1
0
mirror of https://github.com/lightning/bolts.git synced 2024-11-19 10:00:04 +01:00
Commit Graph

916 Commits

Author SHA1 Message Date
Rusty Russell
f8e5c92fb5 channel_update: make sure we use alias scids correctly.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2022-05-30 20:47:49 +00:00
Rusty Russell
7aa76b67b2 BOLT 2: add channel_type for option_scid_alias
Allows upgrade in future.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2022-05-30 20:47:49 +00:00
Rusty Russell
faa6c413b9 BOLT 2: Restore minimum_depth requirement, but explicitly allow 0.
And weaken it: the opener doesn't need to respect it.

Note also that the `funding_locked`-can-change-alias refers to the same peer.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2022-05-30 20:47:49 +00:00
Rusty Russell
d41cc1ec12 Explicitly allow funding_locked early, and support alias scids.
This lets you add your brand new channel to routehints, and also
means you can use a routehinted channel even if you (later?) have a
real channel.

This supports both trusted and untrusted zero-conf channels: in the
trusted case you can use it immediately like any other channel,
and for the untrusted case you simply use any push_msat they gave you
for outgoing payments, but fail incoming.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2022-05-30 20:47:49 +00:00
Ken Sedgwick
d975de1ba5
Clarify the sighash types for HTLC Success and Timeout transactions (#954) 2022-01-31 21:05:20 +01:00
lightning-developer
29db92f334
Removed requirement to broadcast an outdated commitment transaction (#942)
If a node has to fail a channel but knows that its latest commitment transaction is outdated it should not be required to send it but rather wait for the peer to unilaterally close the channel. 

The proposed solution is not so clean because it might produce a deadlock in which two peers assume they have outdated state and send `error` back and forth without actually force closing. Maybe in such a scenario we could create a protocol that mutually closes with split balance? 

Also replaced the word use with broadcast as it seems more accurate.

Co-authored-by: t-bast <bastuc@hotmail.fr>
2022-01-17 20:09:28 +01:00
Matt Corallo
ed7b5f5749
Merge pull request #917 from m-schmoock/bolt1-remote-address
BOLT 1: adds remote address to optional init_tlvs (IP discovery)
2022-01-17 19:05:46 +00:00
Matt Corallo
c878cd8e1d
s/send a warning/warn the user/ in BOLT 5 to avoid confusion (#951)
Prior to the addition of `warning` messages, BOLT 5 specified a
few cases where users should be warned that funds may have been
lost. However, it used the phrasing "send a warning" which can now
be confused  with `warning` messages. Nodes should not generally
inform their counterparty that they have been robbed.
2022-01-17 19:40:47 +01:00
Michael Schmoock
efe9d2d151 BOLT 1: adds remote address to optional init_tlvs
This adds the option to report an remote IP address back to a connecting
peer using the `init` message. A node can decide to use that information
to discover a potential update to its public IPv4 address (NAT) and use
that for a `node_announcement` update message containing the new address.

The proposal includes reporting the IPv4 and IPv6 address,
however in IPv6 there are likely no NAT issues. TOR is skipped for
obvious reasons.

Certain approaches to check and use this information are thinkable:
 - Wait for multiple peers or a certain fraction to report the
   same new address.
 - Check some random node known via gossip to also report the new
   address.
 - Verify this information by making a test connection to itself.
2022-01-07 16:39:19 +01:00
Olaoluwa Osuntokun
ea37941537
anchors: follow up changes after initial zero fee anchors merge (#903)
We can remove references to anchors in a few places, and you need
static key in order to support it, so that reference is redundant.
2022-01-04 09:26:43 +01:00
Matt Corallo
f6c4d76041
Merge pull request #912 from joostjager/custom-invoice-data
Add payment metadata to payment request (feature 48)
2022-01-03 20:18:52 +00:00
Matt Corallo
93909f67f6
Merge pull request #950 from rustyrussell/guilt/soft-errors
Really: BOLT 1: introduce warning messages, reduce requirements to send (hard) errors
2022-01-03 19:36:04 +00:00
Rusty Russell
8032f70f57 BOLT 1: Restore all-zero error semantics
There were valid uses for "I don't want to talk to you anymore" apparently!

Also fixed some tabs -> spaces.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2022-01-04 05:55:42 +10:30
Joost Jager
2ab3a9f022
Add payment metadata to payment request 2022-01-03 20:09:14 +01:00
Rusty Russell
c36c14d6da BOLT 2: Error instead of warning on shutdown on unopened channel.
Abandoning channel is kinda what they want here.

Reported-by: Matt Corallo
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2021-12-14 10:32:24 +10:30
Rusty Russell
4fc9f51889 Update 03-transactions.md
Co-authored-by: Bastien Teinturier <31281497+t-bast@users.noreply.github.com>
2021-12-14 10:32:24 +10:30
Rusty Russell
eb6f3084c5 Make it explicit when to send warnings, errors, fail channel and close connection.
And make most places warn or error.  Places where we're operating
on a channel tend to be "warn and close connection" since we want to
forget the mistake they just sent, and closing the connection does that.

We now use the same words everywhere:
1. "fail channel" means to go onchain (if necessary).
2. "send `error`" means to send an error message.
3. "send `warning`" means to send a warning message.
4. "close connection" means close the connection.

These are all spelled out explicitly, rather than having "fail channel"
imply sending an error packet, for example.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2021-12-14 10:32:22 +10:30
Rusty Russell
474b68caea BOLT 1: Add warning message, remove "close all" error.
Under this spec, an error with an all-zero channel id is ignored.
Warnings, being odd, will be ignored by older nodes too.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2021-12-10 04:48:20 +10:30
Matt Corallo
58287e2f5b
Merge pull request #918 from TheBlueMatt/2021-09-drop-ping-rl
Drop ping sending rate-limit suggestion
2021-12-09 18:17:20 +00:00
Antoine Poinsot
886c8f0d98
gossip: deprecate Tor v2 onion services (#940)
Advise to not include/ignore them in announcements
2021-12-06 09:18:58 +01:00
Olaoluwa Osuntokun
630bf989db
BOLT-02+09: introduce feature bit to gate new channel_type feature (#906)
In this commit, we add a new feature bit to gate the new explicit
channel type funding via the new `channel_type` TLV. The addition of
this new bit allows peers to seek out other peers that understand the
new explicit channel negotiation. This is useful in practice, as it
allows peers to avoid needing to "downgrade" the feature bits advertised
at the connection level due to one peer not understanding a new
required feature bit while it has a channel with a connecting peer.

Such a workaround is already deployed on the network between lnd peers
and certain eclair peers, as the `lnd` peers require static key, but the
feature bit is unknown to eclair peers. This situation (forced
downgrade) is undesirable, as until the connected peer updates (or the
channel is closed) and "worst" feature bit set must always be advertised
in order to maintain connectivity.

The other benefit of adding this feature bit is that it allows
implementations to simplify their code by ensuring that the new feature
will be used before sending any messages that include or reference that
feature. Without a feature bit, peers are instead forced to essentially
guess if a peer understands that feature, with logic to be able to "bail
out" of an invalid state.

The addition of this feature bit matches the prior precedent of adding
feature bits when new fields in the channel negotiation message (last
one was upfront shutdown) are added.
2021-12-05 16:35:35 -08:00
Gregory Sanders
6458473336
BOLT01: Switch extension records to unknown fields in test vector (#938)
The test vectors for invalid `init` messages were invalid since we added
the `networks` tlv extension.

They are now fixed and made more future-proof by using tlvs with high
values.
2021-11-29 14:29:09 +01:00
ghost43
0dc3af80ce
Fix typo in name mailing list name (#931) 2021-10-27 15:54:09 +02:00
katesalazar
39806e7d8b
Make Markdown linguist-detectable (#930)
Before this change, repository gets detected as:

Python 51.1%
Shell 48.9%

After this change, repository gets detected as:

Markdown 98.0%
Other 2.0%

This change was added for a cosmetic effect on GitHub, and the line
this change adds can go away if needed.
2021-10-25 20:55:05 +02:00
Bastien Teinturier
86a96ea7c6
Remove link to lightning.network website (#926)
None of the project maintainers have access to that website.

It is completely outdated and could be modified without our consent,
so we shouldn't link to it anymore.
2021-10-19 08:15:02 +02:00
Adam Gibson
3d88d1dd31
Remove stale reference to the gamma key from Bolt 4 (#928)
Fixes #927.
The gamma key was removed from the onion routing spec in 8b29062.

Co-authored-by: Adam Gibson <AdamISZ@protonmail.com>
2021-10-19 08:14:36 +02:00
Bastien Teinturier
8f2104e3b6
Peers need to check each other's dust limit (#894)
Since HTLCs below this amount will not appear in the commitment tx, they
are effectively converted to miner fees. The peer could use this to grief
you by broadcasting its commitment once it contains a lot of dust HTLCs.

Add network dust thresholds computation details, as implemented in Bitcoin
Core's default relay policy.

Drop non-segwit support in shutdown: this allows dust limit to go as low
as 354 sats without creating relay issues with default node policies.

We add a requirement that dust limit cannot be lower than 354 sats.
This ensures implementers don't have to figure this subtlety on their own.

Fixes #696 and #905
2021-10-06 09:40:22 +02:00
Bastien Teinturier
e832059827
Restrict bitcoin amounts (#908)
It doesn't make sense to exchange amounts that exceed the total bitcoin
supply, so let's make that an explicit requirement.
2021-09-28 08:33:27 +02:00
Matt Corallo
49e1c1cba9 Drop ping sending rate-limit suggestion
There's not a lot of reason to explicitly rate-limit ping messages
on the sending side, hosts on the internet can *always* send you
as much traffic as they want, its up to you whether you want to
talk back to them.

This seems to have been intended as a cutoff where nodes can skip
responding to pings below a certain rate, but in practice 30
seconds is much too long a time to learn that your peer has
disconnected.

We could reduce the threshold, but its not like this is the only
place in the spec where a peer can request a message response, and
that is unlikely to change, making it of highly dubious value.
2021-09-27 20:42:03 +00:00
Bastien Teinturier
c876dac2b5
Add payment secret feature to Bolt 11 test vectors (#898)
Bolt 11 invoices must contain a `payment_secret`, which means that the
`features` field must set the `payment_secret` feature (and its dependency,
`var_onion_optin`).

Fixes #897
2021-09-14 09:11:45 +02:00
Rusty Russell
38abac6206
BOLT 3: add a missing Otherwise, don't SHOULD "be". (#907)
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2021-09-03 08:37:48 +02:00
Bastien Teinturier
498f104fd3
Update closing_signed fee requirement (#847)
With anchor outputs, we can keep the commit tx feerate lower than the real
on-chain feerate. That means that when closing the channel, the resulting
fee will not necessarily be lower than the current commit tx fee, this
requirement doesn't make sense to be strict.

Both sides can optionally include a preferred fee range in their
`closing_signed`. This lets their peer know what fees they find acceptable
and simplifies the closing negotiation.
2021-08-31 09:08:07 +02:00
Rusty Russell
4372f9d538 BOLT 2: define channel_type, make negotiation explicit.
This is extracted from channel_upgrade (#868), but used for opening
negotiation as suggested by @roasbeef on the last spec meeting.

It's a trivial change, fully backwards compatible, but now each channel
has a channel_type, which defines its behavior, rather than an ad-hoc
set of "sticky" feature bits.  It also means both peers can *support* a
feature without endorsing it.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2021-08-31 10:02:20 +09:30
Johan T. Halseth
fdc078f845
feature: define option_zero_htlc_tx_fee (feature 22/23) (#824)
This PR adds a new feature bit to define the new and improved anchor outputs commitment format.
2021-08-30 13:50:25 -07:00
Rusty Russell
d892c318af
BOLT 7: remove 2^32 restriction from channel_update as well. (#902)
This was missed in #877

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2021-08-30 18:29:21 +02:00
Olaoluwa Osuntokun
07c7caed51
Merge pull request #887 from lightningnetwork/bolt11-test-vectors-payment-secret
Make payment secret mandatory and update Bolt 11 test vectors
2021-08-16 18:37:21 -07:00
t-bast
ec1d4dc665
Make s field mandatory in invoices 2021-08-10 17:22:23 +02:00
t-bast
42bd71d49c
Add payment secret to Bolt 11 test vectors
Update Bolt 11 test vectors to always include a payment secret.

We want to make it mandatory in invoices which would make the existing
test vectors invalid.
2021-07-19 14:41:34 +02:00
Bastien Teinturier
84213f45c0
Remove HTLC amount restriction (#877)
We previously had a restriction on HTLC amounts to avoid big losses during
the early phases of the network, but it shouldn't be necessary anymore.

As long as we honor `max_htlc_value_in_flight_msat` and implementations
provide safe defaults for that parameter, we don't need that additional
restriction.
2021-06-21 22:41:46 +02:00
Matt Corallo
bda72c8305
Concretize Output Ordering to be less confusing (#876)
* Clean up output sorting wording to be a sorted list and way more explicit
* Retitle section to not mention input ordering as we do not need it
2021-06-21 22:14:27 +02:00
Bastien Teinturier
381650c7bc
Clarify Bolt 3 htlc tx output test vectors (#852)
It was sometimes unclear where we indexed by the output or the htlc id.
This is a follow-up from discussions made in #539.
2021-06-21 22:01:47 +02:00
Rusty Russell
3508e4e85d BOLT 2: option_shutdown_anysegwit
In bitcoin 0.19.0, standardness rules are going to be relaxed to allow
future witness versions.  Once this is widely deployed, it will be safe
to accept them, smoothing use of future segwit versions.

See: https://github.com/bitcoin/bitcoin/pull/15846

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2021-05-25 06:46:27 +09:30
Olaoluwa Osuntokun
46d798e104 BOLT-03: update test vectors w/ updated HTLC tie-breaker case 2021-05-25 06:45:20 +09:30
Olaoluwa Osuntokun
e3362410ac BOLT-03: make sats portion of HTLC CLTV tie-breaker more explicit
This commit is intended to fix an ambiguity in the spec that led to a
divergence in the sorting tie breaker between implementations, that can
lead to force closed transaction in practice. BIP 69 operates on the
output level, therefore it examines the _satoshi_ amount of a output
when sorting. The spec however, references BIP 69, but states that an
"identical" HTLC output may have the same `amount_msat` value.

In the wild this led to some implementations checking the _sat_ value of
an HTLC while others checked the _msat_ value. In the scenario where an
pair HTLC has the same _sat_ value, but differing _msat_ values, then
one will fall through to the tie-breaker, while the other while sort
them according to their _msat_ values.

In this commit, we attempt to make this requirement more explicit by
removing the reference to `msat`, and more explicitly describing when an
HTLC pair is to be considered identical.
2021-05-25 06:45:20 +09:30
Matt Corallo
a9db80e49d
Merge pull request #859 from LLFourn/patch-1
per_commitment_secret must be a valid secret key
2021-04-12 20:26:12 +00:00
Rusty Russell
83980de786
BOLT 4: remove space in formatting which prevented tools/extract-formats.py (#858)
This is the only one, so I simply removed it.  We'd notice if a new field
was introduced which didn't change the output these days, but this has been
here since 2017.

Here's the difference in extract-formats.py's output:

```diff
@@ -177,6 +177,9 @@
 msgtype,final_incorrect_htlc_amount,19
 msgdata,final_incorrect_htlc_amount,incoming_htlc_amt,u64,
 msgtype,channel_disabled,UPDATE|20
+msgdata,channel_disabled,flags,u16,
+msgdata,channel_disabled,len,u16,
+msgdata,channel_disabled,channel_update,byte,len
 msgtype,expiry_too_far,21
 msgtype,invalid_onion_payload,PERM|22
 msgdata,invalid_onion_payload,type,bigsize,
```

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
2021-04-08 08:54:01 +02:00
Lloyd Fournier
55ee3f406d
per_commitment_secret must be a valid secret key
See #832
2021-03-31 14:28:36 +11:00
araspitzu
b201efe054
BOLT 3: add test vectors for htlc-transactions in case where CLTV is used as tie-breaker for sorting (#539)
Add a serialized transactions test vector for the edge case of sorting htlc-timeout-tx
when there are multiple offered htlc with the same amount and preimage.

The test vector reuses previous preimages and creates a case scenario with 1 received htlc
and 2 offered, the two offered will have same scriptPubKey and redeemScript, but different CLTV value.

It is asserted the order in which the htlc transactions should be kept internally
and we assume the same order is used to construct the commitment_signed message.
This complements #491 .
2021-03-05 09:10:26 +01:00
Oliver Gugger
80c1ae1732
Bolt 11: add distinct HRP prefix for Bitcoin signet (#844)
Judging from the comment
https://github.com/bitcoin/bitcoin/pull/18267/files#r491150895 in the
Signet PR all test networks should have the same bech32_hrp prefix (even
regtest). That's why 'tb' was chosen for Signet as well.
This is not optimal for LN as invoices shouldn't be vague in
what network they were issued for.
Therefore we add the explicit prefix 'lntbs' for Signet invoices.
2021-03-02 09:16:36 +01:00
Bastien Teinturier
ba00bf8f4c
Add 2016 blocks channel funding timeout (#839)
Routing nodes have an incentive to use low fees when opening channels to
ensure their activity is economically viable.

However, when a funding transaction takes too long to confirm, the fundee
may have forgotten the channel. In that case the funder is forced to
broadcast the first commit tx to get his funds back and then open a new
channel, which is costly.

We can avoid this issue by simply knowing how long the fundee will wait,
and ensuring the funding tx confirms before that period ends. We set this
timeout to 2016 blocks (2 weeks).
2021-03-02 09:16:07 +01:00