From e6cfa6d70e199f029efcb7beaa983be9a8c54ccc Mon Sep 17 00:00:00 2001
From: dr7ana <danielrouhana@gmail.com>
Date: Thu, 5 Dec 2024 10:38:07 -0800
Subject: [PATCH] 0rtt bump for stateless reset lifetimes, correctly prune
 against whitelist

---
 external/oxen-libquic    |  2 +-
 llarp/crypto/crypto.cpp  |  3 ++-
 llarp/nodedb.cpp         | 39 +++++++++------------------------------
 llarp/nodedb.hpp         | 21 ++-------------------
 llarp/router/router.cpp  | 11 ++++-------
 llarp/router/router.hpp  |  5 +----
 llarp/rpc/rpc_client.cpp | 18 ++++++------------
 7 files changed, 25 insertions(+), 74 deletions(-)

diff --git a/external/oxen-libquic b/external/oxen-libquic
index 929c15a633..59796bdfe3 160000
--- a/external/oxen-libquic
+++ b/external/oxen-libquic
@@ -1 +1 @@
-Subproject commit 929c15a6331773f769c566b2e7a16be01055eae8
+Subproject commit 59796bdfe3c428643d69159b00e5f8140624b246
diff --git a/llarp/crypto/crypto.cpp b/llarp/crypto/crypto.cpp
index 43691c4c07..e0c22ca200 100644
--- a/llarp/crypto/crypto.cpp
+++ b/llarp/crypto/crypto.cpp
@@ -358,9 +358,10 @@ namespace llarp
     {
         Ed25519SecretKey ret{};
         PubKey pk;
-        int result = crypto_sign_ed25519_keypair(pk.data(), ret.data());
+        [[maybe_unused]] int result = crypto_sign_ed25519_keypair(pk.data(), ret.data());
         assert(result != -1);
         const PubKey sk_pk = ret.to_pubkey();
+        (void)sk_pk;
         assert(pk == sk_pk);
         return ret;
     }
diff --git a/llarp/nodedb.cpp b/llarp/nodedb.cpp
index 1795057c68..4aa4cbb98b 100644
--- a/llarp/nodedb.cpp
+++ b/llarp/nodedb.cpp
@@ -753,46 +753,24 @@ namespace llarp
         });
     }
 
-    void NodeDB::set_router_whitelist(
-        const std::vector<RouterID>& whitelist,
-        const std::vector<RouterID>& greylist,
-        const std::vector<RouterID>& greenlist)
+    void NodeDB::set_router_whitelist(const std::vector<RouterID>& whitelist)
     {
-        log::critical(
-            logcat,
-            "Oxend provided {}/{}/{} (white/gray/green) routers",
-            whitelist.size(),
-            greylist.size(),
-            greenlist.size());
+        log::critical(logcat, "Oxend provided {} whitelisted routers", whitelist.size());
 
         if (whitelist.empty())
             return;
 
         _registered_routers.clear();
         _registered_routers.insert(whitelist.begin(), whitelist.end());
-        _registered_routers.insert(greylist.begin(), greylist.end());
-        _registered_routers.insert(greenlist.begin(), greenlist.end());
-
-        _router_whitelist.clear();
-        _router_whitelist.insert(whitelist.begin(), whitelist.end());
-        _router_greylist.clear();
-        _router_greylist.insert(greylist.begin(), greylist.end());
-        _router_greenlist.clear();
-        _router_greenlist.insert(greenlist.begin(), greenlist.end());
 
         log::critical(
-            logcat,
-            "Service node holding {}:{} (whitelist:registered) after oxend integration",
-            _router_whitelist.size(),
-            _registered_routers.size());
+            logcat, "Service node holding {} registered relays after oxend integration", _registered_routers.size());
     }
 
-    std::optional<RouterID> NodeDB::get_random_whitelist_router() const
+    std::optional<RouterID> NodeDB::get_random_registered_router() const
     {
-        std::optional<RouterID> rand = std::nullopt;
-
-        std::sample(_router_whitelist.begin(), _router_whitelist.end(), &*rand, 1, csrng);
-        return rand;
+        std::function<bool(RouterID)> hook = [](const auto&) -> bool { return true; };
+        return meta::sample(_registered_routers, hook);
     }
 
     bool NodeDB::is_connection_allowed(const RouterID& remote) const
@@ -801,10 +779,11 @@ namespace llarp
         {
             if (_pinned_edges.size() && _pinned_edges.count(remote) == 0 && not _bootstraps.contains(remote))
                 return false;
+
+            return known_rids.count(remote);
         }
 
-        // TESTNET: make this check an updated registry
-        return known_rids.count(remote) or _registered_routers.count(remote);
+        return known_rids.count(remote) and _registered_routers.empty() ? true : _registered_routers.count(remote);
     }
 
     bool NodeDB::is_first_hop_allowed(const RouterID& remote) const
diff --git a/llarp/nodedb.hpp b/llarp/nodedb.hpp
index fe0657d0b7..177f418995 100644
--- a/llarp/nodedb.hpp
+++ b/llarp/nodedb.hpp
@@ -128,16 +128,6 @@ namespace llarp
 
         BootstrapList _bootstraps{};
 
-        /** RouterID lists    // TODO: get rid of all these, replace with better decom/not staked
-           sets
-            - white: active routers
-            - gray: fully funded, but decommissioned routers
-            - green: registered, but not fully-staked routers
-        */
-        std::set<RouterID> _router_whitelist{};
-        std::set<RouterID> _router_greylist{};
-        std::set<RouterID> _router_greenlist{};
-
         // All registered relays (service nodes)
         std::set<RouterID> _registered_routers;
 
@@ -250,12 +240,9 @@ namespace llarp
         // variable ::known_rids
         bool reselect_router_id_sources(std::set<RouterID> specific);
 
-        void set_router_whitelist(
-            const std::vector<RouterID>& whitelist,
-            const std::vector<RouterID>& greylist,
-            const std::vector<RouterID>& greenlist);
+        void set_router_whitelist(const std::vector<RouterID>& whitelist);
 
-        std::optional<RouterID> get_random_whitelist_router() const;
+        std::optional<RouterID> get_random_registered_router() const;
 
         // client:
         //   if pinned edges were specified, connections are allowed only to those and
@@ -292,10 +279,6 @@ namespace llarp
 
         void set_bootstrap_routers(BootstrapList& from_router);
 
-        const std::set<RouterID>& whitelist() const { return _router_whitelist; }
-
-        const std::set<RouterID>& greylist() const { return _router_greylist; }
-
         std::set<RouterID>& registered_routers() { return _registered_routers; }
 
         const std::set<RouterID>& registered_routers() const { return _registered_routers; }
diff --git a/llarp/router/router.cpp b/llarp/router/router.cpp
index 5a5e3c7a42..648f44721e 100644
--- a/llarp/router/router.cpp
+++ b/llarp/router/router.cpp
@@ -727,7 +727,7 @@ namespace llarp
 
     bool Router::appears_decommed() const
     {
-        return _is_service_node and has_whitelist() and node_db()->greylist().count(local_rid());
+        return _is_service_node and has_whitelist() and not node_db()->registered_routers().count(local_rid());
     }
 
     bool Router::appears_funded() const
@@ -953,15 +953,12 @@ namespace llarp
 
     const std::set<RouterID>& Router::get_whitelist() const
     {
-        return _node_db->whitelist();
+        return _node_db->registered_routers();
     }
 
-    void Router::set_router_whitelist(
-        const std::vector<RouterID>& whitelist,
-        const std::vector<RouterID>& greylist,
-        const std::vector<RouterID>& unfundedlist)
+    void Router::set_router_whitelist(const std::vector<RouterID>& whitelist)
     {
-        node_db()->set_router_whitelist(whitelist, greylist, unfundedlist);
+        node_db()->set_router_whitelist(whitelist);
         whitelist_received = true;
     }
 
diff --git a/llarp/router/router.hpp b/llarp/router/router.hpp
index 0cc5519ca9..24295afba7 100644
--- a/llarp/router/router.hpp
+++ b/llarp/router/router.hpp
@@ -260,10 +260,7 @@ namespace llarp
 
         const std::set<RouterID>& get_whitelist() const;
 
-        void set_router_whitelist(
-            const std::vector<RouterID>& whitelist,
-            const std::vector<RouterID>& greylist,
-            const std::vector<RouterID>& unfunded);
+        void set_router_whitelist(const std::vector<RouterID>& whitelist);
 
         template <std::invocable Callable>
         void queue_work(Callable&& func)
diff --git a/llarp/rpc/rpc_client.cpp b/llarp/rpc/rpc_client.cpp
index f51f3c08b9..66f03484a7 100644
--- a/llarp/rpc/rpc_client.cpp
+++ b/llarp/rpc/rpc_client.cpp
@@ -213,7 +213,7 @@ namespace llarp::rpc
     void RPCClient::handle_new_service_node_list(const nlohmann::json& j)
     {
         std::unordered_map<RouterID, PubKey> keymap;
-        std::vector<RouterID> activeNodeList, decommNodeList, unfundedNodeList;
+        std::vector<RouterID> active_list;
         if (not j.is_array())
             throw std::runtime_error{"Invalid service node list: expected array of service node states"};
 
@@ -229,10 +229,6 @@ namespace llarp::rpc
             if (active_itr == snode.end() or not active_itr->is_boolean())
                 continue;
             const bool active = active_itr->get<bool>();
-            const auto funded_itr = snode.find("funded");
-            if (funded_itr == snode.end() or not funded_itr->is_boolean())
-                continue;
-            const bool funded = funded_itr->get<bool>();
 
             RouterID rid;
             PubKey pk;
@@ -240,10 +236,11 @@ namespace llarp::rpc
                 continue;
 
             keymap[rid] = pk;
-            (active ? activeNodeList : funded ? decommNodeList : unfundedNodeList).push_back(std::move(rid));
+            if (active)
+                active_list.emplace_back(std::move(rid));
         }
 
-        if (activeNodeList.empty())
+        if (active_list.empty())
         {
             log::warning(logcat, "Received empty service node list, ignoring.");
             return;
@@ -254,14 +251,11 @@ namespace llarp::rpc
         {
             auto& loop = router->loop();
             loop->call([this,
-                        active = std::move(activeNodeList),
-                        decomm = std::move(decommNodeList),
-                        unfunded = std::move(unfundedNodeList),
+                        active = std::move(active_list),
                         keymap = std::move(keymap),
                         router = std::move(router)]() mutable {
                 _key_map = std::move(keymap);
-
-                router->set_router_whitelist(active, decomm, unfunded);
+                router->set_router_whitelist(active);
             });
         }
         else