From 093ceffd246c13aab8407d472531a87269b735c7 Mon Sep 17 00:00:00 2001
From: Jeffrey Czyz <jkczyz@gmail.com>
Date: Tue, 27 Feb 2024 13:25:25 -0600
Subject: [PATCH 1/2] Add NodeInfo::is_tor_only

Add a method to NodeInfo to determine if the node has only announced Tor
addresses. Useful for preferring blinded paths that don't use Tor for
better reliability and improved latency.
---
 lightning/src/ln/msgs.rs        |  10 +++
 lightning/src/routing/gossip.rs | 121 +++++++++++++++++++++++++++++++-
 2 files changed, 130 insertions(+), 1 deletion(-)

diff --git a/lightning/src/ln/msgs.rs b/lightning/src/ln/msgs.rs
index f0db28949..d291ac866 100644
--- a/lightning/src/ln/msgs.rs
+++ b/lightning/src/ln/msgs.rs
@@ -843,6 +843,16 @@ impl SocketAddress {
 	/// This maximum length is reached by a hostname address descriptor:
 	/// a hostname with a maximum length of 255, its 1-byte length and a 2-byte port.
 	pub(crate) const MAX_LEN: u16 = 258;
+
+	pub(crate) fn is_tor(&self) -> bool {
+		match self {
+			&SocketAddress::TcpIpV4 {..} => false,
+			&SocketAddress::TcpIpV6 {..} => false,
+			&SocketAddress::OnionV2(_) => true,
+			&SocketAddress::OnionV3 {..} => true,
+			&SocketAddress::Hostname {..} => false,
+		}
+	}
 }
 
 impl Writeable for SocketAddress {
diff --git a/lightning/src/routing/gossip.rs b/lightning/src/routing/gossip.rs
index 2fbbcb147..806aadd58 100644
--- a/lightning/src/routing/gossip.rs
+++ b/lightning/src/routing/gossip.rs
@@ -1231,6 +1231,18 @@ pub struct NodeInfo {
 	pub announcement_info: Option<NodeAnnouncementInfo>
 }
 
+impl NodeInfo {
+	/// Returns whether the node has only announced Tor addresses.
+	pub fn is_tor_only(&self) -> bool {
+		self.announcement_info
+			.as_ref()
+			.map(|info| info.addresses())
+			.and_then(|addresses| (!addresses.is_empty()).then(|| addresses))
+			.map(|addresses| addresses.iter().all(|address| address.is_tor()))
+			.unwrap_or(false)
+	}
+}
+
 impl fmt::Display for NodeInfo {
 	fn fmt(&self, f: &mut fmt::Formatter) -> Result<(), fmt::Error> {
 		write!(f, " channels: {:?}, announcement_info: {:?}",
@@ -2089,6 +2101,7 @@ pub(crate) mod tests {
 	use crate::ln::chan_utils::make_funding_redeemscript;
 	#[cfg(feature = "std")]
 	use crate::ln::features::InitFeatures;
+	use crate::ln::msgs::SocketAddress;
 	use crate::routing::gossip::{P2PGossipSync, NetworkGraph, NetworkUpdate, NodeAlias, MAX_EXCESS_BYTES_FOR_RELAY, NodeId, RoutingFees, ChannelUpdateInfo, ChannelInfo, NodeAnnouncementInfo, NodeInfo};
 	use crate::routing::utxo::{UtxoLookupError, UtxoResult};
 	use crate::ln::msgs::{RoutingMessageHandler, UnsignedNodeAnnouncement, NodeAnnouncement,
@@ -2096,7 +2109,7 @@ pub(crate) mod tests {
 		ReplyChannelRange, QueryChannelRange, QueryShortChannelIds, MAX_VALUE_MSAT};
 	use crate::util::config::UserConfig;
 	use crate::util::test_utils;
-	use crate::util::ser::{ReadableArgs, Readable, Writeable};
+	use crate::util::ser::{Hostname, ReadableArgs, Readable, Writeable};
 	use crate::util::scid_utils::scid_from_parts;
 
 	use crate::routing::gossip::REMOVED_ENTRIES_TRACKING_AGE_LIMIT_SECS;
@@ -3474,6 +3487,112 @@ pub(crate) mod tests {
 		let node_id = NodeId([42; 33]);
 		assert_eq!(format!("{}", &node_id), "2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a2a");
 	}
+
+	#[test]
+	fn is_tor_only_node() {
+		let network_graph = create_network_graph();
+		let (secp_ctx, gossip_sync) = create_gossip_sync(&network_graph);
+
+		let node_1_privkey = &SecretKey::from_slice(&[42; 32]).unwrap();
+		let node_2_privkey = &SecretKey::from_slice(&[41; 32]).unwrap();
+		let node_1_id = NodeId::from_pubkey(&PublicKey::from_secret_key(&secp_ctx, node_1_privkey));
+
+		let announcement = get_signed_channel_announcement(|_| {}, node_1_privkey, node_2_privkey, &secp_ctx);
+		gossip_sync.handle_channel_announcement(&announcement).unwrap();
+
+		let tcp_ip_v4 = SocketAddress::TcpIpV4 {
+			addr: [255, 254, 253, 252],
+			port: 9735
+		};
+		let tcp_ip_v6 = SocketAddress::TcpIpV6 {
+			addr: [255, 254, 253, 252, 251, 250, 249, 248, 247, 246, 245, 244, 243, 242, 241, 240],
+			port: 9735
+		};
+		let onion_v2 = SocketAddress::OnionV2([255, 254, 253, 252, 251, 250, 249, 248, 247, 246, 38, 7]);
+		let onion_v3 = SocketAddress::OnionV3 {
+			ed25519_pubkey:	[255, 254, 253, 252, 251, 250, 249, 248, 247, 246, 245, 244, 243, 242, 241, 240, 239, 238, 237, 236, 235, 234, 233, 232, 231, 230, 229, 228, 227, 226, 225, 224],
+			checksum: 32,
+			version: 16,
+			port: 9735
+		};
+		let hostname = SocketAddress::Hostname {
+			hostname: Hostname::try_from(String::from("host")).unwrap(),
+			port: 9735,
+		};
+
+		assert!(!network_graph.read_only().node(&node_1_id).unwrap().is_tor_only());
+
+		let announcement = get_signed_node_announcement(|_| {}, node_1_privkey, &secp_ctx);
+		gossip_sync.handle_node_announcement(&announcement).unwrap();
+		assert!(!network_graph.read_only().node(&node_1_id).unwrap().is_tor_only());
+
+		let announcement = get_signed_node_announcement(
+			|announcement| {
+				announcement.addresses = vec![
+					tcp_ip_v4.clone(), tcp_ip_v6.clone(), onion_v2.clone(), onion_v3.clone(),
+					hostname.clone()
+				];
+				announcement.timestamp += 1000;
+			},
+			node_1_privkey, &secp_ctx
+		);
+		gossip_sync.handle_node_announcement(&announcement).unwrap();
+		assert!(!network_graph.read_only().node(&node_1_id).unwrap().is_tor_only());
+
+		let announcement = get_signed_node_announcement(
+			|announcement| {
+				announcement.addresses = vec![
+					tcp_ip_v4.clone(), tcp_ip_v6.clone(), onion_v2.clone(), onion_v3.clone()
+				];
+				announcement.timestamp += 2000;
+			},
+			node_1_privkey, &secp_ctx
+		);
+		gossip_sync.handle_node_announcement(&announcement).unwrap();
+		assert!(!network_graph.read_only().node(&node_1_id).unwrap().is_tor_only());
+
+		let announcement = get_signed_node_announcement(
+			|announcement| {
+				announcement.addresses = vec![
+					tcp_ip_v6.clone(), onion_v2.clone(), onion_v3.clone()
+				];
+				announcement.timestamp += 3000;
+			},
+			node_1_privkey, &secp_ctx
+		);
+		gossip_sync.handle_node_announcement(&announcement).unwrap();
+		assert!(!network_graph.read_only().node(&node_1_id).unwrap().is_tor_only());
+
+		let announcement = get_signed_node_announcement(
+			|announcement| {
+				announcement.addresses = vec![onion_v2.clone(), onion_v3.clone()];
+				announcement.timestamp += 4000;
+			},
+			node_1_privkey, &secp_ctx
+		);
+		gossip_sync.handle_node_announcement(&announcement).unwrap();
+		assert!(network_graph.read_only().node(&node_1_id).unwrap().is_tor_only());
+
+		let announcement = get_signed_node_announcement(
+			|announcement| {
+				announcement.addresses = vec![onion_v2.clone()];
+				announcement.timestamp += 5000;
+			},
+			node_1_privkey, &secp_ctx
+		);
+		gossip_sync.handle_node_announcement(&announcement).unwrap();
+		assert!(network_graph.read_only().node(&node_1_id).unwrap().is_tor_only());
+
+		let announcement = get_signed_node_announcement(
+			|announcement| {
+				announcement.addresses = vec![tcp_ip_v4.clone()];
+				announcement.timestamp += 6000;
+			},
+			node_1_privkey, &secp_ctx
+		);
+		gossip_sync.handle_node_announcement(&announcement).unwrap();
+		assert!(!network_graph.read_only().node(&node_1_id).unwrap().is_tor_only());
+	}
 }
 
 #[cfg(ldk_bench)]

From b9547480ea2488f4ea052e632fd9df68e726e543 Mon Sep 17 00:00:00 2001
From: Jeffrey Czyz <jkczyz@gmail.com>
Date: Tue, 27 Feb 2024 18:37:39 -0600
Subject: [PATCH 2/2] Prefer non-Tor nodes when creating blinded paths

Tor nodes can have high latency which can have a detrimental effect on
onion message reliability. Prefer using nodes that aren't Tor-only when
creating blinded paths both in offers and in onion message reply paths.
---
 lightning/src/ln/offers_tests.rs         | 87 +++++++++++++++++++++++-
 lightning/src/onion_message/messenger.rs | 15 ++--
 2 files changed, 95 insertions(+), 7 deletions(-)

diff --git a/lightning/src/ln/offers_tests.rs b/lightning/src/ln/offers_tests.rs
index 0038bdd79..54dc5e4a5 100644
--- a/lightning/src/ln/offers_tests.rs
+++ b/lightning/src/ln/offers_tests.rs
@@ -45,7 +45,7 @@ use crate::blinded_path::BlindedPath;
 use crate::events::{Event, MessageSendEventsProvider, PaymentPurpose};
 use crate::ln::channelmanager::{PaymentId, RecentPaymentDetails, Retry, self};
 use crate::ln::functional_test_utils::*;
-use crate::ln::msgs::{ChannelMessageHandler, Init, OnionMessage, OnionMessageHandler};
+use crate::ln::msgs::{ChannelMessageHandler, Init, NodeAnnouncement, OnionMessage, OnionMessageHandler, RoutingMessageHandler, SocketAddress, UnsignedGossipMessage, UnsignedNodeAnnouncement};
 use crate::offers::invoice::Bolt12Invoice;
 use crate::offers::invoice_error::InvoiceError;
 use crate::offers::invoice_request::InvoiceRequest;
@@ -53,6 +53,8 @@ use crate::offers::parse::Bolt12SemanticError;
 use crate::onion_message::messenger::PeeledOnion;
 use crate::onion_message::offers::OffersMessage;
 use crate::onion_message::packet::ParsedOnionMessageContents;
+use crate::routing::gossip::{NodeAlias, NodeId};
+use crate::sign::{NodeSigner, Recipient};
 
 use crate::prelude::*;
 
@@ -98,6 +100,37 @@ fn disconnect_peers<'a, 'b, 'c>(node_a: &Node<'a, 'b, 'c>, peers: &[&Node<'a, 'b
 	}
 }
 
+fn announce_node_address<'a, 'b, 'c>(
+	node: &Node<'a, 'b, 'c>, peers: &[&Node<'a, 'b, 'c>], address: SocketAddress,
+) {
+	let features = node.onion_messenger.provided_node_features()
+		| node.gossip_sync.provided_node_features();
+	let rgb = [0u8; 3];
+	let announcement = UnsignedNodeAnnouncement {
+		features,
+		timestamp: 1000,
+		node_id: NodeId::from_pubkey(&node.keys_manager.get_node_id(Recipient::Node).unwrap()),
+		rgb,
+		alias: NodeAlias([0u8; 32]),
+		addresses: vec![address],
+		excess_address_data: Vec::new(),
+		excess_data: Vec::new(),
+	};
+	let signature = node.keys_manager.sign_gossip_message(
+		UnsignedGossipMessage::NodeAnnouncement(&announcement)
+	).unwrap();
+
+	let msg = NodeAnnouncement {
+		signature,
+		contents: announcement
+	};
+
+	node.gossip_sync.handle_node_announcement(&msg).unwrap();
+	for peer in peers {
+		peer.gossip_sync.handle_node_announcement(&msg).unwrap();
+	}
+}
+
 fn route_bolt12_payment<'a, 'b, 'c>(
 	node: &Node<'a, 'b, 'c>, path: &[&Node<'a, 'b, 'c>], invoice: &Bolt12Invoice
 ) {
@@ -178,6 +211,58 @@ fn extract_invoice_error<'a, 'b, 'c>(
 	}
 }
 
+/// Checks that blinded paths without Tor-only nodes are preferred when constructing an offer.
+#[test]
+fn prefers_non_tor_nodes_in_blinded_paths() {
+	let mut accept_forward_cfg = test_default_channel_config();
+	accept_forward_cfg.accept_forwards_to_priv_channels = true;
+
+	let mut features = channelmanager::provided_init_features(&accept_forward_cfg);
+	features.set_onion_messages_optional();
+	features.set_route_blinding_optional();
+
+	let chanmon_cfgs = create_chanmon_cfgs(6);
+	let node_cfgs = create_node_cfgs(6, &chanmon_cfgs);
+
+	*node_cfgs[1].override_init_features.borrow_mut() = Some(features);
+
+	let node_chanmgrs = create_node_chanmgrs(
+		6, &node_cfgs, &[None, Some(accept_forward_cfg), None, None, None, None]
+	);
+	let nodes = create_network(6, &node_cfgs, &node_chanmgrs);
+
+	create_unannounced_chan_between_nodes_with_value(&nodes, 0, 1, 10_000_000, 1_000_000_000);
+	create_unannounced_chan_between_nodes_with_value(&nodes, 2, 3, 10_000_000, 1_000_000_000);
+	create_announced_chan_between_nodes_with_value(&nodes, 1, 2, 10_000_000, 1_000_000_000);
+	create_announced_chan_between_nodes_with_value(&nodes, 1, 4, 10_000_000, 1_000_000_000);
+	create_announced_chan_between_nodes_with_value(&nodes, 1, 5, 10_000_000, 1_000_000_000);
+	create_announced_chan_between_nodes_with_value(&nodes, 2, 4, 10_000_000, 1_000_000_000);
+	create_announced_chan_between_nodes_with_value(&nodes, 2, 5, 10_000_000, 1_000_000_000);
+
+	// Add an extra channel so that more than one of Bob's peers have MIN_PEER_CHANNELS.
+	create_announced_chan_between_nodes_with_value(&nodes, 4, 5, 10_000_000, 1_000_000_000);
+
+	let (alice, bob, charlie, david) = (&nodes[0], &nodes[1], &nodes[2], &nodes[3]);
+	let bob_id = bob.node.get_our_node_id();
+	let charlie_id = charlie.node.get_our_node_id();
+
+	disconnect_peers(alice, &[charlie, david, &nodes[4], &nodes[5]]);
+	disconnect_peers(david, &[bob, &nodes[4], &nodes[5]]);
+
+	let tor = SocketAddress::OnionV2([255, 254, 253, 252, 251, 250, 249, 248, 247, 246, 38, 7]);
+	announce_node_address(charlie, &[alice, bob, david, &nodes[4], &nodes[5]], tor);
+
+	let offer = bob.node
+		.create_offer_builder("coffee".to_string()).unwrap()
+		.amount_msats(10_000_000)
+		.build().unwrap();
+	assert_ne!(offer.signing_pubkey(), bob_id);
+	assert!(!offer.paths().is_empty());
+	for path in offer.paths() {
+		assert_ne!(path.introduction_node_id, charlie_id);
+	}
+}
+
 /// Checks that an offer can be paid through blinded paths and that ephemeral pubkeys are used
 /// rather than exposing a node's pubkey.
 #[test]
diff --git a/lightning/src/onion_message/messenger.rs b/lightning/src/onion_message/messenger.rs
index 2dc5a89a3..c221e7820 100644
--- a/lightning/src/onion_message/messenger.rs
+++ b/lightning/src/onion_message/messenger.rs
@@ -358,16 +358,19 @@ where
 		const MIN_PEER_CHANNELS: usize = 3;
 
 		let network_graph = self.network_graph.deref().read_only();
-		let paths = peers.iter()
+		let mut peer_info = peers.iter()
 			// Limit to peers with announced channels
-			.filter(|pubkey|
+			.filter_map(|pubkey|
 				network_graph
 					.node(&NodeId::from_pubkey(pubkey))
-					.map(|info| &info.channels[..])
-					.map(|channels| channels.len() >= MIN_PEER_CHANNELS)
-					.unwrap_or(false)
+					.filter(|info| info.channels.len() >= MIN_PEER_CHANNELS)
+					.map(|info| (*pubkey, info.is_tor_only()))
 			)
-			.map(|pubkey| vec![*pubkey, recipient])
+			.collect::<Vec<_>>();
+		peer_info.sort_unstable_by(|(_, a_tor_only), (_, b_tor_only)| a_tor_only.cmp(b_tor_only));
+
+		let paths = peer_info.into_iter()
+			.map(|(pubkey, _)| vec![pubkey, recipient])
 			.map(|node_pks| BlindedPath::new_for_message(&node_pks, &*self.entropy_source, secp_ctx))
 			.take(MAX_PATHS)
 			.collect::<Result<Vec<_>, _>>();