Matt Corallo [Mon, 13 Nov 2023 22:38:51 +0000 (22:38 +0000)]
Merge pull request #2544 from optout21/splicing-msgs0
Add Splicing (and Quiescence) wire message definitions
Matt Corallo [Mon, 13 Nov 2023 17:29:39 +0000 (17:29 +0000)]
Merge pull request #2732 from arik-so/2023/11/update-musig2-dep
Update MuSig2 dependency for Hash trait derivation.
Matt Corallo [Mon, 13 Nov 2023 16:45:26 +0000 (16:45 +0000)]
Merge pull request #2708 from TheBlueMatt/2023-11-less-graph-memory-frag
Reduce common allocations across the codebase
Arik Sosman [Mon, 13 Nov 2023 16:07:07 +0000 (11:07 -0500)]
Update MuSig2 dependency for Hash trait derivation.
Matt Corallo [Sun, 12 Nov 2023 20:27:25 +0000 (20:27 +0000)]
Merge pull request #2715 from valentinewallace/2023-11-skimmed-fees
Complete underpaying HTLCs support
Matt Corallo [Sun, 12 Nov 2023 17:16:26 +0000 (17:16 +0000)]
Drop old `expiry_time_from_unix_epoch` helper in expiry time lookup
Since there's a much simpler way to go about it with
`Bolt11Invoice::expires_at`.
Matt Corallo [Sun, 12 Nov 2023 17:03:09 +0000 (17:03 +0000)]
Merge pull request #2722 from benthecarman/dust-overflow
Fix potential cases where max_dust_htlc_exposure_msat overflows
Matt Corallo [Sat, 26 Aug 2023 19:59:21 +0000 (19:59 +0000)]
Don't send init `closing_signed` too early after final HTLC removal
If we remove an HTLC (or fee update), commit, and receive our
counterparty's `revoke_and_ack`, we remove all knowledge of said
HTLC (or fee update). However, the latest local commitment
transaction that we can broadcast still contains the HTLC (or old
fee), thus we are not eligible for initiating the `closing_signed`
negotiation if we're shutting down and are generally expecting a
counterparty `commitment_signed` immediately.
Because we don't have any tracking of these updates in the `Channel`
(only the `ChannelMonitor` is aware of the HTLC being in our latest
local commitment transaction), we'd previously send a
`closing_signed` too early, causing LDK<->LDK channels with an HTLC
pending towards the channel initiator at the time of `shutdown` to
always fail to cooperatively close.
To fix this race, we add an additional unpersisted bool to
`Channel` and use that to gate sending the initial `closing_signed`.
Matt Corallo [Tue, 31 Oct 2023 18:39:04 +0000 (18:39 +0000)]
Drop non-anchor channel fee upper bound limit entirely
Quite a while ago we added checks for the total current dust
exposure on a channel to explicitly limit dust inflation attacks.
When we did this, we kept the existing upper bound on the channel's
feerate in place. However, these two things are redundant - the
point of the feerate upper bound is to prevent dust inflation, and
it does so in a crude way that can cause spurious force-closures.
Here we simply drop the upper bound entirely, relying on the dust
inflation limit to prevent dust inflation instead.
benthecarman [Fri, 10 Nov 2023 22:12:31 +0000 (16:12 -0600)]
Impl display for invoice fields
Matt Corallo [Fri, 10 Nov 2023 19:23:21 +0000 (19:23 +0000)]
Replace maze of BOLT11 payment utilities with parameter generators
`lightning-invoice` was historically responsible for actually
paying invoices, handling retries and everything. However, that
turned out to be buggy and hard to maintain, so the payment logic
was eventually moved into `ChannelManager`. However, the old
utilites remain.
Because our payment logic has a number of tunable parameters and
there are different ways to pay a BOLT11 invoice, we ended up with
six different methods to pay or probe a BOLT11 invoice, with more
requested as various options still were not exposed.
Instead, here, we replace all six methods with two simple ones
which return the arguments which need to be passed to
`ChannelManager`. Those arguments can be further tweaked before
passing them on, allowing more flexibility.
Matt Corallo [Sat, 4 Nov 2023 23:02:18 +0000 (23:02 +0000)]
Stop writing signer data as a part of channels
This breaks backwards compatibility with versions of LDK prior to
0.0.113 as they expect to always read signer data.
This also substantially reduces allocations during `ChannelManager`
serialization, as we currently don't pre-allocate the `Vec` that
the signer gets written in to. We could alternatively pre-allocate
that `Vec`, but we've been set up to skip the write entirely for a
while, and 0.0.113 was released nearly a year ago. Users
downgrading to LDK 0.0.112 and before at this point should not be
expected.
Matt Corallo [Sat, 4 Nov 2023 22:09:44 +0000 (22:09 +0000)]
Avoid allocating when checking gossip message signatures
When we check gossip message signatures, there's no reason to
serialize out the full gossip message before hashing, and it
generates a lot of allocations during the initial startup when we
fetch the full gossip from peers.
Matt Corallo [Sat, 4 Nov 2023 21:21:58 +0000 (21:21 +0000)]
Avoid a `tokio::mpsc::Sender` clone for each P2P send operation
Whenever we go to send bytes to a peer, we need to construct a
waker for tokio to call back into if we need to finish sending
later. That waker needs some reference to the peer's read task to
wake it up, hidden behind a single `*const ()`. To do this, we'd
previously simply stored a `Box<tokio::mpsc::Sender>` in that
pointer, which requires a `clone` for each waker construction. This
leads to substantial malloc traffic.
Instead, here, we replace this box with an `Arc`, leaving a single
`tokio::mpsc::Sender` floating around and simply change the
refcounts whenever we construct a new waker, which we can do
without allocations.
Matt Corallo [Sat, 4 Nov 2023 20:37:21 +0000 (20:37 +0000)]
Avoid re-allocating to encrypt gossip messages when forwarding
When we forward gossip messages, we store them in a separate buffer
before we encrypt them (and commit to the order in which they'll
appear on the wire). Rather than storing that buffer encoded with
no headroom, requiring re-allocating to add the message length and
two MAC blocks, we here add the headroom prior to pushing it into
the gossip buffer, avoiding an allocation.
benthecarman [Thu, 9 Nov 2023 20:46:02 +0000 (14:46 -0600)]
Fix potential cases where max_dust_htlc_exposure_msat overflows
Matt Corallo [Thu, 9 Nov 2023 00:01:39 +0000 (00:01 +0000)]
Fix `data_loss_protect` test to actually test DLP
The data loss protect test was panicking in a message assertion
which should be passing, but because the test was marked only
`#[should_panic]` it was being treated as a successful outcome.
Instead, we use `catch_unwind` on exactly the line we expect to
panic to ensure we are hitting the right one.
Valentine Wallace [Tue, 7 Nov 2023 20:14:27 +0000 (15:14 -0500)]
Link to LSP spec in accept_underpaying_htlcs config
Valentine Wallace [Tue, 7 Nov 2023 20:08:55 +0000 (15:08 -0500)]
Include counterparty skimmed fees in PaymentClaimed event.
Matt Corallo [Tue, 7 Nov 2023 18:16:49 +0000 (18:16 +0000)]
Merge pull request #2702 from G8XSU/libFuzzer
Update fuzzing instructions for libFuzzer/cargo-fuzz
Matt Corallo [Sat, 4 Nov 2023 20:20:12 +0000 (20:20 +0000)]
Use `VecDeque`, rather than `LinkedList` in peer message buffering
When buffering outbound messages for peers, `LinkedList` adds
rather substantial allocation overhead, which we avoid here by
swapping for a `VecDeque`.
Matt Corallo [Mon, 6 Nov 2023 16:57:13 +0000 (16:57 +0000)]
Avoid unnecessarily alloc'ing a new buffer when decrypting messages
When decrypting P2P messages, we already have a read buffer that we
read the message into. There's no reason to allocate a new `Vec` to
store the decrypted message when we can just overwrite the read
buffer and call it a day.
Matt Corallo [Sat, 4 Nov 2023 20:39:03 +0000 (20:39 +0000)]
Add an option to in-place decrypt with `ChaCha20Poly1305`
In the next commit we'll use this to avoid an allocation when
deserializing messages from the wire.
Jeffrey Czyz [Tue, 7 Nov 2023 13:43:26 +0000 (07:43 -0600)]
Merge pull request #2714 from TheBlueMatt/2023-11-one-less-alloc
Avoid an unnecessary allocation in `TaggedHash`
optout [Tue, 7 Nov 2023 11:12:20 +0000 (12:12 +0100)]
Add Splicing (and Quiescence) wire message definitions
Matt Corallo [Tue, 7 Nov 2023 05:07:09 +0000 (05:07 +0000)]
Avoid an unnecessary allocation in `TaggedHash`
A well-formed tag is always a constant, so allocating to store it
is unnecessary when we can just make the tag a `&'static str`.
Matt Corallo [Tue, 7 Nov 2023 05:04:48 +0000 (05:04 +0000)]
Merge pull request #2687 from orbitalturtle/signature-data-enum
Expose more granular data in TaggedHash struct
Matt Corallo [Tue, 7 Nov 2023 04:41:03 +0000 (04:41 +0000)]
Merge pull request #2677 from Evanfeenstra/public-onion-utils
public create_payment_onion in onion_utils
Matt Corallo [Sat, 4 Nov 2023 21:01:18 +0000 (21:01 +0000)]
Pre-allocate the full `Vec` prior to serializing as a `Vec<u8>`
We end up generating a substantial amount of allocations just
doubling `Vec`s when serializing to them, and our
`serialized_length` method is generally rather effecient, so we
just rely on it and allocate correctly up front.
Orbital [Thu, 26 Oct 2023 03:10:35 +0000 (22:10 -0500)]
expose more granular data in TaggedHash struct
Expose tag and merkle root fields in the TaggedHash struct.
Orbital [Fri, 3 Nov 2023 00:50:20 +0000 (19:50 -0500)]
refactor to remove message_digest
We change the Bolt12Invoice struct to carry a tagged hash. Because
message_digest is then only used in one place, we can inline it in
the TaggedHash constructor.
Gursharan Singh [Fri, 3 Nov 2023 00:45:38 +0000 (17:45 -0700)]
Update fuzzing instructions for libFuzzer/cargo-fuzz
Evan Feenstra [Mon, 6 Nov 2023 18:42:50 +0000 (10:42 -0800)]
export create_onion_message and peel_onion_message from ln::onion_message
Evan Feenstra [Sat, 28 Oct 2023 22:10:00 +0000 (15:10 -0700)]
public create_payment_onion in onion_utils
Matt Corallo [Sun, 5 Nov 2023 05:35:40 +0000 (05:35 +0000)]
Merge pull request #2699 from mhrheaume/mhr/temporary_channel_id
Added `temporary_channel_id` to `create_channel`.
Matt Corallo [Sat, 4 Nov 2023 16:21:29 +0000 (16:21 +0000)]
Avoid unnecessarily overriding `serialized_length`
...as LLVM will handle it just fine for us, in most cases.
Matt Corallo [Sat, 4 Nov 2023 16:20:51 +0000 (16:20 +0000)]
Pre-allocate send buffer when forwarding gossip
When forwarding gossip, rather than relying on Vec doubling,
pre-allocate the message encoding buffer.
Matt Corallo [Sat, 4 Nov 2023 16:20:24 +0000 (16:20 +0000)]
Prefer `Writeable.encode()` over `VecWriter` use
It does the same thing and its much simpler.
Matt Corallo [Sat, 4 Nov 2023 03:53:46 +0000 (03:53 +0000)]
Reduce on-startup heap frag due to network graph map/vec doubling
When we're reading a `NetworkGraph`, we know how many
nodes/channels we are reading, there's no reason not to
pre-allocate the `IndexedMap`'s inner `HashMap` and `Vec`, which we
do here.
This seems to reduce on-startup heap fragmentation with glibc by
something like 100MiB.
Matthew Rheaume [Tue, 31 Oct 2023 22:36:11 +0000 (15:36 -0700)]
Added `temporary_channel_id` to `create_channel`.
By default, LDK will generate the initial temporary channel ID for you.
However, in certain cases, it's desirable to have a temporary channel ID
specified by the caller in case of any pre-negotiation that needs to
happen between peers prior to the channel open message. For example, LND
has a `FundingShim` API that allows for advanced funding flows based on
the temporary channel ID of the channel.
This patch adds support for optionally specifying the temporary channel
ID of the channel through the `create_channel` API.
Matt Corallo [Thu, 2 Nov 2023 19:04:05 +0000 (19:04 +0000)]
Merge pull request #2558 from waterson/pr-2554
Handle retrying sign_counterparty_commitment failures
Elias Rohrer [Thu, 2 Nov 2023 08:50:21 +0000 (09:50 +0100)]
Merge pull request #2641 from alexanderwiederin/2585-preflight-test-coverage
#2585 Preflight Test Coverage
Chris Waterson [Wed, 6 Sep 2023 18:38:34 +0000 (11:38 -0700)]
Add basic async signer tests
Adds a `get_signer` method to the context so that a test can get ahold of the
channel signer. Adds a `set_available` method on the `TestChannelSigner` to
allow a test to enable and disable the signer: when disabled some of the
signer's methods will return `Err` which will typically activate the error
handling case. Adds a `set_channel_signer_available` function on the test
`Node` class to make it easy to enable and disable a specific signer.
Adds a new `async_signer_tests` module:
* Check for asynchronous handling of `funding_created` and `funding_signed`.
* Check that we correctly resume processing after awaiting an asynchronous
signature for a `commitment_signed` event.
* Verify correct handling during peer disconnect.
* Verify correct handling for inbound zero-conf.
Matt Corallo [Tue, 5 Sep 2023 22:21:04 +0000 (22:21 +0000)]
Handle retrying sign_counterparty_commitment inb funding failures
If sign_counterparty_commitment fails (i.e. because the signer is
temporarily disconnected), this really indicates that we should
retry the message sending which required the signature later,
rather than force-closing the channel (which probably won't even
work if the signer is missing).
This commit adds retrying of inbound funding_created signing
failures, regenerating the `FundingSigned` message, attempting to
re-sign, and sending it to our peers if we succeed.
Matt Corallo [Tue, 5 Sep 2023 22:10:34 +0000 (22:10 +0000)]
Handle retrying sign_counterparty_commitment outb funding failures
If sign_counterparty_commitment fails (i.e. because the signer is
temporarily disconnected), this really indicates that we should
retry the message sending which required the signature later,
rather than force-closing the channel (which probably won't even
work if the signer is missing).
This commit adds retrying of outbound funding_created signing
failures, regenerating the `FundingCreated` message, attempting to
re-sign, and sending it to our peers if we succeed.
Matt Corallo [Tue, 5 Sep 2023 22:06:53 +0000 (22:06 +0000)]
Handle retrying sign_counterparty_commitment failures
If sign_counterparty_commitment fails (i.e. because the signer is
temporarily disconnected), this really indicates that we should
retry the message sending which required the signature later,
rather than force-closing the channel (which probably won't even
work if the signer is missing).
This commit adds initial retrying of failures, specifically
regenerating commitment updates, attempting to re-sign the
`CommitmentSigned` message, and sending it to our peers if we
succed.
Matt Corallo [Tue, 5 Sep 2023 21:13:07 +0000 (21:13 +0000)]
Handle sign_counterparty_commitment failing during inb funding
If sign_counterparty_commitment fails (i.e. because the signer is
temporarily disconnected), this really indicates that we should
retry the message sending which required the signature later,
rather than force-closing the channel (which probably won't even
work if the signer is missing).
Here we add initial handling of sign_counterparty_commitment
failing during inbound channel funding, setting a flag in
`ChannelContext` which indicates we should retry sending the
`funding_signed` later. We don't yet add any ability to do that
retry.
Matt Corallo [Tue, 5 Sep 2023 21:06:22 +0000 (21:06 +0000)]
Handle sign_counterparty_commitment failing during outb funding
If sign_counterparty_commitment fails (i.e. because the signer is
temporarily disconnected), this really indicates that we should
retry the message sending which required the signature later,
rather than force-closing the channel (which probably won't even
work if the signer is missing).
Here we add initial handling of sign_counterparty_commitment
failing during outbound channel funding, setting a new flag in
`ChannelContext` which indicates we should retry sending the
`funding_created` later. We don't yet add any ability to do that
retry.
Matt Corallo [Tue, 5 Sep 2023 20:46:28 +0000 (20:46 +0000)]
Handling for sign_counterparty_commitment failing during normal op
If sign_counterparty_commitment fails (i.e. because the signer is
temporarily disconnected), this really indicates that we should
retry the message sending later, rather than force-closing the
channel (which probably won't even work if the signer is missing).
Here we add initial handling of sign_counterparty_commitment
failing during normal channel operation, setting a new flag in
`ChannelContext` which indicates we should retry sending the
commitment update later. We don't yet add any ability to do that
retry.
valentinewallace [Wed, 1 Nov 2023 18:34:29 +0000 (14:34 -0400)]
Merge pull request #2682 from jkczyz/2023-09-bolt12-test-vectors
BOLT 12 Offer test vectors
alexanderwiederin [Sun, 22 Oct 2023 12:38:41 +0000 (08:38 -0400)]
add preflight probes test coverage
Matt Corallo [Wed, 1 Nov 2023 17:42:29 +0000 (17:42 +0000)]
Merge pull request #2686 from jkczyz/2023-10-onion-message-fuzz
Re-add one-hop onion message fuzzing test
valentinewallace [Mon, 30 Oct 2023 20:21:36 +0000 (16:21 -0400)]
Merge pull request #2668 from TheBlueMatt/2023-10-fix-doc
Update docs on `MonitorEvent::HolderForceClosed`
valentinewallace [Mon, 30 Oct 2023 16:49:42 +0000 (12:49 -0400)]
Merge pull request #2693 from Evanfeenstra/next-hop-pubkey-secp-mode
next_hop_pubkey secp Verification only
Matt Corallo [Mon, 30 Oct 2023 16:00:19 +0000 (16:00 +0000)]
Merge pull request #2669 from benthecarman/trace-sync-progress
Remove channel monitor sync in progress log
Matt Corallo [Sun, 29 Oct 2023 19:38:26 +0000 (19:38 +0000)]
Merge pull request #2689 from benthecarman/no-std-offer-expire
Add `is_expired_no_std` to Offer
Matt Corallo [Sun, 29 Oct 2023 17:58:56 +0000 (17:58 +0000)]
Merge pull request #2613 from wvanlint/batch_funding_fix_up
Refactor ShutdownResult type and construction
Evan Feenstra [Sat, 28 Oct 2023 15:11:21 +0000 (08:11 -0700)]
next_hop_pubkey secp Verification only
benthecarman [Thu, 26 Oct 2023 21:55:03 +0000 (16:55 -0500)]
Add is_expired_no_std to Offer & Refund
This was available for OfferContents but not an Offer so dependent
projects could not access it.
Jeffrey Czyz [Wed, 18 Oct 2023 21:28:54 +0000 (16:28 -0500)]
Re-add one-hop onion message fuzzing test
Revert fuzz test removal in
6dc42235baaa22320ad78d3e05fab31edad99328.
The test originally checked that OnionMessenger would fail for one-hop
blinded paths. The commit added support for such paths, but changing the
checks was not sufficient since the node was not connected to the
introduction node of the reply path. This is required in order to work
with the trivial TestMessageRouter. Fix this by explicitly connecting
the nodes.
Jeffrey Czyz [Wed, 25 Oct 2023 21:37:26 +0000 (16:37 -0500)]
Wrap long onion_message fuzz strings
Some editors like vim slow to a crawl when scrolling over long strings
when syntax highlighting is turned on. Limit the length in fuzz strings
to avoid this.
Jeffrey Czyz [Tue, 26 Sep 2023 20:42:28 +0000 (15:42 -0500)]
BOLT 12 test vectors for offer parsing
One discrepancy from the spec still needs to be resolved:
https://github.com/lightning/bolts/pull/798/files#r1334851959
Jeffrey Czyz [Tue, 26 Sep 2023 20:41:45 +0000 (15:41 -0500)]
Separate and describe BOLT 12 test vectors
Jeffrey Czyz [Fri, 22 Sep 2023 20:05:49 +0000 (15:05 -0500)]
Move bech32 parsing tests to the parse module
Additional BOLT 12 tests specific to Offer were added, which will live
in the offer module. Thus, it makes sense to move the bech32 tests to
the parse module.
Matt Corallo [Tue, 24 Oct 2023 01:26:30 +0000 (01:26 +0000)]
Merge pull request #2678 from TheBlueMatt/2023-10-0.0.118
Cut 0.0.118
Matt Corallo [Fri, 20 Oct 2023 23:44:49 +0000 (23:44 +0000)]
Bump crate versions to lightning 0.0.118, invoice 0.26
Matt Corallo [Fri, 20 Oct 2023 20:46:30 +0000 (20:46 +0000)]
0.0.118 release notes
Matt Corallo [Mon, 23 Oct 2023 22:58:15 +0000 (22:58 +0000)]
Merge pull request #2679 from TheBlueMatt/2023-10-116-bindings-1
Small bindings tweaks for 0.0.118
Matt Corallo [Mon, 23 Oct 2023 19:50:12 +0000 (19:50 +0000)]
Fix CI on rustc 1.50 and below
rustc doesn't allow `--features` with `-p`, so we simply skip the
steps that rely on it.
Matt Corallo [Mon, 23 Oct 2023 18:55:17 +0000 (18:55 +0000)]
Use a tuple, not a struct, for `PendingOnionMessage` in bindings
Bindings aren't currently able to handle a struct with a generic
which is actually exposed - we map all structs concretely to a
single type, whereas having fluctuating types on a struct requires
mapping the inner field to a trait first.
Since this isn't super practical, we make `PendingOnionMessage` a
tuple in bindings, rather than a struct.
Matt Corallo [Mon, 23 Oct 2023 19:16:29 +0000 (19:16 +0000)]
Merge pull request #2676 from TheBlueMatt/2023-10-various-followups
Various Followups to 2039 and 2674
Matt Corallo [Mon, 23 Oct 2023 16:49:49 +0000 (16:49 +0000)]
Add relevant no-export tags to functions returning builders
Because we can't map move semantics in most languages, we also
can't map our current builders. Thus, we have to mark them
no-export.
Matt Corallo [Mon, 23 Oct 2023 16:50:05 +0000 (16:50 +0000)]
Drop an unnecessary no-export on ParsedOnionMessageContents
Matt Corallo [Sat, 21 Oct 2023 02:42:48 +0000 (02:42 +0000)]
Do not compile the `Simple*` type aliases in `c_bindings` at all
Because the bindings changes now require further changes to our
type definitions, avoiding building the `Simple*` type aliases
entirely makes the patchset there simpler.
Matt Corallo [Sat, 21 Oct 2023 01:08:38 +0000 (01:08 +0000)]
Fix (and test) the `c_bindings` build flag
Rather than only building with the `c_bindings` flag in certain
crates, we go ahead and test all crates with the flag in CI here.
Matt Corallo [Fri, 20 Oct 2023 18:19:57 +0000 (18:19 +0000)]
Remove some additional excess words in `ConfirmationTarget` docs
Matt Corallo [Fri, 20 Oct 2023 18:11:56 +0000 (18:11 +0000)]
Remove a redundant sentence in `ConfirmationTarget` docs
... and correct direction which causes force-closure in another
sentence.
Matt Corallo [Fri, 20 Oct 2023 18:09:39 +0000 (18:09 +0000)]
Drop unused `use` import.
Matt Corallo [Fri, 20 Oct 2023 17:38:19 +0000 (17:38 +0000)]
Avoid a redundant allocation in `InvoiceError` handling in one case
... by passing an owned `String`, rather than taking an `&str` and
`to_owned()`ing it.
Matt Corallo [Fri, 20 Oct 2023 17:34:12 +0000 (17:34 +0000)]
Use `Default::default()` for scoring params in tests
In
26c1639ab69d6780c97a118f09e42cb42304088a we switched to using
`Default::default()` to initialize `()` for scoring parameters in
tests. A number of `()`s slipped back in recently, which we replace
here.
Matt Corallo [Fri, 20 Oct 2023 22:55:08 +0000 (22:55 +0000)]
Merge pull request #2667 from wpaulino/random-htlc-holder-sigs-non-anchors
Use sign_holder_htlc_transaction to sign non-anchors holder HTLCs
Matt Corallo [Fri, 20 Oct 2023 22:54:08 +0000 (22:54 +0000)]
Merge pull request #2674 from wpaulino/consider-anchor-outputs-value-balances
Consider anchor outputs value throughout balance checks and computations
Wilmer Paulino [Mon, 16 Oct 2023 19:21:52 +0000 (12:21 -0700)]
Move HTLCDescriptor to sign module
Now that `HTLCDescriptor` is no longer specific to anchors, it doesn't
make sense for it to live in the `bump_transaction` module anymore.
Wilmer Paulino [Fri, 13 Oct 2023 21:09:37 +0000 (14:09 -0700)]
Don't sign holder HTLCs along with holder commitments
`sign_holder_commitment_and_htlcs` never really made sense. Unlike
`sign_counterparty_commitment`, the signatures for holder HTLC
transactions may be required much later than the commitment
transaction's. While it was nice for us to only reach the signer once to
obtain all holder signatures, it's not really ideal anymore as we want
our signatures to be random and not reused.
We no longer return all holder HTLC signatures and instead defer to
obtaining them via `EcdsaChannelSigner::sign_holder_htlc_transaction`.
Wilmer Paulino [Fri, 13 Oct 2023 20:58:59 +0000 (13:58 -0700)]
Remove caching of holder HTLC signatures
Since we want our holder HTLC signatures to be randomly generated and
not reused, our existing caches are useless now, so we opt to remove
them.
Wilmer Paulino [Fri, 13 Oct 2023 20:52:23 +0000 (13:52 -0700)]
Use sign_holder_htlc_transaction to sign non-anchors holder HTLCs
We want to ensure we use fresh random signatures to prevent certain
classes of transaction replacement attacks at the bitcoin P2P layer.
This was already covered for commitment transactions and zero fee holder
HTLC transactions, but was missing for holder HTLC transactions on
non-anchors channels.
We can easily do this by reusing the existing
`EcdsaChannelSigner::sign_holder_htlc_transaction` method and
circumventing the existing `holder_htlc_sigs/prev_holder_htlc_sigs`
caches, which will be removed in a later commit anyway.
Matt Corallo [Fri, 20 Oct 2023 17:31:42 +0000 (17:31 +0000)]
Apply a default max fee rather than none when paying for BOLT12
If the user declines to specify a `max_total_routing_fee_msat` in
the new BOLT12 payment methods, rather than defaulting to no limit
on the fee we pay at all, we should default to our "usual default",
ie the one calculated in
`RouteParameters::from_payment_params_and_value`.
We do this here, as well as documenting the behavior on the payment
methods.
Wilmer Paulino [Thu, 19 Oct 2023 16:29:21 +0000 (09:29 -0700)]
Only account for fee spike buffer multiple on non-anchor channels
Anchor outputs channels are no longer susceptible to fee spikes as they
now mostly target the dynamic minimum mempool fee and can contribute the
remainder of fees when closing.
Wilmer Paulino [Thu, 19 Oct 2023 16:27:57 +0000 (09:27 -0700)]
Consider anchor outputs value on channel open
We should make sure the funding amount of a channel can cover all its
associated costs, including the value of anchor outputs, to make sure
that it is actually usable once "opened".
Wilmer Paulino [Thu, 19 Oct 2023 16:27:30 +0000 (09:27 -0700)]
Consider anchor outputs value on inbound HTLCs
This could lead us to accept HTLCs that would put the sender below
their reserve, which must never happen.
Wilmer Paulino [Thu, 19 Oct 2023 16:25:23 +0000 (09:25 -0700)]
Consider anchor outputs value in get_available_balances
This could lead us to sending/forwarding HTLCs that would put us below
our reserve, forcing our counterparty to close the channel on us due to
an invalid update.
Wilmer Paulino [Thu, 19 Oct 2023 16:22:50 +0000 (09:22 -0700)]
Run chanmon_consistency_test with anchor outputs channels
Wilmer Paulino [Fri, 13 Oct 2023 20:47:45 +0000 (13:47 -0700)]
Provide missing derivation parameters to OnchainTxHandler
`OnchainTxHandler` will need to construct `HTLCDescriptor`s for holder
HTLCs, but it did not have access to all of the derivation parameters
that need to be provided.
Wilmer Paulino [Fri, 13 Oct 2023 20:49:50 +0000 (13:49 -0700)]
Support signing non-anchors HTLCs with HTLCDescriptor
We plan to use `EcdsaChannelSigner::sign_holder_htlc_transaction` to
also sign holder HTLC transactions on non-anchor outputs channels.
`HTLCDescriptor` was only used in an anchor outputs context, so a few
things needed changing, mostly to handle the different scripts and
feerate.
Matt Corallo [Fri, 20 Oct 2023 17:37:17 +0000 (17:37 +0000)]
Merge pull request #2660 from benthecarman/flexible-fee-rate
More flexible fee rate estimates
benthecarman [Thu, 12 Oct 2023 20:43:30 +0000 (15:43 -0500)]
More flexible fee rate estimates
Matt Corallo [Fri, 20 Oct 2023 16:40:17 +0000 (16:40 +0000)]
Merge pull request #2039 from jkczyz/2023-02-offer-flow
BOLT 12 Offers message flow
Matt Corallo [Tue, 17 Oct 2023 16:23:20 +0000 (16:23 +0000)]
Update docs on `MonitorEvent::HolderForceClosed`
In
a96e2fe144383ea6fd670153fb895ee07a3245ef we renamed
`MonitorEvent::CommitmentTxConfirmed` to `HolderForceClosed` to
better document what actually happened. However, we failed to
update the documentation on the type, which we do here.
Pointed out by @yellowred.
Matt Corallo [Fri, 20 Oct 2023 15:57:43 +0000 (15:57 +0000)]
Merge pull request #2670 from yanganto/socket-addr-to-string
Impl `Display` for SocketAddress
Jeffrey Czyz [Fri, 20 Oct 2023 01:32:00 +0000 (20:32 -0500)]
Fix PaymentConstraints::max_cltv_expiry docs