]> git.bitcoin.ninja Git - rust-lightning/log
rust-lightning
11 months agoMerge pull request #2798 from TheBlueMatt/2023-12-119-bindings-upstream
Matt Corallo [Fri, 15 Dec 2023 23:40:57 +0000 (23:40 +0000)]
Merge pull request #2798 from TheBlueMatt/2023-12-119-bindings-upstream

Small API cleanups pre-0.0.119

11 months agoMerge pull request #2795 from TheBlueMatt/2023-11-robuster-chan-to-peer
Wilmer Paulino [Fri, 15 Dec 2023 23:36:52 +0000 (15:36 -0800)]
Merge pull request #2795 from TheBlueMatt/2023-11-robuster-chan-to-peer

 Move channel -> peer tracking to OutPoints from Channel IDs

11 months agoFix dev MSRV build of lightning-transaction-sync 2023-12-119-bindings-upstream
Matt Corallo [Fri, 15 Dec 2023 22:39:57 +0000 (22:39 +0000)]
Fix dev MSRV build of lightning-transaction-sync

...due to a transitive dependency of the `bitcoind` crate.

11 months agoUse correct default value when comparing to `htlc_maximum_msat`
Matt Corallo [Fri, 15 Dec 2023 22:32:24 +0000 (22:32 +0000)]
Use correct default value when comparing to `htlc_maximum_msat`

62f866965436fff1a8e98ee655a8a6dcbb8716c1 added two
`htlc_maximum_msat.unwrap_or`s, but used a default value of 0,
spuriously causing all HTLCs to fail if we don't have an htlc
maximum value. This should be mostly harmless, but we should fix it
anyway.

11 months agoMake `FinalOnionHopData` public
Matt Corallo [Fri, 15 Dec 2023 18:23:42 +0000 (18:23 +0000)]
Make `FinalOnionHopData` public

In 4b5db8c3ce, `channelmanager::PendingHTLCRouting` was made
public, exposing a `FinalOnionHopData` field to the world. However,
`FinalOnionHopData` was left crate-private, making the enum
impossible to construct.

There isn't a strong reason for this (even though the
`FinalOnionHopData` API is somewhat confusing, being separated from
the rest of the onion structs), so we expose it here.

11 months agoDrop explicit `bitcoin_hashes` dependency in `lightning-invoice`
Matt Corallo [Fri, 15 Dec 2023 18:14:56 +0000 (18:14 +0000)]
Drop explicit `bitcoin_hashes` dependency in `lightning-invoice`

Since `lightning-invoice` now depends on the `bitcoin` crate
directly, also depending on the `bitcoin_hashes` crate is redundant
and just means we confuse users by setting the `std` flag only on
`bitcoin`. Thus, we drop the explicit dependency here and replace
it with `bitcoin::hashes`.

11 months agoUn-export the `PrivateRoute` inner field as there are invariants
Matt Corallo [Thu, 14 Dec 2023 22:49:58 +0000 (22:49 +0000)]
Un-export the `PrivateRoute` inner field as there are invariants

When we make the `PrivateRoute` inner `RouteHint` `pub`, we failed
to note that the `PrivateRoute::new` constructor actually verifies
a length invariant. Thus, we un-export the inner field and force
users to go back through the `new` fn.

11 months agoMerge pull request #2781 from jkczyz/2023-09-multihop-paths
Matt Corallo [Fri, 15 Dec 2023 22:30:43 +0000 (22:30 +0000)]
Merge pull request #2781 from jkczyz/2023-09-multihop-paths

Multi-hop `BlindedPath` creation interface

11 months agoFix build warning
Jeffrey Czyz [Fri, 15 Dec 2023 21:11:51 +0000 (15:11 -0600)]
Fix build warning

11 months agoUse one-hop blinded paths only for announced nodes
Jeffrey Czyz [Fri, 15 Dec 2023 03:19:57 +0000 (21:19 -0600)]
Use one-hop blinded paths only for announced nodes

To avoid exposing a node's identity in a blinded path, only create
one-hop blinded paths if the node has been announced, and thus has
public channels. Otherwise, there is no way to route a payment to the
node, exposing its identity needlessly.

11 months agoDRY up OffersMessage::InvoiceRequest handling
Jeffrey Czyz [Thu, 14 Dec 2023 23:28:11 +0000 (17:28 -0600)]
DRY up OffersMessage::InvoiceRequest handling

11 months agoMulti-hop blinded payment paths in ChannelManager
Jeffrey Czyz [Fri, 8 Dec 2023 21:54:21 +0000 (15:54 -0600)]
Multi-hop blinded payment paths in ChannelManager

When constructing blinded payment paths for Bolt12Invoice, delegate to
Router::create_blinded_payment_paths which may produce multi-hop blinded
paths. Fallback to one-hop blinded paths if the Router fails or returns
no paths.

11 months agoAdd create_blinded_payment_paths to Router
Jeffrey Czyz [Fri, 8 Dec 2023 18:03:06 +0000 (12:03 -0600)]
Add create_blinded_payment_paths to Router

The Router trait is used to find a Route for paying a node. Expand the
interface with a create_blinded_payment paths method for creating such
paths to a recipient node.

Provide an implementation for DefaultRouter that creates two-hop
blinded paths where the recipient's peers serve as the introduction
nodes.

11 months agoCounterpartyForwardingInfo to PaymentRelay mapping
Jeffrey Czyz [Fri, 8 Dec 2023 18:01:58 +0000 (12:01 -0600)]
CounterpartyForwardingInfo to PaymentRelay mapping

11 months agoFix broken doc link in create_refund_builder
Jeffrey Czyz [Fri, 15 Dec 2023 14:45:38 +0000 (08:45 -0600)]
Fix broken doc link in create_refund_builder

11 months agoMulti-hop blinded paths in ChannelManager
Jeffrey Czyz [Fri, 3 Mar 2023 15:38:45 +0000 (09:38 -0600)]
Multi-hop blinded paths in ChannelManager

When constructing blinded paths for Offer and Refund, delegate to
MessageRouter::create_blinded_paths which may produce multi-hop blinded
paths. Fallback to one-hop blinded paths if the MessageRouter fails or
returns no paths.

Likewise, do the same for InvoiceRequest and Bolt12Invoice reply paths.

11 months agoUse CLTV_FAR_FAR_AWAY in PaymentConstraints
Jeffrey Czyz [Fri, 15 Dec 2023 21:37:18 +0000 (15:37 -0600)]
Use CLTV_FAR_FAR_AWAY in PaymentConstraints

When finding a route through a blinded path, a random CLTV offset may be
added to the path in order to preserve privacy. This needs to be
accounted for in the blinded path's PaymentConstraints. Add
CLTV_FAR_FAR_AWAY to the max_cltv_expiry constraint to allow for such
offsets.

11 months agoConsistently clean up when failing in `internal_funding_created` 2023-11-robuster-chan-to-peer
Matt Corallo [Thu, 30 Nov 2023 00:04:09 +0000 (00:04 +0000)]
Consistently clean up when failing in `internal_funding_created`

When we fail to accept a counterparty's funding for various
reasons, we should ensure we call the correct cleanup methods in
`internal_funding_created` to remove the temporary data for the
channel in our various internal structs (primarily the SCID alias
map).

This adds the missing cleanup, using `convert_chan_phase_err`
consistently in all the error paths.

This also ensures we get a `ChannelClosed` event when relevant.

11 months agoFix create_one_hop_blinded_payment_path docs
Jeffrey Czyz [Fri, 8 Dec 2023 21:02:22 +0000 (15:02 -0600)]
Fix create_one_hop_blinded_payment_path docs

11 months agoRequire any Router also implements MessageRouter
Jeffrey Czyz [Thu, 7 Dec 2023 21:53:15 +0000 (15:53 -0600)]
Require any Router also implements MessageRouter

ChannelManager is parameterized by a Router in order to find routes when
sending and retrying payments. For the offers flow, it needs to be able
to construct blinded paths (e.g., in the offer and in reply paths).
Instead of adding yet another parameter to ChannelManager, require that
any Router also implements MessageRouter. Implement this for
DefaultRouter by delegating to a DefaultMessageRouter.

11 months agoAdd create_blinded_paths to MessageRouter
Jeffrey Czyz [Thu, 7 Dec 2023 21:48:43 +0000 (15:48 -0600)]
Add create_blinded_paths to MessageRouter

The MessageRouter trait is used to find an OnionMessagePath to a
Destination (e.g., to a BlindedPath). Expand the interface with a
create_blinded_paths method for creating such paths to a recipient.
Provide a default implementation creating two-hop blinded paths where
the recipient's peers serve as introduction nodes.

11 months agoAdd RouteBlinding feature flag
Jeffrey Czyz [Thu, 2 Mar 2023 20:57:07 +0000 (14:57 -0600)]
Add RouteBlinding feature flag

The RouteBlinding feature flag is signals support for relaying payments
over blinded paths. It is used for paying BOLT 12 invoices, which are
required to included at least one blinded path.

11 months agoRe-order AnchorsZeroFeeHtlcTx in module docs/tests
Jeffrey Czyz [Thu, 2 Mar 2023 20:15:19 +0000 (14:15 -0600)]
Re-order AnchorsZeroFeeHtlcTx in module docs/tests

Move AnchorsZeroFeeHtlcTx after Wumbo to keep order by feature bit.
Also, update setting order and comment in tests.

11 months agoMerge pull request #2656 from TheBlueMatt/2023-09-scoring-decay-timer
Matt Corallo [Fri, 15 Dec 2023 20:06:30 +0000 (20:06 +0000)]
Merge pull request #2656 from TheBlueMatt/2023-09-scoring-decay-timer

Stop decaying liquidity information during scoring

11 months agoMerge pull request #2796 from yellowred/fix/bitcoind_parse_txid
Matt Corallo [Fri, 15 Dec 2023 19:27:15 +0000 (19:27 +0000)]
Merge pull request #2796 from yellowred/fix/bitcoind_parse_txid

Fixes bug that causes incorrect conversion of JsonValue to Txid.

11 months agoMerge pull request #2779 from G8XSU/2706-stop
Elias Rohrer [Fri, 15 Dec 2023 08:28:31 +0000 (09:28 +0100)]
Merge pull request #2779 from G8XSU/2706-stop

Stop cleaning monitor updates on new block connect

11 months agoFixes bug with incorrect conversion of JsonValue to Txid.
olegkubrakov [Fri, 15 Dec 2023 00:34:01 +0000 (16:34 -0800)]
Fixes bug with incorrect conversion of JsonValue to Txid.

The bug happens when there is a call to a bitcoind that expects a transaction id as a response and
results in a corrupted Txid being returned.

11 months agoStop cleaning monitor updates on new block connect
Gursharan Singh [Fri, 8 Dec 2023 19:28:19 +0000 (11:28 -0800)]
Stop cleaning monitor updates on new block connect

Previously, we used to cleanup monitor updates at both consolidation
threshold and new block connects. With this change we will only
cleanup when our consolidation criteria is met. Also, we remove
monitor read from cleanup logic, in case of update consolidation.
Note: In case of channel-closing monitor update, we still need to
read the old monitor before persisting the new one in order to
determine the cleanup range.

11 months agoMerge pull request #2792 from TheBlueMatt/2023-12-no-async-signing
Wilmer Paulino [Thu, 14 Dec 2023 16:52:11 +0000 (08:52 -0800)]
Merge pull request #2792 from TheBlueMatt/2023-12-no-async-signing

cfg-gate async signing logic

11 months agoDrop fake time advancing in scoring tests 2023-09-scoring-decay-timer
Matt Corallo [Tue, 5 Dec 2023 18:15:55 +0000 (18:15 +0000)]
Drop fake time advancing in scoring tests

Now that we use explicit times passed to decay methods, there's no
reason to make calls to `SinceEpoch::advance` in scoring tests.

11 months agoDrop half-life-based bucket decay in `update_history_buckets`
Matt Corallo [Wed, 29 Nov 2023 00:33:16 +0000 (00:33 +0000)]
Drop half-life-based bucket decay in `update_history_buckets`

Because we decay the bucket information in the background, there's
not much reason to try to decay them immediately prior to updating,
and in removing that we can also clean up a good bit of dead code,
which we do here.

11 months agoMake scorer decay + persistence more frequent
Matt Corallo [Wed, 29 Nov 2023 00:31:00 +0000 (00:31 +0000)]
Make scorer decay + persistence more frequent

There's some edge cases in our scoring when the information really
should be decayed but hasn't yet been prior to an update. Rather
than try to fix them exactly, we instead decay the scorer a bit
more often, which largely solves them but also gives us a bit more
accurate bounds on our channels, allowing us to reuse channels at
a similar amount to what just failed immediately, but at a
substantial penalty.

11 months agoDrop warning about mixing `no-std` and `std` `ProbabilisticScorer`s
Matt Corallo [Thu, 12 Oct 2023 18:23:51 +0000 (18:23 +0000)]
Drop warning about mixing `no-std` and `std` `ProbabilisticScorer`s

Now that the serialization format of `no-std` and `std`
`ProbabilisticScorer`s both just use `Duration` since UNIX epoch
and don't care about time except when decaying, we don't need to
warn users to not mix the scorers across `no-std` and `std` flags.

Fixes #2539

11 months agoAdd a benchmark for decaying a 100k channel scorer's liquidity info
Matt Corallo [Mon, 9 Oct 2023 03:23:55 +0000 (03:23 +0000)]
Add a benchmark for decaying a 100k channel scorer's liquidity info

This is a good gut-check to ensure we don't end up taking a ton of
time decaying channel liquidity info.

It currently clocks in around 1.25ms on an i7-1360P.

11 months agoDrop now-trivial `decayed_offset_msat` helper utility
Matt Corallo [Mon, 9 Oct 2023 02:21:09 +0000 (02:21 +0000)]
Drop now-trivial `decayed_offset_msat` helper utility

As we now no longer decay bounds information when fetching them,
there is no need to have a decaying-fetching helper utility.

11 months agoDrop now-unused `T: Time` bound on `ProbabilisticScorer`
Matt Corallo [Mon, 9 Oct 2023 01:52:20 +0000 (01:52 +0000)]
Drop now-unused `T: Time` bound on `ProbabilisticScorer`

Now that we don't access time via the `Time` trait in
`ProbabilisticScorer`, we can finally drop the `Time` bound
entirely, removing the `ProbabilisticScorerUsingTime` and type
alias indirection and replacing it with a simple struct.

11 months agoUse `Duration` based time info in scoring rather than `Time`
Matt Corallo [Mon, 9 Oct 2023 01:44:33 +0000 (01:44 +0000)]
Use `Duration` based time info in scoring rather than `Time`

In the coming commits, the `T: Time` bound on `ProbabilisticScorer`
will be removed. In order to enable that, we need to switch over to
using the `ScoreUpdate`-provided current time (as a `Duration`
since the unix epoch), making the `T` bound entirely unused.

11 months agoPipe `Duration`-based time information through scoring pipeline
Matt Corallo [Mon, 9 Oct 2023 01:15:18 +0000 (01:15 +0000)]
Pipe `Duration`-based time information through scoring pipeline

In the coming commits, the `T: Time` bound on `ProbabilisticScorer`
will be removed. In order to enable that, we need to pass the
current time (as a `Duration` since the unix epoch) through the
score updating pipeline, allowing us to keep the
`*last_updated_time` fields up-to-date as we go.

11 months agoUpdate history bucket last_update time immediately on update
Matt Corallo [Wed, 29 Nov 2023 03:07:54 +0000 (03:07 +0000)]
Update history bucket last_update time immediately on update

Now that we aren't decaying during scoring, when we set the
last_updated time in the history bucket logic doesn't matter, so
we should just update it when we've just updated the history
buckets.

11 months agoStop decaying liquidity information during bounds-based scoring
Matt Corallo [Mon, 9 Oct 2023 01:11:10 +0000 (01:11 +0000)]
Stop decaying liquidity information during bounds-based scoring

Because scoring is an incredibly performance-sensitive operation,
doing liquidity information decay (and especially fetching the
current time!) during scoring isn't really a great idea. Now that
we decay liquidity information in the background, we don't have any
reason to decay during scoring, and we ultimately remove it
entirely here.

11 months agoStop decaying historical liquidity information during scoring
Matt Corallo [Mon, 9 Oct 2023 02:14:21 +0000 (02:14 +0000)]
Stop decaying historical liquidity information during scoring

Because scoring is an incredibly performance-sensitive operation,
doing liquidity information decay (and especially fetching the
current time!) during scoring isn't really a great idea. Now that
we decay liquidity information in the background, we don't have any
reason to decay during scoring, and we remove the historical bucket
liquidity decaying here.

11 months agoImpl decaying in `ProbabilisticScorer::decay_liquidity_certainty`
Matt Corallo [Mon, 2 Oct 2023 20:07:21 +0000 (20:07 +0000)]
Impl decaying in `ProbabilisticScorer::decay_liquidity_certainty`

This implements decaying in the `ProbabilisticScorer`'s
`ScoreLookup::decay_liquidity_certainty` implementation, using
floats for accuracy since we're no longer particularly
time-sensitive. Further, it (finally) removes score entries which
have decayed to zero.

11 months agoTrack historical liquidity update time separately from the bounds
Matt Corallo [Mon, 2 Oct 2023 19:44:36 +0000 (19:44 +0000)]
Track historical liquidity update time separately from the bounds

In the next commit, we'll start to use the new
`ScoreUpdate::decay_liquidity_certainty` to decay our bounds in the
background. This will result in the `last_updated` field getting
updated regularly on decay, rather than only on update. While this
isn't an issue for the regular liquidity bounds, it poses a problem
for the historical liquidity buckets, which are decayed on a
separate (and by default much longer) timer. If we didn't move to
tracking their decays separately, we'd never let the `last_updated`
field get old enough for the historical buckets to decay at all.

Instead, here we introduce a new `Duration` in the
`ChannelLiquidity` which tracks the last time the historical
liquidity buckets were last updated. We initialize it to a copy of
`last_updated` on deserialization if it is missing.

11 months agoAdd a scoring decay method to the `ScoreUpdate` trait
Matt Corallo [Mon, 2 Oct 2023 19:14:26 +0000 (19:14 +0000)]
Add a scoring decay method to the `ScoreUpdate` trait

Rather than relying on fetching the current time during
routefinding, here we introduce a new trait method to `ScoreUpdate`
to do so. This largely mirrors what we do with the `NetworkGraph`,
and allows us to take on much more expensive operations (floating
point exponentiation) in our decaying.

11 months agocfg-gate async signing logic 2023-12-no-async-signing
Matt Corallo [Wed, 13 Dec 2023 22:55:32 +0000 (22:55 +0000)]
cfg-gate async signing logic

We are intending to release without having completed our async
signing logic, which sadly means we need to cfg-gate it to ensure
we restore the previous state of panicking on signer errors, rather
than putting us in a stuck state with no way to recover.

Here we add a new `async_signing` cfg flag and use it to gate all
the new logic from #2558 effectively reverting commits
1da29290e7af03a5dfc207ee6a5c848a9740bd32 through
014a336e592bfc8cb49929b799b9d6d9286dab16.

11 months agoMerge pull request #2790 from yellowred/tokio-ver-bump
Matt Corallo [Wed, 13 Dec 2023 20:40:08 +0000 (20:40 +0000)]
Merge pull request #2790 from yellowred/tokio-ver-bump

Update tokio version to the latest to avoid tokio versions with security bugs

11 months agoUpdate tokio version to the latest to avoid tokio versions with security bugs.
olegkubrakov [Wed, 13 Dec 2023 18:37:58 +0000 (10:37 -0800)]
Update tokio version to the latest to avoid tokio versions with security bugs.

This commit will set tokio version requirement to >=1.35.0, <2.0.0 to avoid versions with security issues (https://rustsec.org/packages/tokio.html).

11 months agoPass the current time through `ScoreUpDate` methods
Matt Corallo [Mon, 2 Oct 2023 18:33:08 +0000 (18:33 +0000)]
Pass the current time through `ScoreUpDate` methods

In the coming commits, we'll stop relying on fetching the time
during routefetching, preferring to decay score data in the
background instead.

The first step towards this - passing the current time through into
the scorer when updating.

11 months agoDepend on `libm` in `no-std` for `powf`(64)
Matt Corallo [Wed, 1 Nov 2023 01:16:12 +0000 (01:16 +0000)]
Depend on `libm` in `no-std` for `powf`(64)

In the next commits we'll need `f64`'s `powf`, which is only
available in `std`. For `no-std`, here we depend on `libm` (a
`rust-lang` org project), which we can use for `powf`.

11 months agoMerge pull request #2688 from valentinewallace/2023-10-multihop-blinded-recv
valentinewallace [Wed, 13 Dec 2023 15:31:02 +0000 (10:31 -0500)]
Merge pull request #2688 from valentinewallace/2023-10-multihop-blinded-recv

Support receiving to multi-hop blinded paths

11 months agoMerge pull request #2703 from wpaulino/retryable-commitment-broadcast
Matt Corallo [Wed, 13 Dec 2023 05:15:54 +0000 (05:15 +0000)]
Merge pull request #2703 from wpaulino/retryable-commitment-broadcast

Refactor commitment broadcast to always go through OnchainTxHandler

11 months agoAdd missing keysend preimage check on inbound onion read.
Valentine Wallace [Tue, 12 Dec 2023 23:42:38 +0000 (18:42 -0500)]
Add missing keysend preimage check on inbound onion read.

11 months agoAdd release note for blinded HTLC serialization.
Valentine Wallace [Mon, 11 Dec 2023 20:38:47 +0000 (15:38 -0500)]
Add release note for blinded HTLC serialization.

11 months agoAdd test coverage for serialization of malformed HTLCs.
Valentine Wallace [Fri, 8 Dec 2023 19:31:01 +0000 (14:31 -0500)]
Add test coverage for serialization of malformed HTLCs.

in Channel and ChannelManager.

11 months agoAdd redundant blinded HTLC failure check for posterity.
Valentine Wallace [Mon, 4 Dec 2023 21:27:18 +0000 (16:27 -0500)]
Add redundant blinded HTLC failure check for posterity.

Although this new check is unreachable right now, it helps prevent potential
future errors where we incorrectly fail blinded HTLCs with an unblinded error.

11 months agoMake BlindedPath::new_for_payment pub
Valentine Wallace [Thu, 9 Nov 2023 20:15:15 +0000 (15:15 -0500)]
Make BlindedPath::new_for_payment pub

Because we now support receiving to multi-hop blinded paths.

11 months agoFail blinded received HTLCs if they violate PaymentConstraints
Valentine Wallace [Thu, 9 Nov 2023 20:12:09 +0000 (15:12 -0500)]
Fail blinded received HTLCs if they violate PaymentConstraints

.. contained within their encrypted payload.

11 months agoTest received blinded HTLC failure in process_pending_htlc_forwards
Valentine Wallace [Tue, 31 Oct 2023 21:09:44 +0000 (17:09 -0400)]
Test received blinded HTLC failure in process_pending_htlc_forwards

11 months agoTest successful intercept payment to 2-hop blinded path
Valentine Wallace [Tue, 31 Oct 2023 01:36:13 +0000 (21:36 -0400)]
Test successful intercept payment to 2-hop blinded path

11 months agoFix blinded recipient fail on Channel error
Valentine Wallace [Tue, 24 Oct 2023 23:17:29 +0000 (19:17 -0400)]
Fix blinded recipient fail on Channel error

If a blinded HTLC errors when added to a Channel, such as if the recipient has
already sent a shutdown message, they should malformed-fail backwards with
error code INVALID_ONION_BLINDING and a zeroed out onion hash per BOLT 4.

11 months agoFix blinded recipient fail on receive reqs violation
Valentine Wallace [Tue, 24 Oct 2023 20:45:24 +0000 (16:45 -0400)]
Fix blinded recipient fail on receive reqs violation

If a blinded HTLC does not satisfy the receiver's requirements, e.g. bad CLTV
or amount, they should malformed-fail backwards with error code
INVALID_ONION_BLINDING and a zeroed out onion hash per BOLt 4.

11 months agoFix blinded recipient fail on onion decode failure
Valentine Wallace [Tue, 24 Oct 2023 18:13:13 +0000 (14:13 -0400)]
Fix blinded recipient fail on onion decode failure

If a recipient behind a multihop blinded path fails to decode their onion
payload, they should fail backwards with error code INVALID_ONION_BLINDING and
a zeroed out onion hash per BOLT 4.

11 months agoAdd find_route test util
Valentine Wallace [Sun, 22 Oct 2023 23:05:02 +0000 (18:05 -0500)]
Add find_route test util

And use it in the multihop blinded path receive failure test. Will be used in
the next commit to test receiving an invalid blinded final onion payload.

We can't use the existing get_route test util here because blinded payments
rely on the sender adding a random shadow CLTV offset to the final hop; without
this the payment will be failed with cltv-expiry-too-soon.

11 months agoFix blinded recipient fail on malformed HTLC
Valentine Wallace [Mon, 16 Oct 2023 19:46:55 +0000 (15:46 -0400)]
Fix blinded recipient fail on malformed HTLC

If a blinded recipient to a multihop blinded path needs to fail back a
malformed HTLC, they should use error code INVALID_ONION_BLINDING and a zeroed
out onion hash per BOLT 4.

11 months agoTest recipient failing an HTLC received to a multi-hop blinded path
Valentine Wallace [Fri, 13 Oct 2023 19:53:45 +0000 (15:53 -0400)]
Test recipient failing an HTLC received to a multi-hop blinded path

11 months agoSupport failing blinded non-intro HTLCs after RAA processing.
Valentine Wallace [Wed, 6 Dec 2023 20:19:23 +0000 (15:19 -0500)]
Support failing blinded non-intro HTLCs after RAA processing.

If an HTLC fails after its RAA is processed, it is failed back with
ChannelManager::fail_htlc_backwards_internal. This method will now correctly
inform the channel that this HTLC is blinded and to construct an
update_malformed message accordingly.

11 months agoTweak initialization of HTLCForwardInfo in fail_htlc_backwards_internal
Valentine Wallace [Wed, 6 Dec 2023 20:14:19 +0000 (15:14 -0500)]
Tweak initialization of HTLCForwardInfo in fail_htlc_backwards_internal

Makes the next commit adding support for failing blinded HTLCs in said method
easier to read.

11 months agoChannelManager: add HTLCForwardInfo variant for blinded non-intro htlcs
Valentine Wallace [Fri, 27 Oct 2023 01:53:35 +0000 (21:53 -0400)]
ChannelManager: add HTLCForwardInfo variant for blinded non-intro htlcs

Necessary to tell the Channel how to fail these htlcs.

11 months agoAdapt Channel::fail_htlc for failing with malformed OR update_fail_htlc.
Valentine Wallace [Mon, 4 Dec 2023 20:26:30 +0000 (15:26 -0500)]
Adapt Channel::fail_htlc for failing with malformed OR update_fail_htlc.

Useful for failing blinded payments back with malformed, and will also be
useful in the future when we move onion decoding into
process_pending_htlc_forwards, after which Channel::fail_htlc will be used for
all malformed htlcs.

11 months agoSet up Channel::fail_htlc to be able to return update_malformed
Valentine Wallace [Thu, 26 Oct 2023 23:47:31 +0000 (19:47 -0400)]
Set up Channel::fail_htlc to be able to return update_malformed

Currently it returns only update_fail, but we'll want it to be able to return
update_malformed as well in upcoming commits. We'll use this for correctly
failing blinded received HTLCs backwards with malformed and
invalid_onion_blinding error per BOLT 4.

11 months agoChannel: add holding cell HTLC variant for blinded HTLCs.
Valentine Wallace [Fri, 27 Oct 2023 00:11:00 +0000 (20:11 -0400)]
Channel: add holding cell HTLC variant for blinded HTLCs.

For context, blinded HTLCs where we are not the intro node must always be
failed back with malformed and invalid_onion_blinding error per BOLT 4.

Prior to supporting blinded payments, the only way for an update_malformed to
be returned from Channel was if an onion was actually found to be malformed
during initial update_add processing. This meant that any malformed HTLCs would
never live in the holding cell but instead would be returned directly upon
initial RAA processing.

Now, we need to be able to store these HTLCs in the holding cell because the
HTLC failure necessitating an update_malformed may come long after the RAA is
initially processed, and we may not be a state to send the update_malformed
message at that time.

Therefore, add a new holding cell HTLC variant for blinded non-intro node
HTLCs, which will signal to Channel to fail with malformed and the correct
error code.

11 months agoSet HTLCPreviousHopData::blinded for blinded received HTLCs.
Valentine Wallace [Thu, 26 Oct 2023 22:52:29 +0000 (18:52 -0400)]
Set HTLCPreviousHopData::blinded for blinded received HTLCs.

Will be used in the next commit(s) to let us know to fail blinded received
HTLCs backwards with the malformed and invalid_onion_blinding error per BOLT 4.

11 months agoStore whether a received HTLC is blinded in PendingHTLCInfo
Valentine Wallace [Thu, 26 Oct 2023 21:14:40 +0000 (17:14 -0400)]
Store whether a received HTLC is blinded in PendingHTLCInfo

Useful for knowing to fail back these HTLCs with malformed and
invalid_onion_blinding error per the BOLT 4 spec.

11 months agoMerge pull request #2787 from jkczyz/2023-12-onion-messenger-assert
Elias Rohrer [Tue, 12 Dec 2023 16:20:37 +0000 (17:20 +0100)]
Merge pull request #2787 from jkczyz/2023-12-onion-messenger-assert

Relax `OnionMessenger::peer_disconnected` assertion

11 months agoRelax OnionMessenger::peer_disconnected assertion
Jeffrey Czyz [Tue, 12 Dec 2023 14:46:10 +0000 (08:46 -0600)]
Relax OnionMessenger::peer_disconnected assertion

When a peer is connected, OnionMessenger tracks it only if it supports
onion messages. On disconnect, we debug_assert that the peer was in a
state ConnectedPeer, failing when it is in the PendingConnection state.
However, we were mistakenly asserting for peers that we were not
tracking (i.e., that don't support onion messages). Relax the check to
not fail on the latter.

11 months agoSet logging metadata when we fail to apply a `ChannelMonitorUpdate`
Matt Corallo [Fri, 1 Dec 2023 21:56:43 +0000 (21:56 +0000)]
Set logging metadata when we fail to apply a `ChannelMonitorUpdate`

Now that we provide the counterparty node id, we can set logging
metadata with a counterparty node id and and channel id, which we
do here.

11 months agoSet `counterparty_node_id` on `ChannelMonitor`s as they're updated
Matt Corallo [Wed, 29 Nov 2023 21:59:38 +0000 (21:59 +0000)]
Set `counterparty_node_id` on `ChannelMonitor`s as they're updated

Historically, `ChannelMonitor`s had idea who their counterparty
was. This was fine, until `ChannelManager` started indexing by
peer, at which point it needed to know the counterparty when it saw
a `ChannelMonitorUpdate` complete. To address this, a "temporary"
map from channel ID to peer was added, but no upgrade path was
created for existing `ChannelMonitor`s to not rely on this map.

This commit adds such an upgrade path, setting the
`counterparty_node_id` on all `ChannelMonitor`s as they're updated,
allowing us to eventually break backwards compatibility and remove
`ChannelManager::outpoint_to_peer`.

11 months agoMove channel -> peer tracking to `OutPoint`s from Channel IDs
Matt Corallo [Wed, 29 Nov 2023 21:39:46 +0000 (21:39 +0000)]
Move channel -> peer tracking to `OutPoint`s from Channel IDs

For backwards compatibility reasons, we need to track a mapping
from funding outpoints to channel ids. To reduce diff, this was
previously done with channel IDs, converting the `OutPoint`s to
channel IDs before using the map.

This worked fine, but is somewhat brittle - because we allow
redundant channel IDs across different peers, we had to avoid
insertion until we had a real channel ID, and thus also had to be
careful to avoid removal unless we were using a real channel ID,
rather than a temporary one.

This brittleness actually crept in to handling of errors in funding
acceptance, allowing a remote party to get us to remove an entry by
sending a overlapping temporary channel ID with a separate real
channel ID.

Luckily, this map is relatively infrequently used, only used in the
case we see a monitor update completion from a rather ancient
monitor which is unaware of the counterparty node.

Even after this change, the channel -> peer tracking storage is
still somewhat brittle, as we rely on entries not being added until
we are confident no conflicting `OutPoint`s have been used across
channels, and similarly not removing unless that check has
completed.

11 months agoAdd test coverage for holder commitment rebroadcast after reorg
Wilmer Paulino [Tue, 5 Dec 2023 03:06:27 +0000 (19:06 -0800)]
Add test coverage for holder commitment rebroadcast after reorg

11 months agoRefactor commitment broadcast to always go through OnchainTxHandler
Wilmer Paulino [Fri, 3 Nov 2023 19:43:06 +0000 (12:43 -0700)]
Refactor commitment broadcast to always go through OnchainTxHandler

Currently, our holder commitment broadcast only goes through the
`OnchainTxHandler` for anchor outputs channels because we can actually
bump the commitment transaction fees with it. For non-anchor outputs
channels, we would just broadcast once directly via the
`ChannelForceClosed` monitor update, without going through the
`OnchainTxHandler`.

As we add support for async signing, we need to be tolerable to signing
failures. A signing failure of our holder commitment will currently
panic, but once the panic is removed, we must be able to retry signing
once the signer is available. We can easily achieve this via the
existing `OnchainTxHandler::rebroadcast_pending_claims`, but this
requires that we first queue our holder commitment as a claim. This
commit ensures we do so everywhere we need to broadcast a holder
commitment transaction, regardless of the channel type.

Co-authored-by: Rachel Malonson <rachel@lightspark.com>
11 months agoCancel previous commitment claims on newly confirmed commitment
Wilmer Paulino [Tue, 31 Oct 2023 08:12:58 +0000 (01:12 -0700)]
Cancel previous commitment claims on newly confirmed commitment

Once a commitment transaction is broadcast/confirms, we may need to
claim some of the HTLCs in it. These claims are sent as requests to the
`OnchainTxHandler`, which will bump their feerate as they remain
unconfirmed. When said commitment transaction becomes unconfirmed
though, and another commitment confirms instead, i.e., a reorg happens,
the `OnchainTxHandler` doesn't have any insight into whether these
claims are still valid or not, so it continues attempting to claim the
HTLCs from the previous commitment (now unconfirmed) forever, along with
the HTLCs from the newly confirmed commitment.

11 months agoMerge pull request #2775 from benthecarman/sign-psbt
Matt Corallo [Tue, 12 Dec 2023 00:15:01 +0000 (00:15 +0000)]
Merge pull request #2775 from benthecarman/sign-psbt

Change WalletSource::sign_tx to sign_psbt

11 months agoChange WalletSource::sign_tx to sign_psbt
benthecarman [Thu, 7 Dec 2023 06:49:16 +0000 (00:49 -0600)]
Change WalletSource::sign_tx to sign_psbt

11 months agoMerge pull request #2637 from Sharmalm/2348
Matt Corallo [Mon, 11 Dec 2023 22:59:05 +0000 (22:59 +0000)]
Merge pull request #2637 from Sharmalm/2348

Improve block connection logging and filtered txids

11 months agoMerge pull request #2786 from tnull/2023-12-fix-warnings
Matt Corallo [Mon, 11 Dec 2023 20:34:16 +0000 (20:34 +0000)]
Merge pull request #2786 from tnull/2023-12-fix-warnings

Cleanup some warnings

11 months agoMerge pull request #2782 from TheBlueMatt/2023-12-check-cfg-tags
Wilmer Paulino [Mon, 11 Dec 2023 19:04:18 +0000 (11:04 -0800)]
Merge pull request #2782 from TheBlueMatt/2023-12-check-cfg-tags

Add CI test that `#[cfg]` tags are from a defined set

11 months agoRemove unused `NodeId` in BP tests
Elias Rohrer [Mon, 11 Dec 2023 18:58:46 +0000 (19:58 +0100)]
Remove unused `NodeId` in BP tests

11 months agoMarkup packages link as hyperlink
Elias Rohrer [Mon, 11 Dec 2023 18:52:24 +0000 (19:52 +0100)]
Markup packages link as hyperlink

11 months agoRemove unused `chan_id`
Elias Rohrer [Mon, 11 Dec 2023 18:50:27 +0000 (19:50 +0100)]
Remove unused `chan_id`

11 months agoFix leftover `rustdoc` warnings
Elias Rohrer [Mon, 11 Dec 2023 18:48:51 +0000 (19:48 +0100)]
Fix leftover `rustdoc` warnings

.. as these slipped in again.

11 months agoMerge pull request #2681 from tnull/2023-10-bump-msrv-to-1.63.0
Matt Corallo [Mon, 11 Dec 2023 18:31:30 +0000 (18:31 +0000)]
Merge pull request #2681 from tnull/2023-10-bump-msrv-to-1.63.0

Bump MSRV to rustc 1.63.0

11 months agoImproving block conenction logging and filtered txids
Lalitmohansharma1 [Mon, 2 Oct 2023 10:27:09 +0000 (15:57 +0530)]
Improving block conenction logging and filtered txids

Implement the Display trait for Outpoint and utilize it in the codebase for monitoring outpoints.
Additionally, add log tracing for best_block_update and confirmed transactions.
solves #2348

11 months agoMerge pull request #2752 from valentinewallace/2023-11-large-final-onion-payload...
Matt Corallo [Fri, 8 Dec 2023 23:53:27 +0000 (23:53 +0000)]
Merge pull request #2752 from valentinewallace/2023-11-large-final-onion-payload-fixes

Large final onion payload fixes

11 months agoAdd CI test that `#[cfg]` tags are from a defined set 2023-12-check-cfg-tags
Matt Corallo [Fri, 8 Dec 2023 23:05:37 +0000 (23:05 +0000)]
Add CI test that `#[cfg]` tags are from a defined set

Rust is fairly relaxed in checking the validity of arguments
passed to #[cfg]. While it should probably be more strict when
checking features, it cannot be strict when checking loose cfg
tags, because those can be anything and are simply passed to rustc
via unconstrained arguments.

Thus, we do it for rustc manually, but scanning all our source and
checking that all our cfg tags match a known cfg tag.

Fixes #2184

11 months agoMerge pull request #2774 from TheBlueMatt/2023-12-2551-followups
Elias Rohrer [Fri, 8 Dec 2023 22:46:43 +0000 (23:46 +0100)]
Merge pull request #2774 from TheBlueMatt/2023-12-2551-followups

Doc and performance followups to #2551

11 months agoError if onion payloads exceed max length on packet construction.
Valentine Wallace [Fri, 8 Dec 2023 22:23:01 +0000 (17:23 -0500)]
Error if onion payloads exceed max length on packet construction.

Ensure that if we call construct_onion_packet and friends where payloads are
too large for the allotted packet length, we'll fail to construct. Previously,
senders would happily construct invalid packets by array-shifting the final
node's HMAC out of the packet when adding an intermediate onion layer, causing
the receiver to error with "final payload provided for us as an intermediate
node."

11 months agoFix debug panic in onion utils on large custom TLVs or metadata.
Valentine Wallace [Wed, 22 Nov 2023 23:21:57 +0000 (18:21 -0500)]
Fix debug panic in onion utils on large custom TLVs or metadata.

We previously assumed that the final node's payload would be ~93 bytes, and had
code to ensure that the filler encoded after that payload is not all 0s. Now
with custom TLVs and metadata supported, the final node's payload may take up
the entire onion packet, so we can't assume that there are 64 bytes of filler
to check.

11 months agoPre-calculate heap element scores (retaining RouteGraphNode size) 2023-12-2551-followups
Matt Corallo [Wed, 6 Dec 2023 05:29:28 +0000 (05:29 +0000)]
Pre-calculate heap element scores (retaining RouteGraphNode size)

`RouteGraphNode` currently recalculates scores in its `Ord`
implementation, wasting time while sorting the main Dijkstra's
heap.

Further, some time ago, when implementing the `htlc_maximum_msat`
amount reduction while walking the graph, we added
`PathBuildingHop::was_processed`, looking up the source node in
`dist` each time we pop'ed an element off of the binary heap.
As a result, we now have a reference to our `PathBuildingHop` when
processing a best-node's channels, leading to several fields in
`RouteGraphNode` being entirely redundant.

Here we drop those fields, but add a pre-calculated score field,
as well as force a suboptimal `RouteGraphNode` layout, retaining
its existing 64 byte size.

Without the suboptimal layout, performance is very mixed, but with
it performance is mostly improved, by around 10% in most tests.

11 months agoReorder `PathBuildingHop` fields somewhat
Matt Corallo [Wed, 6 Dec 2023 05:02:07 +0000 (05:02 +0000)]
Reorder `PathBuildingHop` fields somewhat

Given `PathBuildingHop` is now an even multiple of cache lines, we
can pick which fields "fall off" the cache line we have visible
when dealing with hops, which we do here.

11 months agoMake `find_route`'s `dist` map elements fit in 128 bytes
Matt Corallo [Wed, 6 Dec 2023 06:02:37 +0000 (06:02 +0000)]
Make `find_route`'s `dist` map elements fit in 128 bytes

We'd previously aggressively cached elements in the
`PathBuildingHop` struct (and its sub-structs), which resulted in a
rather bloated size. This implied cache misses as we read from and
write to multiple cache lines during processing of a single
channel.

Here, we reduce caching in `DirectedChannelInfo`, fitting the
`(NodeId, PathBuildingHop)` tuple in exactly 128 bytes. While this
should fit in a single cache line, it sadly does not generally lie
in only two lines, as glibc returns large buffers from `malloc`
which are very well aligned, plus 16 bytes (for its own allocation
tracking). Thus, we try to avoid reading from the last 16 bytes of
a `PathBuildingHop`, but luckily that isn't super hard.

Note that here we make accessing
`DirectedChannelInfo::effective_capacity` somewhat slower, but
that's okay as its only ever done once per `DirectedChannelInfo`
anyway.

While our routing benchmarks are quite noisy, this appears to
result in between a 5% and 15% performance improvement in the
probabilistic scoring benchmarks.