Matt Corallo [Tue, 5 Mar 2019 20:36:11 +0000 (15:36 -0500)]
Rewrite Channel resend tracking to make it much more reliable
Resending revoke_and_ack and commitment_signed (+update) messages
after monitor-update-failure or disconnection has been a highly
unreliable part of our codebase for some time (as evidenced by the
number of bugs caught in the chanmon_fail_consistency fuzz target).
This is due to its rather ad-hoc nature and tracking/behavior which
consists of checking a number of different flags to try to deduce
which messages were/were not delivered and go from there. Instead,
this commit rewrites it to simply keep track of the order messages
were generated originally, as we always resend in the
originally-generated order.
I'm anticipating this will be way more robust than the old code, in
addition to its simplicity.
Matt Corallo [Sun, 3 Mar 2019 19:02:51 +0000 (14:02 -0500)]
Move fail_reason into OutboundHTLCState states
This should probably have happened when we moved most state into
the state enums themselves, but specifically forcing awareness of
the removed/not removed state would have prevented me from
introducing a bug in the first version of an upcoming reserve-value
patch.
Carl Dong [Thu, 7 Feb 2019 18:08:21 +0000 (13:08 -0500)]
util: Derive PartialEq for Level
PartialEq, Eq, and Hash should all be derived together wherever possible
to not violate Hash invariants. See the documentation for
std::hash::Hash for more details.
Matt Corallo [Mon, 21 Jan 2019 16:44:59 +0000 (11:44 -0500)]
Fix holding cell freeing in case we fail to add some HTLC
Previously, if we went to free the holding cell HTLC updates, and
adding one failed as we hit our outbound HTLC limit (or in-flight
value limit), we would not send a commitment_signed, leaving us in
an invalid state. We first fix that bug, and then refuse to add
things to our holding cell once we reach our limits considering the
holding cell, as we shouldn't have multiple commitment dance rounds
worth of HTLCs in the holding cell anyway.
Matt Corallo [Tue, 8 Jan 2019 04:11:37 +0000 (23:11 -0500)]
Drop pending outbound messages on peer disconnection
This shouldn't be required, but it may help prevent some downstream
race conditions due to clients not sending message events quickly
enough and trying to send stale messages before new
channel_reestablish messages.
Matt Corallo [Fri, 11 Jan 2019 18:08:56 +0000 (13:08 -0500)]
Fix AwaitingRAA on RAA receipt when monitor updating had failed
This fixes a rather subtle case handling RAAs when we don't
generate a response due to a previous monitor update failure, but
would otherwise send a CS response. We need to still set
AwaitingRemoteRevoke on the channl in question, but previously did
not. Found by chanmon_fail_consistency fuzz test with the failing
test converted and added manually.
Matt Corallo [Tue, 8 Jan 2019 04:10:51 +0000 (23:10 -0500)]
Rewrite monitor_update_failed as it didn't capture all the options
Primarily this fixes the case where we receive an RAA which does
not require a response, allowing us to call monitor_update_failed
without generating pending messages.
Matt Corallo [Fri, 4 Jan 2019 19:38:05 +0000 (14:38 -0500)]
Check for timing-out HTLCs in remote unrevoked commitments
This resolves a TODO/issue in would_broadcast_at_height where we
will not fail a channel with HTLCs which time out in remote
broadcastable transactions.
Matt Corallo [Sun, 6 Jan 2019 22:02:53 +0000 (17:02 -0500)]
Make HTLCOutputInCommitment::transaction_output_index an Option
We really shouldn't have split out the with-source HTLCs from the
in-transaction HTLCs when we added back-failing, and will need
almost all of the info in HTLCOutputInCommitment for each HTLC to
fix would_broadcast_at_height, so this is a first step at
recombining them.
Matt Corallo [Sun, 6 Jan 2019 20:14:43 +0000 (15:14 -0500)]
Fix multi-remote-HTLC-claim preimage learning
When our counterparty claims multiple HTLCs from offered outputs in
one transaction we should still be able to learn the preimages.
Sadly, due to two bugs we were not previously doing so.
This tests a case we previously didn't handle correctly where we
returned early if there was no to_remote output to claim and thus
failed to fail-backwards HTLCs which were present.
Matt Corallo [Fri, 21 Dec 2018 19:32:44 +0000 (14:32 -0500)]
Move fail-backwards up for no to-remote output claims
This fixes HTLC fail-backwards in case we haven't yet sent enough
to have a to_remote output to claim, plus some edge cases where it
could be removed due to a fee update, though hopefully that goes
away with simplified_commitment.
projects / rust-lightning / log