Commit Graph

330 Commits

Author SHA1 Message Date
Rusty Russell
ffaa15c7da hsm: remove unique_id.
It was only for error messages, so replace it with pubkey.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-10-24 16:12:22 +02:00
Rusty Russell
1954844fbf lightningd: make peer_fail_permanent() only save the first error for peer.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-10-20 18:31:32 +02:00
Rusty Russell
0b953b86fe subd: automatically detect if callback frees subd.
This involves a tricky callback internally, but far less error-prone.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-10-20 18:31:32 +02:00
Rusty Russell
5a256c724a subd: simplify and cleanup lifetime handling.
There are now only two kinds of subdaemons: global ones (hsmd, gossipd) and
per-peer ones.  We can handle many callbacks internally now.

We can have a handler to set a new peer owner, and automatically do
the cleanup of the old one if necessary, since we now know which ones
are per-peer.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-10-20 18:31:32 +02:00
Rusty Russell
cb82bf7aa2 onchaind: send message when peer's transactions are irrevocably committed.
We currently rely on a zero exit status.  That's the only difference between
onchain finished handling and other per-peer daemons, so instead we should
have an explicit "done" message.  This is both clearer, and allows us to
unify.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-10-20 18:31:32 +02:00
Rusty Russell
474887512d gossipd: rewrite to do the handshake internally.
Now the flow is much simpler from a lightningd POV:

1. If we want to connect to a peer, just send gossipd `gossipctl_reach_peer`.
2. Every new peer, gossipd hands up to lightningd, with global/local features
   and the peer fd and a gossip fd using `gossip_peer_connected`
3. If lightningd doesn't want it, it just hands the peerfd and global/local
   features back to gossipd using `gossipctl_handle_peer`
4. If a peer sends a non-gossip msg (eg `open_channel`) the gossipd sends
   it up using `gossip_peer_nongossip`.
5. If lightningd wants to fund a channel, it simply calls `release_channel`.

Notes:
* There's no more "unique_id": we use the peer id.
* For the moment, we don't ask gossipd when we're told to list peers, so
  connected peers without a channel don't appear in the JSON getpeers API.
* We add a `gossipctl_peer_addrhint` for the moment, so you can connect to
  a specific ip/port, but using other sources is a TODO.
* We now (correctly) only give up on reaching a peer after we exchange init
  messages, which changes the test_disconnect case.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-10-20 18:31:32 +02:00
Rusty Russell
98ad6b9231 lightningd: change connect RPC args.
We're going to make the ip/port optional, so they should go at the end.
In addition, using ip:port is nicer, for gethostbyaddr().

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-10-20 18:31:32 +02:00
Rusty Russell
79ebb9dfd0 json: helper to parse pubkeys.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-10-20 18:31:32 +02:00
Rusty Russell
871d0b1d74 lightningd: simplify peer destruction.
We have to do a dance when we get a reconnect in openingd, because we
don't normally expect to free both owner and peer.  It's a layering
violation: freeing a peer should clean up the owner's pointer to it,
to avoid a double free, and we can eliminate this dance.

The free order is now different, and the test_reconnect_openingd was
overprecise.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-10-20 18:31:32 +02:00
Rusty Russell
f172be71dc gossipd: fail peer for the master daemon.
This fixes the only case where the master currently has to write directly
to the peer: re-sending an error.  We make gossipd do it, by adding
a new gossipctl_fail_peer message.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-10-20 18:31:32 +02:00
Rusty Russell
399b5f61bc gossipd: rename fail_peer to drop_peer.
We don't actually send it a failure message, we just close it.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-10-20 18:31:32 +02:00
Rusty Russell
8f057f7fc7 Revert "gossip: send the *other* node's cltv_expiry_delta in channel_announce."
This reverts commit 297e278132.
2017-10-11 11:54:50 +02:00
Rusty Russell
f32e0b35ad Revert "Send/receive cltv_expiry_delta in open/accept channel."
This reverts commit 18e3f9820f.
2017-10-11 11:54:50 +02:00
Christian Decker
cfac9a1f73 htlcs: Remove in-memory htlc_stubs
We pull them from the database on-demand, where we're storing them
anyway. No need to keep them in memory as well.

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2017-10-10 23:59:34 +00:00
Christian Decker
896a67d1d6 peer: Pass in the htlc_stub directly to tell_if_missing
No idea why we were iterating over the list of stubs and then passing
in the index instead of a pointer to the stub directly.

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2017-10-10 23:59:34 +00:00
Christian Decker
a668cb4f2b onchain: Load HTLC stubs upon starting onchaind
This wires in the loading of `struct htlc_stub`s on-demand when
starting `onchaind` so that we don't need to keep them in memory.

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2017-10-10 23:59:34 +00:00
Rusty Russell
297e278132 gossip: send the *other* node's cltv_expiry_delta in channel_announce.
Include tests from example doc.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-10-10 20:17:37 +02:00
Rusty Russell
18e3f9820f Send/receive cltv_expiry_delta in open/accept channel.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-10-10 20:17:37 +02:00
Christian Decker
249083bcc1 options: Do not schedule a reconnect attempt with --no-reconnect
Signed-off-by: Christian Decker <decker.christian@gmail.com>
2017-10-09 11:25:08 +10:30
Rusty Russell
3d316518fd wire: use 26-bit lengths for inter-daemon messaging.
Fixes: #289
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-09-29 14:40:34 +02:00
Rusty Russell
2fe2a0bcf9 peer_control: don't double-free on permanent fail of non-persistent peer.
peer_fail_permanent() frees peer->owner, but for bad_peer() we're
being called by the sd->badpeercb(), which then goes on to
io_close(conn) which is a child of sd.

We need to detach the two for this case, so neither tries to free the
other.

This leads to a corner case when the subd exits after the peer is gone:
subd->peer is NULL, so we have to handle that too.

Fixes: #282
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-09-28 15:37:43 +02:00
Rusty Russell
b7bb0be944 subd: remove context arg, as we're always owned by lightningd.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-09-28 15:37:43 +02:00
Rusty Russell
f082c7b80e lightningd: add FIXMEs for future work.
Suggested-by: Christian Decker
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-09-28 13:07:05 +09:30
Rusty Russell
d04b7af56e onchain: add initial onchain state.
We have a race where we start onchaind, but state is unchanged, so checks
like peer_control.c's:

	peer_ready = (peer->owner && peer->state == CHANNELD_AWAITING_LOCKIN);
	if (!peer_ready) {
		log_unusual(peer->log,
			    "Funding tx confirmed, but peer state %s %s",
			    peer_state_name(peer->state),
			    peer->owner ? peer->owner->name : "unowned");
	} else {
		subd_send_msg(peer->owner,
			      take(towire_channel_funding_locked(peer,
								 peer->scid)));
	}

Can send to the wrong daemon.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-09-28 13:07:05 +09:30
Rusty Russell
aea77653d3 onchaind: update bolt #5, and implement failure of timed-out onchain HTLCs.
We re-use the value for reasonable_depth given by the master, and we
tell it when our timeout transactions reach that depth.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-09-28 13:07:05 +09:30
Rusty Russell
5666ba551f onchaind: fail htlcs which are not included in commitment tx.
As per update 149cf020d6

Fixes: #249
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-09-28 13:07:05 +09:30
Rusty Russell
4ce9f73e00 BOLT update to fae35903ae600d61124a3920363094b02d2ae8e5
This details handling of onchain HTLCs, and we document how we
implement it.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-09-28 13:07:05 +09:30
Rusty Russell
ab8251c214 lightningd: dev-reenable-commit RPC command to re-enable commit timer.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-09-28 13:07:05 +09:30
Rusty Russell
ce160d9b17 lightnind: _ dev-disconnect argument to suppress commit timer.
Required for catching daemon in exact state.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-09-28 13:07:05 +09:30
Rusty Russell
5957dd9303 lightnind: dev-sign-last-tx RPC command for testing penalty txs.
We don't normally let daemons send invalid txs.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-09-28 13:07:05 +09:30
Rusty Russell
a76a53a933 onchaind: fulfill HTLCs onchain.
When we see an offered HTLC onchain, we need to use the preimage if we
know it.  So we dump all the known HTLC preimages at startup, and send
new ones as we discover them.

This doesn't cover preimages we know because we're the final
recipient; that can happen if an HTLC hasn't been irrevocably
committed yet.  We'll do that in a followup patch.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-09-28 13:07:05 +09:30
Rusty Russell
664ce8bfc2 watch: remove peer_debug helper.
This was part of the transition; we can now just log directly.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-09-28 13:07:05 +09:30
Christian Decker
e418f2a7fe gossip: Make sure timestamp does not change while creating sig
If the HSM is slow it might happen that the timestamp has changed the
second time we come around, so we generate the timestamp externally
and pass it in so we're sure it won't change between calls.

Reported-by: Rusty Russell
Signed-off-by: Christian Decker <decker.christian@gmail.com>
2017-09-16 09:02:06 +09:30
Rusty Russell
ef28b6112c status: use common status codes for all the failures.
This change is really to allow us to have a --dev-fail-on-subdaemon-fail option
so we can handle failures from subdaemons generically.

It also neatens handling so we can have an explicit callback for "peer
did something wrong" (which matters if we want to close the channel in
that case).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-09-12 23:00:53 +02:00
Rusty Russell
f219955dc6 wallet: fix spending of change.
We recorded our own change as P2SH; it's not.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-09-12 22:59:24 +02:00
Christian Decker
fa13190595 wallet: Hook into the hsm_funding_sig to extract change outputs
This is the step where we broadcast the transaction to the network and
a nice place to extract the change from the transaction.

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2017-09-10 10:48:53 +09:30
Christian Decker
641a3b64cf channel: Use min_cltv_expiry in the channel announcements
So far we were always using the deadline in the announcements, that's
obviously not good, so this introduces the parameter as per spec.

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2017-09-08 17:02:04 +09:30
Rusty Russell
b19a4516d4 lightningd: fix crash when old openingd still around.
We weren't killing it.  Eventually it would die, and peer_owner_finished()
would access subd->peer->owner, but that peer was freed already.

Closes: #261
Reported-by: Christian Decker <decker.christian@gmail.com>
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-09-06 19:11:21 +02:00
Rusty Russell
5889ad5fc4 dev-disconnect: add blackhole option.
To reproduce the next bug, I had to ensure that one node keeps thinking it's
disconnected, then the other node reconnects, then the first node realizes
it's disconnected.

This code does that, adding a '0' dev-disconnect modifier.  That means
we fork off a process which (due to pipebuf) will accept a little
data, but when the dev_disconnect file is truncated (a hacky, but
effective, signalling mechanism) will exit, as if the socket finally
realized it's not connected any more.

The python tests hang waiting for the daemon to terminate if you leave
the blackhole around; to give a clue as to what's happening in this
case I moved the log dump to before killing the daemon.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-09-06 19:11:21 +02:00
Rusty Russell
e8dadbc0fb lightningd: fix reconnect while openingd still live.
In this case, we unset the old subd->peer, then freed subd.
peer_owner_finished dereferenced subd->peer->owner, and boom:

test_disconnect_funder (__main__.LightningDTests) ... Fatal signal 11. Log dumped in crash.log

------------------------------- Valgrind errors --------------------------------
Valgrind error file: valgrind-errors.2882
==2882== Invalid read of size 8
==2882==    at 0x413F74: peer_owner_finished (peer_control.c:679)
==2882==    by 0x41EA2C: destroy_subd (subd.c:381)
==2882==    by 0x459700: notify (tal.c:240)
==2882==    by 0x459BB1: del_tree (tal.c:400)
==2882==    by 0x459FC0: tal_free (tal.c:509)
==2882==    by 0x413796: peer_reconnected (peer_control.c:493)
==2882==    by 0x413A6A: add_peer (peer_control.c:592)
==2882==    by 0x40ED1F: handshake_succeeded (new_connection.c:186)
==2882==    by 0x41E3DD: sd_msg_reply (subd.c:262)
==2882==    by 0x41E6BB: sd_msg_read (subd.c:318)
==2882==    by 0x41E4E6: read_fds (subd.c:283)
==2882==    by 0x44DEB4: next_plan (io.c:59)
==2882==  Address 0x838 is not stack'd, malloc'd or (recently) free'd
==2882==

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-09-06 05:14:38 +09:30
Christian Decker
b0c0e28a43 gossip: Simplify announce_signature exchange
The logic of dispatching the announcement_signatures message was
distributed over several places and daemons. This aims to simplify it
by moving it all into `channeld`, making peer_control only report
announcement depth to `channeld`, which then takes care of the
rest. We also do not reuse the funding_locked tx watcher since it is
easier to just fire off a new watcher with the specific purpose of
waiting for the announcement_depth.

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2017-09-05 12:47:25 +09:30
Rusty Russell
bbed5e3411 Rename subdaemons, move them into top level.
We leave the *build* results in lightningd/ for ease of in-place testing though.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-29 17:54:14 +02:00
Rusty Russell
153c622157 lightningd: remove lightningd_state.
Some fields were redundant, some are simply moved into 'struct lightningd'.
All routines updated to hand 'struct lightningd *ld' now.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-29 17:54:14 +02:00
Rusty Russell
a37c165cb9 common: move some files out of lightningd/
Basically all files shared by different daemons.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-29 17:54:14 +02:00
Rusty Russell
8375857116 common: absorb remaining files from daemon/
Also, we split the more sophisticated json_add helpers to avoid pulling in
everything into lightning-cli, and unify the routines to print struct
short_channel_id (it's ':',  not '/' too).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-29 17:54:14 +02:00
Rusty Russell
85ff95e829 common: new directory for any shared objects.
To avoid everything pulling in HTLCs stuff to the opening daemon, we
split the channel and commit_tx routines into initial_channel and
initial_commit_tx (no HTLC support) and move full HTLC supporting versions
into channeld.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-29 17:54:14 +02:00
Rusty Russell
d7db0be5da lightningd: start onchaind when we see funding spent.
We're very simple about it: if there's a reorganization, we restart.  Otherwise
we tell it about everything.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-23 17:38:22 +02:00
Rusty Russell
1396cf6249 lightningd: remove num_revocations_received.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-23 17:38:22 +02:00
Rusty Russell
a5d4a3eb2c lightningd: derive num_revocations_received.
It's in the shachain, so storing it is completely redundant.  We leave
it in for the moment so we can assert() that nothing has changed.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-23 17:38:22 +02:00
Christian Decker
def3d77a70 lightningd: Base peer->seed off of the channel ID
The peer->seed needs to be unique for each channel, since bitcoin
pubkeys and the shachain are generated from it. However we also need
to guarantee that the same seed is generated for a given channel every
time, e.g., upon a restart. The DB channel ID is guaranteed to be
unique, and will not change throughout the lifetime of a channel, so
we simply mix it in, instead of a separate increasing counter.

We also needed to make sure to store in the DB before deriving the
seed, in order to get an ID assigned by the DB.

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2017-08-23 10:23:54 +09:30
Christian Decker
e51d261f51 lightningd: Load persisted channels on startup
This is the big one, and it's completely anticlimactic: it loads all
channels that have reached opening and are not marked as
closingd_complete into memory, that's it.

Signed-off-by: Christian Decker <decker.christian@gmail.com>
2017-08-23 10:23:54 +09:30
Christian Decker
1a94e7282b db: Make peers unique by node_id
We should only ever have a single entry for each node_id, enforcing
this on the DB.
2017-08-23 10:23:54 +09:30
Christian Decker
4bc0750882 wallet: Moving wallet_channel->peer_id into the peer struct
This was supposed to be a temporary solution anyway, and I had a
rather annoying mixup between peer_id and unique_id, the latter of
which is actually a connection identifier.
2017-08-23 10:23:54 +09:30
Christian Decker
3fefd5f46d master: Only persist the peer/channel if we have reached openingd
There is no point in doing so before, and it'd be creating empty
entries for each connection.
2017-08-23 10:23:54 +09:30
Christian Decker
e9b69b195a wallet: Store channel to db whenever something changes
This is as coarse grained as it can get, and therefore slow, but it'll
store the channel (sans HTLCs) to database so we can recover them upon
restart.
2017-08-23 10:23:54 +09:30
Christian Decker
406d52042b peer: Add channel to peer and save upon opening a channel
Add the channel to the peer on the two open paths (fundee and funder)
and store it into the database. Currently fails when opening a channel
to a known peer after loading from DB because we attempt to insert a
new peer with the same node_id. Will fix later.
2017-08-23 10:23:54 +09:30
Christian Decker
17173a6322 jsonrpc: Add connected field to getpeers
This was implicitly indicated by the presence of the owner field,
making it explicit.
2017-08-23 10:23:54 +09:30
Christian Decker
221fe8c5f3 reconnect: Re-assign peer->netaddr on reconnect, could have changed
Signed-off-by: Christian Decker <decker.christian@gmail.com>
2017-08-23 10:23:54 +09:30
Rusty Russell
2b9d3bb0b7 channeld: hand in chain_hash.
This will be needed for gossip messages.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-22 14:56:02 +02:00
Rusty Russell
8ffdeea522 daemon/chaintopology: hand full txs to watch_tx()
This is required for onchaind: we want to watch all descendents by default,
as to do otherwise would be racy, which means we need to traverse the outputs
when a tx appears.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-20 13:06:41 +09:30
Rusty Russell
edd27d21b5 lightningd: save last htlc sigs.
This belongs in the db, but until then...

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-20 13:06:41 +09:30
Rusty Russell
b6d7ad0614 lightningd: store the htlc stubs.
These belong in the database, but for now just keep an array.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-20 13:06:41 +09:30
Rusty Russell
893335244d openingd: supply initial tx as well as signature.
And store in peer->last_tx/peer->last_sig like all other places,
that way we broadcast it if we need to.

Note: the removal of tmpctx in funder_channel() is needed because we
use txs[0], which was allocated off tmpctx.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-20 13:06:41 +09:30
Rusty Russell
80e28707a3 channeld: send commit tx and signature to master.
This also means we can simply drop it to chain on error.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-20 13:06:41 +09:30
Rusty Russell
c389215a35 closingd: send the tx to master as we negotiate.
We can derive fees from this, and also broadcast at any time without
having to reconstruct it.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-20 13:06:41 +09:30
Rusty Russell
dbfac68c3f lightningd: keep last valid tx, and its signature.
This avoids us having to reconstruct it.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-20 13:06:41 +09:30
Rusty Russell
8e0c19c76a lightningd: add dev-fail command to inject permenant failure.
A couple of double-free bugs founnd doing this, too.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-20 13:06:41 +09:30
Rusty Russell
99581bd709 dev_disconnect: support 'permfail' line to permanently fail peer.
The master daemon checks for this after a subdaemon dies.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-20 13:06:41 +09:30
Rusty Russell
f765e0e846 bip32: marshal/unmarshal routines.
Neater than using a u8 array as we do now.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-20 13:06:41 +09:30
Rusty Russell
f5624af965 lightningd: fix error packet we send due to permanent error.
tal_strdup() doesn't set tal_count(), so we end up sending an ERROR
packet with an empty message.  Wrap this and get it right.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-20 13:06:41 +09:30
Rusty Russell
ce24731da9 lightningd: use internal_error rather than freeing peer.
Should never free peer directly: we need to log error, etc.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-20 13:06:41 +09:30
Christian Decker
85d2256898 wallet: Use persistent shachain for remote secrets 2017-08-10 12:34:58 +09:30
Rusty Russell
40895e4550 Update to match spec: "BOLT7: Reorder feature bitmaps in order to allow future changes"
aka. a257554456cda98afd1532c302c0e5e84de0455e

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-03 14:26:41 +02:00
Rusty Russell
2b7c091e70 closing: update to match proposal to restart negotiation on reconnect.
This simplifies significantly, as we don't need to remember what we offered.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-08-02 11:45:30 +09:30
Christian Decker
fbc2b65a3d opening: Pass network_index through to openingd
This is needed in order to open channels with the correct
genesis_blockhash.

Reported-By: @sstone
2017-07-12 11:30:23 +09:30
Rusty Russell
03be40ea8b lightningd: don't reset balance when we reconnect!
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-07-12 10:21:16 +09:30
Rusty Russell
8b71ea924a lightningd: don't crash when simply using closingd just for retransmission.
test_closing_negotiation_reconnect (__main__.LightningDTests) ... peer state CLOSINGD_COMPLETE should be CLOSINGD_SIGEXCHANGE

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-07-12 10:21:16 +09:30
Rusty Russell
7d3e074863 Misc feedback minor fixes.
Reported-by: Christian Decker
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-07-12 10:21:16 +09:30
Rusty Russell
87232ec25c lightningd: new peer state CLOSINGD_COMPLETE.
This is a transitional state, while we're waiting to see the
closing tx onchain (which is To Be Implemented).

The simplest way to do re-transmission is to re-use closingd, and just
disallow any updates.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-07-12 10:21:16 +09:30
Rusty Russell
c1f21b9fce lightningd/peer_control.c: rename peer->balance.
I made the mistake of thinking it was a [NUM_SIDES] array, but
it's actually our balance, and it's in millisatoshi.  Rename
for clarity.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-07-12 10:21:16 +09:30
Rusty Russell
0c5e238a48 lightningd: handle reconnect during shutdown and closing.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-07-12 10:21:16 +09:30
Rusty Russell
0c07856ae4 lightningd/peer_control.c: remove unnecessary reconnected field.
It can be on the stack.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-07-12 10:21:16 +09:30
Rusty Russell
a827d2b2bb lightningd: add in support for closingd.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-07-12 10:21:16 +09:30
Rusty Russell
6fa90c926a channeld: exit after shutdown when no more HTLCs.
Ready for the introduction of closingd.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-07-12 10:21:16 +09:30
Rusty Russell
94a33a7d15 channeld: use an enum side not a bool for funder/
This predated our handling of enums.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-07-12 10:21:16 +09:30
Rusty Russell
c05f63a4db peer_control: fix double-state transition on reconnect.
We actually don't need to transition if we're reconnecting, and logic
to go to CHANNELD_NORMAL was wrong: we checked that we'd seen funding tx
locked, but not that we'd received a msg from the remote peer.

We need to fix the tests now we no longer double-transition, too.

Fixes: #188
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-07-03 19:43:34 +09:30
Christian Decker
70f4484ba8 channeld: Pass through the agreed feerate_per_kw to channeld
We were erroneously using the fee_base which refers to the fees we
require for forwarding transactions instead of the on-chain fees.
2017-06-30 19:55:17 +09:30
Christian Decker
5e1dcea5b8 opening: Passing feerate_per_kw through to master 2017-06-30 19:55:17 +09:30
Christian Decker
02aba77698 channel: Passing channel_flags through to channeld 2017-06-30 19:55:17 +09:30
Rusty Russell
ac1172c7b0 lightningd: check scriptpubkey in shutdown.
Important: a non-standard one can make the closing tx not propagate.

Drive-by cut&paste message fix, too.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-29 00:08:21 +02:00
Rusty Russell
4881129f54 peer_fail_permanent: handle take() arg.
We assume this in at least one caller.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-29 00:08:21 +02:00
Rusty Russell
42c9cb58c7 channeld: rename commit_index to next_index.
This is what it actually is, and makes it clearer when we refer to the
spec.  It's the commitment we're currently updating, which is the next
commitment.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-29 00:08:21 +02:00
Rusty Russell
de5bf56ffa opening: update to new open_channel with channel_flags.
While we're there, make the announcement conditional on it.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-29 00:08:21 +02:00
Rusty Russell
fc4e2d8b48 lightningd: fix typo.
If we're going to die, at least we can do so with dignity.

Reported-by: Christian Decker
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-27 10:25:53 +09:30
Rusty Russell
99289bece7 lightningd/peer_control.c: fix memleak.
Reported-by: Christian Decker
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-27 10:25:53 +09:30
Rusty Russell
ac703ff9dc lgihtningd: remove extraneous whitespace.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-27 10:25:53 +09:30
Rusty Russell
866ac79850 channeld: shutdown support.
We keep the scriptpubkey to send until after a commitment_signed (or,
in the corner case, if there's no pending commitment).  When we
receive a shutdown from the peer, we pass it up to the master.

It's up to the master not to add any more HTLCs, which works because
we move from CHANNELD_NORMAL to CHANNELD_SHUTTING_DOWN.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-27 10:25:53 +09:30
Rusty Russell
ee00c2c508 lightningd: remove peer->gossip_client_fd
We don't need to keep this around any more: by handing it to
subdaemons we ensure we'll close it if the peer disconnects, and we
also add code to get a new one on reconnection.

Because getting a gossip_fd is async, we re-check the peer state after
it gets back.  This is kind of annoying: perhaps if we were to hand
the reconnected peer through gossipd (with a flag to immediately
return it) we could get the gossip fd that way and unify the paths?

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-27 10:25:53 +09:30
Rusty Russell
ea52b0a8ff openingd: pass back gossip fd on completion.
For the moment, master still keeps a dup of gossip_fd, but that's the next
patch.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-27 10:25:53 +09:30
Rusty Russell
2ff50107ac lightningd/hsm_control: use a simple fd for HSM.
Now we're always sync, just use an fd.  Put the hsm_sync_read() helper
here, too, and do HSM init sync which makes things much simpler.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-27 10:25:53 +09:30
Rusty Russell
4ef3e9e3fb lightningd/peer_control: get announcement signature from HSM synchronously.
We temporarily play games with the hsm fd; those will go away once
we're done.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-27 10:25:53 +09:30
Rusty Russell
7213312f57 lightningd: remove fd from struct peer.
With no async calls left, we can just use a stack variable for the fd.

And we're now *always* in the hands of some daemon, unless we're
disconnected, so owner is only NULL in that case.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-27 10:25:53 +09:30
Rusty Russell
f2d4309add lightningd/subd: explicit failure reply support.
We had a terrible hack in gossip when a peer didn't exist.  Formalize
a pattern when code+200 is a failure (with no fds passed), and use it
here.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-27 10:25:53 +09:30
Rusty Russell
31ff5a49f4 lightningd/peer_control: remove cs from struct peer.
Now we're not async, we don't need to pack it into struct peer.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-27 10:25:53 +09:30
Rusty Russell
232a182b25 lightningd: get fd from HSM synchronously.
This means there's no GETTING_HSMFD state at all any more.  We
temporarily play games with the hsm fd; those will go away once we're
done.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-27 10:25:53 +09:30
Rusty Russell
77620ea06f lightningd: get funding signature from HSM synchronously.
This means there's no GETTING_SIG_FROM_HSM state at all any more.  We
temporarily play games with the hsm fd; those will go away once we're
done.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-27 10:25:53 +09:30
Christian Decker
7738bccf42 wallet: Move coin-selection primitives to wallet
We'll re-use them a few times so having them at a central location is
nice. We also fix a bug that was unreserving UTXO entries upon free,
instead of promoting them to being spent.
2017-06-23 16:02:20 +09:30
Rusty Russell
d95adf7f33 subd: hand through fatal messages as well to callback.
This matters in one case: channeld receiving a bad message is a
permenant failure, whereas losing a connection is transient.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-23 09:29:42 +09:30
Rusty Russell
15405f95e1 lightningd: simply store commit index, rather than count sent/received.
This is what channeld wants to know, so just do that.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-23 09:29:42 +09:30
Rusty Russell
ffa5e1c52c peer_fail: differentiate transient and permanent failures.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-23 09:29:42 +09:30
Rusty Russell
d236e724a9 channeld: save old remote_per_commit and return it in init.
We need the old remote per_commitment_point so we can validate the
per_commitment_secret when we get it.

We unify this housekeeping in the master daemon using
update_per_commit_point().

This patch also saves whether remote funding is locked, and disallows
doing that twice (channeld should ignore it).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-23 09:29:42 +09:30
Rusty Russell
6b61e9ab0a channeld: exchange channel_reestablish.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-23 09:29:42 +09:30
Rusty Russell
b600e6118c lightningd/channel: hand commit_index in when creating txs only.
Don't store it persistently, as we want to be explicit anyway.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-23 09:29:42 +09:30
Rusty Russell
4097351f16 channeld: get handed existing HTLCs in init message.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-23 09:29:42 +09:30
Rusty Russell
7e820f07e7 channeld: get commit indices from master.
Note that this will change a little in following commits.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-23 09:29:42 +09:30
Rusty Russell
c1d5e41dfe channeld: include last sent commit and last revoke in init message.
It's easiest to have the master keep the last commit we sent, for
re-transmission.  We could recalculate it, but it's made more difficult
by the before/after revoke case.

And because revoke_and_ack changes the channel state, we need to
remember which order we sent them in for re-transmission.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-23 09:29:42 +09:30
Rusty Russell
6700a48d42 lightningd: save num_commits_sent/received and num_revocations_received.
We need this for reestablishing a channel.

(Note: this patch changes quite a bit in this series, but reshuffling was
 tedious).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-23 09:29:42 +09:30
Rusty Russell
a55b58d0d5 lightningd: track balance in way which matches channeld.
Currently it's fairly ad-hoc, but we need to tell it to channeld when
it restarts, so we define it as the non-HTLC balance.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-23 09:29:42 +09:30
Rusty Russell
060a440548 channeld: tell master about next_per_commit_point.
It needs to save them to the db in case of restart; this means we tell
it about funding_locked, as well as the next_per_commit_point given
in revoke_and_ack.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-23 09:29:42 +09:30
Rusty Russell
61906ea415 channeld: don't keep shachain.
The master daemon is the one which stores it, have it do the check.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-23 09:29:42 +09:30
Rusty Russell
4a161b710d channeld: pass htlcs to master daemon in batches.
When adding their HTLCs, it needs all the information.  When failing,
it needs the id as key and the failure reason.  When fulfilling, it
needs the id and payment preimage.

It also needs to know when we have received an revoke_and_ack or a
commitment_signed, to place in the database.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-23 09:29:42 +09:30
Rusty Russell
ad60d71c55 lightningd: fail for the moment if we fail in CHANNELD_NORMAL.
This makes testing easier for the moment, until we implement this.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-23 09:29:42 +09:30
Rusty Russell
7c9b66e67f lightningd: peer_htlcs.c
Move HTLC handling out of peer_control.c.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-23 09:29:42 +09:30
Rusty Russell
1ca97a7913 channeld: don't unpack union, leave that to master.
We still get the shared secret, since that requires a round trip to the HSM
(why waste the master daemon's time?) but it does the processing, which
simplifies the message passing and things like realm handling which
have nothing to do with this particular channeld.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-23 09:29:42 +09:30
Rusty Russell
6e28412f8f lightningd: clean up HTLC error handling.
Some paths were still sending unencrypted failure messages; unify them
all.  We need to keep the fail_msg around for resubmission if the
channeld dies; similarly, we need to keep the htlc_end structure
itself after failure, in case the failed HTLC is committed: we can
move it to a minimal archive once it's flushed from both sides,
however.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-23 09:29:42 +09:30
Rusty Russell
996567c250 lightningd: update BOLT to add channel_reestablish message.
We don't handle it yet though.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-23 09:29:42 +09:30
Rusty Russell
e7297ffd5d lightningd/peer_control: remove redundant peer_by_pubkey().
We have peer_by_id() for exactly this.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-23 09:29:42 +09:30
Rusty Russell
9327aa1df4 lightningd: fix logging of peer death.
We used level -1 to mean "append to log", but that doesn't actually
work, and results in an assert if we try to prune the logs:

	lightningd: daemon/pseudorand.c:36: pseudorand: Assertion `max' failed.

Expose logv_add and use that.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-23 09:29:42 +09:30
Rusty Russell
87ef7acbd6 lightningd/peer_control: join peer logs with master logs.
We use --log-level to control this, but we could add another switch.

It makes the test infrastructure simpler, since we can just look in the
main logs.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-07 09:19:04 +09:30
Rusty Russell
f7a22b699e lightningd/peer_control: embed id, don't use pointer.
We always know it now we have struct connection, so we don't need a pointer.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-07 09:19:04 +09:30
Rusty Russell
6f181e0dc1 BOLT update for 8-byte satoshi values, and other updates.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-07 09:19:04 +09:30
Rusty Russell
7389aae26a Massive BOLT text underscore and formatting updates.
This brings us up to 61b5b3f7b4145c9d6d66973b6bfbf28e6c0a0791.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-07 09:19:04 +09:30
Rusty Russell
87fc3439c4 test_lightningd.py: fix obscure corner case in gossip.
I actually hit this very hard to reproduce race: if we haven't process
the channeld message when block #6 comes in, we won't send the gossip
message.  We wait for logs, but don't generate new blocks, and timeout
on l1.daemon.wait_for_log('peer_out WIRE_ANNOUNCEMENT_SIGNATURES').

The solution, which also tests that we don't send announcement signatures
immediately, is to generate a single block, wait for CHANNELD_NORMAL,
then (in gossip tests), generate 5 more.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-06-07 09:19:04 +09:30
Christian Decker
605438f213 channel: Die on unexpected gossipd messages 2017-06-07 06:41:39 +09:30
Rusty Russell
06bc035f59 Minor fixes: feedback from Christian
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-25 14:24:47 +09:30
Rusty Russell
ed16bb3134 channeld: send optional init message.
We use this to make it send the funding_signed message, rather than having
the master daemon do it (which was even more hacky).  It also means it
can handle the crypto, so no need for the packet to be handed up encrypted,
and also make --dev-disconnect "just work" for this packet.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-25 14:24:47 +09:30
Rusty Russell
302ed0ca3b peer_control: always keep gossip_client_fd.
This is simpler than passing back and forth, for the moment at least.  That
means we don't need to ask for a new one on reconnect.

This partially reverts the gossip handling in openingd, since it no longer
passes the gossip fd back.  We also close it when peer is freed, so it
needs initializing to -1.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-25 14:24:47 +09:30
Rusty Russell
d1fcc434c8 subd: use array of fd pointers, not fds, and use take().
This lets us specify that we want to keep some fds.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-25 14:24:47 +09:30
Rusty Russell
f504f0be47 gossip: handle release race.
We can go to release a gossip peer, and it can fail at the same time.
We work around the problem that the reply must be a gossipctl_release_peer_reply
with two fds, but it's not pretty.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-25 14:24:47 +09:30
Rusty Russell
b3a2a0623c lightningd: set up reconnect timer if we don't want to forget peer.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-25 14:24:47 +09:30
Rusty Russell
f4722e93a0 peer_fail: handle incoming reconnections.
We kill the existing connection if possible; this may mean simply
forgetting the prior peer altogether if it's in an early state.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-25 14:24:47 +09:30
Rusty Russell
3126eed4de patch peer_control-keep-init-information.patch 2017-05-25 14:24:47 +09:30
Rusty Russell
05875d7f35 opening: handle gossip.
We don't send out gossip, but we do relay it to the gossip daemon if we
get some.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-25 14:24:47 +09:30
Rusty Russell
43ec37b865 openingd: fundee: don't send watch command to master.
Instead, send it the funding_signed message; it can watch, save to
database, and send it.

Now the openingd fundee path is a simple request and response, too.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-25 14:24:47 +09:30
Rusty Russell
c2cfc3dd69 opening: funder: don't ask master for TXID, calculate it ourselves.
Simplifies state machine.  Master still has to calculate the tx to get
the signature and broadcast, but now the opening daemon funding path
is a simple request/response.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-25 14:24:47 +09:30
Rusty Russell
7bfd282319 lightningd/utxo: helpers to translate from utxo * <-> utxo **
We need the former for marshalling, the latter for build_utxos and funding_tx.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-25 14:24:47 +09:30
Rusty Russell
3ab3281a4c lightningd/opening: rename functions and wire messages for clarity.
Each one is either funder or fundee now.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-25 14:24:47 +09:30
Rusty Russell
1e36a19164 lightningd/peer_control: keep cryptostate.
Like the fd, it's only useful when the peer is not in a daemon, so we
free & NULL it when that happens.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-25 14:24:47 +09:30
Rusty Russell
aef745e37d peer_control: simplify code flow in depth callback.
I modified it to use states, and messed it up.  Rewrite it to be
far simpler.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-25 14:24:47 +09:30
Rusty Russell
780b3870ad lightningd: peer state cleanup.
1. We explicitly assert what state we're coming from, to make transitions
   clearer.
2. Every transition has a state, even between owners while waiting for HSM.
3. Explictly step though getting the HSM signature on the funding tx
   before starting channeld, rather than doing it in parallel: makes
   states clearer.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-05-25 14:24:47 +09:30