From: Valentine Wallace Date: Thu, 23 May 2024 21:00:10 +0000 (-0400) Subject: Ignore channel updates in onion errors. X-Git-Tag: v0.0.124-beta~92^2~2 X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=commitdiff_plain;h=24c2468d0aeca7981f67dffc74e7c4c401888e94;p=rust-lightning Ignore channel updates in onion errors. Per . --- diff --git a/lightning/src/ln/functional_test_utils.rs b/lightning/src/ln/functional_test_utils.rs index cbb2b0f21..acfa6f673 100644 --- a/lightning/src/ln/functional_test_utils.rs +++ b/lightning/src/ln/functional_test_utils.rs @@ -2460,11 +2460,11 @@ pub fn expect_payment_failed_conditions_event<'a, 'b, 'c, 'd, 'e>( const CHAN_DISABLED_FLAG: u8 = 2; assert_eq!(msg.contents.flags & CHAN_DISABLED_FLAG, 0); }, - NetworkUpdate::ChannelFailure { short_channel_id, is_permanent } if chan_closed => { + NetworkUpdate::ChannelFailure { short_channel_id, is_permanent } => { if let Some(scid) = conditions.expected_blamed_scid { assert_eq!(*short_channel_id, scid); } - assert!(is_permanent); + assert_eq!(*is_permanent, chan_closed); }, _ => panic!("Unexpected update type"), } diff --git a/lightning/src/ln/onion_route_tests.rs b/lightning/src/ln/onion_route_tests.rs index c5ce3e051..e75df7162 100644 --- a/lightning/src/ln/onion_route_tests.rs +++ b/lightning/src/ln/onion_route_tests.rs @@ -300,12 +300,13 @@ fn test_fee_failures() { claim_payment(&nodes[0], &[&nodes[1], &nodes[2]], payment_preimage_success); // If the hop gives fee_insufficient but enough fees were provided, then the previous hop - // malleated the payment before forwarding, taking funds when they shouldn't have. + // malleated the payment before forwarding, taking funds when they shouldn't have. However, + // because we ignore channel update contents, we will still blame the 2nd channel. let (_, payment_hash, payment_secret) = get_payment_preimage_hash!(nodes[2]); - let short_channel_id = channels[0].0.contents.short_channel_id; + let short_channel_id = channels[1].0.contents.short_channel_id; run_onion_failure_test("fee_insufficient", 0, &nodes, &route, &payment_hash, &payment_secret, |msg| { msg.amount_msat -= 1; - }, || {}, true, Some(UPDATE|12), Some(NetworkUpdate::ChannelFailure { short_channel_id, is_permanent: true}), Some(short_channel_id)); + }, || {}, true, Some(UPDATE|12), Some(NetworkUpdate::ChannelFailure { short_channel_id, is_permanent: false}), Some(short_channel_id)); // In an earlier version, we spuriously failed to forward payments if the expected feerate // changed between the channel open and the payment. @@ -478,7 +479,9 @@ fn test_onion_failure() { let session_priv = SecretKey::from_slice(&[3; 32]).unwrap(); let onion_keys = onion_utils::construct_onion_keys(&Secp256k1::new(), &route.paths[0], &session_priv).unwrap(); msg.reason = onion_utils::build_first_hop_failure_packet(onion_keys[0].shared_secret.as_ref(), UPDATE|7, &err_data); - }, ||{}, true, Some(UPDATE|7), Some(NetworkUpdate::ChannelUpdateMessage{msg: chan_update.clone()}), Some(short_channel_id)); + }, ||{}, true, Some(UPDATE|7), + Some(NetworkUpdate::ChannelFailure { short_channel_id, is_permanent: false }), + Some(short_channel_id)); // Check we can still handle onion failures that include channel updates without a type prefix let err_data_without_type = chan_update.encode_with_len(); @@ -488,7 +491,9 @@ fn test_onion_failure() { let session_priv = SecretKey::from_slice(&[3; 32]).unwrap(); let onion_keys = onion_utils::construct_onion_keys(&Secp256k1::new(), &route.paths[0], &session_priv).unwrap(); msg.reason = onion_utils::build_first_hop_failure_packet(onion_keys[0].shared_secret.as_ref(), UPDATE|7, &err_data_without_type); - }, ||{}, true, Some(UPDATE|7), Some(NetworkUpdate::ChannelUpdateMessage{msg: chan_update}), Some(short_channel_id)); + }, ||{}, true, Some(UPDATE|7), + Some(NetworkUpdate::ChannelFailure { short_channel_id, is_permanent: false }), + Some(short_channel_id)); let short_channel_id = channels[1].0.contents.short_channel_id; run_onion_failure_test_with_fail_intercept("permanent_channel_failure", 100, &nodes, &route, &payment_hash, &payment_secret, |msg| { @@ -523,7 +528,9 @@ fn test_onion_failure() { let mut bogus_route = route.clone(); let route_len = bogus_route.paths[0].hops.len(); bogus_route.paths[0].hops[route_len-1].fee_msat = amt_to_forward; - run_onion_failure_test("amount_below_minimum", 0, &nodes, &bogus_route, &payment_hash, &payment_secret, |_| {}, ||{}, true, Some(UPDATE|11), Some(NetworkUpdate::ChannelUpdateMessage{msg: ChannelUpdate::dummy(short_channel_id)}), Some(short_channel_id)); + run_onion_failure_test("amount_below_minimum", 0, &nodes, &bogus_route, &payment_hash, &payment_secret, |_| {}, ||{}, true, Some(UPDATE|11), + Some(NetworkUpdate::ChannelFailure { short_channel_id, is_permanent: false }), + Some(short_channel_id)); // Clear pending payments so that the following positive test has the correct payment hash. for node in nodes.iter() { @@ -535,16 +542,18 @@ fn test_onion_failure() { let preimage = send_along_route(&nodes[0], bogus_route, &[&nodes[1], &nodes[2]], amt_to_forward+1).0; claim_payment(&nodes[0], &[&nodes[1], &nodes[2]], preimage); - let short_channel_id = channels[0].0.contents.short_channel_id; + // We ignore channel update contents in onion errors, so will blame the 2nd channel even though + // the first node is the one that messed up. + let short_channel_id = channels[1].0.contents.short_channel_id; run_onion_failure_test("fee_insufficient", 0, &nodes, &route, &payment_hash, &payment_secret, |msg| { msg.amount_msat -= 1; - }, || {}, true, Some(UPDATE|12), Some(NetworkUpdate::ChannelFailure { short_channel_id, is_permanent: true}), Some(short_channel_id)); + }, || {}, true, Some(UPDATE|12), Some(NetworkUpdate::ChannelFailure { short_channel_id, is_permanent: false}), Some(short_channel_id)); - let short_channel_id = channels[0].0.contents.short_channel_id; + let short_channel_id = channels[1].0.contents.short_channel_id; run_onion_failure_test("incorrect_cltv_expiry", 0, &nodes, &route, &payment_hash, &payment_secret, |msg| { // need to violate: cltv_expiry - cltv_expiry_delta >= outgoing_cltv_value msg.cltv_expiry -= 1; - }, || {}, true, Some(UPDATE|13), Some(NetworkUpdate::ChannelFailure { short_channel_id, is_permanent: true}), Some(short_channel_id)); + }, || {}, true, Some(UPDATE|13), Some(NetworkUpdate::ChannelFailure { short_channel_id, is_permanent: false}), Some(short_channel_id)); let short_channel_id = channels[1].0.contents.short_channel_id; run_onion_failure_test("expiry_too_soon", 0, &nodes, &route, &payment_hash, &payment_secret, |msg| { @@ -552,7 +561,9 @@ fn test_onion_failure() { connect_blocks(&nodes[0], height - nodes[0].best_block_info().1); connect_blocks(&nodes[1], height - nodes[1].best_block_info().1); connect_blocks(&nodes[2], height - nodes[2].best_block_info().1); - }, ||{}, true, Some(UPDATE|14), Some(NetworkUpdate::ChannelUpdateMessage{msg: ChannelUpdate::dummy(short_channel_id)}), Some(short_channel_id)); + }, ||{}, true, Some(UPDATE|14), + Some(NetworkUpdate::ChannelFailure { short_channel_id, is_permanent: false }), + Some(short_channel_id)); run_onion_failure_test("unknown_payment_hash", 2, &nodes, &route, &payment_hash, &payment_secret, |_| {}, || { nodes[2].node.fail_htlc_backwards(&payment_hash); @@ -596,7 +607,9 @@ fn test_onion_failure() { // disconnect event to the channel between nodes[1] ~ nodes[2] nodes[1].node.peer_disconnected(&nodes[2].node.get_our_node_id()); nodes[2].node.peer_disconnected(&nodes[1].node.get_our_node_id()); - }, true, Some(UPDATE|7), Some(NetworkUpdate::ChannelUpdateMessage{msg: ChannelUpdate::dummy(short_channel_id)}), Some(short_channel_id)); + }, true, Some(UPDATE|7), + Some(NetworkUpdate::ChannelFailure { short_channel_id, is_permanent: false }), + Some(short_channel_id)); run_onion_failure_test("channel_disabled", 0, &nodes, &route, &payment_hash, &payment_secret, |_| {}, || { // disconnect event to the channel between nodes[1] ~ nodes[2] for _ in 0..DISABLE_GOSSIP_TICKS + 1 { @@ -605,7 +618,9 @@ fn test_onion_failure() { } nodes[1].node.get_and_clear_pending_msg_events(); nodes[2].node.get_and_clear_pending_msg_events(); - }, true, Some(UPDATE|20), Some(NetworkUpdate::ChannelUpdateMessage{msg: ChannelUpdate::dummy(short_channel_id)}), Some(short_channel_id)); + }, true, Some(UPDATE|20), + Some(NetworkUpdate::ChannelFailure { short_channel_id, is_permanent: false }), + Some(short_channel_id)); reconnect_nodes(ReconnectArgs::new(&nodes[1], &nodes[2])); run_onion_failure_test("expiry_too_far", 0, &nodes, &route, &payment_hash, &payment_secret, |msg| { @@ -844,9 +859,9 @@ fn do_test_onion_failure_stale_channel_update(announced_channel: bool) { // We'll be attempting to route payments using the default ChannelUpdate for channels. This will // lead to onion failures at the first hop once we update the ChannelConfig for the // second hop. - let expect_onion_failure = |name: &str, error_code: u16, channel_update: &msgs::ChannelUpdate| { + let expect_onion_failure = |name: &str, error_code: u16| { let short_channel_id = channel_to_update.1; - let network_update = NetworkUpdate::ChannelUpdateMessage { msg: channel_update.clone() }; + let network_update = NetworkUpdate::ChannelFailure { short_channel_id, is_permanent: false }; run_onion_failure_test( name, 0, &nodes, &route, &payment_hash, &payment_secret, |_| {}, || {}, true, Some(error_code), Some(network_update), Some(short_channel_id), @@ -878,7 +893,7 @@ fn do_test_onion_failure_stale_channel_update(announced_channel: bool) { // Connect a block, which should expire the previous config, leading to a failure when // forwarding the HTLC. expire_prev_config(); - expect_onion_failure("fee_insufficient", UPDATE|12, &msg); + expect_onion_failure("fee_insufficient", UPDATE|12); // Redundant updates should not trigger a new ChannelUpdate. assert!(update_and_get_channel_update(&config, false, None, false).is_none()); @@ -891,15 +906,15 @@ fn do_test_onion_failure_stale_channel_update(announced_channel: bool) { // new ChannelUpdate. config.forwarding_fee_base_msat = default_config.forwarding_fee_base_msat; config.cltv_expiry_delta = u16::max_value(); - let msg = update_and_get_channel_update(&config, true, Some(&msg), true).unwrap(); - expect_onion_failure("incorrect_cltv_expiry", UPDATE|13, &msg); + assert!(update_and_get_channel_update(&config, true, Some(&msg), true).is_some()); + expect_onion_failure("incorrect_cltv_expiry", UPDATE|13); // Reset the proportional fee and increase the CLTV expiry delta which should trigger a new // ChannelUpdate. config.cltv_expiry_delta = default_config.cltv_expiry_delta; config.forwarding_fee_proportional_millionths = u32::max_value(); - let msg = update_and_get_channel_update(&config, true, Some(&msg), true).unwrap(); - expect_onion_failure("fee_insufficient", UPDATE|12, &msg); + assert!(update_and_get_channel_update(&config, true, Some(&msg), true).is_some()); + expect_onion_failure("fee_insufficient", UPDATE|12); // To test persistence of the updated config, we'll re-initialize the ChannelManager. let config_after_restart = { @@ -1530,10 +1545,10 @@ fn do_test_phantom_dust_exposure_failure(multiplier_dust_limit: bool) { err_data.extend_from_slice(&channel.1.encode()); let mut fail_conditions = PaymentFailedConditions::new() - .blamed_scid(channel.0.contents.short_channel_id) + .blamed_scid(route.paths[0].hops.last().as_ref().unwrap().short_channel_id) .blamed_chan_closed(false) .expected_htlc_error_data(0x1000 | 7, &err_data); - expect_payment_failed_conditions(&nodes[0], payment_hash, false, fail_conditions); + expect_payment_failed_conditions(&nodes[0], payment_hash, false, fail_conditions); } #[test] diff --git a/lightning/src/ln/onion_utils.rs b/lightning/src/ln/onion_utils.rs index 9a207c9e5..fab73cf73 100644 --- a/lightning/src/ln/onion_utils.rs +++ b/lightning/src/ln/onion_utils.rs @@ -15,7 +15,6 @@ use crate::ln::channelmanager::{HTLCSource, RecipientOnionFields}; use crate::ln::features::{ChannelFeatures, NodeFeatures}; use crate::ln::msgs; use crate::ln::types::{PaymentHash, PaymentPreimage}; -use crate::ln::wire::Encode; use crate::routing::gossip::NetworkUpdate; use crate::routing::router::{Path, RouteHop, RouteParameters}; use crate::sign::NodeSigner; @@ -806,106 +805,16 @@ where { let update_len = u16::from_be_bytes(update_len_slice.try_into().expect("len is 2")) as usize; - if let Some(mut update_slice) = err_packet + if err_packet .failuremsg .get(debug_field_size + 4..debug_field_size + 4 + update_len) + .is_some() { - // Historically, the BOLTs were unclear if the message type - // bytes should be included here or not. The BOLTs have now - // been updated to indicate that they *are* included, but many - // nodes still send messages without the type bytes, so we - // support both here. - // TODO: Switch to hard require the type prefix, as the current - // permissiveness introduces the (although small) possibility - // that we fail to decode legitimate channel updates that - // happen to start with ChannelUpdate::TYPE, i.e., [0x01, 0x02]. - if update_slice.len() > 2 - && update_slice[0..2] == msgs::ChannelUpdate::TYPE.to_be_bytes() - { - update_slice = &update_slice[2..]; - } else { - log_trace!(logger, "Failure provided features a channel update without type prefix. Deprecated, but allowing for now."); - } - let update_opt = msgs::ChannelUpdate::read(&mut Cursor::new(&update_slice)); - if update_opt.is_ok() || update_slice.is_empty() { - // if channel_update should NOT have caused the failure: - // MAY treat the channel_update as invalid. - let is_chan_update_invalid = match error_code & 0xff { - 7 => false, - 11 => { - update_opt.is_ok() - && amt_to_forward - > update_opt.as_ref().unwrap().contents.htlc_minimum_msat - }, - 12 => { - update_opt.is_ok() - && amt_to_forward - .checked_mul( - update_opt - .as_ref() - .unwrap() - .contents - .fee_proportional_millionths as u64, - ) - .map(|prop_fee| prop_fee / 1_000_000) - .and_then(|prop_fee| { - prop_fee.checked_add( - update_opt.as_ref().unwrap().contents.fee_base_msat - as u64, - ) - }) - .map(|fee_msats| route_hop.fee_msat >= fee_msats) - .unwrap_or(false) - }, - 13 => { - update_opt.is_ok() - && route_hop.cltv_expiry_delta as u16 - >= update_opt.as_ref().unwrap().contents.cltv_expiry_delta - }, - 14 => false, // expiry_too_soon; always valid? - 20 => update_opt.as_ref().unwrap().contents.flags & 2 == 0, - _ => false, // unknown error code; take channel_update as valid - }; - if is_chan_update_invalid { - // This probably indicates the node which forwarded - // to the node in question corrupted something. - network_update = Some(NetworkUpdate::ChannelFailure { - short_channel_id: route_hop.short_channel_id, - is_permanent: true, - }); - } else { - if let Ok(chan_update) = update_opt { - // Make sure the ChannelUpdate contains the expected - // short channel id. - if failing_route_hop.short_channel_id - == chan_update.contents.short_channel_id - { - short_channel_id = Some(failing_route_hop.short_channel_id); - } else { - log_info!(logger, "Node provided a channel_update for which it was not authoritative, ignoring."); - } - network_update = - Some(NetworkUpdate::ChannelUpdateMessage { msg: chan_update }) - } else { - // The node in question intentionally encoded a 0-length channel update. This is - // likely due to https://github.com/ElementsProject/lightning/issues/6200. - short_channel_id = Some(failing_route_hop.short_channel_id); - network_update = Some(NetworkUpdate::ChannelFailure { - short_channel_id: failing_route_hop.short_channel_id, - is_permanent: false, - }); - } - }; - } else { - // If the channel_update had a non-zero length (i.e. was - // present) but we couldn't read it, treat it as a total - // node failure. - log_info!( - logger, - "Failed to read a channel_update of len {} in an onion", - update_slice.len() - ); - } + network_update = Some(NetworkUpdate::ChannelFailure { + short_channel_id: failing_route_hop.short_channel_id, + is_permanent: false, + }); + short_channel_id = Some(failing_route_hop.short_channel_id); } } if network_update.is_none() {