Using the `max()` aggregating function on outgoing payments'
timestamps, we can ensure that the non-aggregated columns
for the outgoing payments contain the most recent/pertinent data.
If a chain re-org happens and a new ShortChannelId is assigned,
the `Relayer` kept both entries (new and old).
This resulted in an incorrect balance because we effectively counted this channel twice.
While #1222 was being reviewed, a new unit test was added to OnionCodecsSpec.
It didn't cause any file conflict so Github didn't warn about merging #1222.
However this test needed to be updated to the new truncated int format.
The spec defines tu64 (and friends) without the length prefix.
Multi-part uses a tu64 without a length prefix inside the PaymentData record.
Our previous implementation only supported using tu64 alone in a TLV record.
We make this more flexible by separating the length encoding.
MPP implies payment secret.
Avoid raising exceptions in PaymentInitiator: validate invoice instead of using a require.
This way senders always get a response.
We previously had some logic where we would fail incoming HTLCs
for which we were the final recipient when a channel would come online.
That made sense when we didn't have MPP, but with MPP we cannot do that.
There is a risk that we would be failing HTLCs that are considered received by the MPP FSM.
Instead we need to use the CommandBuffer when we are the final recipient.
This way pending commands cannot be lost and HTLCs are cleaned-up on restart.
This includes a bit of refactoring in `MultiPartPaymentLifecycle`. Note
that we can't use the `onTermination` handler to finish the spans,
because it is asynchronous and may not be called after a long time.
That's why we use a dedicated `myStop` function.
In Kamon 2.0, by default spans are automatically generated for tracked
actors, which we don't want because we define our own spans. That's why
there is an additional configuration in `application.conf`.
MPP split/retry improvements:
* Only use public channels when sending to remote node
* Don't retry when sending to direct peer
* Blacklist channels that are a bad route prefix
When paying a multi-part payment, we tell the PaymentLifecycle to use a route prefix that contains the first hop (for example a -> b via channel 1).
We need to also tell the router to ignore the nodes that are in the route prefix, otherwise when retrying it may try some completely dumb routes that have no chance of succeeding.
* Fix `allUpdates` API when used with the public key filter, the API now returns all updates that involve a channel of which the filter key has made an update
This is due to a callback being executed after the parent actor has been
cleaned up. We don't really care about the result anyway, so we can
safely ignore, even if the issue only arises in tests.
The root problem here is that we are making references to actor methods
from a callback, which we shouldn't do, because whatever we reference
may have disappeared by the time the callback tries to access it. A
better pattern would be to `pipe` the results of the `Future` to
oneself, but that would require more work and possibly change the FSM,
which seems overkill for the issue at hand.
When an actor sends a message to itself as part of its class definition,
there is no guarantee that this message will be processed first. Relying
on that to set the default payment handler is problematic and causes
race conditions in tests.
Add support for multi-part payments (MPP).
We can now send and receive multi-part payments, with a somewhat basic splitting algorithm that will be refined based on real-world usage.
Compatibility with other implementations hasn't been tested yet as they don't have a branch ready.
This compatibility testing may reveal small details that need to be changed and may invalidate pending multi-part invoices.
* Check configuration for obsolete keys on startup
We now check the loaded configuration for obsolete keys (that have been moved to a new section) and throw an error if any are found, which will prevent eclair from starting.
When sending a payment, if a node on the route answers with an
`UPDATE`-type error, we update our routing table with the new
`channel_update` that is attached to the error message.
But additional routing info (provided by receiver in payment requests)
take precedence over whatever data is in the routing table. If one of
the nodes contained in the routing info replies with a newer
`channel_update`, we will indeed update our routing table, before
retrying, but then we will override it by the (untouched) assisted routes.
We know also update the assisted routes.
* SqliteNetworkDb: add failing test
If a txid starts with 0, it will be stored as NUMERIC, leading 0s will be stripped, and we won't be able to read it back as a ByteVector32
* Sqlite: use TEXT type for strings
* Check that creating a table that already exists with different column types is a NOOP
* Update list of commands in eclair-cli help (#1091)
* Add missing API endpoints to eclair-cli help
* Documentation update (#1092)
* Typed amounts (#1088)
* Route computation: fix fee check (#1101)
Fee check during route computation is:
- fee is below maximum value
- OR fee is below amout * maximum percentage
The second check was buggy and route computation would failed when fees we above maximum value but below maximum percentage of amount being paid.
* Publish transactions during transitions (#1089)
Follow up to #1082.
The goal is to be able to publish transactions only after we have
persisted the state. Otherwise we may run into corner cases like [1]
where a refund tx has been published, but we haven't kept track of it
and generate a different one (with different fees) the next time.
As a side effect, we can now remove the special case that we were
doing when publishing the funding tx, and remove the `store` function.
NB: the new `calling` transition method isn't restricted to publishing
transactions but that is the only use case for now.
[1] https://github.com/ACINQ/eclair-mobile/issues/206
* Typed cltv expiry (#1104)
Untyped cltv expiry was confusing: delta and absolute expiries really need to be handled differently.
Even variable names were sometimes misleading.
Now the compiler will help us catch errors early.
* Extended queries optional (#899)
This is the implementation of https://github.com/lightningnetwork/lightning-rfc/pull/557.
* Correctly handle multiple channel_range_replies
The scheme we use to keep tracks of channel queries with each peer would forget about
missing data when several channel_range_replies are sent back for a single channel_range_queries.
* RoutingSync: remove peer entry properly
* Remove peer entry on our sync map only when we've received
a `reply_short_channel_ids_end` message.
* Make routing sync test more explicit
* Do not send channel queries if we don't want to sync
* Router: clean our sync state when we (re)connect to a peer
We must clean up leftovers for the previous session and start the sync process again.
* Router: reset sync state on reconnection
When we're reconnected to a peer we will start a new sync process and should reset our sync
state with that peer.
* Extended Queries: use TLV format for optional data
Optional query extensions now use TLV instead of a custom format.
Flags are encoded as varint instead of bytes as originally proposed. With the current proposal they will all fit on a single byte, but will be
much easier to extends this way.
* TLV Stream: Implement a generic "get" method for TLV fields
If a have a TLV stream of type MyTLV which is a subtype of TLV, and MyTLV1 and MYTLV2 are both
subtypes of MyTLV then we can use stream.get[MyTLV1] to get the TLV record of type MYTLV1 (if any)
in our TLV stream.
* Channel range queries: send back node announcements if requested (#1108)
This PR adds support for sending back node announcements when replying to channel range queries:
- when explicitly requested (bit is set in the optional query flag)
- when query flags are not used and a channel announcement is sent (as per the BOLTs)
A new configuration option `request-node-announcements` has been added in the `router` section. If set to true, we
will request node announcements when we receive a channel id (through channel range queries) that we don't know of.
This is a setting that we will probably turn off on mobile devices.
* Rework router data structures (#902)
Instead of using two separate maps (for channels and channel_updates), we now use a single map, which groups channel+channel_updates. This is also true for data storage, resulting in the removal of the channel_updates table.
* Add more numeric utilities to MilliSatoshi (#1103)
Add comparisons and postfix operators.
Update most of the codebase to leverage those.
* Use unsigned comparison for 'maxHtlcValueInFlightMsat' (#1105)
* Add a sync whitelist (#954)
We will only sync with whilelisted peer. If the whitelist is empty then
we sync with everyone.
* Move http APIs to subproject eclair-node (#1102)
* Fix regression in `Commitments.availableForSend` (#1107)
We must consider `nextRemoteCommit` when applicable.
This is a regression caused in #784. The core bug only exists when we
have a pending unacked `commit_sig`, but since we only send the
`AvailableBalanceChanged` event when sending a signature (not when
receiving a revocation), actors relying on this event to know the
current available balance (e.g. the `Relayer`) will have a wrong
value in-between two outgoing sigs.
* Bolt4: remove final_expiry_too_soon error message (#1106)
It allowed probing attacks and the spec deprecated it in favor of IncorrectOrUnknownPaymentDetails.
Also add better support for unknown failure messages.
* Fix maven mirror (#1120)
* Use Long to back the UInt64 type (#1109)
* Define comparison operators between UInt64 and MilliSatoshi
* Implement Bolt 11 invoice feature bits (#1121)
lightningnetwork/lightning-rfc#656 introduced invoice feature bits as a pre-requisite for AMP and other advanced payment use-cases.
* Update docker build (#1123)
* Update docker base image to jdk11, update maven to 3.6.2 [ci skip]
* Reject expired invoices before payment flow starts (#1117)
* Made sync params configurable (#1124)
This allows us to choose smaller parameters for tests and reduce cpu
requirement during testing.
NB: The default value of 3500 for `reply_channel_range` was wrong. Theoretical max is ~2700.
* Activate support for variable-length onion (#1087)
This is now enabled by default.
We forward variable-length onions if we receive some.
We accept variable-length payments.
However for maximum compatibility with the network, we send payments using legacy payloads.
* Add Semaphore CI (#1125)
* Router computes network stats (#1116)
* Add comments and fix warnings in graph processing
* Add small feature to set the htlcMaximumMsat for routing hints (otherwise the graph processing algorithm used a minimum value which slightly reduced the benefits of those routing hints)
* Add the computation of network statistics to the router: this will be useful for multi-part payments to decide what thresholds should be used to split a payment
* Add monitoring with Kamon (disabled by default) (#1126)
For now:
- we only track some tasks (especially in the router, but not even
`node_announcement` and `channel_update`
- all db calls are monitored
- kamon is disabled by default
* Check funds in millisatoshi when sending/receiving an HTLC (#1128)
Instead of satoshi, which could introduce rounding errors.
Also, we check first the balance before the max-inflight amount, because
it makes more sense in terms of error management.
Co-Authored-By: Bastien Teinturier <31281497+t-bast@users.noreply.github.com>
* Don't hardcode the channel version (#1129)
Instead of hardcoding the channel version when we instantiate the
`Commitments` object, we rather define it when the channel is
instantiated. This is saner and prepares future usage.
* Removed Globals class (#1127)
This is a prerequisite to parallelization of tests.
* Make tests run in parallel (#1112)
There are two level of parallelization:
- between test suites (a suite = a test file)
- within a suite (depends on tests suites, some rely on sequential execution of tests, some don't)
* Add codecov integration to semaphore CI (#1134)
* Remove codecov integration from travis CI
* Drop support for Java 8 (#1135)
We already have Java 7 (for Android) and Java 11. Supporting Java 8
would require crossbuilding, which we are not doing (two recent PRs
broke the build on Java 8).
* Sphinx: accept invalid downstream errors (#1137)
When a downstream node sends us an onion error with an invalid length, we must forward the failure.
The recipient won't be able to extract the error but at least it knows the payment failed.
* Update string to match on bitcoind while it's indexing (#1138)
* Check for bitcoind's getrawtransaction availablilty during startup
* Peer: disable kamon
* Payment lifecycle refactoring (#1130)
* Unify payment events (no more duplication between payment types and events)
* Factorize DB and eventStream interactions: this paves the way for sub-payments that shouldn't be stored in the DB nor emit events.
* Add more fields to the payments DB:
* bolt 11 invoice for sent payment
* external id (for app developers)
* parent id (AMP)
* target node id
* fees
* route (if success)
* failures (if failed)
* Re-work the PaymentsDb interface
* Clarify use of seconds / milliseconds in DB interfaces -> milliseconds everywhere
* Run SQL migrations inside transactions
* Improve error handling when we couldn't find all the channels for a supplied route in /sendtoroute API (#1142)
* Improve error handling when we couldn't find all the channels for a supplied route in /sendtoroute
* Handle fees increases when channel is OFFLINE (#1080)
* Add 'close-on-offline-feerate-mismatch' configuration to avoid closing offline channel when the feerate mismatch if over the threshold.
* Derive channel keys from the channel funding pubkey (#1097)
We now generate a random funding key for each new channel, and use its public key to deterministically derive all channel keys and secrets. This will let us easily recover funds using DLP even if we've lost everything but our seed: we just need to connect to the node we had a channel with, ask them to publish their commit tx, and once we see it on the blockchain we can extract our funding pubkey, recompute channel keys and spend our output.
* Add a "funding pubkey path" option to the channel version field
This option is checked when we need to compute channel keys. For old channels it won't be set, and we always set it for new ones.
* ChannelVersion: make sure that all bits are set to 0 for legacy channels
* ChannelVersion: USE_PUBKEY_KEYPATH is set by default
* Check if remote funder can handle an updated commit fee when sending HTLC (#1084)
If the sender of an htlc isn't the funder, then both sides will have to afford the payment:
- the sender needs to be able to afford the htlc amount
- the funder needs to be able to afford the greater commit tx fee incurred by the additional htlc output.
Fixes#1081.
Co-Authored-By: Pierre-Marie Padiou <pm47@users.noreply.github.com>
* Fix and expand channel keypath (#1147)
* Fix funding pubkey to channel key path computation
Channel key path is generated from 8 bytes computed from our funding pubkey, but we extracted 4 uint32 values instead of 2 (last 2 were always 0). We now use 128 bits to derive channel key paths.
* Add a channel key path compatibility test
This test will fail if we change the way we compute channel key paths, which would break existing channels.
* Use the same chain hash reference in all channel updates
To save memory, once we check that a channel_update's chain hash matches what
we expect we just replace it with a reference to our own chain hash.
* Commitments: take HTLC fee into account (#1152)
Our balance computation was slightly incorrect. If you want to know how much you can send (or receive), you need to take into account the fact that you'll add a new HTLC which adds weight to the commit tx (and thus adds fees).
* Android: add a spray-based API to eclair-node
This is a copy of the spray-based API developped by @araspitzu (akka-http does not
work for akka 2.3 which we use on the android branch)
* HTTP API: add type hints for payment status (#1150)
Cleans up the JSON payment status (easier to interpret for callers).
* Use "mock" Kamon library
Kamon does not work on Android and does not make much sense, so we replace
it with a basic Mock implementation that does nothing.
* Electrum: improve coin selection (fixes#1146) (#1149)
Our previous coin selection would sometimes fail when there was one wallet utxo and and low
feerate, because our first pass used a fee estimate that was too high and could sometimes not be met.
* Extend funding key path to 256 bits (#1154)
Our random funding key path is now 8 * 32 bits plus a 1' (funder) or 0' (fundee).
Channel key paths are computed from the sha256 of the funding public key (we take all 256 bits).
* Use bitcoin 0.18.1 in the test (#1148)
* Upgrade new unit tests to bitcoin 0.18.1 API (#1157)
We had 2 open PRs, one that added new tests using the 0.API, one that switched to 0.18.1, when they were merged the new tests failed since they had not been upgraded....
* Update netty dependency to 4.1.32 (#1160)
Also:
* explicitely set endpoint identification algorithm in strict mode
* force TLS protocols 1.2/1.3 in strict mode
Co-Authored-By: Bastien Teinturier <31281497+t-bast@users.noreply.github.com>
* Add execution time limit (#1161)
* Android: wipe channels table during db migration
We already wipe the updates table, and this make upgrading much simpler since we had different structures on
android vs mater.
* Activate extended channel range queries (#1165)
By default we now set the `gossip_queries_ex` feature bit.
We also change how we compare feature bits, and will use channel queries (or extended queries) only if the corresponding feature bit is set in both local and remote init messages.
* Use guava to compute CRC32C checksums (#1166)
CRC32C is not available in JDK 7 which we target on Android.
* Activate extended channel range queries
By default we now set the `gossip_queries_ex` feature bit.
We also change how we compare feature bits, and will use channel queries (or extended queries) only if the corresponding feature bit is set in both local and remote init messages.
