1
0
mirror of https://github.com/ACINQ/eclair.git synced 2024-11-20 10:39:19 +01:00
Commit Graph

1516 Commits

Author SHA1 Message Date
Pierre-Marie Padiou
b56f0359fe
Fixed regression in rebroadcast (#713)
Fixed regression caused by 2c1811d: we now don't force sending a
channel_update at the same time with channel_announcement.
This greatly simplifies the rebroadcast logic, and is what caused the
integration test to fail.

Added proper test on Peer, testing the actor, not only static methods.
2018-09-19 16:42:09 +02:00
Pierre-Marie Padiou
448a1e4a82
Set default max-htlc-value-in-flight-msat=50mBTC (#707) 2018-09-18 17:04:11 +02:00
Pierre-Marie Padiou
db96c17fd2
Improve integration tests (#710)
* added more logs and improved integration test

* make travis cache maven data
2018-09-18 17:03:49 +02:00
Pierre-Marie Padiou
2c1811d18f
Remember pruned channels (#706)
Currently we don't remember channels that we have pruned, so we will happily revalidate the same channels again if a node re-sends them to us, and prune them again, a.k.a. the "zombie churn".

Before channel queries, rejecting a stale channel without validating it wasn't trivial,  because nodes sent us the `channel_announcement` before `channel_update`s, and only after receiving the `channel_update` could we know if the channel was still stale. Since we had no way of requesting the `channel_announcement` for one particular channel, we would have to buffer it, which would lead to potential DOS issues. 

But now that we have channel queries, we can now be much more efficient. Process goes like this:
(1) channel x is detected as stale gets pruned, and its id is added to the pruned db
(2) later on we receive a `channel_announcement` from Eve, we ignore it because the channel is in the pruned db
(3) we also receive old `channel_update`s from Eve nodes, just ignore them because we don't know the channel
(4) then one day some other node George sends us the `channel_announcement`, we still ignore it because the channel is still in the pruned db
(5) but then George sends us recent `channel_update`s, and we know that the channel is back from the dead. We ignore those `channel_update`s, but we aldo remove the channel id from the pruned db, and we request announcements for that node from George
(6) George sends us the `channel_announcement` again, we validate it
(7) George then sends us the `channel_update`s again, we process them
(8) done!

This also allows removing the pruning code that we were doing on-the-fly when answering to routing table sync requests.

Needless to say that this leads to a huge reduction in CPU/bandwidth usage on well-connected nodes.

Fixes #623, #624.
2018-09-17 18:30:10 +02:00
Pierre-Marie Padiou
52b161f5e9
Ignore bad announcements sent by peers (#705)
Nodes currently receive tons of bogus channel_announcements, mainly with unexisting or long-spent funding transactions. Of course those don't pass the validation and are rejected, but that takes a significant amount of resources: bandwidth, multiple calls to bitcoind, etc.

On top of that, we forget those announcements as soon as we have rejected them, and will happily revalidate them next time we receive them. As a result, a typical node on mainnet will validate 10s of thousands of useless announcements every day.

As far as we know, this is apparently due to bug in another implementation, but that may very well be used as a DOS attack vector in the future.

This PR adds a simple mechanism to react to misbehaving peer and handle three types of misbehaviors:
(a) bad announcement sigs: that is a serious offense, for now we just close the connection, but in the future we will ban the peer for that kind of things (the same way bitcoin core does)
(b) funding tx already spent: peer send us channel_announcement, but the channel has been closed (funding tx already spent); if we receive too many of those, we will ignore future announcements from this peer for a given time
(c) same as (b), but the channel doesn't even exist (funding tx not found). That may be due to reorgs on testnet.

Needless to say that this leads to a huge reduction in CPU/bandwidth usage on well-connected nodes.
2018-09-17 17:12:41 +02:00
Pierre-Marie Padiou
1ce486ad20
Added LocalCommitConfirmed event (#701)
This event includes the block height at which we will be able to claim
our main output, which comes in handy for user interfaces.
2018-09-17 17:09:50 +02:00
rorp
a85b6d6175 Improve startup error handling (#696)
* Improve startup error handling

* minor changes to ZMQACtor

Scheduler now sends messages instead of directly calling our checkXX methods.
It will work the same but should fix the NPE we sometimes get when we stop the app.
2018-09-17 15:29:43 +02:00
Fabrice Drouin
8c075ee73a
Correctly handle multiple channel_range_replies (#704)
* Correctly handle multiple channel_range_replies

The scheme we use to keep tracks of channel queries with each peer would forget about
missing data when several channel_range_replies are sent back for a single channel_range_queries.

* RoutingSync: remove peer entry properly

* Remove peer entry on our sync map only when we've received a `reply_short_channel_ids_end` message.
* Make routing sync test more explicit

* Routing Sync: rename Sync.count to Sync.totalMissingCount
2018-09-17 15:25:39 +02:00
Pierre-Marie Padiou
c9184146d5
Added catch-all handler for local commit (minor) (#699) 2018-09-12 20:25:22 +02:00
Pierre-Marie Padiou
8645038943
Switched commitment log level to info (minor) (#700)
* switched commitment log level to info

* reduced test log level

* attempt at fixing tests timeout
2018-09-12 19:13:39 +02:00
Pierre-Marie Padiou
b60183628f
Handle overriden htlcs in remote close scenario (#697)
When we just signed an outgoing htlc, it is only present in the next
remote commit (which will become the remote commit once the current one
is revoked).

If we unilaterally close the channel, and our commitment is confirmed,
then the htlc will never reach the chain, it has been "overriden" and
should be failed ASAP. This is correctly handled since
6d5ec8c4fa.

But if remote unilaterally close the channel with its *current*
commitment (that doesn't contain the htlc), then the same thing happens:
the htlc is also "overriden", and we should fail it.

This fixes #691.
2018-09-12 18:24:18 +02:00
Pierre-Marie Padiou
f5a5985205
Multiple fixes in payment lifecycle (#693)
* permissive codec for failure messages

Some implementations were including/ommitting the message type when
including a `channel_update` in failure messages.

We now use a codec that supports both versions for decoding, and
will encode *with* the message type.

* make router handle updates from failure messages

This is a regression caused by 9f708acf04,
which made the `Peer` class encapsulates network announcements inside
`PeerRoutingMessage`, in order to preserve the origin of the messages.

But when we get channel updates as part of failure messages when making
payments, they weren't encapsulated and were ignored by the router.

Re-enabled a non-regression test in `IntegrationSpec` which will prevent
this from happening in the future.

* improve handling of `Update` payment failures

Exclude nodes that send us multiple `Update` failures for the same
payment (they may be bad actors)
2018-09-11 18:07:24 +02:00
Fabrice Drouin
12a80afd03
Mention Docker in our build instructions (fixes #669) (#685)
Mention Docker in our build instructions (fixes #669)
2018-09-03 18:03:40 +02:00
Pierre-Marie Padiou
6e0d087c5f
Fixed htlc absolute expiry checks (#687)
There are two different expiry checks:
(a) relative checks: when relaying an htlc, we need to be sure that
the difference of expiries between the outgoing htlc and the incoming
htlc is equal to the `cltv_expiry_delta` that we advertise in the
`channel_update` for the outgoing channel;
(b) absolute checks: we need to make sure that those values are not too
early or too far compared to the current "blockchain time".

The check for (a) needs to be done in the `Relayer`, which is the case
currently. This means that we will check the expiry delta *after* having
signed the incoming htlc, and we will fail the htlc (not the channel) if
the delta is incorrect.

The check for (b) was done in the `Commitments.receiveAdd` method. This
seems to make sense, because we would want to make sure as early as
possible that an incoming htlc has correct expiries, but it is actually
incorrect: the spec tells us to accept (=cross-sign) the htlc, and only
then to fail it before relaying it to the next node.

Indeed there is no risk in accepting an htlc that has an expiry in the
past, or an expiry very far in the future, because this only affects the
counterparty's balance. We just don't want to sign that kind of outgoing
htlcs.

Moving the check to the `sendAdd` will result in an error being return
to the relayer, which will then fail the corresponding incoming htlc.
2018-09-03 17:49:36 +02:00
Pierre-Marie Padiou
15c73273b6
Removed max body size in http client (#686)
* removed max body size in http client

This is required because since f3676c6497
we retrieve multiple full blocks in parallel.

* trivial: removed unused code

* trivial: added log

* trivial: more unused code removal
2018-08-31 15:46:41 +02:00
Fabrice Drouin
f0f8f0c24a
Add a "smooth" fee provider (#684)
* Add a "smooth" fee provider

It will return the moving average of fee estimates provided by
its internal fee provider, within a user defined window that can
be set with eclair.smooth-feerate-window. 

* Use a default fee rate smoothing window of 3

This should smooth our fee rate when there is a sudden change in
onchain fees and prevent channels with c-lightning node from getting
closed because they disagree with our fee rate.
2018-08-30 17:46:17 +02:00
Gustavo Fernandes
4b6a7c0aad Add logging customisation info (#680) 2018-08-30 14:00:24 +02:00
Pierre-Marie Padiou
148e197e45
(trivial) restore gitter logo color 2018-08-29 14:54:38 +02:00
Fabrice Drouin
484bcd768d
Add an issue template (#683) 2018-08-27 18:11:12 +02:00
rorp
e62f6ccdfd Use user-provided fee rate for funding tx (fixes #639)
Use user-provided fee rate for funding tx
2018-08-27 16:25:44 +02:00
Pierre-Marie Padiou
82973cdb76
Fixed some logs and added ChannelPersisted event (#674)
* ignore answers to CMD_UPDATE_FEE

* ignore BITCOIN_FUNDING_DEPTHOK in OFFLINE/SYNCING

* ignore BITCOIN_FUNDING_DEEPLYBURIED in OFFLINE/SYNCING

* improvements in eclair-cli:
   - Made default `channel`/`channels` outputs more useful.
   - Added support for timestamp filtering to `audit` and `networkfees`.

* added `ChannelPersisted` event
2018-08-15 14:39:19 +02:00
Pierre-Marie Padiou
952f94c2a8
Send query_short_channel_ids sequentially (#672)
and add a event to follow the synchronization progress.
2018-08-15 14:34:45 +02:00
Pierre-Marie Padiou
24db529d8b
Handle unknown remote commit in recovery logic (#667)
Our recovery logic didn't handle the case were our local commit is
up-to-date, but we don't know their local commit (probably because we
just lost the last state were we sent them a new `commit_sig`).

Also, process all cases in the same `channel_reestablish` handler, like we do
everywhere else.

Moved the sync tests in `Helpers` so that they are more understandable.
2018-08-10 12:27:09 +02:00
Pierre-Marie Padiou
f3676c6497
Get full blocks when looking for spending tx (#666)
* get full blocks when looking for spending tx

With a verbosity of `0`, `getblock` returns the raw serialized
block. It saves us from calling `getrawtransaction` for each transaction
in the block.

Fixes #664.
2018-08-03 12:17:09 +02:00
Pierre-Marie Padiou
6d5ec8c4fa
Fail unsigned outgoing htlcs at CLOSING (#660)
This can happen in an unilateral close scenario, when local commit
"wins" the race to the blockchain, and some outgoing htlcs weren't yet
signed by remote.

This fixes #649.
2018-07-31 16:04:55 +02:00
Pierre-Marie Padiou
75d23cf1b3
Audit: Keep track of sent/received/relayed payments and relay/network fees (#654)
Added a new `AuditDb` which keeps tracks of:
- every single payment (received/sent/relayed)
- every single network fee paid to the miners (funding, closing, and all commit/htlc transactions)

Note that network fees are considered paid when the corresponding tx has reached `min_depth`, it makes sense and allows us to compute the fee in one single place in the `CLOSING` handler. There is an exception for the funding tx, for which we consider the fee paid when the tx has successfully been published to the network. It simplifies the implementation and the tradeoff seems acceptable.

Three new functions have been added to the json-rpc api:
- `audit`: returns all individual payments, with optional filtering on timestamp.
- `networkfees`: returns every single fee paid to the miners, by type (`funding`, `mutual`, `revoked-commit`, etc.) and by channel, with optional filtering on timestamp.
- `channelstats`: maybe the most useful method; it returns a number of information per channel, including the `relayFee` (earned) and the `networkFee` (paid).

The `channels` method now returns details information about channels. It makes it far easier to compute aggregate information about channels using the command line.

Also added a new `ChannelFailed` event that allows e.g. the mobile app to know why a channel got closed.
2018-07-25 16:47:38 +02:00
rorp
924efeabe3 Fix Bitcoin JSON RPC client's rounding errors (#616)
* Fix Bitcoin JSON RPC client's rounding errors

* FundTransactionResponse fee field type is now Satoshi, fix Electrum tests

* BitcoinCoreFeeProvider: rework error handling code
2018-07-24 18:43:35 +02:00
Pierre-Marie Padiou
633deb5c0b
Send an event when an error occurs in a channel (#663)
This allows e.g. the mobile app to know why a channel got closed.
Depending on whether the error is local or remote, a
`Throwable`/`wire.Error` will be attached to the event.
2018-07-18 14:45:12 +02:00
Chris Stewart
fe82641e92 Clean up ExecutionContext/ActorSystem (#652)
This allows for a user of the library to implicitly pass the `ActorSystem` to the eclair node. Although if you are running multiple eclair instances on the same machine you need to make sure the `ActorSystems` that are passed implicitly are unique.
2018-07-16 14:25:20 +02:00
Fabrice Drouin
fef0df7607
Use "unsigned long" comparison for short channel ids (#656) 2018-07-16 12:18:38 +02:00
Fabrice Drouin
9f708acf04
Improve initial routing sync (#453)
* Implement new 'routing sync' messages

* add a new feature bit for channel queries

when we receive their init message and check their features:
- if they set `initial_routing_sync` and `channel_range_queries` we do nothing, we should receive a
range query shorly
- if they support channel range queries we send a range query

* Modify query_short_channel_id to ask for a range of ids

And not just a single id

* use `SortedMap` to store channel announcements

* don't send prune channels with channel range queries

* update range queries type to match BOLT PR

* add timestamp-based filters for gossip messages

each peer can speficy a `timestamp range` to filter gossip messages against.

* don't preserve order in `decodeShortChannelIds`

It is not needed and allows us to return a `Set`, which is better suited
to how we use the result.

* channel range queries: handle multi-message responses

Handle case where there are too many short ids to fit in a single message.

* channel range queries: use zlib instead of gzip

but detect when a message was encoded with gzip and reply with gzip in that case.

* router: add more channel range queries logs

* Channel range queries: correctly set firstBlockNum and numberOfBlocks fields

* channel range queries: properly handle case where there is no data

we will just receive on byte (compression format)

* channel range queries: use their compression format to query channels

when we query channels with `query_short_channel_ids`, we now use the same compression
format as in their `repy_channel_range` message. So we should be able to communicate
with peers that have not implemented all compression formats.

* router: make sure that channel ids are sorted

For channel range queries to work properly, channel ids need to be sorted.
It is then much more efficient to use a sorted map in our router state.

* always use `keySet` instead of `keys`

`SortedMap`.`keySet` returns a `SortedSet`, whereas `SortedMap`.`keys`
returns an `Iterable`. This is a critical difference because channel
range queries has requirements on ordering of channel ids.

Using the former allows us to rely on type guarantees instead of on
assumptions that the `Iterable` is sorted in `ChannelRangeQueries`.

There is no cost difference as internally the `Iterator` is actually a
`SortedSet`.

Also, explicitely specified the type instead of relying on comments in
`Router`.

* publish channel update event on router startup

* channel range queries: use uint32 for 4-byte integers (and not int32)

* channel range queries: make sure we send at least one reply to `query_channel_range`

reply to `query_channel_range` messages for which we have no matching channel ids
with a single `reply_channel_range` that contains no channel ids.

* channel range queries: handle `query_channel_range` cleanly

add an explicit test when we have no matching channel ids and send back a reply with an
empty (uncompressed) channel ids payload

* channel range queries: rename GossipTimeRange to GossipTimestampFilter

* channel range queries: add gossip filtering test

* peer: forward all routing messages to the router

and not just channel range queries. this should not break anything and if
it does it would reveal a problem

* peer: add remote node id to messages sent to the router

this will improve logging and debugging and will help if we implement
banning strategies for mis-behaving peers

* router: filter messages with a wrong chainHash more cleanly

* channel range queries: set a "pass-all" timestamp filter

* router: remove useless pattern match

ChannelUpdates are wapped in a PeerRoutingMessage now

* Peer: fit typo in comment

* Peer: optimize our timestamp filter

* Router: use mdc to log remote node id when possible

* fix typos and improve log message formatting

* Peer: rephrase scala doc comment that breaks travis

* Peer: improve timestamp filtering + minor fixes

* Electrum tests: properly stop actor system at the end of the test

* Peer: filter out node announcements against our peer's timestamp

But we don't prune node annoucements for which we don't have a matching
channel in the same "rebroadcast" message
2018-07-12 21:36:57 +02:00
Pierre-Marie Padiou
5ea623ae8c
Relay payments to channel with highest balance (#648)
* relay htlcs to channels with the highest balance

In order to reduce unnecessary back-and-forth in case an outgoing
channel doesn't have enough capacity but another one has, the relayer
can now forward a payment to a different channel that the one specified
in the onion (to the same node of course).

If this preferred channel returns an error, then we will retry to the original
requested channel, this way if it fails again, the sender will always receive 
an error for the channel she requested.
2018-07-09 12:36:11 +02:00
nayuta-gondo
5ad65063a0 Set MIN_CLTV_EXPIRY to 9 as per BOLT 11 (#650) 2018-07-09 11:17:32 +02:00
Pierre-Marie Padiou
86e91f76fc
Added context to logs (#638)
* improved logs on sig sent/received

* put 'sent announcements' log in debug

* added logging of IN/OUT wire messages

* added mdc support to IO classes

* reduced package length to 24 chars in logs
2018-07-02 18:25:19 +02:00
Fabrice Drouin
923d8661f8
Electrum: add wallet and watcher tests (via Docker) (#592)
* add basic electrum wallet test

our wallet connects to a dockerized electrumx server

* electrum: clean up tests, and add watcher docker tests

* electrum wallet: fix balance computation issue

when different keys produced the exact same confirmed + unconfirmed balances, we
would compute an invalid balance because these duplicates would be pruned.

* electrum: rename wallet test

* electrum: add a specific test with identical outputs

* electrum: change scripthash balance logging level to debug

* electrum: make docker tests run on windows/mac

Our electrumx docker container needs to contains to bitcoind that is running on the host.
On linux we use the host network mode, which is not available on windows/osx
On windows/osx we use host.docker.internal, which is not available on linux. This
requires docker 18.03 or higher.
2018-06-27 14:34:02 +02:00
sstone
a74a62b359
Revert "electrum: make docker tests run on windows/mac"
This reverts commit eecddcb340.
2018-06-27 14:26:00 +02:00
sstone
eecddcb340
electrum: make docker tests run on windows/mac
Our electrumx docker container needs to contains to bitcoind that
    is running on the host.
    On linux we use the host network mode, which is not available on windows/osx
    On windows/osx we use host.docker.internal, which is not available on linux. This
    requires docker 18.03 or higher.

    electrum: change scripthash balance logging level to debug

    electrum: add a specific test with identical outputs

    electrum: rename wallet test

    electrum wallet: fix balance computation issue

    when different keys produced the exact same confirmed + unconfirmed balances, we
    would compute an invalid balance because these duplicates would be pruned.

    electrum: clean up tests, and add watcher docker tests

    add basic electrum wallet test

    our wallet connects to a dockerized electrumx server
2018-06-26 23:12:48 +02:00
Dominique
2d829d40eb
Can generate payment request with extra routing information (#637)
* `ReceivePayment` now accepts additional routing info, which is useful for nodes that are not announced on the network but still want to receive funds.
2018-06-26 18:35:22 +02:00
rorp
71e50520ec Proper parsing of public-ips config parameter
* Fix scala.NotImplementedError when public-ips config parameter contains invalid values

* more comprehensive validations

* fix unit tests

This fixes #630
2018-06-26 18:15:01 +02:00
sstone
cd6524e25b
set version to 0.2-SNAPSHOT 2018-06-20 09:45:09 +02:00
sstone
8aa51f4e02
set version to 0.2-beta5 2018-06-20 09:21:05 +02:00
Pierre-Marie Padiou
a9348f0774
Check when relay fee is insufficient (#634)
We should return a `FeeInsufficient` error when an incoming htlc doesn't
pay us what we require in our latest `channel_update`.

Note that the spec encourages us to being a bit more lax than that (BOLT
7):

> SHOULD accept HTLCs that pay an older fee, for some reasonable time
after sending channel_update.

>    Note: this allows for any propagation delay.
2018-06-19 16:58:40 +02:00
n1bor
b7b9f4929a Add api call to update channel relay fees (#620)
* add api call to update channel relay fees

* fixed bug in GUI, as channel can had different fees in each direction!

* fire transitions on `TickRefreshChannelUpdate` (fixes #621)

* make router publish `channel_update`s on startup

* (gui) Channel info fees are now options and case where channels have no known fees data is now properly handled.
2018-06-19 14:09:37 +02:00
n1bor
b3731adabd Adding ability to set expiry when creating a new invoice (#632) 2018-06-19 13:13:07 +02:00
Fabrice Drouin
5afd9fa035
Add missing BOLT 2 checks (fixes #613) (#618)
* rename InvalidDustLimit to DustLimitTooSmall
* make sure that our reserve is above our dust limit
* check that their accept message is valid

see BOLT 2:
- their channel reserve must be above their dust limit
- their channel reserve must be above our dust limit
- their dust limit must be below our reserve

* channel: check to_local and to_remote amounts againt channel_reserve_satoshis

see BOLT 2: The receiving node MUST fail the channel if both to_local and to_remote amounts for
the initial commitment transaction are less than or equal to channel_reserve_satoshis (see BOLT 3).

* channel: check that their open.max_accepted_htlcs is valid
2018-06-18 19:06:14 +02:00
Fabrice Drouin
3a38c734ed
Routing: remove final CLTV expiry check on outgoing HTLCs (#627)
Checking the final CLTV expiry makes sense when we receive a payment, but
not when we're sending one
2018-06-14 10:28:45 +02:00
sstone
a85ba9ceef
set version to 0.2-SNAPSHOT 2018-05-30 19:15:06 +02:00
sstone
e6fe077582
set version to 0.2-beta4 2018-05-30 19:11:44 +02:00
Dominique
e1b884c58d Add server address in ElectrumReady object (#556)
* Added server address in ElectrumReady object

* Assigned remote address to variable to improve readability

* Checking that the master address exists in the addresses map
2018-05-30 18:53:07 +02:00
Anton Kumaigorodski
d75788039a Inform clients about incoming payments via websocket connection (#610) 2018-05-30 15:20:55 +02:00