Matt Corallo [Wed, 23 Mar 2022 22:10:15 +0000 (22:10 +0000)]
Skip `channel_update` signature checks if we have a newer state
`channel_update` messages already have their signatures checked
with the network graph write lock held, so there's no reason to
check the signatures before doing other quicker checks first,
including checking if we're already aware of a newer update for the
channel.
This reduces common-case CPU usage as `channel_update`s are sent
rather liberally over the p2p network to gossip them.
Matt Corallo [Fri, 18 Mar 2022 23:19:51 +0000 (23:19 +0000)]
Avoid needless MPP on multiple channels to the same first-hop
When we have many channels to the same first-hop, many of which do
not have sufficient balance to make the requested payment, but when
some do, instead of simply using the available channel balance we
may switch to MPP, potentially with many, many paths.
Instead, we should seek to use the smallest channel which can
easily handle the requested payment, which we do here by sorting
the first_hops in our router before beginning the graph search.
Note that the "real" fix for this should be to instead decide which
channel to use at HTLC-send time, as most other nodes do during
relay, but this provides a minimal fix without needing to do the
rather-large work of refactoring our HTLC send+relay pipelines.
Issues with overly-aggressive MPP on many channels were reported by
Cash App.
Matt Corallo [Fri, 18 Mar 2022 03:28:25 +0000 (03:28 +0000)]
Tag some type aliases with `(C-not exported)`
Type aliases are now more robustly being exported in the C bindings
generator, which requires ensuring we don't include some type
aliases which make no sense in bindings.
Matt Corallo [Thu, 17 Mar 2022 22:14:43 +0000 (22:14 +0000)]
Send a `gossip_timestamp_filter` on connect to enable gossip sync
On connection, if our peer supports gossip queries, and we never
send a `gossip_timestamp_filter`, our peer is supposed to never
send us gossip outside of explicit queries. Thus, we'll end up
always having stale gossip information after the first few
connections we make to peers.
The solution is to send a dummy `gossip_timestamp_filter`
immediately after connecting to peers.
Its somewhat strange to have a trait method which is named after
the intended action, rather than the action that occurred, leaving
it up to the implementor what action they want to take.
Matt Corallo [Thu, 10 Mar 2022 21:07:37 +0000 (21:07 +0000)]
Make routing benchmark robust against path changes
If the scoring in the routing benchmark causes us to take a
different path from the original scan, we may end up deciding that
the only path to a node has a too-high total CLTV delta, causing us
to panic in the benchmarking phase.
Here we simply check for that possibility and remove paths that
fail post-scoring.
Filter the route hints in `create_phantom_invoice` based on the
following criteria:
* Only one channel for every counterparty node per phantom
payment-receiving node in the invoice
* Always select the channel with the highest inbound capacity
* For each payment-receiving node, filter out channels with a lower
inbound capacity than the invoice amount, if any channel exists with
enough capacity to cover the invoice amount
* If any public channels exists for a payment-receiving node, push a
single RouteHintHop with the phantom route and let the sender find the
path to the payment-receiving node through the public channels.
Filter the route hints in `create_invoice_from_channelmanager` based on
the following criteria:
* Only one channel per counterparty node
* Always select the channel with the highest inbound capacity
* Filter out channels with a lower inbound capacity than the invoice
amount, if any channel exists with enough capacity to cover the invoice
amount
* If any public channel exists, the invoice route_hints should be empty,
and the sender will need to find the path to the payment-receiving node
by looking at the public channels instead
Matt Corallo [Sun, 13 Mar 2022 21:35:46 +0000 (21:35 +0000)]
Generate a funding_locked on relevant transactions_confirmed calls
Previously, if we were offline when a funding transaction was
locked in, and then we came back online, calling
`best_block_updated` once followed by `transactions_confirmed`,
we'd not generate a funding_locked until the next
`best_block_updated`.
We address this by re-calling `best_block_updated` in
`transactions_confirmed`, similar to how `ChannelMonitor` works.
Matt Corallo [Tue, 1 Feb 2022 17:37:28 +0000 (17:37 +0000)]
Support receiving multiple funding_locked messages
As a part of adding SCID aliases to channels, we now have to accept
otherwise-redundant funding_locked messages which serve only to
update the SCID alias. Previously, we'd failt he channel as such
an update used to be bogus.
Matt Corallo [Tue, 15 Feb 2022 23:27:07 +0000 (23:27 +0000)]
Provide our peers with SCID aliases and forward payments with them
This creates an SCID alias for all of our outbound channels, which
we send to our counterparties as a part of the `funding_locked`
message and then recognize in any HTLC forwarding instructions.
Note that we generate an SCID alias for all channels, including
already open ones, even though we currently have no way of
communicating to our peers the SCID alias for already-open
channels.
Matt Corallo [Tue, 1 Feb 2022 17:37:16 +0000 (17:37 +0000)]
Track SCID aliases from our counterparty and use them in invoices
New `funding_locked` messages can include SCID aliases which our
counterparty will recognize as "ours" for the purposes of relaying
transactions to us. This avoids telling the world about our
on-chain transactions every time we want to receive a payment, and
will allow for receiving payments before the funding transaction
appears on-chain.
Here we store the new SCID aliases and use them in invoices instead
of he "standard" SCIDs.
Matt Corallo [Tue, 1 Feb 2022 23:42:05 +0000 (23:42 +0000)]
Clean up the `handle_monitor_err!()` macro argument forms somewhat
`handle_monitor_err!()` has a number of different forms depending
on which messages and actions were outstanding when the monitor
updating first failed. Instead of matching by argument count, its
much more readable to put an explicit string in the arguments to
make it easy to scan for the called form.
Matt Corallo [Wed, 9 Mar 2022 18:15:30 +0000 (18:15 +0000)]
Make lightning-block-sync's init module slightly more generic
Users who want to use lightning-block-sync's init module would
be reasonable in wanting to use it in a multithreaded environment,
however because it takes a list of listeners as dyn chain::Listen
without any Send or Sync bound they fail in doing so.
Here we make the type bounds on `chain::Listen` generic across
`chain::Listen + ?Sized`, which the existing bound of `&dyn
chain::Listen` satisfies. Thus, this is strictly less restrictive
and allows for the use of `&dyn chain::Listen + Send + Sync`.
dependabot[bot] [Wed, 9 Mar 2022 17:38:53 +0000 (17:38 +0000)]
Update regex requirement from 0.1.80 to 0.2.11 in /lightning
Updates the requirements on [regex](https://github.com/rust-lang/regex) to permit the latest version.
- [Release notes](https://github.com/rust-lang/regex/releases)
- [Changelog](https://github.com/rust-lang/regex/blob/master/CHANGELOG.md)
- [Commits](https://github.com/rust-lang/regex/compare/0.1.80...0.2.11)
Jeffrey Czyz [Fri, 4 Mar 2022 07:59:44 +0000 (23:59 -0800)]
Check for no-std compatibility across dependencies
To ensure no-std is honored across dependencies, add a crate depending
on lightning crates supporting no-std. This should ensure any
regressions are caught. Otherwise, cargo doesn't seem to catch some
incompatibilities (e.g., f64::log10 unavailable in core) and seemingly
across other dependencies as describe here:
Matt Corallo [Tue, 8 Mar 2022 19:14:49 +0000 (19:14 +0000)]
Give `ChannelManager`s `channel_udpate`s for pub chans in test
This makes tests slightly more realistic by delivering
`channel_update`s to `ChannelManager`s, ensuring we have
forwarding data stored locally for all channels, including public
ones.
Matt Corallo [Mon, 7 Mar 2022 19:02:15 +0000 (19:02 +0000)]
Reduce the number of timer ticks a peer is allowed to take
In 2d3a2108979adca6b7632e2d59c10e4b131e8bf4, we increased the
default ping timer in `lightning-background-processor` to ten
seconds from five. However, we didn't change the timer count at
which we disconnect peers if they're not responding, which we
likely should have done. We do so here, as well as update the
documentation for `PeerManager::timer_tick_occurred` to suggest
always ticking the timer every ten seconds instead of five.
Matt Corallo [Fri, 4 Mar 2022 21:31:55 +0000 (21:31 +0000)]
Clean up `TestKeysInterface` random bytes override interface
Its very confusing to have multiple fields that do the same thing,
one of which isn't even used for its stated purpose anymore after
the previous few commits.
Matt Corallo [Wed, 16 Feb 2022 05:36:54 +0000 (05:36 +0000)]
Fix what `bolt2_open_channel_sending_node_checks_part1` tests
There are currently two issues with
`bolt2_open_channel_sending_node_checks_part1` which counteract
each other and hide that the test isn't testing what it should be.
First of all, the final `create_channel` call actually fails
because we try to open a channel with ourselves, instead of
panicing as the test is supposed to check for.
However, when we fix the create_channel call to panic, when we
drop `nodes[1]` after `create_channel` panics, we fail the
no-pending-messages test as it as an expeted `accept_channel` in
its outbound buffer. This causes a double-panic.
Previously, these two offset each other - instead of panicing in
`create_channel` we'd panic in the Node drop checks.
This fixes both by fetching the `accept_channel` before we go into
the panic'ing `create_channel` call (who's arguments were
corrected).
Matt Corallo [Fri, 25 Feb 2022 05:18:29 +0000 (05:18 +0000)]
Ensure `get_claimable_balances` never panicks in tests
... by calling it both before and after every chain event in
testing and fuzzing.
This requires fixing some blockchain inconsistencies in
`do_test_onchain_htlc_reorg`, `do_retry_with_no_persist`, and
`do_test_dup_htlc_onchain_fails_on_reload` where we'd connect
conflicting transactions in the same chain.
Matt Corallo [Fri, 25 Feb 2022 05:14:00 +0000 (05:14 +0000)]
Fix HTLC tx balance calculation on local commitment transactions
When handling the broadcast of a local commitment transactions
(with associated CSV delays prior to spendability), we incorrectly
handled the CSV delays on HTLC transactions. This caused us to miss
spendable outputs for HTLCs which were awaiting a CSV delay.
Further, because of this, we could hit an assertion as
`get_claimable_balances` asserted that HTLCs were resolved after
the funding spend was resolved, which was not true if the HTLC did
not have a CSV delay attached (due to the above bug or due to it
being an HTLC claim by our counterparty).
This fixes both bugs, also converting some assertions to
`debug_assert`s to avoid future issues as balance mis-calculation
is not currently an indication of potential funds loss.
Matt Corallo [Thu, 10 Feb 2022 21:33:26 +0000 (21:33 +0000)]
Correct default value for A* heuristic for non-public nodes
This doesn't (appear) to change behavior, however if we have a
non-public node, we assign an A* heuristic of max-u32 fees, which
may result in us de-prioritizing the path in some rare cases around
multi-hop route hints which compete with public nodes.
Matt Corallo [Thu, 10 Feb 2022 21:29:43 +0000 (21:29 +0000)]
Fix panic when routing through multiple private last-hops
When we added support for routing through a multi-hop invoice hint
we failed to remove an assertion that we always are able to fill
in features for each hop except the last one. However, when a
multi-hop invoice hint is used, we will not have features for any
of the hinted hops, causing us to panic.
Fix bug where we encode flags field into all updates on htlc fail
Failing an HTLC with onion error channel_disabled requires encoding a 'flags' field into the failure
packet. However, we were encoding this 'flags' field for all failures packets that were failing on
update_add_htlc with an update (error 0x1000 UPDATE).
Discovered in the course of adding phantom payment failure tests, which also added testing for this bug
In any place where fail_htlc_backwards_internal was called for a phantom payment
failure, we weren't encoding the onion failure as if the phantom were the one
failing. Instead, we were encoding the failure as if it were coming from the
second-to-last hop. This caused our failures to not be parsed properly on the
payer's side.
Places we were encoding failures incorrectly include:
* on failure of a call to inbound_payment::verify
* on a user call to fail_htlc_backwards
Also drop some unnecessary panics when reading OnionHopData objects. This also
enables one of the phantom failure tests because we can construct OnionHopDatas
with invalid amounts.
This also fixes a bug where we were failing back phantom payments with the
wrong scid, causing them to never actually be failed backwards (L3022 in
channelmanager.rs)
This new field will be used in upcoming commit(s) to encrypt phantom payment failure
packets.
Matt Corallo [Wed, 23 Feb 2022 22:06:33 +0000 (22:06 +0000)]
Ignore .tmp files when loading ChannelMonitors in persister
If we are in the middle of persisting an update to a
`ChannelMonitor` when we shutdown (or crash), we'll start up with
a .tmp file lying around. We should ignore it, as failure to
return from the update call should have prevented the
`ChannelManager` from taking any irrevocable action based on the
update.
We're somewhat protected from any filesystem inconsistency behavior
as the `ChannelManager` will refuse to load if we're outright
missing `ChannelMonitor`s.