Jeffrey Czyz [Thu, 7 Mar 2024 22:59:09 +0000 (16:59 -0600)]
Drop error type parameter from SignError
SignError allows implementors of SignFunction to return a custom error
type. Drop this as an unconstrained type causes problems with bindings
and isn't useful unless the caller can take some sort of action based on
different errors.
Jeffrey Czyz [Fri, 1 Mar 2024 16:17:08 +0000 (10:17 -0600)]
Support BOLT 12 signing in c_bindings
Replace the Fn trait bound on signing methods with a dedicated trait
since Fn is not supported in bindings. Implement the trait for Fn so
that closures can still be used in Rust.
Jeffrey Czyz [Mon, 26 Feb 2024 02:42:57 +0000 (20:42 -0600)]
Add c_bindings version of InvoiceBuilder
Use the macros introduced in the previous commit to define two builders
for each type parameterization of InvoiceBuilder
- InvoiceWithExplicitSigningPubkeyBuilder
- InvoiceWithDerivedSigningPubkeyBuilder
The difference between these and InvoiceBuilder is that these have
methods that take `self` by mutable reference instead of by value and
don't return anything instead returning the modified builder. This is
required because bindings don't support move semantics nor impl blocks
specific to a certain type parameterization. Because of this, the
builder's contents must be cloned when building a Bolt12Invoice.
Keeps InvoiceBuilder defined so that it can be used internally in
ChannelManager's OffersMessageHandler even when compiled for c_bindings.
Elias Rohrer [Fri, 8 Mar 2024 09:24:50 +0000 (10:24 +0100)]
Impl `PartialEq`/`Eq` for `Offer`/`Refund`
We add custom implementations based on comparing the `bytes` for
`Offer`/`Refund` themselves as this is sufficient and should be faster
than comapring all fields in the worst case.
Jeffrey Czyz [Sun, 25 Feb 2024 20:58:07 +0000 (14:58 -0600)]
Macro-ize InvoiceBuilder
InvoiceBuilder is not exported to bindings because it has methods that
take `self` by value and are only implemented for certain type
parameterizations. Define these methods using macros such that different
builders and related methods can be defined for c_bindings.
Jeffrey Czyz [Fri, 23 Feb 2024 19:34:24 +0000 (13:34 -0600)]
Add c_bindings version of InvoiceRequestBuilder
Use the macros introduced in the previous commit to define two builders
for each type parameterization of InvoiceRequestBuilder
- InvoiceRequestWithExplicitPayerIdBuilder
- InvoiceRequestWithDerivedPayerIdBuilder
The difference between these and InvoiceRequestBuilder is that these
have methods that take `self` by mutable reference instead of by value
and don't return anything instead returning the modified builder. This
is required because bindings don't support move semantics nor impl
blocks specific to a certain type parameterization. Because of this, the
builder's contents must be cloned when building an InvoiceRequest.
Keeps InvoiceRequestBuilder defined so that it can be used internally in
ChannelManager::pay_for_offer even when compiled for c_bindings.
Jeffrey Czyz [Thu, 22 Feb 2024 22:47:38 +0000 (16:47 -0600)]
Macro-ize InvoiceRequestBuilder
InvoiceRequestBuilder is not exported to bindings because it has methods
that take `self` by value and are only implemented for certain type
parameterizations. Define these methods using macros such that different
builders and related methods can be defined for c_bindings.
Jeffrey Czyz [Sat, 24 Feb 2024 02:30:50 +0000 (20:30 -0600)]
Add c_bindings version of RefundBuilder
Use the macros introduced in the previous commit to define a builder
called RefundMaybeWithDerivedMetadataBuilder.
The difference between this and RefundBuilder is that this has methods
that take `self` by mutable reference instead of by value and don't
return anything instead returning the modified builder. This is required
because bindings don't support move semantics. Because of this, the
builder's contents must be cloned when building a Refund.
Keeps RefundBuilder defined so that it can be used internally in
ChannelManager::create_refund_builder even when compiled for c_bindings.
Jeffrey Czyz [Fri, 23 Feb 2024 22:52:49 +0000 (16:52 -0600)]
Macro-ize RefundBuilder
RefundBuilder is not exported to bindings because it has methods that
take `self` by value. Define these methods using macros such that
different builders and related methods can be defined for c_bindings.
Jeffrey Czyz [Fri, 23 Feb 2024 22:33:23 +0000 (16:33 -0600)]
Add c_bindings version of OfferBuilder
Use the macros introduced in the previous commit to define two builders
for each type parameterization of OfferBuilder
- OfferWithExplicitMetadataBuilder
- OfferWithDerivedMetadataBuilder
The difference between these and OfferBuilder is that these have methods
that take `self` by mutable reference instead of by value and don't
return anything instead returning the modified builder. This is required
because bindings don't support move semantics nor impl blocks specific
to a certain type parameterization. Because of this, the builder's
contents must be cloned when building an Offer.
Keeps OfferBuilder defined so that it can be used internally in
ChannelManager::create_offer_builder even when compiled for c_bindings.
Elias Rohrer [Fri, 1 Mar 2024 10:42:54 +0000 (11:42 +0100)]
Prefer implementing `From` over `Into`
.. as the std library docs state that implementing Into should be avoided:
"One should avoid implementing Into and implement From instead.
Implementing From automatically provides one with an implementation of
Into thanks to the blanket implementation in the standard library."
Matt Corallo [Thu, 29 Feb 2024 14:50:26 +0000 (14:50 +0000)]
Update docs on `PaymentFailureReason::RouteNotFound` to add context
tnull noted on discord that its somewhat unclear to users what
`RouteNotFound` actually means - that we ran out of routes, rather
than could not find a route at all - so the docs are updated here.
Jeffrey Czyz [Wed, 28 Feb 2024 21:58:14 +0000 (15:58 -0600)]
Prefer one-hop blinded path to Tor intro nodes
If a node is announced, prefer using a one-hop blinded path with it as
the introduction node to using a two-hop blinded path with a Tor-only
introduction node. The one-hop blinded path is more reliable, thus only
use Tor-only nodes if the recipient is unannounced. And then, prefer
non-Tor-only nodes.
Jeffrey Czyz [Wed, 28 Feb 2024 17:23:56 +0000 (11:23 -0600)]
Prefer well-connected nodes for introduction nodes
When forming blinded paths, using a reliable node as the introduction
node is important to ensure onion message reliability. Order blinded
paths by how well-connected the introduction node is as a proxy for
reliability.
For short paths (e.g., when the sender and recipient share an LSP), this
may also result in a scenario where initiating a direct connection isn't
necessary. That is helpful when using RGS since it currently doesn't
include node announcements and thus cannot initiate a direct connection.
Jeffrey Czyz [Wed, 28 Feb 2024 00:37:39 +0000 (18:37 -0600)]
Prefer non-Tor nodes when creating blinded paths
Tor nodes can have high latency which can have a detrimental effect on
onion message reliability. Prefer using nodes that aren't Tor-only when
creating blinded paths both in offers and in onion message reply paths.
Jeffrey Czyz [Tue, 27 Feb 2024 19:25:25 +0000 (13:25 -0600)]
Add NodeInfo::is_tor_only
Add a method to NodeInfo to determine if the node has only announced Tor
addresses. Useful for preferring blinded paths that don't use Tor for
better reliability and improved latency.
Jeffrey Czyz [Tue, 20 Feb 2024 00:43:59 +0000 (18:43 -0600)]
Macro-ize OfferBuilder
OfferBuilder is not exported to bindings because it has methods that
take `self` by value and are only implemented for certain type
parameterizations. Define these methods using macros such that different
builders and related methods can be defined for c_bindings.
Elias Rohrer [Tue, 20 Feb 2024 12:36:45 +0000 (13:36 +0100)]
Introduce `PeerManager::list_peers` and `peer_by_node_id`
.. returning `PeerDetails` rather than tuples of peer-associated values.
Previously, we wouldn't offer any way to retrieve the features a
peer provided in their `Init` message.
Here, we allow to retrieve them via a new `PeerDetails` struct,
side-by-side with `SocketAddress`es and a bool indicating the direction
of the peer connection.
Elias Rohrer [Fri, 16 Feb 2024 10:33:37 +0000 (11:33 +0100)]
Have CI's `cargo audit` ignore `RUSTSEC-2021-0125`
This advisory is only relevant for a downstream dependency of
`criterion`, which we currently don't want to bump in order to continue
benchmarking with our MSRV 1.63.0.
We therefore just add it to our ignore list for now.
Matt Corallo [Mon, 12 Feb 2024 22:40:49 +0000 (22:40 +0000)]
Drop `ahash` dependency in favor of core's `SipHasher`
https://github.com/tkaitchuck/aHash/pull/196 bumped the MSRV of
`ahash` in a patch release, which makes it rather difficult for us
to have it as a dependency.
Further, it seems that `ahash` hasn't been particularly robust in
the past, notably
https://github.com/tkaitchuck/aHash/issues/163 and
https://github.com/tkaitchuck/aHash/issues/166.
Luckily, `core` provides `SipHasher` even on no-std (sadly its
SipHash-2-4 unlike the SipHash-1-3 used by the `DefaultHasher` in
`std`). Thus, we drop the `ahash` dependency entirely here and
simply wrap `SipHasher` for our `no-std` HashMaps.
Matt Corallo [Mon, 12 Feb 2024 22:37:09 +0000 (22:37 +0000)]
Add a crate which wraps `getrandom` but always compiles
In the next commit we'll drop the `ahash` dependency in favor of
directly calling `getrandom` to seed our hash tables. However,
we'd like to depend on `getrandom` only on certain platforms *and*
only when certain features (no-std) are set.
This introduces an indirection crate to do so, allowing us to
depend on it only when `no-std` is set but only depending on
`getrandom` on platforms which it supports.
Matt Corallo [Fri, 16 Feb 2024 19:26:22 +0000 (19:26 +0000)]
Fix `Route` serialization round-trip
When the `max_total_routing_fee_msat` parameter was added to
`RouteParameters`, the serialization used `map` to get the max fee,
accidentally writing an `Option<Option<u64>>`, but then read it as
an `Option<u64>`. Thus, any `Route`s with a `route_params` written
will fail to be read back.
Luckily, this is an incredibly rarely-used bit of code, so only one
user managed to hit it.
Matt Corallo [Fri, 16 Feb 2024 18:41:54 +0000 (18:41 +0000)]
Fix blinded path serialization in `Route`
`Route`'s blinded_path serialization logic writes a blinded path
`Option` per path hop, however on read we (correctly) only read one
blinded path `Option` per path. This causes serialization of
`Route`s with blinded paths to fail to round-trip.
Here we fix this by writing blinded paths per path.
Matt Corallo [Fri, 16 Feb 2024 18:33:53 +0000 (18:33 +0000)]
Drop the `fails_paying_for_bolt12_invoice` test
`fails_paying_for_bolt12_invoice` tests that we fail to send a
payment if the router returns `Ok` but includes a bogus route (one
with 0-length paths). While this marginally increases our test
coverage, in the next commit we'll be testing that all routes
round-trip serialization, which fails here as bogus routes are not
supported in deserialization.
Because this isn't particularly critical test coverage, we simply
opt to drop the test entirely here.
Matt Corallo [Tue, 13 Feb 2024 22:43:51 +0000 (22:43 +0000)]
Never store more than one `StdWaker` per live `Future`
When an `std::future::Future` is `poll()`ed, we're only supposed to
use the latest `Waker` provided. However, we currently push an
`StdWaker` onto our callback list every time `poll` is called,
waking every `Waker` but also using more and more memory until the
`Future` itself is woken.
Here we fix this by removing any `StdWaker`s stored for a given
`Future` when it is `drop`ped or prior to pushing a new `StdWaker`
onto the list when `poll`ed.
Sadly, the introduction of a `Drop` impl for `Future` means we
can't trivially destructure the struct any longer, causing a few
methods to need to take `Future`s by reference rather than
ownership and `clone` a few `Arc`s.
Matt Corallo [Tue, 13 Feb 2024 22:08:55 +0000 (22:08 +0000)]
Give `Future`s for a `FutureState` an idx and track `StdWaker` idxn
When an `std::future::Future` is `poll()`ed, we're only supposed to
use the latest `Waker` provided. However, we currently push an
`StdWaker` onto our callback list every time `poll` is called,
waking every `Waker` but also using more and more memory until the
`Future` itself is woken.
Here we take a step towards fixing this by giving each `Future` a
unique index and storing which `Future` an `StdWaker` came from in
the callback list. This sets us up to deduplicate `StdWaker`s by
`Future`s in the next commit.
Matt Corallo [Tue, 13 Feb 2024 21:58:46 +0000 (21:58 +0000)]
Split lists of `Waker` and directly-registered `Future` callbacks
In the next commit we'll fix a memory leak due to keeping too many
`std::task::Waker` callbacks in `FutureState` from redundant `poll`
calls, but first we need to split handling of `StdWaker`-based
future wake callbacks from normal ones, which we do here.
Elias Rohrer [Mon, 5 Feb 2024 14:44:08 +0000 (15:44 +0100)]
Add `rustfmt` to CI, ignore all files
We add the previously discussed `rustfmt.toml` and enforce it in CI for
any files that are not contained in an exclusion list.
To start, we add all current Rust files to this exclusion list. This
means that formatter rules will be enforced for any newly introduced
files, and we'll then start going through the codebase file-by-file,
removing them from the list as we go.
Matt Corallo [Tue, 13 Feb 2024 23:43:19 +0000 (23:43 +0000)]
Opportunistically skip log in `update_claims_view_from_matched_txn`
On each block, for each `ChannelMonitor`, we log two status
statements in `OnChainTx::update_claims_view_from_matched_txn`.
This can add up to quite a bit, and is generally not very
interesting when we don't actually do anything if there's no claims
to bump.
Here we drop both logs if we have no claims to work with, but
retain it if we process any claims.
Matt Corallo [Tue, 13 Feb 2024 23:33:18 +0000 (23:33 +0000)]
Opportunistically skip log in `update_claims_view_from_requests`
On each block, for each `ChannelMonitor`, we log a status statement
in `OnChainTx::update_claims_view_from_requests`. This can add up
to quite a bit, and is generally not very interesting when we don't
actually do anything if there's no claims to bump.
Here we drop the log if we have no claims to work with, but retain
it if we process any claims.
Matt Corallo [Tue, 13 Feb 2024 23:00:38 +0000 (23:00 +0000)]
Drop some "Channel does not qualify for a feerate change" logs
On a high-traffic/channel node, `Channel .* does not qualify for a
feerate change.*` is our most common log, and it doesn't provide
much useful information. It's logged in two cases - (a) where the
estimator feerate is less than the current channel feerate but not
by more than half twice and (b) where we'd like to update the
channel feerate but the peer is disconnected or channel not
available for updates.
Because these conditions can persist and we log them once a minute
the volume of logs can add up quickly. Here we simply remove the
log in case (a), though leave (b) as its anticipated to be somewhat
quieter and does indicate a persistent issue that should be
addressed (possibly by closing the channel).
Matt Corallo [Tue, 13 Feb 2024 22:57:18 +0000 (22:57 +0000)]
Make peers sending gossip out of order logging less scary
Multiple times we've had users wonder why they see `Error handling
message from.*; ignoring: Couldn't find channel for update` in
their logs and wonder if its related to their channel
force-closing. While this does indicate a peer is sending us gossip
our of order (and thus misbehaving), its not relevant to channel
operation and the logged message and level should indicate that.
Thus, here, we move the level to Gossip and add "gossip" between
"handling" and "message" (so it reads "Error handling gossip
message from.*").
Elias Rohrer [Tue, 30 Jan 2024 11:41:05 +0000 (12:41 +0100)]
Introduce CI workflow running `cargo audit`
In order to continuously monitor our dependencies for security
vulnerabilities, we introduce a new CI job that will use `cargo audit`
to check for any known vulnerabilities.
This job is run on a daily schedule. For each new advisory, a new issue
will be created.
Wilmer Paulino [Tue, 30 Jan 2024 22:45:46 +0000 (14:45 -0800)]
Allow holder commitment and HTLC signature requests to fail
As part of the ongoing async signer work, our holder signatures must
also be capable of being obtained asynchronously. We expose a new
`ChannelMonitor::signer_unblocked` method to retry pending onchain
claims by re-signing and rebroadcasting transactions. Unfortunately, we
cannot retry said claims without them being registered first, so if
we're not able to obtain the signature synchronously, we must return the
transaction as unsigned and ensure it is not broadcast.
Wilmer Paulino [Tue, 30 Jan 2024 22:45:44 +0000 (14:45 -0800)]
Rework get_latest_holder_commitment_txn to broadcast for users
This method is meant to be used as a last resort when a user is forced
to broadcast the current state, even if it is stale, in an attempt to
claim their funds in the channel. Previously, we'd return the commitment
and HTLC transactions such that they broadcast them themselves. Doing so
required a different code path, one which was not tested, to obtain
these transactions than our usual path when force closing. It's not
worth maintaining both, and it's much simpler for us to broadcast
instead.