Antoine Riard [Wed, 26 Feb 2020 23:18:27 +0000 (18:18 -0500)]
Watch outputs of revoked HTLC-transactions
Bumping of justice txn on revoked HTLC-Success/HTLC-timeout is triggered
until our claim is confirmed onchain with at least
ANTI_REORG_DELAY_SAFE. Before this patch, we weren't tracking them in
check_spend_remote_htlc, leading us to infinite bumps.
Antoine Riard [Wed, 11 Mar 2020 19:10:29 +0000 (15:10 -0400)]
Fix duplicata of adjusted justice tx generation in OnchainTxHandler
Adjusted tx occurs when a previous aggregated claim tx has
seen one of its outpoint being partially claimed by a remote tx.
To pursue claiming of the remaining outpoint a adjusted claim tx
is generated with leftover of claimable outpoints.
Previously, in case of block-rescan where a partial claim occurs,
we would generate duplicated adjusted tx, wrongly inflating feerate
for next bumps. At rescan, if input has already been dropped from
outpoints map from a claiming request, don't regenerate again
a adjuste tx.
3d640da5c343111f538f006996c13c9a98e0d9e6 changed the indexes for
some enums in ChannelMonitor deserialization but not serialization.
Thus, the chanmon_deser_target fuzz target failed on travis on at
least one PR.
Antoine Riard [Tue, 10 Mar 2020 17:03:10 +0000 (13:03 -0400)]
Make htlc_minimum_msat configurable
Enforce a minimum htlc_minimum_msat of 1.
Instead of computing dynamically htlc_minimum_msat based on feerate,
relies on user-provided configuration value. This let user compute
an economical-driven channel parameter according to network dynamics.
Matt Corallo [Mon, 24 Feb 2020 19:17:04 +0000 (14:17 -0500)]
Fix long-standing race in net-tokio reading after a disconnect event
If rust-lightning tells us to disconnect a socket after we read
some bytes from the socket, but before we actually give those bytes
to rust-lightning, we may end up calling rust-lightning with a
Descriptor that isn't registered anymore.
Sadly, there really isn't a good way to solve this, and it should
be a pretty quick event, so we just busy-wait.
Matt Corallo [Sat, 15 Feb 2020 03:32:30 +0000 (22:32 -0500)]
Update pre-HTLC DataLossProtect to match new spec changes
This was the way DataLossProtect was originally written, however it
didn't match other implementations at the time during testing. It
turns out, other implementations didn't agree with each other
anyway (depending on the exact timeline), so the spec was clarified
somewhat in https://github.com/lightningnetwork/lightning-rfc/pull/550
. This updates us to be in line with the new guidance and appears
to solve out-of-sync issues in testing.
Matt Corallo [Thu, 5 Mar 2020 23:01:06 +0000 (18:01 -0500)]
Use block timestamps as the min for generated update messages.
Fixes issue #493 and should resolve some issues where other nodes
(incorrectly) reject channel_update/node_announcement messages
which have a serial number that is not a relatively recent
timestamp.
Matt Corallo [Fri, 3 Jan 2020 01:32:37 +0000 (20:32 -0500)]
Add ability to broadcast our own node_announcement.
This is a somewhat-obvious oversight in the capabilities of
rust-lightning, though not a particularly interesting one until we
start relying on node_features (eg for variable-length-onions and
Base AMP).
Sadly its not fully automated as we don't really want to store the
list of available addresses from the user. However, with a simple
call to ChannelManager::broadcast_node_announcement and a sensible
peer_handler, the announcement is made.
Matt Corallo [Wed, 4 Mar 2020 22:45:27 +0000 (17:45 -0500)]
Take multiple spent-txn to check_spends! in functional_tests
This reintroduces a check_spends!() removed in 3d640da5c343111f538f
due to check_spends not being able to check a transaction which
spends multiple other transactions.
It also simplifies a few calls in claim_htlc_outputs_single_tx by
using check_spends!().
Matt Corallo [Wed, 4 Mar 2020 22:36:12 +0000 (17:36 -0500)]
Drop redundant .clone() in check_spends calls.
The API to rust-bitcoin to check a transaction correctly spends
another changed some time ago, but we still have a lot of needless
.clone()s in our tests.
Matt Corallo [Wed, 4 Mar 2020 22:27:03 +0000 (17:27 -0500)]
Flatten Vec passed from channelmonitor to onchaintx block_connected
Instead of passing a Vec of Vecs drop them into one as we go in
ChannelMonitor, hopefully avoiding a bit of memory fragmentation
and improving readability.
Antoine Riard [Fri, 24 Jan 2020 16:57:52 +0000 (11:57 -0500)]
Introduce OnchainTxHandler, move bumping and tracking logic
Encapsulates tracking and bumping of in-flight transactions in
its own component. This component may be latter abstracted
to reuse tracking and RBF for new features (e.g dual-funding,
splicing)
Build all transactions generation in one place. Also as fees
and signatures are closely tied, what keys do you have determine
what bumping mode you can use.
Matt Corallo [Mon, 24 Feb 2020 04:26:10 +0000 (23:26 -0500)]
Test Router serialization round-trip in functional_tests.
This tests Router serialization round-trip at the end of each
functional test in the same way we do ChannelMonitors and
ChannelManagers to catch any cases where we were able to get into
a state which would have prevented reading a Router back off disk.
We further walk all of the announcements which both the original
and deserialized Routers would send to peers requesting initial
sync to ensure they match.
Matt Corallo [Mon, 24 Feb 2020 04:25:43 +0000 (23:25 -0500)]
Change Option<T> serialization format to include length
This is a cheap way to fix an error in Router serialization
roundtrip due to us calling read_to_end during the read of
channel/node announcement/updates. During normal message reading,
we only have limited bytes to read (specifically the message buffer)
so this is fine, however when we read them inside Router, we have
more data from other fields of the Router available as well. Thus,
we end up reading the entire rest of the Router into one message
field, and failing to deserialize.
Because such fields are always stored in Option<>s, we can simply
use a LengthLimitingStream in the Option<> serialization format and
make only the correct number of bytes available.
By using a variable-length integer for the new field, we avoid
wasting space compared to the existing serialization format.
Matt Corallo [Mon, 24 Feb 2020 04:12:19 +0000 (23:12 -0500)]
Make Readable::read a templated on the stream, not Readable itself
This makes Readable symmetric with Writeable and makes sense -
something which is Readable should be Readable for any stream which
implements std::io::Read, not only for a stream type it decides on.
This solves some lifetime-compatibility issues in trying to read()
from a LengthLimitingReader in arbitrary Readable impls.
Matt Corallo [Mon, 27 Jan 2020 15:38:13 +0000 (10:38 -0500)]
Impl ReadableArgs for Arc<ChannelManager>, not just ChannelManager.
This provides a simple wrapper for deserializing right into an
Arc<ChannelManager>, which improves UX a tiny bit when working with
SimpleArcChannelManager types.
Matt Corallo [Sat, 1 Feb 2020 17:37:50 +0000 (12:37 -0500)]
[travis] Build lightning-net-tokio on Rust 1.39.0+, fuzz on stable
This disables building the lightning-net-tokio crate on 1.34.2 on
Travis in anticiption of relying on async/await for
lightning-net-tokio, with the nice side-effect of reducing the
amount of work done on our slowest Travis job.
This also adds 1.39.0 to Travis as that is the new MSRV for
lightning-net-tokio and uses that for codecov generation.
This also moves fuzzing to Rust stable, as honggfuzz broke its MSRV
and it seems likely it will again in the future.
Matt Corallo [Wed, 12 Feb 2020 21:55:04 +0000 (16:55 -0500)]
Move events into ChannelMonitor from ManyChannelMonitor
This is the next step after "Move pending-HTLC-updated ChannelMonitor
from ManyChannelMonitor", moving our events into ChannelMonitor as
well and leaving only new-outputs-to-watch in the return value for
ChannelMonitor::block_connected (which is fine as those are
duplicatively tracked in the ChannelMonitor directly, so
losing/replaying them is acceptable).
Matt Corallo [Wed, 12 Feb 2020 22:02:03 +0000 (17:02 -0500)]
Implement Readable/Writeable for Events
As noted in the docs, Events don't round-trip fully, but round-trip
in a way that is useful for ChannelManagers, specifically some events
don't make sense anymore after a restart.
Matt Corallo [Mon, 24 Feb 2020 23:47:38 +0000 (18:47 -0500)]
Dont treat a timer tick as no_connection_possible and log
In testing, due to other patches, I managed to flood the send queue
with messages and cause us not to be able to send pings, thus
getting a peer disconnected for ping timeout. To my surprise, this
also force-closed all of my channels with that peeer.
Obviously a ping timeout does not indicate that no future connection
with said peer will be possible, and we shouldn't be force-closing
channels as a result.
This also logs when a peer is disconnected to ping timeout to make
debug easier.
Matt Corallo [Wed, 12 Feb 2020 20:47:04 +0000 (15:47 -0500)]
Drop Clone from ChannelMonitor.
This removes the somewhat-easy-to-misuse Clone from ChannelMonitors,
opening us up to being able to track Events in ChannelMonitors with
less risk of misuse.
Sadly it doesn't remove the Clone requirement for ChannelKeys,
though gets us much closer - we now just need to request a second
copy once when we go to create the ChannelMonitors.
Matt Corallo [Tue, 11 Feb 2020 23:34:29 +0000 (18:34 -0500)]
Rm ChannelMonitor merge capabilities in favor of explicit add/update
This removes the ability to merge ChannelMonitors in favor of
explicit ChannelMonitorUpdates. It further removes
ChannelManager::test_restore_channel_monitor in favor of the new
ChannelManager::channel_monitor_updated method, which explicitly
confirms a set of updates instead of providing the latest copy of
each ChannelMonitor to the user.
This removes almost all need for Channels to have the latest
channel_monitor, except for broadcasting the latest local state.
Matt Corallo [Sat, 8 Feb 2020 22:22:58 +0000 (17:22 -0500)]
Use ChannelMonitorUpdate in fallen-behind handling during reestablish
This is a rather huge diff, almost entirely due to removing the
type parameter from ChannelError which was added in c20e930b31e973e0fb290322c9ac425002e3b672 due to holding the
ChannelKeys in ChannelMonitors.
Matt Corallo [Sat, 8 Feb 2020 21:17:59 +0000 (16:17 -0500)]
Set ChannelMonitor basic_channel_info on funding, not on accept
This prepares for only creating the ChannelMonitor on funding by
removing any channel_monitor calls from Channel open/accept-time to
funding-signed time.
Matt Corallo [Sat, 8 Feb 2020 01:08:31 +0000 (20:08 -0500)]
Use ChannelMonitorUpdates in commitment signing fns in Channel
This is a rather big step towards using the new ChannelMonitorUpdate
flow, using it in the various commitment signing and commitment
update message processing functions in Channel. Becase they all
often call each other, they all have to be updated as a group,
resulting in the somewhat large diff in this commit.
In order to keep the update_ids strictly increasing by one for
ease of use on the user end, we have to play some games with the
latest_monitor_update_id field, though its generally still pretty
readable, and the pattern of "get an update_id at the start, and
use the one we got at the start when returning, irrespective of
what other calls into the Channel during that time did" is
relatively straightforward.
Matt Corallo [Thu, 6 Feb 2020 18:53:56 +0000 (13:53 -0500)]
Update Channel::funding_signed to use ChannelMonitorUpdate
This is the first of several steps to update ChannelMonitor updates
to use the new ChannelMonitorUpdate objects, demonstrating how the
new flow works in Channel.
Matt Corallo [Thu, 6 Feb 2020 00:39:31 +0000 (19:39 -0500)]
Add types for updating ChannelMonitors without copying them.
This is the first step in migrating ChannelMonitor updating logic
to use incremental Update objects instead of copying the
ChannelMonitors themselves and insert_combine()ing them.
This adds most of the scaffolding and updates relevant comments to
refer to the new architecture, without changing how any actual
updates occur.
Matt Corallo [Thu, 6 Feb 2020 05:03:32 +0000 (00:03 -0500)]
Use Channel::funding_txo instead of its channel_monitor.funding_txo
Currently Channel relies on its own internal channel_monitor copy
to keep track of funding_txo information, which is both a bit
awkward and not ideal if we want to get rid of the ChannelMonitor
copy in Channel.
Instead, just duplicate it (its small) and keep it directly in
Channel, allowing us to remove the (super awkward)
ChannelMonitor::unset_funding_txo().
Matt Corallo [Fri, 7 Feb 2020 22:48:46 +0000 (17:48 -0500)]
Track counterparty's commitment secrets in Channel directly.
In the process of removing a local ChannelMonitor in each Channel,
we need to track our counterpartys' commitment secrets so that we
can check them locally instead of calling our channel monitor to
do that work for us.
Matt Corallo [Fri, 7 Feb 2020 21:05:24 +0000 (16:05 -0500)]
Swap out ChannelMonitor remote secret tracking for a struct.
In order to drop the ChannelMonitor from Channel, we need to track
remote per_commitment_secrets outside of the monitor to validate new
ones as they come in.
This just moves the current code from ChannelMonitor into a new
CounterpartyCommitmentSecrets struct in chan_utils.
Matt Corallo [Thu, 20 Feb 2020 20:12:42 +0000 (15:12 -0500)]
Fix incorrect docs around disconnect in peer_handler + rename fns
The way PeerHandler was written, it was supposed to remove from
self.peers iff the API docs indicate that disconnect_event should
NOT be called (and otherwise rely on disconnect_event to do so).
Sadly, the implementation was way out of whack with reality - in
the implementation, essentially anywhere where PeerHandler
originated the disconnection, the peer was removed and no
disconnect_event was expected. The docs, however, indicated that
disconnect_event should nearly only be called, only not doing so
when the initial handshake message never completed.
We opt to change the docs, mostly, as well as clean up the
ping/pong handling somewhat and rename a few functions to clarify
what they actually do.
Matt Corallo [Tue, 4 Feb 2020 04:46:29 +0000 (23:46 -0500)]
Move pending-HTLC-updated ChannelMonitor from ManyChannelMonitor
This is important for a number of reasons:
* Firstly, I hit this trying to implement rescan in the demo
bitcoinrpc client - if individual ChannelMonitors are out of
sync with each other, we cannot add them all into a
ManyChannelMonitor together and then rescan, but need to rescan
them individually without having to do a bunch of manual work.
Of the three return values in ChannelMonitor::block_connected,
only the HTLCsource stuff that is moved here makes no sense to
be exposed to the user.
* Secondly, the logic currently in ManyChannelMonitor cannot be
reproduced by the user! HTLCSource is deliberately an opaque
type but we use its data to decide which things to keep when
inserting into the HashMap. This would prevent a user from
properly implementing a replacement ManyChannelMonitor, which is
unacceptable.
* Finally, by moving the tracking into ChannelMonitor, we can
serialize them out, which prevents us from forgetting them when
loading from disk, though there are still other races which need
to be handled to make this fully safe (see TODOs in
ChannelManager).
This is safe as no two entries can have the same HTLCSource across
different channels (or, if they did, it would be a rather serious
bug), though note that, IIRC, when this code was added, the
HTLCSource field in the values was not present.
We also take this opportunity to rename the fetch function to match
our other event interfaces, makaing it clear that by calling the
function the set of HTLCUpdates will also be cleared.
projects / rust-lightning / log