Prefer non-Tor nodes when creating blinded paths

[jkczyz]

Tor nodes can have high latency which can have a detrimental effect on onion message reliability. Prefer using nodes that aren't Tor-only when creating blinded paths both in offers and in onion message reply paths.

Fixes #2893

[coderabbitai]

Walkthrough

The recent updates in the codebase introduce enhancements in network address handling, testing for offers, message filtering and sorting, and gossip protocol improvements. A notable change is the addition of methods to identify Tor addresses and prefer non-Tor nodes in blinded paths, aligning with objectives to improve privacy and reduce latency in the network. These changes collectively aim to refine the node selection process, message routing, and offer testing, contributing to the network's efficiency and privacy.

Changes

Files	Change Summary
ln/msgs.rs	Added is_tor method to identify Tor addresses.
ln/offers_tests.rs	New imports, functions for node announcements, modified Bolt12 payment routing, test for non-Tor nodes.
onion_message/messenger.rs	Revised peer filtering and sorting using filter_map and sort_unstable_by.
routing/gossip.rs	Added is_tor_only method and tests to NodeInfo for Tor-only node identification.

Assessment against linked issues

Objective	Addressed	Explanation
Prefer non-onion nodes in blinded paths (#2893)	✅
Onion message follow-ups: Rate limit based on channel vs non-channel peers, Refuse to send onion messages to offline peers, Implement custom TLVs (#1607)	❓	It's unclear if the changes directly address rate limiting or the handling of custom TLVs without more detailed code insights.

Related issues

• Onion message follow-ups  #1607: The implementation of is_tor and is_tor_only methods, along with the enhanced filtering in messenger.rs, indirectly supports objectives related to improving onion message handling and privacy. These methods could aid in rate limiting and peer selection, addressing some of the privacy and efficiency concerns outlined.

Poem

In the digital realm, where the bits do hop,
A rabbit worked hard, in the code did bop.
🐰 With a hop and a skip, it refined the path,
No more shall the onions cause a latency bath.
🌐 Through networks vast, with privacy in mind,
It weaved its magic, so efficient and kind.
"Let's route with care," it said with a cheer,
For a faster, safer network is finally here! 🚀

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

---

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit-tests for this file.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit tests for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository from git and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit tests.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• The JSON schema for the configuration file is available here.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json

CodeRabbit Discord Community

Join our Discord Community to get help, request features, and share feedback.

[coderabbitai]

Review Status

Actionable comments generated: 2

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between 36e434d and b954748.

Files selected for processing (4)

• lightning/src/ln/msgs.rs (1 hunks)
• lightning/src/ln/offers_tests.rs (3 hunks)
• lightning/src/onion_message/messenger.rs (1 hunks)
• lightning/src/routing/gossip.rs (3 hunks)

Additional comments: 5

lightning/src/ln/offers_tests.rs (2)

• 48-57: The addition of new imports enhances the file's capabilities for handling messages, routing, and signing. Ensure that all newly imported modules are used within the file to avoid unnecessary imports, which can lead to increased compilation time and binary size.
• 214-264: The test prefers_non_tor_nodes_in_blinded_paths is comprehensive and effectively validates the preference for non-Tor nodes in blinded paths. It's well-structured and follows best practices for test writing. However, consider adding comments within the test to explain the setup and assertions for future maintainability.

lightning/src/onion_message/messenger.rs (1)

• 361-371: The implementation of filtering and sorting logic in the DefaultMessageRouter to prefer non-Tor nodes is a significant change aimed at improving the reliability of onion messages. This change is well-aligned with the PR's objectives. However, it's important to ensure that these changes are thoroughly tested, especially in scenarios where the mix of Tor and non-Tor nodes might affect the path selection in unexpected ways.

lightning/src/routing/gossip.rs (1)

• 1234-1244: The method is_tor_only correctly checks if all announced addresses for a node are Tor addresses, returning true if so. This method enhances the network graph's ability to categorize nodes based on their address types, which could be useful for routing decisions or privacy considerations.

lightning/src/ln/msgs.rs (1)

• 846-855: The is_tor method correctly identifies whether a SocketAddress is a Tor address based on its variant. This method is straightforward and correctly handles all defined variants of SocketAddress, returning true for both OnionV2 and OnionV3 addresses, and false otherwise.

[coderabbitai]

The function announce_node_address is well-structured and follows Rust's idiomatic practices. It correctly constructs a NodeAnnouncement message and disseminates it to the specified peers. However, consider adding error handling for the unwrap calls to prevent potential panics in production code.

// Replace unwrap calls with error handling
let node_id = match node.keys_manager.get_node_id(Recipient::Node) {
    Ok(id) => NodeId::from_pubkey(&id),
    Err(e) => return Err(e), // Adjust the function signature to return a Result
};
let signature = match node.keys_manager.sign_gossip_message(UnsignedGossipMessage::NodeAnnouncement(&announcement)) {
    Ok(sig) => sig,
    Err(e) => return Err(e), // Adjust the function signature to return a Result
};

[coderabbitai]

The logic for filtering and sorting peers based on their channel information and Tor status has been updated. While the approach of using filter_map and sort_unstable_by is efficient for this purpose, there are a few considerations:

• Ensure that the is_tor_only method accurately reflects whether a node exclusively uses Tor addresses, as this directly impacts the filtering logic.
• The sorting based on Tor status (a_tor_only.cmp(b_tor_only)) prioritizes non-Tor nodes, aligning with the PR's objectives. However, it's important to verify that this sorting criterion effectively contributes to the reliability of onion messages without introducing biases that could affect network diversity or privacy.
• Consider adding comments to explain the rationale behind preferring non-Tor nodes and how it relates to the overall goal of enhancing onion message reliability.

Consider enhancing the documentation within this code segment to explain the rationale behind the filtering and sorting logic, especially for future maintainers or contributors who may not be familiar with the specific objectives of these changes.

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 99.50495% with 1 lines in your changes are missing coverage. Please review.

Project coverage is 89.13%. Comparing base (36e434d) to head (b954748).

Files	Patch %	Lines
lightning/src/ln/msgs.rs	87.50%	1 Missing ⚠️

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2911      +/-   ##
==========================================
+ Coverage   89.11%   89.13%   +0.02%     
==========================================
  Files         117      117              
  Lines       94657    94853     +196     
  Branches    94657    94853     +196     
==========================================
+ Hits        84350    84551     +201     
+ Misses       7826     7822       -4     
+ Partials     2481     2480       -1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[tnull]

LGTM.

Changes seem small enough and greatly tested, so I'll go ahead and merge this.

[TheBlueMatt]

Currently to get a DC reliably we really want to ensure the intro node has public ips, so if we're a public node with public IPs and our peers are all tor-only we should still prefer to use a one-hop path. I'm not sure if its a huge deal, but I think there the reliability win would be worth it.

[jkczyz]

Currently to get a DC reliably we really want to ensure the intro node has public ips, so if we're a public node with public IPs and our peers are all tor-only we should still prefer to use a one-hop path. I'm not sure if its a huge deal, but I think there the reliability win would be worth it.

Yeah, was going to ask if you prefer filtering or sorting. We also aren't filtering out nodes without any public IPs currently.

I'll do a follow-up as I'm also updating to prefer more well-connected nodes.

[jkczyz]

We also aren't filtering out nodes without any public IPs currently.

Although, for RGS users this would mean possibly failing to create a path.

[TheBlueMatt]

Right, can't break RGS entirely.