From 91a58a0bdc8f5d95170cc47777154e970e72db1c Mon Sep 17 00:00:00 2001 From: Rusty Russell Date: Mon, 7 Aug 2023 13:11:56 +0930 Subject: [PATCH] channeld: don't send splice TLV fields unless negotiated. This make ACINQ seize up, and not send revoke_and_ack. Eventually, this can cause a bad signature error, should payments go in both directions, which is a separate bug, but this is the trigger. See: #6500 Signed-off-by: Rusty Russell --- channeld/channeld.c | 20 +++++++++++++------- 1 file changed, 13 insertions(+), 7 deletions(-) diff --git a/channeld/channeld.c b/channeld/channeld.c index 264d54aac..13c5a4fcd 100644 --- a/channeld/channeld.c +++ b/channeld/channeld.c @@ -1486,15 +1486,21 @@ static u8 *send_commit_part(struct peer *peer, const struct htlc **htlc_map; struct wally_tx_output *direct_outputs[NUM_SIDES]; struct penalty_base *pbase; - - status_debug("send_commit_part(splice: %d, remote_splice: %d)", - (int)splice_amnt, (int)remote_splice_amnt); - - struct tlv_commitment_signed_tlvs *cs_tlv = tlv_commitment_signed_tlvs_new(tmpctx); - cs_tlv->splice_info = tal(cs_tlv, struct channel_id); - derive_channel_id(cs_tlv->splice_info, funding); + + /* In theory, peer will ignore TLV 1 as unknown, but while + * spec is in flux this is dangerous, as it may change: so don't + * send unless negotiated */ + if (feature_negotiated(peer->our_features, + peer->their_features, + OPT_SPLICE)) { + status_debug("send_commit_part(splice: %d, remote_splice: %d)", + (int)splice_amnt, (int)remote_splice_amnt); + + cs_tlv->splice_info = tal(cs_tlv, struct channel_id); + derive_channel_id(cs_tlv->splice_info, funding); + } txs = channel_splice_txs(tmpctx, funding, funding_sats, &htlc_map, direct_outputs, &funding_wscript,