Matt Corallo [Fri, 7 Aug 2020 20:27:26 +0000 (16:27 -0400)]
Give ChannelManagerReadArgs HashMap-of-monitors ownership
Its somewhat awkward that ChannelManagerReadArgs requires a mutable
reference to a HashMap of ChannelMonitors, forcing the callsite to
define a scope for the HashMap which they almost certainly won't use
after deserializing the ChannelManager. Worse, to map the current
version to C bindings, we'd need to also create a HashMap binding,
which is overkill for just this one use.
Instead, we just give the ReadArgs struct ownership of the HashMap
and add a constructor which fills the HashMap for you.
Matt Corallo [Thu, 30 Jul 2020 17:19:11 +0000 (13:19 -0400)]
Use ln OutPoints not bitcoin ones in SpendableOutputDescriptors
Lightning OutPoints only have 16 bits to express the output index
instead of Bitcoin's 32 bits, implying that some outputs are
possibly not expressible as lightning OutPoints. However, such
OutPoints can never be hit within the lightning protocol, and must
be on-chain spam sent by a third party wishing to donate us money.
Still, in order to do so, the third party would need to fill nearly
an entire block with garbage, so this case should be relatively
safe.
A new comment in channelmonitor explains the reasoning a bit
further.
Matt Corallo [Thu, 23 Jul 2020 20:10:29 +0000 (16:10 -0400)]
Use slices to references not slices of concrete objects in pub API
Because the C bindings maps objects into new structs which contain
only a pointer to the underlying (immovable) Rust type, it cannot
create a list of Rust types which are contiguous in memory. Thus,
in order to allow C clients to call certain Rust functions, we have
to use &[&Type] not &[Type]. This commit fixes this issue for the
get_route function.
Matt Corallo [Sun, 31 May 2020 03:22:16 +0000 (23:22 -0400)]
Refer to return types by the trait that they're defined via
Instead of using the explicit type which is being returned, refer
to them as Self::AssociatedType, to make clear to the bindings what
type of thing is being returned.
Matt Corallo [Thu, 11 Jun 2020 19:34:28 +0000 (15:34 -0400)]
Reorder struct definitions so that they are in dependency order.
There are a few cases where the upcoming C bindings don't know how
to handle something which depends on something defined later in the
file. Instead of adding another pass to the C bindings generator,
it is much simpler to just reorder structs.
Add commitment transaction broadcast as a ChannelMonitor event
To do this, we replace get_and_clear_pending_htlcs_updated with
get_and_clear_pending_monitor_events, and which still transmits HTLCUpdates
as before, but now also transmits a new MonitorEvent::CommitmentTxBroadcasted
event when a channel's commitment transaction is broadcasted.
We wanted to bump to 1.29 to continue to support mrustc bootstrapping, but on 1.29
there's a bug preventing us from compiling the lightning package only, thus parts
of lightning-net-tokio cause a compilation error.
The advantage of bumping the MSRV is an improved borrow checker which should
enable improved code quality, and not having jump through weird hoops sometimes
to get 1.22 working.
Matt Corallo [Mon, 10 Aug 2020 19:00:09 +0000 (15:00 -0400)]
Relicense as dual Apache-2.0 + MIT
This changes the LICENSE file and adds license headers to most files
to relicense under dual Apache-2.0 and MIT. This is helpful in that
we retain the patent grant issued under Apache-2.0-licensed work,
avoiding some sticky patent issues, while still allowing users who
are more comfortable with the simpler MIT license to use that.
See https://github.com/rust-bitcoin/rust-lightning/issues/659 for
relicensing statements from code authors.
Matt Corallo [Mon, 3 Aug 2020 20:48:58 +0000 (16:48 -0400)]
Set codecov upload token
Docs seem to indicate this should only be required for private
repos, but we have builds failing claiming this needs to be
specified, so just set it manually.
ChannelKeys - separate commitment revocation from getting the per-commitment point
The commitment secret is sensitive - it can be used by an attacker to
steal funds if the node also signs the same transaction. Therefore,
only release the secret from ChannelKeys when we are revoking a
transaction.
For making debugging easy.
If the user gives a different node_secret for transport
layer (`PeerManager`) and for routing msg, internal_announcement_signatures
is the first place it causes an error.
By giving a detailed error message, user will be able to
fix the bug quickly.
... for ChannelError and APIMisuseError
Before this commit, When rl returns error, we don't know
The actual parameter which caused the error.
By returning parameterised `String` instead of predefined `&'static str`,
We can give a caller improved error message.
TestLogger now has two additional methods
1. `assert_log_contains` which checks the logged messsage
has how many entry which includes the specified string as a substring.
2. `aasert_log_regex` mostly the same with `assert_log_contains`
but it is more flexible that caller specifies regex which has
to be satisfied instead of just a substring.
For regex, tests now includes `regex` as dev-dependency.
Matt Corallo [Sat, 13 Jun 2020 01:01:32 +0000 (21:01 -0400)]
Use usize for transaction-position-in-block values
We use them largely as indexes into a Vec<Transaction> so there's
little reason for them to be u32s. Instead, use them as usize
everywhere.
We also take this opportunity to add range checks before
short_channel_id calculation, as we could otherwise end up with a
bogus short_channel_id due to an output index out of range.
Matt Corallo [Thu, 11 Jun 2020 19:40:28 +0000 (15:40 -0400)]
Take &NetworkGraph as input in get_route, not a NetGraphMsgHandler
This was just an oversight when route calculation was split up into
parts - it makes no sense for get_route to require that we have a
full route message handler, only a network graph (which can always
be accessed from a NetGraphMsgHandler anyway).
Matt Corallo [Sat, 13 Jun 2020 21:33:21 +0000 (17:33 -0400)]
Make ChainWatchInterface::filter_block return only idxes, not refs
Instead of making the filter_block fn in the ChainWatchInterface
trait return both a list of indexes of transaction positions within
the block and references to the transactions themselves, return
only the list of indexes and then build the reference list at the
callsite.
While this may be slightly less effecient from a memory locality
perspective, it shouldn't be materially different.
This should make it more practical to generate bindings for
filter_block as it no longer needs to reference Rust Transaction
objects that are contained in a Rust Block object (which we'd
otherwise just pass over the FFI in fully-serialized form).
Matt Corallo [Thu, 11 Jun 2020 19:33:20 +0000 (15:33 -0400)]
Avoid references to primitives and add NetworkGraph::new()
non-mut references to primitives are only excess overhead, so
there's not much reason to ever have them. As a nice bonus, it also
is one less thing to worry about when generating C bindings
Matt Corallo [Thu, 11 Jun 2020 19:32:23 +0000 (15:32 -0400)]
Avoid use std and use std::fmt and fmt:: instead in network_graph
This is more consistent with the way we use std::cmp over the
codebase and avoids `use std`, which is only actually needed to
support older rustcs, so feels a bit awkward.
Matt Corallo [Thu, 11 Jun 2020 19:23:35 +0000 (15:23 -0400)]
Reduce RwLock usage in public interface of NetworkGraph
This isn't a big difference in the API, but it avoids needing to
wrap a given NetworkGraph in a RwLock before passing it, which
makes it much easier to generate C bindings for.
Matt Corallo [Wed, 10 Jun 2020 03:00:30 +0000 (23:00 -0400)]
ChannelMonitor::get_funding_txo returns both the txid and scriptPK
... instead of only the txid.
This is another instance of it not being possible to fully
re-implement SimpleManyChannelMonitor using only public methods. In
this case you couldn't properly register outpoints for monitoring
so that the funding transaction would be matched.
Jeffrey Czyz [Wed, 17 Jun 2020 15:29:30 +0000 (08:29 -0700)]
Make test output deterministic
Tests use sources of randomness to produce seeds, preimages, secrets,
and ephemeral data. However, this makes comparing logs between different
test runs difficult. Remove uses of random number generators and the
current time in favor of fixed values in order to make the test output
deterministic.
Use our actual feerate in open_channel messages, not a new one
When we were sending an open_channel messages we were asking the
feerate estimator for a new value instead of using the one we had.
If the feerate estimator gave a different value than the one it did
when we created the Channel struct, we'd start out-of-sync with our
counterparty and blow up on funding_signed. Even worse, the
ConfirmationTarget used was different, so its highly likely they
would disagree.
Also remove newly unused fee estimator parameter from get_open-channel
API.
Co-authored-by: Matt Corallo <git@bluematt.me> Co-authored-by: Valentine Wallace <vwallace@protonmail.com>
When we receive an inbound HTLC from a peer on an inbound channel,
make sure the funder can still cover the additional on-chain cost
of the HTLC while maintaining their channel reserve.
When we're sending an outbound HTLC, make sure the funder can still
cover the additional on-chain cost of the HTLC while maintaining
their channel reserve.
+ implement fee spike buffer for channel initiators sending payments.
Also add an additional spec-deviating fee spike buffer on the
receiving side (but don't close the channel if this reserve is
violated, just fail the HTLC).
From lightning-rfc PR #740.
Co-authored-by: Matt Corallo <git@bluematt.me> Co-authored-by: Valentine Wallace <vwallace@protonmail.com>
Refactor: move channel checks for HTLC adds into Channel
This also includes adding a closure that creates a new pending HTLC status
as a parameter for Channel's update_add_htlc. This will later be useful
when we add the check for fee spike buffer violations, which will also result
in changing an HTLC's pending status to failing.
Arik Sosman [Fri, 22 May 2020 20:03:49 +0000 (13:03 -0700)]
Extract wire message handling into a method.
This is a response to splitting #585 into smaller components. This extraction should allow the subsequent creation of a trait for all message handling, thereby enabling more flexibility in the state machine, particularly for bindings.
Matt Corallo [Thu, 28 May 2020 20:00:46 +0000 (16:00 -0400)]
Expose private keys from InMemoryChannelKeys publicly
As we drop the requirement that all ChannelKeys expose the private
keys used, we should have a way to access the private keys in use
when using InMemoryChannelKeys.