Commit Graph

6955 Commits

Author SHA1 Message Date
Rusty Russell
700d88dfa4 lightningd/hsm: sign funding transaction correctly.
We read in the localkey twice, leaving us to use an initializwed
remote_pubkey.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-07 11:28:20 +10:30
Rusty Russell
d77e7963f9 funding_tx: permute inputs, don't re-calculate fees
built_utxos needs to calculate fees for figuring out how many utxos to
use, so fix that logic and rely on it.

We make build_utxos return a pointer array, so funding_tx can simply hand
that to permute_inputs.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-07 11:28:09 +10:30
Rusty Russell
e0d9b6efdf daemon/watch: fix macro clash.
'peer' vs 'struct peer' works iff the argument is actually called 'peer'.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-07 11:27:09 +10:30
Rusty Russell
6a14e24a82 lightningd: integrate bitcoind.
This allows us to broadcast transactions and watch for them.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-07 11:26:38 +10:30
Rusty Russell
484c45a8a1 chain_topology: fix double-free when peer dies.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-07 11:25:48 +10:30
Rusty Russell
5514f4fadf lightningd/channel.h: fix comment typo.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-06 12:23:58 +10:30
Christian Decker
4a995a42de gen-wire: Cleanup of the wire generator tool
The wiregen tool was a bit hard to maintain since it was printing all
over the place, mixing template and processing logic. This commit
tears the two apart, externalizes everything that is not a single code
line, and repackages it into templates. Specifically functions are now
their own template and header/implementation files are a template.

Furthermore this simplifies some of the boilerplate of mapping types
to sizes and back again, by extracting them into dicts.

All changes have been verified to produce identical results on the
current wire definitions, except a bit of whitespace changes.
2017-03-06 10:22:02 +10:30
Rusty Russell
7419fde9a0 Update to new spec: differentiate channel_id and short_channel_id.
The spec 4af8e1841151f0c6e8151979d6c89d11839b2f65 uses a 32-byte 'channel-id'
field, not to be confused with the 8-byte short ID used by gossip.  Rename
appropriately, and update to the new handshake protocol.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-02 22:51:49 +10:30
Rusty Russell
2ce6a4bcca daemon/peer: move struct peer to internal header.
We use a different 'struct peer' in the new daemons, so make sure
the structure isn't assumed in any shared files.

This is a temporary shim.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-02 22:51:49 +10:30
Rusty Russell
8d7acdc367 struct topology -> struct chain_topology
Topology also refers to the lightning network, be clear.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-02 22:51:49 +10:30
Rusty Russell
e2c7925e0e daemon/chaintopology.c: remove last remaining lightningd_state references.
We put a topology pointer into struct outgoing_tx and struct block for now.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-02 22:51:49 +10:30
Rusty Russell
38cc6c2f21 daemon/chaintopology: move dev_no_broadcast from lightningd_state to here.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-02 22:51:49 +10:30
Rusty Russell
61e576ef12 daemon/chaintopology: use struct topology for more functions, not lightningd_state
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-02 22:51:49 +10:30
Rusty Russell
923526baf3 daemon/watch.c: move list of watched txs/txouts into struct topology.
This weans daemon/watch.c off relying on struct lightningd_state.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-02 22:51:49 +10:30
Rusty Russell
d34dade8bb daemon/chaintopology: don't leave outgoing txs in peer structure.
The peer structure is only for the old daemon; instead move the list
of all outgoing txs for rebroadcasting into struct topology (still
owned by peers, so they are removed when it exits).

One subtlety: on exit, struct topology is free before the peers,
so they end up removing from a freed list.  Thus we actually free
every outgoing tx manually on topology free.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-02 22:51:49 +10:30
Rusty Russell
e6efcdf5bd daemon/bitcoind: wean off struct lightningd_state.
We want to use this in the new daemon, so use 'struct bitcoind'
everywhere.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-02 22:51:49 +10:30
Rusty Russell
5dc0402a44 Update to lightning-rfc to dc0b529161561c6be3ff53c5f8574b23c3305a04
Only minor changes, but I add some more spec text to
lightningd/test/run-commit_tx.c to be sure to catch if it changes
again.

One reference isn't upstream yet, so had to be commented out.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-02 22:51:49 +10:30
Rusty Russell
9387609c7b daemon/pseudorand: be more paranoid with isaac64 output.
There's no reason to think that the seed isn't reproducable from the
output: we don't want to give away our siphash seed and allow hashbombing,
so seed isaac with the SHA of the seed.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-02 22:51:49 +10:30
Rusty Russell
293bebbe2d daemon/peer: handle narrow reconnect race on close.
Usually if we get a packet while closing (onchain event), we're going
through pkt_in which discards it.  However, if we're reconnecting, we
simply process the init packet and get upset because they've forgotten
us.

Hard to reproduce, but here's the log (in this case, test-routing --reconnect
and we have just done mutual close):

We reconnect in STATE_MUTUAL_CLOSING, send INIT pkt:

   +19.397025114 023ec94fb93c669154ba7b08907276e8c8661b2e65d80fc2c089215d5395574898:DEBUG: Init with ack 1 opens + 9 sigs + 8 revokes + 1 shutdown + 1 closing

While waiting for response, we see the mutual close...
   +19.398732602 lightningd(4637):DEBUG: reaped 6370: bitcoin-cli -regtest=1 -datadir=/tmp/bitcoin-lightning2 getblock 2a63b209e17aedc5b1bcc6c2f9e044f97c9c3ca136fc64a719f704d2f632df5f false
   +19.401834422 lightningd(4637):DEBUG: Adding block 5fdf32f6d204f719a764fc36a13c9c7cf944e0f9c2c6bcb1c5ed7ae109b2632a
   +19.405167334 023ec94fb93c669154ba7b08907276e8c8661b2e65d80fc2c089215d5395574898:DEBUG: Got UTXO spend for 8bb48a:0: 7f5e422f...

   +19.412543610 023ec94fb93c669154ba7b08907276e8c8661b2e65d80fc2c089215d5395574898:DEBUG: anchor_spent: STATE_MUTUAL_CLOSING => STATE_CLOSE_ONCHAIN_MUTUAL

And we also see it buried "forever" (10 blocks in test mode), so we forget peer:
   +19.423045014 023ec94fb93c669154ba7b08907276e8c8661b2e65d80fc2c089215d5395574898:DEBUG: Anchor at depth 13
   +19.426775063 023ec94fb93c669154ba7b08907276e8c8661b2e65d80fc2c089215d5395574898:DEBUG: check_for_resolution: STATE_CLOSE_ONCHAIN_MUTUAL => STATE_CLOSED
   +19.427613109 023ec94fb93c669154ba7b08907276e8c8661b2e65d80fc2c089215d5395574898:DEBUG: db_forget_peer(023ec94fb93c669154ba7b08907276e8c8661b2e65d80fc2c089215d5395574898)
   +19.428130685 023ec94fb93c669154ba7b08907276e8c8661b2e65d80fc2c089215d5395574898:DEBUG: db_start_transaction(023ec94fb93c669154ba7b08907276e8c8661b2e65d80fc2c089215d5395574898)
   +19.501027511 023ec94fb93c669154ba7b08907276e8c8661b2e65d80fc2c089215d5395574898:DEBUG: db_commit_transaction(023ec94fb93c669154ba7b08907276e8c8661b2e65d80fc2c089215d5395574898)

Now, we get their reply, but they've forgotten us:
   +19.520208608 023ec94fb93c669154ba7b08907276e8c8661b2e65d80fc2c089215d5395574898:DEBUG: Decrypted header len 5
   +19.520872035 023ec94fb93c669154ba7b08907276e8c8661b2e65d80fc2c089215d5395574898:DEBUG: Received packet LEN=5, type=PKT__PKT_INIT
   +19.520999082 023ec94fb93c669154ba7b08907276e8c8661b2e65d80fc2c089215d5395574898:DEBUG: Our order counter is 19, their ack 0
   +19.521078913 023ec94fb93c669154ba7b08907276e8c8661b2e65d80fc2c089215d5395574898:DEBUG: They acked 0, remote=16 local=15
   +19.521447174 023ec94fb93c669154ba7b08907276e8c8661b2e65d80fc2c089215d5395574898:DEBUG: Queued pkt PKT__PKT_OPEN (order=19)
   +19.522563794 023ec94fb93c669154ba7b08907276e8c8661b2e65d80fc2c089215d5395574898:DEBUG: Queued pkt PKT__PKT_OPEN_COMMIT_SIG (order=19)
   +19.523517319 023ec94fb93c669154ba7b08907276e8c8661b2e65d80fc2c089215d5395574898:BROKEN: Can't rexmit 2 when local commit 15 and remote 16
   +19.524613177 023ec94fb93c669154ba7b08907276e8c8661b2e65d80fc2c089215d5395574898:UNUSUAL: Sending PKT_ERROR: invalid ack
   +19.526638447 023ec94fb93c669154ba7b08907276e8c8661b2e65d80fc2c089215d5395574898:DEBUG: Queued pkt PKT__PKT_ERROR (order=19)
   +19.527508022 023ec94fb93c669154ba7b08907276e8c8661b2e65d80fc2c089215d5395574898:DEBUG: peer_comms_err: STATE_CLOSED => STATE_ERR_BREAKDOWN

We should never transition from STATE_CLOSED to STATE_ERR_BREAKDOWn,
and that's what this check prevents.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-02 22:51:49 +10:30
Rusty Russell
9aebd5c797 lightningd: add opening to dependencies.
Without this, make check doesn't rebuild opening subdaemon.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-02 22:51:49 +10:30
Rusty Russell
c6f568dbde Makefile: fix distclean, clean targets.
libwally's tools/cleanup.sh doesn't actually remove files if it can't
run make, so do that manually.  Also clear some other cruft.

Also, we weren't deleting wire/gen_onion_wire.c in "make clean".

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-03-02 22:51:39 +10:30
Christian Decker
7ac7a6a47e cleanup: Ignoring libwally artifacts and distclean cleans them 2017-02-27 23:14:43 +01:00
Christian Decker
421edc9500 gitignore: Added some binaries to gitignore 2017-02-27 22:25:43 +01:00
Christian Decker
da31675537 doc: Adding compiled manpage 2017-02-27 14:55:53 +01:00
Rusty Russell
fd258fe495 lightningd: wire up opening daemon.
Now we can actually open a channel.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
d48f9faa19 lightningd/opening: fixes.
Now we've tested it:

1. open_channel needs to write response to REQ_FD not STATUS_FD.
2. recv_channel needs to send our next_per_commit, not echo theirs!
3. print the problematic signature if it's wrong, not our own.

Cleanups:

1. Return the message from open_channel/recv_channel for simplicity.
2. Trace signing information.
3. More tracing messages.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
391b15dbd7 lightningd/crypto_sync: trace all messages, especually failures.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
c69f43b5c0 subdaemon: always set incoming fds to blocking.
The gossip daemon didn't, but we shouldn't rely on it doing so anyway.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
c8df820e58 lightning/peer_control: set logging level for peers to match global.
That way it's controlled by --log-level=

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
a737335da2 lightningd/commit_tx: don't segv on NULL htlcmap.
We don't care if we're just checking sigs, so allow NULL.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
5d0977df3a lightningd/funding_tx: use struct utxos, remove signing helper.
The signing helper was really just for testing, so remove it.  But
turn the funding_tx() function into a useful one by making it take the
utxo array.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
8edac22595 hsm: don't require privkey for signing off on funding.
I made it privkey to prove we owned one key, but without the HSM checking
we have a valid sig for the first commitment transaction, and that
we haven't revealed the revocation secret key, why bother?

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
edc30b12ea lightningd: --dev-debugger=<subdaemon>
Or for blackbox tests --gdb1=<subdaemon> / --gdb2=<subdaemon>.

This makes the subdaemon wait as soon as it's execed, so we can attach
the debugger.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
a72dd8d9de daemon/options: split option registration and parsing.
This allows us to add extra options before parsing.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
952722a8cf lightningd/gossip: Fix return from gossip.
We should check that the peer it says it's returning is under its control,
we need to take back the peer fd, and use the correct conversion routine
for the packet it sends us.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
7525ed787a lightningd/hsm: create a peer-seed for peer secrets.
For the moment this is simply handed through to lightningd for
generating the per-peer secrets; eventually the HSM should keep it and
all peer secret key operations would be done via HSM-ops.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
90737371d0 lightningd/cryptomsg: split raw crypto_state vs peer_crypto_state
Raw crypto_state is what we send across the wire: the peer one is for
use in async crypto io routines (peer_read_message/peer_write_message).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
6cf8a19881 lightningd/opening: receive details for remote config acceptance, not min/max.
The requirements for accepting the remote config are more complex than
a simple min/max value, as various parameters are related.  It turns
out that with a few assumptions, we can boil this down to:

1.  The valid feerate range.
2.  The minimum effective HTLC throughput we want
3.  The a maximum delay we'll accept for us to redeem.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
a8b9177e9e lightningd/opening: seed is a privkey not an sha256.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
b8472b65ba lightningd/build_utxos: don't lockin the UTXO reservation until confirmed.
Unless the transaction is confirmed, the UTXOs should be released if
something happens to the peer.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
be7c7b9732 lightningd/handshake: rename WIRE_BAD_COMMAND to WIRE_HANDSHAKE_BAD_COMMAND
So it doesn't clash with opening daemon, for example.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:56 +10:30
Rusty Russell
b1403a764f lightningd/opening: use peer_failed to send PKT_ERR on problems.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:55 +10:30
Rusty Russell
8b279b7c14 opening: remove unused opening_watch_funding_req/resp.
This is now part of the responses: starting the normal peer daemon
is done once the tx is buried.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:55 +10:30
Rusty Russell
89af53267b lightningd/peer_failed: helper to send PKT_ERR and exit daemon.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:55 +10:30
Rusty Russell
13ac472062 lightningd/crypto_sync: fix sync_crypto_write / sync_crypto_read
wire_sync_write() adds length, but we already have it, so use write_all.

sync_crypto_read() handed an on-stack buffer to cryptomsg_decrypt_header,
which expected a tal() pointer, so use the known length instead.

sync_crypto_read() also failed to read the tag; add that in (no
overflow possible as 16 is an int, len is a u16).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2017-02-24 16:22:35 +10:30
Christian Decker
51a22c4274 doc: Fixed two small mistakes in the getroute documentation
Two arguments were flipped and riskfactor was missing in the error
message returned from the JSON.
2017-02-22 21:46:07 +10:30
Christian Decker
26d4042436 bugfix: Assert was killing daemon
This seems rather easy to fix, the only case we do not want to set
`STATE_SHUTDOWN` us when we have updates which we have not committed
yet, which is handled separately in the other IF-branch.
2017-02-22 16:47:48 +10:30
Christian Decker
8912272983 gossip: Prevent normal messages to trigger the staggered broadcast
Only call `peer_dump_gossip` if the broadcast timer actually
expired. previously it could get triggered by any normal message.
2017-02-21 17:59:34 +01:00
Christian Decker
fccab6411d gossip: Add timer and normal queue for messages
The peer is woken up every 30 seconds to deliver the backlog of
messages. Additionally I added the normal message queue to be able to
send non-gossip message to the peer.
2017-02-21 17:59:34 +01:00
Christian Decker
83f51fe965 gossip: Add timer support to the io_loop 2017-02-21 17:59:34 +01:00