Jeffrey Czyz [Mon, 10 Feb 2020 19:13:41 +0000 (11:13 -0800)]
Move initial_routing_sync decision to the Router
PeerManager determines whether the initial_routing_sync feature bit
should be set when sending Init messages to peers. Move this to the
Router as it is better able to determine if a full sync is needed.
Matt Corallo [Sun, 12 Jan 2020 23:04:40 +0000 (18:04 -0500)]
Fix EnforcingChannelKeys panic when our counterparty burns their $.
If our counterparty burns their funds by revoking their current
commitment transaction before we've sent them a new one, we'll step
forward the remote commitment number. This would be otherwise fine
(and may even encourage them to broadcast their revoked state(s) on
chain), except that our new EnforcingChannelKeys expects us to not
jump forward in time. Since it isn't too important that we punish
our counterparty in such a corner-case, we opt to just close the
channel in such a case and move on.
Jeffrey Czyz [Fri, 24 Jan 2020 14:43:58 +0000 (06:43 -0800)]
Move message type parity logic to the wire module
Create a MessageType abstraction and use it throughout the wire module's
external interfaces. Include an is_even method for clients to determine
how to handle unknown messages.
Jeffrey Czyz [Tue, 21 Jan 2020 23:26:21 +0000 (15:26 -0800)]
Encapsulate message wire encoding into a module
Lightning messages are identified by a 2-byte type when encoded on the
wire. Rather than expecting callers to know message types when sending
messages to peers, have each message implement a trait defining the
message type. Provide an interface for reading and writing messages
as well as a Message enum for matching the decoded message, including
unknown messages.
Matt Corallo [Wed, 22 Jan 2020 23:31:57 +0000 (18:31 -0500)]
Clean up documentation around spendable outputs significantly.
* Fixed a number of grammar issues
* Clarified the docs for users who are intimately farmiliar with
arbitrary lines of text copied from the BOLTs
* Added a bit more text so that things are easier to read and less
disjoint.
* Clarified exactly how the witness stack should look since I had
to go dig for it.
Update ChannelManager's ChannelMonitor Arc to be a Deref
Additional changes:
* Update fuzz crate to match ChannelManager's new API
* Update lightning-net-tokio library to match ChannelManager's new ChannelMonitor Deref API
* Update tests to match ChannelManager's new ChannelMonitor Deref API
Matt Corallo [Sat, 28 Dec 2019 06:10:14 +0000 (01:10 -0500)]
Pass node features through to RouteHops
This exposes the latest Init-context features in the ChannelDetails
passed to the Router during route calculation, which combines those
with the Node-context features tracked from node_announcements to
provide the latest Node-context features in RouteHop structs.
Fields are also added for Channel-context features, though those are
only partially used since no such features are defined today anyway.
These will be useful when determining whether to use new
TLV-formatted onion hop datas when generating onions for peers.
Matt Corallo [Sun, 29 Dec 2019 19:22:43 +0000 (14:22 -0500)]
Keep track of the Init Features for every connected/channel'd peer
Since we want to keep track of the Init-context features for every
peer we have channels with, we have to keep them for as long as the
peer is connected (since we may open a channel with them at any
point).
We go ahead and take this opportunity to create a new per-peer-state
struct which has two levels of mutexes which is appropriate for
moving channel storage to.
Since we can't process messages from a given peer in parallel, the
inner lock is a regular mutex, but the outer lock is RW so that we
can process for different peers at the same time with an outer read
lock.
Matt Corallo [Sun, 19 Jan 2020 21:03:25 +0000 (16:03 -0500)]
Panic on txn with value > 21mill in ChannelMonitor::block_connected
full_stack_target found a crash where we may overflow ruring fee
calculation if a transaction appears on-chain with massive value
available for us to claim. Since these transactions are clearly
bogus, we shouldn't allow full_stack_target to connect them, but
we also improve the error generated by explicitly panicing on them.
Matt Corallo [Sun, 19 Jan 2020 20:38:34 +0000 (15:38 -0500)]
Drop individual fuzz target duplicate_crash tests for file reader
Previously, in each of our fuzz tests we had a dummy test which
had a hard-coded hex string which it passed into the fuzz target
so that when a failing test case was found, its hex could be
copied into the test and you could run cargo test to analyze the
failure. However, this was somewhat unwieldy as converting large
tests back and forth between hex and raw files is quite annoying.
Instead, we replace each of those tests with a test in each target
that looks for files in fuzz/test_cases and runs each file it finds.
Since we're editing every bin target anyway, we also automate adding
no_main to libfuzzer builds with #![cfg_attr].
Antoine Riard [Tue, 14 Jan 2020 18:47:01 +0000 (13:47 -0500)]
Bound incoming HTLC witnessScript to min/max limits
Fix a crash where previously we weren't able to detect any accepted
HTLC if its witness-encoded cltv expiry was different from expected
ACCEPTED_HTLC_SCRIPT_WEIGHT. This should work for any cltv expiry
included between 0 and 16777216 on mainnet, testnet and regtest.
Matt Corallo [Mon, 13 Jan 2020 18:43:54 +0000 (13:43 -0500)]
Fix crash when a claim tx has some non-witness inputs.
The logger which decides what to refer to an on-chain claim tx was
assuming that all inputs would have a witness. While this was fine
for the one-input case, it broke the fuzzer which was connecting a
consensus-invalid transaction. Further, in the case we have multiple
inputs, some may not have a witness, which we shouldn't crash on.
Jeffrey Czyz [Thu, 16 Jan 2020 18:48:16 +0000 (10:48 -0800)]
Remove unnecessary borrow_parts() methods
Accessing a struct through an std::syn::MutexGuard using implicit
dereferencing can confuse the borrow checker. This situation arises when
obtaining mutable references to more than one field of the struct, which
is normally allowed.
However, when using implicit dereferencing, a mutable reference to the
the entire struct is taken. Thus, attempting to access another field in
this manner will lead to a compilation error.
https://doc.rust-lang.org/error-index.html#E0499
A simple way to avoid this is to first obtain a mutable reference to the
struct using explicit dereferencing.
Matt Corallo [Mon, 13 Jan 2020 18:52:23 +0000 (13:52 -0500)]
Refactor features a bit more to describe what the constructors do
The Features::new() method is nonsense and doesn't describe what
features were being set - we introduce an empty() and supported()
constructors instead.
Matt Corallo [Mon, 13 Jan 2020 18:50:29 +0000 (13:50 -0500)]
Fix Feature endianness by swapping bytes on read/write.
The spec is a bit mum on feature endianness, so I suppose it falls
under the "everything is big endian unless otherwise specified"
clause, but we were treating it as little.
This change was made in the flat features BOLT PR, as if a channel
requires some unknown feature bits we should still rumor it, we just
shouldn't route through it.
Matt Corallo [Mon, 23 Dec 2019 22:52:58 +0000 (17:52 -0500)]
Implement Flat Features
This merges local and global features into one struct, which is
parameterized by where it appers. The parameterization restricts
which queries can be made and which features can be set, in line
with the latest BOLT 9.
Antoine Riard [Tue, 5 Nov 2019 23:51:05 +0000 (18:51 -0500)]
Drop Result for ChannelMessageHandler methods
Simplify interfaces between ChannelMessageHandler and PeerManager,
by switching all ChannelMessageHandler errors to HandleError sent
internally instead of being return. With further refactors in Router
and PeerChannelEncryptor, errors management on the PeerManager-side
won't be splitted between try_potential_handleerror and HandleError
processing.
Inside ChannelManager, we now log MsgHandleErrInternal and send
ErrorAction to PeerManager.
On a high-level, it should allow client using API to be more flexible
by polling events instead of waiting function call returns.
We also update handle_error macro to take channel_state_lock from
caller which should avoid some deadlock potential for some edges
cases.
Filter out IgnoreError in handle_error macro, update test in
consequence.
Matt Corallo [Fri, 13 Dec 2019 03:42:08 +0000 (22:42 -0500)]
Drop duplicative current-local-tx storage in channel.
We now have current-local-tx broadcast ability in channel monitors
directly (for ChannelManager deserialization), so we can just use
that instead of always having the Channel store signed ready-to-go
copies of the latest local commitment transaction.
This is further kinda nice since ChannelMonitor is live and can, eg
broadcast HTLC-Success transactions immediately as they will be
generated at broadcast time instead of in advance.
Finally, this lets us clean up a tiny bit in Channel.
Matt Corallo [Fri, 20 Dec 2019 19:53:16 +0000 (14:53 -0500)]
Remove unused lifetimes.
f71518365f61a5fe2a0340953ad6592c0d2b72cc added a series of lifetimes
which were required for an earlier version of the patch but not the
final version. They can be freely removed.
Matt Corallo [Wed, 27 Nov 2019 21:08:48 +0000 (16:08 -0500)]
Make commitment transaction signing a part of ChannelKeys.
This adds a new fn to ChannelKeys which is called when we generte
a new remote commitment transaction for signing. While it may be
theoretically possible to unwind state updates by disconnecting and
reconnecting as well as making appropriate state machine changes,
the effort required to get it correct likely outweighs the UX cost
of "preflighting" the requests to hardwre wallets.
Matt Corallo [Tue, 26 Nov 2019 21:46:33 +0000 (16:46 -0500)]
Make ChannelKeys an API and template Channel with it.
Instead of having in-memory access to the list of private keys
associated with a channel, we should have a generic API which
allows us to request signing, allowing the user to store private
keys any way they like.
The first step is the (rather mechanical) process of templating
the entire tree of ChannelManager -> Channel impls by the
key-providing type. In a later commit we should expose only public
keys where possible.
Antoine Riard [Tue, 10 Dec 2019 22:25:27 +0000 (17:25 -0500)]
Add test_bump_txn_sanitize_tracking_maps
Extend test visibility of claim-tracking maps to do so.
Cover both "If 2 claimable-outpoint-spending txn are in 1 block,
clean up properly" and "Clean up claimable_outpoints when
pending_claim_requests is cleaned" fix commits in same patchset.
Matt Corallo [Tue, 10 Dec 2019 03:51:36 +0000 (22:51 -0500)]
Clean up claimable_outpoints when pending_claim_requests is cleaned
When claimable_outpoints was introduced in "Move
our_claim_txn_waiting_first_conf to pending_claim_requests", removal
of elements from it (which are just pointers into
pending_claim_requests) was never added.