2018-09-03 03:08:56 +02:00
|
|
|
/*~ Welcome, wonderful reader!
|
|
|
|
*
|
2022-04-06 07:09:48 +02:00
|
|
|
* This is the Core of um, Core Lightning: the main file of the master daemon
|
2018-09-03 03:08:56 +02:00
|
|
|
* `lightningd`. It's mainly cluttered with the miscellany of setup,
|
|
|
|
* and a few startup sanity checks.
|
|
|
|
*
|
|
|
|
* The role of this daemon is to start the subdaemons, shuffle peers
|
|
|
|
* between them, handle the JSON RPC requests, bitcoind, the database
|
|
|
|
* and centralize logging. In theory, it doesn't trust the other
|
2018-09-03 05:40:01 +02:00
|
|
|
* daemons, though we expect `hsmd` (which holds secret keys) to be
|
|
|
|
* responsive.
|
2018-09-03 03:08:56 +02:00
|
|
|
*
|
|
|
|
* Comments beginning with a ~ (like this one!) are part of our shared
|
|
|
|
* adventure through the source, so they're more meta than normal code
|
2018-09-03 05:40:02 +02:00
|
|
|
* comments, and meant to be read in a certain order.
|
2018-09-03 03:08:56 +02:00
|
|
|
*/
|
|
|
|
|
|
|
|
/*~ Notice how includes are in ASCII order: this is actually enforced by
|
2018-09-03 05:40:01 +02:00
|
|
|
* the build system under `make check-source`. It avoids merge conflicts
|
2021-12-04 12:23:56 +01:00
|
|
|
* and keeps things consistent. It also make sure you include "config.h"
|
|
|
|
* before anything else. */
|
|
|
|
#include "config.h"
|
2018-09-03 03:08:56 +02:00
|
|
|
|
|
|
|
/*~ This is Ian Lance Taylor's libbacktrace. It turns out that it's
|
|
|
|
* horrifically difficult to obtain a decent backtrace in C; the standard
|
|
|
|
* backtrace function is useless in most programs. */
|
|
|
|
|
|
|
|
/*~ These headers are from CCAN: http://ccodearchive.net.
|
|
|
|
*
|
|
|
|
* It's another one of Rusty's projects, and we copy and paste it
|
|
|
|
* automatically into the source tree here, so you should never edit
|
|
|
|
* it. There's a Makefile target update-ccan to update it (and add modules
|
2018-09-03 05:40:01 +02:00
|
|
|
* if CCAN_NEW is specified).
|
|
|
|
*
|
|
|
|
* The most used of these are `ccan/tal` and `ccan/take`, which we'll describe
|
|
|
|
* in detail below.
|
|
|
|
*/
|
2017-01-10 06:07:51 +01:00
|
|
|
#include <ccan/array_size/array_size.h>
|
*: Use new closefrom module from ccan.
This also inadvertently fixes a latent bug: before this patch, in the
`subd` function in `lightningd/subd.c`, we would close `execfail[1]`
*before* doing an `exec`.
We use an EOF on `execfail[1]` as a signal that `exec` succeeded (the
fd is marked CLOEXEC), and otherwise use it to pump `errno` to the
parent.
The intent is that this fd should be kept open until `exec`, at which
point CLOEXEC triggers and close that fd and sends the EOF, *or* if
`exec` fails we can send the `errno` to the parent process vua that
pipe-end.
However, in the previous version, we end up closing that fd *before*
reaching `exec`, either in the loop which `dup2`s passed-in fds (by
overwriting `execfail[1]` with a `dup2`) or in the "close everything"
loop, which does not guard against `execfail[1]`, only
`dev_disconnect_fd`.
2021-10-19 05:35:44 +02:00
|
|
|
#include <ccan/closefrom/closefrom.h>
|
2022-01-03 19:45:35 +01:00
|
|
|
#include <ccan/json_escape/json_escape.h>
|
2021-09-16 07:00:42 +02:00
|
|
|
#include <ccan/opt/opt.h>
|
2017-01-10 06:07:51 +01:00
|
|
|
#include <ccan/pipecmd/pipecmd.h>
|
2018-02-20 00:00:09 +01:00
|
|
|
#include <ccan/read_write_all/read_write_all.h>
|
2017-01-10 06:07:51 +01:00
|
|
|
#include <ccan/tal/grab_file/grab_file.h>
|
|
|
|
#include <ccan/tal/path/path.h>
|
2017-09-15 04:18:52 +02:00
|
|
|
#include <ccan/tal/str/str.h>
|
2018-09-03 03:08:56 +02:00
|
|
|
|
2018-09-03 05:40:01 +02:00
|
|
|
/*~ This is common code: routines shared by one or more executables
|
|
|
|
* (separate daemons, or the lightning-cli program). */
|
2024-01-25 01:28:54 +01:00
|
|
|
#include <common/configdir.h>
|
2018-03-29 04:06:45 +02:00
|
|
|
#include <common/daemon.h>
|
2024-01-25 01:28:54 +01:00
|
|
|
#include <common/deprecation.h>
|
2020-04-03 05:21:22 +02:00
|
|
|
#include <common/ecdh_hsmd.h>
|
2021-01-03 12:32:43 +01:00
|
|
|
#include <common/hsm_encryption.h>
|
2023-07-31 01:36:33 +02:00
|
|
|
#include <common/json_stream.h>
|
2020-02-04 01:14:13 +01:00
|
|
|
#include <common/memleak.h>
|
2017-08-28 18:04:01 +02:00
|
|
|
#include <common/timeout.h>
|
2023-07-27 07:13:54 +02:00
|
|
|
#include <common/trace.h>
|
2017-08-28 18:02:01 +02:00
|
|
|
#include <common/version.h>
|
2022-01-03 19:45:35 +01:00
|
|
|
#include <db/exec.h>
|
2018-09-03 03:08:56 +02:00
|
|
|
|
2018-02-16 03:00:41 +01:00
|
|
|
#include <errno.h>
|
2018-02-20 00:00:09 +01:00
|
|
|
#include <fcntl.h>
|
2020-10-22 01:51:08 +02:00
|
|
|
#include <header_versions_gen.h>
|
2023-03-21 04:58:15 +01:00
|
|
|
#include <hsmd/hsmd_wiregen.h>
|
2017-08-28 18:04:01 +02:00
|
|
|
#include <lightningd/chaintopology.h>
|
2021-09-16 07:00:42 +02:00
|
|
|
#include <lightningd/channel.h>
|
2018-05-06 15:32:01 +02:00
|
|
|
#include <lightningd/channel_control.h>
|
2024-01-31 04:16:17 +01:00
|
|
|
#include <lightningd/channel_gossip.h>
|
2020-04-04 01:58:04 +02:00
|
|
|
#include <lightningd/coin_mvts.h>
|
2018-07-24 08:18:58 +02:00
|
|
|
#include <lightningd/connect_control.h>
|
2021-12-04 12:23:56 +01:00
|
|
|
#include <lightningd/gossip_control.h>
|
|
|
|
#include <lightningd/hsm_control.h>
|
2019-05-30 04:30:10 +02:00
|
|
|
#include <lightningd/io_loop_with_timers.h>
|
2021-12-04 12:23:56 +01:00
|
|
|
#include <lightningd/lightningd.h>
|
2018-04-17 15:31:30 +02:00
|
|
|
#include <lightningd/onchain_control.h>
|
2023-10-28 05:10:56 +02:00
|
|
|
#include <lightningd/peer_htlcs.h>
|
2021-09-16 07:00:42 +02:00
|
|
|
#include <lightningd/plugin.h>
|
2023-07-31 01:36:33 +02:00
|
|
|
#include <lightningd/plugin_hook.h>
|
2023-07-21 02:23:26 +02:00
|
|
|
#include <lightningd/runes.h>
|
2021-12-04 12:23:56 +01:00
|
|
|
#include <lightningd/subd.h>
|
2019-09-25 18:50:28 +02:00
|
|
|
#include <sys/resource.h>
|
2023-07-31 11:04:42 +02:00
|
|
|
#include <wallet/invoices.h>
|
2021-09-16 07:00:42 +02:00
|
|
|
#include <wallet/txfilter.h>
|
|
|
|
#include <wally_bip32.h>
|
2017-01-10 06:07:51 +01:00
|
|
|
|
2020-02-04 01:14:13 +01:00
|
|
|
static void destroy_alt_subdaemons(struct lightningd *ld);
|
|
|
|
static void memleak_help_alt_subdaemons(struct htable *memtable,
|
|
|
|
struct lightningd *ld);
|
|
|
|
|
2018-09-03 03:08:56 +02:00
|
|
|
/*~ The core lightning object: it's passed everywhere, and is basically a
|
|
|
|
* global variable. This new_xxx pattern is something we'll see often:
|
2018-09-03 05:40:01 +02:00
|
|
|
* it allocates and initializes a new structure, using *tal*, the hierarchical
|
2018-09-03 03:08:56 +02:00
|
|
|
* allocator. */
|
2018-02-18 13:56:46 +01:00
|
|
|
static struct lightningd *new_lightningd(const tal_t *ctx)
|
2017-01-10 06:07:51 +01:00
|
|
|
{
|
2018-09-03 03:08:56 +02:00
|
|
|
/*~ tal: each allocation is a child of an existing object (or NULL,
|
|
|
|
* the top-level object). When an object is freed, all the objects
|
2018-09-03 05:40:01 +02:00
|
|
|
* `tallocated` off it are also freed. We use it in place of malloc
|
2018-09-03 05:40:02 +02:00
|
|
|
* and free. For the technically inclined: tal allocations usually
|
|
|
|
* build a tree, and tal_freeing any node in the tree will result in
|
|
|
|
* the entire subtree rooted at that node to be freed.
|
2018-09-03 03:08:56 +02:00
|
|
|
*
|
|
|
|
* It's incredibly useful for grouping object lifetimes, as we'll see.
|
2020-05-15 03:33:07 +02:00
|
|
|
* For example, a `struct lightningd` has a pointer to a `log_book`
|
2020-05-19 06:00:42 +02:00
|
|
|
* which is allocated off the `struct lightningd`, and has its own
|
2020-05-15 03:33:07 +02:00
|
|
|
* internal members allocated off `log_book`: freeing `struct
|
|
|
|
* lightningd` frees them all.
|
2018-09-03 05:40:01 +02:00
|
|
|
*
|
|
|
|
* In this case, freeing `ctx` will free `ld`:
|
2018-09-03 03:08:56 +02:00
|
|
|
*/
|
2017-01-10 06:07:51 +01:00
|
|
|
struct lightningd *ld = tal(ctx, struct lightningd);
|
|
|
|
|
2018-09-03 05:40:01 +02:00
|
|
|
/*~ Style note: `ctx` is declared `const`, yet we can `tallocate` from
|
|
|
|
* it. Adding/removing children is not considered to change an
|
|
|
|
* object; nor, in fact, is freeing it with tal_free(). This allows
|
|
|
|
* us to use const more liberally: the style rule here is that you
|
|
|
|
* should use 'const' on pointers if you can. */
|
|
|
|
|
2023-09-21 07:36:26 +02:00
|
|
|
/* They can turn this on with --developer */
|
2023-09-21 08:54:00 +02:00
|
|
|
ld->developer = false;
|
2023-09-21 07:36:26 +02:00
|
|
|
|
2023-09-21 07:36:28 +02:00
|
|
|
/*~ We used to EXPLICITLY #if-wrap DEVELOPER code, but as our test
|
|
|
|
* matrix grew, we turned them into a --developer runtime option.
|
|
|
|
* We still use the `dev` prefix everywhere to make the developer-
|
|
|
|
* only variations explicit though. */
|
2020-05-05 03:13:34 +02:00
|
|
|
ld->dev_debug_subprocess = NULL;
|
2021-11-12 07:44:46 +01:00
|
|
|
ld->dev_no_plugin_checksum = false;
|
2017-12-15 11:17:54 +01:00
|
|
|
ld->dev_disconnect_fd = -1;
|
|
|
|
ld->dev_subdaemon_fail = false;
|
2018-05-07 06:29:22 +02:00
|
|
|
ld->dev_allow_localhost = false;
|
2019-04-08 01:51:30 +02:00
|
|
|
ld->dev_gossip_time = 0;
|
2019-09-18 03:05:05 +02:00
|
|
|
ld->dev_fast_gossip = false;
|
2019-09-26 04:00:20 +02:00
|
|
|
ld->dev_fast_gossip_prune = false;
|
2022-07-23 18:21:31 +02:00
|
|
|
ld->dev_fast_reconnect = false;
|
2019-07-16 23:40:14 +02:00
|
|
|
ld->dev_force_privkey = NULL;
|
2019-07-16 23:41:14 +02:00
|
|
|
ld->dev_force_bip32_seed = NULL;
|
2019-07-16 23:45:14 +02:00
|
|
|
ld->dev_force_channel_secrets = NULL;
|
|
|
|
ld->dev_force_channel_secrets_shaseed = NULL;
|
2019-11-01 18:01:54 +01:00
|
|
|
ld->dev_force_tmp_channel_id = NULL;
|
2019-11-14 01:09:38 +01:00
|
|
|
ld->dev_no_htlc_timeout = false;
|
2020-07-22 14:07:22 +02:00
|
|
|
ld->dev_no_version_checks = false;
|
2021-04-05 23:12:11 +02:00
|
|
|
ld->dev_max_funding_unconfirmed = 2016;
|
2021-09-30 23:19:37 +02:00
|
|
|
ld->dev_ignore_modern_onion = false;
|
2021-12-29 04:26:40 +01:00
|
|
|
ld->dev_disable_commit = -1;
|
2022-03-25 04:11:55 +01:00
|
|
|
ld->dev_no_ping_timer = false;
|
2024-01-29 00:36:15 +01:00
|
|
|
ld->dev_any_channel_type = false;
|
2024-02-14 10:38:36 +01:00
|
|
|
ld->dev_allow_shutdown_destination_change = false;
|
2017-12-15 11:17:54 +01:00
|
|
|
|
2023-01-18 06:04:32 +01:00
|
|
|
/*~ This is a CCAN list: an embedded double-linked list. It's not
|
2018-09-03 03:08:56 +02:00
|
|
|
* really typesafe, but relies on convention to access the contents.
|
2018-09-03 05:40:01 +02:00
|
|
|
* It's inspired by the closely-related Linux kernel list.h.
|
|
|
|
*
|
|
|
|
* You declare them as a `struct list_head` (or use the LIST_HEAD()
|
|
|
|
* macro which doesn't work on dynamically-allocated objects like `ld`
|
2020-10-20 09:09:30 +02:00
|
|
|
* here). The item which will go into the list must be declared
|
|
|
|
* a `struct list_node` for each list it can be in.
|
2018-09-03 05:40:01 +02:00
|
|
|
*
|
|
|
|
* The most common operations are list_head_init(), list_add(),
|
|
|
|
* list_del() and list_for_each().
|
|
|
|
*
|
|
|
|
* This method of manually declaring the list hooks avoids dynamic
|
|
|
|
* allocations to put things into a list. */
|
2022-01-22 05:49:22 +01:00
|
|
|
list_head_init(&ld->subds);
|
2018-09-03 03:08:56 +02:00
|
|
|
|
2018-09-03 05:40:01 +02:00
|
|
|
/*~ These are hash tables of incoming and outgoing HTLCs (contracts),
|
2019-09-01 22:14:50 +02:00
|
|
|
* defined as `struct htlc_in` and `struct htlc_out` in htlc_end.h.
|
2018-09-03 05:40:02 +02:00
|
|
|
* The hash tables are declared there using the very ugly
|
2018-09-03 05:40:01 +02:00
|
|
|
* HTABLE_DEFINE_TYPE macro. The key is the channel the HTLC is in
|
|
|
|
* and the 64-bit htlc-id which is unique for that channel and
|
|
|
|
* direction. That htlc-id is used in the inter-peer wire protocol,
|
|
|
|
* so it is the logical key.
|
|
|
|
*
|
|
|
|
* There aren't usually many HTLCs, so we could have just used a linked
|
|
|
|
* list attached to the channel structure itself, or even left them in
|
|
|
|
* the database rather than making an in-memory version. Obviously
|
|
|
|
* I was in a premature optimization mood when I wrote this: */
|
2023-01-03 05:46:52 +01:00
|
|
|
ld->htlcs_in = tal(ld, struct htlc_in_map);
|
|
|
|
htlc_in_map_init(ld->htlcs_in);
|
|
|
|
|
|
|
|
/*~ Note also: we didn't need to use an allocation here! We could
|
|
|
|
* have simply made the `struct htlc_out_map` a member. But we
|
|
|
|
* override the htable allocation routines to use tal(), and they
|
|
|
|
* want a tal parent, so we always make our hash table a tallocated
|
|
|
|
* object. */
|
|
|
|
ld->htlcs_out = tal(ld, struct htlc_out_map);
|
|
|
|
htlc_out_map_init(ld->htlcs_out);
|
2018-09-03 03:08:56 +02:00
|
|
|
|
2023-01-18 06:04:32 +01:00
|
|
|
/*~ This is the hash table of peers: converted from a
|
|
|
|
* linked-list as part of the 100k-peers project! */
|
|
|
|
ld->peers = tal(ld, struct peer_node_id_map);
|
|
|
|
peer_node_id_map_init(ld->peers);
|
2023-01-18 06:04:32 +01:00
|
|
|
/*~ And this was done at the same time, for db lookups at startup */
|
|
|
|
ld->peers_by_dbid = tal(ld, struct peer_dbid_map);
|
|
|
|
peer_dbid_map_init(ld->peers_by_dbid);
|
2023-01-18 06:04:32 +01:00
|
|
|
|
2019-12-12 00:55:45 +01:00
|
|
|
/*~ For multi-part payments, we need to keep some incoming payments
|
|
|
|
* in limbo until we get all the parts, or we time them out. */
|
2023-01-03 05:46:52 +01:00
|
|
|
ld->htlc_sets = tal(ld, struct htlc_set_map);
|
|
|
|
htlc_set_map_init(ld->htlc_sets);
|
2019-12-12 00:55:45 +01:00
|
|
|
|
2021-12-16 06:18:54 +01:00
|
|
|
/*~ We have a multi-entry log-book infrastructure: we define a 10MB log
|
2018-09-03 05:40:01 +02:00
|
|
|
* book to hold all the entries (and trims as necessary), and multiple
|
|
|
|
* log objects which each can write into it, each with a unique
|
|
|
|
* prefix. */
|
2020-09-24 08:43:52 +02:00
|
|
|
ld->log_book = new_log_book(ld, 10*1024*1024);
|
2018-09-03 03:08:56 +02:00
|
|
|
/*~ Note the tal context arg (by convention, the first argument to any
|
|
|
|
* allocation function): ld->log will be implicitly freed when ld
|
|
|
|
* is. */
|
2023-07-16 07:56:52 +02:00
|
|
|
ld->log = new_logger(ld, ld->log_book, NULL, "lightningd");
|
2022-06-26 06:25:01 +02:00
|
|
|
ld->logfiles = NULL;
|
2018-09-03 03:08:56 +02:00
|
|
|
|
|
|
|
/*~ We explicitly set these to NULL: if they're still NULL after option
|
|
|
|
* parsing, we know they're to be set to the defaults. */
|
2017-10-23 07:05:28 +02:00
|
|
|
ld->alias = NULL;
|
|
|
|
ld->rgb = NULL;
|
2023-07-31 01:36:33 +02:00
|
|
|
ld->recover = NULL;
|
gossipd: rewrite to do the handshake internally.
Now the flow is much simpler from a lightningd POV:
1. If we want to connect to a peer, just send gossipd `gossipctl_reach_peer`.
2. Every new peer, gossipd hands up to lightningd, with global/local features
and the peer fd and a gossip fd using `gossip_peer_connected`
3. If lightningd doesn't want it, it just hands the peerfd and global/local
features back to gossipd using `gossipctl_handle_peer`
4. If a peer sends a non-gossip msg (eg `open_channel`) the gossipd sends
it up using `gossip_peer_nongossip`.
5. If lightningd wants to fund a channel, it simply calls `release_channel`.
Notes:
* There's no more "unique_id": we use the peer id.
* For the moment, we don't ask gossipd when we're told to list peers, so
connected peers without a channel don't appear in the JSON getpeers API.
* We add a `gossipctl_peer_addrhint` for the moment, so you can connect to
a specific ip/port, but using other sources is a TODO.
* We now (correctly) only give up on reaching a peer after we exchange init
messages, which changes the test_disconnect case.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-10-11 12:09:49 +02:00
|
|
|
list_head_init(&ld->connects);
|
2018-03-10 07:41:45 +01:00
|
|
|
list_head_init(&ld->waitsendpay_commands);
|
2018-04-10 08:03:15 +02:00
|
|
|
list_head_init(&ld->close_commands);
|
2018-09-11 21:57:11 +02:00
|
|
|
list_head_init(&ld->ping_commands);
|
2022-03-22 21:26:30 +01:00
|
|
|
list_head_init(&ld->disconnect_commands);
|
2023-07-27 23:37:52 +02:00
|
|
|
list_head_init(&ld->splice_commands);
|
2019-12-26 11:19:09 +01:00
|
|
|
list_head_init(&ld->waitblockheight_commands);
|
2023-07-22 06:26:36 +02:00
|
|
|
list_head_init(&ld->wait_commands);
|
2018-09-03 03:08:56 +02:00
|
|
|
|
|
|
|
/*~ Tal also explicitly supports arrays: it stores the number of
|
|
|
|
* elements, which can be accessed with tal_count() (or tal_bytelen()
|
|
|
|
* for raw bytecount). It's common for simple arrays to use
|
2018-09-27 02:19:24 +02:00
|
|
|
* tal_resize() (or tal_arr_expand) to expand, which does not work on
|
2020-10-20 09:09:30 +02:00
|
|
|
* NULL. So we start with a zero-length array. */
|
2018-05-07 06:29:22 +02:00
|
|
|
ld->proposed_wireaddr = tal_arr(ld, struct wireaddr_internal, 0);
|
|
|
|
ld->proposed_listen_announce = tal_arr(ld, enum addr_listen_announce, 0);
|
2022-02-23 18:40:10 +01:00
|
|
|
|
2022-12-08 05:32:35 +01:00
|
|
|
/*~ The network is not yet ready for DNS names inside node_announcements,
|
|
|
|
* so we disable this by default for now. */
|
|
|
|
ld->announce_dns = false;
|
|
|
|
|
2024-01-31 04:16:18 +01:00
|
|
|
ld->lease_rates = NULL;
|
2024-01-31 04:16:18 +01:00
|
|
|
ld->node_announcement = NULL;
|
2022-09-12 15:47:44 +02:00
|
|
|
ld->discovered_ip_v4 = NULL;
|
|
|
|
ld->discovered_ip_v6 = NULL;
|
2018-05-07 05:44:40 +02:00
|
|
|
ld->listen = true;
|
2018-05-07 06:28:12 +02:00
|
|
|
ld->autolisten = true;
|
2018-05-07 05:44:40 +02:00
|
|
|
ld->reconnect = true;
|
2024-02-11 19:24:46 +01:00
|
|
|
ld->reconnect_private = true;
|
2021-04-16 06:31:24 +02:00
|
|
|
ld->try_reexec = false;
|
2023-10-24 23:11:04 +02:00
|
|
|
ld->recover_secret = NULL;
|
2022-08-24 12:05:42 +02:00
|
|
|
ld->db_upgrade_ok = NULL;
|
2024-01-31 04:16:19 +01:00
|
|
|
ld->num_startup_connects = 0;
|
2018-09-03 03:08:56 +02:00
|
|
|
|
2023-05-22 02:51:44 +02:00
|
|
|
/* --experimental-upgrade-protocol */
|
|
|
|
ld->experimental_upgrade_protocol = false;
|
|
|
|
|
2023-10-26 05:32:12 +02:00
|
|
|
/* --invoices-onchain-fallback */
|
|
|
|
ld->unified_invoices = false;
|
|
|
|
|
2018-09-03 05:40:01 +02:00
|
|
|
/*~ This is from ccan/timer: it is efficient for the case where timers
|
|
|
|
* are deleted before expiry (as is common with timeouts) using an
|
|
|
|
* ingenious bucket system which more precisely sorts timers as they
|
|
|
|
* approach expiry. It's a fascinating implementation you should read
|
|
|
|
* if you have a spare few hours. */
|
2019-06-14 05:49:23 +02:00
|
|
|
ld->timers = tal(ld, struct timers);
|
|
|
|
timers_init(ld->timers, time_mono());
|
2018-09-03 03:08:56 +02:00
|
|
|
|
|
|
|
/*~ This is detailed in chaintopology.c */
|
2017-08-28 18:09:01 +02:00
|
|
|
ld->topology = new_topology(ld, ld->log);
|
2023-02-06 13:11:47 +01:00
|
|
|
ld->gossip_blockheight = 0;
|
2019-08-01 08:20:43 +02:00
|
|
|
ld->daemon_parent_fd = -1;
|
2018-05-10 01:18:24 +02:00
|
|
|
ld->proxyaddr = NULL;
|
2021-08-18 12:52:21 +02:00
|
|
|
ld->always_use_proxy = false;
|
2018-05-10 01:18:24 +02:00
|
|
|
ld->pure_tor_setup = false;
|
2018-05-10 01:18:23 +02:00
|
|
|
ld->tor_service_password = NULL;
|
2024-01-25 01:28:55 +01:00
|
|
|
ld->deprecated_ok = true;
|
2018-05-07 01:01:49 +02:00
|
|
|
|
2019-11-15 02:33:13 +01:00
|
|
|
/*~ This is initialized later, but the plugin loop examines this,
|
|
|
|
* so set it to NULL explicitly now. */
|
|
|
|
ld->wallet = NULL;
|
|
|
|
|
2021-06-17 11:52:50 +02:00
|
|
|
/*~ Behavioral options */
|
|
|
|
ld->accept_extra_tlv_types = tal_arr(ld, u64, 0);
|
|
|
|
|
2018-11-22 11:37:08 +01:00
|
|
|
/*~ In the next step we will initialize the plugins. This will
|
|
|
|
* also populate the JSON-RPC with passthrough methods, hence
|
|
|
|
* lightningd needs to have something to put those in. This
|
|
|
|
* is that :-)
|
|
|
|
*/
|
2019-02-04 11:55:42 +01:00
|
|
|
jsonrpc_setup(ld);
|
2018-11-22 11:37:08 +01:00
|
|
|
|
2018-09-20 13:46:50 +02:00
|
|
|
/*~ We run a number of plugins (subprocesses that we talk JSON-RPC with)
|
2019-09-01 22:14:50 +02:00
|
|
|
* alongside this process. This allows us to have an easy way for users
|
2022-04-06 07:09:48 +02:00
|
|
|
* to add their own tools without having to modify the Core Lightning source
|
2019-09-01 22:14:50 +02:00
|
|
|
* code. Here we initialize the context that will keep track and control
|
|
|
|
* the plugins.
|
2018-09-20 13:46:50 +02:00
|
|
|
*/
|
2019-02-04 11:55:42 +01:00
|
|
|
ld->plugins = plugins_new(ld, ld->log_book, ld);
|
2019-07-02 00:00:32 +02:00
|
|
|
ld->plugins->startup = true;
|
2019-01-11 06:51:08 +01:00
|
|
|
|
2019-06-12 02:38:55 +02:00
|
|
|
/*~ This is set when a JSON RPC command comes in to shut us down. */
|
|
|
|
ld->stop_conn = NULL;
|
|
|
|
|
2019-10-03 16:32:38 +02:00
|
|
|
/*~ This is used to signal that `hsm_secret` is encrypted, and will
|
2019-12-25 00:11:52 +01:00
|
|
|
* be set to `true` if the `--encrypted-hsm` option is passed at startup.
|
2019-10-03 16:32:38 +02:00
|
|
|
*/
|
|
|
|
ld->encrypted_hsm = false;
|
|
|
|
|
2020-02-04 01:14:13 +01:00
|
|
|
/* This is used to override subdaemons */
|
|
|
|
strmap_init(&ld->alt_subdaemons);
|
|
|
|
tal_add_destructor(ld, destroy_alt_subdaemons);
|
|
|
|
memleak_add_helper(ld, memleak_help_alt_subdaemons);
|
|
|
|
|
2019-12-25 00:11:52 +01:00
|
|
|
/*~ We change umask if we daemonize, but not if we don't. Initialize the
|
|
|
|
* initial_umask anyway as we might rely on it later (`plugin start`). */
|
|
|
|
ld->initial_umask = umask(0);
|
|
|
|
umask(ld->initial_umask);
|
|
|
|
|
2020-01-24 03:20:45 +01:00
|
|
|
/*~ This is the mode of the created JSON-RPC socket file, in
|
|
|
|
* traditional Unix octal. 0600 means only the user that ran
|
|
|
|
* lightningd can invoke RPC on it. Changing it to 0660 may
|
|
|
|
* be sensible if you run lightningd in its own system user,
|
|
|
|
* and just let specific users (add the group of the
|
|
|
|
* lightningd runner as an ancillary group) access its
|
|
|
|
* RPC. Can be overridden with `--rpc-file-mode`.
|
|
|
|
*/
|
|
|
|
ld->rpc_filemode = 0600;
|
|
|
|
|
2020-07-29 10:56:42 +02:00
|
|
|
/*~ This is the exit code to use on exit.
|
|
|
|
* Set to NULL meaning we are not interested in exiting yet.
|
|
|
|
*/
|
|
|
|
ld->exit_code = NULL;
|
|
|
|
|
2020-08-05 07:30:56 +02:00
|
|
|
/*~ We maintain a round-robin list of channels.
|
|
|
|
* This round-robin list of channels is used to ensure that
|
|
|
|
* each invoice we generate has a different set of channels. */
|
2020-09-08 06:57:53 +02:00
|
|
|
ld->rr_counter = 0;
|
2020-08-05 07:30:56 +02:00
|
|
|
|
2021-07-08 04:47:03 +02:00
|
|
|
/*~ Because fee estimates on testnet and regtest are unreliable,
|
|
|
|
* we allow overriding them with --force-feerates, in which
|
|
|
|
* case this is a pointer to an enum feerate-indexed array of values */
|
|
|
|
ld->force_feerates = NULL;
|
|
|
|
|
2023-06-29 02:14:09 +02:00
|
|
|
/*~ We need some funds to help CPFP spend unilateral closes. How
|
|
|
|
* much? But let's assume we want to boost the commitment tx (1112
|
|
|
|
* Sipa).
|
|
|
|
*
|
|
|
|
* Anchor witness script is 40 bytes, sig is 72, input bytes is 32 + 4
|
|
|
|
* + 1 + 1 + 4, core is 10 bytes, P2WKH output is 8 + 1 + 1 + 1 + 32
|
|
|
|
* bytes. Weight (40 + 42 + 10 + 43)*4 + 40 + 72 = 652.
|
|
|
|
*
|
|
|
|
* So every 441 sats we can increase feerate by 1 sat / vbyte. Set
|
|
|
|
* the default minimum at 25,000 sats.
|
|
|
|
*/
|
|
|
|
ld->emergency_sat = AMOUNT_SAT(25000);
|
|
|
|
|
2024-01-25 01:28:54 +01:00
|
|
|
/*~ We used to simply deprecate, then remove with a 6 month warning.
|
|
|
|
* We even provided an option to immediately disable deprecated APIs.
|
|
|
|
* But people kept being taken by surprise, so now we escalate, and
|
|
|
|
* the final step is to make *users* explicitly re-enable each API
|
|
|
|
* which is due for complete removal. */
|
|
|
|
ld->api_begs = tal_arr(ld, const char *, 0);
|
|
|
|
|
2017-01-10 06:07:51 +01:00
|
|
|
return ld;
|
|
|
|
}
|
|
|
|
|
2018-09-03 03:08:56 +02:00
|
|
|
/*~ We list our daemons here so on startup we can test they're the
|
|
|
|
* correct versions and that they exist. */
|
2018-09-03 02:42:27 +02:00
|
|
|
static const char *subdaemons[] = {
|
2017-08-29 06:12:04 +02:00
|
|
|
"lightning_channeld",
|
|
|
|
"lightning_closingd",
|
2018-07-24 08:18:58 +02:00
|
|
|
"lightning_connectd",
|
2017-08-29 06:12:04 +02:00
|
|
|
"lightning_gossipd",
|
|
|
|
"lightning_hsmd",
|
|
|
|
"lightning_onchaind",
|
|
|
|
"lightning_openingd"
|
2017-01-10 06:07:51 +01:00
|
|
|
};
|
|
|
|
|
2020-02-04 01:14:13 +01:00
|
|
|
/* Return true if called with a recognized subdaemon e.g. "hsmd" */
|
|
|
|
bool is_subdaemon(const char *sdname)
|
|
|
|
{
|
|
|
|
for (size_t i = 0; i < ARRAY_SIZE(subdaemons); i++)
|
|
|
|
/* Skip the "lightning_" prefix in the table */
|
|
|
|
if (streq(sdname, subdaemons[i] + strlen("lightning_")))
|
|
|
|
return true;
|
|
|
|
return false;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void destroy_alt_subdaemons(struct lightningd *ld)
|
|
|
|
{
|
|
|
|
strmap_clear(&ld->alt_subdaemons);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void memleak_help_alt_subdaemons(struct htable *memtable,
|
|
|
|
struct lightningd *ld)
|
|
|
|
{
|
2022-09-16 05:14:39 +02:00
|
|
|
memleak_scan_strmap(memtable, &ld->alt_subdaemons);
|
2020-02-04 01:14:13 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
const char *subdaemon_path(const tal_t *ctx, const struct lightningd *ld, const char *name)
|
|
|
|
{
|
|
|
|
/* Strip the leading "lightning_" before looking in alt_subdaemons.
|
|
|
|
*/
|
|
|
|
size_t pfxlen = strlen("lightning_");
|
|
|
|
assert(strlen(name) > pfxlen);
|
|
|
|
const char *short_name = tal_strdup(ctx, name + pfxlen);
|
|
|
|
|
|
|
|
/* Is there an alternate path for this subdaemon? */
|
|
|
|
const char *dpath;
|
|
|
|
const char *alt = strmap_get(&ld->alt_subdaemons, short_name);
|
|
|
|
if (alt) {
|
|
|
|
/* path_join will honor absolute paths as well. */
|
|
|
|
dpath = path_join(ctx, ld->daemon_dir, alt);
|
|
|
|
} else {
|
|
|
|
/* This subdaemon is found in the standard place. */
|
|
|
|
dpath = path_join(ctx, ld->daemon_dir, name);
|
|
|
|
}
|
|
|
|
return dpath;
|
|
|
|
}
|
|
|
|
|
2018-09-03 03:08:56 +02:00
|
|
|
/*~ Check we can run them, and check their versions */
|
2018-09-03 02:42:27 +02:00
|
|
|
void test_subdaemons(const struct lightningd *ld)
|
2017-01-10 06:07:51 +01:00
|
|
|
{
|
|
|
|
size_t i;
|
2018-09-03 03:08:56 +02:00
|
|
|
|
2018-09-03 05:40:01 +02:00
|
|
|
/*~ CCAN's ARRAY_SIZE() should always be used on defined arrays like
|
|
|
|
* the subdaemons array above. You can calculate the number of
|
|
|
|
* elements it has using `sizeof(subdaemons)/sizeof(subdaemons[0])`
|
|
|
|
* but if `subdaemons` were refactored into a pointer (eg. to make
|
|
|
|
* it a dynamic array) that would erroneously evaluate to `1`.
|
|
|
|
*
|
|
|
|
* ARRAY_SIZE will cause a compiler error if the argument is actually
|
|
|
|
* a pointer, not an array. */
|
2018-09-03 02:42:27 +02:00
|
|
|
for (i = 0; i < ARRAY_SIZE(subdaemons); i++) {
|
2018-09-03 05:40:01 +02:00
|
|
|
/*~ CCAN's path module uses tal, so wants a context to
|
|
|
|
* allocate from. We have a magic convenience context
|
|
|
|
* `tmpctx` for temporary allocations like this.
|
|
|
|
*
|
|
|
|
* Because all our daemons at their core are of form `while
|
|
|
|
* (!stopped) handle_events();` (an event loop pattern), we
|
|
|
|
* can free `tmpctx` in that top-level loop after each event
|
|
|
|
* is handled.
|
|
|
|
*/
|
2020-02-04 01:14:13 +01:00
|
|
|
int outfd;
|
|
|
|
const char *dpath = subdaemon_path(tmpctx, ld, subdaemons[i]);
|
2017-01-10 06:07:51 +01:00
|
|
|
const char *verstring;
|
2018-09-03 05:40:01 +02:00
|
|
|
/*~ CCAN's pipecmd module is like popen for grownups: it
|
2018-12-08 01:31:56 +01:00
|
|
|
* takes pointers to fill in stdin, stdout and stderr file
|
2018-09-03 05:40:01 +02:00
|
|
|
* descriptors if desired, and the remainder of arguments
|
|
|
|
* are the command and its argument. */
|
2018-12-08 01:31:56 +01:00
|
|
|
pid_t pid = pipecmd(NULL, &outfd, &outfd,
|
2017-01-10 06:07:51 +01:00
|
|
|
dpath, "--version", NULL);
|
|
|
|
|
2018-09-03 05:40:01 +02:00
|
|
|
/*~ Our logging system: spam goes in at log_debug level, but
|
|
|
|
* logging is mainly added by developer necessity and removed
|
2020-10-20 09:09:30 +02:00
|
|
|
* by developer/user complaints. The only strong convention
|
2018-09-03 05:40:02 +02:00
|
|
|
* is that log_broken() is used for "should never happen".
|
2018-09-03 05:40:01 +02:00
|
|
|
*
|
|
|
|
* Note, however, that logging takes care to preserve the
|
|
|
|
* global `errno` which is set above. */
|
2017-08-28 18:09:01 +02:00
|
|
|
log_debug(ld->log, "testing %s", dpath);
|
2018-09-03 05:40:01 +02:00
|
|
|
|
|
|
|
/*~ ccan/err is a wrapper around BSD's err.h, which defines
|
|
|
|
* the convenience functions err() (error with message
|
2022-07-20 04:29:25 +02:00
|
|
|
* followed by a string based on errno) and errx() (same,x
|
2018-09-03 05:40:01 +02:00
|
|
|
* but no errno string). */
|
2017-01-10 06:07:51 +01:00
|
|
|
if (pid == -1)
|
2022-07-20 04:29:25 +02:00
|
|
|
err(EXITCODE_SUBDAEMON_FAIL, "Could not run %s", dpath);
|
2018-09-03 05:40:01 +02:00
|
|
|
|
2018-09-03 03:08:56 +02:00
|
|
|
/*~ CCAN's grab_file module contains a routine to read into a
|
|
|
|
* tallocated buffer until EOF */
|
2018-03-15 07:10:20 +01:00
|
|
|
verstring = grab_fd(tmpctx, outfd);
|
2018-09-03 03:08:56 +02:00
|
|
|
/*~ Like many CCAN modules, it set errno on failure, which
|
|
|
|
* err (ccan/err, but usually just the BSD <err.h>) prints */
|
2017-01-10 06:07:51 +01:00
|
|
|
if (!verstring)
|
|
|
|
err(1, "Could not get output from %s", dpath);
|
2018-09-03 03:08:56 +02:00
|
|
|
/*~ strstarts is from CCAN/str. */
|
2017-01-10 06:07:51 +01:00
|
|
|
if (!strstarts(verstring, version())
|
|
|
|
|| verstring[strlen(version())] != '\n')
|
2022-07-20 04:29:25 +02:00
|
|
|
errx(EXITCODE_SUBDAEMON_FAIL, "%s: bad version '%s'",
|
2018-09-03 02:42:27 +02:00
|
|
|
subdaemons[i], verstring);
|
2022-01-22 05:49:22 +01:00
|
|
|
/*~ The child will be reaped by sigchld_rfd_in, so we don't
|
|
|
|
* need to waitpid() here. */
|
2017-01-10 06:07:51 +01:00
|
|
|
}
|
|
|
|
}
|
2018-09-03 03:08:56 +02:00
|
|
|
|
2018-09-03 02:42:27 +02:00
|
|
|
/* Check if all subdaemons exist in specified directory. */
|
2018-09-03 05:40:01 +02:00
|
|
|
static bool has_all_subdaemons(const char *daemon_dir)
|
2018-01-03 12:34:41 +01:00
|
|
|
{
|
|
|
|
size_t i;
|
|
|
|
bool missing_daemon = false;
|
|
|
|
|
2018-09-03 02:42:27 +02:00
|
|
|
for (i = 0; i < ARRAY_SIZE(subdaemons); ++i) {
|
|
|
|
if (!path_is_file(path_join(tmpctx, daemon_dir, subdaemons[i]))) {
|
2018-01-03 12:34:41 +01:00
|
|
|
missing_daemon = true;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return !missing_daemon;
|
|
|
|
}
|
2017-01-10 06:07:51 +01:00
|
|
|
|
2018-09-03 05:40:00 +02:00
|
|
|
/* Returns the directory this executable is running from */
|
|
|
|
static const char *find_my_directory(const tal_t *ctx, const char *argv0)
|
2017-01-10 06:07:51 +01:00
|
|
|
{
|
2018-09-03 05:40:00 +02:00
|
|
|
/* find_my_abspath simply exits on failure, so never returns NULL. */
|
|
|
|
const char *me = find_my_abspath(NULL, argv0);
|
2017-01-10 06:07:51 +01:00
|
|
|
|
2018-09-03 03:08:56 +02:00
|
|
|
/*~ The caller just wants the directory we're in.
|
|
|
|
*
|
2018-09-03 05:40:00 +02:00
|
|
|
* Note the magic `take()` macro here: it annotates a pointer as "to
|
2018-09-03 03:08:56 +02:00
|
|
|
* be taken", and the recipient is expected to take ownership of the
|
2018-09-03 05:40:00 +02:00
|
|
|
* pointer. This improves efficiency because the recipient might
|
|
|
|
* choose to use or even keep it rather than make a copy (or it
|
|
|
|
* might just free it).
|
2018-09-03 03:08:56 +02:00
|
|
|
*
|
2018-09-03 05:40:00 +02:00
|
|
|
* Many CCAN and our own routines support this, but if you hand a
|
|
|
|
* `take()` to a routine which *doesn't* expect it, unfortunately you
|
|
|
|
* don't get a compile error (we have runtime detection for this
|
|
|
|
* case, however).
|
2018-09-03 03:08:56 +02:00
|
|
|
*/
|
2017-01-10 06:07:51 +01:00
|
|
|
return path_dirname(ctx, take(me));
|
|
|
|
}
|
2018-09-03 03:08:56 +02:00
|
|
|
|
|
|
|
/*~ This returns the PKGLIBEXEC path which is where binaries get installed.
|
2018-09-03 05:40:01 +02:00
|
|
|
* Note the `TAKES` annotation which indicates that the `my_path` parameter
|
|
|
|
* can be take(); in which case, this function will handle freeing it.
|
|
|
|
*
|
|
|
|
* TAKES is only a convention unfortunately, and ignored by the compiler.
|
2018-09-03 03:08:56 +02:00
|
|
|
*/
|
2018-12-04 04:04:14 +01:00
|
|
|
static const char *find_my_pkglibexec_path(struct lightningd *ld,
|
2018-01-03 12:34:41 +01:00
|
|
|
const char *my_path TAKES)
|
|
|
|
{
|
|
|
|
const char *pkglibexecdir;
|
2018-09-03 05:40:01 +02:00
|
|
|
|
|
|
|
/*~`path_join` is declared in ccan/path/path.h as:
|
|
|
|
*
|
|
|
|
* char *path_join(const tal_t *ctx,
|
|
|
|
* const char *base TAKES, const char *a TAKES);
|
|
|
|
*
|
|
|
|
* So, as we promised with 'TAKES' in our own declaration, if the
|
|
|
|
* caller has called `take()` the `my_path` parameter, path_join()
|
|
|
|
* will free it. */
|
2018-12-04 04:04:14 +01:00
|
|
|
pkglibexecdir = path_join(NULL, my_path, BINTOPKGLIBEXECDIR);
|
|
|
|
|
|
|
|
/*~ The plugin dir is in ../libexec/c-lightning/plugins, which (unlike
|
|
|
|
* those given on the command line) does not need to exist. */
|
2020-07-29 10:20:49 +02:00
|
|
|
plugins_set_builtin_plugins_dir(ld->plugins,
|
|
|
|
path_join(tmpctx,
|
|
|
|
pkglibexecdir, "plugins"));
|
2019-01-11 06:51:08 +01:00
|
|
|
|
2018-09-03 03:08:56 +02:00
|
|
|
/*~ Sometimes take() can be more efficient, since the routine can
|
|
|
|
* manipulate the string in place. This is the case here. */
|
2018-12-04 04:04:14 +01:00
|
|
|
return path_simplify(ld, take(pkglibexecdir));
|
2018-01-03 12:34:41 +01:00
|
|
|
}
|
2018-09-03 03:08:56 +02:00
|
|
|
|
2018-01-03 12:34:41 +01:00
|
|
|
/* Determine the correct daemon dir. */
|
2018-12-04 04:04:14 +01:00
|
|
|
static const char *find_daemon_dir(struct lightningd *ld, const char *argv0)
|
2018-01-03 12:34:41 +01:00
|
|
|
{
|
2018-12-04 04:04:14 +01:00
|
|
|
const char *my_path = find_my_directory(ld, argv0);
|
2018-09-03 03:08:56 +02:00
|
|
|
/* If we're running in-tree, all the subdaemons are with lightningd. */
|
2018-12-04 04:04:14 +01:00
|
|
|
if (has_all_subdaemons(my_path)) {
|
2020-07-29 10:20:49 +02:00
|
|
|
/* In this case, look for built-in plugins in ../plugins */
|
|
|
|
plugins_set_builtin_plugins_dir(ld->plugins,
|
|
|
|
path_join(tmpctx,
|
|
|
|
my_path,
|
|
|
|
"../plugins"));
|
2018-01-03 12:34:41 +01:00
|
|
|
return my_path;
|
2018-12-04 04:04:14 +01:00
|
|
|
}
|
2018-09-03 03:08:56 +02:00
|
|
|
|
|
|
|
/* Otherwise we assume they're in the installed dir. */
|
2018-12-04 04:04:14 +01:00
|
|
|
return find_my_pkglibexec_path(ld, take(my_path));
|
2018-01-03 12:34:41 +01:00
|
|
|
}
|
2017-01-10 06:07:51 +01:00
|
|
|
|
2018-11-21 22:45:37 +01:00
|
|
|
/*~ We like to free everything on exit, so valgrind doesn't complain (valgrind
|
|
|
|
* is an awesome runtime memory usage detector for C and C++ programs). In
|
|
|
|
* some ways it would be neater not to do this, but it turns out some
|
|
|
|
* transient objects still need cleaning. */
|
2022-09-11 09:51:18 +02:00
|
|
|
static void free_all_channels(struct lightningd *ld)
|
2017-04-12 08:52:32 +02:00
|
|
|
{
|
|
|
|
struct peer *p;
|
2023-01-18 06:04:32 +01:00
|
|
|
struct peer_node_id_map_iter it;
|
2017-04-12 08:52:32 +02:00
|
|
|
|
2018-09-03 05:40:01 +02:00
|
|
|
/*~ tal supports *destructors* using `tal_add_destructor()`; the most
|
|
|
|
* common use is for an object to delete itself from a linked list
|
|
|
|
* when it's freed.
|
|
|
|
*
|
|
|
|
* As a result, freeing an object (which frees any tal objects
|
|
|
|
* allocated off it, and any allocated off them, etc) may cause
|
|
|
|
* callbacks; in this case, some objects freed here can cause database
|
|
|
|
* writes, which must be inside a transaction. */
|
2017-11-10 21:21:09 +01:00
|
|
|
db_begin_transaction(ld->wallet->db);
|
2018-09-03 03:08:56 +02:00
|
|
|
|
|
|
|
/* Now we free all the HTLCs */
|
2017-11-10 03:01:10 +01:00
|
|
|
free_htlcs(ld, NULL);
|
|
|
|
|
2018-09-03 05:40:01 +02:00
|
|
|
/*~ For every peer, we free every channel. On allocation the peer was
|
|
|
|
* given a destructor (`destroy_peer`) which removes itself from the
|
2023-01-18 06:04:32 +01:00
|
|
|
* hashtable.
|
|
|
|
*
|
|
|
|
* Deletion from a hashtable is allowed, but it does mean we could
|
|
|
|
* skip entries in iteration. Hence we repeat until empty!
|
|
|
|
*/
|
|
|
|
again:
|
|
|
|
for (p = peer_node_id_map_first(ld->peers, &it);
|
|
|
|
p;
|
|
|
|
p = peer_node_id_map_next(ld->peers, &it)) {
|
2018-02-14 02:53:04 +01:00
|
|
|
struct channel *c;
|
2018-02-12 11:13:04 +01:00
|
|
|
|
2023-01-18 06:04:32 +01:00
|
|
|
/*~ A peer can have multiple channels. */
|
2018-02-14 02:53:04 +01:00
|
|
|
while ((c = list_top(&p->channels, struct channel, list))
|
|
|
|
!= NULL) {
|
|
|
|
/* Removes itself from list as we free it */
|
2018-02-12 11:13:04 +01:00
|
|
|
tal_free(c);
|
2018-02-14 02:53:04 +01:00
|
|
|
}
|
|
|
|
|
2018-09-03 03:08:56 +02:00
|
|
|
/* A peer may have a channel in the process of opening. */
|
2018-08-02 08:49:55 +02:00
|
|
|
if (p->uncommitted_channel) {
|
|
|
|
struct uncommitted_channel *uc = p->uncommitted_channel;
|
|
|
|
|
|
|
|
/* Setting to NULL stops destroy_uncommitted_channel
|
|
|
|
* from trying to remove peer from db! */
|
|
|
|
p->uncommitted_channel = NULL;
|
|
|
|
tal_free(uc);
|
|
|
|
}
|
2023-01-18 06:04:32 +01:00
|
|
|
/* Removes itself from htable as we free it */
|
2018-08-02 08:49:55 +02:00
|
|
|
tal_free(p);
|
2018-02-12 11:13:04 +01:00
|
|
|
}
|
2023-01-18 06:04:32 +01:00
|
|
|
if (peer_node_id_map_first(ld->peers, &it))
|
|
|
|
goto again;
|
2018-09-03 03:08:56 +02:00
|
|
|
|
|
|
|
/*~ Commit the transaction. Note that the db is actually
|
|
|
|
* single-threaded, so commits never fail and we don't need
|
|
|
|
* spin-and-retry logic everywhere. */
|
2017-11-10 21:21:09 +01:00
|
|
|
db_commit_transaction(ld->wallet->db);
|
2017-04-12 08:52:32 +02:00
|
|
|
}
|
|
|
|
|
2022-09-11 09:51:18 +02:00
|
|
|
static void shutdown_global_subdaemons(struct lightningd *ld)
|
|
|
|
{
|
|
|
|
/* Let everyone shutdown cleanly. */
|
|
|
|
close(ld->hsm_fd);
|
|
|
|
|
|
|
|
/*~ The three "global" daemons, which we shutdown explicitly: we
|
|
|
|
* give them 10 seconds to exit gracefully before killing them. */
|
|
|
|
ld->connectd = subd_shutdown(ld->connectd, 10);
|
|
|
|
ld->gossip = subd_shutdown(ld->gossip, 10);
|
|
|
|
ld->hsm = subd_shutdown(ld->hsm, 10);
|
|
|
|
}
|
|
|
|
|
2018-09-03 05:40:01 +02:00
|
|
|
/*~ Our wallet logic needs to know what outputs we might be interested in. We
|
|
|
|
* use BIP32 (a.k.a. "HD wallet") to generate keys from a single seed, so we
|
2018-09-03 03:08:56 +02:00
|
|
|
* keep the maximum-ever-used key index in the db, and add them all to the
|
|
|
|
* filter here. */
|
2023-03-21 04:58:15 +01:00
|
|
|
static void init_txfilter(struct wallet *w,
|
|
|
|
const struct ext_key *bip32_base,
|
|
|
|
struct txfilter *filter)
|
2017-11-27 16:20:10 +01:00
|
|
|
{
|
2018-09-03 03:08:56 +02:00
|
|
|
/*~ This is defined in libwally, so we didn't have to reimplement */
|
2017-11-27 16:20:10 +01:00
|
|
|
struct ext_key ext;
|
2018-09-03 03:08:56 +02:00
|
|
|
/*~ Note the use of ccan/short_types u64 rather than uint64_t.
|
|
|
|
* Thank me later. */
|
2017-11-27 16:20:10 +01:00
|
|
|
u64 bip32_max_index;
|
|
|
|
|
|
|
|
bip32_max_index = db_get_intvar(w->db, "bip32_max_index", 0);
|
2018-09-03 03:08:56 +02:00
|
|
|
/*~ One of the C99 things I unequivocally approve: for-loop scope. */
|
2020-04-14 15:36:58 +02:00
|
|
|
for (u64 i = 0; i <= bip32_max_index + w->keyscan_gap; i++) {
|
2023-03-21 04:58:15 +01:00
|
|
|
if (bip32_key_from_parent(bip32_base, i, BIP32_FLAG_KEY_PUBLIC, &ext) != WALLY_OK) {
|
2017-11-27 16:20:10 +01:00
|
|
|
abort();
|
|
|
|
}
|
|
|
|
txfilter_add_derkey(filter, ext.pub_key);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-09-03 03:08:56 +02:00
|
|
|
/*~ The normal advice for daemons is to move into the root directory, so you
|
|
|
|
* don't prevent unmounting whatever filesystem you happen to start in.
|
|
|
|
*
|
|
|
|
* But we define every path relative to our (~/.lightning) data dir, so we
|
2019-08-01 08:20:43 +02:00
|
|
|
* make sure we stay there. The rest of this is taken from ccan/daemonize,
|
2020-10-28 09:54:57 +01:00
|
|
|
* which was based on W. Richard Stevens' advice in Programming in The Unix
|
2019-08-01 08:20:43 +02:00
|
|
|
* Environment.
|
2018-09-03 03:08:56 +02:00
|
|
|
*/
|
2019-08-01 08:20:43 +02:00
|
|
|
static void complete_daemonize(struct lightningd *ld)
|
2018-02-16 03:00:41 +01:00
|
|
|
{
|
2019-08-01 08:20:43 +02:00
|
|
|
int ok_status = 0;
|
|
|
|
|
|
|
|
/* Don't hold files open. */
|
|
|
|
close(STDIN_FILENO);
|
|
|
|
close(STDOUT_FILENO);
|
|
|
|
close(STDERR_FILENO);
|
|
|
|
|
|
|
|
/* Many routines write to stderr; that can cause chaos if used
|
|
|
|
* for something else, so set it here. */
|
|
|
|
if (open("/dev/null", O_WRONLY) != 0)
|
|
|
|
fatal("Could not open /dev/null: %s", strerror(errno));
|
|
|
|
if (dup2(0, STDERR_FILENO) != STDERR_FILENO)
|
|
|
|
fatal("Could not dup /dev/null for stderr: %s", strerror(errno));
|
|
|
|
close(0);
|
|
|
|
|
|
|
|
/* Session leader so ^C doesn't whack us. */
|
|
|
|
if (setsid() == (pid_t)-1)
|
|
|
|
fatal("Could not setsid: %s", strerror(errno));
|
|
|
|
|
|
|
|
/* Discard our parent's old-fashioned umask prejudices. */
|
2019-12-25 00:11:52 +01:00
|
|
|
ld->initial_umask = umask(0);
|
2019-08-01 08:20:43 +02:00
|
|
|
|
|
|
|
/* OK, parent, you can exit(0) now. */
|
|
|
|
write_all(ld->daemon_parent_fd, &ok_status, sizeof(ok_status));
|
|
|
|
close(ld->daemon_parent_fd);
|
2018-02-16 03:00:41 +01:00
|
|
|
}
|
|
|
|
|
2018-09-03 03:08:56 +02:00
|
|
|
/*~ It's pretty standard behaviour (especially for daemons) to create and
|
|
|
|
* file-lock a pidfile. This not only prevents accidentally running multiple
|
|
|
|
* daemons on the same database at once, but lets nosy sysadmins see what pid
|
|
|
|
* the currently-running daemon is supposed to be. */
|
2019-08-01 08:20:47 +02:00
|
|
|
static void pidfile_create(const struct lightningd *ld)
|
2018-02-20 00:00:09 +01:00
|
|
|
{
|
2018-09-03 02:41:27 +02:00
|
|
|
int pid_fd;
|
2019-08-01 08:20:47 +02:00
|
|
|
char *pid;
|
2018-02-20 00:00:09 +01:00
|
|
|
|
2019-09-04 13:16:23 +02:00
|
|
|
/* Create PID file: relative to .config dir. */
|
|
|
|
pid_fd = open(ld->pidfile, O_WRONLY|O_CREAT, 0640);
|
2018-02-20 00:00:09 +01:00
|
|
|
if (pid_fd < 0)
|
|
|
|
err(1, "Failed to open PID file");
|
|
|
|
|
2018-09-03 05:40:01 +02:00
|
|
|
/* Lock PID file, so future lockf will fail. */
|
2018-02-20 00:00:09 +01:00
|
|
|
if (lockf(pid_fd, F_TLOCK, 0) < 0)
|
|
|
|
/* Problem locking file */
|
2022-07-20 04:29:25 +02:00
|
|
|
err(EXITCODE_PIDFILE_LOCK, "lightningd already running? Error locking PID file");
|
2018-02-20 00:00:09 +01:00
|
|
|
|
2018-09-14 02:34:54 +02:00
|
|
|
/*~ As closing the file will remove the lock, we need to keep it open;
|
|
|
|
* the OS will close it implicitly when we exit for any reason. */
|
|
|
|
|
2018-09-03 03:08:56 +02:00
|
|
|
/*~ Note that tal_fmt() is what asprintf() dreams of being. */
|
2018-02-20 00:00:09 +01:00
|
|
|
pid = tal_fmt(tmpctx, "%d\n", getpid());
|
2018-09-03 03:08:56 +02:00
|
|
|
/*~ CCAN's write_all writes to a file descriptor, looping if necessary
|
|
|
|
* (which, on a file unlike a socket, is never, for historical UNIX
|
|
|
|
* reasons). It also isn't declared with GCC's warn_unused_result
|
|
|
|
* which write() is when FORTIFY_SOURCE is defined, so we're allowed
|
|
|
|
* to ignore the result without jumping through hoops. */
|
2018-02-20 00:00:09 +01:00
|
|
|
write_all(pid_fd, pid, strlen(pid));
|
|
|
|
}
|
|
|
|
|
2018-09-03 05:40:00 +02:00
|
|
|
/*~ ccan/io allows overriding the poll() function that is the very core
|
|
|
|
* of the event loop it runs for us. We override it so that we can do
|
|
|
|
* extra sanity checks, and it's also a good point to free the tmpctx. */
|
2018-04-27 03:41:38 +02:00
|
|
|
static int io_poll_lightningd(struct pollfd *fds, nfds_t nfds, int timeout)
|
|
|
|
{
|
2019-08-28 14:56:19 +02:00
|
|
|
/* These checks and freeing tmpctx are common to all daemons. */
|
2018-09-03 05:40:00 +02:00
|
|
|
return daemon_poll(fds, nfds, timeout);
|
2018-04-27 03:41:38 +02:00
|
|
|
}
|
|
|
|
|
2018-09-03 03:08:56 +02:00
|
|
|
/*~ Ever had one of those functions which doesn't quite fit anywhere? Me too.
|
|
|
|
* Implementing a generic notifier framework is overkill in a static codebase
|
|
|
|
* like this, and it's always better to have compile-time calls than runtime,
|
|
|
|
* as it makes the code more explicit. But pasting in direct calls is also an
|
|
|
|
* abstraction violation, so we use this middleman function. */
|
|
|
|
void notify_new_block(struct lightningd *ld, u32 block_height)
|
2018-05-06 15:32:01 +02:00
|
|
|
{
|
|
|
|
/* Inform our subcomponents individually. */
|
|
|
|
htlcs_notify_new_block(ld, block_height);
|
|
|
|
channel_notify_new_block(ld, block_height);
|
2024-01-31 04:16:17 +01:00
|
|
|
channel_gossip_notify_new_block(ld, block_height);
|
2019-09-22 04:06:43 +02:00
|
|
|
gossip_notify_new_block(ld, block_height);
|
2019-12-26 11:19:09 +01:00
|
|
|
waitblockheight_notify_new_block(ld, block_height);
|
2018-05-06 15:32:01 +02:00
|
|
|
}
|
|
|
|
|
2018-12-20 00:15:31 +01:00
|
|
|
static void on_sigint(int _ UNUSED)
|
|
|
|
{
|
|
|
|
static const char *msg = "lightningd: SIGINT caught, exiting.\n";
|
2018-12-30 17:18:33 +01:00
|
|
|
write_all(STDERR_FILENO, msg, strlen(msg));
|
2018-12-20 00:15:31 +01:00
|
|
|
_exit(1);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void on_sigterm(int _ UNUSED)
|
|
|
|
{
|
|
|
|
static const char *msg = "lightningd: SIGTERM caught, exiting.\n";
|
2018-12-30 17:18:33 +01:00
|
|
|
write_all(STDERR_FILENO, msg, strlen(msg));
|
2018-12-20 00:15:31 +01:00
|
|
|
_exit(1);
|
|
|
|
}
|
|
|
|
|
2021-02-10 05:10:52 +01:00
|
|
|
/* Globals are terrible, but we all do it. */
|
|
|
|
static int sigchld_wfd;
|
|
|
|
|
|
|
|
static void on_sigchild(int _ UNUSED)
|
|
|
|
{
|
|
|
|
/*~ UNIX signals are async, which is usually terrible. The usual
|
|
|
|
* trick, which we use here, it to write a byte to a pipe, and
|
|
|
|
* then handle it in the main event loop.
|
|
|
|
*
|
|
|
|
* This can fail if we get flooded by signals but that's OK;
|
|
|
|
* we made it non-blocking, and the reader will loop until
|
|
|
|
* there are no more children. But glibc's overzealous use of
|
|
|
|
* __attribute__((warn_unused_result)) means we have to
|
|
|
|
* "catch" the return value. */
|
2021-06-29 06:48:05 +02:00
|
|
|
if (write(sigchld_wfd, "", 1) != 1) {
|
2022-01-20 05:57:09 +01:00
|
|
|
if (errno != EAGAIN && errno != EWOULDBLOCK) {
|
2021-06-29 06:48:05 +02:00
|
|
|
/* Should not call this in a signal handler, but we're
|
|
|
|
* already messed up! */
|
|
|
|
fatal("on_sigchild: write errno %s", strerror(errno));
|
|
|
|
}
|
|
|
|
}
|
2021-02-10 05:10:52 +01:00
|
|
|
}
|
|
|
|
|
2018-12-20 00:15:31 +01:00
|
|
|
/*~ We only need to handle SIGTERM and SIGINT for the case we are PID 1 of
|
|
|
|
* docker container since Linux makes special this PID and requires that
|
2021-02-10 05:10:52 +01:00
|
|
|
* some handler exist.
|
|
|
|
*
|
|
|
|
* We also want to catch SIGCHLD, so we can report on such children and
|
|
|
|
* avoid zombies. */
|
|
|
|
static int setup_sig_handlers(void)
|
2018-12-20 00:15:31 +01:00
|
|
|
{
|
2021-02-10 05:10:52 +01:00
|
|
|
struct sigaction sigint, sigterm, sigchild;
|
|
|
|
int fds[2];
|
|
|
|
|
2018-12-20 00:15:31 +01:00
|
|
|
memset(&sigint, 0, sizeof(struct sigaction));
|
|
|
|
memset(&sigterm, 0, sizeof(struct sigaction));
|
2021-02-10 05:10:52 +01:00
|
|
|
memset(&sigchild, 0, sizeof(struct sigaction));
|
2018-12-20 00:15:31 +01:00
|
|
|
|
|
|
|
sigint.sa_handler = on_sigint;
|
|
|
|
sigterm.sa_handler = on_sigterm;
|
2021-02-10 05:10:52 +01:00
|
|
|
sigchild.sa_handler = on_sigchild;
|
|
|
|
sigchild.sa_flags = SA_RESTART;
|
2018-12-20 00:15:31 +01:00
|
|
|
|
|
|
|
if (1 == getpid()) {
|
|
|
|
sigaction(SIGINT, &sigint, NULL);
|
|
|
|
sigaction(SIGTERM, &sigterm, NULL);
|
|
|
|
}
|
2021-02-10 05:10:52 +01:00
|
|
|
|
|
|
|
if (pipe(fds) != 0)
|
|
|
|
err(1, "creating sigchild pipe");
|
|
|
|
sigchld_wfd = fds[1];
|
|
|
|
if (fcntl(sigchld_wfd, F_SETFL,
|
|
|
|
fcntl(sigchld_wfd, F_GETFL)|O_NONBLOCK) != 0)
|
|
|
|
err(1, "setting sigchild pip nonblock");
|
|
|
|
sigaction(SIGCHLD, &sigchild, NULL);
|
|
|
|
|
|
|
|
return fds[0];
|
|
|
|
}
|
|
|
|
|
|
|
|
/*~ This removes the SIGCHLD handler, so we don't try to write
|
|
|
|
* to a broken pipe. */
|
2021-11-08 17:19:20 +01:00
|
|
|
static void remove_sigchild_handler(struct io_conn *sigchld_conn)
|
2021-02-10 05:10:52 +01:00
|
|
|
{
|
|
|
|
struct sigaction sigchild;
|
|
|
|
|
|
|
|
memset(&sigchild, 0, sizeof(struct sigaction));
|
|
|
|
sigchild.sa_handler = SIG_DFL;
|
|
|
|
sigaction(SIGCHLD, &sigchild, NULL);
|
2021-11-08 17:19:20 +01:00
|
|
|
io_close(sigchld_conn);
|
2021-02-10 05:10:52 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
/*~ This is the routine which sets up the sigchild handling. We just
|
|
|
|
* reap them for now so they don't become zombies, but our subd
|
|
|
|
* handling calls waitpid() synchronously, so we can't simply do this
|
|
|
|
* in the signal handler or set SIGCHLD to be ignored, which has the
|
|
|
|
* same effect.
|
|
|
|
*
|
|
|
|
* We can usually ignore these because we keep pipes to our children,
|
|
|
|
* and use the closure of those to indicate termination.
|
|
|
|
*/
|
|
|
|
static struct io_plan *sigchld_rfd_in(struct io_conn *conn,
|
|
|
|
struct lightningd *ld)
|
|
|
|
{
|
|
|
|
/* We don't actually care what we read, so we stuff things here. */
|
|
|
|
static u8 ignorebuf;
|
|
|
|
static size_t len;
|
2022-01-22 05:49:22 +01:00
|
|
|
pid_t childpid;
|
|
|
|
int wstatus;
|
2021-02-10 05:10:52 +01:00
|
|
|
|
|
|
|
/* Reap the plugins, since we otherwise ignore them. */
|
2023-04-12 06:52:06 +02:00
|
|
|
while ((childpid = waitpid(-1, &wstatus, WNOHANG)) > 0) {
|
2022-01-22 05:49:22 +01:00
|
|
|
maybe_subd_child(ld, childpid, wstatus);
|
|
|
|
}
|
2021-02-10 05:10:52 +01:00
|
|
|
|
|
|
|
return io_read_partial(conn, &ignorebuf, 1, &len, sigchld_rfd_in, ld);
|
2018-12-20 00:15:31 +01:00
|
|
|
}
|
|
|
|
|
2020-04-02 06:04:47 +02:00
|
|
|
/*~ We actually keep more than one set of features, used in different
|
|
|
|
* contexts. common/features.c knows how each standard feature is
|
|
|
|
* presented, so we have it generate the set for each one at a time, and
|
|
|
|
* combine them.
|
|
|
|
*
|
|
|
|
* This is inefficient, but the primitives are useful for adding single
|
|
|
|
* features later, or adding them when supplied by plugins. */
|
|
|
|
static struct feature_set *default_features(const tal_t *ctx)
|
|
|
|
{
|
2024-01-29 00:34:16 +01:00
|
|
|
/* BOLT PR https://github.com/lightning/bolts/pull/1092
|
|
|
|
* suggests making the following compulsory:
|
|
|
|
* var_onion_optin (all but 6 nodes)
|
|
|
|
* gossip_queries (all but 11 nodes)
|
|
|
|
* option_data_loss_protect (all but 11 nodes)
|
|
|
|
* option_static_remotekey (all but 16 nodes)
|
|
|
|
*/
|
2020-04-02 06:04:47 +02:00
|
|
|
struct feature_set *ret = NULL;
|
|
|
|
static const u32 features[] = {
|
2024-01-29 00:34:16 +01:00
|
|
|
COMPULSORY_FEATURE(OPT_DATA_LOSS_PROTECT),
|
2020-04-02 06:04:47 +02:00
|
|
|
OPTIONAL_FEATURE(OPT_UPFRONT_SHUTDOWN_SCRIPT),
|
2024-01-29 00:34:16 +01:00
|
|
|
COMPULSORY_FEATURE(OPT_GOSSIP_QUERIES),
|
2022-03-07 19:31:36 +01:00
|
|
|
COMPULSORY_FEATURE(OPT_VAR_ONION),
|
2021-07-12 22:48:58 +02:00
|
|
|
COMPULSORY_FEATURE(OPT_PAYMENT_SECRET),
|
2020-04-02 06:04:47 +02:00
|
|
|
OPTIONAL_FEATURE(OPT_BASIC_MPP),
|
2023-10-16 02:36:25 +02:00
|
|
|
OPTIONAL_FEATURE(OPT_LARGE_CHANNELS),
|
2020-04-02 06:04:47 +02:00
|
|
|
OPTIONAL_FEATURE(OPT_GOSSIP_QUERIES_EX),
|
2024-01-29 00:36:15 +01:00
|
|
|
COMPULSORY_FEATURE(OPT_STATIC_REMOTEKEY),
|
2021-05-26 06:09:01 +02:00
|
|
|
OPTIONAL_FEATURE(OPT_SHUTDOWN_ANYSEGWIT),
|
2022-03-31 11:10:50 +02:00
|
|
|
OPTIONAL_FEATURE(OPT_PAYMENT_METADATA),
|
2022-04-14 14:35:39 +02:00
|
|
|
OPTIONAL_FEATURE(OPT_SCID_ALIAS),
|
|
|
|
OPTIONAL_FEATURE(OPT_ZEROCONF),
|
2022-07-23 08:55:48 +02:00
|
|
|
OPTIONAL_FEATURE(OPT_CHANNEL_TYPE),
|
2023-04-07 08:55:33 +02:00
|
|
|
OPTIONAL_FEATURE(OPT_ROUTE_BLINDING),
|
2024-02-06 05:13:28 +01:00
|
|
|
/* Removed later for elements */
|
|
|
|
OPTIONAL_FEATURE(OPT_ANCHORS_ZERO_FEE_HTLC_TX),
|
2020-04-02 06:04:47 +02:00
|
|
|
};
|
|
|
|
|
|
|
|
for (size_t i = 0; i < ARRAY_SIZE(features); i++) {
|
2024-02-06 05:13:28 +01:00
|
|
|
struct feature_set *f;
|
|
|
|
|
|
|
|
f = feature_set_for_feature(NULL, features[i]);
|
2020-04-02 06:04:47 +02:00
|
|
|
if (!ret)
|
|
|
|
ret = tal_steal(ctx, f);
|
|
|
|
else
|
|
|
|
feature_set_or(ret, take(f));
|
|
|
|
}
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
2020-04-03 05:21:22 +02:00
|
|
|
/*~ We need this function style to hand to ecdh_hsmd_setup, but it's just a thin
|
|
|
|
* wrapper around fatal() */
|
|
|
|
static void hsm_ecdh_failed(enum status_failreason fail,
|
|
|
|
const char *fmt, ...)
|
|
|
|
{
|
|
|
|
fatal("hsm failure: %s", fmt);
|
|
|
|
}
|
|
|
|
|
2020-07-29 10:56:42 +02:00
|
|
|
/*~ This signals to the mainloop that some part wants to cleanly exit now. */
|
|
|
|
void lightningd_exit(struct lightningd *ld, int exit_code)
|
|
|
|
{
|
|
|
|
ld->exit_code = tal(ld, int);
|
|
|
|
*ld->exit_code = exit_code;
|
2022-06-26 06:51:01 +02:00
|
|
|
log_debug(ld->log, "io_break: %s", __func__);
|
2020-07-29 10:56:42 +02:00
|
|
|
io_break(ld);
|
|
|
|
}
|
|
|
|
|
2023-07-31 01:36:33 +02:00
|
|
|
struct recover_payload {
|
|
|
|
const char *codex32secret;
|
|
|
|
};
|
|
|
|
|
|
|
|
static bool
|
|
|
|
recover_hook_deserialize(struct recover_payload *payload,
|
|
|
|
const char *buffer, const jsmntok_t *toks)
|
|
|
|
{
|
|
|
|
const jsmntok_t *t_res;
|
|
|
|
|
|
|
|
if (!toks || !buffer)
|
|
|
|
return true;
|
|
|
|
|
|
|
|
t_res = json_get_member(buffer, toks, "result");
|
|
|
|
|
|
|
|
/* fail */
|
|
|
|
if (!t_res || !json_tok_streq(buffer, t_res, "continue"))
|
|
|
|
fatal("Plugin returned an invalid response to the "
|
|
|
|
"recover hook: %s", buffer);
|
|
|
|
|
|
|
|
/* call next hook */
|
|
|
|
return true;
|
|
|
|
}
|
|
|
|
|
|
|
|
static void recover_hook_final(struct recover_payload *payload STEALS)
|
|
|
|
{
|
|
|
|
tal_steal(tmpctx, payload);
|
|
|
|
}
|
|
|
|
|
|
|
|
static void recover_hook_serialize(struct recover_payload *payload,
|
|
|
|
struct json_stream *stream,
|
|
|
|
struct plugin *plugin)
|
|
|
|
{
|
|
|
|
json_add_string(stream, "codex32", payload->codex32secret);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
REGISTER_PLUGIN_HOOK(recover,
|
|
|
|
recover_hook_deserialize,
|
|
|
|
recover_hook_final,
|
|
|
|
recover_hook_serialize,
|
|
|
|
struct recover_payload *);
|
|
|
|
|
2024-01-25 01:28:54 +01:00
|
|
|
static const char *api_name(const tal_t *ctx,
|
|
|
|
const char *subsys,
|
|
|
|
const char *api)
|
|
|
|
{
|
|
|
|
if (api)
|
|
|
|
return tal_fmt(ctx, "%s.%s", subsys, api);
|
|
|
|
return subsys;
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Do we output this field? */
|
|
|
|
bool lightningd_deprecated_out_ok(struct lightningd *ld,
|
|
|
|
bool deprecated_apis,
|
|
|
|
const char *subsys,
|
|
|
|
const char *api,
|
|
|
|
const char *start,
|
|
|
|
const char *end)
|
|
|
|
{
|
|
|
|
return deprecated_ok(deprecated_apis,
|
|
|
|
api_name(tmpctx, subsys, api),
|
|
|
|
start, end,
|
|
|
|
ld->api_begs,
|
|
|
|
NULL, NULL);
|
|
|
|
}
|
|
|
|
|
|
|
|
struct depr_in {
|
|
|
|
struct logger *log;
|
|
|
|
const char *details;
|
|
|
|
};
|
|
|
|
|
|
|
|
static void complain_deprecated(const char *feature,
|
|
|
|
bool allowing,
|
|
|
|
struct depr_in *depr_in)
|
|
|
|
{
|
|
|
|
if (!allowing) {
|
|
|
|
/* Mild log message for disallowing */
|
|
|
|
log_debug(depr_in->log, "Note: disallowing deprecated %s", feature);
|
|
|
|
} else {
|
|
|
|
log_broken(depr_in->log,
|
|
|
|
"DEPRECATED API USED %s %s",
|
|
|
|
feature,
|
|
|
|
depr_in->details ? depr_in->details : "");
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/* Do we accept this? */
|
|
|
|
bool lightningd_deprecated_in_ok(struct lightningd *ld,
|
|
|
|
struct logger *log,
|
|
|
|
bool deprecated_apis,
|
|
|
|
const char *subsys,
|
|
|
|
const char *api,
|
|
|
|
const char *start,
|
|
|
|
const char *end,
|
|
|
|
const char *details)
|
|
|
|
{
|
|
|
|
struct depr_in depr_in;
|
|
|
|
|
|
|
|
depr_in.log = log;
|
|
|
|
depr_in.details = details;
|
|
|
|
|
|
|
|
return deprecated_ok(deprecated_apis,
|
|
|
|
api_name(tmpctx, subsys, api),
|
|
|
|
start, end,
|
|
|
|
ld->api_begs,
|
|
|
|
complain_deprecated, &depr_in);
|
|
|
|
}
|
|
|
|
|
2017-01-10 06:07:51 +01:00
|
|
|
int main(int argc, char *argv[])
|
|
|
|
{
|
2017-09-28 05:26:29 +02:00
|
|
|
struct lightningd *ld;
|
2018-06-04 15:00:05 +02:00
|
|
|
u32 min_blockheight, max_blockheight;
|
2022-01-29 04:33:05 +01:00
|
|
|
int connectd_gossipd_fd;
|
2019-06-12 02:38:55 +02:00
|
|
|
int stop_fd;
|
2019-06-14 05:49:23 +02:00
|
|
|
struct timers *timers;
|
2019-06-12 02:38:55 +02:00
|
|
|
const char *stop_response;
|
2019-12-12 00:39:10 +01:00
|
|
|
struct htlc_in_map *unconnected_htlcs_in;
|
2021-02-10 05:10:52 +01:00
|
|
|
int sigchld_rfd;
|
2022-11-30 03:37:46 +01:00
|
|
|
struct io_conn *sigchld_conn = NULL;
|
2020-07-29 10:56:42 +02:00
|
|
|
int exit_code = 0;
|
2021-04-16 06:31:24 +02:00
|
|
|
char **orig_argv;
|
|
|
|
bool try_reexec;
|
2020-07-29 10:56:42 +02:00
|
|
|
|
2023-07-27 07:13:54 +02:00
|
|
|
trace_span_start("lightningd/startup", argv);
|
|
|
|
|
2024-03-19 05:29:59 +01:00
|
|
|
/*~ What happens in strange locales should stay there. */
|
|
|
|
setup_locale();
|
|
|
|
|
|
|
|
/*~ This handles --dev-debug-self really early, which we otherwise ignore */
|
|
|
|
daemon_developer_mode(argv);
|
|
|
|
|
2021-10-19 06:18:27 +02:00
|
|
|
/*~ We fork out new processes very very often; every channel gets its
|
|
|
|
* own process, for example, and we have `hsmd` and `gossipd` and
|
|
|
|
* the plugins as well.
|
|
|
|
* Now, we also keep around several file descriptors (`fd`s), including
|
|
|
|
* file descriptors to communicate with `hsmd` which is a privileged
|
|
|
|
* process with access to private keys and is therefore very sensitive.
|
|
|
|
* Thus, we need to close all file descriptors other than what the
|
|
|
|
* forked-out new process should have ASAP.
|
|
|
|
*
|
|
|
|
* We do this by using the `ccan/closefrom` module, which implements
|
|
|
|
* an emulation for the `closefrom` syscall on BSD and Solaris.
|
|
|
|
* This emulation tries to use the fastest facility available on the
|
|
|
|
* system (`close_range` syscall on Linux 5.9+, snooping through
|
|
|
|
* `/proc/$PID/fd` on many OSs (but requires procps to be mounted),
|
|
|
|
* the actual `closefrom` call if available, etc.).
|
|
|
|
* As a fallback if none of those are available on the system, however,
|
|
|
|
* it just iterates over the theoretical range of possible file
|
|
|
|
* descriptors.
|
|
|
|
*
|
|
|
|
* On some systems, that theoretical range can be very high, up to
|
|
|
|
* `INT_MAX` in the worst case.
|
|
|
|
* If the `closefrom` emulation has to fall back to this loop, it
|
|
|
|
* can be very slow; fortunately, the emulation will also inform
|
|
|
|
* us of that via the `closefrom_may_be_slow` function, and also has
|
|
|
|
* `closefrom_limit` to limit the number of allowed file descriptors
|
|
|
|
* *IF AND ONLY IF* `closefrom_may_be_slow()` is true.
|
|
|
|
*
|
|
|
|
* On systems with a fast `closefrom` then `closefrom_limit` does
|
|
|
|
* nothing.
|
|
|
|
*
|
|
|
|
* Previously we always imposed a limit of 1024 file descriptors
|
|
|
|
* (because we used to always iterate up to limit instead of using
|
|
|
|
* some OS facility, because those were non-portable and needed
|
|
|
|
* code for each OS), until @whitslack went and made >1000 channels
|
|
|
|
* and hit the 1024 limit.
|
|
|
|
*/
|
|
|
|
closefrom_limit(4096);
|
2017-01-10 06:07:51 +01:00
|
|
|
|
2021-02-10 05:10:52 +01:00
|
|
|
/*~ This sets up SIGCHLD to make sigchld_rfd readable. */
|
|
|
|
sigchld_rfd = setup_sig_handlers();
|
2018-12-20 00:15:31 +01:00
|
|
|
|
2018-12-11 01:27:47 +01:00
|
|
|
/*~ This checks that the system-installed libraries (usually
|
|
|
|
* dynamically linked) actually are compatible with the ones we
|
|
|
|
* compiled with.
|
|
|
|
*
|
|
|
|
* The header itself is auto-generated every time the version of the
|
|
|
|
* installed libraries changes, as we had an sqlite3 version update
|
|
|
|
* which broke people, and "make" didn't think there was any work to
|
|
|
|
* do, so rebuilding didn't fix it. */
|
|
|
|
check_linked_library_versions();
|
|
|
|
|
2018-09-03 03:08:56 +02:00
|
|
|
/*~ Every daemon calls this in some form: the hooks are for dumping
|
|
|
|
* backtraces when we crash (if supported on this platform). */
|
2018-03-29 04:06:45 +02:00
|
|
|
daemon_setup(argv[0], log_backtrace_print, log_backtrace_exit);
|
2018-09-03 03:08:56 +02:00
|
|
|
|
|
|
|
/*~ There's always a battle between what a constructor like this
|
|
|
|
* should do, and what should be added later by the caller. In
|
|
|
|
* general, because we use valgrind heavily for testing, we prefer not
|
2018-09-03 05:40:01 +02:00
|
|
|
* to initialize unused fields which we expect the caller to set:
|
2018-09-03 03:08:56 +02:00
|
|
|
* valgrind will warn us if we make decisions based on uninitialized
|
|
|
|
* variables. */
|
2018-02-18 13:56:46 +01:00
|
|
|
ld = new_lightningd(NULL);
|
2023-04-06 02:18:50 +02:00
|
|
|
ld->state = LD_STATE_INITIALIZING;
|
2023-10-12 21:23:04 +02:00
|
|
|
log_info(ld->log, "%s", version());
|
2017-09-28 05:41:18 +02:00
|
|
|
|
2021-04-16 06:31:24 +02:00
|
|
|
/*~ We store an copy of our arguments before parsing mangles them, so
|
|
|
|
* we can re-exec if versions of subdaemons change. Note the use of
|
|
|
|
* notleak() since our leak-detector can't find orig_argv on the
|
|
|
|
* stack. */
|
|
|
|
orig_argv = notleak(tal_arr(ld, char *, argc + 1));
|
|
|
|
for (size_t i = 1; i < argc; i++)
|
|
|
|
orig_argv[i] = tal_strdup(orig_argv, argv[i]);
|
2023-07-31 01:36:33 +02:00
|
|
|
|
2021-04-16 06:31:24 +02:00
|
|
|
/*~ Turn argv[0] into an absolute path (if not already) */
|
|
|
|
orig_argv[0] = path_join(orig_argv, take(path_cwd(NULL)), argv[0]);
|
|
|
|
orig_argv[argc] = NULL;
|
|
|
|
|
2018-01-03 12:34:41 +01:00
|
|
|
/* Figure out where our daemons are first. */
|
|
|
|
ld->daemon_dir = find_daemon_dir(ld, argv[0]);
|
|
|
|
if (!ld->daemon_dir)
|
2022-07-20 04:29:25 +02:00
|
|
|
errx(EXITCODE_SUBDAEMON_FAIL, "Could not find daemons");
|
2017-01-10 06:07:51 +01:00
|
|
|
|
2020-04-02 06:04:47 +02:00
|
|
|
/* Set up the feature bits for what we support */
|
2020-04-03 02:03:59 +02:00
|
|
|
ld->our_features = default_features(ld);
|
2020-04-02 06:04:47 +02:00
|
|
|
|
2019-08-06 06:07:40 +02:00
|
|
|
/*~ Handle early options; this moves us into --lightning-dir.
|
|
|
|
* Plugins may add new options, which is why we are splitting
|
|
|
|
* between early args (including --plugin registration) and
|
2019-08-08 06:18:10 +02:00
|
|
|
* non-early opts. This also forks if they say --daemon. */
|
2018-10-31 18:00:44 +01:00
|
|
|
handle_early_opts(ld, argc, argv);
|
|
|
|
|
2021-11-01 21:17:20 +01:00
|
|
|
/*~ Set the default portnum according to the used network
|
|
|
|
* similarly to what Bitcoin Core does to ports by default. */
|
2022-06-20 23:38:18 +02:00
|
|
|
ld->portnum = chainparams_get_ln_port(chainparams);
|
2021-11-01 21:17:20 +01:00
|
|
|
|
2018-10-31 18:00:44 +01:00
|
|
|
/*~ Initialize all the plugins we just registered, so they can
|
|
|
|
* do their thing and tell us about themselves (including
|
|
|
|
* options registration). */
|
2023-07-27 07:13:54 +02:00
|
|
|
trace_span_start("plugins/init", ld->plugins);
|
2020-05-05 03:13:34 +02:00
|
|
|
plugins_init(ld->plugins);
|
2023-07-27 07:13:54 +02:00
|
|
|
trace_span_end(ld->plugins);
|
2019-01-11 06:51:08 +01:00
|
|
|
|
2021-03-09 10:50:00 +01:00
|
|
|
/*~ If the plugis are misconfigured we don't want to proceed. A
|
|
|
|
* misconfiguration could for example be a plugin marked as important
|
|
|
|
* not working correctly or a plugin squatting something an important
|
|
|
|
* plugin needs to register, such as a method or CLI option. If we are
|
|
|
|
* going to shut down immediately again, we shouldn't spend too much
|
|
|
|
* effort in starting up.
|
|
|
|
*/
|
|
|
|
if (ld->exit_code)
|
|
|
|
fatal("Could not initialize the plugins, see above for details.");
|
|
|
|
|
2019-08-06 06:07:40 +02:00
|
|
|
/*~ Handle options and config. */
|
2023-06-02 04:35:51 +02:00
|
|
|
handle_opts(ld);
|
2017-01-10 06:07:51 +01:00
|
|
|
|
2019-08-05 19:13:48 +02:00
|
|
|
/*~ Now create the PID file: this errors out if there's already a
|
|
|
|
* daemon running, so we call before doing almost anything else. */
|
|
|
|
pidfile_create(ld);
|
|
|
|
|
2020-07-22 14:07:22 +02:00
|
|
|
/*~ Make sure we can reach the subdaemons, and versions match.
|
2023-09-21 07:36:28 +02:00
|
|
|
* This can be turned off with --dev-skip-version-checks,
|
|
|
|
* which can only be set after --developer.
|
|
|
|
*/
|
2023-07-27 07:13:54 +02:00
|
|
|
trace_span_start("test_subdaemons", ld);
|
2023-09-21 07:36:28 +02:00
|
|
|
if (!ld->dev_no_version_checks)
|
2020-07-22 14:07:22 +02:00
|
|
|
test_subdaemons(ld);
|
2023-07-27 07:13:54 +02:00
|
|
|
trace_span_end(ld);
|
2017-01-10 06:07:51 +01:00
|
|
|
|
2020-05-26 23:06:13 +02:00
|
|
|
/*~ Set up the HSM daemon, which knows our node secret key, so tells
|
|
|
|
* us who we are.
|
|
|
|
*
|
|
|
|
* HSM stands for Hardware Security Module, which is the industry
|
|
|
|
* standard of key storage; ours is in software for now, so the name
|
|
|
|
* doesn't really make sense, but we can't call it the Badly-named
|
|
|
|
* Daemon Software Module. */
|
2023-07-27 07:13:54 +02:00
|
|
|
trace_span_start("hsmd_init", ld);
|
2023-03-21 04:58:15 +01:00
|
|
|
ld->bip32_base = hsm_init(ld);
|
2023-07-27 07:13:54 +02:00
|
|
|
trace_span_end(ld);
|
2020-05-26 23:06:13 +02:00
|
|
|
|
2023-07-25 03:49:43 +02:00
|
|
|
/*~ We have bearer tokens called `runes` you can use to control access. They have
|
|
|
|
* a fascinating history which I shall not go into now, but they're derived from
|
|
|
|
* Macaroons which was a over-engineered Googlism.
|
|
|
|
*
|
|
|
|
* We need them minimally bootstrapped for our db migration code. */
|
|
|
|
ld->runes = runes_early_init(ld);
|
|
|
|
|
2018-09-03 03:08:56 +02:00
|
|
|
/*~ Our "wallet" code really wraps the db, which is more than a simple
|
2018-09-03 05:40:01 +02:00
|
|
|
* bitcoin wallet (though it's that too). It also stores channel
|
|
|
|
* states, invoices, payments, blocks and bitcoin transactions. */
|
2023-07-27 07:13:54 +02:00
|
|
|
trace_span_start("wallet_new", ld);
|
2023-03-21 04:58:15 +01:00
|
|
|
ld->wallet = wallet_new(ld, ld->timers);
|
2023-07-27 07:13:54 +02:00
|
|
|
trace_span_end(ld);
|
2018-09-03 03:08:56 +02:00
|
|
|
|
|
|
|
/*~ We keep a filter of scriptpubkeys we're interested in. */
|
2017-11-27 16:20:10 +01:00
|
|
|
ld->owned_txfilter = txfilter_new(ld);
|
2017-05-23 22:07:20 +02:00
|
|
|
|
2018-09-03 03:08:56 +02:00
|
|
|
/*~ This is the ccan/io central poll override from above. */
|
2018-09-03 05:40:00 +02:00
|
|
|
io_poll_override(io_poll_lightningd);
|
2018-04-27 03:41:38 +02:00
|
|
|
|
2019-10-03 21:55:32 +02:00
|
|
|
/*~ If hsm_secret is encrypted, we don't need its encryption key
|
|
|
|
* anymore. Note that sodium_munlock() also zeroes the memory.*/
|
|
|
|
if (ld->config.keypass)
|
2021-01-03 12:32:43 +01:00
|
|
|
discard_key(take(ld->config.keypass));
|
2019-10-03 21:55:32 +02:00
|
|
|
|
2018-09-03 03:08:56 +02:00
|
|
|
/*~ Our default color and alias are derived from our node id, so we
|
|
|
|
* can only set those now (if not set by config options). */
|
2017-10-23 07:05:28 +02:00
|
|
|
setup_color_and_alias(ld);
|
|
|
|
|
2018-09-03 03:08:56 +02:00
|
|
|
/*~ Set up connect daemon: this manages receiving and making
|
|
|
|
* TCP connections. It needs to talk to the gossip daemon
|
|
|
|
* which knows (via node_announcement messages) the public
|
|
|
|
* addresses of nodes, so connectd_init hands it one end of a
|
|
|
|
* socket pair, and gives us the other */
|
2023-07-27 07:13:54 +02:00
|
|
|
trace_span_start("connectd_init", ld);
|
2022-01-29 04:33:05 +01:00
|
|
|
connectd_gossipd_fd = connectd_init(ld);
|
2023-07-27 07:13:54 +02:00
|
|
|
trace_span_end(ld);
|
2018-07-24 08:18:58 +02:00
|
|
|
|
2018-09-03 03:08:56 +02:00
|
|
|
/*~ We do every database operation within a transaction; usually this
|
|
|
|
* is covered by the infrastructure (eg. opening a transaction before
|
|
|
|
* handling a message or expiring a timer), but for startup we do this
|
|
|
|
* explicitly. */
|
2017-11-01 02:10:48 +01:00
|
|
|
db_begin_transaction(ld->wallet->db);
|
|
|
|
|
2018-09-03 03:08:56 +02:00
|
|
|
/*~ Our default names, eg. for the database file, are not dependent on
|
|
|
|
* the network. Instead, the db knows what chain it belongs to, and we
|
2022-07-20 04:28:25 +02:00
|
|
|
* simple barf here if it's wrong.
|
|
|
|
*
|
|
|
|
* We also check that our node_id is what we expect: otherwise a change
|
|
|
|
* in hsm_secret will have strange consequences! */
|
|
|
|
if (!wallet_sanity_check(ld->wallet))
|
2022-07-20 04:29:25 +02:00
|
|
|
errx(EXITCODE_WALLET_DB_MISMATCH, "Wallet sanity check failed.");
|
2018-02-16 17:55:33 +01:00
|
|
|
|
2018-09-03 03:08:56 +02:00
|
|
|
/*~ Initialize the transaction filter with our pubkeys. */
|
2023-07-27 07:13:54 +02:00
|
|
|
trace_span_start("init_txfilter", ld->wallet);
|
2023-03-21 04:58:15 +01:00
|
|
|
init_txfilter(ld->wallet, ld->bip32_base, ld->owned_txfilter);
|
2023-07-27 07:13:54 +02:00
|
|
|
trace_span_end(ld->wallet);
|
2017-11-27 16:20:10 +01:00
|
|
|
|
2018-09-03 03:08:56 +02:00
|
|
|
/*~ Get the blockheight we are currently at, UINT32_MAX is used to signal
|
2018-09-03 05:40:01 +02:00
|
|
|
* an uninitialized wallet and that we should start off of bitcoind's
|
2018-04-20 14:44:34 +02:00
|
|
|
* current height */
|
2018-09-03 03:08:56 +02:00
|
|
|
wallet_blocks_heights(ld->wallet, UINT32_MAX,
|
|
|
|
&min_blockheight, &max_blockheight);
|
2018-04-20 14:44:34 +02:00
|
|
|
|
2018-09-03 03:08:56 +02:00
|
|
|
/*~ If we were asked to rescan from an absolute height (--rescan < 0)
|
2018-06-04 15:00:05 +02:00
|
|
|
* then just go there. Otherwise compute the diff to our current height,
|
|
|
|
* lowerbounded by 0. */
|
2018-04-20 14:44:34 +02:00
|
|
|
if (ld->config.rescan < 0)
|
2018-06-04 15:00:05 +02:00
|
|
|
max_blockheight = -ld->config.rescan;
|
|
|
|
else if (max_blockheight < (u32)ld->config.rescan)
|
|
|
|
max_blockheight = 0;
|
|
|
|
else if (max_blockheight != UINT32_MAX)
|
|
|
|
max_blockheight -= ld->config.rescan;
|
2018-01-03 06:26:43 +01:00
|
|
|
|
2023-07-25 03:49:43 +02:00
|
|
|
/*~ Finish our runes initialization (includes reading from db) */
|
|
|
|
runes_finish_init(ld->runes);
|
2023-07-21 02:23:26 +02:00
|
|
|
|
2023-07-31 11:04:42 +02:00
|
|
|
/*~ Start expiring old invoices now ld->wallet is set.*/
|
|
|
|
invoices_start_expiration(ld);
|
|
|
|
|
2018-09-03 03:08:56 +02:00
|
|
|
/*~ That's all of the wallet db operations for now. */
|
2017-11-01 02:10:48 +01:00
|
|
|
db_commit_transaction(ld->wallet->db);
|
|
|
|
|
2018-09-03 03:08:56 +02:00
|
|
|
/*~ Initialize block topology. This does its own io_loop to
|
|
|
|
* talk to bitcoind, so does its own db transactions. */
|
2023-07-27 07:13:54 +02:00
|
|
|
trace_span_start("setup_topology", ld->topology);
|
2021-09-01 06:34:24 +02:00
|
|
|
setup_topology(ld->topology, min_blockheight, max_blockheight);
|
2023-07-27 07:13:54 +02:00
|
|
|
trace_span_end(ld->topology);
|
2017-11-27 16:20:10 +01:00
|
|
|
|
2020-02-05 10:27:03 +01:00
|
|
|
db_begin_transaction(ld->wallet->db);
|
|
|
|
|
2019-05-21 14:14:41 +02:00
|
|
|
/*~ Pull peers, channels and HTLCs from db. Needs to happen after the
|
|
|
|
* topology is initialized since some decisions rely on being able to
|
|
|
|
* know the blockheight. */
|
2023-01-27 20:42:53 +01:00
|
|
|
unconnected_htlcs_in = notleak(load_channels_from_wallet(ld));
|
2019-05-21 14:14:41 +02:00
|
|
|
db_commit_transaction(ld->wallet->db);
|
|
|
|
|
2022-01-24 20:57:52 +01:00
|
|
|
/*~ The gossip daemon looks after the routing gossip;
|
|
|
|
* channel_announcement, channel_update, node_announcement and gossip
|
|
|
|
* queries. It also hands us the latest channel_updates for our
|
|
|
|
* channels. */
|
2022-01-29 04:33:05 +01:00
|
|
|
gossip_init(ld, connectd_gossipd_fd);
|
2022-01-24 20:57:52 +01:00
|
|
|
|
2018-09-14 02:34:54 +02:00
|
|
|
/*~ Create RPC socket: now lightning-cli can send us JSON RPC commands
|
|
|
|
* over a UNIX domain socket specified by `ld->rpc_filename`. */
|
2018-11-22 11:37:08 +01:00
|
|
|
jsonrpc_listen(ld->jsonrpc, ld);
|
2018-09-14 02:34:54 +02:00
|
|
|
|
2018-12-10 05:39:42 +01:00
|
|
|
/*~ Now that the rpc path exists, we can start the plugins and they
|
|
|
|
* can start talking to us. */
|
2023-01-17 01:47:12 +01:00
|
|
|
if (!plugins_config(ld->plugins)) {
|
|
|
|
/* Valgrind can complain about this leak! */
|
|
|
|
tal_free(unconnected_htlcs_in);
|
2022-11-30 03:37:46 +01:00
|
|
|
goto stop;
|
2023-01-17 01:47:12 +01:00
|
|
|
}
|
2019-01-11 06:51:08 +01:00
|
|
|
|
2019-08-10 07:24:57 +02:00
|
|
|
/*~ Process any HTLCs we were in the middle of when we exited, now
|
|
|
|
* that plugins (who might want to know via htlc_accepted hook) are
|
2019-12-12 00:55:45 +01:00
|
|
|
* active. These will immediately fail, since no peers are connected,
|
|
|
|
* however partial payments may still be absorbed into htlc_set. */
|
|
|
|
db_begin_transaction(ld->wallet->db);
|
2019-12-12 00:39:10 +01:00
|
|
|
htlcs_resubmit(ld, unconnected_htlcs_in);
|
2019-12-12 00:55:45 +01:00
|
|
|
db_commit_transaction(ld->wallet->db);
|
2019-08-10 07:24:57 +02:00
|
|
|
|
2018-09-03 03:08:56 +02:00
|
|
|
/*~ Activate connect daemon. Needs to be after the initialization of
|
|
|
|
* chaintopology, otherwise peers may connect and ask for
|
|
|
|
* uninitialized data. */
|
2018-07-24 08:18:58 +02:00
|
|
|
connectd_activate(ld);
|
2018-05-02 04:53:34 +02:00
|
|
|
|
2018-09-03 03:08:56 +02:00
|
|
|
/*~ "onchaind" is a dumb daemon which tries to get our funds back: it
|
|
|
|
* doesn't handle reorganizations, but it's idempotent, so we can
|
|
|
|
* simply just restart it if the chain moves. Similarly, we replay it
|
|
|
|
* chain events from the database on restart, beginning with the
|
|
|
|
* "funding transaction spent" event which creates it. */
|
2018-05-02 04:53:34 +02:00
|
|
|
onchaind_replay_channels(ld);
|
|
|
|
|
2021-11-08 17:19:20 +01:00
|
|
|
/*~ Now handle sigchld, so we can clean up appropriately. */
|
|
|
|
sigchld_conn = notleak(io_new_conn(ld, sigchld_rfd, sigchld_rfd_in, ld));
|
2021-02-10 05:10:52 +01:00
|
|
|
|
2023-07-27 07:13:54 +02:00
|
|
|
trace_span_end(argv);
|
|
|
|
|
2018-09-03 03:08:56 +02:00
|
|
|
/*~ Mark ourselves live.
|
|
|
|
*
|
2024-03-20 01:47:55 +01:00
|
|
|
* Note the use of fmt_node_id() here: most complex types have a
|
|
|
|
* string formatter of this convention, usually handed 'tmpctx' like
|
|
|
|
* here to allocate a throwaway string for formatting. json_escape()
|
|
|
|
* avoids printing weird characters in our log. And tal_hex() is a
|
|
|
|
* helper from utils which returns a hex string; it's assumed that the
|
|
|
|
* argument was allocated with tal or tal_arr so it can use
|
|
|
|
* tal_bytelen() to get the length. */
|
2019-02-21 22:54:39 +01:00
|
|
|
log_info(ld->log, "--------------------------------------------------");
|
2018-01-24 20:33:47 +01:00
|
|
|
log_info(ld->log, "Server started with public key %s, alias %s (color #%s) and lightningd %s",
|
2024-03-20 01:47:52 +01:00
|
|
|
fmt_node_id(tmpctx, &ld->id),
|
2018-03-26 02:08:43 +02:00
|
|
|
json_escape(tmpctx, (const char *)ld->alias)->s,
|
|
|
|
tal_hex(tmpctx, ld->rgb), version());
|
2023-04-06 02:18:50 +02:00
|
|
|
ld->state = LD_STATE_RUNNING;
|
2017-01-10 06:08:33 +01:00
|
|
|
|
2023-07-31 01:36:33 +02:00
|
|
|
if (ld->recover) {
|
|
|
|
struct recover_payload *payload = tal(NULL, struct recover_payload);
|
|
|
|
payload->codex32secret = tal_strdup(payload,
|
|
|
|
ld->recover);
|
|
|
|
plugin_hook_call_recover(ld, NULL, payload);
|
|
|
|
}
|
2021-10-19 06:18:27 +02:00
|
|
|
/*~ If `closefrom_may_be_slow`, we limit ourselves to 4096 file
|
|
|
|
* descriptors; tell the user about it as that limits the number
|
|
|
|
* of channels they can have.
|
|
|
|
* We do not really expect most users to ever reach that many,
|
|
|
|
* but: https://github.com/ElementsProject/lightning/issues/4868
|
|
|
|
*/
|
|
|
|
if (closefrom_may_be_slow())
|
|
|
|
log_info(ld->log,
|
|
|
|
"We have self-limited number of open file "
|
|
|
|
"descriptors to 4096, but that will result in a "
|
|
|
|
"'Too many open files' error if you ever reach "
|
|
|
|
">4000 channels. Please upgrade your OS kernel "
|
|
|
|
"(Linux 5.9+, FreeBSD 8.0+), or mount proc or "
|
|
|
|
"/dev/fd (if running in chroot) if you are "
|
|
|
|
"approaching that many channels.");
|
|
|
|
|
2022-07-14 09:41:11 +02:00
|
|
|
/*~ If we have channels closing, make sure we re-xmit the last
|
|
|
|
* transaction, in case bitcoind lost it. */
|
|
|
|
db_begin_transaction(ld->wallet->db);
|
|
|
|
resend_closing_transactions(ld);
|
|
|
|
db_commit_transaction(ld->wallet->db);
|
|
|
|
|
2018-09-03 03:08:56 +02:00
|
|
|
/*~ This is where we ask connectd to reconnect to any peers who have
|
|
|
|
* live channels with us, and makes sure we're watching the funding
|
|
|
|
* tx. */
|
2022-03-22 21:30:59 +01:00
|
|
|
setup_peers(ld);
|
2018-01-03 06:26:44 +01:00
|
|
|
|
2018-09-03 03:08:56 +02:00
|
|
|
/*~ Now that all the notifications for transactions are in place, we
|
|
|
|
* can start the poll loop which queries bitcoind for new blocks. */
|
2018-01-03 06:26:44 +01:00
|
|
|
begin_topology(ld->topology);
|
|
|
|
|
2019-08-01 08:20:43 +02:00
|
|
|
/*~ To handle --daemon, we fork the daemon early (otherwise we hit
|
|
|
|
* issues with our pid changing), but keep the parent around until
|
|
|
|
* we've completed most initialization: that way we'll exit with an
|
|
|
|
* error rather than silently exiting 0, then realizing we can't start
|
|
|
|
* and forcing the confused user to read the logs.
|
|
|
|
*
|
|
|
|
* But we're all initialized, so detach and have parent exit now. */
|
|
|
|
if (ld->daemon_parent_fd != -1)
|
|
|
|
complete_daemonize(ld);
|
|
|
|
|
2019-08-01 08:20:47 +02:00
|
|
|
/*~ Setting this (global) activates the crash log: we don't usually need
|
|
|
|
* a backtrace if we fail during startup. */
|
|
|
|
crashlog = ld->log;
|
|
|
|
|
2020-04-03 05:21:22 +02:00
|
|
|
/*~ This sets up the ecdh() function in ecdh_hsmd to talk to hsmd */
|
|
|
|
ecdh_hsmd_setup(ld->hsm_fd, hsm_ecdh_failed);
|
|
|
|
|
2018-09-03 05:40:01 +02:00
|
|
|
/*~ The root of every backtrace (almost). This is our main event
|
2023-04-06 02:18:50 +02:00
|
|
|
* loop. We don't even call it if they've already called `stop` */
|
|
|
|
if (!ld->stop_conn) {
|
|
|
|
void *io_loop_ret = io_loop_with_timers(ld);
|
|
|
|
/*~ io_loop_with_timers will only exit if we call io_break.
|
|
|
|
* At this point in code, we should use io_break(ld) to
|
|
|
|
* shut down.
|
|
|
|
*/
|
|
|
|
assert(io_loop_ret == ld);
|
|
|
|
log_debug(ld->log, "io_loop_with_timers: %s", __func__);
|
|
|
|
}
|
2021-11-10 10:08:49 +01:00
|
|
|
|
2022-11-30 03:37:46 +01:00
|
|
|
stop:
|
2022-09-11 09:51:18 +02:00
|
|
|
/* Stop *new* JSON RPC requests. */
|
|
|
|
jsonrpc_stop_listening(ld->jsonrpc);
|
|
|
|
|
2023-02-04 06:16:24 +01:00
|
|
|
/* Stop new connectd requests */
|
|
|
|
connectd_start_shutdown(ld->connectd);
|
|
|
|
|
2022-09-11 09:51:18 +02:00
|
|
|
/* Give permission for things to get destroyed without getting upset. */
|
2020-02-13 21:01:23 +01:00
|
|
|
ld->state = LD_STATE_SHUTDOWN;
|
2017-01-10 06:07:51 +01:00
|
|
|
|
2020-11-06 03:44:14 +01:00
|
|
|
stop_fd = -1;
|
|
|
|
stop_response = NULL;
|
|
|
|
|
2020-07-29 10:56:42 +02:00
|
|
|
/* Were we exited via `lightningd_exit`? */
|
|
|
|
if (ld->exit_code) {
|
|
|
|
exit_code = *ld->exit_code;
|
2020-11-06 03:44:14 +01:00
|
|
|
} else if (ld->stop_conn) {
|
2020-07-29 10:56:42 +02:00
|
|
|
/* Keep this fd around, to write final response at the end. */
|
|
|
|
stop_fd = io_conn_fd(ld->stop_conn);
|
|
|
|
io_close_taken_fd(ld->stop_conn);
|
|
|
|
stop_response = tal_steal(NULL, ld->stop_response);
|
|
|
|
}
|
2019-06-12 02:38:55 +02:00
|
|
|
|
2021-09-01 06:35:15 +02:00
|
|
|
/* Stop topology callbacks. */
|
|
|
|
stop_topology(ld->topology);
|
|
|
|
|
2021-02-10 05:10:52 +01:00
|
|
|
/* We're not going to collect our children. */
|
2021-11-08 17:19:20 +01:00
|
|
|
remove_sigchild_handler(sigchld_conn);
|
2018-07-24 22:32:58 +02:00
|
|
|
|
2022-09-11 09:51:18 +02:00
|
|
|
/* Get rid of per-channel subdaemons. */
|
|
|
|
subd_shutdown_nonglobals(ld);
|
|
|
|
|
|
|
|
/* Tell plugins we're shutting down, use force if necessary. */
|
2021-09-03 12:16:18 +02:00
|
|
|
shutdown_plugins(ld);
|
2018-11-22 23:11:26 +01:00
|
|
|
|
2022-09-11 09:51:18 +02:00
|
|
|
/* Now kill any remaining connections */
|
|
|
|
jsonrpc_stop_all(ld);
|
|
|
|
|
|
|
|
/* Get rid of major subdaemons. */
|
|
|
|
shutdown_global_subdaemons(ld);
|
|
|
|
|
|
|
|
/* Clean up internal peer/channel/htlc structures. */
|
|
|
|
free_all_channels(ld);
|
|
|
|
|
|
|
|
/* Now close database */
|
|
|
|
ld->wallet->db = tal_free(ld->wallet->db);
|
2018-07-24 22:32:58 +02:00
|
|
|
|
2018-02-20 00:00:09 +01:00
|
|
|
remove(ld->pidfile);
|
2017-04-12 08:52:32 +02:00
|
|
|
|
2018-08-29 02:08:10 +02:00
|
|
|
/* FIXME: pay can have children off tmpctx which unlink from
|
|
|
|
* ld->payments, so clean that up. */
|
|
|
|
clean_tmpctx();
|
2019-06-14 05:49:23 +02:00
|
|
|
|
2021-04-16 06:31:24 +02:00
|
|
|
/* Gather these before we free ld! */
|
|
|
|
try_reexec = ld->try_reexec;
|
2023-10-24 23:11:04 +02:00
|
|
|
if (try_reexec) {
|
|
|
|
/* Maybe we reexec with --recover, due to recover command */
|
|
|
|
if (ld->recover_secret) {
|
|
|
|
tal_arr_insert(&orig_argv, argc,
|
|
|
|
tal_fmt(orig_argv, "--recover=%s",
|
|
|
|
ld->recover_secret));
|
|
|
|
}
|
2021-04-16 06:31:24 +02:00
|
|
|
tal_steal(NULL, orig_argv);
|
2023-10-24 23:11:04 +02:00
|
|
|
}
|
2021-04-16 06:31:24 +02:00
|
|
|
|
2019-06-14 05:49:23 +02:00
|
|
|
/* Free this last: other things may clean up timers. */
|
|
|
|
timers = tal_steal(NULL, ld->timers);
|
2017-01-10 06:07:51 +01:00
|
|
|
tal_free(ld);
|
2019-06-14 05:49:23 +02:00
|
|
|
|
|
|
|
timers_cleanup(timers);
|
|
|
|
tal_free(timers);
|
2017-01-10 06:07:51 +01:00
|
|
|
opt_free_table();
|
2017-12-15 11:17:54 +01:00
|
|
|
|
2018-03-29 04:06:45 +02:00
|
|
|
daemon_shutdown();
|
2018-09-03 03:08:56 +02:00
|
|
|
|
2020-07-29 10:56:42 +02:00
|
|
|
/* Finally, send response to shutdown command if appropriate. */
|
|
|
|
if (stop_fd >= 0) {
|
|
|
|
write_all(stop_fd, stop_response, strlen(stop_response));
|
|
|
|
close(stop_fd);
|
|
|
|
tal_free(stop_response);
|
|
|
|
}
|
2019-06-12 02:38:55 +02:00
|
|
|
|
2021-04-16 06:31:24 +02:00
|
|
|
/* Were we supposed to restart ourselves? */
|
|
|
|
if (try_reexec) {
|
|
|
|
/* Give a reasonable chance for the install to finish. */
|
|
|
|
sleep(5);
|
|
|
|
|
|
|
|
/* Close all filedescriptors except stdin/stdout/stderr */
|
*: Use new closefrom module from ccan.
This also inadvertently fixes a latent bug: before this patch, in the
`subd` function in `lightningd/subd.c`, we would close `execfail[1]`
*before* doing an `exec`.
We use an EOF on `execfail[1]` as a signal that `exec` succeeded (the
fd is marked CLOEXEC), and otherwise use it to pump `errno` to the
parent.
The intent is that this fd should be kept open until `exec`, at which
point CLOEXEC triggers and close that fd and sends the EOF, *or* if
`exec` fails we can send the `errno` to the parent process vua that
pipe-end.
However, in the previous version, we end up closing that fd *before*
reaching `exec`, either in the loop which `dup2`s passed-in fds (by
overwriting `execfail[1]` with a `dup2`) or in the "close everything"
loop, which does not guard against `execfail[1]`, only
`dev_disconnect_fd`.
2021-10-19 05:35:44 +02:00
|
|
|
closefrom(STDERR_FILENO + 1);
|
2021-04-16 06:31:24 +02:00
|
|
|
execv(orig_argv[0], orig_argv);
|
2023-10-24 23:11:04 +02:00
|
|
|
err(1, "Failed to re-exec ourselves after version change/recover");
|
2021-04-16 06:31:24 +02:00
|
|
|
}
|
|
|
|
|
2018-09-03 05:40:01 +02:00
|
|
|
/*~ Farewell. Next stop: hsmd/hsmd.c. */
|
2020-07-29 10:56:42 +02:00
|
|
|
return exit_code;
|
2017-01-10 06:07:51 +01:00
|
|
|
}
|