Commit Graph

6919 Commits

Author SHA1 Message Date
Rusty Russell
ad48814746 doc: man pages for checkmessage and signmessage.
They're a little subtle, so let's spell out exactly what checkmessage
means.  In particular, we avoid discussing key derivation from a
signature, as it tends to get people (like me!) into trouble: we
describe it instead as iterating through every known node.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-14 18:58:44 -05:00
Rusty Russell
e5d9c7effc lightningd: checkmessage can intuit pubkey in some cases.
*If* we know the key has signed something else (as is the case for
channel_announcement) then we can effectively trust the key derivation.

This matches how LND's VerifyMessage works, though in the next patch
we will document it exactly.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-14 18:58:44 -05:00
Rusty Russell
034ed1711c gossipd: fix memleak when we getnodes has no nodes.
In this case, node_arr is NULL.  Triggered by the next test.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-14 18:58:44 -05:00
Rusty Russell
150598e061 tests: add test for signmessage and lightning-checkmessage.
Thanks Twitter helpers @duck1123 and @jochemin for tests!
And @bitconner for the initial test vector.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-14 18:58:44 -05:00
Rusty Russell
1f0b86e575 lightningd: add checkmessage JSON command.
I wanted to call it verifymessage, but then I read the LND API for that
and wanted nothing to do with it!

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-14 18:58:44 -05:00
Rusty Russell
b81ed5be86 devtools: lightning-lightning-checkmessage to validate zbase32 node sigs
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-14 18:58:44 -05:00
Rusty Russell
3955ddfce6 lightningd: add zbase32 encoding to signmessage
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-14 18:58:44 -05:00
Rusty Russell
fc9a2a5dba lightningd: add signmessage JSON command.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-14 18:58:44 -05:00
Rusty Russell
889216e0a9 hsmd: add support for signing a lightning msg from nodeid.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-14 18:58:44 -05:00
Rusty Russell
ca53c1b699 gossipd: push our own gossip messages harder.
I had a report of a 0.7.2 user whose node hadn't appeared on 1ml.  Their
node_announcement wasn't visible to my node, either.

I suspect this is a consequence of recent version reducing the amount of
gossip they send, as well as large nodes increasingly turning off gossip
altogether from some peers (as we do).  We should ignore timestamp filters
for our own channels: the easiest way to do this is to push them out
directly from gossipd (other messages are sent via the store).

We change channeld to wrap the local channel_announcements: previously
we just handed it to gossipd as for any other gossip message we received
from our peer.  Now gossipd knows to push it out, as it's local.

This interferes with the logic in tests/test_misc.py::test_htlc_send_timeout
which expects the node_announcement message last, so we generalize
that too.

[ Thanks to @trueptolmy for bugfix! ]
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-14 15:00:37 -05:00
Saibato
a96b4d8363 Tor CHANGELOG updates for 0.7.3
Signed-off-by: Saibato <saibato.naga@pm.me>
2019-10-14 21:08:03 +02:00
Rusty Russell
c617f19a29 Makefile: fix static linking.
And update --enable-static, since it doesn't actually create a static
binary since 65fa1c4f39.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-14 14:04:43 -05:00
lisa neigut
a91b454749 changelog updates for 0.7.3-rc1 2019-10-11 13:05:01 -05:00
darosior
541df1591e Add a changelog line about behavior change on gossip_queries response
Forgot to add it in f88fc3714c and d78d888c2d284660f05134c572f6251785e866f2..
2019-10-11 10:06:10 -05:00
darosior
c0ae3cb8c4 pytest: make test_plugin_slowinit a test again 2019-10-11 10:05:08 -05:00
darosior
744b727206 plugin_control: halve the timeout delay
20 seconds was way too long for UX, and 10 seconds is more than enough for the plugin to error
2019-10-11 10:05:08 -05:00
darosior
362775bc02 plugin: unregister hooks a plugin registered while freeing it 2019-10-11 10:05:08 -05:00
darosior
1e7b332716 plugin_control: don't assume plugin exists on error
Actually it often does not since there was an error..
2019-10-11 10:05:08 -05:00
Rusty Russell
bd55f6d940
common/features: only support a single feature bitset.
This is mainly an internal-only change, especially since we don't
offer any globalfeatures.

However, LND (as of next release) will offer global features, and also
expect option_static_remotekey to be a *global* feature.  So we send
our (merged) feature bitset as both global and local in init, and fold
those bitsets together when we get an init msg.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-11 02:52:04 +00:00
Rusty Russell
9485919a81 queries: make sure scids are in order.
I thought LND had a bug, but turns out it doesn't like out-of-order
short_channel_ids: in fact, the spec says they have to be in order!

This means we use uintmap instead of a htable for unknown_scids and
stale_scids so they're nicely ordered.

But our nodes-missing-announcements probe is harder since they can
also contain duplicates: we switch that to iterate through channels
rather than nodes.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-10 21:48:52 -05:00
Rusty Russell
1f9de04ae4 ccan: import updated version to get uintmap_before().
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-10 21:48:52 -05:00
Rusty Russell
48f0362eae seeker: handle non-synced state internally.
We weren't supposed to do any gossiping until we were synced (and thus
knew blockheight), but our seeker_check() didn't wait for it!  Move the
waiting all into seeker.c, so it can handle it all consistently.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-10 21:48:52 -05:00
Rusty Russell
89d97b330e seeker: don't try to fill peers when they connect.
On testing, I found a node which would hang up every time we asked it
for query_short_channel_ids (despite it offering features 0x81, meaning
it should handle this message).

Then it would reconnect, and we'd choose it again as our
PROBING_NANNOUNCES peer!

Instead, leave finding another peer to the once-a-minute
seeker_check() function.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-10 21:48:52 -05:00
Rusty Russell
596ed6a83b gossipd: better description of what's happening with the seeker.
By combining set_state() with selected_peer() we can give a single log
line describing what we're asking for, from whom.

We also add more verbosity to a few key areas, such as gossip rotation
and when gossipd tells a peer to send an error.  And move a comment which
was above the wrong function (due to rebase?).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-10 21:48:52 -05:00
Rusty Russell
a88553ea6d gossipd: fix typo in seeker random probe logic.
No point probing past current block.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-10 21:48:52 -05:00
Rusty Russell
0c7c765a28 seeker: do set_state() in callee, not caller.
This means we sometimes do it redundantly, but this means it's done in
fewer places.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-10 21:48:52 -05:00
Rusty Russell
f4a6986d72 gossipd: remove unknown short_channel_ids as we ask for them.
Otherwise we can get stuck asking for bogus ones over and over!

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-10 21:48:52 -05:00
Rusty Russell
d2a5f056a8 gossipd: restore dev-suppress-gossip functionality.
Don't start new peers, and don't check on existing peers.  This should
get rid of most gossip.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-10 21:48:52 -05:00
Rusty Russell
7d207c50fa gossipd: remove some spammy debug messages.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-10 21:48:52 -05:00
Rusty Russell
a1644c1b6e seeker: start doing a channel probe if we see unknown node_announcement msgs.
It usually means we're missing something, but there's no way to ask what.
Simply start a broad scid probe.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-10 21:48:52 -05:00
Rusty Russell
f7cffbad98 seeker: try asking peer which gave us unknown data first.
This should give more reliable results, though it risks us getting
suckered into always consulting the same peer.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-10 21:48:52 -05:00
Rusty Russell
82a5efa932 gossipd: start streaming gossip from last gossip timestamp minus 10 minutes.
We assume that the time for gossip propagation is < 10 minutes, so by
going back that far from last gossip we won't miss anything,

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-10 21:48:52 -05:00
Rusty Russell
70e88b0dfb gossipd: have seeker control which peers gossip, reduce to 3 and rotate.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-10 21:48:52 -05:00
Rusty Russell
877d1eaab3 gossipd: don't request channel_updates if we're being spammed.
It's simple: if we wouldn't accept the timestamp we see, don't put
the channel in the stale_scid_map.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-10 21:48:52 -05:00
Rusty Russell
b33a73ced6 gossipd: don't hang up on slow peers.
Just try to choose another.  Under Travis, this causes many failures due
to slowness (they only get 10 seconds in -dev mode).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-10 21:48:52 -05:00
Rusty Russell
869b5e40b5 gossipd: simplify seeker state machine.
We eliminate the "need peer" states and instead check if the
random_peer_softref has been cleared.

We can also unify our restart handlers for all these cases; even the
probe_scids case, by giving gossip credit for the scids as they come
in (at a discount, since scids are 8 bytes vs the ~200 bytes for
normal gossip messages).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-10 21:48:52 -05:00
Rusty Russell
918478b0ef gossipd: use timestamp information to detect stale scids.
If we have nothing better to do, ask about stale channels.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-10 21:48:52 -05:00
Rusty Russell
af3bc4d11f gossipd: use timestamp information to detect stale scids.
Build up a map of short_channel_ids which we have old info for (only
if peer supports gossip_query_ex).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-10 21:48:52 -05:00
Rusty Russell
1f2a03f019 gossipd: hand (any) timestamps through to callback for query_channel_range.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-10 21:48:52 -05:00
Rusty Russell
4dcb7df83e gossipd: add query_option_flags suport for asking query_channel_range.
This asks peers to append the timestamps or checksums: if it has
gossip_query_ex support, it will, otherwise it's ignored.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-10 21:48:52 -05:00
Rusty Russell
270368e50b gossipd: use gossip_query_ex to query only nodes when node probing.
If the peer supports `gossip_query_ex` we can use query_flags to simply
request the node_announcements when probing for nodes, rather than
getting everything.  If a peer doesn't support `gossip_query_ex` then
it's harmless to add it.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-10 21:48:52 -05:00
Rusty Russell
d33ebd3629 seeker: probe for node announcements.
We pick some nodes which don't seem to have node_announcements and we
ask a channel associated with them.  Again, if this reveals more
node_announcements, we probe for twice as many next time.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-10 21:48:52 -05:00
Rusty Russell
ba3c79e560 seeker: seek unknown scids.
If we have any unknown short_channel_ids, we ask a random peer for
those channels.  Once it responds, we probe again for a small random
range in case more are missing, again enlarging if we find some.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-10 21:48:52 -05:00
Rusty Russell
4b13c92802 seeker: use hash table for unknown short_channel_ids.
Instead of a linear array which is fairly inefficient if it turns out
we know nothing at all.

We remove the gossip_missing() call by changing the api to
remove_unknown_scid() to include a flag as to whether the scid turned
out to be real or not.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-10 21:48:52 -05:00
Rusty Russell
83575f27a1 seeker: add code to check range of scids.
Once we've finished streaming gossip from the first peer, we ask a
random peer (maybe the same one) for all short_channel_ids in the last
6 blocks from the latest channel we know about.

If this reveals new channels we didn't know about, we expand the probe
by a factor of 2 each time.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-10 21:48:52 -05:00
Rusty Russell
521c7f7121 seeker: take over gossip control.
The seeker starts by asking a peer (the first peer!) for all gossip
since a minute before the modified time of the gossip store.

This algorithm is enhanced in successive patches.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-10 21:48:52 -05:00
Rusty Russell
55323ec385 gossipd: move gossip seeking routines into new file seeker.c
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-10 21:48:52 -05:00
Rusty Russell
79ca9bf998 gossipd: use per-peer information to make messages clearer.
We can (usually) indicate what peer caused the bad gossip error.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-10 21:48:52 -05:00
Rusty Russell
0091300ee3 gossipd: track what peer gave us gossip msgs so we can credit it.
Since we have to validate, there can be a delay (and peer might
vanish) between receiving the gossip and actually confirming it, hence
the use of softref.

We will use this information to check that the peers are making progress
as we start asking them for specific information.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-10 21:48:52 -05:00
Rusty Russell
d5eca470dc utils: add set_softref() / clear_softref().
We often want a pointer which will turn to NULL if the pointed-to thing is
freed.  This is possible with tal objects, so create it.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2019-10-10 21:48:52 -05:00