Updated RpcServer Initialization and Logic

-- Moved all RPCServer initialization logic to rpcserver constructor
    -- Fixed config logic, fxn binding to rpc address, fxn adding rpc cats
    -- router hive failed CI/CD resulting from outdated reference to rpcBindAddr
    -- ipc socket as default hidden from windows (for now)
refactored config endpoint
    - added rpc call script (contrib/omq-rpc.py)
    - added new fxns to .ini config stuff
    - added delete .ini file functionality to config endpoint
    - added edge case control for config endpoint

add commented out line in clang-form for header reorg later

.clang-format

@@ -54,3 +54,8 @@ PointerAlignment: Left
 # when wrapping function calls/declarations, force each parameter to have its own line
 BinPackParameters: 'false'
 BinPackArguments: 'false'
+
+# TODO: uncomment me when we are reading to rearrange the header includes
+# IncludeBlocks: Regroup
+# IncludeCategories: 'llarp/'
+

CMakeLists.txt

@@ -49,8 +49,7 @@ endif()
 option(USE_AVX2 "enable avx2 code" OFF)
 option(USE_NETNS "enable networking namespace support. Linux only" OFF)
 option(NATIVE_BUILD "optimise for host system and FPU" ON)
-option(EMBEDDED_CFG "optimise for older hardware or embedded systems" OFF)
-option(BUILD_LIBLOKINET "build liblokinet.so" ON)
+option(WITH_EMBEDDED_LOKINET "build liblokinet.so for embedded lokinet" OFF)
 option(XSAN "use sanitiser, if your system has it (requires -DCMAKE_BUILD_TYPE=Debug)" OFF)
 option(USE_JEMALLOC "Link to jemalloc for memory allocations, if found" ON)
 option(TESTNET "testnet build" OFF)

contrib/android-configure.sh

@@ -33,7 +33,6 @@ for abi in $build_abis; do
         -DBUILD_PACKAGE=ON \
         -DBUILD_SHARED_LIBS=OFF \
         -DBUILD_TESTING=OFF \
-        -DBUILD_LIBLOKINET=OFF \
         -DWITH_TESTS=OFF \
         -DWITH_BOOTSTRAP=OFF \
         -DNATIVE_BUILD=OFF \

contrib/mac-configure.sh

@@ -13,7 +13,6 @@ cd build-mac
 cmake \
       -G Ninja \
       -DBUILD_STATIC_DEPS=ON \
-      -DBUILD_LIBLOKINET=OFF \
       -DWITH_TESTS=OFF \
       -DWITH_BOOTSTRAP=OFF \
       -DNATIVE_BUILD=OFF \

contrib/omq-rpc.py

@@ -0,0 +1,99 @@
+#!/usr/bin/env python3
+
+import nacl.bindings as sodium
+from nacl.public import PrivateKey
+from nacl.signing import SigningKey, VerifyKey
+import nacl.encoding
+import requests
+import zmq
+import zmq.utils.z85
+import sys
+import re
+import time
+import random
+import shutil
+
+
+context = zmq.Context()
+socket = context.socket(zmq.DEALER)
+socket.setsockopt(zmq.CONNECT_TIMEOUT, 5000)
+socket.setsockopt(zmq.HANDSHAKE_IVL, 5000)
+#socket.setsockopt(zmq.IMMEDIATE, 1)
+
+if len(sys.argv) > 1 and any(sys.argv[1].startswith(x) for x in ("ipc://", "tcp://", "curve://")):
+    remote = sys.argv[1]
+    del sys.argv[1]
+else:
+    remote = "ipc://./rpc.sock"
+
+curve_pubkey = b''
+my_privkey, my_pubkey = b'', b''
+
+# If given a curve://whatever/pubkey argument then transform it into 'tcp://whatever' and put the
+# 'pubkey' back into argv to be handled below.
+if remote.startswith("curve://"):
+    pos = remote.rfind('/')
+    pkhex = remote[pos+1:]
+    remote = "tcp://" + remote[8:pos]
+    if len(pkhex) != 64 or not all(x in "0123456789abcdefABCDEF" for x in pkhex):
+        print("curve:// addresses must be in the form curve://HOST:PORT/REMOTE_PUBKEY_HEX", file=sys.stderr)
+        sys.exit(1)
+    sys.argv[1:0] = [pkhex]
+
+if len(sys.argv) > 1 and len(sys.argv[1]) == 64 and all(x in "0123456789abcdefABCDEF" for x in sys.argv[1]):
+    curve_pubkey = bytes.fromhex(sys.argv[1])
+    del sys.argv[1]
+    socket.curve_serverkey = curve_pubkey
+    if len(sys.argv) > 1 and len(sys.argv[1]) == 64 and all(x in "0123456789abcdefABCDEF" for x in sys.argv[1]):
+        my_privkey = bytes.fromhex(sys.argv[1])
+        del sys.argv[1]
+        my_pubkey = zmq.utils.z85.decode(zmq.curve_public(zmq.utils.z85.encode(my_privkey)))
+    else:
+        my_privkey = PrivateKey.generate()
+        my_pubkey = my_privkey.public_key.encode()
+        my_privkey = my_privkey.encode()
+
+        print("No curve client privkey given; generated a random one (pubkey: {}, privkey: {})".format(
+            my_pubkey.hex(), my_privkey.hex()), file=sys.stderr)
+    socket.curve_secretkey = my_privkey
+    socket.curve_publickey = my_pubkey
+
+if not 2 <= len(sys.argv) <= 3 or any(x in y for x in ("--help", "-h") for y in sys.argv[1:]):
+    print("Usage: {} [ipc:///path/to/sock|tcp://1.2.3.4:5678] [SERVER_CURVE_PUBKEY [LOCAL_CURVE_PRIVKEY]] COMMAND ['JSON']".format(
+        sys.argv[0]), file=sys.stderr)
+    sys.exit(1)
+
+beginning_of_time = time.clock_gettime(time.CLOCK_MONOTONIC)
+
+print("Connecting to {}".format(remote), file=sys.stderr)
+socket.connect(remote)
+to_send = [sys.argv[1].encode(), b'tagxyz123']
+to_send += (x.encode() for x in sys.argv[2:])
+print("Sending {}".format(to_send[0]), file=sys.stderr)
+socket.send_multipart(to_send)
+if socket.poll(timeout=5000):
+    m = socket.recv_multipart()
+    recv_time = time.clock_gettime(time.CLOCK_MONOTONIC)
+    if len(m) < 3 or m[0:2] != [b'REPLY', b'tagxyz123']:
+        print("Received unexpected {}-part reply:".format(len(m)), file=sys.stderr)
+        for x in m:
+            print("- {}".format(x))
+    else: # m[2] is numeric value, m[3] is data part, and will become m[2] <- changed
+        print("Received reply in {:.6f}s:".format(recv_time - beginning_of_time), file=sys.stderr)
+        if len(m) < 3:
+            print("(empty reply data)", file=sys.stderr)
+        else:
+            for x in m[2:]:
+                print("{} bytes data part:".format(len(x)), file=sys.stderr)
+                if any(x.startswith(y) for y in (b'd', b'l', b'i')) and x.endswith(b'e'):
+                    sys.stdout.buffer.write(x)
+                else:
+                    print(x.decode(), end="\n\n")
+
+else:
+    print("Request timed out", file=sys.stderr)
+    socket.close(linger=0)
+    sys.exit(1)
+
+
+# ./lmq-rpc.py ipc://$HOME/.oxen/testnet/oxend.sock 'llarp.get_service_nodes' | jq

contrib/windows-configure.sh

@@ -32,7 +32,6 @@ cmake \
     -DBUILD_PACKAGE=ON \
     -DBUILD_SHARED_LIBS=OFF \
     -DBUILD_TESTING=OFF \
-    -DBUILD_LIBLOKINET=OFF \
     -DWITH_TESTS=OFF \
     -DWITH_BOOTSTRAP=OFF \
     -DNATIVE_BUILD=OFF \

crypto/CMakeLists.txt

@@ -20,7 +20,7 @@ add_library(lokinet-cryptography
   libntrup/src/ref/rq.c
 )
 
-target_include_directories(lokinet-cryptography PUBLIC libntrup/include)
+target_include_directories(lokinet-cryptography PUBLIC ${CMAKE_CURRENT_SOURCE_DIR}/libntrup/include)
 
 # The avx implementation uses runtime CPU feature detection to enable itself, so we *always* want to
 # compile it with avx2/fma support when supported by the compiler even if we aren't compiling with

docs/refactor_notes.md

@@ -0,0 +1,97 @@
+# High Level Iterative Approach
+
+the desired outcome of this refactor will be splitting the existing code up into a stack of new components.
+a layer hides all functionality of the layer below it to reduce the complexity like the OSI stack intends to.
+the refactor starts at the top layer, wiring up the old implementation piecewise to the top layer.
+once the top layer is wired up to the old implementation we will move down to the next layer.
+this will repeat until we reach the bottom layer.
+once the old implementation is wired up into these new clearly defined layers, we can fixup or replace different parts of each layer one at a time as needed.
+
+working down from each layer will let us pick apart the old implementation (if needed) that we would wire up to the new base classes for that layer we are defining now without worrying about what is below it (yet).
+
+this refactor is very able to be split up into small work units that (ideally) do not confict with each other.
+
+
+PDU: https://en.wikipedia.org/wiki/Protocol_data_unit
+
+# The New Layers
+
+from top to bottom the new layers are:
+
+* Platform Layer
+* Flow Layer
+* Routing Layer
+* Onion Layer
+* Link Layer
+* Wire Layer
+
+
+## Platform Layer
+
+this is the top layer, it is responsibile ONLY to act as a handler of reading data from the "user" (via tun interface or whatever) to forward to the flow layer as desired, and to take data from the flow layer and send it to the "user".
+any kind of IP/dns mapping or traffic isolation details are done here. embedded lokinet would be implemented in this layer as well, as it is without a full tun interface.
+
+Platform layer PDU are what the OS gives us and we internally convert them into flow layer PDU and hand them off to the flow layer.
+
+
+## Flow Layer
+
+this layer is tl;dr mean to multiplex data from the platform layer across the routing layer and propagating PDU from the routing to the platform layer if needed.
+
+the flow layer is responsible for sending platform layer PDU across path we have already established.
+this layer is informed by the routing layer below it of state changes in what paths are available for use.
+the flow layer requests from the layer below to make new paths if it wishes to get new ones on demand.
+this layer will recieve routing layer PDU from the routing layer and apply any congestion control needed to buffer things to the os if it is needed at all.
+
+flow layer PDU are (data, ethertype, src-pubkey, dst-pubkey, isolation-metric) tuples.
+data is the datum we are tunneling over lokinet. ethertype tells us what kind of datum this is, e.g. plainquic/ipv4/ipv6/auth/etc.
+src-pubkey and dst-pubkey are public the ed25519 public keys of each end of the flow in use.
+the isolation metric is a piece of metadata we use to distinguish unique flows (convotag). in this new seperation convotags explicitly do not hand over across paths.
+
+
+## Routing Layer
+
+this layer is tl;dr meant for path management but not path building.
+
+the routing layer is responsible for sending/recieving flow layer PDU, DHT requests/responses, latency testing PDU and any other kind of PDU we send/recieve over the onion layer.
+this layer will be responsible for managing paths we have already built across lokinet.
+the routing layer will periodically measure path status/latency, and do any other kinds of perioidic path related tasks post build.
+this layer when asked for a new path from the flow layer will use one that has been prebuilt already and if the number of prebuilt paths is below a threshold we will tell the onion layer to build more paths.
+the routing layer will recieve path build results be their success/fail/timeout from the onion layer that were requested and apply any congestion control needed at the pivot router.
+
+routing layer PDU are (data, src-path, dst-path) tuples.
+data is the datum we are transferring between paths.
+src-path and dst-path are (pathid, router id) tuples, the source being which path this routing layer PDU originated from, destination being which path it is going to.
+in the old model, router id is always the router that recieves it as the pivot router, this remains the same unless we explicitly provide router-id.
+this lets us propagate hints to DHT related PDU held inside the datum.
+
+
+## Onion Layer
+
+the onion layer is repsonsible for path builds, path selection logic and low level details of encrypted/decrypting PDU that are onion routed over paths.
+this layer is requested by the routing layer to build a path to a pivot router with an optional additional constraints (e.g. unique cidr/operator/geoip/etc, latency constaints, hop length, path lifetime).
+the onion layer will encrypt PDU and send them to link layer as (frame/edge router id) tuples, and recieve link layer frames from edge routers, decrypt them and propagate them as needed to the routing layer.
+this layer also handles transit onion traffic and transit path build responsibilities as a snode and apply congestion control as needed per transit path.
+
+the onion layer PDU are (data, src-path, dst-path) tuples.
+src-path and dst-path are (router-id, path-id) tuples which contain the ed25519 pubkey of the node and the 128 bit path-id it was associated with.
+data is some datum we are onion routing that we would apply symettric encryption as needed before propagating to upper or lower layers.
+
+
+## Link Layer
+
+the link layer is responsbile for transmission of frames between nodes.
+this layer will handle queuing and congestion control between wire proto sessions between nodes.
+the link layer is will initate and recieve wire session to/from remote nodes.
+
+the link layer PDU is (data, src-router-id, dst-router-id) tuples.
+data is a datum of a link layer frame.
+src-router-id and dst-router-id are (ed25519-pubkey, net-addr, wire-proto-info) tuples.
+the ed25519 pubkey is a .snode address, (clients have these too but they are ephemeral).
+net-addr is an (ip, port) tuple the node is reachable via the wire protocol.
+wire-proto-info is dialect specific wire protocol specific info.
+
+## Wire Layer
+
+the wire layer is responsible for transmitting link layer frames between nodes.
+all details here are specific to each wire proto dialect.

external/CMakeLists.txt

@@ -1,4 +1,3 @@
-
 option(SUBMODULE_CHECK "Enables checking that vendored library submodules are up to date" ON)
 if(SUBMODULE_CHECK)
   find_package(Git)
@@ -140,3 +139,27 @@ if(WITH_BOOTSTRAP)
   endif()
 
 endif()
+
+
+# libcrypt defaults, only on with macos and non static linux
+set(default_libcrypt OFF)
+
+if(LINUX AND NOT STATIC_LINK)
+  set(default_libcrypt ON)
+endif()
+if(MACOS)
+  set(default_libcrypt ON)
+endif()
+
+option(WITH_LIBCRYPT "enable fast password hash with libcrypt" ${default_libcrypt})
+
+add_library(lokinet-libcrypt INTERFACE)
+if(WITH_LIBCRYPT)
+  pkg_check_modules(LIBCRYPT libcrypt IMPORTED_TARGET REQUIRED)
+  add_definitions(-DHAVE_CRYPT)
+  target_link_libraries(lokinet-libcrypt INTERFACE PkgConfig::LIBCRYPT)
+  message(STATUS "using libcrypt ${LIBCRYPT_VERSION}")
+else()
+  # TODO static build lib crypt?
+  message(STATUS "not building with libcrypt")
+endif()

external/oxen-logging

@@ -1 +1 @@
-Subproject commit 12c17d6eab754908cd88f05d09b9388381e47515
+Subproject commit 9f2323a2db5fc54fe8394892769eff859967f735

llarp/CMakeLists.txt

@@ -1,5 +1,12 @@
 include(Version)
 
+target_sources(lokinet-cryptography PRIVATE
+  crypto/crypto_libsodium.cpp
+  crypto/crypto.cpp
+  crypto/encrypted_frame.cpp
+  crypto/types.cpp
+)
+
 add_library(lokinet-util
   STATIC
   ${CMAKE_CURRENT_BINARY_DIR}/constants/version.cpp
@@ -15,19 +22,9 @@ add_library(lokinet-util
   util/thread/threading.cpp
   util/time.cpp)
 
-
 add_dependencies(lokinet-util genversion)
 
-target_include_directories(lokinet-util PUBLIC ${CMAKE_CURRENT_SOURCE_DIR} ${PROJECT_SOURCE_DIR}/include ${PROJECT_SOURCE_DIR})
-
-target_link_libraries(lokinet-util PUBLIC
-  lokinet-cryptography
-  nlohmann_json::nlohmann_json
-  filesystem
-  oxenc::oxenc
-  oxen::logging
-)
-
+# lokinet-platform holds all platform specific code
 add_library(lokinet-platform
   STATIC
   # for networking
@@ -45,9 +42,6 @@ add_library(lokinet-platform
   vpn/platform.cpp
 )
 
-target_link_libraries(lokinet-platform PUBLIC lokinet-cryptography lokinet-util Threads::Threads base_libs uvw)
-target_link_libraries(lokinet-platform PRIVATE oxenmq::oxenmq)
-
 if (ANDROID)
   target_sources(lokinet-platform PRIVATE android/ifaddrs.c util/nop_service_manager.cpp)
 endif()
@@ -66,36 +60,26 @@ if (WIN32)
     net/win32.cpp
     vpn/win32.cpp
     win32/service_manager.cpp
-    win32/exec.cpp)
-  add_library(lokinet-win32 STATIC
+    win32/exec.cpp
     win32/dll.cpp
-    win32/exception.cpp)
-  add_library(lokinet-wintun STATIC
-    win32/wintun.cpp)
-  add_library(lokinet-windivert STATIC
+    win32/exception.cpp
+    win32/wintun.cpp
     win32/windivert.cpp)
-    
-  # wintun and windivert are privated linked by lokinet-platform
-  # this is so their details do not leak out to deps of lokinet-platform
-  # wintun and windivert still need things from lokinet-platform
-  target_compile_options(lokinet-wintun PUBLIC -I${CMAKE_BINARY_DIR}/wintun/include/)
-  target_compile_options(lokinet-windivert PUBLIC -I${CMAKE_BINARY_DIR}/WinDivert-${WINDIVERT_VERSION}/include/)
-  target_include_directories(lokinet-windivert PUBLIC ${PROJECT_SOURCE_DIR})
-  target_link_libraries(lokinet-wintun PUBLIC lokinet-platform lokinet-util lokinet-config)
-  target_link_libraries(lokinet-win32 PUBLIC lokinet-util)
-  target_link_libraries(lokinet-windivert PUBLIC oxen-logging)
-  target_link_libraries(lokinet-windivert PRIVATE lokinet-win32)
-  target_link_libraries(lokinet-platform PRIVATE lokinet-win32 lokinet-wintun lokinet-windivert)
+  target_include_directories(lokinet-platform PRIVATE ${CMAKE_BINARY_DIR}/wintun/include/ ${CMAKE_BINARY_DIR}/WinDivert-${WINDIVERT_VERSION}/include/)
 else()
   target_sources(lokinet-platform PRIVATE
     net/posix.cpp)
 endif()
 
-
-if(CMAKE_SYSTEM_NAME MATCHES "FreeBSD")
-  target_include_directories(lokinet-platform SYSTEM PUBLIC /usr/local/include)
+if(APPLE)
+  add_subdirectory(apple)
+  target_sources(lokinet-platform PRIVATE util/nop_service_manager.cpp)
 endif()
 
+# lokinet-dns is the dns parsing and hooking library that we use to
+# parse modify and reconstitute dns wire proto, dns queries and RR
+# should have no concept of dns caching, this is left as an implementation
+# detail of dns resolvers (LATER: make separate lib for dns resolvers)
 add_library(lokinet-dns
   STATIC
   dns/message.cpp
@@ -107,13 +91,50 @@ add_library(lokinet-dns
   dns/server.cpp
   dns/srv_data.cpp)
 
+# platform specific bits and bobs for setting dns
+add_library(lokinet-dns-platform INTERFACE)
 if(WITH_SYSTEMD)
-  target_sources(lokinet-dns PRIVATE dns/nm_platform.cpp dns/sd_platform.cpp)
+  add_library(lokinet-dns-systemd STATIC dns/nm_platform.cpp dns/sd_platform.cpp)
+  target_link_libraries(lokinet-dns-platform INTERFACE lokinet-dns-systemd)
 endif()
 
-target_link_libraries(lokinet-dns PUBLIC lokinet-platform uvw)
-target_link_libraries(lokinet-dns PRIVATE libunbound lokinet-config)
+# lokinet-nodedb holds all types and logic for storing parsing and constructing
+# nodedb data published to the network and versions of it stored locally
+add_library(lokinet-nodedb
+  STATIC
+  bootstrap.cpp
+  net/address_info.cpp
+  net/exit_info.cpp
+  net/traffic_policy.cpp
+  nodedb.cpp
+  pow.cpp
+  profiling.cpp
+  router_contact.cpp
+  router_id.cpp
+  router_version.cpp
+)
+
+set(BOOTSTRAP_FALLBACKS)
+foreach(bs IN ITEMS MAINNET TESTNET)
+  if(BOOTSTRAP_FALLBACK_${bs})
+    message(STATUS "Building with ${bs} fallback boostrap path \"${BOOTSTRAP_FALLBACK_${bs}}\"")
+    file(READ "${BOOTSTRAP_FALLBACK_${bs}}" bs_data HEX)
+    if(bs STREQUAL TESTNET)
+      set(network "gamma")
+    elseif(bs STREQUAL MAINNET)
+      set(network "lokinet")
+    else()
+      string(TOLOWER "${bs}" network)
+    endif()
+    string(REGEX REPLACE "([0-9a-f][0-9a-f])" "\\\\x\\1" bs_data "${bs_data}")
+    set(BOOTSTRAP_FALLBACKS "${BOOTSTRAP_FALLBACKS}{\"${network}\"s, \"${bs_data}\"sv},\n")
+  endif()
+endforeach()
+configure_file("bootstrap-fallbacks.cpp.in" "${CMAKE_CURRENT_BINARY_DIR}/bootstrap-fallbacks.cpp" @ONLY)
+target_sources(lokinet-nodedb PRIVATE "${CMAKE_CURRENT_BINARY_DIR}/bootstrap-fallbacks.cpp")
+
 
+# lokinet-config is for all configuration types and parsers
 add_library(lokinet-config
   STATIC
   config/config.cpp
@@ -121,18 +142,15 @@ add_library(lokinet-config
   config/ini.cpp
   config/key_manager.cpp)
 
-target_link_libraries(lokinet-config PUBLIC lokinet-dns lokinet-platform oxenmq::oxenmq)
-
-add_library(lokinet-amalgum
+# lokinet-consensus is for deriving and tracking network consensus state for both service nodes and clients
+add_library(lokinet-consensus
   STATIC
   consensus/reachability_testing.cpp
+)
 
-  bootstrap.cpp
-  context.cpp
-  crypto/crypto_libsodium.cpp
-  crypto/crypto.cpp
-  crypto/encrypted_frame.cpp
-  crypto/types.cpp
+# lokinet-dht holds all logic related to interacting with and participating in the DHT hashring
+add_library(lokinet-dht
+  STATIC
   dht/context.cpp
   dht/dht.cpp
   dht/explorenetworkjob.cpp
@@ -151,44 +169,56 @@ add_library(lokinet-amalgum
   dht/recursiverouterlookup.cpp
   dht/serviceaddresslookup.cpp
   dht/taglookup.cpp
+)
 
-  endpoint_base.cpp
+# lokinet-layer-flow is the flow layer which sits atop the routing layer which manages
+# flows between lokinet snapp endpoints be they .loki or .snode
+add_library(lokinet-layer-flow
+  STATIC
+  layers/flow/stub.cpp # todo: remove me
+)
 
-  exit/context.cpp
-  exit/endpoint.cpp
-  exit/exit_messages.cpp
-  exit/policy.cpp
-  exit/session.cpp
-  handlers/exit.cpp
-  handlers/tun.cpp
+
+# lokinet-layer-onion is the "dumb" onion routing layer with builds manages and does i/o
+# with onion paths. onion paths anonymize routing layer pdu.
+add_library(lokinet-layer-onion
+  STATIC
+  path/ihophandler.cpp
+  path/path_context.cpp
+  path/path.cpp
+  path/pathbuilder.cpp
+  path/pathset.cpp
+  path/transit_hop.cpp
+  messages/relay.cpp
+  messages/relay_commit.cpp
+  messages/relay_status.cpp
+)
+
+# lokinet-layer-wire is a layer 1 analog which splits up
+# layer 2 frames into layer 1 symbols which in the case of iwp are encrypted udp/ip packets
+add_library(lokinet-layer-wire
+  STATIC
   iwp/iwp.cpp
   iwp/linklayer.cpp
   iwp/message_buffer.cpp
   iwp/session.cpp
+)
+
+# lokinet-layer-link is for our layer 2 analog which splits up layer 2 frames into
+# a series of layer 1 symbols which are then transmitted between lokinet instances
+add_library(lokinet-layer-link
+  STATIC
   link/link_manager.cpp
   link/session.cpp
   link/server.cpp
   messages/dht_immediate.cpp
   messages/link_intro.cpp
   messages/link_message_parser.cpp
-  messages/relay.cpp
-  messages/relay_commit.cpp
-  messages/relay_status.cpp
-  net/address_info.cpp
-  net/exit_info.cpp
-  net/traffic_policy.cpp
-  nodedb.cpp
-  path/ihophandler.cpp
-  path/path_context.cpp
-  path/path.cpp
-  path/pathbuilder.cpp
-  path/pathset.cpp
-  path/transit_hop.cpp
-  peerstats/peer_db.cpp
-  peerstats/types.cpp
-  pow.cpp
-  profiling.cpp
-  
+)
+
+# lokinet-plainquic is for holding the tunneled plainquic code, not quic wire protocol code
+add_library(lokinet-plainquic
+  STATIC
   quic/address.cpp
   quic/client.cpp
   quic/connection.cpp
@@ -197,27 +227,63 @@ add_library(lokinet-amalgum
   quic/server.cpp
   quic/stream.cpp
   quic/tunnel.cpp
+)
 
-  router_contact.cpp
-  router_id.cpp
-  router_version.cpp
-  service/name.cpp
+# lokinet-context holds the contextualized god objects for a lokinet instance
+# it is what any main function would link to in practice but it is hidden behind an interface library (lokinet-amalgum)
+add_library(lokinet-context
+  STATIC
+  context.cpp
+  link/link_manager.cpp
   router/outbound_message_handler.cpp
   router/outbound_session_maker.cpp
   router/rc_lookup_handler.cpp
   router/rc_gossiper.cpp
   router/router.cpp
   router/route_poker.cpp
+)
+
+# lokinet-rpc holds all rpc related compilation units
+add_library(lokinet-rpc
+  STATIC
+  rpc/json_binary_proxy.cpp
+  rpc/lokid_rpc_client.cpp
+  rpc/rpc_request_parser.cpp
+  rpc/rpc_server.cpp
+  rpc/endpoint_rpc.cpp
+)
+
+# optional peer stats library
+add_library(lokinet-peerstats
+  STATIC
+  peerstats/peer_db.cpp
+  peerstats/types.cpp
+)
 
+# lokinet-layer-routing holds logic related to the routing layer
+# routing layer is anonymized over the onion layer
+add_library(lokinet-layer-routing
+  STATIC
   routing/dht_message.cpp
   routing/message_parser.cpp
   routing/path_confirm_message.cpp
   routing/path_latency_message.cpp
   routing/path_transfer_message.cpp
   routing/transfer_traffic_message.cpp
-  rpc/lokid_rpc_client.cpp
-  rpc/rpc_server.cpp
-  rpc/endpoint_rpc.cpp
+)
+
+# kitchen sink to be removed after refactor
+add_library(lokinet-service-deprecated-kitchensink
+  STATIC
+  endpoint_base.cpp
+  exit/context.cpp
+  exit/endpoint.cpp
+  exit/exit_messages.cpp
+  exit/policy.cpp
+  exit/session.cpp
+  handlers/exit.cpp
+  handlers/tun.cpp
+  service/name.cpp
   service/address.cpp
   service/async_key_exchange.cpp
   service/auth.cpp
@@ -242,65 +308,216 @@ add_library(lokinet-amalgum
   service/tag.cpp
 )
 
-set(BOOTSTRAP_FALLBACKS)
-foreach(bs IN ITEMS MAINNET TESTNET)
-  if(BOOTSTRAP_FALLBACK_${bs})
-    message(STATUS "Building with ${bs} fallback boostrap path \"${BOOTSTRAP_FALLBACK_${bs}}\"")
-    file(READ "${BOOTSTRAP_FALLBACK_${bs}}" bs_data HEX)
-    if(bs STREQUAL TESTNET)
-      set(network "gamma")
-    elseif(bs STREQUAL MAINNET)
-      set(network "lokinet")
-    else()
-      string(TOLOWER "${bs}" network)
-    endif()
-    string(REGEX REPLACE "([0-9a-f][0-9a-f])" "\\\\x\\1" bs_data "${bs_data}")
-    set(BOOTSTRAP_FALLBACKS "${BOOTSTRAP_FALLBACKS}{\"${network}\"s, \"${bs_data}\"sv},\n")
-  endif()
-endforeach()
-configure_file("bootstrap-fallbacks.cpp.in" "${CMAKE_CURRENT_BINARY_DIR}/bootstrap-fallbacks.cpp" @ONLY)
-target_sources(lokinet-amalgum PRIVATE "${CMAKE_CURRENT_BINARY_DIR}/bootstrap-fallbacks.cpp")
+add_library(lokinet-layer-platform
+  STATIC
+  layers/platform/stub.cpp # todo: remove me
+)
 
-if(WITH_PEERSTATS_BACKEND)
-  target_compile_definitions(lokinet-amalgum PRIVATE -DLOKINET_PEERSTATS_BACKEND)
-  target_link_libraries(lokinet-amalgum PUBLIC sqlite_orm)
-endif()
 
+# interal tooling for pybind
+add_library(lokinet-tooling INTERFACE)
 if(WITH_HIVE)
-  target_sources(lokinet-amalgum PRIVATE
+  add_library(lokinet-hive-tooling
+    STATIC
     tooling/router_hive.cpp
     tooling/hive_router.cpp
     tooling/hive_context.cpp
   )
+  target_link_libraries(lokinet-tooling INTERFACE lokinet-hive-tooling)
 endif()
 
-# TODO: make libunbound hidden behind a feature flag like sqlite for embedded lokinet
-target_link_libraries(lokinet-amalgum PRIVATE libunbound)
 
-target_link_libraries(lokinet-amalgum PUBLIC
-    CLI11
-    oxenc::oxenc
+# interface library for setting commone includes, linkage and flags.
+add_library(lokinet-base INTERFACE)
+target_include_directories(lokinet-base
+  INTERFACE ${PROJECT_SOURCE_DIR} ${PROJECT_SOURCE_DIR}/include
+)
+target_link_libraries(lokinet-base INTERFACE oxen::logging lokinet-cryptography)
+
+if(WITH_PEERSTATS)
+  target_compile_definitions(lokinet-base INTERFACE -DLOKINET_PEERSTATS_BACKEND)
+  target_link_libraries(lokinet-base INTERFACE sqlite_orm)
+endif()
+
+# interface libraries for internal linkage
+add_library(lokinet-layers INTERFACE)
+add_library(lokinet-amalgum INTERFACE)
+
+
+# helper function to link a library to lokinet-base, enable lto, add to lokinet-amalgum and then link to other libs
+function(lokinet_link_lib libname)
+  message(DEBUG "created target: ${libname}")
+  enable_lto(${libname})
+  target_link_libraries(${libname} PUBLIC lokinet-base ${ARGN})
+  target_link_libraries(lokinet-amalgum INTERFACE ${libname})
+endfunction()
+
+# internal public linkages of components
+lokinet_link_lib(lokinet-util)
+lokinet_link_lib(lokinet-cryptography lokinet-libcrypt lokinet-util)
+lokinet_link_lib(lokinet-peerstats lokinet-context)
+lokinet_link_lib(lokinet-consensus lokinet-context)
+lokinet_link_lib(lokinet-layer-link lokinet-peerstats)
+
+if(TARGET lokinet-hive-tooling)
+  lokinet_link_lib(lokinet-hive-tooling lokinet-context)
+endif()
+
+if(TARGET lokinet-dns-systemd)
+  lokinet_link_lib(lokinet-dns-systemd
+    lokinet-dns
     lokinet-platform
-    lokinet-config
+  )
+endif()
+
+lokinet_link_lib(lokinet-platform lokinet-util)
+
+lokinet_link_lib(lokinet-config
+  lokinet-util
+  lokinet-nodedb
+  lokinet-dns
+  lokinet-platform
+)
+
+lokinet_link_lib(lokinet-context
+  lokinet-config
+  lokinet-platform
+  lokinet-peerstats
+  lokinet-layers
+  lokinet-consensus
+  lokinet-rpc
+)
+
+lokinet_link_lib(lokinet-dht
+  lokinet-util
+  lokinet-nodedb
+)
+
+lokinet_link_lib(lokinet-plainquic
+  lokinet-platform
+  lokinet-config
+)
+
+lokinet_link_lib(lokinet-dns
+  lokinet-platform
+  lokinet-dns-platform
+  lokinet-config
+)
+
+lokinet_link_lib(lokinet-nodedb
+  lokinet-util
+  lokinet-platform
+)
+
+lokinet_link_lib(lokinet-util
+  lokinet-nodedb
+  lokinet-platform
+)
+
+lokinet_link_lib(lokinet-rpc
+  lokinet-context
+  lokinet-peerstats
+  lokinet-util
+)
+
+# inter lokinet-layer public/private linkage.
+# when linking each layer, we consider the layer directly below private linkage and the layer above public linkage.
+# this lets us hide functionality of layers below us when depended on by another component.
+#
+# from highest to lowest layer, the above layers are stacked as follows:
+#
+# platform (what lokinet snapps interact with, be it l3 os interaction or embedded lokinet)
+# flow     (how we want to route and stripe over our onion routing)
+# routing  (what we are onion routing)
+# onion    (how the onion routing happens)
+# link     (what we want to send over the wire and to where)
+# wire     (what is actually sent over the wire)
+#
+function(link_lokinet_layers)
+  set(lib ${ARGV0})
+  if(${ARGC} GREATER 1)
+    lokinet_link_lib(${ARGV1} ${lib})
+    list(REMOVE_AT ARGV 1)
+    target_link_libraries(${lib} PRIVATE ${ARGV1})
+    # recursion :D 
+    link_lokinet_layers(${ARGV})
+  else()
+    lokinet_link_lib(${lib})
+  endif()
+endfunction()
+
+link_lokinet_layers(
+  lokinet-layer-platform
+  lokinet-layer-flow
+  lokinet-layer-routing
+  lokinet-layer-onion
+  lokinet-layer-link
+  lokinet-layer-wire
+)
+
+# set me to OFF to disable old codepath
+set(use_old_impl ON)
+if(use_old_impl)
+  # flow layer deprecated-kitchensink (remove me after refactor)
+  lokinet_link_lib(lokinet-service-deprecated-kitchensink
     lokinet-dns
-    lokinet-util
-    lokinet-cryptography
-    ngtcp2_static
-    oxenmq::oxenmq)
-
-enable_lto(lokinet-util lokinet-platform lokinet-dns lokinet-config lokinet-amalgum)
-
-pkg_check_modules(CRYPT libcrypt IMPORTED_TARGET)
-if(CRYPT_FOUND AND NOT CMAKE_CROSSCOMPILING)
-  add_definitions(-DHAVE_CRYPT)
-  add_library(libcrypt INTERFACE)
-  target_link_libraries(libcrypt INTERFACE PkgConfig::CRYPT)
-  target_link_libraries(lokinet-amalgum PRIVATE libcrypt)
-  message(STATUS "using libcrypt ${CRYPT_VERSION}")
+    lokinet-nodedb
+    lokinet-context
+    lokinet-plainquic
+    lokinet-layer-routing
+    lokinet-layer-onion
+    lokinet-dht
+    lokinet-platform
+    lokinet-rpc
+  )
+  target_link_libraries(lokinet-layers INTERFACE lokinet-service-deprecated-kitchensink)
 endif()
 
+target_link_libraries(lokinet-layers INTERFACE
+  lokinet-layer-platform
+  lokinet-layer-flow
+  lokinet-layer-routing
+  lokinet-layer-onion
+  lokinet-layer-link
+  lokinet-layer-wire
+)
+
+
+# per component external deps
+
+target_link_libraries(lokinet-config PUBLIC oxenmq::oxenmq)
+target_link_libraries(lokinet-platform PUBLIC oxenmq::oxenmq)
+target_link_libraries(lokinet-dns PUBLIC libunbound)
+
+target_link_libraries(lokinet-cryptography PUBLIC
+  oxenc::oxenc
+  sodium
+)
+
+target_link_libraries(lokinet-context PUBLIC
+  CLI11
+  oxenmq::oxenmq
+  uvw
+)
+
+target_link_libraries(lokinet-platform PUBLIC
+  Threads::Threads
+  base_libs
+  uvw
+)
+
+target_link_libraries(lokinet-util PUBLIC
+  nlohmann_json::nlohmann_json
+  filesystem
+  oxenc::oxenc
+)
+
+target_link_libraries(lokinet-plainquic PUBLIC
+  ngtcp2_static
+  uvw
+)
 
-if(BUILD_LIBLOKINET)
+if(WITH_EMBEDDED_LOKINET)
   include(GNUInstallDirs)
   add_library(lokinet-shared SHARED lokinet_shared.cpp)
   target_link_libraries(lokinet-shared PUBLIC lokinet-amalgum)
@@ -316,11 +533,5 @@ if(BUILD_LIBLOKINET)
   endif()
 endif()
 
-if(APPLE)
-  add_subdirectory(apple)
-  target_sources(lokinet-platform PRIVATE util/nop_service_manager.cpp)
-endif()
-
 file(GLOB_RECURSE docs_SRC */*.hpp *.hpp)
-
 set(DOCS_SRC ${docs_SRC} PARENT_SCOPE)

llarp/config/config.cpp

@@ -1,8 +1,7 @@
-#include <chrono>
 #include "config.hpp"
-
-#include "config/definition.hpp"
+#include "definition.hpp"
 #include "ini.hpp"
+
 #include <llarp/constants/files.hpp>
 #include <llarp/constants/platform.hpp>
 #include <llarp/constants/version.hpp>
@@ -18,6 +17,7 @@
 
 #include <llarp/service/name.hpp>
 
+#include <chrono>
 #include <cstdlib>
 #include <ios>
 #include <iostream>

llarp/config/config.hpp

@@ -1,14 +1,15 @@
 #pragma once
+#include "ini.hpp"
+#include "definition.hpp"
 
 #include <chrono>
+
 #include <llarp/bootstrap.hpp>
 #include <llarp/crypto/types.hpp>
 #include <llarp/router_contact.hpp>
 #include <llarp/util/fs.hpp>
 #include <llarp/util/str.hpp>
 #include <llarp/util/logging.hpp>
-#include "ini.hpp"
-#include "definition.hpp"
 #include <llarp/constants/files.hpp>
 #include <llarp/net/ip_address.hpp>
 #include <llarp/net/net_int.hpp>
@@ -16,7 +17,6 @@
 #include <llarp/service/address.hpp>
 #include <llarp/service/auth.hpp>
 #include <llarp/dns/srv_data.hpp>
-
 #include <llarp/router_contact.hpp>
 
 #include <cstdlib>

llarp/config/ini.cpp

@@ -9,6 +9,7 @@
 #include <list>
 #include <iostream>
 #include <cassert>
+#include <stdexcept>
 
 namespace llarp
 {
@@ -30,6 +31,14 @@ namespace llarp
     return Parse();
   }
 
+  bool
+  ConfigParser::LoadNewFromStr(std::string_view str)
+  {
+    m_Data.resize(str.size());
+    std::copy(str.begin(), str.end(), m_Data.begin());
+    return ParseAll();
+  }
+
   bool
   ConfigParser::LoadFromStr(std::string_view str)
   {
@@ -52,6 +61,78 @@ namespace llarp
     return std::isspace(static_cast<unsigned char>(ch)) != 0;
   }
 
+  /// Differs from Parse() as ParseAll() does NOT skip comments
+  /// ParseAll() is only used by RPC endpoint 'config' for
+  /// reading new .ini files from string and writing them
+  bool
+  ConfigParser::ParseAll()
+  {
+    std::list<std::string_view> lines;
+    {
+      auto itr = m_Data.begin();
+      // split into lines
+      while (itr != m_Data.end())
+      {
+        auto beg = itr;
+        while (itr != m_Data.end() && *itr != '\n' && *itr != '\r')
+          ++itr;
+        lines.emplace_back(std::addressof(*beg), std::distance(beg, itr));
+        if (itr == m_Data.end())
+          break;
+        ++itr;
+      }
+    }
+
+    std::string_view sectName;
+    size_t lineno = 0;
+    for (auto line : lines)
+    {
+      lineno++;
+      // Trim whitespace
+      while (!line.empty() && whitespace(line.front()))
+        line.remove_prefix(1);
+      while (!line.empty() && whitespace(line.back()))
+        line.remove_suffix(1);
+
+      // Skip blank lines but NOT comments
+      if (line.empty())
+        continue;
+
+      if (line.front() == '[' && line.back() == ']')
+      {
+        // section header
+        line.remove_prefix(1);
+        line.remove_suffix(1);
+        sectName = line;
+      }
+      else if (auto kvDelim = line.find('='); kvDelim != std::string_view::npos)
+      {
+        // key value pair
+        std::string_view k = line.substr(0, kvDelim);
+        std::string_view v = line.substr(kvDelim + 1);
+        // Trim inner whitespace
+        while (!k.empty() && whitespace(k.back()))
+          k.remove_suffix(1);
+        while (!v.empty() && whitespace(v.front()))
+          v.remove_prefix(1);
+
+        if (k.empty())
+        {
+          throw std::runtime_error(
+              fmt::format("{} invalid line ({}): '{}'", m_FileName, lineno, line));
+        }
+        LogDebug(m_FileName, ": [", sectName, "]:", k, "=", v);
+        m_Config[std::string{sectName}].emplace(k, v);
+      }
+      else  // malformed?
+      {
+        throw std::runtime_error(
+            fmt::format("{} invalid line ({}): '{}'", m_FileName, lineno, line));
+      }
+    }
+    return true;
+  }
+
   bool
   ConfigParser::Parse()
   {
@@ -82,7 +163,7 @@ namespace llarp
       while (!line.empty() && whitespace(line.back()))
         line.remove_suffix(1);
 
-      // Skip blank lines and comments
+      // Skip blank lines
       if (line.empty() or line.front() == ';' or line.front() == '#')
         continue;
 
@@ -106,16 +187,16 @@ namespace llarp
 
         if (k.empty())
         {
-          LogError(m_FileName, " invalid line (", lineno, "): '", line, "'");
-          return false;
+          throw std::runtime_error(
+              fmt::format("{} invalid line ({}): '{}'", m_FileName, lineno, line));
         }
         LogDebug(m_FileName, ": [", sectName, "]:", k, "=", v);
         m_Config[std::string{sectName}].emplace(k, v);
       }
       else  // malformed?
       {
-        LogError(m_FileName, " invalid line (", lineno, "): '", line, "'");
-        return false;
+        throw std::runtime_error(
+            fmt::format("{} invalid line ({}): '{}'", m_FileName, lineno, line));
       }
     }
     return true;
@@ -168,4 +249,31 @@ namespace llarp
     m_Overrides.clear();
   }
 
+  void
+  ConfigParser::SaveNew() const
+  {
+    if (not m_Overrides.empty())
+    {
+      throw std::invalid_argument("Override specified when attempting new .ini save");
+    }
+    if (m_Config.empty())
+    {
+      throw std::invalid_argument("New config not loaded when attempting new .ini save");
+    }
+    if (m_FileName.empty())
+    {
+      throw std::invalid_argument("New config cannot be saved with filepath specified");
+    }
+
+    std::ofstream ofs(m_FileName);
+    for (const auto& [section, values] : m_Config)
+    {
+      ofs << std::endl << "[" << section << "]" << std::endl;
+      for (const auto& [key, value] : values)
+      {
+        ofs << key << "=" << value << std::endl;
+      }
+    }
+  }
+
 }  // namespace llarp

llarp/config/ini.hpp

@@ -24,6 +24,12 @@ namespace llarp
     bool
     LoadFile(const fs::path& fname);
 
+    /// load new .ini file from string (calls ParseAll() rather than Parse())
+    /// return true on success
+    /// return false on error
+    bool
+    LoadNewFromStr(std::string_view str);
+
     /// load from string
     /// return true on success
     /// return false on error
@@ -47,6 +53,10 @@ namespace llarp
     void
     Save();
 
+    /// save new .ini config file to path
+    void
+    SaveNew() const;
+
     inline void
     Filename(fs::path f)
     {
@@ -54,6 +64,9 @@ namespace llarp
     };
 
    private:
+    bool
+    ParseAll();
+
     bool
     Parse();
 

llarp/constants/version.cpp.in

@@ -1,5 +1,5 @@
-#include <constants/version.hpp>
-#include <constants/proto.hpp>
+#include <llarp/constants/version.hpp>
+#include <llarp/constants/proto.hpp>
 
 namespace llarp
 {

llarp/context.cpp

@@ -25,10 +25,10 @@
 #include <pthread_np.h>
 #endif
 
-static auto logcat = llarp::log::Cat("llarp-context");
-
 namespace llarp
 {
+  static auto logcat = llarp::log::Cat("llarp-context");
+
   bool
   Context::CallSafe(std::function<void(void)> f)
   {

llarp/dns/rr.cpp

@@ -1,6 +1,6 @@
 #include "rr.hpp"
 #include "dns.hpp"
-#include "util/formattable.hpp"
+#include <llarp/util/formattable.hpp>
 #include <llarp/util/mem.hpp>
 #include <llarp/util/logging.hpp>
 

llarp/exit/session.hpp

@@ -1,7 +1,7 @@
 #pragma once
 
 #include "exit_messages.hpp"
-#include "service/protocol_type.hpp"
+#include <llarp/service/protocol_type.hpp>
 #include <llarp/net/ip_packet.hpp>
 #include <llarp/path/pathbuilder.hpp>
 #include <llarp/routing/transfer_traffic_message.hpp>

llarp/handlers/exit.cpp

@@ -11,7 +11,7 @@
 #include <llarp/router/i_rc_lookup_handler.hpp>
 
 #include <cassert>
-#include "service/protocol_type.hpp"
+#include <llarp/service/protocol_type.hpp>
 
 namespace llarp
 {

llarp/messages/relay_commit.hpp

@@ -2,7 +2,7 @@
 
 #include <llarp/crypto/encrypted_frame.hpp>
 #include <llarp/crypto/types.hpp>
-#include "link_message.hpp"
+#include <llarp/messages/link_message.hpp>
 #include <llarp/path/path_types.hpp>
 #include <llarp/pow.hpp>
 

llarp/net/ip_range.hpp

@@ -24,6 +24,14 @@ namespace llarp
         : addr{std::move(address)}, netmask_bits{std::move(netmask)}
     {}
 
+    static IPRange
+    StringInit(std::string _range)
+    {