I originally overloaded struct htlc for this, as they go through the
same states, but separating them turned out to be clearer.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This allows hardcoded routes in the config file, which is required until
we get route advertisements.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This makes more sense eventually: we may know the network addresses of
many peers, not just those we're connecting to. So keep a mapping, and
update it when we successfully connect outwards.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Testing this revealed that we can't just reconnect when we have something to
send, as we might be NATed; we should try to reconnect anyway.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We add a "dev-restart" command which causes the daemon to close fds
and exec itself. Then we do it after every command, with the caveat
that we always send a commit before newhtlc, because if not committed,
that is forgotten. Fulfillhtlc and failhtlc get resent, since they're
idempotent.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
1. Fix #ifdef DEBUG code in signature.c so it compiles.
2. Don't set peer->closing.our_script in queue_pkt_close_shutdown: it's
assigned in caller already.
3. Wrap setting of htlc's rval in set_htlc_rval() function.
4. Log where we were when unexpected packet comes in.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
More of a pure allocator, for when we load peers from db. Also moves
shachain_init out of secrets and into new_peer where it logically
belongs.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
So if there are no HTLCs, and the receiver can't spend anyway, don't
sign. This has the added benefit that no two signed commitment
transactions will ever be identical (the revocation preimage changes).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This gives us a clear way to indicate "invalid", and also sqlite3 stores
signed 64-bit numbers, so it's clearer this way.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
It fits in a u32, but we mix it with other values which could cause
overflow, so let's just use u64 everywhere.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This is dumb, since one side will never succeed. But in future when
there is a method for nodes to broadcast their public address (or send
their address inline to connected nodes), either side should try to
connect.
Importantly though, there are places which will queue packets at
various times (eg. HTLC timeout), so we need to clear the queue just
before re-transmitting, not when disconnecting.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
To do this we keep an order counter so we know how to retransmit. We
could simply keep old packets, but this is a little clearer for now.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Caught because we generated an HTLCs which had already expired, since
we didn't know the latest block. Other errors are certainly possible,
so it's safest to load the entire thing before going live.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This avoids us having to query it when we create anchor transaction, and
lets us always use dynamic fee information.
The config options for max and min are now percentages, rather than absolute.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We no longer need it anywhere. This simplifies things to the point where
we might as well just not include dust outputs as we go, rather than
explicitly removing them, which gets rid of remove_dust.c as well.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Similar to the way we derive which outputs are which for old transactions
we steal, we derive them even for their current transaction.
We keep track of this information in peer->closing.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
At the moment, for our or their unilateral close, we create a resolved[]
entry for our output, their output, and each HTLC, in cstate order. Some
of these outputs might not exist (too small), so it's actually better
to simply keep a resolved[] entry for each of the tx's actual outputs.
(We already changed the steal resolved[] array to work like this, but
these are trickier, since we rely on that order if we need to fulfill an
on-chain HTLC).
It also helps as we are weaning off knowing the cstate and permutation
mapping for each commitment transaction.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We want to stop keeping old commitment information (except the minimal
txid to commitment-number mapping). One place we currently use it is
after sending a commitment signature, and before we've received the
revocation for the old commitment. For this duration, there are two
valid commitment transactions.
So we store "their_prev_revocation_hash" explicitly for this duration.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
It's a data-leak to send ack before we have verified identity of peer.
Plus, we can't send it until we know which peer it is, anyway!
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
And use this to resolve old transactions by comparing outputs with
HTLCs.
Rather than remembering the output ordering for every one of their
previous commitment transactions, we just remember the commitment
number for each commitment txid, and when we see it, derive all the
HTLC scriptpubkeys and the to-us and to-them scriptpubkeys, and figure
out which is which.
This avoids us having to save information on disk, except for the
txid->commitment-number mapping (and the shachain).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This makes it explicit, which is better for storing in a database (before
it was just what watch callback, plus peer->local.mindepth).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
