At the moment, for our or their unilateral close, we create a resolved[]
entry for our output, their output, and each HTLC, in cstate order. Some
of these outputs might not exist (too small), so it's actually better
to simply keep a resolved[] entry for each of the tx's actual outputs.
(We already changed the steal resolved[] array to work like this, but
these are trickier, since we rely on that order if we need to fulfill an
on-chain HTLC).
It also helps as we are weaning off knowing the cstate and permutation
mapping for each commitment transaction.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We want to stop keeping old commitment information (except the minimal
txid to commitment-number mapping). One place we currently use it is
after sending a commitment signature, and before we've received the
revocation for the old commitment. For this duration, there are two
valid commitment transactions.
So we store "their_prev_revocation_hash" explicitly for this duration.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
It's a data-leak to send ack before we have verified identity of peer.
Plus, we can't send it until we know which peer it is, anyway!
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
And use this to resolve old transactions by comparing outputs with
HTLCs.
Rather than remembering the output ordering for every one of their
previous commitment transactions, we just remember the commitment
number for each commitment txid, and when we see it, derive all the
HTLC scriptpubkeys and the to-us and to-them scriptpubkeys, and figure
out which is which.
This avoids us having to save information on disk, except for the
txid->commitment-number mapping (and the shachain).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This makes it explicit, which is better for storing in a database (before
it was just what watch callback, plus peer->local.mindepth).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Move other logic into caller, but it's not complete (it still needs to
check some things, and still records some results).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Move other logic into caller: it grew this way because we used to have
a centralized "state" machine which knew nothing of these internal
details. But now we want to re-queue packets on reconnect, we really
want these routines to be idempotent.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We're weaning off the cstate arrays; use the htlc map. But for the
moment we keep the output basically the same.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We had an occasional race where we hadn't gotten the remote revocation
before submitting fulfill (spotted by the HTLC state transition code).
Disallow this, but also add to the json output so we can wait for
an HTLC to be irrevocably committed.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
If we always remove " from JSON, our parsing becomes simpler; turns
out that we did that in some places, and check()'s eval removed them
from the comparison.
We extract check_balance_single() to check the general balance, then
grep for HTLCs separately.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Not separate "locally-offered" and "remotely-offered" ones; we can
distinguish them by htlc->state now.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Since we only care about the latest commits, we can simply associate a
state with each HTLC, rather than using queues of HTLCs associated
with each commitment transaction.
This works far better in the context of a database.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We keep a "database" for each side's persistent state. Upon restart,
each side tells the other where it was up to, in terms of the number
of commit and revocation messages it receives.
Because only one update can be in flight at a time, we can tell w
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This is simpler for database representation, and also allows simple
bit-tests for what is happening to a HTLC (eg. am I committed to it?
Are you? etc.)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Laolu pointed out that we can't have multiple in flight, since we can't
sign without knowing the next revocation preimage.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We need SO_REUSEADDR, and we need to memset sockaddr to zero; valgrind
complains for both IPv4 and IPv6, but the invalid sin6_flowinfo causes
the IPv6 bind to fail altogether.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
