Infinite retries on failed requests

.drone.jsonnet

@@ -17,7 +17,21 @@ local default_deps_nocxx = ['libsodium-dev'] + default_deps_base;  // libsodium-
 local default_deps = ['g++'] + default_deps_nocxx;  // g++ sometimes needs replacement
 local docker_base = 'registry.oxen.rocks/';
 
-local submodules_commands = ['git fetch --tags', 'git submodule update --init --recursive --depth=1 --jobs=4'];
+local submodules_commands = [
+  'git fetch --tags',
+
+  // uWebSockets includes nearly 900MB of crap via submodules that we don't use and want to clone on
+  // every CI job, so do this song and dance to get rid of the junk.
+  'git submodule update --init --depth=1 external/uWebSockets',
+  'cd external/uWebSockets',
+  'git rm fuzzing/seed-corpus',
+  'git submodule update --init --depth=1 uSockets',
+  'cd uSockets',
+  'git rm boringssl lsquic',
+  'cd ../../..',
+
+  'git submodule update --init --recursive --depth=1 --jobs=4',
+];
 local submodules = {
   name: 'submodules',
   image: 'drone/git',
@@ -181,7 +195,7 @@ local static_check_and_upload = [
   // Various debian builds
   debian_pipeline('Debian (amd64)', docker_base + 'debian-sid', lto=true),
   debian_pipeline('Debian Debug (amd64)', docker_base + 'debian-sid', build_type='Debug'),
-  clang(17, lto=true),
+  clang(19, lto=true),
   debian_pipeline('Debian stable (i386)', docker_base + 'debian-stable/i386', werror=false),
   debian_pipeline('Ubuntu LTS (amd64)', docker_base + 'ubuntu-lts', oxen_repo=true),
   debian_pipeline('Ubuntu latest (amd64)', docker_base + 'ubuntu-rolling'),

CMakeLists.txt

@@ -13,7 +13,7 @@ endif()
 cmake_minimum_required(VERSION 3.13)
 
 project(oxenss
-    VERSION 2.11.1
+    VERSION 2.11.3
     LANGUAGES CXX C)
 
 set(CMAKE_CXX_STANDARD 20)

cmake/StaticBuild.cmake

@@ -37,7 +37,7 @@ set(LIBUV_HASH SHA512=b153d019c630831819913ccd0615c22737df49125da533f86db27f24a5
     CACHE STRING "libuv source hash")
 
 set(ZLIB_VERSION 1.3.1 CACHE STRING "zlib version")
-set(ZLIB_MIRROR ${LOCAL_MIRROR} https://zlib.net
+set(ZLIB_MIRROR ${LOCAL_MIRROR} https://github.com/madler/zlib/releases/download/v${ZLIB_VERSION}
     CACHE STRING "zlib mirror(s)")
 set(ZLIB_SOURCE zlib-${ZLIB_VERSION}.tar.xz)
 set(ZLIB_HASH SHA256=38ef96b8dfe510d42707d9c781877914792541133e1870841463bfa73f883e32

contrib/deb.oxen.io.gpg

@@ -0,0 +1 @@
+deb.session.foundation.gpg

contrib/onion-request.cpp

@@ -282,7 +282,7 @@ void onion_request(std::string ip, uint16_t port, std::vector<std::pair<ed25519_
 
         last_etype = final_etype = enc_type.value_or(random_etype());
 #ifndef NDEBUG
-        std::cerr << "Encrypting for final hop using " << to_string(last_etype) << "/" << A << "\n";
+        std::cerr << "Encrypting for final hop using " << to_string(last_etype) << "/" << eph.pub.hex() << "\n";
 #endif
         blob = e.encrypt(last_etype, data, keys.back().second);
         // Save these because we need them again to decrypt the final response:
@@ -305,7 +305,7 @@ void onion_request(std::string ip, uint16_t port, std::vector<std::pair<ed25519_
         last_etype = enc_type.value_or(random_etype());
 
 #ifndef NDEBUG
-        std::cerr << "Encrypting for next-last hop using " << to_string(last_etype) << "/" << A << "\n";
+        std::cerr << "Encrypting for next-last hop using " << to_string(last_etype) << "/" << eph.pub.hex() << "\n";
 #endif
         blob = e.encrypt(last_etype, blob, it->second);
     }

oxenss/common/serialize.h

@@ -0,0 +1,27 @@
+#pragma once
+
+#include <string>
+#include <string_view>
+#include <stdint.h>
+
+namespace oxenss {
+enum class Serialise {
+    Read,
+    Write,
+};
+
+struct SerialiseBTResult {
+    bool success;
+    std::string write_payload;
+    std::string error;
+};
+
+constexpr uint64_t FNV1A64_SEED = 14695981039346656037ULL;
+
+inline uint64_t fnv1a64_hasher(std::string_view bytes, uint64_t hash) {
+    for (size_t i = 0; i < bytes.size(); i++)
+        hash = (bytes[i] ^ hash) * 1099511628211 /*FNV Prime*/;
+    return hash;
+}
+
+};  // namespace oxenss

oxenss/crypto/keys.h

@@ -3,7 +3,6 @@
 #include <array>
 #include <cstddef>
 #include <functional>
-#include <optional>
 #include <string>
 #include <string_view>
 

oxenss/daemon/command_line.cpp

@@ -169,19 +169,17 @@ parse_result parse_cli_args(int argc, char* argv[]) {
                "Deprecated port argument; use --https-port option instead")
             ->capture_default_str()
             ->type_name("PORT");
-    // TODO: need to support multiple here (e.g. so we can listen on public + lokinet)
-    cli.add_option(
-               "--bind-ip",
-               options.ip,
-               "IP address on which to listen for connections; typically this should be the "
-               "0.0.0.0 (the IPv4 \"any\" address)")
-            ->capture_default_str()
-            ->type_name("IP");
+    cli.add_option("--bind-ip,--ip", options.ip_ignored, "Deprecated and ignored.");
     cli.add_flag("--testnet", options.testnet, "Start storage server in testnet mode");
     cli.add_flag(
             "--force-start",
             options.force_start,
             "Ignore the initialisation ready check (primarily for debugging).");
+    cli.add_flag(
+            "--skip-bootstrap-nodes",
+            options.skip_bootstrap,
+            "Skip the contacting of bootstrap seed nodes on startup (primarily for private node "
+            "networks)");
     cli.add_option(
                "--stats-access-key",
                options.stats_access_keys,

oxenss/daemon/command_line.h

@@ -8,10 +8,11 @@
 namespace oxenss::cli {
 
 struct command_line_options {
-    std::string ip = "0.0.0.0";
+    std::string ip_ignored = "0.0.0.0";
     uint16_t https_port = 22021;
     uint16_t omq_quic_port = 22020;
     std::string oxend_omq_rpc;  // Defaults to ipc://$HOME/.oxen/[testnet/]oxend.sock
+    bool skip_bootstrap = false;
     bool force_start = false;
     bool testnet = false;
     std::string log_level = "info";

oxenss/daemon/oxen-storage.cpp

@@ -79,14 +79,6 @@ int main(int argc, char* argv[]) {
     // Always print version for the logs
     log::info(logcat, "{}", STORAGE_SERVER_VERSION_INFO);
 
-    if (options.ip == "127.0.0.1") {
-        log::critical(
-                logcat,
-                "Tried to bind oxen-storage to localhost, please bind "
-                "to outward facing address");
-        return EXIT_FAILURE;
-    }
-
     log::info(logcat, "Setting log level to {}", options.log_level);
     log::info(logcat, "Setting database location to {}", util::to_sv(options.data_dir.u8string()));
     log::info(logcat, "Connecting to oxend @ {}", options.oxend_omq_rpc);
@@ -161,31 +153,49 @@ int main(int argc, char* argv[]) {
         auto& oxenmq_server = *oxenmq_server_ptr;
 
         snode::ServiceNode service_node{
-                l_keys, me, oxenmq_server, options.data_dir, options.force_start};
+                l_keys,
+                me,
+                oxenmq_server,
+                options.data_dir,
+                options.force_start,
+                options.skip_bootstrap};
 
         rpc::RequestHandler request_handler{service_node, channel_encryption, ed_keys.sec};
 
         rpc::RateLimiter rate_limiter{*oxenmq_server};
 
+        std::vector<std::tuple<std::string, uint16_t, bool>> https_bind;
+        std::vector<oxen::quic::Address> quic_bind;
+#ifdef IPV6_V6ONLY
+        // If this define is set then listen in dual stack mode.  uWebSockets doesn't give us any
+        // way to disable this; for quic it's a flag on the address object.
+        https_bind.emplace_back("::", options.https_port, true);
+        quic_bind.emplace_back("::", options.omq_quic_port);
+        quic_bind.back().dual_stack = true;
+#else
+        https_bind.emplace_back("0.0.0.0", options.https_port, true);
+        https_bind.emplace_back("::", options.https_port, true);
+
+        quic_bind.emplace_back("0.0.0.0", options.omq_quic_port);
+        quic_bind.emplace_back("::", options.omq_quic_port);
+        quic_bind.back().dual_stack = false;
+#endif
+
         server::HTTPS https_server{
                 service_node,
                 request_handler,
                 rate_limiter,
-                {{options.ip, options.https_port, true}},
+                std::move(https_bind),
                 ssl_cert,
                 ssl_key,
                 ssl_dh,
                 l_keys};
 
         auto quic = std::make_unique<server::QUIC>(
-                service_node,
-                request_handler,
-                rate_limiter,
-                oxen::quic::Address{options.ip, options.omq_quic_port},
-                ed_keys.sec);
+                service_node, request_handler, rate_limiter, std::move(quic_bind), ed_keys.sec);
         service_node.register_mq_server(quic.get());
 
-        auto http_client = std::make_shared<http::Client>(quic->loop());
+        auto http_client = std::make_shared<http::Client>(quic->loop);
         service_node.set_http_client(http_client);
         request_handler.set_http_client(http_client);
 
@@ -217,7 +227,8 @@ int main(int argc, char* argv[]) {
             std::this_thread::sleep_for(100ms);
 
         log::warning(logcat, "Received signal {}; shutting down...", signalled.load());
-        http_client.reset();  // Kills outgoing requests and prevents new ones
+        http_client.reset();  // Kills outgoing requests and prevents new ones.  Also depends on
+                              // `quic`'s event loop so *must* be destroyed before `quic`.
         service_node.shutdown();
         log::info(logcat, "Stopping https server");
         https_server.shutdown(true);

oxenss/http/http_client.cpp

@@ -21,8 +21,7 @@ struct curl_context {
     curl_context(Client& client, curl_socket_t fd) :
             client{client},
             sockfd{fd},
-            evt{event_new(client.loop->get_event_base(), sockfd, 0, Client::curl_perform_c, this)} {
-    }
+            evt{event_new(client.loop.get_event_base(), sockfd, 0, Client::curl_perform_c, this)} {}
     ~curl_context() {
         event_del(evt);
         event_free(evt);
@@ -92,7 +91,7 @@ int Client::handle_socket_c(
             event_del(curl_ctx->evt);
             event_assign(
                     curl_ctx->evt,
-                    client.loop->get_event_base(),
+                    client.loop.get_event_base(),
                     curl_ctx->sockfd,
                     events,
                     Client::curl_perform_c,
@@ -142,15 +141,14 @@ void Client::check_multi_info() {
     }
 }
 
-Client::Client(std::shared_ptr<oxen::quic::Loop> loop_) :
-        loop{std::move(loop_)},
+Client::Client(oxen::quic::Loop& loop_) :
+        loop{loop_},
         ev_timeout{evtimer_new(
-                loop->get_event_base(),
+                loop.get_event_base(),
                 [](evutil_socket_t /*fd*/, short /*events*/, void* arg) {
                     static_cast<Client*>(arg)->on_timeout();
                 },
                 this)} {
-    assert(loop);
     curl_multi = curl_multi_init();
     curl_multi_setopt(curl_multi, CURLMOPT_SOCKETDATA, this);
     curl_multi_setopt(curl_multi, CURLMOPT_SOCKETFUNCTION, Client::handle_socket_c);
@@ -159,7 +157,7 @@ Client::Client(std::shared_ptr<oxen::quic::Loop> loop_) :
 }
 
 Client::~Client() {
-    loop->call_get([this] {
+    loop.call_get([this] {
         alive.reset();
         for (auto& [session, cb] : active_reqs)
             curl_multi_remove_handle(curl_multi, session->GetCurlHolder()->handle);
@@ -196,10 +194,10 @@ void Client::post(
     sess->SetBody(std::move(payload));
     curl_easy_setopt(sess->GetCurlHolder()->handle, CURLOPT_PRIVATE, sess.get());
     sess->PreparePost();
-    loop->call([this,
-                alive = std::weak_ptr{alive},
-                sess = std::move(sess),
-                cb = std::move(cb)]() mutable {
+    loop.call([this,
+               alive = std::weak_ptr{alive},
+               sess = std::move(sess),
+               cb = std::move(cb)]() mutable {
         if (alive.expired())
             return;  // this got destroyed before we got into the call
         curl_multi_add_handle(curl_multi, sess->GetCurlHolder()->handle);

oxenss/http/http_client.h

@@ -21,7 +21,7 @@ class Client {
     using response_callback = std::function<void(cpr::Response r)>;
 
     // Starts a new client, attaching itself to the event loop and ready for requests.
-    explicit Client(std::shared_ptr<oxen::quic::Loop> loop);
+    explicit Client(oxen::quic::Loop& loop);
 
     // Non-copyable, non-movable
     Client(const Client&) = delete;
@@ -44,7 +44,7 @@ class Client {
             bool https_disable_validation = false);
 
   private:
-    std::shared_ptr<oxen::quic::Loop> loop;
+    oxen::quic::Loop& loop;
     event* ev_timeout;
     std::shared_ptr<const bool> alive = std::make_shared<bool>(true);
     CURLM* curl_multi;

oxenss/rpc/client_rpc_endpoints.h

@@ -541,9 +541,9 @@ struct delete_before final : recursive {
 };
 
 /// Updates (shortens) the expiry of all stored messages, and broadcasts the update request to all
-/// other swarm members.  Note that this will not extend existing expiries, it will only shorten the
-/// expiry of any messages that have expiries after the requested value.  (To extend expiries of one
-/// or more individual messages use the `expire` endpoint).
+/// other swarm members. Note that this will not extend existing expiries, it will only shorten the
+/// expiry of any messages that have expiries after the requested value. (To extend expiries of one
+/// or more individual messages use the `expire_msgs` endpoint).
 ///
 /// Takes parameters of:
 /// - pubkey -- the pubkey whose messages shall have their expiries reduced, in hex (66) or bytes
@@ -625,8 +625,8 @@ struct expire_all final : recursive {
 ///       ("expire" || ShortenOrExtend || expiry || messages[0] || ... || messages[N])
 ///   where `expiry` is the expiry timestamp expressed as a string, for a single expiry, or the
 ///   expiries concatenated together (expiry[0] || expiry[1] || ...) for multiple expiries.
-///   `ShortenOrExtend` is string "shorten" if the shorten option is given (and true), "extend" if
-///   `extend` is true, and empty otherwise. The signature must be base64 encoded (json) or bytes
+///   `ShortenOrExtend` is the string "shorten" if the shorten option is given (and true), "extend"
+///   if `extend` is true, and empty otherwise. The signature must be base64 encoded (json) or bytes
 ///   (bt).
 ///
 /// Returns dict of:

oxenss/rpc/rate_limiter.cpp

@@ -72,7 +72,8 @@ bool RateLimiter::should_rate_limit(
         return !remove_token(it->second, now, true);
 }
 
-bool RateLimiter::should_rate_limit_client(uint32_t ip, steady_clock::time_point now) {
+bool RateLimiter::should_rate_limit_client(
+        const oxen::quic::ipv6& ip, steady_clock::time_point now) {
     std::lock_guard lock{mutex_};
 
     if (auto it = client_buckets_.find(ip); it != client_buckets_.end())
@@ -87,13 +88,6 @@ bool RateLimiter::should_rate_limit_client(uint32_t ip, steady_clock::time_point
     return false;
 }
 
-bool RateLimiter::should_rate_limit_client(
-        const std::string& ip_dotted_quad, steady_clock::time_point now) {
-    struct in_addr ip;
-    int res = inet_pton(AF_INET, ip_dotted_quad.c_str(), &ip);
-    return res == 1 ? should_rate_limit_client(ip.s_addr, now) : false;
-}
-
 void RateLimiter::clean_buckets(steady_clock::time_point now) {
     for (auto it = client_buckets_.begin(); it != client_buckets_.end();) {
         if (fill_bucket(it->second, now))