]> git.bitcoin.ninja Git - rust-lightning/log
rust-lightning
2 years agoRemove 'slack' (and other things)
Elias Rohrer [Fri, 22 Jul 2022 16:28:31 +0000 (18:28 +0200)]
Remove 'slack' (and other things)

2 years agoMerge pull request #1420 from TheBlueMatt/2022-04-moar-lockorder
Matt Corallo [Thu, 21 Jul 2022 02:29:16 +0000 (02:29 +0000)]
Merge pull request #1420 from TheBlueMatt/2022-04-moar-lockorder

Expand lockorder testing to look at mutexes, not specific instances

2 years agoSwap `HashSet`s with custom `Hash` in debug_sync for `HashMap`s 2022-04-moar-lockorder
Matt Corallo [Tue, 19 Jul 2022 17:51:45 +0000 (17:51 +0000)]
Swap `HashSet`s with custom `Hash` in debug_sync for `HashMap`s

2 years agoExpand lockorder testing to look at mutexes, not specific instances
Matt Corallo [Tue, 12 Apr 2022 17:32:35 +0000 (17:32 +0000)]
Expand lockorder testing to look at mutexes, not specific instances

Our existing lockorder inversion checks look at specific instances
of mutexes rather than the general mutex itself. This changes that
behavior to look at the instruction pointer at which a mutex was
created and treat all mutexes which were created at the same
location as equivalent.

This allows us to detect lockorder inversions which occur across
tests, though it does substantially reduce parallelism during test
runs.

2 years agoConstruct all ChannelMonitor mutexes in the same function
Matt Corallo [Fri, 15 Jul 2022 16:18:42 +0000 (16:18 +0000)]
Construct all ChannelMonitor mutexes in the same function

When we add lockorder detection based on mutex construction site
rather than mutex instance in the next commit, ChannelMonitor's
PartialEq implementation causes spurious failures. This is caused
by the lockorder detection logic considering the ChannelMonitor
inner mutex to be two distinct mutexes - one when monitors are
deserialized and one when monitors are created fresh. Instead, we
attempt to tell the lockorder detection logic that they are the
same by ensuring they're constructed in the same place - in this
case a util method.

2 years agoMerge pull request #1624 from tnull/2022-07-fix-doc
Matt Corallo [Wed, 20 Jul 2022 17:38:42 +0000 (17:38 +0000)]
Merge pull request #1624 from tnull/2022-07-fix-doc

Fix 'not a hyperlink' doc warning

2 years agoMerge pull request #1623 from lexe-tech/custom-smart-pointers
valentinewallace [Wed, 20 Jul 2022 17:07:20 +0000 (13:07 -0400)]
Merge pull request #1623 from lexe-tech/custom-smart-pointers

lightning-net-tokio: Allow custom smart pointers

2 years agoFix 'not a hyperlink' doc warning
Elias Rohrer [Wed, 20 Jul 2022 12:57:31 +0000 (14:57 +0200)]
Fix 'not a hyperlink' doc warning

2 years agolightning-net-tokio: Allow custom smart pointers
Max Fang [Wed, 20 Jul 2022 04:57:12 +0000 (21:57 -0700)]
lightning-net-tokio: Allow custom smart pointers

2 years agoMerge pull request #1610 from TheBlueMatt/2022-07-no-rand-path-selection
Matt Corallo [Tue, 19 Jul 2022 16:56:36 +0000 (16:56 +0000)]
Merge pull request #1610 from TheBlueMatt/2022-07-no-rand-path-selection

2 years agoReduce default max_channel_saturation_power_of_half to 2 (max 1/4) 2022-07-no-rand-path-selection
Matt Corallo [Tue, 12 Jul 2022 21:13:30 +0000 (21:13 +0000)]
Reduce default max_channel_saturation_power_of_half to 2 (max 1/4)

Saturating a channel beyond 1/4 of its capacity seems like a more
reasonable threshold for avoiding a path than 1/2, especially given
we should still be willing to send a payment with a lower
saturation limit if it comes to that.

This requires an (obvious) change to some router tests, but also
requires a change to the `fake_network_test`, opting to simply
remove some over-limit test code there - `fake_network_test` was
our first ever functional test, and while it worked great to ensure
LDK worked at all on day one, we now have a rather large breadth
of functional tests, and a broad "does it work at all" test is no
longer all that useful.

2 years agoMake route path selection optimize strictly for `cost / amount`
Matt Corallo [Tue, 12 Jul 2022 20:35:36 +0000 (20:35 +0000)]
Make route path selection optimize strictly for `cost / amount`

Currently, after we've selected a number of candidate paths, we
construct a route from a random set of paths repeatedly, and then
select the route with the lowest total cost. In the vast majority
of cases this ends up doing a bunch of additional work in order to
select the path(s) with the total lowest cost, with some vague
attempt at randomization that doesn't actually work.

Instead, here, we simply sort available paths by `cost / amount`
and select the top paths. This ends up in practice having the same
end result with substantially less complexity. In some rare cases
it gets a better result, which also would have been achieved
through more random trials. This implies there may in such cases be
a potential privacy loss, but not a substantial one, given our path
selection is ultimately mostly deterministic in many cases (or, if
it is not, then privacy is achieved through randomization at the
scorer level).

2 years agoFix tracking of collected value across pathfinding iterations
Matt Corallo [Tue, 12 Jul 2022 20:30:00 +0000 (20:30 +0000)]
Fix tracking of collected value across pathfinding iterations

If we end up "paying" for an `htlc_minimum_msat` with fees, we
increment `already_collected_value_msat` by more than the amount
of the path that we collected (who's `value_contribution_msat` is
higher than the total payment amount, despite having been reduced
down to the payment amount).

This throws off our total value collection target, though in the
coming commit(s) it would also throw off our path selection
calculations.

2 years agoMerge pull request #1618 from wpaulino/gossip-sync-constructors
Matt Corallo [Fri, 15 Jul 2022 19:12:41 +0000 (19:12 +0000)]
Merge pull request #1618 from wpaulino/gossip-sync-constructors

Add convenient GossipSync variant constructors

2 years agoAdd convenient GossipSync variant constructors
Wilmer Paulino [Thu, 14 Jul 2022 19:32:30 +0000 (12:32 -0700)]
Add convenient GossipSync variant constructors

These constructors fill in the missing types for each variant so that
users don't have to turbofish them manually.

2 years agoMerge pull request #1600 from TheBlueMatt/2022-07-explicit-avoid-retries
Matt Corallo [Fri, 15 Jul 2022 13:51:05 +0000 (13:51 +0000)]
Merge pull request #1600 from TheBlueMatt/2022-07-explicit-avoid-retries

2 years agoChange default "impossibility penalty" to one Bitcoin 2022-07-explicit-avoid-retries
Matt Corallo [Thu, 7 Jul 2022 17:37:22 +0000 (17:37 +0000)]
Change default "impossibility penalty" to one Bitcoin

In general we should avoid taking paths that we are confident will
not work as much possible, but we should be willing to try each
payment at least once, even if its over a channel that failed
recently. A full Bitcoin penalty for such a channel seems
reasonable - lightning fees are unlikely to ever reach that point
so such channels will be scored much worse than any other potential
path, while still being below `u64::max_value()`.

2 years agoMake the `ProbabilisticScorer` impossibility penalty configurable
Matt Corallo [Wed, 6 Jul 2022 21:05:54 +0000 (21:05 +0000)]
Make the `ProbabilisticScorer` impossibility penalty configurable

When we consider sending an HTLC over a given channel impossible
due to our current knowledge of the channel's liquidity, we
currently always assign a penalty of `u64::max_value()`. However,
because we now refuse to retry a payment along the same path in
the router itself, we can now make this value configurable. This
allows users to have a relatively high knowledge decay interval
without the side-effect of refusing to try the only available path
in cases where a channel is intermittently available.

2 years agoTrack channels which a given payment part failed to traverse
Matt Corallo [Wed, 6 Jul 2022 19:17:40 +0000 (19:17 +0000)]
Track channels which a given payment part failed to traverse

When an HTLC fails, we currently rely on the scorer learning the
failed channel and assigning an infinite (`u64::max_value()`)
penalty to the channel so as to avoid retrying over the exact same
path (if there's only one available path). This is common when
trying to pay a mobile client behind an LSP if the mobile client is
currently offline.

This leads to the scorer being overly conservative in some cases -
returning `u64::max_value()` when a given path hasn't been tried
for a given payment may not be the best decision, even if that
channel failed 50 minutes ago.

By tracking channels which failed on a payment part level and
explicitly refusing to route over them we can relax the
requirements on the scorer, allowing it to make different decisions
on how to treat channels that failed relatively recently without
causing payments to retry the same path forever.

This does have the drawback that it could allow two separate part
of a payment to traverse the same path even though that path just
failed, however this should only occur if the payment is going to
fail anyway, at least as long as the scorer is properly learning.

Closes #1241, superseding #1252.

2 years agoMerge pull request #1605 from TheBlueMatt/2022-07-smaller-mpp-parts
Matt Corallo [Thu, 14 Jul 2022 18:33:53 +0000 (18:33 +0000)]
Merge pull request #1605 from TheBlueMatt/2022-07-smaller-mpp-parts

Avoid saturating channels before we split payments

2 years agoMerge pull request #1543 from jkczyz/2022-06-network-graph-bindings
Jeffrey Czyz [Thu, 14 Jul 2022 16:57:08 +0000 (11:57 -0500)]
Merge pull request #1543 from jkczyz/2022-06-network-graph-bindings

Look-up functions for `ReadOnlyNetworkGraph`

2 years agoLook-up functions for ReadOnlyNetworkGraph
Jeffrey Czyz [Tue, 14 Jun 2022 23:05:25 +0000 (18:05 -0500)]
Look-up functions for ReadOnlyNetworkGraph

ReadOnlyNetworkGraph uses BTreeMap to store its nodes and channels, but
these data structures are not supported by C bindings. Expose look-up
functions on these maps in lieu of such support.

2 years agoMerge pull request #1615 from TheBlueMatt/2022-07-screw-dependabot
Matt Corallo [Thu, 14 Jul 2022 00:53:17 +0000 (00:53 +0000)]
Merge pull request #1615 from TheBlueMatt/2022-07-screw-dependabot

Rip out dependabot - its worse than useless - its annoying

2 years agoRip out dependabot - its worse than useless - its annoying 2022-07-screw-dependabot
Matt Corallo [Wed, 13 Jul 2022 19:33:25 +0000 (19:33 +0000)]
Rip out dependabot - its worse than useless - its annoying

Dependabot has a ton of issues with its rust integration that makes
it wholly useless, and very annoying:
 * It has no concept of MSRV, opening PRs that are not going to pass
   CI.
 * It has no concept of patch-level - if we depend on tokio 1.X,
   that means any version of tokio > 1.X, but dependabot insists on
   opening a PR to "update us" to tokio 1.X + 1, even though it
   doesn't impact what version of our users use (and often violates
   MSRV).
 * It has no concept of dependencies that rely on each other,
   causing it to open a PR to update us to bitcoin_hashes X + 1,
   even though we're still depending on rust-bitcoin Y which
   depends on bitcoin_hashes X, causing build failure.
 * It hogs CI resources, getting CI run twice, once for the branch
   once for the PR.
 * It creates branches directly on the rust-lightning repo, making
   it look like the work is somehow connected to the
   lightningdevkit project, even though it isn't, and spamming the
   local clones of project contributors.

At the end of the day, dependabot has never meaningfully
contributed to notifying us of an important dependency, and,
really, we don't have enough dependencies for it to matter.

2 years agoFix some test theoretical lock inversions
Matt Corallo [Tue, 12 Apr 2022 17:28:15 +0000 (17:28 +0000)]
Fix some test theoretical lock inversions

In the next commit we add lockorder testing based on the line each
mutex was created on rather than the particular mutex instance.
This causes some additional test failure because of lockorder
inversions for the same mutex across different tests, which is
fixed here.

2 years agoAdd a test of the new channel saturation limit 2022-07-smaller-mpp-parts
Matt Corallo [Sat, 9 Jul 2022 04:24:22 +0000 (04:24 +0000)]
Add a test of the new channel saturation limit

2 years agoRelax the channel saturation limit if we can't find enough paths
Matt Corallo [Fri, 8 Jul 2022 19:48:00 +0000 (19:48 +0000)]
Relax the channel saturation limit if we can't find enough paths

In order to avoid failing to find paths due to the new channel
saturation limit, if we fail to find enough paths, we simply
disable the saturation limit for further path finding iterations.

Because we can now increase the maximum sent over a given channel
during routefinding, we may now generate redundant paths for the
same payment. Because this is wasteful in the network, we add an
additional pass during routefinding to merge redundant paths.

Note that two tests which previously attempted to send exactly the
available liquidity over a channel which charged an absolute fee
need updating - in those cases the router will first collect a path
that is saturation-limited, then attempt to collect a second path
without a saturation limit while stil honoring the existing
utilized capacity on the channel, causing failure as the absolute
fee must be included.

2 years agoAvoid saturating channels before we split payments
Matt Corallo [Fri, 8 Jul 2022 18:26:06 +0000 (18:26 +0000)]
Avoid saturating channels before we split payments

Currently we only opt to split a payment into an MPP if we have
completely and totally used a channel's available capacity (up to
the announced htlc_max or on-chain capacity, whichever is lower).
This is obviously destined to fail as channels are unlikely to have
their full capacity available.

Here we do the minimum viable fix by simply limiting channels to
only using up to a configurable power-of-1/2. We default this new
configuration knob to 1 (1/2 of the channel) so as to avoid a
substantial change but in the future we may consider changing this
to 2 (1/4) or even 3 (1/8).

2 years agoMerge pull request #1552 from dunxen/2022-06-checkminrelayfee
Matt Corallo [Wed, 13 Jul 2022 16:49:16 +0000 (16:49 +0000)]
Merge pull request #1552 from dunxen/2022-06-checkminrelayfee

Add min feerate checks

2 years agoMake all internal signatures accept LowerBoundedFeeEstimator
Duncan Dean [Wed, 29 Jun 2022 13:13:40 +0000 (15:13 +0200)]
Make all internal signatures accept LowerBoundedFeeEstimator

2 years agoAdd LowerBoundedFeeEstimator to set FeeEstimator min rates
Duncan Dean [Wed, 29 Jun 2022 12:59:07 +0000 (14:59 +0200)]
Add LowerBoundedFeeEstimator to set FeeEstimator min rates

`LowerBoundedFeeEstimator` is a wrapper for `Deref`s to `FeeEstimator`s
that limits the get_est_sat_per_1000_weight() method to no less than 253
sats/kW.

2 years agoMerge pull request #1542 from ViktorTigerstrom/2022-06-prepare-maps-for-channels...
Matt Corallo [Wed, 13 Jul 2022 01:03:11 +0000 (18:03 -0700)]
Merge pull request #1542 from ViktorTigerstrom/2022-06-prepare-maps-for-channels-per-peer

Preparations for storing channels per peer

2 years agoAdd `ChannelManager:id_to_peer` map coverage test
Viktor Tigerström [Mon, 6 Jun 2022 18:20:48 +0000 (20:20 +0200)]
Add `ChannelManager:id_to_peer` map coverage test

2 years agoAdd id_to_peer map
Viktor Tigerström [Fri, 3 Jun 2022 15:17:39 +0000 (17:17 +0200)]
Add id_to_peer map

2 years agoMerge pull request #1603 from TheBlueMatt/2022-07-no-backwards-time
Matt Corallo [Mon, 11 Jul 2022 21:07:18 +0000 (14:07 -0700)]
Merge pull request #1603 from TheBlueMatt/2022-07-no-backwards-time

Avoid panicking on wallclock time going backwards across restart

2 years agoMerge pull request #1596 from jurvis/jurvis/give-chanmon-counterparty-id
Jeffrey Czyz [Mon, 11 Jul 2022 18:51:55 +0000 (13:51 -0500)]
Merge pull request #1596 from jurvis/jurvis/give-chanmon-counterparty-id

Make ChannelMonitor aware of counterparty's node id

2 years agoAvoid panicking on wallclock time going backwards across restart 2022-07-no-backwards-time
Matt Corallo [Fri, 8 Jul 2022 01:16:05 +0000 (01:16 +0000)]
Avoid panicking on wallclock time going backwards across restart

Because we serialize `Instant`s using wallclock time in
`ProbabilisticScorer`, if time goes backwards across restarts we
may end up with `Instant`s in the future, which causes rustc prior
to 1.60 to panic when calculating durations. Here we simply avoid
this by setting the time to `now` if we get a time in the future.

2 years agoAdd counterparty_node_id to ChannelMonitor
jurvis [Tue, 5 Jul 2022 22:36:27 +0000 (15:36 -0700)]
Add counterparty_node_id to ChannelMonitor

2 years agoMerge pull request #1602 from TheBlueMatt/2022-07-109-rel-missing-force-close
Jeffrey Czyz [Fri, 8 Jul 2022 19:34:13 +0000 (14:34 -0500)]
Merge pull request #1602 from TheBlueMatt/2022-07-109-rel-missing-force-close

Add missing note about renaming force-close methods in 109 changelog

2 years agoMerge pull request #1592 from tnull/2022-07-manual-penalty
Matt Corallo [Fri, 8 Jul 2022 19:29:25 +0000 (12:29 -0700)]
Merge pull request #1592 from tnull/2022-07-manual-penalty

Allow to set manual node penalties

2 years agoAdd missing note about renaming force-close methods in 109 changelog 2022-07-109-rel-missing-force-close
Matt Corallo [Thu, 7 Jul 2022 17:43:30 +0000 (17:43 +0000)]
Add missing note about renaming force-close methods in 109 changelog

2 years agoMerge pull request #1567 from tnull/2022-06-send-probe
Jeffrey Czyz [Thu, 7 Jul 2022 14:27:14 +0000 (09:27 -0500)]
Merge pull request #1567 from tnull/2022-06-send-probe

Add simple probing API

2 years agoRename `short_to_id` map to `short_to_chan_info`
Viktor Tigerström [Thu, 9 Jun 2022 23:06:42 +0000 (01:06 +0200)]
Rename `short_to_id` map to `short_to_chan_info`

As the map values are no longer only `channel_id`s, but also a
`counterparty_node_id`s, the map is renamed to better correspond to
whats actually stored in the map.

2 years agoAdd `counterparty_node_id` to `short_to_id` map
Viktor Tigerström [Tue, 17 May 2022 16:07:41 +0000 (18:07 +0200)]
Add `counterparty_node_id` to `short_to_id` map

2 years agoAdd `send_probe` and introduce probing cookies
Elias Rohrer [Fri, 24 Jun 2022 10:00:20 +0000 (12:00 +0200)]
Add `send_probe` and introduce probing cookies

When we send payment probes, we generate the [`PaymentHash`] based on a
probing cookie secret and a random [`PaymentId`]. This allows us to
discern probes from real payments, without keeping additional state.

2 years agoMerge pull request #1599 from TheBlueMatt/2022-07-fuzz-warns
Matt Corallo [Wed, 6 Jul 2022 19:26:14 +0000 (12:26 -0700)]
Merge pull request #1599 from TheBlueMatt/2022-07-fuzz-warns

Drop unused imports in fuzzing test cases

2 years agoDrop unused imports in fuzzing test cases 2022-07-fuzz-warns
Matt Corallo [Wed, 6 Jul 2022 16:18:30 +0000 (16:18 +0000)]
Drop unused imports in fuzzing test cases

2 years agoRefactor `max_mpp_path_count` to `max_path_count`
Elias Rohrer [Fri, 24 Jun 2022 08:53:49 +0000 (10:53 +0200)]
Refactor `max_mpp_path_count` to `max_path_count`

Using this field just for MPP doesn't make sense when it could
intuitively also be used to indicate single-path payments. We therefore
rename `max_mpp_path_count` to `max_path_count` and make sure that a
value of 1 ensures MPP is not even tried.

2 years agoMerge pull request #1588 from TheBlueMatt/2022-06-ffs-dumb-ser
Matt Corallo [Tue, 5 Jul 2022 20:46:43 +0000 (13:46 -0700)]
Merge pull request #1588 from TheBlueMatt/2022-06-ffs-dumb-ser

Do not execute the default_value expr until we need it in TLV deser

2 years agoDo not execute the default_value expr until we need it in TLV deser 2022-06-ffs-dumb-ser
Matt Corallo [Fri, 1 Jul 2022 21:14:19 +0000 (21:14 +0000)]
Do not execute the default_value expr until we need it in TLV deser

This fixes an insta-panic in `ChannelMonitor` deserialization where
we always `unwrap` a previous value to determine the default value
of a later field. However, because we always ran the `unwrap`
before the previous field is read, we'd always panic.

The fix is rather simple - use a `OptionDeserWrapper` for
`default_value` fields and only fill in the default value if no
value was read while walking the TLV stream.

The only complexity comes from our desire to support
`read_tlv_field` calls that use an explicit field rather than an
`Option` of some sort, which requires some statement which can
assign both an `OptionDeserWrapper<T>` variable and a `T` variable.
We settle on `x = t.into()` and implement `From<T> for
OptionDeserWrapper<T>` which works, though it requires users to
specify types explicitly due to Rust determining expression types
prior to macro execution, completely guessing with no knowlege for
integer expressions (see
https://github.com/rust-lang/rust/issues/91369).

2 years agoMerge pull request #1586 from TheBlueMatt/2022-06-0.0.109
Matt Corallo [Tue, 5 Jul 2022 17:30:26 +0000 (10:30 -0700)]
Merge pull request #1586 from TheBlueMatt/2022-06-0.0.109

Fix date on 0.0.109 release notes

2 years agoMerge pull request #1589 from TheBlueMatt/2022-07-sec-policy
Matt Corallo [Tue, 5 Jul 2022 17:30:17 +0000 (10:30 -0700)]
Merge pull request #1589 from TheBlueMatt/2022-07-sec-policy

Add security policy with PGP keys

2 years agoAllow to set manual node penalties
Elias Rohrer [Mon, 4 Jul 2022 07:36:06 +0000 (09:36 +0200)]
Allow to set manual node penalties

A user might want to explicitly penalize or prioritize a particular
node. We now allow them to do so by specifying a manual penalty
override for a given node that is then returned by the scorer.

2 years agoAdd security policy with PGP keys 2022-07-sec-policy
Matt Corallo [Sat, 2 Jul 2022 15:29:50 +0000 (15:29 +0000)]
Add security policy with PGP keys

Closes #1246.

2 years agoMerge pull request #1553 from wvanlint/dns_hostname
Matt Corallo [Tue, 5 Jul 2022 14:24:17 +0000 (07:24 -0700)]
Merge pull request #1553 from wvanlint/dns_hostname

Adds DNS hostname to NetAddress

2 years agoAdds DNS hostname to NetAddress
Willem Van Lint [Tue, 21 Jun 2022 05:50:50 +0000 (22:50 -0700)]
Adds DNS hostname to NetAddress

2 years ago[fuzz] Update auto-generated target list
Matt Corallo [Fri, 1 Jul 2022 20:55:03 +0000 (20:55 +0000)]
[fuzz] Update auto-generated target list

2 years ago[fuzz] Add a ChannelDetails msg target
Matt Corallo [Fri, 1 Jul 2022 20:54:08 +0000 (20:54 +0000)]
[fuzz] Add a ChannelDetails msg target

2 years ago[fuzz] Take a full struct path in msg gen_target.sh
Matt Corallo [Fri, 1 Jul 2022 20:53:39 +0000 (20:53 +0000)]
[fuzz] Take a full struct path in msg gen_target.sh

2 years agoFix date on 0.0.109 release notes 2022-06-0.0.109
Matt Corallo [Fri, 1 Jul 2022 17:40:44 +0000 (17:40 +0000)]
Fix date on 0.0.109 release notes

We slipped by a day and the PR didn't get updated. NBD, though,
the git tag has the correct date.

2 years agoMerge pull request #1582 from TheBlueMatt/2022-06-0.0.109 v0.0.109
Matt Corallo [Fri, 1 Jul 2022 17:37:17 +0000 (10:37 -0700)]
Merge pull request #1582 from TheBlueMatt/2022-06-0.0.109

Cut 0.0.109

2 years agoBump crate versions to 0.0.109/invoice 0.17
Matt Corallo [Tue, 28 Jun 2022 20:14:59 +0000 (20:14 +0000)]
Bump crate versions to 0.0.109/invoice 0.17

2 years agoUpdate contributor list for 0.0.107 to be consistent with 0.0.109
Matt Corallo [Thu, 30 Jun 2022 22:46:06 +0000 (22:46 +0000)]
Update contributor list for 0.0.107 to be consistent with 0.0.109

2 years agoAdd 0.0.109 CHANGELOG entry.
Matt Corallo [Tue, 28 Jun 2022 20:13:15 +0000 (20:13 +0000)]
Add 0.0.109 CHANGELOG entry.

2 years agoMerge pull request #1585 from TheBlueMatt/2022-06-copy_from_slice-sucks
Matt Corallo [Fri, 1 Jul 2022 16:05:02 +0000 (09:05 -0700)]
Merge pull request #1585 from TheBlueMatt/2022-06-copy_from_slice-sucks

Fix spurious panic on bogus funding txn that confirm and are spent

2 years agoFix spurious panic on bogus funding txn that confirm and are spent 2022-06-copy_from_slice-sucks
Matt Corallo [Tue, 14 Jun 2022 10:54:39 +0000 (10:54 +0000)]
Fix spurious panic on bogus funding txn that confirm and are spent

In c02b6a3807488e1943d79792c5ac0ee52530b971 we moved the
`payment_preimage` copy from inside the macro which only runs if we
are spending an output we know is an HTLC output to doing it for
any script that matches our expected length. This can panic if an
inbound channel is created with a bogus funding transaction that
has a witness program of the HTLC-Success/-Offered length but which
does not have a second-to-last witness element which is 32 bytes.

Luckily this panic is relatively simple for downstream users to
work around - if an invalid-length-copy panic occurs, simply remove
the ChannelMonitor from the bogus channel on startup and run
without it. Because the channel must be funded by a bogus script in
order to reach this panic, the channel will already have closed by
the time the funding transaction is spent, and there can be no
local funds in such a channel, so removing the `ChannelMonitor`
wholesale is completely safe.

In order to test this we have to disable an in-line assertion that
checks that our transactions match expected scripts which we do by
checking for the specific bogus script that we now use in
`test_invalid_funding_tx`.

Thanks to Eugene Siegel for reporting this issue.

2 years agoMerge pull request #1583 from TheBlueMatt/2022-06-no-ro-graph
Matt Corallo [Wed, 29 Jun 2022 19:57:51 +0000 (12:57 -0700)]
Merge pull request #1583 from TheBlueMatt/2022-06-no-ro-graph

Have `find_route` take a `NetworkGraph` instead of a `ReadOnly` one

2 years agoHave `find_route` take a `NetworkGraph` instead of a `ReadOnly` one 2022-06-no-ro-graph
Matt Corallo [Wed, 29 Jun 2022 17:41:30 +0000 (17:41 +0000)]
Have `find_route` take a `NetworkGraph` instead of a `ReadOnly` one

Because downstream languages are often garbage-collected, having
the user directly allocate a `ReadOnlyNetworkGraph` and pass a
reference to it to `find_route` often results in holding a read
lock long in excess of the `find_route` call. Worse, some languages
(like JavaScript) tend to only garbage collect when other code is
not running, possibly leading to deadlocks.

2 years agoMerge pull request #1564 from TheBlueMatt/2022-06-panic-on-behind
Matt Corallo [Mon, 27 Jun 2022 16:34:26 +0000 (09:34 -0700)]
Merge pull request #1564 from TheBlueMatt/2022-06-panic-on-behind

Panic if we're running with outdated state instead of force-closing

2 years agoMerge pull request #1555 from tnull/2022-06-prefer-small-htlc-max
valentinewallace [Mon, 27 Jun 2022 15:37:05 +0000 (11:37 -0400)]
Merge pull request #1555 from tnull/2022-06-prefer-small-htlc-max

Add anti-probing penalty to `ProbabilisticScorer`

2 years agoAdd anti-probing penalty to `ProbabilisticScorer`
Elias Rohrer [Fri, 24 Jun 2022 16:33:15 +0000 (18:33 +0200)]
Add anti-probing penalty to `ProbabilisticScorer`

Currently, channel balances may be rather easily discovered through
probing. This however poses a privacy risk, since the analysis of
balance changes over adjacent channels could in the worst case empower an adversary to
mount an end-to-end deanonymization attack, i.e., track who payed whom.

The penalty added here is applied so we prefer nodes with a smaller `htlc_maximum_msat`, which makes
balance discovery attacks harder to execute. As this improves privacy network-wide, we
treat such nodes preferentially and hence create an incentive to restrict
`htlc_maximum_msat`.

2 years agoPanic if we're running with outdated state instead of force-closing 2022-06-panic-on-behind
Matt Corallo [Thu, 23 Jun 2022 21:25:17 +0000 (21:25 +0000)]
Panic if we're running with outdated state instead of force-closing

When we receive a `channel_reestablish` with a `data_loss_protect`
that proves we're running with a stale state, instead of
force-closing the channel, we immediately panic. This lines up with
our refusal to run if we find a `ChannelMonitor` which is stale
compared to our `ChannelManager` during `ChannelManager`
deserialization. Ultimately both are an indication of the same
thing - that the API requirements on `chain::Watch` were violated.

In the "running with outdated state but ChannelMonitor(s) and
ChannelManager lined up" case specifically its likely we're running
off of an old backup, in which case connecting to peers with
channels still live is explicitly dangerous. That said, because
this could be an operator error that is correctable, panicing
instead of force-closing may allow for normal operation again in
the future (cc #1207).

In any case, we provide instructions in the panic message for how
to force-close channels prior to peer connection, as well as a note
on how to broadcast the latest state if users are willing to take
the risk.

Note that this is still somewhat unsafe until we resolve #1563.

2 years agoAdd ChannelManager methods to force close without broadcasting
Matt Corallo [Thu, 23 Jun 2022 20:25:58 +0000 (20:25 +0000)]
Add ChannelManager methods to force close without broadcasting

If a user restores from a backup that they know is stale, they'd
like to force-close all of their channels (or at least the ones
they know are stale) *without* broadcasting the latest state,
asking their peers to do so instead. This simply adds methods to do
so, renaming the existing `force_close_channel` and
`force_close_all_channels` methods to disambiguate further.

2 years agoMerge pull request #1550 from tnull/2022-06-scorer-banlist
Matt Corallo [Fri, 24 Jun 2022 15:39:12 +0000 (08:39 -0700)]
Merge pull request #1550 from tnull/2022-06-scorer-banlist

Allow nodes to be avoided during pathfinding

2 years agoAllow nodes to be avoided during pathfinding
Elias Rohrer [Sat, 18 Jun 2022 14:24:37 +0000 (16:24 +0200)]
Allow nodes to be avoided during pathfinding

Users may want to - for whatever reasons - prevent payments to be routed
over certain nodes. This change therefore allows to add `NodeId`s to a
list of banned nodes, which then will be avoided during path finding.

2 years agoMerge pull request #1518 from valentinewallace/2022-06-OMs-prefactor
Matt Corallo [Tue, 21 Jun 2022 23:13:37 +0000 (16:13 -0700)]
Merge pull request #1518 from valentinewallace/2022-06-OMs-prefactor

Onion messages v1 pre-refactor

2 years agoEnable simultaneous deserialization+decryption of a ChaChaPoly stream
Valentine Wallace [Tue, 14 Jun 2022 20:28:45 +0000 (16:28 -0400)]
Enable simultaneous deserialization+decryption of a ChaChaPoly stream

In the upcoming onion messages PR, this will allow us to avoid decrypting onion
message encrypted data in an intermediate Vec before decoding it. Instead we
decrypt and decode it at the same time using this new ChaChaPolyReadAdapter object.

In doing so, we need to adapt the decode_tlv_stream macro such that it will
decode a LengthReadableArgs, which is a new trait as well. This trait is
necessary because ChaChaPoly needs to know the total length ahead of time to
separate out the tag at the end.

2 years agoMerge pull request #1556 from danielgranhao/2022-06-improve-docs
valentinewallace [Tue, 21 Jun 2022 19:59:31 +0000 (15:59 -0400)]
Merge pull request #1556 from danielgranhao/2022-06-improve-docs

Clarify description of get_node_secret() method

2 years agochacha20poly1305: enable simultaneous writing+encryption
Valentine Wallace [Tue, 14 Jun 2022 20:13:34 +0000 (16:13 -0400)]
chacha20poly1305: enable simultaneous writing+encryption

In the upcoming onion messages PR, this will allow us to avoid encoding onion
message encrypted data into an intermediate Vec before encrypting it.  Instead
we encode and encrypt at the same time using this new ChaChaPolyWriteAdapter object.

2 years agoMerge pull request #1486 from TheBlueMatt/2022-05-revoked-txn-edge-cases
Matt Corallo [Tue, 21 Jun 2022 18:47:15 +0000 (11:47 -0700)]
Merge pull request #1486 from TheBlueMatt/2022-05-revoked-txn-edge-cases

Fix two edge cases in handling of counterparty revoked commitment txn

2 years agoChange description of get_node_secret()
Daniel Granhão [Tue, 21 Jun 2022 16:38:57 +0000 (17:38 +0100)]
Change description of get_node_secret()

2 years agoMerge pull request #1548 from NicolaLS/serde-module
Matt Corallo [Tue, 21 Jun 2022 16:20:38 +0000 (09:20 -0700)]
Merge pull request #1548 from NicolaLS/serde-module

add feature for Invoice ser/de

2 years agoDon't fail HTLCs in revoked commitment txn until we spend them 2022-05-revoked-txn-edge-cases
Matt Corallo [Sat, 30 Apr 2022 20:30:00 +0000 (20:30 +0000)]
Don't fail HTLCs in revoked commitment txn until we spend them

When we see a counterparty revoked commitment transaction on-chain
we shouldn't immediately queue up HTLCs present in it for
resolution until we have spent the HTLC outputs in some kind of
claim transaction.

In order to do so, we first have to change the
`fail_unbroadcast_htlcs!()` call to provide it with the HTLCs which
are present in the (revoked) commitment transaction which was
broadcast. However, this is not sufficient - because all of those
HTLCs had their `HTLCSource` removed when the commitment
transaction was revoked, we also have to update
`fail_unbroadcast_htlcs` to check the payment hash and amount when
the `HTLCSource` is `None`.

Somewhat surprisingly, several tests actually explicitly tested for
the old behavior, which required amending to pass with the new
changes.

Finally, this adds a debug assertion when writing `ChannelMonitor`s
to ensure `HTLCSource`s do not leak.

2 years agoMerge pull request #1527 from wpaulino/update-htlc-relay-policy
Matt Corallo [Tue, 21 Jun 2022 16:02:29 +0000 (09:02 -0700)]
Merge pull request #1527 from wpaulino/update-htlc-relay-policy

Expose API to update a channel's ChannelConfig

2 years agoUse new Channel::update_config method to update base fee in test
Wilmer Paulino [Wed, 15 Jun 2022 23:34:30 +0000 (16:34 -0700)]
Use new Channel::update_config method to update base fee in test

2 years agoAllow forwarding HTLCs that were constructed for previous config
Wilmer Paulino [Wed, 15 Jun 2022 23:33:23 +0000 (16:33 -0700)]
Allow forwarding HTLCs that were constructed for previous config

This is mostly motivated by the fact that payments may happen while the
latest `ChannelUpdate` indicating our new `ChannelConfig` is still
propagating throughout the network. By temporarily allowing the previous
config, we can help reduce payment failures across the network.

2 years agoTrack previous ChannelConfig and expire after enough ticks
Wilmer Paulino [Thu, 16 Jun 2022 23:24:42 +0000 (16:24 -0700)]
Track previous ChannelConfig and expire after enough ticks

We do this to prevent payment failures while the `ChannelUpdate` for the
new `ChannelConfig` still propagates throughout the network. In a follow
up commit, we'll honor forwarding HTLCs that were constructed based on
either the previous or current `ChannelConfig`.

To handle expiration (when we should stop allowing the previous config),
we rely on the ChannelManager's `timer_tick_occurred` method. After
enough ticks, the previous config is cleared from memory, and only the
current config applies moving forward.

2 years agoExpose API to update a channel's ChannelConfig
Wilmer Paulino [Tue, 14 Jun 2022 23:41:32 +0000 (16:41 -0700)]
Expose API to update a channel's ChannelConfig

A new `update_channel_config` method is exposed on the `ChannelManger`
to update the `ChannelConfig` for a set of channels atomically. New
`ChannelUpdate` events are generated for each eligible channel.

Note that as currently implemented, a buggy and/or
auto-policy-management client could spam the network with updates as
there is no rate-limiting in place. This could already be done with
`broadcast_node_announcement`, though users are less inclined to update
that as frequently as its data is mostly static.

2 years agoExpose ChannelConfig within ChannelDetails
Wilmer Paulino [Tue, 14 Jun 2022 23:40:12 +0000 (16:40 -0700)]
Expose ChannelConfig within ChannelDetails

As we prepare to expose an API to update a channel's ChannelConfig,
we'll also want to expose this struct to consumers such that they have
insights into the current ChannelConfig applied for each channel.

2 years agoadd optional dependency on serde to implement serialize/deserialize for invoice
NicolaLS [Thu, 16 Jun 2022 11:52:49 +0000 (13:52 +0200)]
add optional dependency on serde to implement serialize/deserialize for invoice

2 years agoMerge pull request #1549 from tnull/2022-06-scorer-query-interface
Jeffrey Czyz [Sat, 18 Jun 2022 17:59:27 +0000 (12:59 -0500)]
Merge pull request #1549 from tnull/2022-06-scorer-query-interface

Provide simple interface to query estimated min/max liquidity

2 years agoProvide simple interface to query est. liquidity
Elias Rohrer [Sat, 18 Jun 2022 12:40:36 +0000 (14:40 +0200)]
Provide simple interface to query est. liquidity

2 years agoonion_utils: add next_hop_packet_pubkey method
Valentine Wallace [Fri, 27 May 2022 00:36:32 +0000 (17:36 -0700)]
onion_utils: add next_hop_packet_pubkey method

To get the next hop's packet's pubkey. This will be used to DRY onion message
forwarding in the upcoming Onion Messages PR #1503

2 years agoMerge pull request #1532 from ariard/2022-06-scaleup-far-away
Matt Corallo [Fri, 17 Jun 2022 00:27:27 +0000 (17:27 -0700)]
Merge pull request #1532 from ariard/2022-06-scaleup-far-away

Scale up CLTV_FAR_FAR_AWAY to 2 weeks of blocks

2 years agoScale up CLTV_FAR_FAR_AWAY to 2 weeks of blocks
Antoine Riard [Thu, 9 Jun 2022 21:53:37 +0000 (17:53 -0400)]
Scale up CLTV_FAR_FAR_AWAY to 2 weeks of blocks

2 years agoMerge pull request #1544 from jkczyz/2022-06-node-alias
Matt Corallo [Thu, 16 Jun 2022 13:34:08 +0000 (06:34 -0700)]
Merge pull request #1544 from jkczyz/2022-06-node-alias

Define `NodeAlias` struct and `Display` impl

2 years agoMerge pull request #1531 from ariard/2022-06-fee-sniping
Matt Corallo [Thu, 16 Jun 2022 13:12:29 +0000 (06:12 -0700)]
Merge pull request #1531 from ariard/2022-06-fee-sniping

Funding_tx: add anti-fee sniping recommendation and check if final

2 years agoDefine NodeAlias struct and Display impl
Jeffrey Czyz [Thu, 9 Jun 2022 20:17:01 +0000 (15:17 -0500)]
Define NodeAlias struct and Display impl

Provide a wrapper struct for 32-byte node aliases, which implements
Display for printing. Support the UTF-8 character encoding, but replace
control characters and terminate at the first null character. Fall back
to ASCII if the byte sequence is an invalid encoding.

2 years agoCorrect handling of reorg'd-out revoked counterparty transactions
Matt Corallo [Tue, 17 May 2022 00:12:20 +0000 (00:12 +0000)]
Correct handling of reorg'd-out revoked counterparty transactions

Previously, while processing a confirmed revoked counterparty
commitment transaction, we'd populate `OnchainEvent`s for live
HTLCs with a `txid` source of the txid of the latest counterparty
commitment transactions, not the confirmed revoked one. This meant
that, if the user is using `transaction_unconfirmed` to notify us
of reorg information, we'd end up not removing the entry if the
revoked commitment transaction was reorg'd out. This would
ultimately cause us to spuriously resolve the HTLC(s) as the chain
advanced, even though we were doing so based on a now-reorged-out
transaction.

Luckily the fix is simple - set the correct txid in the
`OnchainEventEntry`. We also take this opportunity to update
logging in a few places with the txid of the transaction causing an
event.

2 years agoMerge pull request #1541 from jkczyz/2022-06-nit-follow-ups
Matt Corallo [Wed, 15 Jun 2022 09:52:35 +0000 (02:52 -0700)]
Merge pull request #1541 from jkczyz/2022-06-nit-follow-ups