Matt Corallo [Thu, 23 Jun 2022 20:25:58 +0000 (20:25 +0000)]
Add ChannelManager methods to force close without broadcasting
If a user restores from a backup that they know is stale, they'd
like to force-close all of their channels (or at least the ones
they know are stale) *without* broadcasting the latest state,
asking their peers to do so instead. This simply adds methods to do
so, renaming the existing `force_close_channel` and
`force_close_all_channels` methods to disambiguate further.
Enable simultaneous deserialization+decryption of a ChaChaPoly stream
In the upcoming onion messages PR, this will allow us to avoid decrypting onion
message encrypted data in an intermediate Vec before decoding it. Instead we
decrypt and decode it at the same time using this new ChaChaPolyReadAdapter object.
In doing so, we need to adapt the decode_tlv_stream macro such that it will
decode a LengthReadableArgs, which is a new trait as well. This trait is
necessary because ChaChaPoly needs to know the total length ahead of time to
separate out the tag at the end.
In the upcoming onion messages PR, this will allow us to avoid encoding onion
message encrypted data into an intermediate Vec before encrypting it. Instead
we encode and encrypt at the same time using this new ChaChaPolyWriteAdapter object.
Matt Corallo [Sat, 30 Apr 2022 20:30:00 +0000 (20:30 +0000)]
Don't fail HTLCs in revoked commitment txn until we spend them
When we see a counterparty revoked commitment transaction on-chain
we shouldn't immediately queue up HTLCs present in it for
resolution until we have spent the HTLC outputs in some kind of
claim transaction.
In order to do so, we first have to change the
`fail_unbroadcast_htlcs!()` call to provide it with the HTLCs which
are present in the (revoked) commitment transaction which was
broadcast. However, this is not sufficient - because all of those
HTLCs had their `HTLCSource` removed when the commitment
transaction was revoked, we also have to update
`fail_unbroadcast_htlcs` to check the payment hash and amount when
the `HTLCSource` is `None`.
Somewhat surprisingly, several tests actually explicitly tested for
the old behavior, which required amending to pass with the new
changes.
Finally, this adds a debug assertion when writing `ChannelMonitor`s
to ensure `HTLCSource`s do not leak.
Wilmer Paulino [Wed, 15 Jun 2022 23:33:23 +0000 (16:33 -0700)]
Allow forwarding HTLCs that were constructed for previous config
This is mostly motivated by the fact that payments may happen while the
latest `ChannelUpdate` indicating our new `ChannelConfig` is still
propagating throughout the network. By temporarily allowing the previous
config, we can help reduce payment failures across the network.
Wilmer Paulino [Thu, 16 Jun 2022 23:24:42 +0000 (16:24 -0700)]
Track previous ChannelConfig and expire after enough ticks
We do this to prevent payment failures while the `ChannelUpdate` for the
new `ChannelConfig` still propagates throughout the network. In a follow
up commit, we'll honor forwarding HTLCs that were constructed based on
either the previous or current `ChannelConfig`.
To handle expiration (when we should stop allowing the previous config),
we rely on the ChannelManager's `timer_tick_occurred` method. After
enough ticks, the previous config is cleared from memory, and only the
current config applies moving forward.
Wilmer Paulino [Tue, 14 Jun 2022 23:41:32 +0000 (16:41 -0700)]
Expose API to update a channel's ChannelConfig
A new `update_channel_config` method is exposed on the `ChannelManger`
to update the `ChannelConfig` for a set of channels atomically. New
`ChannelUpdate` events are generated for each eligible channel.
Note that as currently implemented, a buggy and/or
auto-policy-management client could spam the network with updates as
there is no rate-limiting in place. This could already be done with
`broadcast_node_announcement`, though users are less inclined to update
that as frequently as its data is mostly static.
Wilmer Paulino [Tue, 14 Jun 2022 23:40:12 +0000 (16:40 -0700)]
Expose ChannelConfig within ChannelDetails
As we prepare to expose an API to update a channel's ChannelConfig,
we'll also want to expose this struct to consumers such that they have
insights into the current ChannelConfig applied for each channel.
Jeffrey Czyz [Thu, 9 Jun 2022 20:17:01 +0000 (15:17 -0500)]
Define NodeAlias struct and Display impl
Provide a wrapper struct for 32-byte node aliases, which implements
Display for printing. Support the UTF-8 character encoding, but replace
control characters and terminate at the first null character. Fall back
to ASCII if the byte sequence is an invalid encoding.
Matt Corallo [Tue, 17 May 2022 00:12:20 +0000 (00:12 +0000)]
Correct handling of reorg'd-out revoked counterparty transactions
Previously, while processing a confirmed revoked counterparty
commitment transaction, we'd populate `OnchainEvent`s for live
HTLCs with a `txid` source of the txid of the latest counterparty
commitment transactions, not the confirmed revoked one. This meant
that, if the user is using `transaction_unconfirmed` to notify us
of reorg information, we'd end up not removing the entry if the
revoked commitment transaction was reorg'd out. This would
ultimately cause us to spuriously resolve the HTLC(s) as the chain
advanced, even though we were doing so based on a now-reorged-out
transaction.
Luckily the fix is simple - set the correct txid in the
`OnchainEventEntry`. We also take this opportunity to update
logging in a few places with the txid of the transaction causing an
event.
Antoine Riard [Thu, 9 Jun 2022 21:31:04 +0000 (17:31 -0400)]
Check if funding transaction is final for propagation
If the funding transaction is timelocked beyond the next block of
our best known chain tip, return an APIError instead of silently
failing at broadcast attempt.
Elias Rohrer [Fri, 10 Jun 2022 08:45:57 +0000 (10:45 +0200)]
Check release build profile in CI
So far, CI did not check the code in the `release` build profile, which
could result in some things not getting caught. To fix this, we now
implement a new CI job that runs checks in the `release` profile.
Wilmer Paulino [Thu, 9 Jun 2022 21:01:56 +0000 (14:01 -0700)]
Introduce LegacyChannelConfig to remain backwards compatible
ChannelConfig now has its static fields removed. We introduce a new
LegacyChannelConfig struct that maintains the serialization as
previously defined by ChannelConfig to remain backwards compatible with
clients running 0.0.107 and earlier.
Wilmer Paulino [Wed, 8 Jun 2022 22:40:58 +0000 (15:40 -0700)]
Move commit_upfront_shutdown_pubkey to ChannelHandshakeConfig
As like the previous commit, `commit_upfront_shutdown_pubkey` is another
static field that cannot change after the initial channel handshake. We
therefore move it out from its existing place in `ChannelConfig`.
Wilmer Paulino [Thu, 9 Jun 2022 23:11:15 +0000 (16:11 -0700)]
Move announced_channel to ChannelHandshakeConfig
In the near future, we plan to allow users to update their
`ChannelConfig` after the initial channel handshake. In order to reuse
the same struct and expose it to users, we opt to move out all static
fields that cannot be updated after the initial channel handshake.
Jeffrey Czyz [Thu, 2 Jun 2022 21:48:32 +0000 (14:48 -0700)]
Support only one GossipSync in BackgroundProcessor
BackgroundProcessor can take an optional P2PGossipSync and an optional
RapidGossipSync, but doing so may be easy to misuse. Each has a
reference to a NetworkGraph, which could be different between the two,
but only one is actually used.
Instead, allow passing one object wrapped in a GossipSync enum. Also,
fix a bug where the NetworkGraph is not persisted on shutdown if only a
RapidGossipSync is given.
Jeffrey Czyz [Fri, 3 Jun 2022 05:59:14 +0000 (22:59 -0700)]
Implement EventHandler for NetworkGraph
Instead of implementing EventHandler for P2PGossipSync, implement it on
NetworkGraph. This allows RapidGossipSync to handle events, too, by
delegating to its NetworkGraph.
Jeffrey Czyz [Sat, 4 Jun 2022 04:35:37 +0000 (21:35 -0700)]
Parameterize NetworkGraph with Logger
P2PGossipSync logs before delegating to NetworkGraph in its
EventHandler. In order to share this handling with RapidGossipSync,
NetworkGraph needs to take a logger so that it can implement
EventHandler instead.
Jeffrey Czyz [Fri, 3 Jun 2022 04:37:59 +0000 (21:37 -0700)]
Move Secp256k1 context to NetworkGraph
P2PGossipSync has a Secp256k1 context field, which it only uses to pass
to NetworkGraph methods. Move the field to NetworkGraph so other callers
don't need to pass in a Secp256k1 context.
Jeffrey Czyz [Wed, 1 Jun 2022 17:28:34 +0000 (10:28 -0700)]
Rename NetGraphMsgHandler to P2PGossipSync
NetGraphMsgHandler implements RoutingMessageHandler to handle gossip
messages defined in BOLT 7 and maintains a view of the network by
updating NetworkGraph. Rename it to P2PGossipSync, which better
describes its purpose, and to contrast with RapidGossipSync.
Jeffrey Czyz [Fri, 5 Nov 2021 17:55:25 +0000 (12:55 -0500)]
Rename ChannelClosed to ChannelFailure
A NetworkUpdate indicating ChannelClosed actually corresponds to a
channel failure as described in BOLT 4:
0x2000 (NODE): node failure (otherwise channel)
Rename the enum variant to ChannelFailure and rename NetworkGraph
methods close_channel_from_update and fail_node to channel_failed and
node_failed, respectively.
Arik Sosman [Wed, 1 Jun 2022 22:26:07 +0000 (15:26 -0700)]
Indicate ongoing rapid sync to background processor.
Create a wrapper struct for rapid gossip sync that can be passed to
BackgroundProcessor's start method, allowing it to only start pruning
the network graph upon rapid gossip sync's completion.
Matt Corallo [Thu, 2 Jun 2022 03:37:16 +0000 (03:37 +0000)]
Do not panic on early tx broadcasts in fuzzing
If the user broadcasts a funding transaction before the
counterparty provides a `funding_signed` we will panic in
`check_get_channel_ready`. This is expected - the user did
something which may lead to loss of funds, and we *really* need to
let them know.
However, the fuzzer can do this and we shouldn't treat it as a bug,
its a totally expected panic. Thus, we disable the panic in fuzz.
Thanks to Chaincode for providing fuzzing resources which managed
to hit this panic.
Matt Corallo [Mon, 30 May 2022 17:50:02 +0000 (17:50 +0000)]
Re-export `core2::io` or `std::io` depending on feature flags
This is useful in bindings as the `lightning::io` module is used in
the public interface, but also useful for users who want to refer
to the `io` as used in lightning irrespective of the feature flags.
Matt Corallo [Tue, 19 Apr 2022 22:06:50 +0000 (22:06 +0000)]
Drop return value from `fail_htlc_backwards`, clarify docs
`ChannelManager::fail_htlc_backwards`' bool return value is quite
confusing - just because it returns false doesn't mean the payment
wasn't (already) failed. Worse, in some race cases around shutdown
where a payment was claimed before an unclean shutdown and then
retried on startup, `fail_htlc_backwards` could return true even
though (a duplicate copy of the same payment) was claimed, but the
claim event has not been seen by the user yet.
While its possible to use it correctly, its somewhat confusing to
have a return value at all, and definitely lends itself to misuse.
Instead, we should push users towards a model where they don't care
if `fail_htlc_backwards` succeeds - either they've locally marked
the payment as failed (prior to seeing any `PaymentReceived`
events) and will fail any attempts to pay it, or they have not and
the payment is still receivable until its timeout time is reached.
We can revisit this decision based on user feedback, but will need
to very carefully document the potential failure modes here if we
do.
Matt Corallo [Tue, 19 Apr 2022 21:46:44 +0000 (21:46 +0000)]
Do additional pre-flight checks before claiming a payment
As additional sanity checks, before claiming a payment, we check
that we have the full amount available in `claimable_htlcs` that
the payment should be for. Concretely, this prevents one
somewhat-absurd edge case where a user may receive an MPP payment,
wait many *blocks* before claiming it, allowing us to fail the
pending HTLCs and the sender to retry some subset of the payment
before we go to claim. More generally, this is just good
belt-and-suspenders against any edge cases we may have missed.
Matt Corallo [Wed, 4 May 2022 18:12:09 +0000 (18:12 +0000)]
Provide a redundant `Event::PaymentClaimed` on restart if needed
If we crashed during a payment claim and then detected a partial
claim on restart, we should ensure the user is aware that the
payment has been claimed. We do so here by using the new
partial-claim detection logic to create a `PaymentClaimed` event.
Matt Corallo [Mon, 2 May 2022 15:23:52 +0000 (15:23 +0000)]
Add test of 0conf channels getting the funding transaction reorg'd
In a previous version of the 0-conf code we did not correctly
handle 0-conf channels getting the funding transaction reorg'd out
(and the real SCID possibly changing on us).
projects / rust-lightning / log