channeld: don't send splice TLV fields unless negotiated.

This make ACINQ seize up, and not send revoke_and_ack. Eventually, this can cause a bad signature error, should payments go in both directions, which is a separate bug, but this is the trigger. See: #6500 Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2025-03-15 20:09:18 +01:00 · 2023-08-07 13:11:56 +09:30 · 2023-08-07 13:11:56 +09:30 · 91a58a0bdc
commit 91a58a0bdc
parent 0bf5ee6bba
1 changed files with 13 additions and 7 deletions
--- a/channeld/channeld.c
+++ b/channeld/channeld.c
@ -1486,15 +1486,21 @@ static u8 *send_commit_part(struct peer *peer,
 	const struct htlc **htlc_map;
 	struct wally_tx_output *direct_outputs[NUM_SIDES];
 	struct penalty_base *pbase;
-
-	status_debug("send_commit_part(splice: %d, remote_splice: %d)",
-		     (int)splice_amnt, (int)remote_splice_amnt);
-
-
 	struct tlv_commitment_signed_tlvs *cs_tlv
 		= tlv_commitment_signed_tlvs_new(tmpctx);
-	cs_tlv->splice_info = tal(cs_tlv, struct channel_id);
-	derive_channel_id(cs_tlv->splice_info, funding);
+
+	/* In theory, peer will ignore TLV 1 as unknown, but while
+	 * spec is in flux this is dangerous, as it may change: so don't
+	 * send unless negotiated */
+	if (feature_negotiated(peer->our_features,
+			       peer->their_features,
+			       OPT_SPLICE)) {
+		status_debug("send_commit_part(splice: %d, remote_splice: %d)",
+			     (int)splice_amnt, (int)remote_splice_amnt);
+
+		cs_tlv->splice_info = tal(cs_tlv, struct channel_id);
+		derive_channel_id(cs_tlv->splice_info, funding);
+	}

 	txs = channel_splice_txs(tmpctx, funding, funding_sats, &htlc_map,
 				 direct_outputs, &funding_wscript,