Elias Rohrer [Fri, 12 Jan 2024 10:36:08 +0000 (11:36 +0100)]
Add `OutputSweeper` utility persisting and sweeping spendable outputs
We add a `OutputSweeper` utility that allows to track the state of
spendable output descriptors as emitted by `Event::SpendableOutputs`.
To this end, the `OutputSweeper` persists the necessary information in
our `KVStore` and regularly tries to sweep the spendable outputs,
removing them after reaching threshold confirmations, i.e.,
`ANTI_REORG_DELAY`.
Add a version of the create_onion_message utility function that attempts
to resolved the introduction node of the destination's BlindedPath using
a ReadOnlyNetworkGraph`. Otherwise, if given a path using the compact
representation, using create_onion_message would fail. Keep the current
version for use internally and for external uses where the blinded path
is known to be resolved.
Jeffrey Czyz [Wed, 20 Mar 2024 19:31:30 +0000 (14:31 -0500)]
Look up node id from scid in OnionMessenger
When forwarding onion messages, the next node may be represented by a
short channel id instead of a node id. Parameterize OnionMessenger with
a NodeIdLookUp trait to find which node is the next hop. Implement the
trait for ChannelManager for forwarding to channel counterparties.
Also use this trait when advancing a blinded path one hop when the
sender is the introduction node.
Jeffrey Czyz [Tue, 19 Mar 2024 02:58:04 +0000 (21:58 -0500)]
Resolve IntroductionNode::DirectedShortChannelId
When OnionMessenger creates an OnionMessage to a Destination, the latter
may contain an IntroductionNode::DirectedShortChannelId inside a
BlindedPath. Resolve these in DefaultMessageRouter and handle unresolved
ones in OnionMessenger.
Jeffrey Czyz [Fri, 15 Mar 2024 21:52:36 +0000 (16:52 -0500)]
Generalize BlindedPath::introduction_node_id field
Allow using either a node id or a directed short channel id in blinded
paths. This allows for a more compact representation of blinded paths,
which is advantageous for reducing offer QR code size.
Follow-up commits will implement handling the directed short channel id
case in OnionMessenger as it requires resolving the introduction node in
MessageRouter.
Jeffrey Czyz [Wed, 20 Mar 2024 21:43:03 +0000 (16:43 -0500)]
Add source reference to BlindedPathCandidate hop
Blinded paths currently contain a node id for the introduction node.
However, a compact representation will allow a directed short channel id
instead. Update BlindedPathCandidate and OneHopBlindedPathCandidate to
store a NodeId reference from either the NetworkGraph or from the user-
provided first hops.
This approach avoids looking up the introduction node id on demand,
which may not be resolvable. Thus, that would require returning an
Option from CandidateRouteHop::source and handle None accordingly.
jbesraa [Tue, 26 Mar 2024 17:23:37 +0000 (19:23 +0200)]
Fix `cmp::max` execution in `ChannelContext::get_dust_buffer_feerate`
The current `cmp::max` doesnt align with the function comment, ie its
comparing 2530 and `feerate_plus_quarter` instead of `feerate_per_kw
+ 2530` and `feerate_plus_quarter` which is fixed in this commit
Fix race between handshake_complete and timer_tick_occurred
The initial noise handshake on connection establishment must complete
within a single timer tick. This timeout is enforced via
`awaiting_pong_timer_tick_intervals` whenever a timer tick fires while
our handshake has yet to complete. Currently, on an inbound connection,
if a timer tick fires after we've sent act two of the noise handshake
along with our init message and before receiving the counterparty's init
message, we begin enforcing such timeout. Even if we immediately
continue to process the counterparty's init message to complete to
handshake, the timeout enforcement is not cleared. With the handshake
complete, `awaiting_pong_timer_tick_intervals` is now tracked to enforce
a pong timeout, except a ping was never actually sent. If a single timer
tick fires again without having received a message from the peer, or
enough timer ticks fire to trigger the
`MAX_BUFFER_DRAIN_TICK_INTERVALS_PER_PEER` logic, we'll end up
disconnecting the peer due to a timeout for a pong we'll never receive.
We fix this by always resetting `awaiting_pong_timer_tick_intervals`
upon processing our counterparty's init message.
Jeffrey Czyz [Wed, 20 Mar 2024 21:42:30 +0000 (16:42 -0500)]
Add BlindedPath::introduction_node_id method
Blinded paths use a pubkey to identify the introduction node, but it
will soon allow using a directed short channel id instead. Add an
introduction_node_id method to BlindedPath to facilitate lookup in the
latter case.
Allow either using a node id or a short channel id when forwarding an
onion message. This allows for a more compact representation of blinded
paths, which is advantageous for reducing offer QR code size.
Follow-up commits will implement handling the short channel id case as
it requires looking up the destination node id.
cc78b77c715d6ef62693d4c1bc7190da990ec0fa fixed an important
downgrade bug, but neglected to add test coverage. Here we recitfy
that by adding a few simple tests of common cases.
Tests heavily tweaked by Matt Corallo <git@bluematt.me>.
Matt Corallo [Thu, 28 Mar 2024 22:02:09 +0000 (22:02 +0000)]
Ensure we read the full TLV stream length when maybe-reading `None`
If we are reading an object that is `MaybeReadable` in a TLV stream
using `upgradable_required`, it may return early with `Ok(None)`.
In this case, it will not read any further TLVs from the TLV
stream. This is fine, except that we generally expect
`MaybeReadable` always consume the correct number of bytes for the
full object, even if it doesn't understand it.
This could pose a problem, for example, in cases where we're
reading a TLV-stream `MaybeReadable` object inside another
TLV-stream object. In that case, the `MaybeReadable` object may
return `Ok(None)` and not consume all the available bytes, causing
the outer TLV read to fail as the TLV length does not match.
Matt Corallo [Tue, 26 Mar 2024 15:08:20 +0000 (15:08 +0000)]
Fix unknown handling in `impl_writeable_tlv_based_enum_upgradable`
`impl_writeable_tlv_based_enum_upgradable` professed to supporting
upgrades by returning `None` from `MaybeReadable` when unknown
variants written by newer versions of LDK were read. However, it
generally didn't support this as it didn't discard bytes for
unknown types, resulting in corrupt reading.
This is fixed here for enum variants written as a TLV stream,
however we don't have a length prefix for tuple enum variants, so
the documentation on the macro is updated to mention that
downgrades are not supported for tuple variants.
Matt Corallo [Thu, 21 Mar 2024 14:27:05 +0000 (14:27 +0000)]
Use `crate::prelude::*` rather than specific imports
New rustc beta now warns on duplicate imports when one of the
imports is from a wildcard import or the default prelude. Thus, to
avoid this here we prefer to always use `crate::prelude::*` and let
it decide if we actually need to import anything.
Matt Corallo [Thu, 21 Mar 2024 14:22:52 +0000 (14:22 +0000)]
Add more `std` prelude items to `crate::prelude`
New rustc beta now warns on duplicate imports when one of the
imports is from a wildcard import or the default prelude. Thus, for
simplicity, we need to make our `crate::prelude` mostly identical
to the `std` one, allowing us to always simply use the
`crate::prelude` and let it decide if we need to import anything.
Matt Corallo [Thu, 21 Mar 2024 15:18:22 +0000 (15:18 +0000)]
Allow(unused_imports) on prelude imports
New rustc now warns on duplicate imports when one of the imports
is from a wildcard import or the default prelude. Thus, because we
often don't actually use the imports from our prelude (as they
exist to duplicate the `std` default prelude), we have to mark most
of our `crate::prelude` imports with `#[allow(unused_imports)]`,
which we do here.
Elias Rohrer [Mon, 25 Mar 2024 15:35:37 +0000 (16:35 +0100)]
Split `PeerManager::handle_message` to avoid explicit `mem::drop`
Previously, `handle_message` was a single large method consisting of two
logical parts: one modifying the peer state hence requiring us to hold
the `peer_lock` `MutexGuard`, and, after calling `mem::drop(peer_lock)`,
the remainder which does not only *not* require to hold the
`MutexGuard`, but relies on it being dropped to avoid double-locking.
However, the `mem::drop` was easily overlooked, making reasoning about
lock orders etc. a headache. Here, we therefore have
`handle_message` call two sub-methods reflecting the two logical parts,
allowing us to avoid the explicit `mem::drop`, while at the same time
making it less error-prone due to the two methods' signatures.
shaavan [Wed, 27 Mar 2024 13:03:42 +0000 (18:33 +0530)]
Delay broadcasting Channel Updates until connected to peers
- We might generate channel updates to be broadcast when
we are not connected to any peers to broadcast them to.
- This PR ensures to cache them and broadcast them only when
we are connected to some peers.
Other Changes:
1. Introduce a test.
2. Update the relevant current tests affected by this change.
3. Fix a typo.
4. Introduce two functions in functional_utils that optionally
connect and disconnect a dummy node during broadcast testing.
Wilmer Paulino [Fri, 29 Mar 2024 18:50:26 +0000 (11:50 -0700)]
Reserve async signing related channel TLV types
A LDK user deployed to production a WIP version of the async signing
branch in which two new TLVs were added to channel. To prevent them from
needing to perform a migration, we can just new types for TLVs that have
yet to be included in a release. A note has been added to ensure types
45 and 47 are not used for another purpose.
benthecarman [Wed, 27 Mar 2024 18:42:19 +0000 (13:42 -0500)]
Add DecodeError::DangerousValue for decoding invalid channel managers
This would help distinguish different types of errors when deserialzing
a channel manager. InvalidValue was used previously but this could be
because it is an old serialization format, whereas DangerousValue is a
lot more clear on why the deserialization failed.
Jeffrey Czyz [Fri, 3 Nov 2023 19:44:45 +0000 (14:44 -0500)]
Break ChannelManager docs into sections
ChannelManager docs aren't very approachable as they consist of a large
wall of texts without much direction. As a first step of improvement,
add sections to help delineate the existing text and make it easier to
scan.
Wilmer Paulino [Sat, 9 Mar 2024 08:53:48 +0000 (00:53 -0800)]
Decode update_add_htlc onions before forwarding HTLCs
This commit completes all of the groundwork necessary to decode incoming
`update_add_htlc` onions once they're fully committed to by both sides.
HTLCs are tracked in batches per-channel on the channel they were
received on. While this path is unreachable for now, until
`InboundHTLCResolution::Resolved` is replaced with
`InboundHTLCResolution::Pending`, it will allow us to obtain
`HTLCHandlingFailed` events for _any_ failed HTLC that comes across a
channel.
Wilmer Paulino [Fri, 8 Mar 2024 07:30:18 +0000 (23:30 -0800)]
Refactor forward_htlcs to return whether to push a forward event
When decoding pending `update_add_htlc` onions, we may need to forward
HTLCs using `ChannelManager::forward_htlcs`. This may end up queueing a
`PendingHTLCsForwardable` event, but we're only decoding these pending
onions as a result of handling a `PendingHTLCsForwardable`, so we
shouldn't have to queue another one and wait for it to be handled. By
having a `forward_htlcs` variant that does not push the forward event,
we can ignore the forward event push when forwarding HTLCs which we just
decoded the onion for.
Wilmer Paulino [Fri, 8 Mar 2024 07:35:30 +0000 (23:35 -0800)]
Consider pending decode_update_add_htlcs when pushing forward event
Since decoding pending `update_add_htlc` onions will go through the HTLC
forwarding path, we'll want to make sure we don't queue more events than
necessary if we have both HTLCs to forward/fail and pending
`update_add_htlc` onions to decode.
Wilmer Paulino [Fri, 8 Mar 2024 08:19:40 +0000 (00:19 -0800)]
Refactor incoming HTLC accept checks out from Channel::update_add_htlc
In the future, we plan to completely remove
`decode_update_add_htlc_onion` and replace it with a batched variant.
This refactor, while improving readability in its current form, does not
feature any functional changes and allows us to reuse the incoming HTLC
acceptance checks in the batched variant.
Wilmer Paulino [Fri, 8 Mar 2024 07:31:14 +0000 (23:31 -0800)]
Only include channel_update in failure if needed by error code
This simplifies the failure path by allowing us to return the general
error code for a failure, which we can then amend based on whether it
was for a phantom forward.
Wilmer Paulino [Wed, 24 Jan 2024 01:14:14 +0000 (17:14 -0800)]
Refactor outgoing channel lookup out from decode_update_add_htlc_onion
In the future, we plan to complete remove `decode_update_add_htlc_onion`
and replace it with a batched variant. This refactor, while improving
readability in its current form, does not feature any functional changes
and allows us to reuse most of the logic in the batched variant.
Wilmer Paulino [Wed, 24 Jan 2024 01:08:17 +0000 (17:08 -0800)]
Refactor outgoing HTLC checks out from decode_update_add_htlc_onion
In the future, we plan to complete remove `decode_update_add_htlc_onion`
and replace it with a batched variant. This refactor, while improving
readability in its current form, does not feature any functional changes
and allows us to reuse most of the logic in the batched variant.
Wilmer Paulino [Wed, 24 Jan 2024 00:55:40 +0000 (16:55 -0800)]
Refactor HTLCFailureMsg generation out from decode_update_add_htlc_onion
In the future, we plan to complete remove `decode_update_add_htlc_onion`
and replace it with a batched variant. This refactor, while improving
readability in its current form, does not feature any functional changes
and allows us to reuse most of the logic in the batched variant.
Wilmer Paulino [Tue, 23 Jan 2024 00:29:41 +0000 (16:29 -0800)]
Add new HTLCDestination variant for invalid onion
The existing variants do not cover such case as we previously never
surfaced `HTLCHandlingFailed` events for HTLCs that we failed back with
`UpdateFailMalformedHTLC` due to an invalid onion packet.
Wilmer Paulino [Fri, 8 Mar 2024 07:03:25 +0000 (23:03 -0800)]
Track pending update_add_htlcs in ChannelManager for later processing
We plan to decode the onions of these `update_add_htlc`s as part of the
HTLC forwarding flow (i.e., `process_pending_htlc_forwards`), so we'll
need to track them per-channel at the `ChannelManager` level.
Wilmer Paulino [Mon, 22 Jan 2024 23:28:59 +0000 (15:28 -0800)]
Remove unreachable handling of htlc_forwards upon channel_reestablish
`htlc_forwards` only returns a `Some` value from
`handle_channel_resumption` if we provide it a non-empty
`pending_forwards`. Since we don't, we'll never have a value to handle.
Wilmer Paulino [Mon, 22 Jan 2024 23:24:51 +0000 (15:24 -0800)]
Track incoming UpdateAddHTLC until HTLC resolution
This commit serves as a stepping stone to moving towards resolving HTLCs
once the HTLC has been fully committed to by both sides.
Currently, we decode HTLC onions immediately upon receiving an
`update_add_htlc`. Doing so determines what we should do with the HTLC:
forward it, or immediately fail it back if it cannot be accepted. This
action is tracked until the HTLC is fully committed to by both sides,
and a new commitment in the latter case is proposed to fully remove the
HTLC. While this has worked so far, it has some minor privacy
implications, as forwarding/failing back do not go through the usual
`PendingHTLCsForwardable` flow. It also presents issues with the
quiescence handshake, as failures through this path do not go through
the holding cell abstraction, leading to a potential violation of the
handshake by sending an `update_fail_*` after already having sent
`stfu`.
Since `pending_inbound_htlcs` are written pre-TLVs, we introduce a new
serialization version in which we change the `PendingHTLCStatus`
serialization of
`InboundHTLC::AwaitingRemoteRevokeToRemove/AwaitingRemovedRemoteRevoke`
to be an option instead. We'll still write it as the current version
(`MIN_SERIALIZATION_VERSION`), but we'll support reading the new version
to allow users to downgrade back to this commit.
Wilmer Paulino [Mon, 11 Mar 2024 17:21:43 +0000 (10:21 -0700)]
Support Vec serialization that include element length prefix
We add new macro alternatives to
impl_writeable_for_vec/impl_readable_for_vec that add a length prefix to
each element in the `Vec`. This is intended to be used over the existing
macros when attempting to serialize a `Vec` with elements of variable
lengths.
Wilmer Paulino [Thu, 7 Mar 2024 22:37:58 +0000 (14:37 -0800)]
Don't consume readers with FixedLengthReader
We can't always assume that we're done reading after using a
FixedLengthReader. In some cases, we may need to read a set of
length-prefixed objects one at a time, and we'd like to do so without
incurring an additional allocation by reading a number of bytes first to
then deserialize them.