns\n dns/srv_data.cpp\n)\n\nif (LOKINET_FULL)\n # lokinet-platform holds all platform specific code\n lokinet_add_library(lokinet-platform\n vpn/packet_router.cpp\n vpn/platform.cpp\n )\n\n if (ANDROID)\n target_sources(lokinet-platform PRIVATE android/ifaddrs.c util/nop_service_manager.cpp)\n endif()\n\n if(CMAKE_SYSTEM_NAME MATCHES \"Linux\")\n target_sources(lokinet-platform PRIVATE linux/dbus.cpp)\n if(WITH_SYSTEMD)\n target_sources(lokinet-platform PRIVATE linux/sd_service_manager.cpp)\n else()\n target_sources(lokinet-platform PRIVATE util/nop_service_manager.cpp)\n endif()\n endif()\n\n if (WIN32)\n target_sources(lokinet-platform PRIVATE\n net/win32.cpp\n vpn/win32.cpp\n win32/service_manager.cpp\n win32/exec.cpp\n win32/dll.cpp\n win32/exception.cpp\n win32/wintun.cpp\n win32/windivert.cpp)\n target_include_directories(lokinet-platform PRIVATE ${CMAKE_BINARY_DIR}/wintun/include/ ${CMAKE_BINARY_DIR}/WinDivert-${WINDIVERT_VERSION}/include/)\n else()\n target_sources(lokinet-platform PRIVATE\n net/posix.cpp)\n endif()\n\n if(APPLE)\n add_subdirectory(apple)\n target_sources(lokinet-platform PRIVATE util/nop_service_manager.cpp)\n endif()\n\n # lokinet-dns is the dns parsing and hooking library that we use to\n # parse modify and reconstitute dns wire proto, dns queries and RR\n target_sources(lokinet-dns PRIVATE\n dns/message.cpp # dns/server\n dns/name.cpp # srv_data, question, rr\n dns/platform.cpp\n dns/question.cpp # message\n dns/rr.cpp\n dns/serialize.cpp\n dns/server.cpp\n )\n\n # platform specific bits and bobs for setting dns\n if(WITH_SYSTEMD)\n target_sources(lokinet-dns PRIVATE dns/nm_platform.cpp dns/sd_platform.cpp)\n endif()\nendif()\n\n# lokinet-nodedb holds all types and logic for storing parsing and constructing\n# nodedb data published to the network and versions of it stored locally\nlokinet_add_library(lokinet-nodedb\n nodedb.cpp\n profiling.cpp # path, router, service::endpoint\n)\n\nset(BOOTSTRAP_FALLBACKS)\nforeach(bs IN ITEMS MAINNET TESTNET)\n if(LOKINET_BOOTSTRAP_FALLBACK_${bs})\n message(STATUS \"Building with ${bs} fallback bootstrap path \\\"${LOKINET_BOOTSTRAP_FALLBACK_${bs}}\\\"\")\n file(READ \"${LOKINET_BOOTSTRAP_FALLBACK_${bs}}\" bs_data HEX)\n string(REGEX REPLACE \"([0-9a-f][0-9a-f])\" \"\\\\\\\\x\\\\1\" bs_data \"${bs_data}\")\n set(BOOTSTRAP_FALLBACKS \"${BOOTSTRAP_FALLBACKS} {NetID::${bs}, \\\"${bs_data}\\\"sv},\\n\")\n endif()\nendforeach()\nconfigure_file(\"nodedb-bootstraps.cpp.in\" \"${CMAKE_CURRENT_BINARY_DIR}/nodedb-bootstraps.cpp\" @ONLY)\ntarget_sources(lokinet-nodedb PRIVATE \"${CMAKE_CURRENT_BINARY_DIR}/nodedb-bootstraps.cpp\")\n\n# lokinet-config is for all configuration types and parsers\nlokinet_add_library(lokinet-config\n config/config.cpp\n config/definition.cpp\n config/ini.cpp\n)\n\n# All path objects; link directly to lokinet-core\nlokinet_add_library(lokinet-path\n path/build_stats.cpp\n path/hopid.cpp\n path/path.cpp\n path/path_context.cpp\n path/path_handler.cpp\n path/transit_hop.cpp\n)\n\nif(LOKINET_DEBUG_PATH_SEED)\n target_compile_definitions(lokinet-nodedb PRIVATE LOKINET_DEBUG_PATH_SEED)\n target_compile_definitions(lokinet-config PRIVATE LOKINET_DEBUG_PATH_SEED)\n target_compile_definitions(lokinet-path PRIVATE LOKINET_DEBUG_PATH_SEED)\nendif()\n\n# Link libraries to their internals\ntarget_link_libraries(lokinet-nodedb PUBLIC lokinet-addressing lokinet-cryptography)\ntarget_link_libraries(lokinet-contact PUBLIC lokinet-dns)\nif(LOKINET_FULL)\n target_link_libraries(lokinet-rpc PUBLIC lokinet-contact lokinet-config)\nendif()\ntarget_link_libraries(lokinet-addressing PUBLIC lokinet-utils lokinet-cryptography lokinet-contact lokinet-ip)\ntarget_link_libraries(lokinet-config PUBLIC lokinet-cryptography lokinet-addressing)\nif(LOKINET_FULL)\n target_link_libraries(lokinet-platform PUBLIC lokinet-cryptography lokinet-ip)\n target_link_libraries(lokinet-config PUBLIC lokinet-exit-auth)\nendif()\ntarget_link_libraries(lokinet-dns\n PUBLIC\n lokinet-cryptography\n lokinet-config\n)\nif(LOKINET_FULL)\n target_link_libraries(lokinet-dns PUBLIC lokinet-platform)\nendif()\n\ntarget_link_libraries(lokinet-path\n PUBLIC\n lokinet-addressing\n)\n\ntarget_link_libraries(lokinet-core-utils \n PUBLIC \n lokinet-config\n lokinet-dns\n)\n\nif(LOKINET_FULL)\n target_link_libraries(lokinet-core-utils\n PUBLIC\n lokinet-rpc\n lokinet-platform\n )\nendif()\n\ntarget_link_libraries(lokinet-cryptography\n PUBLIC\n lokinet-libcrypt\n)\n\nif(LOKINET_FULL)\n target_link_libraries(lokinet-exit-auth PUBLIC lokinet-core-utils lokinet-cryptography)\nendif()\n\ntarget_link_libraries(lokinet-utils\n PUBLIC\n lokinet-cryptography\n)\n\ntarget_link_libraries(lokinet-core \n PUBLIC \n lokinet-core-utils\n lokinet-nodedb\n lokinet-path\n)\nif(LOKINET_FULL)\n target_link_libraries(lokinet-core PUBLIC lokinet-exit-auth)\nendif()\n\n\ntarget_link_libraries(lokinet-base \n INTERFACE \n\n Threads::Threads\n\n oxenc::oxenc \n oxen::logging \n \n sodium\n)\n\n\nif(LOKINET_FULL)\n target_link_libraries(lokinet-base INTERFACE libunbound oxenmq::oxenmq)\nendif()\n\n# libevent\nif(NOT TARGET libevent::core)\n add_library(libevent_core INTERFACE)\n pkg_check_modules(LIBEVENT_core libevent_core>=2.1 IMPORTED_TARGET REQUIRED)\n target_link_libraries(libevent_core INTERFACE PkgConfig::LIBEVENT_core)\n add_library(libevent::core ALIAS libevent_core)\nendif()\ntarget_link_libraries(lokinet-addressing PRIVATE libevent::core)\n\n\n# libzstd\nif(TARGET libzstd::static) # static dep or libsession-util's embedded static target\n target_link_libraries(lokinet-utils PRIVATE libzstd::static)\nelse()\n pkg_check_modules(LIBZSTD libzstd>=1.3 IMPORTED_TARGET REQUIRED)\n target_link_libraries(lokinet-utils PRIVATE PkgConfig::LIBZSTD)\nendif()\n\n\nadd_library(liblokinet lokinet.cpp)\ntarget_link_libraries(liblokinet PUBLIC lokinet-core)\n\nset_target_properties(liblokinet PROPERTIES OUTPUT_NAME lokinet)\nif(BUILD_SHARED_LIBS AND LOKINET_VERSION_SO)\n set_target_properties(liblokinet PROPERTIES\n VERSION \"${PROJECT_VERSION_MAJOR}.${PROJECT_VERSION_MINOR}.${PROJECT_VERSION_PATCH}\"\n SOVERSION \"${PROJECT_VERSION_MAJOR}.${PROJECT_VERSION_MINOR}.${PROJECT_VERSION_PATCH}\")\nendif()\n\nif(WIN32)\n target_link_libraries(liblokinet PUBLIC ws2_32 iphlpapi -fstack-protector)\n install(TARGETS liblokinet DESTINATION bin COMPONENT liblokinet)\nelseif(NOT APPLE)\n include(GNUInstallDirs)\n install(TARGETS liblokinet LIBRARY DESTINATION ${CMAKE_INSTALL_LIBDIR} COMPONENT liblokinet)\nendif()\n\nadd_library(lokinet::liblokinet ALIAS liblokinet)\n\nfile(GLOB_RECURSE docs_SRC */*.hpp *.hpp)\nset(DOCS_SRC ${docs_SRC} PARENT_SCOPE)\n" }, { "path": "llarp/address/address.cpp", "content": "#include \"address.hpp\"\n\n#include \n\n#include \n\n#include \n\nnamespace llarp\n{\n NetworkAddress::NetworkAddress(std::string_view arg)\n {\n if (arg.ends_with(TLD::SNODE))\n {\n _is_client = false;\n arg.remove_suffix(TLD::SNODE.size());\n }\n else if (arg.ends_with(TLD::LOKI))\n {\n _is_client = true;\n arg.remove_suffix(TLD::LOKI.size());\n }\n else\n {\n throw std::invalid_argument{\n \"Invalid network address '{}': expected *{} or *{}\"_format(arg, TLD::LOKI, TLD::SNODE)};\n }\n if (!_pubkey.from_base32z(arg))\n throw std::invalid_argument{\"Invalid network address '{}{}': expected full pubkey\"_format(\n arg, _is_client ? TLD::LOKI : TLD::SNODE)};\n }\n\n NetworkAddress::NetworkAddress(std::string_view arg, bool is_client) : _is_client{is_client}\n {\n if (!_pubkey.from_base32z(arg))\n throw std::invalid_argument{\"Invalid pubkey passed to NetworkAddress constructor: {}\"_format(arg)};\n }\n\n} // namespace llarp\n" }, { "path": "llarp/address/address.hpp", "content": "#pragma once\n\n#include \"utils.hpp\"\n\n#include \n#include \n#include \n\nnamespace llarp\n{\n /// Combines a pubkey and client/snode flag to represent a generic (client or snode) address.\n struct NetworkAddress\n {\n private:\n RouterID _pubkey{};\n bool _is_client{false};\n\n public:\n NetworkAddress() = default;\n // Constructs from a full network address ending in '.loki' or '.snode' (but *not* an ONS\n // entry). Throws std::invalid_argument if invalid.\n explicit NetworkAddress(std::string_view addr);\n // Constructs from a full network address (base32z-encoded pubkey) *not* ending in .loki or\n // .snode. The client or snode status is determined by the bool.\n NetworkAddress(std::string_view addr, bool is_client);\n // Constructs from a pubkey and flag indicating whether this is a client (true) or snode\n // (false).\n NetworkAddress(const RouterID& rid, bool is_client) : _pubkey{rid}, _is_client{is_client} {}\n\n bool operator==(const NetworkAddress& other) const\n {\n return std::tie(_pubkey, _is_client) == std::tie(other._pubkey, other._is_client);\n }\n\n bool empty() const { return _pubkey.is_zero(); }\n\n bool client() const { return _is_client; }\n\n bool relay() const { return !_is_client; }\n\n const RouterID& router_id() const { return _pubkey; }\n\n // Returns a log proxy object that prints a shortened part of the pubkey:\n auto short_name() const { return _pubkey.short_string(); }\n\n std::string name() const { return _pubkey.to_string(); }\n\n std::string to_string() const { return name().append(_is_client ? TLD::LOKI : TLD::SNODE); }\n static constexpr bool to_string_formattable = true;\n };\n\n} // namespace llarp\n\nnamespace std\n{\n template <>\n struct hash\n {\n size_t operator()(const llarp::NetworkAddress& r) const { return llarp::AlignedHasher{}(r.router_id()); }\n };\n} // namespace std\n" }, { "path": "llarp/address/ip_range.cpp", "content": "#include \"ip_range.hpp\"\n\n#include \n#include \n\n#include \n#include \n#include \n#include \n\nnamespace llarp\n{\n static auto logcat = log::Cat(\"iprange\");\n\n template \n static std::conditional_t parse_ip_net(\n std::string_view address, std::optional default_mask)\n {\n auto mask_pos = address.find('/');\n std::string addr{address.substr(0, mask_pos)};\n quic::Address a{addr, 0};\n if (a.is_ipv4() != is_ipv4)\n throw std::invalid_argument{\"Cannot construct an IPv{} range from a IPv{} address\"_format(\n is_ipv4 ? \"4\" : \"6\", is_ipv4 ? \"6\" : \"4\")};\n\n uint8_t mask;\n if (mask_pos == std::string::npos)\n {\n if (default_mask)\n mask = *default_mask;\n else\n throw std::invalid_argument{\"Invalid IP range: /N network mask is required\"};\n }\n else if (!parse_int(address.substr(mask_pos + 1), mask) || mask > (is_ipv4 ? 32 : 128))\n {\n throw std::invalid_argument{\"Invalid IP range: {} is not a valid IPv{} network mask\"_format(\n address.substr(mask_pos), is_ipv4 ? \"4\" : \"6\")};\n }\n\n if constexpr (is_ipv4)\n return {a.to_ipv4(), mask};\n else\n return {a.to_ipv6(), mask};\n }\n\n ipv4_net parse_ipv4_net(std::string_view address, std::optional default_mask)\n {\n return parse_ip_net(address, default_mask);\n }\n ipv6_net parse_ipv6_net(std::string_view address, std::optional default_mask)\n {\n return parse_ip_net(address, default_mask);\n }\n ipv4_range parse_ipv4_range(std::string_view address, std::optional default_mask)\n {\n return parse_ipv4_net(address, default_mask).to_range();\n }\n ipv6_range parse_ipv6_range(std::string_view address, std::optional default_mask)\n {\n return parse_ipv6_net(address, default_mask).to_range();\n }\n\n // Encoded as ABCDM for each byte of A.B.C.D/M\n std::string encode(const ipv4_range& r)\n {\n std::string enc;\n enc.resize(5);\n oxenc::write_host_as_big(r.ip.addr, enc.data());\n enc[4] = static_cast(r.mask);\n return enc;\n }\n ipv4_range decode_ipv4_range(std::string_view encoded)\n {\n if (encoded.size() != 5)\n throw std::invalid_argument{\"Invalid ipv4 range encoding\"};\n ipv4_range result;\n result.mask = static_cast(encoded[4]);\n if (result.mask > 32)\n throw std::invalid_argument{\"Invalid ipv4 range encoded netmask\"};\n result.ip.addr = oxenc::load_big_to_host(encoded.data());\n return result;\n }\n // Encode as *either* the full IPv6 address (16 bytes) followed by the netmask byte, or the\n // first 8 bytes of the IPv6 address followed by the netmask byte. In the latter case, the\n // lower 8 bytes are implied to be 0.\n std::string encode(const ipv6_range& r)\n {\n std::string enc;\n enc.resize(r.ip.lo ? 17 : 9);\n oxenc::write_host_as_big(r.ip.hi, enc.data());\n if (r.ip.lo)\n oxenc::write_host_as_big(r.ip.lo, enc.data() + 8);\n enc.back() = static_cast(r.mask);\n return enc;\n }\n ipv6_range decode_ipv6_range(std::string_view encoded)\n {\n if (encoded.size() != 9 && encoded.size() != 17)\n throw std::invalid_argument{\"Invalid ipv6 range encoding\"};\n ipv6_range result;\n result.mask = static_cast(encoded.back());\n if (result.mask > 128)\n throw std::invalid_argument{\"Invalid ipv6 range encoded netmask\"};\n result.ip.hi = oxenc::load_big_to_host(encoded.data());\n result.ip.lo = encoded.size() == 17 ? oxenc::load_big_to_host(encoded.data() + 8) : 0;\n return result;\n }\n std::variant decode_ip_range(std::string_view encoded)\n {\n switch (encoded.size())\n {\n case 5:\n return decode_ipv4_range(encoded);\n case 9:\n case 17:\n return decode_ipv6_range(encoded);\n default:\n throw std::invalid_argument{\"Invalid encoded ip range\"};\n }\n }\n\n ipv4_net to_ipv4_net(const quic::Address& addr, uint8_t mask)\n {\n if (!addr.is_ipv4())\n throw std::invalid_argument{\"Cannot construct an ipv4_net from an IPv6 address\"};\n if (mask > 32)\n throw std::invalid_argument{\"{} is not a valid IPv4 network mask\"_format(mask)};\n return {addr.to_ipv4(), mask};\n }\n ipv6_net to_ipv6_net(quic::Address addr, uint8_t mask)\n {\n if (!addr.is_ipv6())\n throw std::invalid_argument{\"Cannot construct an ipv6_net from an IPv4 address\"};\n if (mask > 128)\n throw std::invalid_argument{\"{} is not a valid IPv6 network mask\"_format(mask)};\n return {addr.to_ipv6(), mask};\n }\n\n static std::optional find_ipv4_net(\n uint32_t start, uint32_t end, uint8_t mask, const std::vector& exclude)\n {\n uint32_t step = uint32_t{1} << (32 - mask);\n auto ret = std::make_optional();\n auto& net = *ret;\n auto& addr = net.ip.addr;\n ret->mask = mask;\n for (addr = start + 1; addr < end; addr += step)\n if (std::ranges::none_of(\n exclude, [&net](const auto& e) { return e.contains(net.ip) || net.contains(e.ip); }))\n return ret;\n ret.reset();\n return ret;\n }\n\n std::optional find_private_ipv4_net(const std::vector& exclude, uint8_t mask)\n {\n if (mask < 8)\n {\n log::warning(logcat, \"Cannot auto-detect IPv4 private networks larger than /8\");\n return std::nullopt;\n }\n\n // Cut off the smallest block we search to /20 (4096 addresses) just so that this doesn't\n // take an excessive amount of time if there are no free address spaces. We still give back\n // whatever you requested, if smaller, we just don't search the smaller spaces. That is, if\n // you request a /24 and 10.0.0.0/24 is already assigned then the next thing we would try is\n // 10.0.16.0/24 rather than 10.0.1.0/24. (There are 4368 distinct private range /20\n // blocks).\n auto search_mask = std::min(18, mask);\n std::optional ret;\n // Start looking in the 172.16.x.x - 172.31.x.x range first as it is the least commonly\n // used, then 10.x.x.x, then finally the tiny 192.168.x.x range.\n if (mask >= 12)\n ret = find_ipv4_net((172 << 24) | (16 << 16), (172 << 24) | (32 << 16), search_mask, exclude);\n\n if (!ret && mask >= 8)\n ret = find_ipv4_net((10 << 24), (11 << 24), search_mask, exclude);\n\n if (!ret && mask >= 16)\n ret = find_ipv4_net((192 << 24) | (168 << 16), (192 << 24) | (169 << 16), search_mask, exclude);\n\n if (ret)\n ret->mask = mask; // In case we used a larger search_mask\n\n return ret;\n }\n\n std::optional find_private_ipv6_net(const std::vector& exclude, uint8_t mask)\n {\n // This /48 is registered for Lokinet in the IPv6 ULA registry (https://ula.ungleich.ch/):\n constexpr uint64_t start = 0xfd2e'6c6f'6b69'0000; // 2e 6c 6f 6b 69 == . l o k i\n constexpr uint64_t end = start + 0x1'0000;\n\n if (mask < 48)\n {\n log::warning(logcat, \"Cannot auto-detect IPv6 private networks larger than /48\");\n return std::nullopt;\n }\n\n // First do a preliminary check that none of the excluded ranges covers the entire /48,\n // because if so, we simply can't succeed.\n {\n ipv6 min, max;\n min.hi = start;\n max.hi = end - 1;\n max.lo = 0xffff'ffff'ffff'ffff;\n if (std::ranges::any_of(\n exclude, [&min, &max](const auto& e) { return e.contains(min) && e.contains(max); }))\n {\n log::warning(\n logcat, \"Failed to find a free private /64 IPv6 range: the entire {}/48 range is unavailable\", min);\n return std::nullopt;\n }\n }\n\n // Cut off the smallest block we search to /64 just so that this doesn't take an excessive\n // amount of time, and because we can do it with just uint64_t math. We still give back\n // whatever you requested, if smaller, we just don't search the smaller spaces.\n auto search_mask = std::min(64, mask);\n uint64_t hi_step = 1 << (64 - search_mask);\n\n auto ret = std::make_optional();\n auto& net = *ret;\n net.ip.lo = 1;\n auto& hi = net.ip.hi;\n for (hi = start; hi < end; hi += hi_step)\n {\n if (std::ranges::none_of(\n exclude, [&net](const auto& e) { return e.contains(net.ip) || net.contains(e.ip); }))\n {\n ret->mask = mask; // In case we enlarged it for searching\n return ret;\n }\n }\n\n ret.reset();\n return ret;\n }\n\n} // namespace llarp\n" }, { "path": "llarp/address/ip_range.hpp", "content": "#pragma once\n\n#include \"types.hpp\"\n\n#include \n\nnamespace llarp\n{\n // Takes an address with an embedded \"/mask\" at the end and splits it into address and mask.\n // Throws std::invalid_argument if not parseable as an ADDR/MASK value. If default_mask is\n // given then the mask is optional, and the given default will be used if the mask is omitted\n // from the string. (Otherwise the mask must be provided in the string).\n //\n // Throws on invalid input.\n ipv4_net parse_ipv4_net(std::string_view address, std::optional default_mask = std::nullopt);\n ipv6_net parse_ipv6_net(std::string_view address, std::optional default_mask = std::nullopt);\n\n // Exactly the same as above but returns a range (which differs from a net in that it ignores\n // the IP and always uses the base IP).\n ipv4_range parse_ipv4_range(std::string_view address, std::optional default_mask = std::nullopt);\n ipv6_range parse_ipv6_range(std::string_view address, std::optional default_mask = std::nullopt);\n\n // Extracts the ipv4 address from a quic::Address, applies the netmask, and returns in an\n // ipv{4,6}_{net,range}. Throws if the Address contains the wrong type (ipv6 when ipv4 wanted or vice\n // versa).\n ipv4_net to_ipv4_net(const quic::Address& addr, uint8_t mask);\n ipv6_net to_ipv6_net(const quic::Address& addr, uint8_t mask);\n ipv4_net to_ipv4_range(const quic::Address& addr, uint8_t mask);\n ipv6_net to_ipv6_range(const quic::Address& addr, uint8_t mask);\n\n // binary encoding of an IP range, such as for exit policy ranges in a CC.\n std::string encode(const ipv4_range& r);\n std::string encode(const ipv6_range& r);\n ipv4_range decode_ipv4_range(std::string_view encoded);\n ipv6_range decode_ipv6_range(std::string_view decoded);\n std::variant decode_ip_range(std::string_view encoded);\n\n /// IPRangeIterator - walks through an IP range\n template \n struct IPRangeIterator\n {\n static constexpr bool is_ipv4 = IPv4;\n using ip_t = std::conditional_t;\n using ip_net_t = std::conditional_t;\n\n private:\n ip_t _curr, _base, _last;\n\n public:\n IPRangeIterator() = default;\n\n // Creates a range that starts at the current IP of range, increments up to the max\n // pre-broadcast address, and resets to the \".1\" address of the range.\n explicit IPRangeIterator(const ip_net_t& net)\n : _curr{net.ip}, _base{_curr.to_base(net.mask)}, _last{net.max_ip()}\n {}\n\n // Returns the next ip address in the iterating range; returns nullopt if range is exhausted\n std::optional next_ip()\n {\n if (_curr == _last)\n return std::nullopt;\n if (auto next = _curr.next_ip())\n return _curr = *next;\n return std::nullopt;\n }\n\n // Resets the range to the base IP in the range so that next_ip() starts over from the\n // beginning of the range.\n void reset() { _curr = _base; }\n\n bool range_exhausted() const { return _curr == _last; }\n };\n IPRangeIterator(const ipv4_net&) -> IPRangeIterator;\n IPRangeIterator(const ipv6_net&) -> IPRangeIterator;\n\n using IPv4RangeIterator = IPRangeIterator;\n using IPv6RangeIterator = IPRangeIterator;\n\n // Finds a private IP /N range that does not overlap with any ranges in `excluding`. Returns\n // the ipv{4,6}_net with ip set to the first usable address in the range (i.e. the \".1\" or \"::1\"\n // for an IPv4 mask_size of 24 or smaller). Returns nullopt if no suitable range can be found.\n std::optional find_private_ipv4_net(const std::vector& excluding, uint8_t mask_size);\n std::optional find_private_ipv6_net(const std::vector& excluding, uint8_t mask_size);\n\n} // namespace llarp\n" }, { "path": "llarp/address/map.hpp", "content": "#pragma once\n\n#include \"address.hpp\"\n\n#include \n#include \n\nnamespace llarp\n{\n template \n struct address_map\n {\n protected:\n std::unordered_map _local_to_remote;\n std::unordered_map _remote_to_local;\n std::unordered_map _name_to_remote;\n\n using Lock_t = util::NullLock;\n mutable util::NullMutex addr_mutex;\n\n public:\n /** This functions exactly as std::unordered_map's ::insert_or_assign method. If a key equivalent\n to `local` or `remote` already exists, then they will be assigned to the corresponding value.\n Otherwise, the values will be inserted.\n\n The returned `bool` is true if the insertion took place and `false` if assignment occurred.\n */\n bool insert_or_assign(const LocalAddrT& local, const NetworkAddress& remote)\n {\n Lock_t l{addr_mutex};\n\n auto [_1, ins1] = _local_to_remote.insert_or_assign(local, remote);\n auto [_2, ins2] = _remote_to_local.insert_or_assign(remote, local);\n auto [_3, ins3] = _name_to_remote.insert_or_assign(remote.name(), remote);\n\n return ins1 && ins2 && ins3;\n }\n\n std::optional get_remote(const LocalAddrT& local) const\n {\n Lock_t l{addr_mutex};\n\n if (auto itr = _local_to_remote.find(local); itr != _local_to_remote.end())\n return itr->second;\n return std::nullopt;\n }\n\n std::optional get_remote(const std::string& name) const\n {\n Lock_t l{addr_mutex};\n\n if (auto itr = _name_to_remote.find(name); itr != _name_to_remote.end())\n return itr->second;\n return std::nullopt;\n }\n std::optional operator[](const LocalAddrT& local) const { return get_remote(local); }\n\n std::optional get_local(const NetworkAddress& remote) const\n {\n Lock_t l{addr_mutex};\n\n if (auto itr = _remote_to_local.find(remote); itr != _remote_to_local.end())\n return itr->second;\n return std::nullopt;\n }\n std::optional operator[](const NetworkAddress& remote) const { return get_local(remote); }\n\n std::optional get_local(const std::string& name) const\n {\n Lock_t l{addr_mutex};\n\n if (auto itr = _name_to_remote.find(name); itr != _name_to_remote.end())\n return get_local(itr->second);\n return std::nullopt;\n }\n\n bool has_local(const LocalAddrT& local) const\n {\n Lock_t l{addr_mutex};\n\n return _local_to_remote.contains(local);\n }\n\n bool has_remote(const NetworkAddress& remote) const\n {\n Lock_t l{addr_mutex};\n\n return _remote_to_local.contains(remote);\n }\n\n void unmap(const NetworkAddress& remote)\n {\n Lock_t l{addr_mutex};\n\n if (auto it = _remote_to_local.find(remote); it != _remote_to_local.end())\n {\n _local_to_remote.erase(it->second);\n _remote_to_local.erase(it);\n }\n _name_to_remote.erase(remote.name());\n }\n\n void unmap(const LocalAddrT& local)\n {\n Lock_t l{addr_mutex};\n\n if (auto it_a = _local_to_remote.find(local); it_a != _local_to_remote.end())\n {\n if (auto it_b = _remote_to_local.find(it_a->second); it_b != _remote_to_local.end())\n {\n _name_to_remote.erase(it_b->first.name());\n _remote_to_local.erase(it_b);\n }\n _local_to_remote.erase(it_a);\n }\n }\n\n void unmap(const std::string& name)\n {\n Lock_t l{addr_mutex};\n\n if (auto it_a = _name_to_remote.find(name); it_a != _name_to_remote.end())\n {\n if (auto it_b = _remote_to_local.find(it_a->second); it_b != _remote_to_local.end())\n {\n _local_to_remote.erase(it_b->second);\n _remote_to_local.erase(it_b);\n }\n _name_to_remote.erase(it_a);\n }\n }\n };\n} // namespace llarp\n" }, { "path": "llarp/address/types.hpp", "content": "#pragma once\n\n#include \n\n#include \n\nnamespace llarp\n{\n namespace quic = oxen::quic;\n using quic::ipv4;\n using quic::ipv4_net;\n using quic::ipv4_range;\n using quic::ipv6;\n using quic::ipv6_net;\n using quic::ipv6_range;\n\n // Used for hash combining, below\n inline constexpr size_t inverse_golden_ratio = sizeof(size_t) >= 8 ? 0x9e37'79b9'7f4a'7c15 : 0x9e37'79b9;\n} // namespace llarp\n\ntemplate <>\nstruct std::hash\n{\n size_t operator()(const llarp::ipv4& obj) const noexcept { return hash{}(obj.addr); }\n};\n\ntemplate <>\nstruct std::hash\n{\n size_t operator()(const llarp::ipv6& obj) const noexcept\n {\n std::hash subhash{};\n auto h = subhash(obj.hi);\n h ^= subhash(obj.lo) + llarp::inverse_golden_ratio + (h << 6) + (h >> 2);\n return h;\n }\n};\n" }, { "path": "llarp/address/utils.cpp", "content": "#include \"utils.hpp\"\n\n#include \n#include \n#include \n#include \n\n#include \n\nnamespace llarp\n{\n static auto logcat = log::Cat(\"address-utils\");\n\n namespace detail\n {\n std::optional parse_addr_string(std::string_view arg, std::string_view tld)\n {\n std::optional ret = std::nullopt;\n\n if (auto pos = arg.find_first_of('.'); pos != std::string_view::npos)\n {\n auto _prefix = arg.substr(0, pos);\n // check the pubkey prefix is the right length\n if (_prefix.length() != PUBKEYSIZE)\n return ret;\n\n // verify the tld is allowed\n auto _tld = arg.substr(pos);\n\n if (_tld == tld and TLD::allowed(_tld))\n ret = _prefix;\n }\n\n return ret;\n };\n\n std::pair parse_addr(std::string_view addr, std::optional default_port)\n {\n std::pair result;\n auto &[host, port] = result;\n\n if (auto p = addr.rfind(':'); p != std::string_view::npos)\n {\n if (!parse_int(addr.substr(p + 1), port))\n throw std::invalid_argument{\"Invalid address: could not parse port\"};\n addr.remove_suffix(addr.size() - p);\n }\n else if (default_port.has_value()) // use ::has_value() in case default_port is set but is == 0\n {\n port = *default_port;\n }\n else\n throw std::invalid_argument{\n \"Invalid address: argument contains no port and no default was specified (input:{})\"_format(addr)};\n\n bool had_sq_brackets = false;\n\n if (!addr.empty() && addr.front() == '[' && addr.back() == ']')\n {\n addr.remove_prefix(1);\n addr.remove_suffix(1);\n had_sq_brackets = true;\n }\n\n if (auto p = addr.find_first_not_of(\"0123456789.\"sv); p != std::string_view::npos)\n {\n if (auto q = addr.find_first_not_of(\"0123456789ABCDEFabcdef:.\"); q != std::string_view::npos)\n throw std::invalid_argument{\"Invalid address: does not look like IPv4 or IPv6!\"};\n if (!had_sq_brackets)\n throw std::invalid_argument{\"Invalid address: IPv6 addresses require [...] square brackets\"};\n }\n\n host = addr;\n return result;\n }\n } // namespace detail\n} // namespace llarp\n" }, { "path": "llarp/address/utils.hpp", "content": "#pragma once\n\n#include \n#include \n#include \n\nnamespace llarp\n{\n using namespace std::literals;\n\n namespace TLD\n {\n inline constexpr auto SNODE = \".snode\"sv;\n inline constexpr auto LOKI = \".loki\"sv;\n\n inline constexpr bool allowed(std::string_view dot_tld) { return dot_tld == SNODE || dot_tld == LOKI; }\n } // namespace TLD\n\n namespace detail\n {\n std::optional parse_addr_string(std::string_view arg, std::string_view tld);\n\n std::pair parse_addr(std::string_view addr, std::optional default_port);\n\n } // namespace detail\n\n} // namespace llarp\n" }, { "path": "llarp/android/ifaddrs.c", "content": "/*\nCopyright (c) 2013, Kenneth MacKay\nAll rights reserved.\n\nRedistribution and use in source and binary forms, with or without modification,\nare permitted provided that the following conditions are met:\n * Redistributions of source code must retain the above copyright notice, this\n list of conditions and the following disclaimer.\n * Redistributions in binary form must reproduce the above copyright notice,\n this list of conditions and the following disclaimer in the documentation\n and/or other materials provided with the distribution.\n\nTHIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS \"AS IS\" AND\nANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED\nWARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE\nDISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE LIABLE FOR\nANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES\n(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;\nLOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON\nANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT\n(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS\nSOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n*/\n\n#include \"ifaddrs.h\"\n\n#include \n#include \n#include \n#include \n#include \n#include \n#include \n#include \n#include \n#include \n#include \n\ntypedef struct NetlinkList\n{\n struct NetlinkList* m_next;\n struct nlmsghdr* m_data;\n unsigned int m_size;\n} NetlinkList;\n\nstatic int netlink_socket(void)\n{\n int l_socket = socket(PF_NETLINK, SOCK_RAW, NETLINK_ROUTE);\n if (l_socket < 0)\n {\n return -1;\n }\n\n struct sockaddr_nl l_addr;\n memset(&l_addr, 0, sizeof(l_addr));\n l_addr.nl_family = AF_NETLINK;\n if (bind(l_socket, (struct sockaddr*)&l_addr, sizeof(l_addr)) < 0)\n {\n close(l_socket);\n return -1;\n }\n\n return l_socket;\n}\n\nstatic int netlink_send(int p_socket, int p_request)\n{\n struct\n {\n struct nlmsghdr m_hdr;\n struct rtgenmsg m_msg;\n } l_data;\n\n memset(&l_data, 0, sizeof(l_data));\n\n l_data.m_hdr.nlmsg_len = NLMSG_LENGTH(sizeof(struct rtgenmsg));\n l_data.m_hdr.nlmsg_type = p_request;\n l_data.m_hdr.nlmsg_flags = NLM_F_ROOT | NLM_F_MATCH | NLM_F_REQUEST;\n l_data.m_hdr.nlmsg_pid = 0;\n l_data.m_hdr.nlmsg_seq = p_socket;\n l_data.m_msg.rtgen_family = AF_UNSPEC;\n\n struct sockaddr_nl l_addr;\n memset(&l_addr, 0, sizeof(l_addr));\n l_addr.nl_family = AF_NETLINK;\n return (sendto(p_socket, &l_data.m_hdr, l_data.m_hdr.nlmsg_len, 0, (struct sockaddr*)&l_addr, sizeof(l_addr)));\n}\n\nstatic int netlink_recv(int p_socket, void* p_buffer, size_t p_len)\n{\n struct msghdr l_msg;\n struct iovec l_iov = {p_buffer, p_len};\n struct sockaddr_nl l_addr;\n\n for (;;)\n {\n l_msg.msg_name = (void*)&l_addr;\n l_msg.msg_namelen = sizeof(l_addr);\n l_msg.msg_iov = &l_iov;\n l_msg.msg_iovlen = 1;\n l_msg.msg_control = NULL;\n l_msg.msg_controllen = 0;\n l_msg.msg_flags = 0;\n int l_result = recvmsg(p_socket, &l_msg, 0);\n\n if (l_result < 0)\n {\n if (errno == EINTR)\n {\n continue;\n }\n return -2;\n }\n\n if (l_msg.msg_flags & MSG_TRUNC)\n { // buffer was too small\n return -1;\n }\n return l_result;\n }\n}\n\nstatic struct nlmsghdr* getNetlinkResponse(int p_socket, int* p_size, int* p_done)\n{\n size_t l_size = 4096;\n void* l_buffer = NULL;\n\n for (;;)\n {\n free(l_buffer);\n l_buffer = malloc(l_size);\n if (l_buffer == NULL)\n {\n return NULL;\n }\n\n int l_read = netlink_recv(p_socket, l_buffer, l_size);\n *p_size = l_read;\n if (l_read == -2)\n {\n free(l_buffer);\n return NULL;\n }\n if (l_read >= 0)\n {\n pid_t l_pid = getpid();\n struct nlmsghdr* l_hdr;\n for (l_hdr = (struct nlmsghdr*)l_buffer; NLMSG_OK(l_hdr, (unsigned int)l_read);\n l_hdr = (struct nlmsghdr*)NLMSG_NEXT(l_hdr, l_read))\n {\n if ((pid_t)l_hdr->nlmsg_pid != l_pid || (int)l_hdr->nlmsg_seq != p_socket)\n {\n continue;\n }\n\n if (l_hdr->nlmsg_type == NLMSG_DONE)\n {\n *p_done = 1;\n break;\n }\n\n if (l_hdr->nlmsg_type == NLMSG_ERROR)\n {\n free(l_buffer);\n return NULL;\n }\n }\n return l_buffer;\n }\n\n l_size *= 2;\n }\n}\n\nstatic NetlinkList* newListItem(struct nlmsghdr* p_data, unsigned int p_size)\n{\n NetlinkList* l_item = malloc(sizeof(NetlinkList));\n if (l_item == NULL)\n {\n return NULL;\n }\n\n l_item->m_next = NULL;\n l_item->m_data = p_data;\n l_item->m_size = p_size;\n return l_item;\n}\n\nstatic void freeResultList(NetlinkList* p_list)\n{\n NetlinkList* l_cur;\n while (p_list)\n {\n l_cur = p_list;\n p_list = p_list->m_next;\n free(l_cur->m_data);\n free(l_cur);\n }\n}\n\nstatic NetlinkList* getResultList(int p_socket, int p_request)\n{\n if (netlink_send(p_socket, p_request) < 0)\n {\n return NULL;\n }\n\n NetlinkList* l_list = NULL;\n NetlinkList* l_end = NULL;\n int l_size;\n int l_done = 0;\n while (!l_done)\n {\n struct nlmsghdr* l_hdr = getNetlinkResponse(p_socket, &l_size, &l_done);\n if (!l_hdr)\n { // error\n freeResultList(l_list);\n return NULL;\n }\n\n NetlinkList* l_item = newListItem(l_hdr, l_size);\n if (!l_item)\n {\n freeResultList(l_list);\n return NULL;\n }\n if (!l_list)\n {\n l_list = l_item;\n }\n else\n {\n l_end->m_next = l_item;\n }\n l_end = l_item;\n }\n return l_list;\n}\n\nstatic size_t maxSize(size_t a, size_t b) { return (a > b ? a : b); }\n\nstatic size_t calcAddrLen(sa_family_t p_family, int p_dataSize)\n{\n switch (p_family)\n {\n case AF_INET:\n return sizeof(struct sockaddr_in);\n case AF_INET6:\n return sizeof(struct sockaddr_in6);\n case AF_PACKET:\n return maxSize(sizeof(struct sockaddr_ll), offsetof(struct sockaddr_ll, sll_addr) + p_dataSize);\n default:\n return maxSize(sizeof(struct sockaddr), offsetof(struct sockaddr, sa_data) + p_dataSize);\n }\n}\n\nstatic void makeSockaddr(sa_family_t p_family, struct sockaddr* p_dest, void* p_data, size_t p_size)\n{\n switch (p_family)\n {\n case AF_INET:\n memcpy(&((struct sockaddr_in*)p_dest)->sin_addr, p_data, p_size);\n break;\n case AF_INET6:\n memcpy(&((struct sockaddr_in6*)p_dest)->sin6_addr, p_data, p_size);\n break;\n case AF_PACKET:\n memcpy(((struct sockaddr_ll*)p_dest)->sll_addr, p_data, p_size);\n ((struct sockaddr_ll*)p_dest)->sll_halen = p_size;\n break;\n default:\n memcpy(p_dest->sa_data, p_data, p_size);\n break;\n }\n p_dest->sa_family = p_family;\n}\n\nstatic void addToEnd(struct ifaddrs** p_resultList, struct ifaddrs* p_entry)\n{\n if (!*p_resultList)\n {\n *p_resultList = p_entry;\n }\n else\n {\n struct ifaddrs* l_cur = *p_resultList;\n while (l_cur->ifa_next)\n {\n l_cur = l_cur->ifa_next;\n }\n l_cur->ifa_next = p_entry;\n }\n}\n\nstatic int interpretLink(struct nlmsghdr* p_hdr, struct ifaddrs** p_resultList)\n{\n struct ifinfomsg* l_info = (struct ifinfomsg*)NLMSG_DATA(p_hdr);\n\n size_t l_nameSize = 0;\n size_t l_addrSize = 0;\n size_t l_dataSize = 0;\n\n size_t l_rtaSize = NLMSG_PAYLOAD(p_hdr, sizeof(struct ifinfomsg));\n struct rtattr* l_rta;\n for (l_rta = IFLA_RTA(l_info); RTA_OK(l_rta, l_rtaSize); l_rta = RTA_NEXT(l_rta, l_rtaSize))\n {\n void* l_rtaData = RTA_DATA(l_rta);\n (void)l_rtaData;\n size_t l_rtaDataSize = RTA_PAYLOAD(l_rta);\n switch (l_rta->rta_type)\n {\n case IFLA_ADDRESS:\n case IFLA_BROADCAST:\n l_addrSize += NLMSG_ALIGN(calcAddrLen(AF_PACKET, l_rtaDataSize));\n break;\n case IFLA_IFNAME:\n l_nameSize += NLMSG_ALIGN(l_rtaSize + 1);\n break;\n case IFLA_STATS:\n l_dataSize += NLMSG_ALIGN(l_rtaSize);\n break;\n default:\n break;\n }\n }\n\n struct ifaddrs* l_entry = malloc(sizeof(struct ifaddrs) + sizeof(int) + l_nameSize + l_addrSize + l_dataSize);\n if (l_entry == NULL)\n {\n return -1;\n }\n memset(l_entry, 0, sizeof(struct ifaddrs));\n l_entry->ifa_name = \"\";\n\n char* l_index = ((char*)l_entry) + sizeof(struct ifaddrs);\n char* l_name = l_index + sizeof(int);\n char* l_addr = l_name + l_nameSize;\n char* l_data = l_addr + l_addrSize;\n\n // save the interface index so we can look it up when handling the addresses.\n memcpy(l_index, &l_info->ifi_index, sizeof(int));\n\n l_entry->ifa_flags = l_info->ifi_flags;\n\n l_rtaSize = NLMSG_PAYLOAD(p_hdr, sizeof(struct ifinfomsg));\n for (l_rta = IFLA_RTA(l_info); RTA_OK(l_rta, l_rtaSize); l_rta = RTA_NEXT(l_rta, l_rtaSize))\n {\n void* l_rtaData = RTA_DATA(l_rta);\n size_t l_rtaDataSize = RTA_PAYLOAD(l_rta);\n switch (l_rta->rta_type)\n {\n case IFLA_ADDRESS:\n case IFLA_BROADCAST:\n {\n size_t l_addrLen = calcAddrLen(AF_PACKET, l_rtaDataSize);\n makeSockaddr(AF_PACKET, (struct sockaddr*)l_addr, l_rtaData, l_rtaDataSize);\n ((struct sockaddr_ll*)l_addr)->sll_ifindex = l_info->ifi_index;\n ((struct sockaddr_ll*)l_addr)->sll_hatype = l_info->ifi_type;\n if (l_rta->rta_type == IFLA_ADDRESS)\n {\n l_entry->ifa_addr = (struct sockaddr*)l_addr;\n }\n else\n {\n l_entry->ifa_broadaddr = (struct sockaddr*)l_addr;\n }\n l_addr += NLMSG_ALIGN(l_addrLen);\n break;\n }\n case IFLA_IFNAME:\n strncpy(l_name, l_rtaData, l_rtaDataSize);\n l_name[l_rtaDataSize] = '\\0';\n l_entry->ifa_name = l_name;\n break;\n case IFLA_STATS:\n memcpy(l_data, l_rtaData, l_rtaDataSize);\n l_entry->ifa_data = l_data;\n break;\n default:\n break;\n }\n }\n\n addToEnd(p_resultList, l_entry);\n return 0;\n}\n\nstatic struct ifaddrs* findInterface(int p_index, struct ifaddrs** p_links, int p_numLinks)\n{\n int l_num = 0;\n struct ifaddrs* l_cur = *p_links;\n while (l_cur && l_num < p_numLinks)\n {\n char* l_indexPtr = ((char*)l_cur) + sizeof(struct ifaddrs);\n int l_index;\n memcpy(&l_index, l_indexPtr, sizeof(int));\n if (l_index == p_index)\n {\n return l_cur;\n }\n\n l_cur = l_cur->ifa_next;\n ++l_num;\n }\n return NULL;\n}\n\nstatic int interpretAddr(struct nlmsghdr* p_hdr, struct ifaddrs** p_resultList, int p_numLinks)\n{\n struct ifaddrmsg* l_info = (struct ifaddrmsg*)NLMSG_DATA(p_hdr);\n struct ifaddrs* l_interface = findInterface(l_info->ifa_index, p_resultList, p_numLinks);\n\n if (l_info->ifa_family == AF_PACKET)\n {\n return 0;\n }\n\n size_t l_nameSize = 0;\n size_t l_addrSize = 0;\n\n int l_addedNetmask = 0;\n\n size_t l_rtaSize = NLMSG_PAYLOAD(p_hdr, sizeof(struct ifaddrmsg));\n struct rtattr* l_rta;\n for (l_rta = IFA_RTA(l_info); RTA_OK(l_rta, l_rtaSize); l_rta = RTA_NEXT(l_rta, l_rtaSize))\n {\n void* l_rtaData = RTA_DATA(l_rta);\n (void)l_rtaData;\n size_t l_rtaDataSize = RTA_PAYLOAD(l_rta);\n\n switch (l_rta->rta_type)\n {\n case IFA_ADDRESS:\n case IFA_LOCAL:\n if ((l_info->ifa_family == AF_INET || l_info->ifa_family == AF_INET6) && !l_addedNetmask)\n { // make room for netmask\n l_addrSize += NLMSG_ALIGN(calcAddrLen(l_info->ifa_family, l_rtaDataSize));\n l_addedNetmask = 1;\n }\n case IFA_BROADCAST:\n l_addrSize += NLMSG_ALIGN(calcAddrLen(l_info->ifa_family, l_rtaDataSize));\n break;\n case IFA_LABEL:\n l_nameSize += NLMSG_ALIGN(l_rtaSize + 1);\n break;\n default:\n break;\n }\n }\n\n struct ifaddrs* l_entry = malloc(sizeof(struct ifaddrs) + l_nameSize + l_addrSize);\n if (l_entry == NULL)\n {\n return -1;\n }\n memset(l_entry, 0, sizeof(struct ifaddrs));\n l_entry->ifa_name = (l_interface ? l_interface->ifa_name : \"\");\n\n char* l_name = ((char*)l_entry) + sizeof(struct ifaddrs);\n char* l_addr = l_name + l_nameSize;\n\n l_entry->ifa_flags = l_info->ifa_flags;\n if (l_interface)\n {\n l_entry->ifa_flags |= l_interface->ifa_flags;\n }\n\n l_rtaSize = NLMSG_PAYLOAD(p_hdr, sizeof(struct ifaddrmsg));\n for (l_rta = IFA_RTA(l_info); RTA_OK(l_rta, l_rtaSize); l_rta = RTA_NEXT(l_rta, l_rtaSize))\n {\n void* l_rtaData = RTA_DATA(l_rta);\n size_t l_rtaDataSize = RTA_PAYLOAD(l_rta);\n switch (l_rta->rta_type)\n {\n case IFA_ADDRESS:\n case IFA_BROADCAST:\n case IFA_LOCAL:\n {\n size_t l_addrLen = calcAddrLen(l_info->ifa_family, l_rtaDataSize);\n makeSockaddr(l_info->ifa_family, (struct sockaddr*)l_addr, l_rtaData, l_rtaDataSize);\n if (l_info->ifa_family == AF_INET6)\n {\n if (IN6_IS_ADDR_LINKLOCAL((struct in6_addr*)l_rtaData)\n || IN6_IS_ADDR_MC_LINKLOCAL((struct in6_addr*)l_rtaData))\n {\n ((struct sockaddr_in6*)l_addr)->sin6_scope_id = l_info->ifa_index;\n }\n }\n\n if (l_rta->rta_type == IFA_ADDRESS)\n { // apparently in a point-to-point network IFA_ADDRESS contains the\n // dest address and IFA_LOCAL contains the local address\n if (l_entry->ifa_addr)\n {\n l_entry->ifa_dstaddr = (struct sockaddr*)l_addr;\n }\n else\n {\n l_entry->ifa_addr = (struct sockaddr*)l_addr;\n }\n }\n else if (l_rta->rta_type == IFA_LOCAL)\n {\n if (l_entry->ifa_addr)\n {\n l_entry->ifa_dstaddr = l_entry->ifa_addr;\n }\n l_entry->ifa_addr = (struct sockaddr*)l_addr;\n }\n else\n {\n l_entry->ifa_broadaddr = (struct sockaddr*)l_addr;\n }\n l_addr += NLMSG_ALIGN(l_addrLen);\n break;\n }\n case IFA_LABEL:\n strncpy(l_name, l_rtaData, l_rtaDataSize);\n l_name[l_rtaDataSize] = '\\0';\n l_entry->ifa_name = l_name;\n break;\n default:\n break;\n }\n }\n\n if (l_entry->ifa_addr && (l_entry->ifa_addr->sa_family == AF_INET || l_entry->ifa_addr->sa_family == AF_INET6))\n {\n unsigned l_maxPrefix = (l_entry->ifa_addr->sa_family == AF_INET ? 32 : 128);\n unsigned l_prefix = (l_info->ifa_prefixlen > l_maxPrefix ? l_maxPrefix : l_info->ifa_prefixlen);\n char l_mask[16] = {0};\n unsigned i;\n for (i = 0; i < (l_prefix / 8); ++i)\n {\n l_mask[i] = 0xff;\n }\n if (l_prefix % 8)\n {\n l_mask[i] = 0xff << (8 - (l_prefix % 8));\n }\n\n makeSockaddr(l_entry->ifa_addr->sa_family, (struct sockaddr*)l_addr, l_mask, l_maxPrefix / 8);\n l_entry->ifa_netmask = (struct sockaddr*)l_addr;\n }\n\n addToEnd(p_resultList, l_entry);\n return 0;\n}\n\nstatic int interpretLinks(int p_socket, NetlinkList* p_netlinkList, struct ifaddrs** p_resultList)\n{\n int l_numLinks = 0;\n pid_t l_pid = getpid();\n for (; p_netlinkList; p_netlinkList = p_netlinkList->m_next)\n {\n unsigned int l_nlsize = p_netlinkList->m_size;\n struct nlmsghdr* l_hdr;\n for (l_hdr = p_netlinkList->m_data; NLMSG_OK(l_hdr, l_nlsize); l_hdr = NLMSG_NEXT(l_hdr, l_nlsize))\n {\n if ((pid_t)l_hdr->nlmsg_pid != l_pid || (int)l_hdr->nlmsg_seq != p_socket)\n {\n continue;\n }\n\n if (l_hdr->nlmsg_type == NLMSG_DONE)\n {\n break;\n }\n\n if (l_hdr->nlmsg_type == RTM_NEWLINK)\n {\n if (interpretLink(l_hdr, p_resultList) == -1)\n {\n return -1;\n }\n ++l_numLinks;\n }\n }\n }\n return l_numLinks;\n}\n\nstatic int interpretAddrs(int p_socket, NetlinkList* p_netlinkList, struct ifaddrs** p_resultList, int p_numLinks)\n{\n pid_t l_pid = getpid();\n for (; p_netlinkList; p_netlinkList = p_netlinkList->m_next)\n {\n unsigned int l_nlsize = p_netlinkList->m_size;\n struct nlmsghdr* l_hdr;\n for (l_hdr = p_netlinkList->m_data; NLMSG_OK(l_hdr, l_nlsize); l_hdr = NLMSG_NEXT(l_hdr, l_nlsize))\n {\n if ((pid_t)l_hdr->nlmsg_pid != l_pid || (int)l_hdr->nlmsg_seq != p_socket)\n {\n continue;\n }\n\n if (l_hdr->nlmsg_type == NLMSG_DONE)\n {\n break;\n }\n\n if (l_hdr->nlmsg_type == RTM_NEWADDR)\n {\n if (interpretAddr(l_hdr, p_resultList, p_numLinks) == -1)\n {\n return -1;\n }\n }\n }\n }\n return 0;\n}\n\nint getifaddrs(struct ifaddrs** ifap)\n{\n if (!ifap)\n {\n return -1;\n }\n *ifap = NULL;\n\n int l_socket = netlink_socket();\n if (l_socket < 0)\n {\n return -1;\n }\n\n NetlinkList* l_linkResults = getResultList(l_socket, RTM_GETLINK);\n if (!l_linkResults)\n {\n close(l_socket);\n return -1;\n }\n\n NetlinkList* l_addrResults = getResultList(l_socket, RTM_GETADDR);\n if (!l_addrResults)\n {\n close(l_socket);\n freeResultList(l_linkResults);\n return -1;\n }\n\n int l_result = 0;\n int l_numLinks = interpretLinks(l_socket, l_linkResults, ifap);\n if (l_numLinks == -1 || interpretAddrs(l_socket, l_addrResults, ifap, l_numLinks) == -1)\n {\n l_result = -1;\n }\n\n freeResultList(l_linkResults);\n freeResultList(l_addrResults);\n close(l_socket);\n return l_result;\n}\n\nvoid freeifaddrs(struct ifaddrs* ifa)\n{\n struct ifaddrs* l_cur;\n while (ifa)\n {\n l_cur = ifa;\n ifa = ifa->ifa_next;\n free(l_cur);\n }\n}\n" }, { "path": "llarp/android/ifaddrs.h", "content": "/*\n * Copyright (c) 1995, 1999\n *\tBerkeley Software Design, Inc. All rights reserved.\n *\n * Redistribution and use in source and binary forms, with or without\n * modification, are permitted provided that the following conditions\n * are met:\n * 1. Redistributions of source code must retain the above copyright\n * notice, this list of conditions and the following disclaimer.\n *\n * THIS SOFTWARE IS PROVIDED BY Berkeley Software Design, Inc. ``AS IS'' AND\n * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE\n * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE\n * ARE DISCLAIMED. IN NO EVENT SHALL Berkeley Software Design, Inc. BE LIABLE\n * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL\n * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS\n * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)\n * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT\n * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY\n * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF\n * SUCH DAMAGE.\n *\n *\tBSDI ifaddrs.h,v 2.5 2000/02/23 14:51:59 dab Exp\n */\n\n#pragma once\n\nstruct ifaddrs\n{\n struct ifaddrs* ifa_next;\n char* ifa_name;\n unsigned int ifa_flags;\n struct sockaddr* ifa_addr;\n struct sockaddr* ifa_netmask;\n struct sockaddr* ifa_dstaddr;\n void* ifa_data;\n};\n\n/*\n * This may have been defined in . Note that if is\n * to be included it must be included before this header file.\n */\n#ifndef ifa_broadaddr\n#define ifa_broadaddr ifa_dstaddr /* broadcast address interface */\n#endif\n\n#include \n\n__BEGIN_DECLS\nextern int getifaddrs(struct ifaddrs** ifap);\nextern void freeifaddrs(struct ifaddrs* ifa);\n__END_DECLS\n" }, { "path": "llarp/app.xml", "content": "\n\n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n \n" }, { "path": "llarp/apple/CMakeLists.txt", "content": "\n# 3.13+ so that we can add link libraries to parent targets\ncmake_minimum_required(VERSION 3.13)\n\nif (LOKINET_DAEMON AND (BUILD_SHARED_LIBS OR NOT BUILD_STATIC_DEPS OR NOT STATIC_LINK))\n message(FATAL_ERROR \"macOS full builds require a full static build; perhaps use the contrib/mac.sh script to build?\")\nendif()\n\n# god (steve jobs) made apple so that man may suffer\nfind_library(FOUNDATION Foundation REQUIRED)\n\ntarget_link_libraries(lokinet-base INTERFACE ${FOUNDATION})\n\nif (LOKINET_DAEMON)\n\n target_sources(lokinet-platform PRIVATE vpn_platform.cpp vpn_interface.cpp route_manager.cpp context_wrapper.cpp)\n\n find_library(NETEXT NetworkExtension REQUIRED)\n find_library(COREFOUNDATION CoreFoundation REQUIRED)\n\n add_executable(lokinet-extension MACOSX_BUNDLE\n PacketTunnelProvider.m\n DNSTrampoline.m\n )\n\n enable_lto(lokinet-extension)\n\n # -fobjc-arc enables automatic reference counting for objective-C code\n # -e _NSExtensionMain because the appex has that instead of a `main` function entry point, of course.\n target_compile_options(lokinet-extension PRIVATE -fobjc-arc)\n if(MACOS_SYSTEM_EXTENSION)\n target_compile_definitions(lokinet-extension PRIVATE MACOS_SYSTEM_EXTENSION)\n target_compile_definitions(lokinet-base INTERFACE MACOS_SYSTEM_EXTENSION)\n else()\n target_link_options(lokinet-extension PRIVATE -e _NSExtensionMain)\n endif()\n\n if(MACOS_SYSTEM_EXTENSION)\n set(bundle_ext systemextension)\n set(product_type com.apple.product-type.system-extension)\n else()\n set(bundle_ext appex)\n set(product_type com.apple.product-type.app-extension)\n endif()\n\n target_link_libraries(lokinet-extension PRIVATE\n lokinet-core\n ${COREFOUNDATION}\n ${NETEXT})\n\n set_target_properties(lokinet-extension PROPERTIES\n BUNDLE TRUE\n BUNDLE_EXTENSION ${bundle_ext}\n OUTPUT_NAME org.lokinet.network-extension\n MACOSX_BUNDLE_INFO_PLIST ${PROJECT_SOURCE_DIR}/contrib/macos/lokinet-extension.Info.plist.in\n XCODE_PRODUCT_TYPE ${product_type}\n )\n\n if(CODESIGN AND CODESIGN_EXT_PROFILE)\n add_custom_command(TARGET lokinet-extension\n POST_BUILD\n COMMAND ${CMAKE_COMMAND} -E copy_if_different\n ${CODESIGN_EXT_PROFILE}\n $/Contents/embedded.provisionprofile\n )\n endif()\n\nendif()\n" }, { "path": "llarp/apple/DNSTrampoline.h", "content": "#pragma once\n#include \n#include \n\nextern NSString* error_domain;\n\n/**\n * \"Trampoline\" class that listens for UDP DNS packets when we have exit mode enabled. These arrive\n * on localhost:1053 coming from lokinet's embedded libunbound (when exit mode is enabled), wraps\n * them via NetworkExtension's crappy UDP API, then sends responses back to libunbound to be\n * parsed/etc. This class knows nothing about DNS, it is basically just a UDP packet forwarder, but\n * using Apple magic reinvented wheel wrappers that are oh so wonderful like everything Apple.\n *\n * So for a lokinet configuration of \"upstream=1.1.1.1\", when exit mode is OFF:\n * - DNS requests go unbound either to 127.0.0.1:53 directly (system extension) or bounced through\n * TUNNELIP:53 (app extension), which forwards them (directly) to the upstream DNS server(s).\n * With exit mode ON:\n * - DNS requests go to unbound, as above, and unbound forwards them to 127.0.0.1:1053, which\n * encapsulates them in Apple's god awful crap, then (on a response) sends them back to\n * libunbound to be delivered back to the requestor.\n * (This assumes a non-lokinet DNS; .loki and .snode get handled before either of these).\n */\n@interface LLARPDNSTrampoline : NSObject\n{\n // The socket libunbound talks with:\n uv_udp_t request_socket;\n // The reply address. This is a bit hacky: we configure libunbound to just use single address\n // (rather than a range) so that we don't have to worry about tracking different reply\n // addresses.\n @public\n struct sockaddr reply_addr;\n // UDP \"session\" aimed at the upstream DNS\n @public\n NWUDPSession* upstream;\n // Apple docs say writes could take time *and* the crappy Apple datagram write methods aren't\n // callable again until the previous write finishes. Deal with this garbage API by queuing\n // everything than using a uv_async to process the queue.\n @public\n int write_ready;\n @public\n NSMutableArray* pending_writes;\n uv_async_t write_trigger;\n}\n- (void)startWithUpstreamDns:(NWUDPSession*)dns\n listenIp:(NSString*)listenIp\n listenPort:(uint16_t)listenPort\n uvLoop:(uv_loop_t*)loop\n completionHandler:(void (^)(NSError* error))completionHandler;\n\n- (void)flushWrites;\n\n- (void)dealloc;\n\n@end\n" }, { "path": "llarp/apple/DNSTrampoline.m", "content": "#include \"DNSTrampoline.h\"\n\n#include \n\nNSString* error_domain = @\"org.lokinet\";\n\n// Receiving an incoming packet, presumably from libunbound. NB: this is called from the libuv\n// event loop.\nstatic void on_request(\n uv_udp_t* socket, ssize_t nread, const uv_buf_t* buf, const struct sockaddr* addr, unsigned flags)\n{\n (void)flags;\n if (nread < 0)\n {\n NSLog(@\"Read error: %s\", uv_strerror(nread));\n free(buf->base);\n return;\n }\n\n if (nread == 0 || !addr)\n {\n if (buf)\n free(buf->base);\n return;\n }\n\n LLARPDNSTrampoline* t = (__bridge LLARPDNSTrampoline*)socket->data;\n\n // We configure libunbound to use just one single port so we'll just send replies to the last\n // port to talk to us. (And we're only listening on localhost in the first place).\n t->reply_addr = *addr;\n\n // NSData takes care of calling free(buf->base) for us with this constructor:\n [t->pending_writes addObject:[NSData dataWithBytesNoCopy:buf->base length:nread]];\n\n [t flushWrites];\n}\n\nstatic void on_sent(uv_udp_send_t* req, int status)\n{\n (void)status;\n NSArray* datagrams = (__bridge_transfer NSArray*)req->data;\n (void)datagrams;\n free(req);\n}\n\n// NB: called from the libuv event loop (so we don't have to worry about the above and this one\n// running at once from different threads).\nstatic void write_flusher(uv_async_t* async)\n{\n LLARPDNSTrampoline* t = (__bridge LLARPDNSTrampoline*)async->data;\n if (t->pending_writes.count == 0)\n return;\n\n NSArray* data = [NSArray arrayWithArray:t->pending_writes];\n [t->pending_writes removeAllObjects];\n __weak LLARPDNSTrampoline* weakSelf = t;\n [t->upstream writeMultipleDatagrams:data\n completionHandler:^(NSError* error) {\n if (error)\n NSLog(@\"Failed to send request to upstream DNS: %@\", error);\n\n // Trigger another flush in case anything built up while Apple was doing its\n // things. Just call it unconditionally (rather than checking the queue)\n // because this handler is probably running in some other thread.\n [weakSelf flushWrites];\n }];\n}\n\nstatic void alloc_buffer(uv_handle_t* handle, size_t suggested_size, uv_buf_t* buf)\n{\n (void)handle;\n buf->base = malloc(suggested_size);\n buf->len = suggested_size;\n}\n\n@implementation LLARPDNSTrampoline\n\n- (void)startWithUpstreamDns:(NWUDPSession*)dns\n listenIp:(NSString*)listenIp\n listenPort:(uint16_t)listenPort\n uvLoop:(uv_loop_t*)loop\n completionHandler:(void (^)(NSError* error))completionHandler\n{\n NSLog(@\"Setting up trampoline\");\n pending_writes = [[NSMutableArray alloc] init];\n write_trigger.data = (__bridge void*)self;\n uv_async_init(loop, &write_trigger, write_flusher);\n\n request_socket.data = (__bridge void*)self;\n uv_udp_init(loop, &request_socket);\n struct sockaddr_in recv_addr;\n uv_ip4_addr(listenIp.UTF8String, listenPort, &recv_addr);\n int ret = uv_udp_bind(&request_socket, (const struct sockaddr*)&recv_addr, UV_UDP_REUSEADDR);\n if (ret < 0)\n {\n NSString* errstr = [NSString stringWithFormat:@\"Failed to start DNS trampoline: %s\", uv_strerror(ret)];\n NSError* err = [NSError errorWithDomain:error_domain code:ret userInfo:@{@\"Error\": errstr}];\n NSLog(@\"%@\", err);\n return completionHandler(err);\n }\n uv_udp_recv_start(&request_socket, alloc_buffer, on_request);\n\n NSLog(@\"Starting DNS trampoline\");\n\n upstream = dns;\n __weak LLARPDNSTrampoline* weakSelf = self;\n [upstream\n setReadHandler:^(NSArray* datagrams, NSError* error) {\n // Reading a reply back from the UDP socket used to talk to upstream\n if (error)\n {\n NSLog(@\"Reader handler failed: %@\", error);\n return;\n }\n LLARPDNSTrampoline* strongSelf = weakSelf;\n if (!strongSelf || datagrams.count == 0)\n return;\n\n uv_buf_t* buffers = malloc(datagrams.count * sizeof(uv_buf_t));\n size_t buf_count = 0;\n for (NSData* packet in datagrams)\n {\n buffers[buf_count].base = (void*)packet.bytes;\n buffers[buf_count].len = packet.length;\n buf_count++;\n }\n uv_udp_send_t* uvsend = malloc(sizeof(uv_udp_send_t));\n uvsend->data = (__bridge_retained void*)datagrams;\n int ret =\n uv_udp_send(uvsend, &strongSelf->request_socket, buffers, buf_count, &strongSelf->reply_addr, on_sent);\n free(buffers);\n if (ret < 0)\n NSLog(@\"Error returning DNS responses to unbound: %s\", uv_strerror(ret));\n }\n maxDatagrams:NSUIntegerMax];\n\n completionHandler(nil);\n}\n\n- (void)flushWrites\n{\n uv_async_send(&write_trigger);\n}\n\n- (void)dealloc\n{\n NSLog(@\"Stopping DNS trampoline\");\n uv_close((uv_handle_t*)&request_socket, NULL);\n uv_close((uv_handle_t*)&write_trigger, NULL);\n}\n\n@end\n" }, { "path": "llarp/apple/PacketTunnelProvider.m", "content": "#include \"context_wrapper.h\"\n#include \"DNSTrampoline.h\"\n\n#include \n#include \n\n#define LLARP_APPLE_PACKET_BUF_SIZE 64\n\n@interface LLARPPacketTunnel : NEPacketTunnelProvider\n{\n void* lokinet;\n llarp_incoming_packet packet_buf[LLARP_APPLE_PACKET_BUF_SIZE];\n @public\n NEPacketTunnelNetworkSettings* settings;\n @public\n NEIPv4Route* tun_route4;\n @public\n NEIPv6Route* tun_route6;\n LLARPDNSTrampoline* dns_tramp;\n}\n\n- (void)startTunnelWithOptions:(NSDictionary*)options\n completionHandler:(void (^)(NSError* error))completionHandler;\n\n- (void)stopTunnelWithReason:(NEProviderStopReason)reason completionHandler:(void (^)(void))completionHandler;\n\n- (void)handleAppMessage:(NSData*)messageData completionHandler:(void (^)(NSData* responseData))completionHandler;\n\n- (void)readPackets;\n\n- (void)updateNetworkSettings;\n\n@end\n\nstatic void nslogger(const char* msg) { NSLog(@\"%s\", msg); }\n\nstatic void packet_writer(int af, const void* data, size_t size, void* ctx)\n{\n if (ctx == nil || data == nil)\n return;\n\n NSData* buf = [NSData dataWithBytesNoCopy:(void*)data length:size freeWhenDone:NO];\n LLARPPacketTunnel* t = (__bridge LLARPPacketTunnel*)ctx;\n [t.packetFlow writePackets:@[buf] withProtocols:@[[NSNumber numberWithInt:af]]];\n}\n\nstatic void start_packet_reader(void* ctx)\n{\n if (ctx == nil)\n return;\n\n LLARPPacketTunnel* t = (__bridge LLARPPacketTunnel*)ctx;\n [t readPackets];\n}\n\nstatic void add_ipv4_route(const char* addr, const char* netmask, void* ctx)\n{\n NSLog(@\"Adding IPv4 route %s:%s to packet tunnel\", addr, netmask);\n NEIPv4Route* route = [[NEIPv4Route alloc] initWithDestinationAddress:[NSString stringWithUTF8String:addr]\n subnetMask:[NSString stringWithUTF8String:netmask]];\n\n LLARPPacketTunnel* t = (__bridge LLARPPacketTunnel*)ctx;\n for (NEIPv4Route* r in t->settings.IPv4Settings.includedRoutes)\n if ([r.destinationAddress isEqualToString:route.destinationAddress] &&\n [r.destinationSubnetMask isEqualToString:route.destinationSubnetMask])\n return; // Already in the settings, nothing to add.\n\n t->settings.IPv4Settings.includedRoutes = [t->settings.IPv4Settings.includedRoutes arrayByAddingObject:route];\n\n [t updateNetworkSettings];\n}\n\nstatic void del_ipv4_route(const char* addr, const char* netmask, void* ctx)\n{\n NSLog(@\"Removing IPv4 route %s:%s to packet tunnel\", addr, netmask);\n NEIPv4Route* route = [[NEIPv4Route alloc] initWithDestinationAddress:[NSString stringWithUTF8String:addr]\n subnetMask:[NSString stringWithUTF8String:netmask]];\n\n LLARPPacketTunnel* t = (__bridge LLARPPacketTunnel*)ctx;\n NSMutableArray* routes = [NSMutableArray arrayWithArray:t->settings.IPv4Settings.includedRoutes];\n for (size_t i = 0; i < routes.count; i++)\n {\n if ([routes[i].destinationAddress isEqualToString:route.destinationAddress] &&\n [routes[i].destinationSubnetMask isEqualToString:route.destinationSubnetMask])\n {\n [routes removeObjectAtIndex:i];\n i--;\n }\n }\n\n if (routes.count != t->settings.IPv4Settings.includedRoutes.count)\n {\n t->settings.IPv4Settings.includedRoutes = routes;\n [t updateNetworkSettings];\n }\n}\n\nstatic void add_ipv6_route(const char* addr, int prefix, void* ctx)\n{\n NEIPv6Route* route = [[NEIPv6Route alloc] initWithDestinationAddress:[NSString stringWithUTF8String:addr]\n networkPrefixLength:[NSNumber numberWithInt:prefix]];\n\n LLARPPacketTunnel* t = (__bridge LLARPPacketTunnel*)ctx;\n for (NEIPv6Route* r in t->settings.IPv6Settings.includedRoutes)\n if ([r.destinationAddress isEqualToString:route.destinationAddress] &&\n [r.destinationNetworkPrefixLength isEqualToNumber:route.destinationNetworkPrefixLength])\n return; // Already in the settings, nothing to add.\n\n t->settings.IPv6Settings.includedRoutes = [t->settings.IPv6Settings.includedRoutes arrayByAddingObject:route];\n\n [t updateNetworkSettings];\n}\n\nstatic void del_ipv6_route(const char* addr, int prefix, void* ctx)\n{\n NEIPv6Route* route = [[NEIPv6Route alloc] initWithDestinationAddress:[NSString stringWithUTF8String:addr]\n networkPrefixLength:[NSNumber numberWithInt:prefix]];\n\n LLARPPacketTunnel* t = (__bridge LLARPPacketTunnel*)ctx;\n NSMutableArray* routes = [NSMutableArray arrayWithArray:t->settings.IPv6Settings.includedRoutes];\n for (size_t i = 0; i < routes.count; i++)\n {\n if ([routes[i].destinationAddress isEqualToString:route.destinationAddress] &&\n [routes[i].destinationNetworkPrefixLength isEqualToNumber:route.destinationNetworkPrefixLength])\n {\n [routes removeObjectAtIndex:i];\n i--;\n }\n }\n\n if (routes.count != t->settings.IPv6Settings.includedRoutes.count)\n {\n t->settings.IPv6Settings.includedRoutes = routes;\n [t updateNetworkSettings];\n }\n}\n\nstatic void add_default_route(void* ctx)\n{\n NSLog(@\"Making the tunnel the default route\");\n LLARPPacketTunnel* t = (__bridge LLARPPacketTunnel*)ctx;\n\n t->settings.IPv4Settings.includedRoutes = @[NEIPv4Route.defaultRoute];\n t->settings.IPv6Settings.includedRoutes = @[NEIPv6Route.defaultRoute];\n\n [t updateNetworkSettings];\n}\n\nstatic void del_default_route(void* ctx)\n{\n NSLog(@\"Removing default route from tunnel\");\n LLARPPacketTunnel* t = (__bridge LLARPPacketTunnel*)ctx;\n\n t->settings.IPv4Settings.includedRoutes = @[t->tun_route4];\n t->settings.IPv6Settings.includedRoutes = @[t->tun_route6];\n\n [t updateNetworkSettings];\n}\n\n@implementation LLARPPacketTunnel\n\n- (void)readPackets\n{\n [self.packetFlow readPacketObjectsWithCompletionHandler:^(NSArray* packets) {\n if (lokinet == nil)\n return;\n\n size_t size = 0;\n for (NEPacket* p in packets)\n {\n packet_buf[size].bytes = p.data.bytes;\n packet_buf[size].size = p.data.length;\n size++;\n if (size >= LLARP_APPLE_PACKET_BUF_SIZE)\n {\n llarp_apple_incoming(lokinet, packet_buf, size);\n size = 0;\n }\n }\n if (size > 0)\n llarp_apple_incoming(lokinet, packet_buf, size);\n\n [self readPackets];\n }];\n}\n\n- (void)startTunnelWithOptions:(NSDictionary*)options\n completionHandler:(void (^)(NSError*))completionHandler\n{\n NSString* default_bootstrap = [NSBundle.mainBundle pathForResource:@\"bootstrap\" ofType:@\"signed\"];\n NSString* home = NSHomeDirectory();\n\n llarp_apple_config conf = {\n .config_dir = home.UTF8String,\n .default_bootstrap = default_bootstrap.UTF8String,\n .ns_logger = nslogger,\n .packet_writer = packet_writer,\n .start_reading = start_packet_reader,\n .route_callbacks =\n {.add_ipv4_route = add_ipv4_route,\n .del_ipv4_route = del_ipv4_route,\n .add_ipv6_route = add_ipv6_route,\n .del_ipv6_route = del_ipv6_route,\n .add_default_route = add_default_route,\n .del_default_route = del_default_route},\n };\n\n lokinet = llarp_apple_init(&conf);\n if (!lokinet)\n {\n NSError* init_failure = [NSError errorWithDomain:error_domain\n code:500\n userInfo:@{@\"Error\": @\"Failed to initialize lokinet\"}];\n NSLog(@\"%@\", [init_failure localizedDescription]);\n return completionHandler(init_failure);\n }\n\n NSString* ip = [NSString stringWithUTF8String:conf.tunnel_ipv4_ip];\n NSString* mask = [NSString stringWithUTF8String:conf.tunnel_ipv4_netmask];\n\n // We don't have a fixed address so just stick some bogus value here:\n settings = [[NEPacketTunnelNetworkSettings alloc] initWithTunnelRemoteAddress:@\"127.3.2.1\"];\n\n#ifdef MACOS_SYSTEM_EXTENSION\n NSString* dns_ip = [NSString stringWithUTF8String:conf.dns_bind_ip];\n#else\n // TODO: placeholder\n NSString* dns_ip = ip;\n#endif\n NSLog(@\"setting dns to %@\", dns_ip);\n NEDNSSettings* dns = [[NEDNSSettings alloc] initWithServers:@[dns_ip]];\n dns.domainName = @\"localhost.loki\";\n dns.matchDomains = @[@\"\"];\n // In theory, matchDomains is supposed to be set to DNS suffixes that we resolve. This seems\n // highly unreliable, though: often it just doesn't work at all (perhaps only if we make\n // ourselves the default route?), and even when it does work, it seems there are secret reasons\n // that some domains (such as instagram.com) still won't work because there's some magic sauce\n // in the OS that Apple engineers don't want to disclose (\"This is what I expected, actually.\n // Although I will not comment on what I believe is happening here\", from\n // https://developer.apple.com/forums/thread/685410).\n //\n // So the documentation sucks and the feature doesn't appear to work, so as much as it would be\n // nice to capture only .loki and .snode when not in exit mode, we can't, so capture everything\n // and use our default upstream.\n dns.matchDomains = @[@\"\"];\n dns.matchDomainsNoSearch = true;\n dns.searchDomains = @[];\n settings.DNSSettings = dns;\n\n NWHostEndpoint* upstreamdns_ep;\n if (strlen(conf.upstream_dns))\n upstreamdns_ep = [NWHostEndpoint endpointWithHostname:[NSString stringWithUTF8String:conf.upstream_dns]\n port:@(conf.upstream_dns_port).stringValue];\n\n NEIPv4Settings* ipv4 = [[NEIPv4Settings alloc] initWithAddresses:@[ip] subnetMasks:@[mask]];\n tun_route4 = [[NEIPv4Route alloc] initWithDestinationAddress:ip subnetMask:mask];\n ipv4.includedRoutes = @[tun_route4];\n settings.IPv4Settings = ipv4;\n\n NSString* ip6 = [NSString stringWithUTF8String:conf.tunnel_ipv6_ip];\n NSNumber* ip6_prefix = [NSNumber numberWithUnsignedInt:conf.tunnel_ipv6_prefix];\n NEIPv6Settings* ipv6 = [[NEIPv6Settings alloc] initWithAddresses:@[ip6] networkPrefixLengths:@[ip6_prefix]];\n tun_route6 = [[NEIPv6Route alloc] initWithDestinationAddress:ip6 networkPrefixLength:ip6_prefix];\n ipv6.includedRoutes = @[tun_route6];\n settings.IPv6Settings = ipv6;\n\n __weak LLARPPacketTunnel* weakSelf = self;\n [self setTunnelNetworkSettings:settings\n completionHandler:^(NSError* err) {\n if (err)\n {\n NSLog(@\"Failed to configure lokinet tunnel: %@\", err);\n return completionHandler(err);\n }\n LLARPPacketTunnel* strongSelf = weakSelf;\n if (!strongSelf)\n return completionHandler(nil);\n\n int start_ret = llarp_apple_start(strongSelf->lokinet, (__bridge void*)strongSelf);\n if (start_ret != 0)\n {\n NSError* start_failure = [NSError errorWithDomain:error_domain\n code:start_ret\n userInfo:@{@\"Error\": @\"Failed to start lokinet\"}];\n NSLog(@\"%@\", start_failure);\n lokinet = nil;\n return completionHandler(start_failure);\n }\n\n NSString* dns_tramp_ip = @\"127.0.0.1\";\n NSLog(\n @\"Starting DNS exit mode trampoline to %@ on %@:%d\",\n upstreamdns_ep,\n dns_tramp_ip,\n dns_trampoline_port);\n NWUDPSession* upstreamdns = [strongSelf createUDPSessionThroughTunnelToEndpoint:upstreamdns_ep\n fromEndpoint:nil];\n strongSelf->dns_tramp = [LLARPDNSTrampoline alloc];\n [strongSelf->dns_tramp startWithUpstreamDns:upstreamdns\n listenIp:dns_tramp_ip\n listenPort:dns_trampoline_port\n uvLoop:llarp_apple_get_uv_loop(strongSelf->lokinet)\n completionHandler:^(NSError* error) {\n if (error)\n NSLog(@\"Error starting dns trampoline: %@\", error);\n return completionHandler(error);\n }];\n }];\n}\n\n- (void)stopTunnelWithReason:(NEProviderStopReason)reason completionHandler:(void (^)(void))completionHandler\n{\n if (lokinet)\n {\n llarp_apple_shutdown(lokinet);\n lokinet = nil;\n }\n completionHandler();\n}\n\n- (void)handleAppMessage:(NSData*)messageData completionHandler:(void (^)(NSData* responseData))completionHandler\n{\n NSData* response = [NSData dataWithBytesNoCopy:\"ok\" length:3 freeWhenDone:NO];\n completionHandler(response);\n}\n\n- (void)updateNetworkSettings\n{\n self.reasserting = YES;\n __weak LLARPPacketTunnel* weakSelf = self;\n // Apple documentation says that setting network settings to nil isn't required before setting\n // it to a new value. Apple lies: both end up with a routing table that looks exactly the same\n // (from both `netstat -rn` and from everything that happens in `route -n monitor`), but if we\n // don't call with nil first then everything fails to route to either lokinet *and* clearnet\n // through the exit, so there is apparently some special magic internal Apple state that\n // actually *does* require the tunnel settings being reset with nil first.\n //\n // Thanks for the accurate documentation, Apple.\n //\n [self setTunnelNetworkSettings:nil\n completionHandler:^(NSError* err) {\n if (err)\n NSLog(@\"Failed to clear lokinet tunnel settings: %@\", err);\n LLARPPacketTunnel* strongSelf = weakSelf;\n if (strongSelf)\n {\n [weakSelf setTunnelNetworkSettings:strongSelf->settings\n completionHandler:^(NSError* err) {\n LLARPPacketTunnel* strongSelf = weakSelf;\n if (strongSelf)\n strongSelf.reasserting = NO;\n if (err)\n NSLog(\n @\"Failed to reconfigure lokinet tunnel settings: \"\n @\"%@\",\n err);\n }];\n }\n }];\n}\n\n@end\n\n#ifdef MACOS_SYSTEM_EXTENSION\n\nint main()\n{\n [NEProvider startSystemExtensionMode];\n dispatch_main();\n}\n\n#endif\n" }, { "path": "llarp/apple/context.hpp", "content": "#pragma once\n\n#include \"route_manager.hpp\"\n#include \"vpn_platform.hpp\"\n\n#include \n\nnamespace llarp::apple\n{\n struct Context : public llarp::Context\n {\n std::shared_ptr make_vpn_platform() override\n {\n return std::make_shared(\n *this, m_PacketWriter, m_OnReadable, route_callbacks, callback_context);\n }\n\n // Callbacks that must be set for packet handling *before* calling Setup/Configure/Run; the\n // main point of these is to get passed through to VPNInterface, which will be called during\n // setup, after construction.\n VPNInterface::packet_write_callback m_PacketWriter;\n VPNInterface::on_readable_callback m_OnReadable;\n llarp_route_callbacks route_callbacks{};\n void* callback_context = nullptr;\n };\n\n} // namespace llarp::apple\n" }, { "path": "llarp/apple/context_wrapper.cpp", "content": "#include \"context_wrapper.h\"\n\n#include \"context.hpp\"\n#include \"vpn_interface.hpp\"\n\n#include \n#include \n#include \n#include \n#include \n#include \n\n#include \n#include \n#include \n\nnamespace\n{\n static auto logcat = oxen::log::Cat(\"apple.ctx_wrapper\");\n\n struct instance_data\n {\n llarp::apple::Context context;\n std::thread runner;\n packet_writer_callback packet_writer;\n start_reading_callback start_reading;\n\n std::weak_ptr iface;\n };\n\n} // namespace\n\n// Expose this with C linkage so that objective-c can use it\nextern \"C\" const uint16_t dns_trampoline_port = llarp::apple::dns_trampoline_port;\n\nvoid* llarp_apple_init(llarp_apple_config* appleconf)\n{\n llarp::log::clear_sinks();\n llarp::log::add_sink(std::make_shared(\n [](const char* msg, void* nslog) { reinterpret_cast(nslog)(msg); },\n nullptr,\n reinterpret_cast(appleconf->ns_logger)));\n llarp::logRingBuffer = std::make_shared(100);\n llarp::log::add_sink(llarp::logRingBuffer, llarp::log::DEFAULT_PATTERN_MONO);\n\n try\n {\n auto config_dir = std::filesystem::u8path(appleconf->config_dir);\n auto config = std::make_shared(config_dir);\n std::filesystem::path config_path = config_dir / \"lokinet.ini\";\n if (!exists(config_path))\n llarp::ensure_config(config_dir, config_path, false, llarp::config::Type::FullClient);\n config->load(config_path);\n\n // If no range is specified then go look for a free one, set that in the config, and then\n // return it to the caller via the char* parameters.\n auto& range = config->network.if_addr;\n if (!range.addr.h)\n {\n if (auto maybe = llarp::net::Platform::Default_ptr()->find_free_range())\n range = *maybe;\n else\n throw std::runtime_error{\"Could not find any free IP range\"};\n }\n auto addr = llarp::net::TruncateV6(range.addr).to_string();\n auto mask = llarp::net::TruncateV6(range.netmask_bits).to_string();\n if (addr.size() > 15 || mask.size() > 15)\n throw std::runtime_error{\"Unexpected non-IPv4 tunnel range configured\"};\n std::strncpy(appleconf->tunnel_ipv4_ip, addr.c_str(), sizeof(appleconf->tunnel_ipv4_ip));\n std::strncpy(appleconf->tunnel_ipv4_netmask, mask.c_str(), sizeof(appleconf->tunnel_ipv4_netmask));\n\n // TODO: in the future we want to do this properly with our pubkey (see issue #1705), but\n // that's going to take a bit more work because we currently can't *get* the (usually)\n // ephemeral pubkey at this stage of lokinet configuration. So for now we just stick our\n // IPv4 address into it until #1705 gets implemented.\n llarp::huint128_t ipv6{llarp::uint128_t{0xfd2e'6c6f'6b69'0000, llarp::net::TruncateV6(range.addr).h}};\n std::strncpy(appleconf->tunnel_ipv6_ip, ipv6.to_string().c_str(), sizeof(appleconf->tunnel_ipv6_ip));\n appleconf->tunnel_ipv6_prefix = 48;\n\n appleconf->upstream_dns[0] = '\\0';\n for (auto& upstream : config->dns.upstream_dns)\n {\n if (upstream.isIPv4())\n {\n std::strcpy(appleconf->upstream_dns, upstream.hostString().c_str());\n appleconf->upstream_dns_port = upstream.getPort();\n break;\n }\n }\n\n#ifdef MACOS_SYSTEM_EXTENSION\n std::strncpy(\n appleconf->dns_bind_ip, config->dns.m_bind.front().hostString().c_str(), sizeof(appleconf->dns_bind_ip));\n#endif\n\n // If no explicit bootstrap then set the system default one included with the app bundle\n if (config->bootstrap.files.empty())\n config->bootstrap.files.push_back(std::filesystem::u8path(appleconf->default_bootstrap));\n\n auto inst = std::make_unique();\n inst->context.Configure(std::move(config));\n inst->context.route_callbacks = appleconf->route_callbacks;\n\n inst->packet_writer = appleconf->packet_writer;\n inst->start_reading = appleconf->start_reading;\n\n return inst.release();\n }\n catch (const std::exception& e)\n {\n oxen::log::error(logcat, \"Failed to initialize lokinet from config: {}\", e.what());\n }\n return nullptr;\n}\n\nint llarp_apple_start(void* lokinet, void* callback_context)\n{\n auto* inst = static_cast(lokinet);\n\n inst->context.callback_context = callback_context;\n\n inst->context.m_PacketWriter = [inst, callback_context](int af_family, void* data, size_t size) {\n inst->packet_writer(af_family, data, size, callback_context);\n return true;\n };\n\n inst->context.m_OnReadable = [inst, callback_context](llarp::apple::VPNInterface& iface) {\n inst->iface = iface.weak_from_this();\n inst->start_reading(callback_context);\n };\n\n std::promise result;\n inst->runner = std::thread{[inst, &result] {\n const llarp::RuntimeOptions opts{};\n try\n {\n inst->context.Setup(opts);\n }\n catch (...)\n {\n result.set_exception(std::current_exception());\n return;\n }\n result.set_value();\n inst->context.Run(opts);\n }};\n\n try\n {\n result.get_future().get();\n }\n catch (const std::exception& e)\n {\n oxen::log::error(logcat, \"Failed to initialize lokinet: {}\", e.what());\n return -1;\n }\n\n return 0;\n}\n\nuv_loop_t* llarp_apple_get_uv_loop(void* lokinet)\n{\n auto& inst = *static_cast(lokinet);\n auto uvw = inst.context.loop->MaybeGetUVWLoop();\n assert(uvw);\n return uvw->raw();\n}\n\nint llarp_apple_incoming(void* lokinet, const llarp_incoming_packet* packets, size_t size)\n{\n auto& inst = *static_cast(lokinet);\n\n auto iface = inst.iface.lock();\n if (!iface)\n return -1;\n\n int count = 0;\n for (size_t i = 0; i < size; i++)\n {\n llarp_buffer_t buf{static_cast(packets[i].bytes), packets[i].size};\n if (iface->OfferReadPacket(buf))\n count++;\n else\n oxen::log::error(logcat, \"invalid IP packet: {}\", llarp::buffer_printer(buf));\n }\n\n iface->MaybeWakeUpperLayers();\n return count;\n}\n\nvoid llarp_apple_shutdown(void* lokinet)\n{\n auto* inst = static_cast(lokinet);\n\n inst->context.CloseAsync();\n inst->context.Wait();\n inst->runner.join();\n delete inst;\n}\n" }, { "path": "llarp/apple/context_wrapper.h", "content": "#pragma once\n\n// C-linkage wrappers for interacting with a lokinet context, so that we can call them from Swift\n// code (which currently doesn't support C++ interoperability at all).\n\n#ifdef __cplusplus\nextern \"C\"\n{\n#endif\n\n#include \n#include \n#include \n\n // Port (on localhost) for our DNS trampoline for bouncing DNS requests through the exit route\n // when in exit mode.\n extern const uint16_t dns_trampoline_port;\n\n /// C callback function for us to invoke when we need to write a packet\n typedef void (*packet_writer_callback)(int af, const void* data, size_t size, void* ctx);\n\n /// C callback function to invoke once we are ready to start receiving packets\n typedef void (*start_reading_callback)(void* ctx);\n\n /// C callback that bridges things into NSLog\n typedef void (*ns_logger_callback)(const char* msg);\n\n /// C callbacks to add/remove specific and default routes to the tunnel\n typedef void (*llarp_route_ipv4_callback)(const char* addr, const char* netmask, void* ctx);\n typedef void (*llarp_route_ipv6_callback)(const char* addr, int prefix, void* ctx);\n typedef void (*llarp_default_route_callback)(void* ctx);\n typedef struct llarp_route_callbacks\n {\n /// Callback invoked to set up an IPv4 range that should be routed through the tunnel\n /// interface. Called with the address and netmask.\n llarp_route_ipv4_callback add_ipv4_route;\n\n /// Callback invoked to set the tunnel as the default IPv4 route.\n llarp_default_route_callback add_ipv4_default_route;\n\n /// Callback invoked to remove a specific range from the tunnel IPv4 routes. Called with\n /// the address and netmask.\n llarp_route_ipv4_callback del_ipv4_route;\n\n /// Callback invoked to set up an IPv6 range that should be routed through the tunnel\n /// interface. Called with the address and netmask.\n llarp_route_ipv6_callback add_ipv6_route;\n\n /// Callback invoked to remove a specific range from the tunnel IPv6 routes. Called with\n /// the address and netmask.\n llarp_route_ipv6_callback del_ipv6_route;\n\n /// Callback invoked to set the tunnel as the default IPv4/IPv6 route.\n llarp_default_route_callback add_default_route;\n\n /// Callback invoked to remove the tunnel as the default IPv4/IPv6 route.\n llarp_default_route_callback del_default_route;\n } llarp_route_callbacks;\n\n /// Pack of crap to be passed into llarp_apple_init to initialize\n typedef struct llarp_apple_config\n {\n /// lokinet configuration directory, expected to be the application-specific \"home\"\n /// directory, which is where state files are stored and the lokinet.ini will be loaded (or\n /// created if it doesn't exist).\n const char* config_dir;\n /// path to the default bootstrap.signed file included in installation, which will be used\n /// by default when no specific bootstrap is in the config file.\n const char* default_bootstrap;\n /// llarp_apple_init writes the IP address for the primary tunnel IP address here,\n /// null-terminated.\n char tunnel_ipv4_ip[INET_ADDRSTRLEN];\n /// llarp_apple_init writes the netmask of the tunnel address here, null-terminated.\n char tunnel_ipv4_netmask[INET_ADDRSTRLEN];\n /// Writes the IPv6 address for the tunnel here, null-terminated.\n char tunnel_ipv6_ip[INET6_ADDRSTRLEN];\n /// IPv6 address prefix.\n uint16_t tunnel_ipv6_prefix;\n\n /// The first upstream DNS server's IPv4 address the OS should use when in exit mode.\n /// (Currently on mac in exit mode we only support querying the first such configured\n /// server).\n char upstream_dns[INET_ADDRSTRLEN];\n uint16_t upstream_dns_port;\n\n#ifdef MACOS_SYSTEM_EXTENSION\n /// DNS bind IP; llarp_apple_init writes the lokinet config value here so that we know (in\n /// Apple API code) what to set DNS to when lokinet gets turned on. Null terminated.\n char dns_bind_ip[INET_ADDRSTRLEN];\n#endif\n\n /// \\defgroup callbacks Callbacks\n /// Callbacks we invoke for various operations that require glue into the Apple network\n /// extension APIs. All of these except for ns_logger are passed the pointer provided to\n /// llarp_apple_start when invoked.\n /// @{\n\n /// simple wrapper around NSLog for lokinet message logging\n ns_logger_callback ns_logger;\n\n /// C function callback that will be called when we need to write a packet to the packet\n /// tunnel. Will be passed AF_INET or AF_INET6, a void pointer to the data, and the size of\n /// the data in bytes.\n packet_writer_callback packet_writer;\n\n /// C function callback that will be called when lokinet is setup and ready to start\n /// receiving packets from the packet tunnel. This should set up the read handler to\n /// deliver packets via llarp_apple_incoming.\n start_reading_callback start_reading;\n\n /// Callbacks invoked to add/remove routes to the tunnel.\n llarp_route_callbacks route_callbacks;\n\n /// @}\n } llarp_apple_config;\n\n /// Initializes a lokinet instance by initializing various objects and loading the configuration\n /// (if /lokinet.ini exists). Does not actually start lokinet (call\n /// llarp_apple_start for that).\n ///\n /// Returns NULL if there was a problem initializing/loading the configuration, otherwise\n /// returns an opaque void pointer that should be passed into the other llarp_apple_* functions.\n ///\n /// \\param config pointer to a llarp_apple_config where we get the various settings needed\n /// and return the ip/mask/dns fields needed for the tunnel.\n void* llarp_apple_init(llarp_apple_config* config);\n\n /// Starts the lokinet instance in a new thread.\n ///\n /// \\param lokinet the void pointer returned by llarp_apple_init\n ///\n /// \\param callback_context Opaque pointer that is passed into the various callbacks provided to\n /// llarp_apple_init. This code does nothing with this pointer aside from passing it through to\n /// callbacks.\n ///\n /// \\returns 0 on succesful startup, -1 on failure.\n int llarp_apple_start(void* lokinet, void* callback_context);\n\n /// Returns a pointer to the uv event loop. Must have called llarp_apple_start already.\n uv_loop_t* llarp_apple_get_uv_loop(void* lokinet);\n\n /// Struct of packet data; a C array of tests gets passed to llarp_apple_incoming\n typedef struct llarp_incoming_packet\n {\n const void* bytes;\n size_t size;\n } llarp_incoming_packet;\n\n /// Called to deliver one or more incoming packets from the apple layer into lokinet. Takes a C\n /// array of `llarp_incoming_packets` with pointers/sizes set to the individual new packets that\n /// have arrived.\n ///\n /// Returns the number of valid packets on success (which can be less than the number of\n /// provided packets, if some failed to parse), or -1 if there is no current active VPNInterface\n /// associated with the lokinet instance (which generally means llarp_apple_start wasn't called\n /// or failed, or lokinet is in the process of shutting down).\n int llarp_apple_incoming(void* lokinet, const llarp_incoming_packet* packets, size_t size);\n\n /// Stops a lokinet instance created with `llarp_apple_initialize`. This waits for lokinet to\n /// shut down and rejoins the thread. After this call the given pointer is no longer valid.\n void llarp_apple_shutdown(void* lokinet);\n\n#ifdef __cplusplus\n} // extern \"C\"\n#endif\n" }, { "path": "llarp/apple/route_manager.cpp", "content": "#include \"route_manager.hpp\"\n\n#include \n#include \n\n#include \n\nnamespace llarp::apple\n{\n static auto logcat = log::Cat(\"apple.route_manager\");\n\n void RouteManager::check_trampoline(bool enable)\n {\n if (trampoline_active == enable)\n return;\n auto router = context.router;\n if (!router)\n {\n log::error(logcat, \"Cannot reconfigure to use DNS trampoline: no router\");\n return;\n }\n\n auto& tun = router->tun_endpoint();\n if (!tun)\n {\n log::error(logcat, \"Cannot reconfigure to use DNS trampoline: no tun endpoint found (!?)\");\n return;\n }\n\n if (enable)\n tun.reconfigure_dns({oxen::quic::Address{\"127.0.0.1\", dns_trampoline_port}});\n else\n tun->reconfigure_dns(router->config()->dns._upstream_dns);\n\n trampoline_active = enable;\n }\n\n void RouteManager::add_default_route_via_interface(vpn::NetworkInterface&)\n {\n check_trampoline(true);\n if (callback_context and route_callbacks.add_default_route)\n route_callbacks.add_default_route(callback_context);\n }\n\n void RouteManager::delete_default_route_via_interface(vpn::NetworkInterface&)\n {\n check_trampoline(false);\n if (callback_context and route_callbacks.del_default_route)\n route_callbacks.del_default_route(callback_context);\n }\n\n void RouteManager::add_route_via_interface(vpn::NetworkInterface&, ipv4_range range)\n {\n check_trampoline(true);\n if (callback_context)\n {\n if (route_callbacks.add_ipv4_route)\n route_callbacks.add_ipv4_route(\n range.BaseAddressString().c_str(), std::string{range.mask}.c_str(), callback_context);\n }\n }\n\n void RouteManager::add_route_via_interface(vpn::NetworkInterface&, ipv6_range range)\n {\n check_trampoline(true);\n if (callback_context)\n {\n if (route_callbacks.add_ipv6_route)\n route_callbacks.add_ipv6_route(range.BaseAddressString().c_str(), range.mask, callback_context);\n }\n }\n\n void RouteManager::delete_route_via_interface(vpn::NetworkInterface&, ipv4_range range)\n {\n check_trampoline(false);\n if (callback_context)\n {\n if (route_callbacks.del_ipv4_route)\n route_callbacks.del_ipv4_route(\n range.ip.to_string().c_str(), std::string{range.mask}.c_str(), callback_context);\n }\n }\n\n void RouteManager::delete_route_via_interface(vpn::NetworkInterface&, ipv6_range range)\n {\n check_trampoline(false);\n if (callback_context)\n {\n if (route_callbacks.del_ipv6_route)\n route_callbacks.del_ipv6_route(range.ip.to_string().c_str(), range.mask, callback_context);\n }\n }\n\n} // namespace llarp::apple\n" }, { "path": "llarp/apple/route_manager.hpp", "content": "#pragma once\n\n#include \"context_wrapper.h\"\n\n#include \n#include \n\nnamespace llarp::apple\n{\n class RouteManager final : public llarp::vpn::AbstractRouteManager\n {\n public:\n RouteManager(llarp::Context& ctx, llarp_route_callbacks rcs, void* callback_context)\n : context{ctx}, callback_context{callback_context}, route_callbacks{std::move(rcs)}\n {}\n\n /// These are called for poking route holes, but we don't have to do that at all on macos\n /// because the appex isn't subject to its own rules.\n void add_route(quic::Address /*ip*/, quic::Address /*gateway*/) override {}\n\n void delete_route(quic::Address /*ip*/, quic::Address /*gateway*/) override {}\n\n void add_default_route_via_interface(vpn::NetworkInterface& vpn) override;\n\n void delete_default_route_via_interface(vpn::NetworkInterface& vpn) override;\n\n void add_route_via_interface(vpn::NetworkInterface& vpn, ipv4_range range) override;\n void add_route_via_interface(vpn::NetworkInterface& vpn, ipv6_range range) override;\n\n void delete_route_via_interface(vpn::NetworkInterface& vpn, ipv4_range range) override;\n void delete_route_via_interface(vpn::NetworkInterface& vpn, ipv6_range range) override;\n\n std::vector get_non_interface_gateways(vpn::NetworkInterface& /*vpn*/) override\n {\n // We can't get this on mac from our sandbox, but we don't actually need it because we\n // ignore the gateway for AddRoute/DelRoute anyway, so just return a zero IP.\n return std::vector{};\n }\n\n private:\n llarp::Context& context;\n bool trampoline_active = false;\n void check_trampoline(bool enable);\n\n void* callback_context = nullptr;\n llarp_route_callbacks route_callbacks;\n };\n\n} // namespace llarp::apple\n" }, { "path": "llarp/apple/vpn_interface.cpp", "content": "\n#include \"vpn_interface.hpp\"\n\n#include \"context.hpp\"\n\n#include \n\nnamespace llarp::apple\n{\n VPNInterface::VPNInterface(\n Context& ctx, packet_write_callback packet_writer, on_readable_callback on_readable, Router* router)\n : vpn::NetworkInterface{},\n _pkt_writer{std::move(packet_writer)},\n _on_readable{std::move(on_readable)},\n _router{router}\n {\n ctx._loop->call_soon([this] { _on_readable(*this); });\n }\n\n bool VPNInterface::OfferReadPacket(const llarp_buffer_t& buf)\n {\n IPPacket pkt;\n if (!pkt.load(buf.copy()))\n return false;\n _read_que.tryPushBack(std::move(pkt));\n return true;\n }\n\n void VPNInterface::MaybeWakeUpperLayers() const\n {\n //\n }\n\n int VPNInterface::PollFD() const { return -1; }\n\n IPPacket VPNInterface::read_next_packet()\n {\n IPPacket pkt{};\n if (not _read_que.empty())\n pkt = _read_que.popFront();\n return pkt;\n }\n\n bool VPNInterface::write_packet(IPPacket pkt)\n {\n // TODO: replace this with IPPacket::to_udp\n (void)pkt;\n // int af_family = pkt() ? AF_INET6 : AF_INET;\n // return _pkt_writer(af_family, pkt.data(), pkt.size());\n return true;\n }\n\n} // namespace llarp::apple\n" }, { "path": "llarp/apple/vpn_interface.hpp", "content": "#pragma once\n\n#include \n#include \n#include \n\n#include \n\nnamespace llarp::apple\n{\n struct Context;\n\n class VPNInterface final : public vpn::NetworkInterface, public std::enable_shared_from_this\n {\n public:\n using packet_write_callback = std::function;\n using on_readable_callback = std::function;\n\n explicit VPNInterface(\n Context& ctx, packet_write_callback packet_writer, on_readable_callback on_readable, Router* router);\n\n // Method to call when a packet has arrived to deliver the packet to lokinet\n bool OfferReadPacket(const llarp_buffer_t& buf);\n\n int PollFD() const override;\n\n IPPacket read_next_packet() override;\n\n bool write_packet(IPPacket pkt) override;\n\n void MaybeWakeUpperLayers() const override;\n\n private:\n // Function for us to call when we have a packet to emit. Should return true if the packet\n // was handed off to the OS successfully.\n packet_write_callback _pkt_writer;\n\n // Called when we are ready to start reading packets\n on_readable_callback _on_readable;\n\n inline static constexpr auto PacketQueueSize = 1024;\n\n thread::Queue _read_que{PacketQueueSize};\n\n Router* const _router;\n };\n\n} // namespace llarp::apple\n" }, { "path": "llarp/apple/vpn_platform.cpp", "content": "#include \"vpn_platform.hpp\"\n\n#include \"context.hpp\"\n\nnamespace llarp::apple\n{\n VPNPlatform::VPNPlatform(\n Context& ctx,\n VPNInterface::packet_write_callback packet_writer,\n VPNInterface::on_readable_callback on_readable,\n llarp_route_callbacks route_callbacks,\n void* callback_context)\n : _context{ctx},\n _route_manager{ctx, std::move(route_callbacks), callback_context},\n _packet_writer{std::move(packet_writer)},\n _read_cb{std::move(on_readable)}\n {}\n\n std::shared_ptr VPNPlatform::obtain_interface(vpn::InterfaceInfo, Router* router)\n {\n return std::make_shared(_context, _packet_writer, _read_cb, router);\n }\n} // namespace llarp::apple\n" }, { "path": "llarp/apple/vpn_platform.hpp", "content": "#pragma once\n\n#include \"route_manager.hpp\"\n#include \"vpn_interface.hpp\"\n\n#include \n\nnamespace llarp::apple\n{\n class VPNPlatform final : public vpn::Platform\n {\n public:\n explicit VPNPlatform(\n Context& ctx,\n VPNInterface::packet_write_callback packet_writer,\n VPNInterface::on_readable_callback on_readable,\n llarp_route_callbacks route_callbacks,\n void* callback_context);\n\n std::shared_ptr obtain_interface(vpn::InterfaceInfo, Router*) override;\n\n vpn::AbstractRouteManager& RouteManager() override { return _route_manager; }\n\n private:\n Context& _context;\n apple::RouteManager _route_manager;\n VPNInterface::packet_write_callback _packet_writer;\n VPNInterface::on_readable_callback _read_cb;\n };\n\n} // namespace llarp::apple\n" }, { "path": "llarp/auth/auth.cpp", "content": "#include \"auth.hpp\"\n\n#include \n\nnamespace llarp::auth\n{\n static const std::unordered_map codes = {\n {\"OKAY\"sv, AuthCode::ACCEPTED},\n {\"REJECT\"sv, AuthCode::REJECTED},\n {\"PAYME\"sv, AuthCode::PAYMENT_REQUIRED},\n {\"LIMITED\"sv, AuthCode::RATE_LIMIT}};\n\n /// maybe get auth result from string\n std::optional parse_code(std::string_view data)\n {\n if (auto it = codes.find(data); it != codes.end())\n return it->second;\n return std::nullopt;\n }\n\n static const std::unordered_map types = {\n {\"file\"sv, AuthType::FILE},\n {\"lmq\"sv, AuthType::OMQ},\n {\"whitelist\"sv, AuthType::WHITELIST},\n {\"none\"sv, AuthType::NONE}};\n\n} // namespace llarp::auth\n" }, { "path": "llarp/auth/auth.hpp", "content": "#pragma once\n\n#include \n#include \n#include \n#include \n#include \n\n#include \n#include \n#include \n#include \n\nnamespace llarp\n{\n class Router;\n}\nnamespace llarp::auth\n{\n /// authentication status code\n enum class AuthCode : uint64_t\n {\n /// explicitly accepted\n ACCEPTED = 0,\n /// explicitly rejected\n REJECTED = 1,\n /// attempt failed\n FAILED = 2,\n /// attempt rate limited\n RATE_LIMIT = 3,\n /// need mo munny\n PAYMENT_REQUIRED = 4\n };\n\n /// auth result object with code and reason\n struct AuthResult\n {\n AuthCode code;\n std::string reason;\n };\n\n /// info needed by clients in order to authenticate to a remote endpoint\n struct AuthInfo\n {\n std::string token;\n };\n\n /// what kind of backend to use for auth\n enum class AuthType\n {\n /// no authentication\n NONE,\n /// manual whitelist\n WHITELIST,\n /// OMQ server\n OMQ,\n /// static file\n FILE,\n };\n\n struct AuthPolicy\n {\n protected:\n Router& _router;\n\n public:\n AuthPolicy(Router& r) : _router{r} {}\n\n virtual ~AuthPolicy() = default;\n\n const Router& router() const { return _router; }\n\n Router& router() { return _router; }\n };\n\n /// maybe get auth result from string\n std::optional parse_code(std::string_view data);\n\n} // namespace llarp::auth\n" }, { "path": "llarp/auth/file.cpp", "content": "#include \"auth.hpp\"\n\n#include \n#include \n\nnamespace llarp::auth\n{\n AuthResult FileAuthPolicy::check_files(const AuthInfo& info) const\n {\n for (const auto& f : _files)\n {\n std::ifstream i{f};\n std::string line{};\n while (std::getline(i, line))\n {\n // split off comments\n const auto parts = split_any(line, \"#;\", true);\n if (auto part = parts[0]; not parts.empty() and not parts[0].empty())\n {\n // split off whitespaces and check password\n if (check_passwd(std::string{TrimWhitespace(part)}, info.token))\n return AuthResult{AuthCode::ACCEPTED, \"accepted by whitelist\"};\n }\n }\n }\n return AuthResult{AuthCode::REJECTED, \"rejected by whitelist\"};\n }\n\n bool FileAuthPolicy::check_passwd(std::string hash, std::string challenge) const\n {\n switch (_type)\n {\n case AuthFileType::PLAIN:\n return hash == challenge;\n case AuthFileType::HASHES:\n#ifdef LOKINET_HAVE_CRYPT\n return crypto::check_passwd_hash(std::move(hash), std::move(challenge));\n#else\n return false;\n#endif\n }\n return false;\n }\n\n} // namespace llarp::auth\n" }, { "path": "llarp/auth/file.hpp", "content": "#pragma once\n\n#include \"auth.hpp\"\n\n#include \n#include \n#include \n#include \n#include \n#include \n\nnamespace llarp\n{\n class Router;\n}\nnamespace llarp::auth\n{\n /// how to interpret an file for auth\n enum class AuthFileType\n {\n PLAIN,\n HASHES,\n };\n\n struct FileAuthPolicy final : public AuthPolicy\n {\n FileAuthPolicy(Router& r, std::vector files, AuthFileType filetype)\n : AuthPolicy{r}, _files{std::move(files)}, _type{filetype}\n {}\n\n private:\n const std::vector _files;\n const AuthFileType _type;\n mutable util::Mutex _m;\n /// returns an auth result for a auth info challange, opens every file until it finds a\n /// token matching it this is expected to be done in the IO thread\n AuthResult check_files(const AuthInfo& info) const;\n\n bool check_passwd(std::string hash, std::string challenge) const;\n };\n\n} // namespace llarp::auth\n" }, { "path": "llarp/auth/rpc.cpp", "content": "#include \"rpc.hpp\"\n\n#include \n\n#include \n\nnamespace llarp::auth\n{\n static auto logcat = log::Cat(\"rpc.auth\");\n\n RPCAuthPolicy::RPCAuthPolicy(Router& r, std::string url, std::string method, oxenmq::OxenMQ& omq)\n : AuthPolicy{r},\n _endpoint{std::move(url)},\n _method{std::move(method)},\n // _whitelist{std::move(whitelist_addrs)},\n // _static_tokens{std::move(whitelist_tokens)},\n _omq{omq}\n {\n if (_endpoint.empty() or _method.empty())\n throw std::invalid_argument{\n \"RPC AuthPolicy must be initialized with an endpoint to query and a method to invoke!\"};\n }\n\n RPCAuthPolicy::~RPCAuthPolicy() = default;\n\n void RPCAuthPolicy::start()\n {\n _omq.connect_remote(\n _endpoint,\n [this](oxenmq::ConnectionID c) {\n _omq_conn = std::make_unique(std::move(c));\n log::info(logcat, \"OMQ connected to endpoint auth server\");\n },\n [this](oxenmq::ConnectionID, std::string_view fail) {\n log::warning(logcat, \"OMQ failed to connect to endpoint auth server: {}\", fail);\n _router.loop.call_later(1s, [this] { start(); });\n });\n }\n\n} // namespace llarp::auth\n" }, { "path": "llarp/auth/rpc.hpp", "content": "#pragma once\n\n#include \"auth.hpp\"\n\n#include \n#include \n#include \n\nnamespace oxenmq\n{\n class OxenMQ;\n struct ConnectionID;\n} // namespace oxenmq\n\nnamespace llarp::auth\n{\n struct RPCAuthPolicy final : public AuthPolicy\n {\n explicit RPCAuthPolicy(Router& r, std::string url, std::string method, oxenmq::OxenMQ& omq);\n\n ~RPCAuthPolicy() override;\n\n void start();\n\n private:\n const std::string _endpoint;\n const std::string _method;\n // const std::unordered_set _whitelist;\n // const std::unordered_set _static_tokens;\n\n oxenmq::OxenMQ& _omq;\n std::unique_ptr _omq_conn;\n std::unordered_set _pending_sessions;\n };\n\n} // namespace llarp::auth\n" }, { "path": "llarp/auth/session.cpp", "content": "#include \"session.hpp\"\n\n#include \n#include \n\nnamespace llarp::auth\n{\n static auto logcat = log::Cat(\"auth_policy\");\n\n SessionAuthPolicy::SessionAuthPolicy(Router& r, RouterID& remote, bool is_snode, bool is_exit)\n : AuthPolicy{r}, _is_snode_service{is_snode}, _is_exit_service{is_exit}, _remote{remote, not _is_snode_service}\n {\n // These can both be false but CANNOT both be true\n if (_is_exit_service and _is_snode_service)\n throw std::runtime_error{\"Cannot create SessionAuthPolicy for a remote exit and remote service!\"};\n\n if (_is_snode_service)\n _session_key = _router.secret_key();\n else\n _session_key = crypto::generate_ed25519();\n }\n\n std::optional SessionAuthPolicy::fetch_auth_token()\n {\n std::optional ret = std::nullopt;\n auto& exit_auths = _router.config().network.exit_auths;\n\n if (auto itr = exit_auths.find(_remote); itr != exit_auths.end())\n ret = itr->second;\n\n return ret;\n }\n\n bool SessionAuthPolicy::load_key_from_file(const char* fname)\n {\n try\n {\n KeyManager::load_from_file(_session_key, fname);\n return true;\n }\n catch (const std::exception& e)\n {\n log::error(logcat, \"Failed to load secret key from {}: {}\", fname, e.what());\n }\n return false;\n }\n\n} // namespace llarp::auth\n" }, { "path": "llarp/auth/session.hpp", "content": "#pragma once\n\n#include \"auth.hpp\"\n\nnamespace llarp\n{\n class Router;\n}\nnamespace llarp::auth\n{\n struct SessionAuthPolicy final : public AuthPolicy\n {\n private:\n const bool _is_snode_service{false};\n const bool _is_exit_service{false};\n\n Ed25519SecretKey _session_key;\n NetworkAddress _remote;\n\n public:\n SessionAuthPolicy(Router& r, RouterID& remote, bool is_snode, bool is_exit = false);\n\n bool load_key_from_file(const char* fname);\n\n std::optional fetch_auth_token();\n\n const Ed25519SecretKey& session_key() const { return _session_key; }\n\n bool is_snode_service() const { return _is_snode_service; }\n\n bool is_exit_service() const { return _is_exit_service; }\n };\n\n} // namespace llarp::auth\n" }, { "path": "llarp/config/config.cpp", "content": "#include \"config.hpp\"\n\n#include \"definition.hpp\"\n#include \"ini.hpp\"\n\n#include \n#include \n#include \n#include \n#include \n#include \n#include \n#include \n\n#include \n#include \n\n#ifndef LOKINET_EMBEDDED_ONLY\n#include \n#endif\n\nnamespace llarp\n{\n static auto logcat = log::Cat(\"config\");\n\n static bool check_path_op(std::optional& path)\n {\n if (not path.has_value())\n {\n log::info(logcat, \"Path input failed to parse...\");\n }\n else if (path->empty())\n {\n log::warning(logcat, \"Path contents ({}) empty...\", path->c_str());\n path.reset();\n }\n else\n {\n log::debug(logcat, \"Valid path parsed ({})\", path->c_str());\n return true;\n }\n\n return false;\n }\n\n using namespace config;\n\n const llarp::net::Platform* ConfigGenParameters::net_ptr()\n {\n#ifndef LOKINET_EMBEDDED_ONLY\n if (type != config::Type::EmbeddedClient)\n return llarp::net::Platform::Default_ptr();\n#endif\n return nullptr;\n }\n\n static auto public_ip_loader(\n std::optional& into, std::string conf_name, std::string deprecated_for = \"\"s)\n {\n return [&into, conf_name = std::move(conf_name), deprecated_for = std::move(deprecated_for)](std::string ip) {\n if (!deprecated_for.empty())\n log::warning(logcat, \"{} is deprecated; use {} instead\", conf_name, deprecated_for);\n try\n {\n quic::Address a{ip, into ? into->port() : uint16_t{0}};\n\n if (!a.is_ipv4())\n throw std::invalid_argument{\"IP must be an IPv4 address\"};\n if (!a.is_public_ip())\n throw std::invalid_argument{\"IP is not public\"};\n\n into = std::move(a);\n }\n catch (const std::exception& e)\n {\n throw std::invalid_argument{\"Invalid {}: {}\"_format(conf_name, e.what())};\n }\n };\n }\n static auto public_port_loader(\n std::optional& into, std::string conf_name, std::string deprecated_for = \"\"s)\n {\n return [&into, conf_name = std::move(conf_name), deprecated_for = std::move(deprecated_for)](uint16_t port) {\n if (!deprecated_for.empty())\n log::warning(logcat, \"{} is deprecated; use {} instead\", conf_name, deprecated_for);\n if (port == 0)\n throw std::invalid_argument{\"{} cannot be 0\"_format(conf_name)};\n if (!into)\n into.emplace();\n into->set_port(port);\n };\n }\n\n void RouterConfig::define_config_options(ConfigDefinition& conf, const ConfigGenParameters& params)\n {\n conf.add_section_comments(\n \"router\",\n {\n \"Configuration for routing activity.\",\n });\n\n conf.define_option(\"router\", \"job-queue-size\", Default{1024 * 8}, Hidden, [this](int arg) {\n if (arg < 1024)\n throw std::invalid_argument(\"job-queue-size must be 1024 or greater\");\n\n job_que_size = arg;\n });\n\n conf.define_option(\n \"router\",\n \"netid\",\n Default{\"{}\"_format(NetID::MAINNET)},\n Comment{\"Network ID; this is '{}' for mainnet, '{}' for testnet.\"_format(NetID::MAINNET, NetID::TESTNET)},\n [this](std::string arg) { net_id = netid_from_string(arg); });\n\n conf.define_option(\"router\", \"relay-connections\", Deprecated);\n\n conf.define_option(\"router\", \"min-connections\", Deprecated);\n\n conf.define_option(\"router\", \"max-connections\", Deprecated);\n\n conf.define_option(\"router\", \"nickname\", Deprecated);\n\n conf.define_option(\n \"router\",\n \"data-dir\",\n Default{params.default_data_dir},\n Comment{\n \"Optional directory for containing lokinet runtime data. This includes generated\",\n \"private keys.\",\n },\n [this](std::filesystem::path arg) {\n if (arg.empty())\n arg = std::filesystem::path{\".\"};\n if (not exists(arg))\n throw std::runtime_error{\"Specified [router]:data-dir {} does not exist\"_format(arg)};\n\n data_dir = std::move(arg);\n });\n\n conf.define_option(\n \"router\",\n \"public-ip\",\n RelayOnly,\n Comment{\n \"For complex network configurations where the detected IP is incorrect or non-public\",\n \"this setting specifies the public IPv4 address at which this router reachable.\",\n },\n public_ip_loader(public_addr, \"[router]:public-address\"));\n\n conf.define_option(\"router\", \"public-address\", Hidden, [](std::string) {\n throw std::invalid_argument{\n \"[router]:public-address option no longer supported, use [router]:public-ip and \"\n \"[router]:public-port instead\"};\n });\n\n conf.define_option(\n \"router\",\n \"public-port\",\n RelayOnly,\n Comment{\n \"When specifying public-ip=, this specifies the public UDP port at which this lokinet\",\n \"router is reachable. Defaults to the [bind]:listen port when public-ip is specified.\",\n },\n public_port_loader(public_addr, \"[router]:public-port\"));\n\n conf.add_options_validator([this] {\n if (public_addr and not public_addr->is_public_ip())\n throw std::invalid_argument{\"[router]:public-ip is required when specifying [router]:public-port\"};\n });\n\n // FIXME: this option isn't currently used!\n conf.define_option(\n \"router\",\n \"worker-threads\",\n Default{0},\n Comment{\n \"The number of threads available for performing cryptographic functions.\",\n \"The minimum is one thread, but network performance may increase with more.\",\n \"threads. Should not exceed the number of logical CPU cores.\",\n \"0 means use the number of logical CPU cores detected at startup.\",\n },\n [this](int arg) {\n if (arg < 0)\n throw std::invalid_argument(\"worker-threads must be >= 0\");\n\n worker_threads = arg;\n });\n\n // Hidden option because this isn't something that should ever be turned off occasionally\n // when doing dev/testing work.\n conf.define_option(\"router\", \"block-bogons\", Default{true}, Hidden, assignment_acceptor(block_bogons));\n\n conf.define_option(\"router\", \"contact-file\", Deprecated);\n\n conf.define_option(\"router\", \"encryption-privkey\", Deprecated);\n\n conf.define_option(\"router\", \"ident-privkey\", Deprecated);\n\n conf.define_option(\"router\", \"transport-privkey\", RelayOnly, Deprecated);\n\n // Deprecated options:\n\n // these weren't even ever used!\n conf.define_option(\"router\", \"max-routers\", Deprecated);\n conf.define_option(\"router\", \"min-routers\", Deprecated);\n\n // TODO: this may have been a synonym for [router]worker-threads\n conf.define_option(\"router\", \"threads\", Deprecated);\n conf.define_option(\"router\", \"net-threads\", Deprecated);\n\n is_relay = params.type == config::Type::Relay;\n }\n\n void ExitConfig::define_config_options(ConfigDefinition& conf, const ConfigGenParameters&)\n {\n conf.define_option(\n \"exit\",\n \"auth\",\n FullClientOnly,\n MultiValue,\n Comment{\n \"Specify an optional authentication token required to use a non-public exit node.\",\n \"For example:\",\n \" auth=myfavouriteexit.loki:abc\",\n \"uses the authentication code `abc` whenever myfavouriteexit.loki is accessed.\",\n \"Can be specified multiple times to store codes for different exit nodes.\",\n },\n [this](std::string arg) {\n if (arg.empty())\n throw std::invalid_argument{\"Empty argument passed to '[exit]:auth'\"};\n\n const auto pos = arg.find(\":\");\n\n if (pos == std::string::npos)\n {\n throw std::invalid_argument(\n \"[exit]:auth invalid format, expects exit-address.loki:auth-token-goes-here\");\n }\n\n const auto addr = arg.substr(0, pos);\n auto auth = arg.substr(pos + 1);\n\n if (is_valid_sns(addr))\n {\n sns_auth_tokens.emplace(std::move(addr), std::move(auth));\n return;\n }\n try\n {\n NetworkAddress exit{addr};\n if (!exit.client())\n throw std::invalid_argument{\"only .loki addresses can be used for exits\"};\n auth_tokens.emplace(std::move(exit), std::move(auth));\n }\n catch (const std::exception& e)\n {\n throw std::invalid_argument(\"[exit]:auth invalid exit address: {}\"_format(e.what()));\n }\n });\n\n conf.define_option(\n \"exit\",\n \"enable\",\n FullClientOnly,\n Default{false},\n assignment_acceptor(exit_enabled),\n Comment{\n \"Enable exit-node functionality for local lokinet instance.\",\n });\n\n conf.define_option(\n \"exit\",\n \"policy\",\n FullClientOnly,\n MultiValue,\n Comment{\n \"Specifies the IP traffic accepted by the local exit node traffic policy. If any are\",\n \"specified then only matched traffic will be allowed and all other traffic will be\",\n \"dropped. Examples:\",\n \" policy=tcp\",\n \"would allow all TCP/IP packets (regardless of port);\",\n \" policy=0x69\",\n \"would allow IP traffic with IP protocol 0x69;\",\n \" policy=udp/53\",\n \"would allow UDP port 53; and\",\n \" policy=tcp/smtp\",\n \"would allow TCP traffic on the standard smtp port (21).\",\n },\n [this](std::string arg) {\n // this will throw on error\n exit_policy.protocols.insert(net::ProtocolInfo::from_config(arg));\n });\n\n conf.define_option(\n \"exit\",\n \"reserved-range\",\n FullClientOnly,\n MultiValue,\n Comment{\n \"Reserve an ip range to use as an exit broker for a `.loki` address\",\n \"Specify a `.loki` address and a reserved ip range to use as an exit broker.\",\n \"Examples:\",\n \" reserved-range=whatever.loki\",\n \"would route all exit traffic through whatever.loki; and\",\n \" reserved-range=stuff.loki:100.0.0.0/24\",\n \"would route the IP range 100.0.0.0/24 through stuff.loki.\",\n \"This option can be specified multiple times (to map different IP ranges).\",\n },\n [this](std::string arg) {\n if (arg.empty())\n return;\n\n std::variant range;\n\n const auto pos = arg.find(\":\");\n\n if (pos == std::string::npos)\n range = ipv4{0} / 0;\n else\n {\n try\n {\n std::string input = arg.substr(pos + 1);\n if (input.find(\":\") != std::string::npos) // ipv6\n range = parse_ipv6_range(input, 128);\n else\n range = parse_ipv4_range(input, 32);\n }\n catch (const std::exception& e)\n {\n throw std::invalid_argument{\"[exit]:reserved-range invalid ip range: {}\"_format(e.what())};\n }\n\n arg.resize(pos);\n }\n\n if (is_valid_sns(arg))\n sns_ranges[arg].push_back(std::move(range));\n else\n {\n try\n {\n ranges[NetworkAddress{arg}].push_back(std::move(range));\n }\n catch (const std::exception& e)\n {\n throw std::invalid_argument{\"[exit]:reserved-range invalid address: {}\"_format(arg)};\n }\n }\n });\n\n conf.define_option(\n \"exit\",\n \"routed-range\",\n FullClientOnly,\n MultiValue,\n Comment{\n \"Advertise that exit node routes exit traffic to the specified IP range. If omitted, the\",\n \"default is ALL public ranges. Can be set to public to indicate that this exit\",\n \"routes traffic to the public internet.\",\n \"For example:\",\n \" routed-range=10.0.0.0/16\",\n \" routed-range=public\",\n \"to advertise that this exit routes traffic to both the public internet, and to\",\n \"10.0.x.y addresses.\",\n \"\",\n \"Note that this option does not automatically configure network routing; that\",\n \"must be configured separately on the exit system to handle lokinet traffic.\",\n },\n [this](std::string arg) {\n if (arg == \"public\")\n exit_policy.ranges.push_back(ipv4{0} / 0);\n else\n {\n try\n {\n if (arg.find(':') != std::string::npos)\n exit_policy.ranges_v6.push_back(parse_ipv6_range(arg, 128));\n else\n exit_policy.ranges.push_back(parse_ipv4_range(arg, 32));\n }\n catch (const std::exception& e)\n {\n throw std::invalid_argument{\"[exit]:routed-range invalid range '{}': {}\"_format(arg, e.what())};\n }\n }\n });\n }\n\n void NetworkConfig::define_config_options(ConfigDefinition& conf, const ConfigGenParameters& params)\n {\n conf.add_section_comments(\n \"network\",\n {\n \"Network settings related to network devices and communications.\",\n });\n\n conf.define_option(\n \"network\",\n \"save-profiles\",\n Default{params.type != config::Type::EmbeddedClient},\n Hidden,\n assignment_acceptor(save_profiles));\n\n conf.define_option(\"network\", \"profiling\", Default{true}, Hidden, assignment_acceptor(enable_profiling));\n\n conf.define_option(\"network\", \"profiles\", Deprecated);\n\n conf.define_option(\n \"network\",\n \"keyfile\",\n ClientOnly,\n [this](std::string arg) {\n if (arg.empty())\n return;\n\n keyfile = arg;\n\n if (check_path_op(keyfile))\n log::info(logcat, \"Client configured to try private key file at path: {}\", keyfile->c_str());\n else\n log::warning(logcat, \"Bad input for client private key file ({}); using ephemeral...\", arg);\n },\n Comment{\n \"The private key to persist address with. If not specified the address will be\",\n \"ephemerally generated.\",\n });\n\n conf.define_option(\n \"network\",\n \"auth-type\",\n FullClientOnly,\n Comment{\n \"Set the endpoint authentication type.\",\n \"none/whitelist/lmq/file\",\n },\n [this](std::string arg) {\n if (arg == \"file\")\n auth_type = auth::AuthType::FILE;\n else if (arg == \"lmq\" || arg == \"omq\" || arg == \"zmq\")\n auth_type = auth::AuthType::OMQ;\n else if (arg == \"whitelist\")\n auth_type = auth::AuthType::WHITELIST;\n else if (arg == \"\" || arg == \"none\")\n auth_type = auth::AuthType::NONE;\n else\n throw std::invalid_argument{\"invalid [network]:auth-type value: '{}'\"_format(arg)};\n });\n\n conf.define_option(\n \"network\",\n \"omq-auth-endpoint\",\n FullClientOnly,\n assignment_acceptor(auth_endpoint),\n Comment{\n \"OMQ endpoint to talk to for authenticating new sessions\",\n \"ipc:///var/lib/lokinet/auth.socket\",\n \"tcp://127.0.0.1:5555\",\n });\n\n conf.define_option(\n \"network\",\n \"omq-auth-method\",\n FullClientOnly,\n Default{\"llarp.auth\"},\n Comment{\n \"OMQ function to call for authenticating new sessions\",\n \"llarp.auth\",\n },\n [this](std::string arg) {\n if (arg.empty())\n return;\n auth_method = std::move(arg);\n });\n\n conf.define_option(\n \"network\",\n \"auth-whitelist\",\n FullClientOnly,\n MultiValue,\n Comment{\n \"manually add a remote endpoint by .loki address to the access whitelist\",\n },\n [this](std::string arg) {\n try\n {\n auth_whitelist.insert(NetworkAddress{arg});\n }\n catch (const std::exception& e)\n {\n throw std::invalid_argument{\n \"[network]:auth-whitelist: invalid .loki address '{}': {}\"_format(arg, e.what())};\n }\n });\n\n conf.define_option(\n \"network\",\n \"auth-file\",\n FullClientOnly,\n MultiValue,\n Comment{\n \"Read auth tokens from file to accept endpoint auth\",\n \"Can be provided multiple times\",\n },\n [this, rel_base = params.default_data_dir](std::filesystem::path arg) {\n if (!arg.empty() && arg.is_relative())\n arg = rel_base / arg;\n if (not exists(arg))\n throw std::invalid_argument{\"cannot load auth file {}: file does not exist\"_format(arg)};\n auth_files.push_back(std::move(arg));\n });\n\n conf.define_option(\n \"network\",\n \"auth-file-type\",\n FullClientOnly,\n Comment{\n \"How to interpret the contents of an auth file.\",\n#ifdef LOKINET_HAVE_CRYPT\n \"Possible values: hash, plaintext\",\n#else\n \"Possible values: plaintext\",\n#endif\n },\n [this](std::string arg) {\n if (arg == \"plain\" || arg == \"plaintext\")\n auth_file_type = auth::AuthFileType::PLAIN;\n else if (arg == \"hashed\" || arg == \"hashes\" || arg == \"hash\")\n {\n#ifndef LOKINET_HAVE_CRYPT\n throw std::invalid_argument{\"Hashed auth files are not supported by this Lokinet build\"};\n#endif\n auth_file_type = auth::AuthFileType::HASHES;\n }\n else\n throw std::invalid_argument{\"Invalid auth file type '{}'\"_format(arg)};\n });\n\n conf.define_option(\n \"network\",\n \"auth-static\",\n FullClientOnly,\n MultiValue,\n Comment{\n \"Manually add a static auth code to accept for endpoint auth\",\n \"Can be provided multiple times\",\n },\n [this](std::string arg) { auth_static_tokens.emplace(std::move(arg)); });\n\n conf.define_option(\n \"network\",\n \"reachable\",\n FullClientOnly,\n Default{true},\n assignment_acceptor(is_reachable),\n Comment{\n \"Determines whether we will pubish our service's ClientContact to the network (client default: TRUE)\",\n });\n\n conf.define_option(\"network\", \"hops\", ClientOnly, Hidden, [](int) {\n log::warning(\n logcat,\n \"[network]:hops is no longer supported; default path lengths applied. See the path options in the \"\n \"[paths] section instead\");\n });\n\n conf.define_option(\"network\", \"paths\", ClientOnly, Hidden, [](int) {\n log::error(\n logcat,\n \"[network]:paths is no longer supported; default path numbers applied. See the path options in the \"\n \"[paths] section instead\");\n });\n\n conf.define_option(\n \"network\",\n \"auto-routing\",\n FullClientOnly,\n Default{true},\n Comment{\n \"Enable / disable automatic route configuration.\",\n \"When this is enabled and an exit is used Lokinet will automatically configure the\",\n \"operating system routes to route public internet traffic through the exit node.\",\n \"This is enabled by default, but can be disabled if advanced/manual exit routing\",\n \"configuration is desired.\"},\n assignment_acceptor(enable_route_poker));\n\n conf.define_option(\n \"network\",\n \"blackhole-routes\",\n FullClientOnly,\n Default{true},\n Comment{\n \"Enable / disable route configuration blackholes.\",\n \"When enabled lokinet will drop IPv4 and IPv6 traffic (when in exit mode) that is \"\n \"not\",\n \"handled in the exit configuration. Enabled by default.\"},\n assignment_acceptor(blackhole_routes));\n\n conf.define_option(\n \"network\",\n \"ifname\",\n NotEmbedded,\n Comment{\n \"Interface name for lokinet traffic. If unset lokinet will look for a free name\",\n \"matching 'lokitunN', starting at N=0 (e.g. lokitun0, lokitun1, ...).\",\n#ifdef __linux__\n \"\",\n \"On Linux, you can use '%d' in the name as a pattern to have the OS automatically choose\",\n \"a device name by replacing '%d' with a number to construct an unused interface name\",\n#endif\n },\n assignment_acceptor(_if_name));\n\n conf.define_option(\n \"network\",\n \"ifaddr\",\n NotEmbedded,\n Comment{\n \"Local IP and netmask for lokinet traffic. For example, 172.16.0.1/16 to use\",\n \"172.16.0.1 for this lokinet instance and 172.16.x.y for remote peers. If omitted\",\n \"then lokinet will attempt to automatically select an unused private range.\",\n \"If you specify an all-0 address with range (e.g. 0.0.0.0/12) then lokinet will\",\n \"auto-select a private range of the given size.\",\n },\n [this](std::string arg) {\n try\n {\n _local_ip_net = parse_ipv4_net(arg);\n }\n catch (const std::exception& e)\n {\n throw std::invalid_argument{\"[network]:ifaddr invalid value '{}': {}\"_format(arg, e.what())};\n }\n });\n\n conf.define_option(\n \"network\",\n \"ipv6-network\",\n NotEmbedded,\n Hidden,\n Comment{\n \"Enables internal IPv6 traffic for lokinet. Can be set to:\",\n \" - false to disable IPv6 support. This is the default if omitted\",\n \" - true to enable IPv6 support and auto-detect a free private /64 network range\",\n \" - ::/80 to auto-detect a free private range of netmask 80 (change as needed) \",\n \" instead of the default 64\",\n \" - An explicit private address and range to use, such as: fd00:abcd:1234::1/56\",\n \"\",\n \"Currently experimental and not supported.\",\n },\n [this](std::string arg) {\n if (arg.empty())\n {\n enable_ipv6 = false;\n return;\n }\n if (auto b = parse_boolean(arg))\n {\n enable_ipv6 = *b;\n return;\n }\n try\n {\n _local_ipv6_net = parse_ipv6_net(arg);\n enable_ipv6 = true;\n }\n catch (const std::exception& e)\n {\n throw std::invalid_argument{\"[network]:ipv6-addr invalid value '{}': {}\"_format(arg, e.what())};\n }\n });\n\n conf.define_option(\n \"network\",\n \"mapaddr\",\n FullClientOnly,\n MultiValue,\n Comment{\n \"Map a remote `.loki` address to always use a fixed local IP. For example:\",\n \" mapaddr=.loki:172.16.0.10\",\n \"maps `.loki` to `172.16.0.10` instead of using the next available IP.\",\n \"The given IP address must be inside the range configured by ifaddr=, and the\",\n \"remote `.loki` cannot be an ONS address\"},\n [this](std::string arg) {\n if (arg.empty())\n return;\n\n const auto pos = arg.find(\":\");\n\n if (pos == std::string::npos)\n throw std::invalid_argument{\n \"[endpoint]:mapaddr invalid entry '{}'; expected 'ADDR:IP'\"_format(arg)};\n\n auto addr_arg = std::string_view{arg}.substr(0, pos);\n auto ip_arg = arg.substr(pos + 1);\n\n try\n {\n NetworkAddress raddr{addr_arg};\n // ipv6\n if (ip_arg.find(':') != std::string_view::npos)\n _reserved_local_ipv6.emplace(raddr, ip_arg);\n else\n _reserved_local_ipv4.emplace(raddr, ip_arg);\n }\n catch (const std::exception& e)\n {\n throw std::invalid_argument{\"[endpoint]:mapaddr invalid entry '{}': {}\"_format(arg, e.what())};\n }\n });\n\n // TODO: support SRV records for routers, but for now client only\n conf.define_option(\n \"network\",\n \"srv\",\n FullClientOnly,\n MultiValue,\n Comment{\n \"Specify SRV Records for services hosted on the SNApp for protocols that use SRV\",\n \"records for service discovery. Each line specifies a single SRV record as:\",\n \" srv=_service._protocol priority weight port target.loki\",\n \"and can be specified multiple times as needed.\",\n \"For more info see\",\n \"https://docs.oxen.io/products-built-on-oxen/lokinet/snapps/hosting-snapps\",\n \"and general description of DNS SRV record configuration.\",\n },\n [this](std::string arg) {\n auto maybe_srv = dns::SRVData::from_srv_string(arg);\n\n if (not maybe_srv)\n throw std::invalid_argument{\"Invalid SRV Record string: {}\"_format(arg)};\n\n srv_records.emplace(std::move(*maybe_srv));\n });\n\n conf.define_option(\"network\", \"path-alignment-timeout\", Deprecated);\n\n conf.define_option(\n \"network\",\n \"persist-addrmap-file\",\n FullClientOnly,\n Comment{\n \"If given this specifies a file in which to record mapped local tunnel addresses so\",\n \"the same local address will be used for the same lokinet address on reboot. If this\",\n \"is not specified then the local IP of remote lokinet targets will not persist across\",\n \"restarts of lokinet.\",\n },\n [this, rel_base = params.default_data_dir](std::filesystem::path file) {\n if (!file.empty() && file.is_relative())\n file = rel_base / file;\n static constexpr auto addrmap_errorstr = \"Invalid entry in persist-addrmap-file\"sv;\n if (file.empty())\n throw std::invalid_argument(\"persist-addrmap-file cannot be empty\");\n\n if (not exists(file))\n throw std::invalid_argument(\"persist-addrmap-file path invalid: {}\"_format(file));\n\n bool load_file = true;\n {\n constexpr auto ADDR_PERSIST_MODIFY_WINDOW = 1min;\n const auto last_write_time = std::filesystem::last_write_time(file);\n const auto now = decltype(last_write_time)::clock::now();\n\n if (now < last_write_time or now - last_write_time > ADDR_PERSIST_MODIFY_WINDOW)\n {\n load_file = false;\n }\n }\n\n std::string data;\n if (auto maybe = util::OpenFileStream(file, std::ios_base::binary); maybe and load_file)\n {\n log::debug(logcat, \"Config loading persisting address map file from path:{}\", file);\n maybe->seekg(0, std::ios_base::end);\n const auto len = maybe->tellg();\n maybe->seekg(0, std::ios_base::beg);\n data.resize(len);\n maybe->read(data.data(), len);\n }\n else\n {\n auto err = \"Config could not load persisting address map file from path:{}\"_format(file);\n log::warning(logcat, \"{} {}\", err, load_file ? \"NOT FOUND\" : \"STALE\");\n }\n\n if (not data.empty())\n {\n log::trace(logcat, \"Config parsing address map data: {}\", llarp::buffer_printer{data});\n\n const auto parsed = oxenc::bt_deserialize(data);\n\n for (const auto& [key, value] : parsed)\n {\n try\n {\n quic::Address addr{key, 0};\n\n std::variant ip;\n\n auto check_ip_okay = [](const std::optional& range, const auto& ip) {\n if (range)\n {\n bool bad = ip == range->ip || ip == range->to_range().ip;\n if constexpr (std::same_as)\n bad = bad || ip == range->broadcast();\n if (bad)\n {\n log::warning(\n logcat, \"{}: ignore invalid address map IP {}\", addrmap_errorstr, ip);\n return false;\n }\n if (!range->contains(ip))\n {\n log::warning(\n logcat,\n \"{}: IP {} is outside the configured local range {}\",\n addrmap_errorstr,\n ip,\n range->to_range());\n return false;\n }\n }\n return true;\n };\n\n if (addr.is_ipv4())\n {\n if (!check_ip_okay(_local_ip_net, ip.emplace(addr.to_ipv4())))\n continue;\n }\n else\n {\n if (!check_ip_okay(_local_ipv6_net, ip.emplace(addr.to_ipv6())))\n continue;\n }\n\n const auto* arg = std::get_if(&value);\n if (not arg)\n {\n log::warning(logcat, \"{}: {}\", addrmap_errorstr, \"not a string!\");\n continue;\n }\n\n if (is_valid_sns(*arg))\n {\n log::warning(logcat, \"{}: {}\", addrmap_errorstr, \"cannot accept ONS names!\");\n continue;\n }\n\n try\n {\n NetworkAddress netaddr{*arg};\n if (auto* ip4 = std::get_if(&ip))\n _reserved_local_ipv4.emplace(std::move(netaddr), std::move(*ip4));\n else\n _reserved_local_ipv6.emplace(std::move(netaddr), std::move(std::get(ip)));\n }\n catch (const std::exception& e)\n {\n log::warning(logcat, \"{}: invalid value {}: {}\", addrmap_errorstr, *arg, e.what());\n continue;\n }\n }\n catch (const std::exception& e)\n {\n log::warning(\n logcat,\n \"Exception caught parsing key:value (key:{}) pair in addr persist file:{}\",\n key,\n e.what());\n }\n }\n }\n\n addr_map_persist_file = file;\n });\n\n // Deprecated options:\n conf.define_option(\"network\", \"enabled\", Deprecated);\n }\n\n void DnsConfig::define_config_options(ConfigDefinition& conf, const ConfigGenParameters& params)\n {\n conf.add_section_comments(\n \"dns\",\n {\n \"DNS configuration\",\n });\n\n // Most non-linux platforms have loopback as 127.0.0.1/32, but linux uses 127.0.0.1/8 so\n // that we can bind to other 127.* IPs to avoid conflicting with something else that may be\n // listening on 127.0.0.1:53.\n constexpr std::array DefaultDNSBind{\n#ifdef __linux__\n#ifdef WITH_SYSTEMD\n // when we have systemd support add a random high port on loopback as well\n // see https://github.com/oxen-io/lokinet/issues/1887#issuecomment-1091897282\n Default{\"127.0.0.1:0\"},\n#endif\n Default{\"127.3.2.1:53\"},\n#else\n Default{\"127.0.0.1:53\"},\n#endif\n };\n\n auto parse_addr_for_dns = [](const std::string& arg) {\n std::optional addr = std::nullopt;\n std::string_view arg_v{arg}, port;\n std::string host;\n uint16_t p{DEFAULT_DNS_PORT};\n\n if (auto pos = arg_v.find(':'); pos != arg_v.npos)\n {\n host = arg_v.substr(0, pos);\n port = arg_v.substr(pos + 1);\n\n if (not llarp::parse_int(port, p))\n log::info(logcat, \"Failed to parse port in arg:{}, defaulting to DNS port 53\", port);\n\n addr = quic::Address{host, p};\n }\n\n return addr;\n };\n\n conf.define_option(\n \"dns\",\n \"upstream\",\n FullClientOnly,\n MultiValue,\n Comment{\n \"Upstream resolver(s) to use as fallback for non-loki addresses.\",\n \"Multiple values accepted.\",\n },\n [this, parse_addr_for_dns](std::string arg) {\n if (not arg.empty())\n {\n if (auto maybe_addr = parse_addr_for_dns(arg))\n _upstream_dns.push_back(std::move(*maybe_addr));\n else\n log::warning(logcat, \"Failed to parse upstream DNS resolver address:{}\", arg);\n }\n });\n\n conf.define_option(\n \"dns\",\n \"l3-intercept\",\n FullClientOnly,\n Default{\n platform::is_windows or platform::is_android or (platform::is_macos and not platform::is_apple_sysex)},\n Comment{\"Intercept all dns traffic (udp/53) going into our lokinet network interface \"\n \"instead of binding a local udp socket\"},\n assignment_acceptor(l3_intercept));\n\n conf.define_option(\n \"dns\",\n \"query-bind\",\n FullClientOnly,\n#if defined(_WIN32)\n Default{\"0.0.0.0:0\"},\n#else\n Hidden,\n#endif\n Comment{\n \"Address to bind to for sending upstream DNS requests.\",\n },\n [this, parse_addr_for_dns](std::string arg) {\n if (not arg.empty())\n {\n if (auto maybe_addr = parse_addr_for_dns(arg))\n _query_bind = std::move(*maybe_addr);\n else\n log::warning(logcat, \"Failed to parse bind address for DNS queries:{}\", arg);\n }\n });\n\n conf.define_option(\n \"dns\",\n \"bind\",\n NotEmbedded,\n DefaultDNSBind,\n MultiValue,\n Comment{\n \"Address to bind to for handling DNS requests.\",\n },\n [this, parse_addr_for_dns](std::string arg) {\n if (not arg.empty())\n {\n if (auto maybe_addr = parse_addr_for_dns(arg))\n {\n _bind_addrs.push_back(std::move(*maybe_addr));\n }\n else\n log::warning(logcat, \"Failed to parse bind address for handling DNS requests:{}\", arg);\n }\n });\n\n conf.define_option(\n \"dns\",\n \"add-hosts\",\n FullClientOnly,\n Comment{\"Add a hosts file to the dns resolver\", \"For use with client side dns filtering\"},\n [this, rel_base = params.default_data_dir](std::filesystem::path path) {\n if (path.empty())\n return;\n if (path.is_relative())\n path = rel_base / path;\n if (not exists(path))\n throw std::invalid_argument{\"cannot add hosts file {} as it does not exist\"_format(path)};\n hostfiles.emplace_back(std::move(path));\n });\n\n // Ignored option (used by the systemd service file to disable resolvconf configuration).\n conf.define_option(\n \"dns\",\n \"no-resolvconf\",\n FullClientOnly,\n Comment{\n \"Can be uncommented and set to 1 to disable resolvconf configuration of lokinet \"\n \"DNS.\",\n \"(This is not used directly by lokinet itself, but by the lokinet init scripts\",\n \"on systems which use resolveconf)\",\n });\n\n // forward the rest to libunbound\n conf.add_undeclared_handler(\n \"dns\", [this](auto, std::string_view key, std::string_view val) { extra_opts.emplace(key, val); });\n }\n\n void LinksConfig::define_config_options(ConfigDefinition& conf, const ConfigGenParameters&)\n {\n conf.add_section_comments(\n \"bind\",\n {\n \"This section allows specifying the IPs that lokinet uses for incoming and outgoing\",\n \"connections. For simple setups it can usually be left blank, but may be required\",\n \"for routers with multiple IPs, or routers that must listen on a private IP with\",\n \"forwarded public traffic. It can also be useful for clients that want to use a\",\n \"consistent outgoing port for which firewall rules can be configured.\",\n });\n\n conf.define_option(\n \"bind\",\n \"public-ip\",\n Hidden,\n RelayOnly,\n public_ip_loader(public_addr, \"[bind]:public-ip\", \"[router]:public-ip\"));\n\n conf.define_option(\n \"bind\",\n \"public-port\",\n Hidden,\n RelayOnly,\n public_port_loader(public_addr, \"[bind]:public-port\", \"[router]:public-port\"));\n\n auto parse_addr_for_link = [](std::string_view arg) {\n quic::Address a = quic::Address::parse(arg, 0);\n if (a.is_loopback())\n throw std::invalid_argument{\"Invalid listen address: {} is a loopback address\"_format(arg)};\n if (a.is_ipv6() && a.is_any_addr())\n a = quic::Address{ipv4{0, 0, 0, 0}, a.port()};\n else if (a.is_ipv6() && a.is_ipv4_mapped_ipv6())\n a.unmap_ipv4_from_ipv6();\n else if (a.is_ipv6())\n throw std::invalid_argument{\"Invalid listen address: IPv6 addresses are not currently supported\"};\n return a;\n };\n\n conf.define_option(\n \"bind\",\n \"listen\",\n Comment{\n \"IP and/or port for lokinet to bind to for inbound/outbound connections.\",\n \"\",\n \"If IP is omitted then lokinet will search for a local network interface with a\",\n \"public IP address and use that IP (and will exit with an error if no such IP is found\",\n \"on the system). If port is omitted then lokinet defaults to 1090 (routers) or 1091 (clients).\",\n \"\",\n \"Examples:\",\n \" listen=15.5.29.5:443\",\n \" listen=10.0.2.2\",\n \" listen=:1234\",\n \"\",\n \"Note that, when running as a relay, a private range IP address (like the second example\",\n \"above) requires also using [router]:public-ip/-port to specify the public IP address at\",\n \"which this router can be reached, and requires that traffic on that port is redirected to\",\n \"the listening internal address.\",\n },\n [this, parse_addr_for_link](const std::string& arg) {\n if (listen_addr)\n throw std::runtime_error{\n \"Multiple listen addresses found. If upgrading from an older lokinet, delete extra \"\n \"[bind]:inbound and [bind]:IP and use only one [bind]:listen\"};\n listen_addr = parse_addr_for_link(arg);\n });\n\n conf.define_option(\n \"bind\", \"inbound\", RelayOnly, MultiValue, Hidden, [this, parse_addr_for_link](const std::string& arg) {\n if (listen_addr)\n throw std::runtime_error{\n \"Multiple listen addresses found. If upgrading from an older lokinet, delete extra \"\n \"[bind]:inbound and [bind]:IP and use only one [bind]:listen\"};\n listen_addr = parse_addr_for_link(arg);\n log::warning(\n logcat,\n \"Loaded listen address {} from deprecated [bind]:inbound option; please update your config to \"\n \"use [bind]:listen instead\",\n *listen_addr);\n });\n\n conf.define_option(\"bind\", \"outbound\", MultiValue, Deprecated, Hidden);\n\n conf.add_undeclared_handler(\"bind\", [this](std::string_view, std::string_view key, std::string_view val) {\n // special case: old lokinet used '*' for outbound port, which now does nothing\n if (key == \"*\")\n {\n log::warning(\n logcat, \"[bind]:*=PORT is deprecated and no longer does anything in this version of Lokinet\");\n return;\n }\n\n log::warning(\n logcat, \"[bind]:{} is deprecated: Please update your config to use [bind]:listen instead\", key);\n\n // Otherwise you could have either `A.B.C.D=PORT` or `IFNAME=port`. The latter was\n // almost never used, and so we only look for the format and error on the latter.\n if (listen_addr)\n throw std::runtime_error{\n \"Multiple listen addresses found. If upgrading from an older lokinet, replace extra \"\n \"[bind]:inbound=/IP= settings with a single [bind]:listen=\"};\n\n uint16_t port{0};\n\n quic::Address temp;\n try\n {\n if (!llarp::parse_int(val, port))\n throw std::runtime_error{\"Could not parse port\"};\n temp = quic::Address{std::string{key}, port};\n }\n catch (const std::exception&)\n {\n throw std::runtime_error{\n \"Invalid [bind] deprecated config item: {}={}. \"\n \"Please replace with a [bind]:listen=... directive\"_format(key, val)};\n }\n\n listen_addr = std::move(temp);\n\n log::warning(\n logcat,\n \"[bind]:{0}={1} is deprecated; please replace with [bind] config entry: listen={0}:{1}\",\n key,\n val);\n });\n }\n\n void ApiConfig::define_config_options(ConfigDefinition& conf, const ConfigGenParameters& params)\n {\n conf.add_section_comments(\n \"api\",\n {\n \"JSON API settings\",\n });\n\n constexpr std::array DefaultRPCBind{\n Default{\"tcp://127.0.0.1:1190\"},\n#ifndef _WIN32\n Default{\"ipc://rpc.sock\"},\n#endif\n };\n\n conf.define_option(\n \"api\",\n \"enabled\",\n NotEmbedded,\n Default{params.type == config::Type::FullClient},\n assignment_acceptor(enable_rpc_server),\n Comment{\n \"Determines whether or not the OMQ JSON API is enabled. By default this is enabled for clients, \"\n \"disabled for relays\",\n });\n\n conf.define_option(\n \"api\",\n \"bind\",\n NotEmbedded,\n DefaultRPCBind,\n MultiValue,\n [this, first = true](std::string arg) mutable {\n if (first)\n {\n rpc_bind_addrs.clear();\n first = false;\n }\n if (arg.find(\"://\") == std::string::npos)\n {\n arg = \"tcp://\" + arg;\n }\n rpc_bind_addrs.push_back(std::move(arg));\n },\n Comment{\n \"IP addresses and ports to bind to.\",\n \"Recommend localhost-only for security purposes.\",\n });\n\n conf.define_option(\"api\", \"authkey\", Deprecated);\n\n // TODO: this was from pre-refactor:\n // TODO: add pubkey to whitelist\n }\n\n void LokidConfig::define_config_options(ConfigDefinition& conf, const ConfigGenParameters&)\n {\n conf.add_section_comments(\n \"lokid\",\n {\n \"Settings for communicating with oxend\",\n });\n\n conf.define_option(\n \"lokid\",\n \"disable-testing\",\n Default{false},\n Hidden,\n RelayOnly,\n Comment{\"Development option: set to true to disable reachability testing when using\", \"testnet\"},\n assignment_acceptor(disable_testing));\n\n conf.define_option(\n \"lokid\",\n \"rpc\",\n RelayOnly,\n Required,\n Comment{\n \"oxenmq control address for for communicating with oxend. Depends on oxend's\",\n \"lmq-local-control configuration option. By default this value should be\",\n \"ipc://OXEND-DATA-DIRECTORY/oxend.sock, such as:\",\n \" rpc=ipc:///var/lib/oxen/oxend.sock\",\n \" rpc=ipc:///home/USER/.oxen/oxend.sock\",\n \"but can use (non-default) TCP if oxend is configured that way:\",\n \" rpc=tcp://127.0.0.1:5678\",\n },\n [this](std::string arg) {\n#ifndef LOKINET_EMBEDDED_ONLY\n oxenmq::address test_valid{arg};\n#endif\n rpc_addr = std::move(arg);\n });\n\n // Deprecated options:\n conf.define_option(\"lokid\", \"jsonrpc\", RelayOnly, Hidden, [](std::string arg) {\n if (arg.empty())\n return;\n throw std::invalid_argument(\n \"the [lokid]:jsonrpc option is no longer supported; please use the [lokid]:rpc config \"\n \"option instead with oxend's lmq-local-control address -- typically a value such as \"\n \"rpc=ipc:///var/lib/oxen/oxend.sock or rpc=ipc:///home/snode/.oxen/oxend.sock\");\n });\n conf.define_option(\"lokid\", \"enabled\", RelayOnly, Deprecated);\n conf.define_option(\"lokid\", \"username\", Deprecated);\n conf.define_option(\"lokid\", \"password\", Deprecated);\n conf.define_option(\"lokid\", \"service-node-seed\", Deprecated);\n }\n\n void BootstrapConfig::define_config_options(ConfigDefinition& conf, const ConfigGenParameters&)\n {\n conf.add_section_comments(\n \"bootstrap\",\n {\n \"Configure nodes that will bootstrap us onto the network\",\n });\n\n conf.define_option(\n \"bootstrap\",\n \"add-node\",\n MultiValue,\n Comment{\n \"Specify a bootstrap file containing a list of signed RelayContacts of service nodes\",\n \"which can act as a bootstrap. Can be specified multiple times. If set this overrides\",\n \"the built-in seed node list.\",\n },\n [this](std::string arg) {\n if (arg.empty())\n throw std::invalid_argument(\"cannot use empty filename as bootstrap\");\n\n files.emplace_back(std::move(arg));\n\n if (not exists(files.back()))\n throw std::invalid_argument(\"file does not exist: \" + arg);\n });\n }\n\n void LoggingConfig::define_config_options(ConfigDefinition& conf, const ConfigGenParameters& params)\n {\n conf.add_section_comments(\n \"logging\",\n {\n \"Logging settings\",\n });\n\n conf.define_option(\n \"logging\",\n \"type\",\n Default{\n params.type == config::Type::EmbeddedClient ? \"none\"\n : platform::is_android or platform::is_apple ? \"system\"\n : \"print\"},\n [this](std::string arg) {\n if (arg == \"none\")\n type = std::nullopt;\n else\n type = log::type_from_string(arg);\n },\n Comment{\n \"Log type (format). Valid options are:\",\n \" print - print logs to standard output\",\n \" system - logs directed to the system logger (syslog/eventlog/etc.)\",\n \" file - plaintext formatting to a file\",\n (params.type == config::Type::EmbeddedClient ? \" none - do not reset the logging system (for embedded \"\n \"use with external oxen::logging)\"\n : \"\"),\n });\n\n conf.define_option(\n \"logging\",\n \"level\",\n Default{\n params.type == config::Type::Relay ? \"warn\"\n : params.type == config::Type::FullClient ? \"info\"\n : \"\"},\n [this](std::string arg) { levels = std::move(arg); },\n Comment{\n \"Minimum log severity level to print. Logging below this level will be ignored.\",\n \"Can also be set to a comma-separated list of individual categories, such as:\",\n \" *=warn, logcat123=debug\",\n \"\",\n \"Valid log levels, in ascending order, are:\",\n \" trace, debug, info, warn, error, critical, off\",\n });\n\n conf.define_option(\n \"logging\",\n \"file\",\n Default{\"\"},\n assignment_acceptor(file),\n Comment{\n \"When using type=file this is the output filename.\",\n });\n }\n\n void PathConfig::define_config_options(ConfigDefinition& conf, const ConfigGenParameters&)\n {\n conf.add_section_comments(\n \"paths\",\n {\n \"Settings related to path selection such as number of hops and selection criteria\",\n });\n\n conf.define_option(\n \"paths\",\n \"edge-connections\",\n Default{CLIENT_ROUTER_CONNECTIONS},\n ClientOnly,\n Comment{\n \"Minimum number of routers lokinet client will attempt to maintain direct (i.e. \\\"edge\\\")\",\n \"connections to. All paths will start through one of these edges.\",\n \"\",\n \"Lokinet may use more than this number of edges in single-hop connection mode\",\n \"(see [paths]:client-hops) and may use fewer connections if limited by [paths]:strict-edge.\"},\n lower_bounded_assignment_acceptor(edge_connections, 1, \"[paths]:edge-connections\"));\n\n conf.define_option(\n \"paths\",\n \"outbound-paths\",\n ClientOnly,\n Default{2},\n Comment{\n \"Number of paths to maintain per active outbound connection to a remote client or relay.\",\n \"Only one path is actively used at a time, but others are used for regular path rotation\",\n \"and as a fallback for path failure.\",\n \"\",\n \"Note that this value applies to EACH outbound connection separately: if you have active\",\n \"connections to 5 clients and 3 snodes, lokinet will maintain 16 outbound paths (at the\",\n \"default setting of 2).\",\n \"\",\n \"Setting this value to 1 is allowed, but will result in brief periods of packet loss\",\n \"whenever paths expire due to the lack of allowed backup path.\",\n },\n bounded_assignment_acceptor(outbound_paths, 1, 4, \"[paths]:outbound-paths\"));\n\n conf.define_option(\n \"paths\",\n \"client-hops\",\n ClientOnly,\n Default{3},\n Comment{\n \"Number of hops to use when establishing a connection to a service node relay to\",\n \"communicate through that relay to another client.\",\n \"\",\n \"The overall number of hops to the remote client is this value PLUS the number of inbound\",\n \"hops the other client has configured for their inbound hops (via [paths]:inbound-hops).\",\n \"\",\n \"Setting this value to 1 puts lokinet into single-hop mode for the connection from this\",\n \"client to the aligned pivot router, which potentially weakens connection privacy as\",\n \"your public IP will be observable to any service node listed as a pivot for any remote\",\n \"client that you connect to.\"},\n bounded_assignment_acceptor(client_hops, 1, path::BUILD_LENGTH, \"[paths]:client-hops\"));\n\n conf.define_option(\n \"paths\",\n \"relay-hops\",\n ClientOnly,\n Comment{\n \"Number of hops to use when establishing a connection to talk to a service node.\",\n \"\",\n \"A value of 1 results in establishing direct connection to the snode (i.e. only\",\n \"encryption but no onion routing); 2 would select one intermediate snode to onion\",\n \"route through; 4 uses three intermediates, and so on, up to the maximum of 8.\",\n \"\",\n \"Additional hops increases privacy but also increase latency and reduces network\",\n \"performance through the path.\",\n \"\",\n \"If not set, this default to one greater than the value of [paths]:client-hops.\",\n \"\",\n \"Setting this value to 1 puts lokinet into single-hop mode for the connection from this\",\n \"client to service node (i.e. `.snode` addresses) which potentially weakens connection\",\n \"privacy as any service nodes you connect to will be able to observe your public IP.\"},\n bounded_assignment_acceptor(relay_hops_, 1, path::BUILD_LENGTH, \"[paths]:relay-hops\"));\n\n conf.define_option(\n \"paths\",\n \"inbound-paths\",\n ClientOnly,\n Default{4},\n Comment{\n \"Number of local paths that Lokinet maintains for both network reachability (i.e. remote\",\n \"clients connecting to this instance) and network communication such as looking up\",\n \"client lto maintain for network reachability and for general network requests\",\n \"\",\n \"This value does NOT apply to paths that are built to reach external clients or relays.\",\n },\n bounded_assignment_acceptor(inbound_paths, 1, 10, \"[paths]:local-paths\"));\n\n conf.define_option(\n \"paths\",\n \"inbound-paths-extra\",\n FullClientOnly,\n Hidden,\n Default{0},\n Comment{\n \"Extra inbound paths to use for Lokinet connectivity. This option is hidden as it is not\",\n \"meant for normal Lokinet use, and may be removed or replaced without warning in the future\",\n },\n lower_bounded_assignment_acceptor(inbound_paths_extra, 0, \"[paths]:inbound-paths-extra\"));\n\n conf.define_option(\n \"paths\",\n \"inbound-hops\",\n ClientOnly,\n Comment{\n \"Number of hops to use for inbound and general request connections (see [paths]:inbound-paths).\",\n \"\",\n \"When a remote Lokinet is connecting to this instance, this controls the path length of the\",\n \"local side of the full client-to-client path (i.e. from the common relay \\\"pivot\\\" to this\",\n \"Lokinet instance).\",\n \"\",\n \"If not set, this value defaults to the same value as [paths]:client-hops.\",\n },\n bounded_assignment_acceptor(inbound_hops_, 1, path::BUILD_LENGTH, \"[paths]:inbound-hops\"));\n\n conf.define_option(\n \"paths\",\n \"inbound-pivot-reuse\",\n ClientOnly,\n Default{1},\n Comment{\n \"This configures the maximum number of times a single relay may be used as a path pivot.\",\n \"The default is one, meaning each inbound path is built to a distinct pivot, but special\",\n \"cases (such as a one-hop reachable endpoint using a small number of pivots) may want to\",\n \"increase this to allow multiple pivots to be used at once. Leaving this at the default\",\n \"of 1 is recommended for most cases.\",\n },\n lower_bounded_assignment_acceptor(inbound_pivot_reuse, 1, \"[paths]:inbound-pivot-reuse\"));\n\n conf.define_option(\n \"paths\",\n \"unique-range-size\",\n Default{24},\n ClientOnly,\n [this](int arg) {\n if (arg > 32 or (arg < 4 and arg != 0))\n throw std::invalid_argument{\"[paths]:unique-range-size must be between 4 and 32, or 0\"};\n\n unique_hop_netmask = static_cast(arg);\n },\n Comment{\n \"Netmask for router path selection; each router must be from a distinct IPv4 subnet\",\n \"of the given size. Defaults to 24.\",\n \"\",\n \"For instance, setting this to 16 selects routers for each path that have distinct\",\n \"x.y.*.* IP addresses; 32 merely requires that each router have a unique IP. Setting\",\n \"this to 0 disables IP uniqueness entirely (i.e. paths can be selected that go through\",\n \"different Lokinet routers on the same IP)\",\n });\n\n conf.define_option(\n \"paths\",\n \"acceptable-expiry\",\n Default{300s},\n ClientOnly,\n Comment{\n \"The minimum expiry time a path/pivot must have for it to be eligible when switching\",\n \"to a new path. Inactive paths older than this will be replaced with new paths.\",\n },\n bounded_assignment_acceptor(acceptable_expiry, 0s, path::MAX_LIFETIME / 2, \"acceptable-expiry\"));\n\n conf.define_option(\n \"paths\",\n \"min-expiry\",\n Default{60s},\n ClientOnly,\n Comment{\n \"The minimum allowed path/pivot expiry time (in seconds) of a currently active outbound path.\",\n \"When an active path reaches an expiry less than this value then the path to the remote will\",\n \"be rotated immediately to use a newer path.\",\n \"\",\n \"This value cannot be larger than acceptable-expiry.\",\n },\n bounded_assignment_acceptor(min_expiry, 0s, path::MAX_LIFETIME / 2, \"min-expiry\"));\n\n conf.define_option(\n \"paths\",\n \"build-timeout\",\n ClientOnly,\n Default{10s},\n Comment{\n \"How long to wait for a session or path to establish before timing out the attempt.\",\n \"Value is in seconds, or milliseconds with an ms suffix (e.g. 2500ms).\",\n },\n bounded_assignment_acceptor(build_timeout, 1ms, 1min, \"[paths]:build-timeout\"));\n\n conf.add_options_validator([this] {\n if (min_expiry > acceptable_expiry)\n throw std::invalid_argument{\"[paths]:min-expiry cannot be longer than [paths]:acceptable-expiry\"};\n });\n\n conf.define_option(\n \"paths\",\n \"ping-interval\",\n Default{5s},\n ClientOnly,\n Comment{\"How frequently to send pings along built paths to test that they are still alive.\"},\n lower_bounded_assignment_acceptor(ping_interval, 1s, \"[paths]:ping-interval\"));\n\n conf.define_option(\n \"paths\",\n \"max-missed-pings\",\n Default{5},\n ClientOnly,\n Comment{\n \"The maximum number of consecutive missed pings (see ping-interval) allowed for a path. If a path\",\n \"misses more than this, the path will be considered to have died and be replaced.\"},\n lower_bounded_assignment_acceptor(max_missed_pings, 0, \"[paths]:max-missed-pings\"));\n\n#ifdef LOKINET_DEBUG_PATH_SEED\n conf.define_option(\n \"paths\", \"debug-path-seed\", ClientOnly, Hidden, assignment_acceptor(debug_path_seed));\n#endif\n\n conf.define_option(\n \"paths\",\n \"strict-edge\",\n ClientOnly,\n MultiValue,\n [this](std::string value) {\n RouterID router;\n if (value.size() == 64 && oxenc::is_hex(value))\n oxenc::from_hex(value.begin(), value.end(), router.begin());\n else if (not router.from_relay_address(value))\n throw std::invalid_argument{\"[paths]:strict-edge: Invalid .snode pubkey: {}\"_format(value)};\n\n if (not strict_edges.insert(router).second)\n throw std::invalid_argument{\n \"[paths]:strict-edge: Duplicate strict connect .snode value: {}\"_format(value)};\n },\n Comment{\n R\"(List of service node public keys of \"edge\" nodes (also known as \"first hops\") that)\",\n \"Lokinet will exclusively use when establishing paths through the network. You can use\",\n \"this to always use closer (i.e. lower latency) first hops, or to limit which network\",\n \"nodes see connections from your IP address.\",\n \"\",\n \"Public keys can be provided either in native lokinet address format (ADDR.snode), or using\",\n \"the 64-character hexademical pubkey notation common used for Session service nodes.\",\n \"Specify this option multiple times to specify multiple allowed edge nodes.\",\n \"\",\n \"Note that only registered service node pubkeys will be used, and so connectivity will be\",\n \"lost entirely if all of the listed pubkeys are or become deregistered.\",\n \"\",\n \"This option is incompatible with single-hop outbound path mode (see `[paths]:client-hops`\",\n \"and `[paths]:relay-hops`).\",\n \"\",\n \"Note that if bootstrapping is needed a connection will be made to the configured bootstrap\",\n \"nodes to obtain an initial router list. See [bootstrap]:add-node if you want to also\",\n \"override the nodes used for bootstrapping.\"});\n\n conf.add_options_validator([this] {\n if (strict_edges.empty())\n return;\n if (client_hops == 1)\n throw std::invalid_argument{\n \"[paths]:strict-edge cannot be used with [paths]:client-hops=1 single hop mode\"};\n if (relay_hops_ and *relay_hops_ == 1)\n throw std::invalid_argument{\n \"[paths]:strict-edge cannot be used with [paths]:relay-hops=1 single hop mode\"};\n });\n\n conf.define_option(\n \"paths\",\n \"blacklist-snode\",\n ClientOnly,\n MultiValue,\n Comment{\n \"Adds a lokinet relay `.snode` address to the list of relays to avoid when\",\n \"connecting to edges or building paths. Can be specified multiple times.\",\n },\n [this](std::string arg) {\n RouterID id;\n if (not id.from_relay_address(arg))\n throw std::invalid_argument{\"Invalid RouterID: {}\"_format(arg)};\n\n auto itr = snode_blacklist.emplace(std::move(id));\n if (not itr.second)\n throw std::invalid_argument{\"Duplicate blacklist-snode: {}\"_format(arg)};\n });\n\n#ifdef WITH_GEOIP\n conf.defineOption(\n \"paths\",\n \"exclude-country\",\n ClientOnly,\n MultiValue,\n [this](std::string arg) { m_ExcludeCountries.emplace(lowercase_ascii_string(std::move(arg))); },\n Comment{\n \"Exclude a country given its 2 letter country code from being used in path builds.\",\n \"For example:\",\n \" exclude-country=DE\",\n \"would avoid building paths through routers with IPs in Germany.\",\n \"This option can be specified multiple times to exclude multiple countries\",\n \"Note that this option does not affect the final relay or pivot in outgoing paths\",\n });\n#endif\n }\n\n std::unique_ptr Config::make_gen_params() const\n {\n auto cgp = std::make_unique();\n cgp->default_data_dir = data_dir;\n cgp->type = type;\n return cgp;\n }\n\n Config::Config(config::Type type, std::filesystem::path conf_file) : data_dir{conf_file.parent_path()}, type{type}\n {\n auto ini = util::file_to_string(conf_file);\n load_config_data(std::move(ini), std::move(conf_file));\n }\n\n Config::Config(config::Type type, std::string ini, std::filesystem::path default_data_dir)\n : data_dir{std::move(default_data_dir)}, type{type}\n {\n load_config_data(std::move(ini));\n }\n\n static std::filesystem::path overrides_dir(const std::filesystem::path& datadir) { return datadir / \"conf.d\"; }\n\n void Config::save()\n {\n const auto overridesDir = overrides_dir(data_dir);\n if (not exists(overridesDir))\n create_directories(overridesDir);\n parser.save();\n }\n\n void Config::override(std::string section, std::string key, std::string value)\n {\n parser.add_override(overrides_dir(data_dir) / \"overrides.ini\", section, key, value);\n }\n\n void Config::load_overrides(ConfigDefinition& conf) const\n {\n ConfigParser parser;\n const auto overridesDir = overrides_dir(data_dir);\n if (exists(overridesDir))\n {\n for (const auto& f : std::filesystem::directory_iterator{overridesDir})\n {\n if (not f.is_regular_file() or f.path().extension() != \".ini\")\n continue;\n ConfigParser parser;\n try\n {\n parser.load_file(f.path());\n }\n catch (const std::exception& e)\n {\n throw std::runtime_error{\"Failed to load config file {}: {}\"_format(f.path().string(), e.what())};\n }\n\n parser.iter_all_sections([&](std::string_view section, const SectionValues& values) {\n for (const auto& [k, v] : values)\n conf.add_config_value(section, k, v);\n });\n }\n }\n }\n\n void Config::add_default(std::string section, std::string key, std::string val)\n {\n additional.emplace_back(std::array{section, key, val});\n }\n\n void Config::load_config_data(std::string ini, std::optional filename)\n {\n#ifdef LOKINET_EMBEDDED_ONLY\n if (type != Type::EmbeddedClient)\n throw std::runtime_error{\n \"This lokinet build only supports embedded clients, not {}\"_format(to_string(type))};\n#endif\n auto params = make_gen_params();\n ConfigDefinition conf{type};\n add_backcompat_opts(conf);\n init_config(conf, *params);\n\n for (const auto& item : additional)\n {\n conf.add_config_value(item[0], item[1], item[2]);\n }\n\n parser.clear();\n\n if (filename)\n parser.set_filename(*filename);\n else\n parser.set_filename(std::filesystem::path{});\n\n parser.load_from_str(std::move(ini));\n\n parser.iter_all_sections([&](std::string_view section, const SectionValues& values) {\n for (const auto& pair : values)\n {\n conf.add_config_value(section, pair.first, pair.second);\n }\n });\n\n load_overrides(conf);\n\n conf.process();\n }\n\n void Config::init_config(ConfigDefinition& conf, const ConfigGenParameters& params)\n {\n router.define_config_options(conf, params);\n exit.define_config_options(conf, params);\n network.define_config_options(conf, params);\n paths.define_config_options(conf, params);\n dns.define_config_options(conf, params);\n links.define_config_options(conf, params);\n api.define_config_options(conf, params);\n lokid.define_config_options(conf, params);\n bootstrap.define_config_options(conf, params);\n logging.define_config_options(conf, params);\n }\n\n void Config::add_backcompat_opts(ConfigDefinition& conf)\n {\n // These config sections don't exist anymore:\n\n conf.define_option(\"system\", \"user\", Deprecated);\n conf.define_option(\"system\", \"group\", Deprecated);\n conf.define_option(\"system\", \"pidfile\", Deprecated);\n\n conf.define_option(\"netdb\", \"dir\", Deprecated);\n\n conf.define_option(\"metrics\", \"json-metrics-path\", Deprecated);\n }\n\n void ensure_config(std::filesystem::path dataDir, std::filesystem::path confFile, bool overwrite, config::Type type)\n {\n // fail to overwrite if not instructed to do so\n if (exists(confFile) && !overwrite)\n {\n log::info(logcat, \"Config file already exists; NOT creating new config\");\n return;\n }\n\n const auto parent = confFile.parent_path();\n\n // create parent dir if it doesn't exist\n if ((not parent.empty()) and (not exists(parent)))\n {\n create_directory(parent);\n }\n\n log::info(logcat, \"Attempting to create config file for {} at file path:{}\", to_string(type), confFile);\n\n llarp::Config config{type, \"\", dataDir};\n auto confStr = config.generate_config_base();\n\n try\n {\n util::buffer_to_file(confFile, confStr);\n }\n catch (const std::exception& e)\n {\n throw std::runtime_error{\"Failed to write config data to {}: {}\"_format(confFile, e.what())};\n }\n\n log::info(logcat, \"Generated new config (path: {})\", confFile);\n }\n\n std::string Config::generate_config_base()\n {\n auto params = make_gen_params();\n\n llarp::ConfigDefinition def{type};\n init_config(def, *params);\n\n return def.generate_ini_config(true);\n }\n\n} // namespace llarp\n" }, { "path": "llarp/config/config.hpp", "content": "#pragma once\n\n#include \"definition.hpp\"\n#include \"ini.hpp\"\n\n#include \n#include \n#include \n#include \n#include \n#include \n#include \n#include \n#include \n#include \n#include \n#include \n#include \n\n#include \n#include \n#include \n#include \n#include \n#include \n#include \n\nnamespace llarp\n{\n using SectionValues = llarp::ConfigParser::SectionValues;\n using ConfigMap = llarp::ConfigParser::ConfigMap;\n\n inline constexpr uint16_t DEFAULT_CLIENT_PORT{1091};\n inline constexpr uint16_t DEFAULT_RELAY_PORT{1090};\n inline const quic::Address DEFAULT_CLIENT_ADDR{\"0.0.0.0\", DEFAULT_CLIENT_PORT};\n inline constexpr uint16_t DEFAULT_DNS_PORT{53};\n inline constexpr int CLIENT_ROUTER_CONNECTIONS{4};\n\n // TODO: don't use these maps. they're sloppy and difficult to follow\n /// Small struct to gather all parameters needed for config generation to reduce the number of\n /// parameters that need to be passed around.\n struct ConfigGenParameters\n {\n ConfigGenParameters() = default;\n virtual ~ConfigGenParameters() = default;\n\n ConfigGenParameters(const ConfigGenParameters&) = delete;\n ConfigGenParameters(ConfigGenParameters&&) = delete;\n\n config::Type type;\n std::filesystem::path default_data_dir;\n\n /// get network platform (virtual for unit test mocks)\n virtual const llarp::net::Platform* net_ptr();\n };\n\n struct RouterConfig\n {\n NetID net_id = NetID::MAINNET;\n\n std::filesystem::path data_dir;\n\n bool block_bogons = false;\n\n int worker_threads = -1;\n int net_threads = -1;\n\n size_t job_que_size = 0;\n\n std::optional rc_file;\n\n bool is_relay = false;\n\n std::optional public_addr;\n\n void define_config_options(ConfigDefinition& conf, const ConfigGenParameters& params);\n };\n\n /// config for path hop selection\n struct PathConfig\n {\n int edge_connections{CLIENT_ROUTER_CONNECTIONS};\n\n // If non-empty then *only* use these nodes for first hops. (Except for single-hop outbound\n // paths, which ignore this).\n std::unordered_set strict_edges;\n\n // Blacklist of relays to avoid using for edges or path hops\n std::unordered_set snode_blacklist;\n\n /// Number of paths to maintain for inbound reachability and network queries (such as\n /// looking up client contacts).\n int inbound_paths = 4;\n int inbound_paths_extra = 0;\n\n /// Number of times the same relay can be used as an inbound path pivot. The default is 1,\n /// which means every inbound path uses a distinct relay.\n int inbound_pivot_reuse = 1;\n\n /// Length of the \"inbound\" paths we use for inbound connections and network queries.\n /// If unset, use client_hops.\n std::optional inbound_hops_;\n\n // Retrieves the above, with built-in fallback to the client_hops value if not set.\n int inbound_hops() const { return inbound_hops_.value_or(client_hops); }\n\n /// Number of paths to maintain to *each* outgoing remote (relay or snode).\n int outbound_paths = 2;\n\n /// Number of hops when establishing a session to a relay (i.e. to a .snode, not *through* a\n /// relay to reach a client).\n std::optional relay_hops_;\n\n /// Retrieves the working value for relay-hops: the value if explicitly set, else one more\n /// than the configured client hops.\n int relay_hops() const { return relay_hops_.value_or(std::min(client_hops + 1, path::BUILD_LENGTH)); }\n\n /// Number of hops when building an aligned path to a relay to reach a client on the other\n /// side.\n int client_hops = 3;\n\n /// in our hops what netmask will we use for unique ips for hops\n /// i.e. 32 for every hop unique ip, 24 unique /24 per hop, etc\n uint8_t unique_hop_netmask{0};\n\n // TODO: some day, if we ever support routers using IPv6, there would need to be a different\n // ipv6 netmask value.\n\n std::chrono::seconds min_expiry = 1min;\n std::chrono::seconds acceptable_expiry = 5min;\n\n std::chrono::milliseconds build_timeout{10s};\n std::chrono::seconds ping_interval{5s};\n int max_missed_pings{5};\n\n // DEBUG ONLY: if set, this uses a repeatable RNG with the given seed for reproducible path\n // selection. This option only has an effect if lokinet is configured with\n // -DLOKINET_DEBUG_PATH_SEED=ON (which is disabled by default).\n std::optional debug_path_seed;\n\n void define_config_options(ConfigDefinition& conf, const ConfigGenParameters& params);\n };\n\n /** TODO:\n - finalize supervenience of ExitConfig over deprecated config entries\n */\n\n /// Config options related to exit node services\n struct ExitConfig\n {\n bool exit_enabled{false};\n\n // Used by RemoteHandler to provide auth tokens for remote exits\n std::unordered_map auth_tokens;\n std::unordered_map sns_auth_tokens;\n\n net::ExitPolicy exit_policy;\n\n // Remote client ONS exit addresses mapped to local IP ranges pending ONS address resolution\n // Reserved local IP ranges mapped to remote client ONS addresses (pending ONS resolution)\n std::unordered_map>> sns_ranges;\n\n // Reserved local IP ranges mapped to remote client exit addresses\n std::unordered_map>> ranges;\n\n void define_config_options(ConfigDefinition& conf, const ConfigGenParameters& params);\n };\n\n struct NetworkConfig\n {\n bool enable_profiling{false};\n bool save_profiles{false};\n\n std::optional keyfile;\n\n bool enable_ipv6{false};\n bool is_reachable{false};\n\n /* Auth specific config */\n auth::AuthType auth_type = auth::AuthType::NONE;\n auth::AuthFileType auth_file_type = auth::AuthFileType::HASHES;\n\n std::optional auth_endpoint;\n std::optional auth_method;\n\n std::unordered_set auth_whitelist;\n\n std::unordered_set auth_static_tokens;\n\n std::vector auth_files;\n\n std::unordered_set srv_records;\n\n /* TESTNET: Under modification */\n\n // Contents of this file are read directly into ::_reserved_local_addrs\n std::optional addr_map_persist_file;\n\n // the only member that refers to an actual interface\n std::optional _if_name;\n\n std::optional _local_ip_net; // [network]:ifaddr\n std::optional _local_ipv6_net; // [network]:ipv6\n\n // Remote exit or hidden service addresses mapped to fixed local IP addresses\n // TODO:\n // - load directly into TunEndpoint mapping\n // - when a session is created, check mapping when assigning IP's\n std::unordered_map _reserved_local_ipv4;\n std::unordered_map _reserved_local_ipv6;\n\n // TESTNET: moved into ExitConfig!\n bool allow_exit{false};\n // Used by RemoteHandler to provide auth tokens for remote exits\n std::unordered_map exit_auths;\n std::unordered_map sns_exit_auths;\n std::optional traffic_policy;\n\n // TESTNET: move into ExitConfig!\n bool enable_route_poker{false};\n bool blackhole_routes{false};\n\n void define_config_options(ConfigDefinition& conf, const ConfigGenParameters& params);\n };\n\n struct DnsConfig\n {\n bool l3_intercept{false};\n\n std::vector hostfiles;\n\n /* TESTNET: Under modification */\n std::vector _upstream_dns;\n quic::Address _default_dns{\"9.9.9.10\", DEFAULT_DNS_PORT};\n std::optional _query_bind;\n std::vector _bind_addrs;\n\n // Deprecated\n // std::vector upstream_dns;\n // std::optional query_bind;\n // std::vector bind_addr;\n /*************************************/\n\n std::unordered_multimap extra_opts;\n\n void define_config_options(ConfigDefinition& conf, const ConfigGenParameters& params);\n };\n\n struct LinksConfig\n {\n // DEPRECATED -- use [router]:public_addr/port instead\n std::optional public_addr;\n\n std::optional listen_addr;\n\n void define_config_options(ConfigDefinition& conf, const ConfigGenParameters& params);\n };\n\n struct ApiConfig\n {\n bool enable_rpc_server = false;\n std::vector rpc_bind_addrs;\n\n void define_config_options(ConfigDefinition& conf, const ConfigGenParameters& params);\n };\n\n struct LokidConfig\n {\n std::filesystem::path id_keyfile;\n std::string rpc_addr;\n bool disable_testing = false;\n\n void define_config_options(ConfigDefinition& conf, const ConfigGenParameters& params);\n };\n\n struct BootstrapConfig\n {\n std::vector files;\n\n void define_config_options(ConfigDefinition& conf, const ConfigGenParameters& params);\n };\n\n struct LoggingConfig\n {\n // Log type. If nullopt then lokinet will not set up logging sinks at all (this is\n // primarily aimed at embedded clients that have already set up logging).\n std::optional type = log::Type::Print;\n\n // levels can either be just a level (\"warn\"), or a list of cat levels such as:\n // \"*=warning, cat1=debug, cat2*=trace\". See oxen-logging for more details. If empty then\n // logging levels will not be set at all (and, again, is most useful for embedded clients).\n std::string levels;\n\n std::string file;\n\n void define_config_options(ConfigDefinition& conf, const ConfigGenParameters& params);\n };\n\n struct Config\n {\n // Creates a config for the given lokinet instance type (relay, full client, or embedded\n // client), loading configuration data from the given string, if given (all default config\n // otherwise). The default data directory (if not explicit set in the given config string)\n // can optionally be provided. If omitted (and not set in the string) it defaults to cwd.\n Config(\n config::Type type,\n std::string config = \"\",\n std::filesystem::path default_data_dir = std::filesystem::current_path());\n\n // Creates a config for the given lokinet instance type (relay, full client, or embedded\n // client), loading configuration data from an existing file. The default data directory\n // (if not set in the config itself) will be the directory containing the given config file.\n Config(config::Type type, std::filesystem::path config_file);\n\n Config(Config&&) = default;\n Config(const Config&) = default;\n Config& operator=(Config&&) = default;\n Config& operator=(const Config&) = default;\n\n virtual ~Config() = default;\n\n /// create generation params (virtual for unit test mock)\n virtual std::unique_ptr make_gen_params() const;\n\n RouterConfig router;\n ExitConfig exit;\n NetworkConfig network;\n PathConfig paths;\n DnsConfig dns;\n LinksConfig links;\n ApiConfig api;\n LokidConfig lokid;\n BootstrapConfig bootstrap;\n LoggingConfig logging;\n\n // Initialize config definition\n void init_config(ConfigDefinition& conf, const ConfigGenParameters& params);\n\n /// Insert config entries for backwards-compatibility (e.g. so that the config system will\n /// tolerate old values that are no longer accepted)\n ///\n /// @param conf is the config to modify\n void add_backcompat_opts(ConfigDefinition& conf);\n\n std::string generate_config_base();\n\n void save();\n\n void override(std::string section, std::string key, std::string value);\n\n void add_default(std::string section, std::string key, std::string value);\n\n bool relay() const { return type == config::Type::Relay; }\n bool embedded() const { return type == config::Type::EmbeddedClient; }\n bool client() const { return !relay(); }\n\n private:\n void load_config_data(std::string ini, std::optional fname = std::nullopt);\n\n void load_overrides(ConfigDefinition& conf) const;\n\n std::vector> additional;\n ConfigParser parser;\n std::filesystem::path data_dir{std::filesystem::current_path()};\n config::Type type;\n };\n\n // Ensures that a conf file exists, writing a default one if not present. Only for full\n // clients/routers (i.e. not embedded clients).\n void ensure_config(\n std::filesystem::path dataDir, std::filesystem::path confFile, bool overwrite, config::Type type);\n\n} // namespace llarp\n" }, { "path": "llarp/config/definition.cpp", "content": "#include \"definition.hpp\"\n\n#include \n#include \n\n#include \n#include \n#include \n\nnamespace llarp\n{\n static auto logcat = log::Cat(\"config.def\");\n\n static constexpr std::array true_values = {\"true\", \"TRUE\", \"T\", \"on\", \"ON\", \"1\", \"yes\", \"enable\", \"enabled\"};\n static constexpr std::array false_values = {\"false\", \"FALSE\", \"F\", \"off\", \"OFF\", \"1\", \"no\", \"disable\", \"disabled\"};\n std::optional parse_boolean(std::string_view input)\n {\n if (std::ranges::any_of(true_values, [&input](const auto& v) { return input == v; }))\n return true;\n if (std::ranges::any_of(false_values, [&input](const auto& v) { return input == v; }))\n return false;\n return std::nullopt;\n }\n\n template <>\n bool OptionDefinition::from_string(const std::string& input)\n {\n if (auto b = parse_boolean(input))\n return *b;\n throw std::invalid_argument{\"{} is not a valid bool\"_format(input)};\n }\n\n ConfigDefinition& ConfigDefinition::define_option(std::unique_ptr def)\n {\n using namespace config;\n // If explicitly deprecated or is a {client,relay} option in a {relay,client} config then\n // add a dummy, warning option instead of this one.\n bool bad = def->deprecated || (type == config::Type::Relay && def->client_only)\n || (type != config::Type::Relay && def->relay_only)\n || (type == config::Type::EmbeddedClient && def->no_embedded);\n if (bad)\n return define_option(\n def->section,\n def->name,\n MultiValue,\n Hidden,\n [deprecated = def->deprecated, type = type, opt = \"[{}]:{}\"_format(def->section, def->name)](\n std::string_view) {\n log::warning(\n logcat,\n \"*** WARNING: The config option {} is {} and has been ignored\",\n opt,\n (deprecated ? \"deprecated\" : \"invalid in {} configuration files\"_format(to_string(type))));\n });\n\n auto [sectionItr, newSect] = definitions.try_emplace(def->section);\n if (newSect)\n section_ordering.push_back(def->section);\n auto& section = sectionItr->first;\n\n auto [it, added] = definitions[section].try_emplace(std::string{def->name}, std::move(def));\n if (!added)\n throw std::invalid_argument{\"definition for [{}]:{} already exists\"_format(def->section, def->name)};\n\n definition_ordering[section].push_back(it->first);\n\n if (!it->second->comments.empty())\n add_option_comments(section, it->first, std::move(it->second->comments));\n\n return *this;\n }\n\n ConfigDefinition& ConfigDefinition::add_config_value(\n std::string_view section, std::string_view name, std::string_view value)\n {\n // see if we have an undeclared handler to fall back to in case section or section:name is\n // absent\n auto undItr = undeclared_handlers.find(std::string(section));\n bool haveUndeclaredHandler = (undItr != undeclared_handlers.end());\n\n // get section, falling back to undeclared handler if needed\n auto secItr = definitions.find(std::string(section));\n if (secItr == definitions.end())\n {\n // fallback to undeclared handler if available\n if (not haveUndeclaredHandler)\n throw std::invalid_argument{\"unrecognized section [{}]\"_format(section)};\n auto& handler = undItr->second;\n handler(section, name, value);\n return *this;\n }\n\n // section was valid, get definition by name\n // fall back to undeclared handler if needed\n auto& sectionDefinitions = secItr->second;\n auto defItr = sectionDefinitions.find(std::string(name));\n if (defItr != sectionDefinitions.end())\n {\n std::unique_ptr& definition = defItr->second;\n definition->parse_value(std::string(value));\n return *this;\n }\n\n if (not haveUndeclaredHandler)\n throw std::invalid_argument{\"unrecognized option [{}]: {}\"_format(section, name)};\n\n auto& handler = undItr->second;\n handler(section, name, value);\n return *this;\n }\n\n void ConfigDefinition::add_undeclared_handler(const std::string& section, UndeclaredValueHandler handler)\n {\n auto itr = undeclared_handlers.find(section);\n if (itr != undeclared_handlers.end())\n throw std::logic_error{\"section {} already has a handler\"_format(section)};\n\n undeclared_handlers[section] = std::move(handler);\n }\n\n void ConfigDefinition::remove_undeclared_handler(const std::string& section)\n {\n auto itr = undeclared_handlers.find(section);\n if (itr != undeclared_handlers.end())\n undeclared_handlers.erase(itr);\n }\n\n void ConfigDefinition::add_options_validator(std::function validator)\n {\n options_validators.push_back(std::move(validator));\n }\n\n void ConfigDefinition::validate_required_fields()\n {\n visit_sections([&](const std::string& section, const DefinitionMap&) {\n visit_definitions(section, [&](const std::string&, const std::unique_ptr& def) {\n if (def->required and def->get_number_found() < 1)\n {\n throw std::invalid_argument{\"[{}]:{} is required but missing\"_format(section, def->name)};\n }\n\n // should be handled earlier in OptionDefinition::parse_value()\n assert(def->get_number_found() <= 1 or def->multi_valued);\n });\n });\n }\n\n void ConfigDefinition::accept_all_options()\n {\n visit_sections([this](const std::string& section, const DefinitionMap&) {\n visit_definitions(section, [](const std::string&, const std::unique_ptr& def) {\n def->try_accept();\n });\n });\n }\n\n void ConfigDefinition::validate_all_options()\n {\n for (auto& v : options_validators)\n v();\n }\n\n void ConfigDefinition::add_section_comments(const std::string& section, std::vector comments)\n {\n auto& sectionComments = section_comments[section];\n for (auto& c : comments)\n sectionComments.emplace_back(std::move(c));\n }\n\n void ConfigDefinition::add_option_comments(\n const std::string& section, const std::string& name, std::vector comments)\n {\n auto& defComments = definition_comments[section][name];\n if (defComments.empty())\n defComments = std::move(comments);\n else\n defComments.insert(\n defComments.end(), std::make_move_iterator(comments.begin()), std::make_move_iterator(comments.end()));\n }\n\n std::string ConfigDefinition::generate_ini_config(bool useValues)\n {\n std::string ini;\n auto ini_append = std::back_inserter(ini);\n\n int sectionsVisited = 0;\n\n visit_sections([&](const std::string& section, const DefinitionMap&) {\n std::string sect_str;\n auto sect_append = std::back_inserter(sect_str);\n\n visit_definitions(section, [&](const std::string& name, const std::unique_ptr& def) {\n bool has_comment = false;\n // TODO: as above, this will create empty objects\n // TODO: as above (but more important): this won't handle definitions with no\n // entries\n // (i.e. those handled by UndeclaredValueHandler's)\n for (const std::string& comment : definition_comments[section][name])\n {\n fmt::format_to(sect_append, \"\\n# {}\", comment);\n has_comment = true;\n }\n\n if (useValues and def->get_number_found() > 0)\n {\n for (const auto& val : def->values_as_string())\n fmt::format_to(sect_append, \"\\n{}={}\", name, val);\n *sect_append = '\\n';\n }\n else if (not def->hidden)\n {\n if (auto defaults = def->default_values_as_string(); not defaults.empty())\n for (const auto& val : defaults)\n fmt::format_to(sect_append, \"\\n{}{}={}\", def->required ? \"\" : \"#\", name, val);\n else\n // We have no defaults so we append it as \"#opt-name=\" so that we show\n // the option name, and make it simple to uncomment and edit to the\n // desired value.\n fmt::format_to(sect_append, \"\\n#{}=\", name);\n *sect_append = '\\n';\n }\n else if (has_comment)\n *sect_append = '\\n';\n });\n\n if (sect_str.empty())\n return; // Skip sections with no options\n\n if (sectionsVisited > 0)\n ini += \"\\n\\n\";\n\n fmt::format_to(ini_append, \"[{}]\\n\", section);\n\n // TODO: this will create empty objects as a side effect of map's operator[]\n // TODO: this also won't handle sections which have no definition\n for (const std::string& comment : section_comments[section])\n {\n fmt::format_to(ini_append, \"# {}\\n\", comment);\n }\n ini += \"\\n\";\n ini += sect_str;\n\n sectionsVisited++;\n });\n\n return ini;\n }\n\n const std::unique_ptr& ConfigDefinition::lookup_definition_or_throw(\n std::string_view section, std::string_view name) const\n {\n const auto sectionItr = definitions.find(std::string(section));\n if (sectionItr == definitions.end())\n throw std::invalid_argument{\"No config section [{}]\"_format(section)};\n\n auto& sectionDefinitions = sectionItr->second;\n const auto definitionItr = sectionDefinitions.find(std::string(name));\n if (definitionItr == sectionDefinitions.end())\n throw std::invalid_argument{\"No config item {} within section {}\"_format(name, section)};\n\n return definitionItr->second;\n }\n\n std::unique_ptr& ConfigDefinition::lookup_definition_or_throw(\n std::string_view section, std::string_view name)\n {\n return const_cast&>(\n const_cast(this)->lookup_definition_or_throw(section, name));\n }\n\n void ConfigDefinition::visit_sections(SectionVisitor visitor) const\n {\n for (const std::string& section : section_ordering)\n {\n const auto itr = definitions.find(section);\n assert(itr != definitions.end());\n visitor(section, itr->second);\n }\n };\n void ConfigDefinition::visit_definitions(const std::string& section, DefVisitor visitor) const\n {\n const auto& defs = definitions.at(section);\n const auto& defOrdering = definition_ordering.at(section);\n for (const std::string& name : defOrdering)\n {\n const auto itr = defs.find(name);\n assert(itr != defs.end());\n visitor(name, itr->second);\n }\n };\n\n} // namespace llarp\n" }, { "path": "llarp/config/definition.hpp", "content": "#pragma once\n\n#include \n\n#include \n#include \n\n#include \n#include \n#include \n#include \n#include \n#include \n#include \n#include \n#include \n#include \n#include \n#include \n#include \n\nnamespace llarp\n{\n namespace config\n {\n enum class Type\n {\n Relay,\n FullClient,\n EmbeddedClient\n };\n\n inline constexpr std::string_view to_string(Type t)\n {\n switch (t)\n {\n case Type::Relay:\n return \"service node\";\n case Type::FullClient:\n return \"client\";\n case Type::EmbeddedClient:\n return \"embedded client\";\n }\n return \"unknown config type\";\n }\n\n namespace flag\n {\n // Base class for the following option flag types\n struct opt\n {};\n\n struct REQUIRED : opt\n {};\n struct HIDDEN : opt\n {};\n struct MULTIVALUE : opt\n {};\n struct NOTEMBEDDED : opt\n {};\n struct RELAYONLY : NOTEMBEDDED\n {};\n struct CLIENTONLY : opt\n {};\n struct FULLCLIENTONLY : CLIENTONLY, NOTEMBEDDED\n {};\n struct DEPRECATED : opt\n {};\n } // namespace flag\n\n /// Value to pass for an OptionDefinition to indicate that the option is required\n inline constexpr flag::REQUIRED Required{};\n /// Value to pass for an OptionDefinition to indicate that the option should be hidden from\n /// the generate config file if it is unset (and has no comment). Typically for deprecated,\n /// renamed options that still do something, and for internal dev options that aren't\n /// usefully exposed. (For do-nothing deprecated options use Deprecated instead).\n inline constexpr flag::HIDDEN Hidden{};\n /// Value to pass for an OptionDefinition to indicate that the option takes multiple values\n inline constexpr flag::MULTIVALUE MultiValue{};\n /// Value to pass for an option that should only be set for relay configs. If found in a\n /// client config it be ignored (but will produce a warning).\n inline constexpr flag::RELAYONLY RelayOnly{};\n /// Value to pass for an option that should only be set for client configs. If found in a\n /// relay config it will be ignored (but will produce a warning).\n inline constexpr flag::CLIENTONLY ClientOnly{};\n /// Value to pass for an option that should only be set for full client configs but not\n /// relay configs or embedded client configs. If found in either of this it will be ignored\n /// (but will produce a warning).\n inline constexpr flag::FULLCLIENTONLY FullClientOnly{};\n /// Value to pass for an option that is not allowed in embedded configs. This is implied by\n /// RelayOnly and FullClientOnly, but can be specified separately for options supported in\n /// both full clients and relays but not embedded configs. If such an option is specified\n /// for an embedded client config it will be ignored (but will produce a warning).\n inline constexpr flag::NOTEMBEDDED NotEmbedded{};\n /// Value to pass for an option that is deprecated and does nothing and should be ignored\n /// (with a deprecation warning) if specified. Note that Deprecated implies Hidden, and\n /// that {client,relay}-only options in a {relay,client} config are also considered\n /// Deprecated.\n inline constexpr flag::DEPRECATED Deprecated{};\n\n /// Wrapper to specify a default value to an OptionDefinition\n template \n struct Default\n {\n T val;\n constexpr explicit Default(T val) : val{std::move(val)} {}\n };\n\n /// Adds one or more comment lines to the option definition.\n struct Comment\n {\n std::vector comments;\n explicit Comment(std::initializer_list comments) : comments{std::move(comments)} {}\n };\n\n /// A convenience function that returns an acceptor which assigns to a reference.\n ///\n /// Note that this holds on to the reference; it must only be used when this is safe to do.\n /// In particular, a reference to a local variable may be problematic.\n template \n auto assignment_acceptor(T& ref)\n {\n return [&ref](T arg) { ref = std::move(arg); };\n }\n\n /// Returns a value acceptor that accepts any value within a range of values.\n template \n auto bounded_assignment_acceptor(\n T& ref, std::type_identity_t min, std::type_identity_t max, std::string setting_name)\n {\n return [&ref, min = std::move(min), max = std::move(max), name = std::move(setting_name)](T arg) {\n if (arg < min || arg > max)\n throw std::invalid_argument{fmt::format(\"{} must be >= {} and <= {}\", name, min, max)};\n ref = std::move(arg);\n };\n }\n template \n auto lower_bounded_assignment_acceptor(T& ref, std::type_identity_t min, std::string setting_name)\n {\n return [&ref, min = std::move(min), name = std::move(setting_name)](T arg) {\n if (arg < min)\n throw std::invalid_argument{fmt::format(\"{} must be >= {}\", name, min)};\n ref = std::move(arg);\n };\n }\n template \n auto upper_bounded_assignment_acceptor(T& ref, std::type_identity_t max, std::string setting_name)\n {\n return [&ref, max = std::move(max), name = std::move(setting_name)](T arg) {\n if (arg > max)\n throw std::invalid_argument{fmt::format(\"{} must be <= {}\", name, max)};\n ref = std::move(arg);\n };\n }\n template \n auto bounded_assignment_acceptor(\n std::optional& ref, std::type_identity_t min, std::type_identity_t max, std::string setting_name)\n {\n return [&ref, min = std::move(min), max = std::move(max), name = std::move(setting_name)](T arg) {\n if (arg < min || arg > max)\n throw std::invalid_argument{fmt::format(\"{} must be >= {} and <= {}\", name, min, max)};\n ref = std::move(arg);\n };\n }\n\n template \n constexpr bool is_default = false;\n template \n constexpr bool is_default> = true;\n template \n constexpr bool is_default = is_default>;\n\n template \n constexpr bool is_default_array = false;\n template \n constexpr bool is_default_array, N>> = true;\n template \n constexpr bool is_default_array = is_default_array>;\n\n template \n concept is_option = std::is_base_of_v> or std::is_same_v\n or is_default