It doesn't actually help here; we only did it because we differentiate
the states later, and with refactoring we do that via the explicit
offer_anchor flag.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This means we can now do all database changes, including db_set_visible_state,
within a single transaction (ie. atomically).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Since we no longer feed it into state.c, we can just us a bool.
And that's the last of the CMD_* in the enum state_input, so remove them
all.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Pierre points out that we don't handle this, and it can happen due
to race; the spec says we are not supposed to send PKT_CLOSE with
uncommitted changes.
Closes: #29
Reported-by: Pierre-Marie Padiou
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Otherwise if they reconnect, we hit the assert in recv_body:
assert(!peer->inpkt);
Found by testing on my build box *without* valgrind (so it was fast
enough to do this).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Now broadcast_tx() doesn't take ownership of the tx, make sure callers
free; a bit of refactoring to make it clear when we're making a new tx
vs. accessing an existing one, to make this clearer.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Testnet fees are all over the place: don't close a connection due to
that.
Closes: #59
Reported-by: Thomas Daede <daede003@umn.edu>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This fixes half of #59 (the part which crashes). It doesn't fix the
fact that we should never be doing this for testnet.
Reported-by: Thomas Daede <daede003@umn.edu>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Generally, the pattern is: everything returned is allocated off the return
value, which is the only thing allocated off the context. And it's always
freed.
Also, tal_free() returns NULL, so it's useful for one-line error
cleanups.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We've seen intermittant failures on testnet, so disable sending feechanges
for now: we're completely changing it for 0.6 anyway, due to Milan Spec.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Make this always the first packet after auth. That means there's no
reliance on whether a node remembers an aborted connection.
It also gives us a place to put version bits.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This gives much better errors, and allows us to return the peer id.
Closes: #37
Reported-by: Glenn Willen
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Firstly, we need to update the staging fee amount when we queue a change.
Secondly we need to remove completed fee updates, otherwise we hit a
database constraint that peer & state are unique.
Reported-by: Christian Decker
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We were out by 1000, and also derived it from the previous, not current
state.
Reported-by: Christian Decker
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We store peers in the database for STATE_INIT, but they don't reconnect
properly. We should not forget STATE_INIT dropped peers, but use some
timeout mechanism if we can't reconnect to clean up.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We *should* be in a state which accepts it (could happen with reorg),
and there's no reason to test for greater than depth since we must process
blocks in order.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Currently we get the odd message "Own anchor has insufficient funds".
Reported-by: Christian Decker
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
It's not in a transaction in one caller, so wrap that.
This removes some more error handling code.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Rename the structs to match (and remove dev-echo).
This makes it clear that they're not the normal API.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We need some ordering to deliver them to the JSON "waitinvoice" command;
we use a counter where 0 means "unpaid".
We keep two lists now, one for unpaid and one for paid invoices.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This is important when we put payments in the database: they need to be
updated atomically as the HTLC is.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This is important when we put payments in the database: they need to be
updated atomically as the HTLC is.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We had enum channel_side (OURS, THEIRS) for which end of a channel we
had, and htlc_side (LOCAL, REMOTE) for who proposed the HTLC.
Combine these both into simply "enum side".
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
When they propose an HTLC to us, they need to be able to cover both it,
and the associated fees. When it gets acked and applied to them, however,
they may no longer be able to afford the fees; this is OK and expected.
So add a flag to say whether they can dig into fees or not: without
this patch the code calls fatal() on the next patch which tests it.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We create a logging object when we connect, then carry it through. If
it comes from the database, we just use the peerid as the log prefix.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
If we haven't received their closing signature yet, we might try to
send the closing packet anyway (and segfault). Make sure we have
their signature before trying that.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This is less convenient to use, but makes far more sense for a real
user (like a wallet). It can ask about the route, then decide whether
to use it or not.
This will make even more sense once we add a parameter to control how
long we let the HTLC be delayed for, so a client can query for high,
medium and low tolerances and compare results.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We stopped automatically retransmitting locally-generated add/removes
after a reconnect, but this breaks the "pay" interface as it stands.
The correct solution to this is to make the pay interface idempotent:
you can trigger it as many times as you want and it will only succeed
once.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
If we've not relayed a failure yet (ie. we relayed it instantly, but it
wasn't confirmed), we need to redo it.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
It's not currently encrypted, but at least you get some idea now why
an HTLC failed. We (ab)use HTTP error codes for the moment.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
These low level commands we restarted on reconnect for ease of
testing. Don't do that, and check that we're connected when those
commands occur.
This introduces subtle issues with --manual-commit --reconnect: restarting
node1 also forgets uncommitted things from node2, requiring reordering for
some tests.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
If we send an HTLC #1, then get disconnected before a confirm, we will
forget it. But we've incremented peer->htlc_id_counter, so when we offer
it again we'll make it HTLC #2, which is non-consecutive.
To make this clear, we always start htlc ids at 0 now. That revealed
the bugs handled in the previous patch.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
I originally overloaded struct htlc for this, as they go through the
same states, but separating them turned out to be clearer.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This makes more sense eventually: we may know the network addresses of
many peers, not just those we're connecting to. So keep a mapping, and
update it when we successfully connect outwards.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Testing this revealed that we can't just reconnect when we have something to
send, as we might be NATed; we should try to reconnect anyway.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
1. Fix #ifdef DEBUG code in signature.c so it compiles.
2. Don't set peer->closing.our_script in queue_pkt_close_shutdown: it's
assigned in caller already.
3. Wrap setting of htlc's rval in set_htlc_rval() function.
4. Log where we were when unexpected packet comes in.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
More of a pure allocator, for when we load peers from db. Also moves
shachain_init out of secrets and into new_peer where it logically
belongs.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
So if there are no HTLCs, and the receiver can't spend anyway, don't
sign. This has the added benefit that no two signed commitment
transactions will ever be identical (the revocation preimage changes).
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This gives us a clear way to indicate "invalid", and also sqlite3 stores
signed 64-bit numbers, so it's clearer this way.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This is dumb, since one side will never succeed. But in future when
there is a method for nodes to broadcast their public address (or send
their address inline to connected nodes), either side should try to
connect.
Importantly though, there are places which will queue packets at
various times (eg. HTLC timeout), so we need to clear the queue just
before re-transmitting, not when disconnecting.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
To do this we keep an order counter so we know how to retransmit. We
could simply keep old packets, but this is a little clearer for now.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This avoids us having to query it when we create anchor transaction, and
lets us always use dynamic fee information.
The config options for max and min are now percentages, rather than absolute.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
