From bd1aa935b9934f055a0ead27e425f2da6fa37b92 Mon Sep 17 00:00:00 2001 From: Rusty Russell Date: Fri, 2 Feb 2018 11:25:06 +1030 Subject: [PATCH] closingd: don't punish peers who can't negotiate properly. This is a transitional patch so we can still close channels cleanly; for want of a better option, I hooked it into --deprecated-apis. Signed-off-by: Rusty Russell --- closingd/closing.c | 27 ++++++++++++++++++--------- closingd/closing_wire.csv | 2 ++ lightningd/peer_control.c | 3 ++- 3 files changed, 22 insertions(+), 10 deletions(-) diff --git a/closingd/closing.c b/closingd/closing.c index 323c69d98..6533cb140 100644 --- a/closingd/closing.c +++ b/closingd/closing.c @@ -343,11 +343,14 @@ static uint64_t receive_offer(struct crypto_state *cs, struct feerange { enum side higher_side; u64 min, max; + + bool allow_mistakes; }; static void init_feerange(struct feerange *feerange, u64 commitment_fee, - const u64 offer[NUM_SIDES]) + const u64 offer[NUM_SIDES], + bool allow_mistakes) { feerange->min = 0; @@ -374,13 +377,17 @@ static void adjust_feerange(struct crypto_state *cs, struct feerange *feerange, u64 offer, enum side side) { - if (offer < feerange->min || offer > feerange->max) - peer_failed(PEER_FD, cs, channel_id, - "%s offer %"PRIu64 - " not between %"PRIu64" and %"PRIu64, - side == LOCAL ? "local" : "remote", - offer, feerange->min, feerange->max); + if (offer < feerange->min || offer > feerange->max) { + if (!feerange->allow_mistakes || side != REMOTE) + peer_failed(PEER_FD, cs, channel_id, + "%s offer %"PRIu64 + " not between %"PRIu64" and %"PRIu64, + side == LOCAL ? "local" : "remote", + offer, feerange->min, feerange->max); + status_trace("Allowing deprecated out-of-range fee"); + return; + } /* BOLT #2: * @@ -444,6 +451,7 @@ int main(int argc, char *argv[]) u64 next_index[NUM_SIDES], revocations_received; u64 gossip_index; enum side whose_turn; + bool deprecated_api; subdaemon_setup(argc, argv); @@ -466,7 +474,8 @@ int main(int argc, char *argv[]) &reconnected, &next_index[LOCAL], &next_index[REMOTE], - &revocations_received)) + &revocations_received, + &deprecated_api)) master_badmsg(WIRE_CLOSING_INIT, msg); status_trace("satoshi_out = %"PRIu64"/%"PRIu64, @@ -512,7 +521,7 @@ int main(int argc, char *argv[]) } /* Now we have first two points, we can init fee range. */ - init_feerange(&feerange, commitment_fee, offer); + init_feerange(&feerange, commitment_fee, offer, deprecated_api); /* Now apply the one constraint from above (other is inside loop). */ adjust_feerange(&cs, &channel_id, &feerange, diff --git a/closingd/closing_wire.csv b/closingd/closing_wire.csv index 8c68c1b70..239423897 100644 --- a/closingd/closing_wire.csv +++ b/closingd/closing_wire.csv @@ -24,6 +24,8 @@ closing_init,,reconnected,bool closing_init,,next_index_local,u64 closing_init,,next_index_remote,u64 closing_init,,revocations_received,u64 +# This means we allow closing negotiations out of bounds. +closing_init,,deprecated_api,bool # We received an offer, save signature. closing_received_signature,2002 diff --git a/lightningd/peer_control.c b/lightningd/peer_control.c index 1835b384a..6f613fdfd 100644 --- a/lightningd/peer_control.c +++ b/lightningd/peer_control.c @@ -1976,7 +1976,8 @@ static void peer_start_closingd(struct peer *peer, reconnected, peer->next_index[LOCAL], peer->next_index[REMOTE], - num_revocations); + num_revocations, + deprecated_apis); /* We don't expect a response: it will give us feedback on * signatures sent and received, then closing_complete. */