Commit Graph

8354 Commits

Author SHA1 Message Date
Christian Decker
0ca2c6b9f3 paymod: Rewrite the shadow-route constraint enforcement
We now check against both constraints on the modifier and the payment before
applying either. This "fixes" the assert that was causing the crash in #3851,
but we are still looking for the source of the inconsistency where the
modifier constraints, initialized to 1/4th of the payment, suddenly get more
permissive than the payment itself.
2020-07-23 10:14:21 +09:30
Christian Decker
c0d70cdfc7 paymod: Add invariant verification for constraints on shadowroute
This was highlighted in #3851, so I added an assertion. After the rewrite in
the next commit we would simply skip if any of the constraints were not
maintained, but this serves as the canary in the coalmine, so we don't paper over.
2020-07-23 10:14:21 +09:30
Christian Decker
157e70ffe8 paymod: Add a comment about how we derive errors from erring_index
Mainly to help my future self remember
2020-07-23 10:14:21 +09:30
Christian Decker
b2463b12c0 paymod: Count all attempts, not just the ones with a result
With the presplitter in particular we would have n attempts but the array
contains n+1 entries, which is kinda weird.
2020-07-23 10:14:21 +09:30
Rusty Russell
1274d34822 lightningd: add --dev-no-version-checks, use if SLOW_MACHINE and VALGRIND
Reduces VALGRIND=1 node_factory.line_graph(5) time on my laptop from 42s to 36s.

This is simply because forking all the subdaemons just to check the
version is very expensive under valgrind.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2020-07-22 16:13:44 +02:00
Rusty Russell
c85a433d9a pytest: reduce accuracy of valgrind if SLOW_MACHINE.
Reduces node_factory.line_graph(5) time on my laptop from 48s to 42s.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2020-07-22 16:13:44 +02:00
Rusty Russell
23af241c60 doc: document the payment_secret argument to sendpay.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2020-07-21 13:30:15 +02:00
Rusty Russell
09eb7110e0 sendpay: insist that partid be an exact duplicate if in progress.
The test had part 1 and 2 backward, but still worked.  When I copied that to
*after* the test had succeeded, it complained.  It should always complain,
to catch bugs.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2020-07-21 13:30:15 +02:00
Rusty Russell
73d5d96d2a sendpay: don't allow a new part payment if any part has succeeded.
This wasn't important before, but now we have MPP it's good to enforce.

Reported-by: Christian Decker
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2020-07-21 13:30:15 +02:00
Christian Decker
25f1db3076 release: Update changelog for v0.9.0rc2 2020-07-18 17:49:02 +02:00
Christian Decker
c984376a15 plugin: Always set an end_time for payments in a final state
Reported-by: @thestick613
Fixes #3848
2020-07-18 17:21:11 +02:00
Christian Decker
65ca634528 plugin: Fix misspelled COMPAT_V090 compile guards 2020-07-18 11:40:02 +02:00
Christian Decker
2146a548bd plugin: Do not return multiple times from pay
While we were unsetting the `payment->cmd` in case of a success to signal that
we should not return to the JSON-RPC command twice, we were not doing that in
the case of failures. This was causing multiple responses to a single incoming
command, and `lightningd` was correctly killing the plugin. This issue was
introduced through early returns (anything setting `payment->abort=true`) and
was caused in Rusty's case through an MPP timeout.

Fixes #3847
Reported-by: Rusty Russell <@rustyrussell>
Signed-off-by: Christian Decker <@cdecker>
2020-07-18 11:40:02 +02:00
Christian Decker
734f292695 pytest: Reproduce issue #3847
Reported-by: Rusty Russell <@rustyrussell>
2020-07-18 11:40:02 +02:00
Christian Decker
958244367c plugin: Do not get upset if it can't parse waitsendpay result
We were rather pedanticly failing the plugin if we were unable to parse the
`waitsendpay` result, but had coded all the modifiers in such a way that they
can handle a `NULL` result (verified in the code and manually by randomly
failing the parsing). So we now just log the result we failed to parse and
merrily go our way.

Worst case is that we end up retrying the same route multiple times, since we
can't blacklist any nodes / channels without understanding the error, but that
is still in the scope of what we must handle anyway.
2020-07-18 11:40:02 +02:00
Christian Decker
3b54847ae4 paymod: Do not assume that parsing the waitsendpay result succeeds
Suggested-by: ZmnSCPxj
Signed-off-by: Christian Decker
Reference: #3846
2020-07-18 11:40:02 +02:00
Christian Decker
2788883906 release: Fixup the changelog format before the release
Suggested-By: Rusty Russell <@rustyrussell>
Signed-off-by: Christian Decker <@cdecker>
Changelog-None
2020-07-18 11:40:02 +02:00
Rusty Russell
055cfd17a8 wire: locale-independent patch order for EXPERIMENTAL_FEATURES patches
Also, remove fuzz caused by varint->bigsize change.

For some reason my build machine sorts patches into another order, and fails
to patch:

	patching file wire/gen_onion_wire_csv.104951
	Hunk #1 succeeded at 52 with fuzz 1 (offset -19 lines).
	patching file wire/gen_onion_wire_csv.104951
	Hunk #1 FAILED at 8.
	1 out of 1 hunk FAILED -- saving rejects to file wire/gen_onion_wire_csv.104951.rej
	make: *** [wire/Makefile:60: wire/gen_onion_wire_csv] Error 1

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2020-07-17 13:54:21 +02:00
Rusty Russell
7ca00ca7d7 ccan: update so we can compile with -O2 on Ubuntu.
Otherwise we get a configurator failure:

    In file included from /usr/include/string.h:495,
                     from configuratortest.c:2:
    In function ‘strncpy’,
        inlined from ‘main’ at configuratortest.c:6:2:
    /usr/include/x86_64-linux-gnu/bits/string_fortified.h:106:10: warning: ‘__builtin_strncpy’ specified bound 8 equals destination size [-Wstringop-truncation]
      106 |   return __builtin___strncpy_chk (__dest, __src, __len, __bos (__dest));
          |          ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2020-07-17 13:54:06 +02:00
Rusty Russell
73a5f5b313 fundpsbt: make parameters more usable.
fundpsbt forces the caller to manually add their weight * feerate
to the satoshis they ask for.  That means no named feerates.

Instead, create a startweight parameter and do the calc for them
internally, and return the feerate we used (and, while we're at it,
the estimated final weight).

This API change is best done now, as it would otherwise have to
be appended as a parameter.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2020-07-17 13:53:46 +02:00
ZmnSCPxj jxPCSnmZ
fe119fc8fd CHANGELOG.md: Update security changes for 0.7.1.
The CVE was fully disclosed, so we can safely add it to the Security
field for the 0.7.1 changelog.

Also removed the "No security changes were necessary" text.
If we do this for releases, then either we lie about a CVE-level problem,
or we leak that a release fixes a CVE-level problem.
2020-07-17 01:03:22 +00:00
Christian Decker
cc2f9b4541 release: Add changelog entries for v0.9.0 release 2020-07-15 16:11:25 +02:00
Christian Decker
de096eeed9 pytest: Disable test_pay_routeboost for valgrind due to timeout 2020-07-15 11:32:58 +02:00
Christian Decker
86ad15d040 travis: Spread the valgrind load on more configurations 2020-07-15 11:32:58 +02:00
Christian Decker
214f418c3b plugin: Fix a memory leak and a missing dereference in listconfigs
`listconfigs` calls were setting the description twice and was using the
pointer to the boolean value as the boolean value, resulting in always
returning `true`.
2020-07-15 11:32:58 +02:00
Christian Decker
de90606490 pytest: Add an adaptive MPP test
This exercises something that is simply not possible without MPP, i.e., the
bundling of multiple paths to get sufficient capacity to perform the payment.
2020-07-15 11:32:58 +02:00
Christian Decker
dad23066dc pytest: Disable MPP sending for 4 tests
These mostly deal with exact HTLC counts, and fixed number of attempts to
conclusion, so the randomization that MPP adds is not desirable.
2020-07-15 11:32:58 +02:00
Christian Decker
212a3c5ec5 ld: We might not have a failing channel if localfail and sendonion
This happens to be an edge case with the way we use `sendonion` in
MPP. `sendonion` does not attempt to recover the route even if we supply the
shared secrets (it'd require us to map forwarding channels to the nodes etc),
so `failnode` will always be unset, unless it is the first hop, which gets
stored. This is not a problem if it weren't for the fact that we don't store
the partial route, consisting solely of the channel leading to the first hop,
therefore the assertion that either both are NULL or both aren't fails on the
first hop.

This went unnoticed since with MPP we have more concurrent payments in flight,
increasing the chances of a exhausted first hop considerably.
2020-07-15 11:32:58 +02:00
Christian Decker
a3610d66ac retrymod: Make retry modifier slightly more verbose
I found it rather useful to trace how a payment is getting retried in the logs.
2020-07-15 11:32:58 +02:00
Christian Decker
041ee930a4 mpp: Consider an abort as the payment being finished
If one part sets the root to be aborted, there is little point in continuing
to wait for the remainder, return to the caller immediately.
2020-07-15 11:32:58 +02:00
Christian Decker
5bef4fc196 mpp: Lower amounts below the presplit amount
Some tests were failing because they were running into the presplit modifier
and then surprised that the payment got split.
2020-07-15 11:32:58 +02:00
Christian Decker
718b6e3398 mpp: Detect if destination supports MPP from invoice and abort early
We abort on the root since that is the coordination point for all parts of the payment.
2020-07-15 11:32:58 +02:00
Christian Decker
de75d3ac0c mpp: Add CLI option to opt-out of multi-part payments
Several tests are not well-suited for mpp, so I added a CLI option to opt-out
of the MPP support at startup time.
2020-07-15 11:32:58 +02:00
Christian Decker
a287bbe55d mpp: Enable adaptive splitter
Changelog-Added: The adaptive multi-part payment modifier will split payments that are failing due to their size into smaller parts, and re-attempted.
2020-07-15 11:32:58 +02:00
Christian Decker
535aaca109 paymod: Implement adaptive splitter
This modifier splits a payment that has been attempted a number of times (by a
modifier earlier in the mod chain) and has failed consistently. It splits the
amount roughly in half, with a but if random fuzz, and then starts a new round
of attempts for the two smaller amounts.
2020-07-15 11:32:58 +02:00
Christian Decker
443643e0b0 retrymod: Reset retry counter if parent is a split
If the parent is a split we have new payment parameters, and want to perform a
number of attempts with those.
2020-07-15 11:32:58 +02:00
Christian Decker
d0eb3a79eb paymod: Not having a result doesn't mean we failed at getroute
Specifically if we split, there is no result, but we shouldn't add a failure
message.
2020-07-15 11:32:58 +02:00
Christian Decker
b813974e13 mpp: Add the presplit MPP modifier
Changelog-Added: The MPP presplit modifier splits large payments into 10k satoshi parts to maximize chances of performing the payment and to obfuscate the overall amount being sent.
2020-07-15 11:32:58 +02:00
Christian Decker
3f399d15cb paymod: Don't assume that the first payment was executed at all
With the `presplit`-modifier we actually skip execution of the root altogether
which results in the root not having a result at all. Instead we should use
the result returned by `payment_collect_result`.
2020-07-15 11:32:58 +02:00
Christian Decker
f6745682c3 tlvstream: Allow overwriting an already set value
This is necessary in the next commit to override the total_msat that is being
delivered to the destination.
2020-07-15 11:32:58 +02:00
Christian Decker
c97ff05ffb mpp: Add the presplit-modifier that splits a root payment first 2020-07-15 11:32:58 +02:00
Christian Decker
7f53ade64b paymod: Allow callers to opt out of shadow routing amount fuzzing
With MPP we require that the sum of parts is equal to the `total_msat` amount
declared in the onion. Since that can't be changed once the first part arrives
we need a way to disable amount fuzzing for MPP.
2020-07-15 11:32:58 +02:00
Rusty Russell
406d0d09cf doc/STYLE.md: be clear we're talking about JSON output.
Suggested-by: @ZmnSCPxj
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2020-07-15 18:50:49 +09:30
Rusty Russell
371cabf976 txprepare: revert 1fb9a078b6 (psbt field)
We're actually going to deprecate this, so don't add new features!

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Changelog-Added: ***REMOVE*** JSON-API: `txprepare` returns a psbt version of the created transaction
2020-07-15 18:49:02 +09:30
Rusty Russell
e85c895c5b pytest: restore test_sign_and_send_psbt.
It uses reservations heavily, and assumed we generated change, etc.
It's now a simpler test, in many ways.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2020-07-15 18:49:02 +09:30
Rusty Russell
31d7e013bd pytest: test fundpsbt.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2020-07-15 18:49:02 +09:30
Rusty Russell
1091be3d0d doc: document fundpsbt.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2020-07-15 18:49:02 +09:30
Rusty Russell
10e62af7c7 fundpsbt: add reserve arg.
It's easier for us to call it atomically than have the user loop and
retry!

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2020-07-15 18:49:02 +09:30
Rusty Russell
bd19ec2292 fundpsbt: new JSON API to gather UTXOs.
Technically, they could do this themselves, but it's much nicer to have one
place to do it (and it makes sure we get the required information into the
PSBT, which is actually not entirely accessible through listfunds, as that
doesn't want to consult with the HSM for close outputs).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Changelog-Added: JSON RPC: new low-level coin selection `fundpsbt` routine.
2020-07-15 18:49:02 +09:30
Rusty Russell
4ee527a59c pytest: test reserve and unreserve.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2020-07-15 18:49:02 +09:30