This is the logical place for it to belong: with the HTLC. For the manually-created
HTLCs, we create a simple one-hop route.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This is the more normal case; find by ID. The low-level json commands are
really just for testing.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
The protocol still supports both, but we now only support blocks.
It's hard to do risk management with timeouts in seconds, given block
variance. This is also signficantly simpler, as HTLC timeouts are
always fired in response to blocks, not wall-clock times.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Uses a gcc extension (cast to union) for typechecking, but that can be
removed for compilers which don't support it.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
A new 'accept-payment' command tells the node to fulfill HTLCs using
the R value if the amount is correct. It's not wired in yet.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We need to know when changes are fully committed by both sides:
1) For their HTLC_ADDs, this is when we can fulfill/fail/route.
2) For their HTLC_FAILs, this is when we can fail incoming.
For HTLC_FULFULL we don't need to wait: as soon as we know the preimage
we can propogate it.
For the moment, we simply log and assert; acting on it comes later.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
While the pointer is only valid until the funding changes, that's also
true of the offset; and a pointer has a convenient "not found"
sentinal value.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We've been stuffing these into sha256s, but they're actually nonces.
Create a new structure for that for clarity.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
And make the add/fail/fulfill arg a pointer to a union htlc_staging
directly, removing struct htlc_progress.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We don't want anyone to think the commitment tx is signed, so only
assign ci->sig after validation.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We don't have to, but helps debugging. Language in latest rev of BOLT#2
has been tightened too (aa2e1919de0826beaf92e0b3b441a6ab9fce6261)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Segwit was merged, but the strings changed between there and segwit4
(also, my BIP9 patch changed the output).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This would have revealed the previous breakage (and I tested that!),
plus now we test negotiate on closing.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We no longer get bitcoind to manage our transactions for us, so we don't
need to -zapwallettxs when an anchor fails.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
There's no real reason to avoid commands for the next commit; this has
the benefit that we can remove the infrastructure to queue commands.
The only exceptions are the commit command and the opening phase.
We still only allow one commit at a time, but that's mainly run off a
timer which can try again later. For the JSONRPC API used for
testing, we can simply fail the commit if one is in progress.
For opening we add an explicit peer_open_complete() call in place of
using the command infrastructure.
Commands are now outside the state machine altogether: we simply have
it return the new state instead of the command status. The JSONRPC
functions can also now run commands directly.
This removes the idea of "peercond" as well: you can simply examine
the states to determine whether an input is valid. There are
fine-grained helpers for this now, too.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We're about to allow changes while we're waiting for a commit ack.
This means we can't have a single "unacked changes" queue; when we
receive the revocation reply, we need to apply the unacked changes
known at the time we sent the commit, not any we've created since
then.
Note that we still only have a single staged_commit; we never have two
outstanding commits, since for simplicity we will still block
following update_commit pending the reply to the current one.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
As per lightning-rfc commit b8469aa758a1a7ebbd73c987be3e5207b778241b
("re-protocol: don't hand signature to non-funding side initially.")
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We still need to watch the anchor output in this case: that's what
makes us handle the commit transcction we broadcast.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We already removed the on-chain states, now we remove the "clearing" state
(which wasn't fully implemented anyway).
This turns into two smaller state machines: one for clearing, which
still allows HTLCs to be failed and fulfilled, and one for mutual
close negotiation which only allows close_signature messages.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Previous to this, we kept the remote side's 'struct channel_state'
backwards: peer->remote.commit->cstate.side[OURS] was their HTLCs,
and [THEIRS] was our HTLCs. This made some things easier, but was
horrible for readability.
This inverts things so we keep track of the remote side's state from
our point of view: [OURS] is ours, [THEIRS] is theirs. Which makes
much more sense.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
