Matt Corallo [Mon, 13 Jan 2020 18:52:23 +0000 (13:52 -0500)]
Refactor features a bit more to describe what the constructors do
The Features::new() method is nonsense and doesn't describe what
features were being set - we introduce an empty() and supported()
constructors instead.
Matt Corallo [Mon, 13 Jan 2020 18:50:29 +0000 (13:50 -0500)]
Fix Feature endianness by swapping bytes on read/write.
The spec is a bit mum on feature endianness, so I suppose it falls
under the "everything is big endian unless otherwise specified"
clause, but we were treating it as little.
This change was made in the flat features BOLT PR, as if a channel
requires some unknown feature bits we should still rumor it, we just
shouldn't route through it.
Matt Corallo [Mon, 23 Dec 2019 22:52:58 +0000 (17:52 -0500)]
Implement Flat Features
This merges local and global features into one struct, which is
parameterized by where it appers. The parameterization restricts
which queries can be made and which features can be set, in line
with the latest BOLT 9.
Antoine Riard [Tue, 5 Nov 2019 23:51:05 +0000 (18:51 -0500)]
Drop Result for ChannelMessageHandler methods
Simplify interfaces between ChannelMessageHandler and PeerManager,
by switching all ChannelMessageHandler errors to HandleError sent
internally instead of being return. With further refactors in Router
and PeerChannelEncryptor, errors management on the PeerManager-side
won't be splitted between try_potential_handleerror and HandleError
processing.
Inside ChannelManager, we now log MsgHandleErrInternal and send
ErrorAction to PeerManager.
On a high-level, it should allow client using API to be more flexible
by polling events instead of waiting function call returns.
We also update handle_error macro to take channel_state_lock from
caller which should avoid some deadlock potential for some edges
cases.
Filter out IgnoreError in handle_error macro, update test in
consequence.
Matt Corallo [Fri, 13 Dec 2019 03:42:08 +0000 (22:42 -0500)]
Drop duplicative current-local-tx storage in channel.
We now have current-local-tx broadcast ability in channel monitors
directly (for ChannelManager deserialization), so we can just use
that instead of always having the Channel store signed ready-to-go
copies of the latest local commitment transaction.
This is further kinda nice since ChannelMonitor is live and can, eg
broadcast HTLC-Success transactions immediately as they will be
generated at broadcast time instead of in advance.
Finally, this lets us clean up a tiny bit in Channel.
Matt Corallo [Fri, 20 Dec 2019 19:53:16 +0000 (14:53 -0500)]
Remove unused lifetimes.
f71518365f61a5fe2a0340953ad6592c0d2b72cc added a series of lifetimes
which were required for an earlier version of the patch but not the
final version. They can be freely removed.
Matt Corallo [Wed, 27 Nov 2019 21:08:48 +0000 (16:08 -0500)]
Make commitment transaction signing a part of ChannelKeys.
This adds a new fn to ChannelKeys which is called when we generte
a new remote commitment transaction for signing. While it may be
theoretically possible to unwind state updates by disconnecting and
reconnecting as well as making appropriate state machine changes,
the effort required to get it correct likely outweighs the UX cost
of "preflighting" the requests to hardwre wallets.
Matt Corallo [Tue, 26 Nov 2019 21:46:33 +0000 (16:46 -0500)]
Make ChannelKeys an API and template Channel with it.
Instead of having in-memory access to the list of private keys
associated with a channel, we should have a generic API which
allows us to request signing, allowing the user to store private
keys any way they like.
The first step is the (rather mechanical) process of templating
the entire tree of ChannelManager -> Channel impls by the
key-providing type. In a later commit we should expose only public
keys where possible.
Antoine Riard [Tue, 10 Dec 2019 22:25:27 +0000 (17:25 -0500)]
Add test_bump_txn_sanitize_tracking_maps
Extend test visibility of claim-tracking maps to do so.
Cover both "If 2 claimable-outpoint-spending txn are in 1 block,
clean up properly" and "Clean up claimable_outpoints when
pending_claim_requests is cleaned" fix commits in same patchset.
Matt Corallo [Tue, 10 Dec 2019 03:51:36 +0000 (22:51 -0500)]
Clean up claimable_outpoints when pending_claim_requests is cleaned
When claimable_outpoints was introduced in "Move
our_claim_txn_waiting_first_conf to pending_claim_requests", removal
of elements from it (which are just pointers into
pending_claim_requests) was never added.
Matt Corallo [Tue, 10 Dec 2019 03:14:47 +0000 (22:14 -0500)]
Correct input comparison for input-subset RBF bump creation
This resolves a regression introduced in "Implement bumping engine in
ChannelMonitor::block_connected" in which not all inputs are checked.
Several opportunities to clarify and clean up comments are also taken.
Fix test_bump_penalty_txn_on_revoked_htlcs as now remote claim txn
build the same way than us are going to be register as cleaning
pending_claim_request after ANTI_REORG_DELAY. It means during this
delay we are going to generate invalid bumped claiming txn on
already claimed outpoints. Previously these txn weren't issued
because all their outpoints would have been removed.
Fix full_stack_target by adding more input for FuzzEstimator
Antoine Riard [Mon, 9 Dec 2019 21:59:08 +0000 (16:59 -0500)]
Track and react to remote partial-claiming of pending claim request
A pending claim request may contain a set of multiple outpoints.
If one or multiple of them get claimed by remote party, our in-flight
claiming transactions aren't valid anymore so we need to react
quickly and regenerate claiming transaction with accurate set.
However, a claimed outpoint may be disconnected and we need to resurrect
back outpoint among set of orignal pending claim request.
To guarantee consistency of contentious claimed outpoint we cache it
as OnchainEvent::ContentionsOutpoint and only delete it after
ANTI_REORG_DELAY.
Fix test broken by change, partial claiming on revoked txn
force us to regenerate txn
Antoine Riard [Tue, 2 Jul 2019 19:52:58 +0000 (15:52 -0400)]
Implement bumping engine in ChannelMonitor::block_connected
Add RBF-bumping of justice txn, given they are only signed by us we
can RBF at wish.
Aggregation of bump-candidates and more aggresive bumping heuristics
are left open
Fix tests broken by introduction of more txn broadcast.
Some tests may have a relaxed check (claim_htlc_ouputs_single_tx)
as broadcast bumped txn are now interwining in previous broadcast ones
and breaking simple expectations
Use bumping engine to rebuild claiming transaction in case of partial-
claim of its outpoints set.
Antoine Riard [Tue, 10 Dec 2019 03:18:41 +0000 (22:18 -0500)]
Remove superflous pending_claims
As local onchain txn are already monitored in block_connected by
check_spend_local_transaction, it's useless to generate twice
pending claims for HTLC outputs on local commitment tx.
Antoine Riard [Tue, 10 Dec 2019 03:18:20 +0000 (22:18 -0500)]
Move our_claim_txn_waiting_first_conf to pending_claim_requests
Add claimable_outpoints maps.
Both structures are tied and should ensure their mutual consistency.
Pending_claim_requests is cached by original claim txid. Medatada
and per input material should be constant between bumped transactions,
only change should be partial-claiming of outpoints set and block
reorgs.
Due to RBF rules, if an input has been part of an aggregate tx
at first claim try, if we want the bumped tx to land nicely
in the mempool, inputs should be distributed in multiple
bumped tx but still be aggregate in a new bumped tx.
Antoine Riard [Mon, 18 Nov 2019 05:43:13 +0000 (00:43 -0500)]
Add timer_chan_freshness_every_min
Latency/peer disconnection may trigger us to mark as disabled
some of our channels. After some time, if channels are still
disabled we need to broadcast ChannelUpdate to inform other network
peers about the uselessness of these channels.
chaininterface+multi: add filter_block and reentered to ChainWatchInterface
Because filter_block takes a and returns a list of s , we must add a lifetime to the ChainWatchInterface, which bubbles up in a lot of places. These places include adding a lifetime to the Node struct, which causes a lot of rearranging tests so that variables don't go out of scope before the Node that owns them does.
Adding this struct will allow us to remove the circular reference
between ChainListeners and the ChainWatchInterface, because it
separates out the responsibility of notifying listeners about new
blocks from the responsibility of storing and retrieving watched
transactions.
multi: remove listeners field and method from ChainWatchInterface
This includes the purpose of this PR, which is to remove the circular reference created by ChainListeners self-adding themselves to their ChainWatchInterface's `listeners` field.
Antoine Riard [Thu, 14 Nov 2019 23:50:24 +0000 (18:50 -0500)]
Check expected amount in claim_funds
Require to specify expected amount so that we can claim only
payment for thhe correct amount, and reject payments for incorrect
amounts (which are probably middle nodes probing to break our privacy).
Send back incorrect_or_unknown_payments_details (PERM|15) to avoid
the probe node learning that final node is waiting a payment with
the routed hash.
Antoine Riard [Tue, 5 Nov 2019 00:54:43 +0000 (19:54 -0500)]
Make field error of LightingError mandatory
We also fulfilled last empty ErrorAction:
- Router secp fail : IgnoreError
- processing error in Router : IgnoreError
- get_channel_update too early : IgnoreError
Antoine Riard [Wed, 13 Nov 2019 00:27:55 +0000 (19:27 -0500)]
Avoid claiming remote received HTLCs with preimage
In case of duplicate HTLCs with same hash going in opposite
directions we may learn preimage of offered one, but we shouldn't
claim received one to avoid invalidation of combined claim.
The received HTLC is going to be claimed by a timeout tx at
timelock expiration.