mirrors/lnd
1
0
Fork 0
mirror of https://github.com/lightningnetwork/lnd.git synced 2024-11-19 01:43:16 +01:00
Code Issues Projects Releases Wiki Activity
master
lnd/htlcswitch/link.go

4189 lines
137 KiB
Go
Raw Permalink Normal View History

htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
package htlcswitch
import (
"bytes"
link: ensure minimum failure reason length This commit modifies the link behavior so that every failure reason that we pass back is length-compliant (>=256 bytes).
2022-10-26 13:44:57 +02:00
crand "crypto/rand"
multi: move block epochs dependency from links to switch In this commit, we move the block height dependency from the links in the switch to the switch itself. This is possible due to a recent change on the links no longer depending on the block height to update their commitment fees. We'll now only have the switch be alerted of new blocks coming in and links will retrieve the height from it atomically.
2018-06-01 05:31:40 +02:00
"crypto/sha256"
htlcswitch: replace errors package implementation
2024-04-06 02:08:38 +02:00
"errors"
htlcswitch: notify the ChainArbitrator of fresh signals upon link creation
2018-01-17 05:13:42 +01:00
"fmt"
peer+htlcswitch: randomize link commitment fee updates In this commit, we modify the behavior of links updating their commitment fees. Rather than attempting to update the commitment fee for each link every time a new block comes in, we'll use a timer with a random interval between 10 and 60 minutes for each link to determine when to update their corresponding commitment fee. This prevents us from oscillating the fee rate for our various commitment transactions.
2018-05-10 23:40:29 +02:00
prand "math/rand"
htlcswitch: make channel link implements interface Step №2 in making htlcManager (aka channelLink) testable: Implement the ChannelLink interface which is needed to use it in pair with htlc switch. With this commit channel link impelements interface, but isn't able to operate properly yet.
2017-05-03 16:07:55 +02:00
"sync"
"sync/atomic"
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
"time"
multi: use btcd's btcec/v2 and btcutil modules This commit was previously split into the following parts to ease review: - 2d746f68: replace imports - 4008f0fd: use ecdsa.Signature - 849e33d1: remove btcec.S256() - b8f6ebbd: use v2 library correctly - fa80bca9: bump go modules
2022-02-23 14:48:00 +01:00
"github.com/btcsuite/btcd/btcutil"
htlcswitch/link: add ChannelPoint() to retrieve the channel outpoint. This function will be used in the switch to retrieve the channel point for a link, allowing the switch to retrieve individual channels from the database.
2018-10-30 10:36:27 +01:00
"github.com/btcsuite/btcd/wire"
multi: update more loggers to the v2 type
2024-10-15 15:28:46 +02:00
"github.com/btcsuite/btclog/v2"
htlcswitch: use prefix logger in link
2019-10-01 11:06:56 +02:00
"github.com/lightningnetwork/lnd/build"
htlcswitch: notify the ChainArbitrator of fresh signals upon link creation
2018-01-17 05:13:42 +01:00
"github.com/lightningnetwork/lnd/channeldb"
multi: create channeldb/models package Add a new subpackage to `lnd/channeldb` to hold some of the types that are used in the package itself and in other packages that should not depend on `channeldb`.
2022-11-18 12:15:22 +01:00
"github.com/lightningnetwork/lnd/channeldb/models"
htlcswitch: notify the ChainArbitrator of fresh signals upon link creation
2018-01-17 05:13:42 +01:00
"github.com/lightningnetwork/lnd/contractcourt"
htlcswitch: ability to start link in shutdown mode In this commit, we add the ability to start a link in shutdown mode. This means that we immediately disable any new HTLC adds in the outgoing direction and that we queue up a Shutdown message after the next CommitSig message is sent (or immediately if no CommitSig message is owed).
2024-02-06 15:14:36 +01:00
"github.com/lightningnetwork/lnd/fn"
htlcswitch/link: adds HodlFlag breakpoints This commit inserts an initial set of HodlFlags into their correct places within the switch. In lieu of the existing HtlcHodl mode, it is been replaced with a configurable HodlMask, which is a bitvector representing the desired breakpoints. This will allow for fine grained testing of the switch's internals, since we can create arbitrary delays inside a otherwise asynchronous system.
2018-04-27 11:51:13 +02:00
"github.com/lightningnetwork/lnd/htlcswitch/hodl"
htlcswitch+hop: move ForwardingInfo to hop.ForwaringInfo
2019-08-30 23:11:20 +02:00
"github.com/lightningnetwork/lnd/htlcswitch/hop"
htlcswitch+lnwallet: calculate fee exposure as commit fees + dust This commit expands the definition of the dust limit to take into account commitment fees as well as dust HTLCs. The dust limit is now known as a fee exposure threshold. Dust HTLCs are fees anyways so it makes sense to account for commitment fees as well. The link has been modified slightly to calculate dust. In the future, the switch dust calculations can be removed.
2024-06-03 18:43:33 +02:00
"github.com/lightningnetwork/lnd/input"
htlcswitch: abtract invoice from link This commit detaches signaling the invoice registry that an htlc was locked in from the actually settling of the htlc. It is a preparation for hodl invoices.
2019-02-20 12:11:15 +01:00
"github.com/lightningnetwork/lnd/invoices"
htlcswitch/link: upgrade to use lnpeer.Peer.SendMessage
2018-06-08 05:17:15 +02:00
"github.com/lightningnetwork/lnd/lnpeer"
invoices: use lntypes.Hash and lntypes.Preimage Previously chainhash.Hash was used, which converts to/from string in reversed format. Payment hashes and preimages are supposed to be non-reversed.
2019-01-15 11:31:22 +01:00
"github.com/lightningnetwork/lnd/lntypes"
multi: add `NewLogClosure` in `lnutils` to avoid repetition And replaces all usage of `logClosure` with `lnutils.LogClosure`.
2024-07-24 13:31:21 +02:00
"github.com/lightningnetwork/lnd/lnutils"
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
"github.com/lightningnetwork/lnd/lnwallet"
chainfee: create new chainfee package extracting fees from lnwallet In this commit, we create a new chainfee package, that houses all fee related functionality used within the codebase. The creation of this new package furthers our long-term goal of extracting functionality from the bloated `lnwallet` package into new distinct packages. Additionally, this new packages resolves a class of import cycle that could arise if a new package that was imported by something in `lnwallet` wanted to use the existing fee related functions in the prior `lnwallet` package.
2019-10-31 03:43:05 +01:00
"github.com/lightningnetwork/lnd/lnwallet/chainfee"
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
"github.com/lightningnetwork/lnd/lnwire"
htlcswitch: hodl invoice This commit modifies the invoice registry to handle invoices for which the preimage is not known yet (hodl invoices). In that case, the resolution channel passed in from links and resolvers is stored until we either learn the preimage or want to cancel the htlc.
2019-02-11 12:01:05 +01:00
"github.com/lightningnetwork/lnd/queue"
htlcswitch/link: replace batch ticker with... resumable ticker.Ticker interface
2018-08-01 21:42:38 +02:00
"github.com/lightningnetwork/lnd/ticker"
htlcswitch: expose custom channel blob from link
2024-05-02 16:52:47 +02:00
"github.com/lightningnetwork/lnd/tlv"
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
)
peer+htlcswitch: randomize link commitment fee updates In this commit, we modify the behavior of links updating their commitment fees. Rather than attempting to update the commitment fee for each link every time a new block comes in, we'll use a timer with a random interval between 10 and 60 minutes for each link to determine when to update their corresponding commitment fee. This prevents us from oscillating the fee rate for our various commitment transactions.
2018-05-10 23:40:29 +02:00
func init() {
prand.Seed(time.Now().UnixNano())
}
htlcswitch: reject HTLC's which expire too soon This commit implements a missing policy within the current ChannelLink interface. If an HTLC arrives that is too close to the current block height, then we’ll reject it. As otherwise, it may be possible for us to lose an on-chain claim if they HTLC expires already or expires before we’re able to get a commitment transaction in the chain. As the exit node, we have a grace period that governs out decision. As an intermediate node, we ensure that the HTLC isn’t close to expiry on our outgoing link end if we forward it.
2017-08-03 06:10:35 +02:00
const (
htlcswitch+lnd: make max cltv expiry configurable
2019-07-27 03:05:58 +02:00
// DefaultMaxOutgoingCltvExpiry is the maximum outgoing time lock that
// the node accepts for forwarded payments. The value is relative to the
// current block height. The reason to have a maximum is to prevent
// funds getting locked up unreasonably long. Otherwise, an attacker
// willing to lock its own funds too, could force the funds of this node
// to be locked up for an indefinite (max int32) number of blocks.
htlcswitch+routing: implement expiry_too_far failure In this commit we add a check to HtlcSatifiesPolicy to verify that the time lock for the outgoing htlc that is requested in the onion packet isn't too far in the future. Without this check, anyone could force an unreasonably long time lock on the forwarding node.
2018-10-15 08:41:56 +02:00
//
htlcswitch: raise max cltv limit to 2016 blocks The previous limit of 1008 proved to be low, given that almost 50% of the network still advertises CLTV deltas of 144 blocks, possibly resulting in routes with many hops failing.
2019-10-11 21:47:52 +02:00
// The value 2016 corresponds to on average two weeks worth of blocks
// and is based on the maximum number of hops (20), the default CLTV
// delta (40), and some extra margin to account for the other lightning
// implementations and past lnd versions which used to have a default
// CLTV delta of 144.
DefaultMaxOutgoingCltvExpiry = 2016
htlcswitch+routing: implement expiry_too_far failure In this commit we add a check to HtlcSatifiesPolicy to verify that the time lock for the outgoing htlc that is requested in the onion packet isn't too far in the future. Without this check, anyone could force an unreasonably long time lock on the forwarding node.
2018-10-15 08:41:56 +02:00
multi: fix linting errors
2018-07-31 10:29:12 +02:00
// DefaultMinLinkFeeUpdateTimeout represents the minimum interval in
// which a link should propose to update its commitment fee rate.
peer+htlcswitch: randomize link commitment fee updates In this commit, we modify the behavior of links updating their commitment fees. Rather than attempting to update the commitment fee for each link every time a new block comes in, we'll use a timer with a random interval between 10 and 60 minutes for each link to determine when to update their corresponding commitment fee. This prevents us from oscillating the fee rate for our various commitment transactions.
2018-05-10 23:40:29 +02:00
DefaultMinLinkFeeUpdateTimeout = 10 * time.Minute
multi: fix linting errors
2018-07-31 10:29:12 +02:00
// DefaultMaxLinkFeeUpdateTimeout represents the maximum interval in
// which a link should propose to update its commitment fee rate.
peer+htlcswitch: randomize link commitment fee updates In this commit, we modify the behavior of links updating their commitment fees. Rather than attempting to update the commitment fee for each link every time a new block comes in, we'll use a timer with a random interval between 10 and 60 minutes for each link to determine when to update their corresponding commitment fee. This prevents us from oscillating the fee rate for our various commitment transactions.
2018-05-10 23:40:29 +02:00
DefaultMaxLinkFeeUpdateTimeout = 60 * time.Minute
htlcswitch: cap fee updates to max fee allocation In this commit, we begin to enforce a maximum channel commitment fee for channel initiators when attempting to update their commitment fee. Now, if the new commitment fee happens to exceed their maximum, then a fee update of the maximum fee allocation will be proposed instead if needed. A default of up to 50% of the channel initiator's balance is enforced for the maximum channel commitment fee. It can be modified through the `--max-channel-fee-allocation` CLI flag.
2019-08-24 01:04:59 +02:00
// DefaultMaxLinkFeeAllocation is the highest allocation we'll allow
// a channel's commitment fee to be of its balance. This only applies to
// the initiator of the channel.
DefaultMaxLinkFeeAllocation float64 = 0.5
htlcswitch: reject HTLC's which expire too soon This commit implements a missing policy within the current ChannelLink interface. If an HTLC arrives that is too close to the current block height, then we’ll reject it. As otherwise, it may be possible for us to lose an on-chain claim if they HTLC expires already or expires before we’re able to get a commitment transaction in the chain. As the exit node, we have a grace period that governs out decision. As an intermediate node, we ensure that the HTLC isn’t close to expiry on our outgoing link end if we forward it.
2017-08-03 06:10:35 +02:00
)
htlcswitch: add new ForwardingPolicy struct guide forwarding decisions
2017-06-16 23:30:55 +02:00
// ExpectedFee computes the expected fee for a given htlc amount. The value
// returned from this function is to be used as a sanity check when forwarding
// HTLC's to ensure that an incoming HTLC properly adheres to our propagated
// forwarding policy.
//
// TODO(roasbeef): also add in current available channel bandwidth, inverse
// func
multi: use fwding policy from models pkg
2023-07-17 12:53:24 +02:00
func ExpectedFee(f models.ForwardingPolicy,
htlcswitch: perform fee related checks at forwarding time In this commit, we fix a very old, lingering bug within the link. When accepting an HTLC we are meant to validate the fee against the constraints of the *outgoing* link. This is due to the fact that we're offering a payment transit service on our outgoing link. Before this commit, we would use the policies of the *incoming* link. This would at times lead to odd routing errors as we would go to route, get an error update and then route again, repeating the process. With this commit, we'll properly use the incoming link for timelock related constraints, and the outgoing link for fee related constraints. We do this by introducing a new HtlcSatisfiesPolicy method in the link. This method should return a non-nil error if the link can carry the HTLC as it satisfies its current forwarding policy. We'll use this method now at *forwarding* time to ensure that we only forward to links that actually accept the policy. This fixes a number of bugs that existed before that could result in a link accepting an HTLC that actually violated its policy. In the case that the policy is violated for *all* links, we take care to return the error returned by the *target* link so the caller can update their sending accordingly. In this commit, we also remove the prior linkControl channel in the channelLink. Instead, of sending a message to update the internal link policy, we'll use a mutex in place. This simplifies the code, and also adds some necessary refactoring in anticipation of the next follow up commit.
2018-04-04 04:51:40 +02:00
htlcAmt lnwire.MilliSatoshi) lnwire.MilliSatoshi {
Htlcswitch: switch all accounting and forwarding decisions to use mSAT's
2017-08-22 08:36:43 +02:00
htlcswitch: add new ForwardingPolicy struct guide forwarding decisions
2017-06-16 23:30:55 +02:00
return f.BaseFee + (htlcAmt*f.FeeRate)/1000000
}
htlcswitch: add channel link config Step №1 in making htlcManager (aka channelLink) testable: Start use config which will allow as mock/stub external subsystems.
2017-05-03 16:02:22 +02:00
// ChannelLinkConfig defines the configuration for the channel link. ALL
// elements within the configuration MUST be non-nil for channel link to carry
// out its duties.
type ChannelLinkConfig struct {
htlcswitch: add new ForwardingPolicy struct guide forwarding decisions
2017-06-16 23:30:55 +02:00
// FwrdingPolicy is the initial forwarding policy to be used when
// deciding whether to forwarding incoming HTLC's or not. This value
// can be updated with subsequent calls to UpdateForwardingPolicy
// targeted at a given ChannelLink concrete interface implementation.
multi: use fwding policy from models pkg
2023-07-17 12:53:24 +02:00
FwrdingPolicy models.ForwardingPolicy
htlcswitch: add new ForwardingPolicy struct guide forwarding decisions
2017-06-16 23:30:55 +02:00
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
// Circuits provides restricted access to the switch's circuit map,
// allowing the link to open and close circuits.
Circuits CircuitModifier
htlcswitch+peer: pass BestHeight to ChannelLinkConfig This allows non-test usages of ChannelLinkConfig to omit the raw htlcswitch.Switch pointer.
2021-08-03 20:49:17 +02:00
// BestHeight returns the best known height.
BestHeight func() uint32
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
// ForwardPackets attempts to forward the batch of htlcs through the
htlcswitch: change ForwardPackets to return error As part of the preparation to the switch interceptor feature, this function is changed to return error instead of error channel that is closed automatically. Returning an error channel has become complex to maintain and implement when adding more asynchronous flows to the switch. The change doesn't affect the current behavior which logs the errors as before.
2020-05-19 11:13:02 +02:00
// switch. The function returns and error in case it fails to send one or
// more packets. The link's quit signal should be provided to allow
htlcswitch/link: pass link quit to ForwardPackets
2018-07-30 22:11:11 +02:00
// cancellation of forwarding during link shutdown.
htlcswitch: pass quit chans as unidirectional This is a requirement for replacing the quit channel with a Context. The Done() channel of a Context is always recv-only, so all users of that channel must not expect a bidirectional channel.
2024-10-17 13:38:31 +02:00
ForwardPackets func(<-chan struct{}, bool, ...*htlcPacket) error
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
htlcswitch/link: extract error encrypter from hop iterator
2018-02-24 02:30:29 +01:00
// DecodeHopIterators facilitates batched decoding of HTLC Sphinx onion
// blobs, which are then used to inform how to forward an HTLC.
htlcswitch: add additional comments and logging
2018-03-13 02:52:52 +01:00
//
// NOTE: This function assumes the same set of readers and preimages
// are always presented for the same identifier.
htlcswitch: move hop iterator into htlcswitch/hop package Prepares for onion blob decoding outside of htlcswitch.
2019-09-05 13:35:39 +02:00
DecodeHopIterators func([]byte, []hop.DecodeHopIteratorRequest) (
[]hop.DecodeHopIteratorResponse, error)
htlcswitch+router: add onion error obfuscation Within the network, it's important that when an HTLC forwarding failure occurs, the recipient is notified in a timely manner in order to ensure that errors are graceful and not unknown. For that reason with accordance to BOLT №4 onion failure obfuscation have been added.
2017-06-29 15:40:45 +02:00
htlcswitch/link: DecodeOnionObfuscator -> ExtractErrorEncrypter
2018-03-12 20:39:13 +01:00
// ExtractErrorEncrypter function is responsible for decoding HTLC
lnwire+htlcswitch: minor grammatical, formatting fixes after error PR
2017-07-15 05:08:29 +02:00
// Sphinx onion blob, and creating onion failure obfuscator.
htlcswitch: move hop iterator into htlcswitch/hop package Prepares for onion blob decoding outside of htlcswitch.
2019-09-05 13:35:39 +02:00
ExtractErrorEncrypter hop.ErrorEncrypterExtracter
htlcswitch+router: add onion error obfuscation Within the network, it's important that when an HTLC forwarding failure occurs, the recipient is notified in a timely manner in order to ensure that errors are graceful and not unknown. For that reason with accordance to BOLT №4 onion failure obfuscation have been added.
2017-06-29 15:40:45 +02:00
htlcswitch: perform fee related checks at forwarding time In this commit, we fix a very old, lingering bug within the link. When accepting an HTLC we are meant to validate the fee against the constraints of the *outgoing* link. This is due to the fact that we're offering a payment transit service on our outgoing link. Before this commit, we would use the policies of the *incoming* link. This would at times lead to odd routing errors as we would go to route, get an error update and then route again, repeating the process. With this commit, we'll properly use the incoming link for timelock related constraints, and the outgoing link for fee related constraints. We do this by introducing a new HtlcSatisfiesPolicy method in the link. This method should return a non-nil error if the link can carry the HTLC as it satisfies its current forwarding policy. We'll use this method now at *forwarding* time to ensure that we only forward to links that actually accept the policy. This fixes a number of bugs that existed before that could result in a link accepting an HTLC that actually violated its policy. In the case that the policy is violated for *all* links, we take care to return the error returned by the *target* link so the caller can update their sending accordingly. In this commit, we also remove the prior linkControl channel in the channelLink. Instead, of sending a message to update the internal link policy, we'll use a mutex in place. This simplifies the code, and also adds some necessary refactoring in anticipation of the next follow up commit.
2018-04-04 04:51:40 +02:00
// FetchLastChannelUpdate retrieves the latest routing policy for a
// target channel. This channel will typically be the outgoing channel
// specified when we receive an incoming HTLC. This will be used to
// provide payment senders our latest policy when sending encrypted
// error messages.
multi: rename ChannelUpdate to ChannelUpdate1 In preparation for adding a new ChannelUpdate2 message and a ChannelUpdate interface, we rename the existing message to ChannelUpdate1.
2024-08-21 08:39:37 +02:00
FetchLastChannelUpdate func(lnwire.ShortChannelID) (
*lnwire.ChannelUpdate1, error)
htlcswitch: add hop iterator Short: such abstraction give as ability to test the channel link in the future. Long: hop iterator represents the entity which is be able to give payment route hop by hop. This interface will be used to have an abstraction over the algorithm which we use to determine the next hope in htlc route and also helps the unit test to create mock representation of such algorithm which uses simple array of hops.
2017-05-02 21:01:46 +02:00
htlcswitch: re-introduce dynamic commitment log tick timer This commit fixes a slight regression in the logic of the switch by ensuring that the log commitment timer is only start _after_ we receive a new commitment signature. Otherwise, the ticker will keep ticking and possibly settle HTLC’s that’ve yet to be locked in, or waste a signature causing us to be deprived of a revocation which is required for us to initiate a new state transition. Additionally, the commit performs a few minor post-merge clean ups.
2017-06-01 01:43:37 +02:00
// Peer is a lightning network node with which we have the channel link
// opened.
htlcswitch/link: upgrade to use lnpeer.Peer.SendMessage
2018-06-08 05:17:15 +02:00
Peer lnpeer.Peer
htlcswitch: add channel link config Step №1 in making htlcManager (aka channelLink) testable: Start use config which will allow as mock/stub external subsystems.
2017-05-03 16:02:22 +02:00
htlcswitch: re-introduce dynamic commitment log tick timer This commit fixes a slight regression in the logic of the switch by ensuring that the log commitment timer is only start _after_ we receive a new commitment signature. Otherwise, the ticker will keep ticking and possibly settle HTLC’s that’ve yet to be locked in, or waste a signature causing us to be deprived of a revocation which is required for us to initiate a new state transition. Additionally, the commit performs a few minor post-merge clean ups.
2017-06-01 01:43:37 +02:00
// Registry is a sub-system which responsible for managing the invoices
// in thread-safe manner.
htlcswitch: add channel link config Step №1 in making htlcManager (aka channelLink) testable: Start use config which will allow as mock/stub external subsystems.
2017-05-03 16:02:22 +02:00
Registry InvoiceDatabase
multi: comprehensive typo fixes across all packages
2018-02-07 04:11:11 +01:00
// PreimageCache is a global witness beacon that houses any new
// preimages discovered by other links. We'll use this to add new
htlcswitch: once we discover a pre-image, add it to the witness cache In this commit, we add some additional logic to the case when we receive a pre-image from an upstream peer. We’ll immediately add it to the witness cache, as an incoming HTLC might be waiting on-chain to fully resolve the HTLC with knowledge of the newly discovered pre-image.
2018-01-17 05:13:16 +01:00
// witnesses that we discover which will notify any sub-systems
// subscribed to new events.
PreimageCache contractcourt.WitnessBeacon
htlcswitch: notify the ChainArbitrator of fresh signals upon link creation
2018-01-17 05:13:42 +01:00
htlcswitch/link: make fail() call OnChannelFailure with LinkFailureError Adds a new closure OnChannelFailure to the link config, which is called when the link fails. This function closure should use the given LinkFailureError to properly force close the channel, send an error to the peer, and disconnect the peer.
2018-05-09 15:49:58 +02:00
// OnChannelFailure is a function closure that we'll call if the
// channel failed for some reason. Depending on the severity of the
// error, the closure potentially must force close this channel and
// disconnect the peer.
//
// NOTE: The method must return in order for the ChannelLink to be able
// to shut down properly.
OnChannelFailure func(lnwire.ChannelID, lnwire.ShortChannelID,
LinkFailureError)
htlcswitch: notify the ChainArbitrator of fresh signals upon link creation
2018-01-17 05:13:42 +01:00
// UpdateContractSignals is a function closure that we'll use to update
multi: reliable hand-off from htlcswitch to contractcourt This is achieved by changing the 1-way handoff to a 2-way handoff with a done channel.
2022-01-04 22:21:36 +01:00
// outside sub-systems with this channel's latest ShortChannelID.
htlcswitch: notify the ChainArbitrator of fresh signals upon link creation
2018-01-17 05:13:42 +01:00
UpdateContractSignals func(*contractcourt.ContractSignals) error
multi: reliable hand-off from htlcswitch to contractcourt This is achieved by changing the 1-way handoff to a 2-way handoff with a done channel.
2022-01-04 22:21:36 +01:00
// NotifyContractUpdate is a function closure that we'll use to update
// the contractcourt and more specifically the ChannelArbitrator of the
// latest channel state.
NotifyContractUpdate func(*contractcourt.ContractUpdate) error
htlcswitch: update to use new event stream from the chainWatcher
2018-01-18 23:15:42 +01:00
// ChainEvents is an active subscription to the chain watcher for this
// channel to be notified of any on-chain activity related to this
// channel.
ChainEvents *contractcourt.ChainEventSubscription
htlcswitch: within link, with each new block, check to see if commit fee should change In this commit we add a new case to the main select statement within a channel link. This select statement will serve as a Sipping Bird which will check the network fee rate (as returned by the fee estimator) and compare that to the fee on the commitment transaction. Using the shouldAdjustCommitFee function, we determine if we should update the commitment fee. If so, then we’ll send an UpdateFee message and also trigger a new commitment update. We also add a new unit test: TestChannelLinkUpdateCommitFee to ensure that we update the fee accordingly if the fee increases or decreases by a large portion.
2017-11-24 05:31:45 +01:00
// FeeEstimator is an instance of a live fee estimator which will be
// used to dynamically regulate the current fee of the commitment
// transaction to ensure timely confirmation.
chainfee: create new chainfee package extracting fees from lnwallet In this commit, we create a new chainfee package, that houses all fee related functionality used within the codebase. The creation of this new package furthers our long-term goal of extracting functionality from the bloated `lnwallet` package into new distinct packages. Additionally, this new packages resolves a class of import cycle that could arise if a new package that was imported by something in `lnwallet` wanted to use the existing fee related functions in the prior `lnwallet` package.
2019-10-31 03:43:05 +01:00
FeeEstimator chainfee.Estimator
htlcswitch: within link, with each new block, check to see if commit fee should change In this commit we add a new case to the main select statement within a channel link. This select statement will serve as a Sipping Bird which will check the network fee rate (as returned by the fee estimator) and compare that to the fee on the commitment transaction. Using the shouldAdjustCommitFee function, we determine if we should update the commitment fee. If so, then we’ll send an UpdateFee message and also trigger a new commitment update. We also add a new unit test: TestChannelLinkUpdateCommitFee to ensure that we update the fee accordingly if the fee increases or decreases by a large portion.
2017-11-24 05:31:45 +01:00
htlcswitch/link: adds HodlFlag breakpoints This commit inserts an initial set of HodlFlags into their correct places within the switch. In lieu of the existing HtlcHodl mode, it is been replaced with a configurable HodlMask, which is a bitvector representing the desired breakpoints. This will allow for fine grained testing of the switch's internals, since we can create arbitrary delays inside a otherwise asynchronous system.
2018-04-27 11:51:13 +02:00
// hodl.Mask is a bitvector composed of hodl.Flags, specifying breakpoints
// for HTLC forwarding internal to the switch.
htlcswitch: within link, with each new block, check to see if commit fee should change In this commit we add a new case to the main select statement within a channel link. This select statement will serve as a Sipping Bird which will check the network fee rate (as returned by the fee estimator) and compare that to the fee on the commitment transaction. Using the shouldAdjustCommitFee function, we determine if we should update the commitment fee. If so, then we’ll send an UpdateFee message and also trigger a new commitment update. We also add a new unit test: TestChannelLinkUpdateCommitFee to ensure that we update the fee accordingly if the fee increases or decreases by a large portion.
2017-11-24 05:31:45 +01:00
//
multi: remove debug invoices Debug invoices are rarely used nowadays, but keep asking for maintenance every time refactoring in primarily the invoice registry occurs. We have passed the cost/benefit tipping point, so therefore the debug invoice concept is removed in this commit. Previously the debughtlc flag also controlled whether hodl masks were active. It is safe to remove that additional condition because the hodl masks are still guarded by the dev build tag.
2019-08-14 19:57:31 +02:00
// NOTE: This should only be used for testing.
htlcswitch/link: adds HodlFlag breakpoints This commit inserts an initial set of HodlFlags into their correct places within the switch. In lieu of the existing HtlcHodl mode, it is been replaced with a configurable HodlMask, which is a bitvector representing the desired breakpoints. This will allow for fine grained testing of the switch's internals, since we can create arbitrary delays inside a otherwise asynchronous system.
2018-04-27 11:51:13 +02:00
HodlMask hodl.Mask
htlcswitch+channel: add channel states synchronization In this commit BOLT№2 retranmission logic for the channel link have been added. Now if channel link have been initialised with the 'SyncState' field than it will send the lnwire.ChannelReestablish message and will be waiting for receiving the same message from remote side. Exchange of this message allow both sides understand which updates they should exchange with each other in order sync their states.
2017-07-09 01:30:20 +02:00
// SyncStates is used to indicate that we need send the channel
// reestablishment message to the remote peer. It should be done if our
// clients have been restarted, or remote peer have been reconnected.
SyncStates bool
channellink: make BatchTicker and BatchSize configurable This commit introduces a new Ticker interface, that can be used to control when the batch timer should tick. This is done to be able to more easily control the ticker during tests. The batch timer is wrapped in the new BatchTicker struct, and made part of the config together with BatchSize.
2018-01-16 21:17:14 +01:00
// BatchTicker is the ticker that determines the interval that we'll
// use to check the batch to see if there're any updates we should
htlcswitch: add additional comments and logging
2018-03-13 02:52:52 +01:00
// flush out. By batching updates into a single commit, we attempt to
// increase throughput by maximizing the number of updates coalesced
// into a single commit.
htlcswitch/link: replace batch ticker with... resumable ticker.Ticker interface
2018-08-01 21:42:38 +02:00
BatchTicker ticker.Ticker
channellink: make BatchTicker and BatchSize configurable This commit introduces a new Ticker interface, that can be used to control when the batch timer should tick. This is done to be able to more easily control the ticker during tests. The batch timer is wrapped in the new BatchTicker struct, and made part of the config together with BatchSize.
2018-01-16 21:17:14 +01:00
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
// FwdPkgGCTicker is the ticker determining the frequency at which
htlcswitch: add additional comments and logging
2018-03-13 02:52:52 +01:00
// garbage collection of forwarding packages occurs. We use a
// time-based approach, as opposed to block epochs, as to not hinder
// syncing.
htlcswitch/link: replace batch ticker with... resumable ticker.Ticker interface
2018-08-01 21:42:38 +02:00
FwdPkgGCTicker ticker.Ticker
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
htlcswitch/link: add pending commit ticker for stall detection This commit adds a PendingCommitTicker to the link config, which allows us to control how quickly we fail the link if the commitment dance stalls. Now that the mailbox has the ability to cancel packets, when the link fails it will reset the mailbox packets on exit, forcing a reevaluation of the HTLCs against their mailbox expiries.
2020-04-14 19:51:30 +02:00
// PendingCommitTicker is a ticker that allows the link to determine if
// a locally initiated commitment dance gets stuck waiting for the
// remote party to revoke.
PendingCommitTicker ticker.Ticker
channellink: make BatchTicker and BatchSize configurable This commit introduces a new Ticker interface, that can be used to control when the batch timer should tick. This is done to be able to more easily control the ticker during tests. The batch timer is wrapped in the new BatchTicker struct, and made part of the config together with BatchSize.
2018-01-16 21:17:14 +01:00
// BatchSize is the max size of a batch of updates done to the link
// before we do a state update.
BatchSize uint32
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
// UnsafeReplay will cause a link to replay the adds in its latest
// commitment txn after the link is restarted. This should only be used
// in testing, it is here to ensure the sphinx replay detection on the
// receiving node is persistent.
UnsafeReplay bool
peer+htlcswitch: randomize link commitment fee updates In this commit, we modify the behavior of links updating their commitment fees. Rather than attempting to update the commitment fee for each link every time a new block comes in, we'll use a timer with a random interval between 10 and 60 minutes for each link to determine when to update their corresponding commitment fee. This prevents us from oscillating the fee rate for our various commitment transactions.
2018-05-10 23:40:29 +02:00
lnwallet: add configurable cache for web fee estimator Add fee.min-update-timeout and fee.max-update-timeout config options to allow configuration of the web fee estimator cache.
2024-04-23 09:49:04 +02:00
// MinUpdateTimeout represents the minimum interval in which a link
htlcswitch/link: fix Min/MaxFeeUpdateTimeout godocs
2019-06-14 02:28:33 +02:00
// will propose to update its commitment fee rate. A random timeout will
lnwallet: add configurable cache for web fee estimator Add fee.min-update-timeout and fee.max-update-timeout config options to allow configuration of the web fee estimator cache.
2024-04-23 09:49:04 +02:00
// be selected between this and MaxUpdateTimeout.
MinUpdateTimeout time.Duration
htlcswitch/link: fix Min/MaxFeeUpdateTimeout godocs
2019-06-14 02:28:33 +02:00
lnwallet: add configurable cache for web fee estimator Add fee.min-update-timeout and fee.max-update-timeout config options to allow configuration of the web fee estimator cache.
2024-04-23 09:49:04 +02:00
// MaxUpdateTimeout represents the maximum interval in which a link
htlcswitch/link: fix Min/MaxFeeUpdateTimeout godocs
2019-06-14 02:28:33 +02:00
// will propose to update its commitment fee rate. A random timeout will
lnwallet: add configurable cache for web fee estimator Add fee.min-update-timeout and fee.max-update-timeout config options to allow configuration of the web fee estimator cache.
2024-04-23 09:49:04 +02:00
// be selected between this and MinUpdateTimeout.
MaxUpdateTimeout time.Duration
link: increase expiry grace delta This commit increase the expiry grace delta to a value above the broadcast delta. This prevents htlcs from being accepted that would immediately trigger a channel force close. A correct delta is generated in server.go where there is access to the broadcast delta and passed via the peer to the links. Co-authored-by: Jim Posen <jim.posen@gmail.com>
2019-03-26 12:05:43 +01:00
cnct: define separate broadcast delta for outgoing htlcs This commits exposes the various parameters around going to chain and accepting htlcs in a clear way. In addition to this, it reverts those parameters to what they were before the merge of commit d1076271456bdab1625ea6b52b93ca3e1bd9aed9.
2019-04-03 12:18:19 +02:00
// OutgoingCltvRejectDelta defines the number of blocks before expiry of
// an htlc where we don't offer an htlc anymore. This should be at least
// the outgoing broadcast delta, because in any case we don't want to
// risk offering an htlc that triggers channel closure.
OutgoingCltvRejectDelta uint32
htlcswitch/link: backup revoked states to watchtower
2019-06-14 02:28:14 +02:00
// TowerClient is an optional engine that manages the signing,
// encrypting, and uploading of justice transactions to the daemon's
link+peer: thread anchor tower client to link
2020-11-26 00:06:46 +01:00
// configured set of watchtowers for legacy channels.
htlcswitch/link: backup revoked states to watchtower
2019-06-14 02:28:14 +02:00
TowerClient TowerClient
htlcswitch+lnd: make max cltv expiry configurable
2019-07-27 03:05:58 +02:00
htlcswitch: fix inconsistency between attribute name and godoc comment
2019-12-04 23:34:18 +01:00
// MaxOutgoingCltvExpiry is the maximum outgoing timelock that the link
// should accept for a forwarded HTLC. The value is relative to the
// current block height.
htlcswitch+lnd: make max cltv expiry configurable
2019-07-27 03:05:58 +02:00
MaxOutgoingCltvExpiry uint32
htlcswitch: cap fee updates to max fee allocation In this commit, we begin to enforce a maximum channel commitment fee for channel initiators when attempting to update their commitment fee. Now, if the new commitment fee happens to exceed their maximum, then a fee update of the maximum fee allocation will be proposed instead if needed. A default of up to 50% of the channel initiator's balance is enforced for the maximum channel commitment fee. It can be modified through the `--max-channel-fee-allocation` CLI flag.
2019-08-24 01:04:59 +02:00
// MaxFeeAllocation is the highest allocation we'll allow a channel's
// commitment fee to be of its balance. This only applies to the
// initiator of the channel.
MaxFeeAllocation float64
multi: move active/inactive ntfns from switch to link Since we will now wait to deliver the event after channel reestablish, notifying when the link is added to the switch will no longer be sufficient. Later, we will add receiving reestablish as an additional requirement for EligibleToForward returning true. The inactive ntfn is also moved, to ensure that we don't fire inactive notifications if no corresponding active notification was sent.
2019-09-19 21:46:44 +02:00
multi: cap anchors feerate at configurable maximum This commit caps the update fee the initiator will send when the anchors channel type is used. We do not limit anything on the receiver side. 10 sat/vbyte is the current default max fee rate we use. This should be enough to ensure propagation before anchoring down the commitment transaction.
2020-12-10 14:16:53 +01:00
// MaxAnchorsCommitFeeRate is the max commitment fee rate we'll use as
// the initiator for channels of the anchor type.
MaxAnchorsCommitFeeRate chainfee.SatPerKWeight
multi: link notifies subscribers of ActiveLinkEvent, rpc ignores
2020-03-07 04:42:58 +01:00
// NotifyActiveLink allows the link to tell the ChannelNotifier when a
// link is first started.
NotifyActiveLink func(wire.OutPoint)
multi: move active/inactive ntfns from switch to link Since we will now wait to deliver the event after channel reestablish, notifying when the link is added to the switch will no longer be sufficient. Later, we will add receiving reestablish as an additional requirement for EligibleToForward returning true. The inactive ntfn is also moved, to ensure that we don't fire inactive notifications if no corresponding active notification was sent.
2019-09-19 21:46:44 +02:00
// NotifyActiveChannel allows the link to tell the ChannelNotifier when
// channels becomes active.
NotifyActiveChannel func(wire.OutPoint)
// NotifyInactiveChannel allows the switch to tell the ChannelNotifier
// when channels become inactive.
NotifyInactiveChannel func(wire.OutPoint)
multi: add htlcNotifier interface to switch and link In this commit, a htlcNotifier interface is added to allow for easy unit testing. Instances of the HtlcNotifier are added to the server, switch and link.
2020-02-19 16:34:47 +01:00
htlcswitch+peer: notify inactive link event when `htlcManager` exits
2022-11-23 23:58:33 +01:00
// NotifyInactiveLinkEvent allows the switch to tell the
// ChannelNotifier when a channel link become inactive.
NotifyInactiveLinkEvent func(wire.OutPoint)
multi: add htlcNotifier interface to switch and link In this commit, a htlcNotifier interface is added to allow for easy unit testing. Instances of the HtlcNotifier are added to the server, switch and link.
2020-02-19 16:34:47 +01:00
// HtlcNotifier is an instance of a htlcNotifier which we will pipe htlc
// events through.
HtlcNotifier htlcNotifier
server+htlcswitch: prevent privacy leaks, allow alias routing This intent of this change is to prevent privacy leaks when routing with aliases and also to allow routing when using an alias. The aliases are our aliases. Introduces are two maps: * aliasToReal: This is an N->1 mapping for a channel. The keys are the set of aliases and the value is the confirmed, on-chain SCID. * baseIndex: This is also an N->1 mapping for a channel. The keys are the set of aliases and the value is the "base" SCID (whatever is in the OpenChannel.ShortChannelID field). There is also a base->base mapping, so not all keys are aliases. The above maps are populated when a link is added to the switch and when the channel has confirmed on-chain. The maps are not removed from if the link is removed, but this is fine since forwarding won't occur. * getLinkByMapping This function is introduced to adhere to the spec requirements that using the confirmed SCID of a private, scid-alias-feature-bit channel does not work. Lnd implements a stricter version of the spec and disallows this behavior if the feature-bit was negotiated, rather than just the channel type. The old, privacy-leak behavior is preserved. The spec also requires that if we must fail back an HTLC, the ChannelUpdate must use the SCID of whatever was in the onion, to avoid a privacy leak. This is also done by passing in the relevant SCID to the mailbox and link. Lnd will also cancel back on the "incoming" side if the InterceptableSwitch was used or if the link failed to decrypt the onion. In this case, we are cautious and replace the SCID if an alias exists.
2022-04-04 22:44:51 +02:00
// FailAliasUpdate is a function used to fail an HTLC for an
// option_scid_alias channel.
FailAliasUpdate func(sid lnwire.ShortChannelID,
multi: rename ChannelUpdate to ChannelUpdate1 In preparation for adding a new ChannelUpdate2 message and a ChannelUpdate interface, we rename the existing message to ChannelUpdate1.
2024-08-21 08:39:37 +02:00
incoming bool) *lnwire.ChannelUpdate1
server+htlcswitch: prevent privacy leaks, allow alias routing This intent of this change is to prevent privacy leaks when routing with aliases and also to allow routing when using an alias. The aliases are our aliases. Introduces are two maps: * aliasToReal: This is an N->1 mapping for a channel. The keys are the set of aliases and the value is the confirmed, on-chain SCID. * baseIndex: This is also an N->1 mapping for a channel. The keys are the set of aliases and the value is the "base" SCID (whatever is in the OpenChannel.ShortChannelID field). There is also a base->base mapping, so not all keys are aliases. The above maps are populated when a link is added to the switch and when the channel has confirmed on-chain. The maps are not removed from if the link is removed, but this is fine since forwarding won't occur. * getLinkByMapping This function is introduced to adhere to the spec requirements that using the confirmed SCID of a private, scid-alias-feature-bit channel does not work. Lnd implements a stricter version of the spec and disallows this behavior if the feature-bit was negotiated, rather than just the channel type. The old, privacy-leak behavior is preserved. The spec also requires that if we must fail back an HTLC, the ChannelUpdate must use the SCID of whatever was in the onion, to avoid a privacy leak. This is also done by passing in the relevant SCID to the mailbox and link. Lnd will also cancel back on the "incoming" side if the InterceptableSwitch was used or if the link failed to decrypt the onion. In this case, we are cautious and replace the SCID if an alias exists.
2022-04-04 22:44:51 +02:00
// GetAliases is used by the link and switch to fetch the set of
// aliases for a given link.
GetAliases func(base lnwire.ShortChannelID) []lnwire.ShortChannelID
htlcswitch: ability to start link in shutdown mode In this commit, we add the ability to start a link in shutdown mode. This means that we immediately disable any new HTLC adds in the outgoing direction and that we queue up a Shutdown message after the next CommitSig message is sent (or immediately if no CommitSig message is owed).
2024-02-06 15:14:36 +01:00
// PreviouslySentShutdown is an optional value that is set if, at the
// time of the link being started, persisted shutdown info was found for
// the channel. This value being set means that we previously sent a
// Shutdown message to our peer, and so we should do so again on
// re-establish and should not allow anymore HTLC adds on the outgoing
// direction of the link.
PreviouslySentShutdown fn.Option[lnwire.Shutdown]
multi: add option to disable route blinding, rejecting at link Add an option to disable route blinding, failing back any HTLC with a blinding point set when we haven't got the feature enabled. Note that this commit only handles the case where we're chosen as the relaying node (where the blinding point is in update_add_htlc), we'll add handling for the introduction node case once we get to handling of blinded payloads).
2024-04-02 15:04:27 +02:00
// Adds the option to disable forwarding payments in blinded routes
// by failing back any blinding-related payloads as if they were
// invalid.
DisallowRouteBlinding bool
htlcswitch+lnwallet: calculate fee exposure as commit fees + dust This commit expands the definition of the dust limit to take into account commitment fees as well as dust HTLCs. The dust limit is now known as a fee exposure threshold. Dust HTLCs are fees anyways so it makes sense to account for commitment fees as well. The link has been modified slightly to calculate dust. In the future, the switch dust calculations can be removed.
2024-06-03 18:43:33 +02:00
// MaxFeeExposure is the threshold in milli-satoshis after which we'll
// restrict the flow of HTLCs and fee updates.
MaxFeeExposure lnwire.MilliSatoshi
htlcswitch: add channel link config Step №1 in making htlcManager (aka channelLink) testable: Start use config which will allow as mock/stub external subsystems.
2017-05-03 16:02:22 +02:00
}
htlcswitch: make channel link implements interface Step №2 in making htlcManager (aka channelLink) testable: Implement the ChannelLink interface which is needed to use it in pair with htlc switch. With this commit channel link impelements interface, but isn't able to operate properly yet.
2017-05-03 16:07:55 +02:00
// channelLink is the service which drives a channel's commitment update
htlcswitch: add additional comments and logging
2018-03-13 02:52:52 +01:00
// state-machine. In the event that an HTLC needs to be propagated to another
// link, the forward handler from config is used which sends HTLC to the
htlcswitch: make channel link implements interface Step №2 in making htlcManager (aka channelLink) testable: Implement the ChannelLink interface which is needed to use it in pair with htlc switch. With this commit channel link impelements interface, but isn't able to operate properly yet.
2017-05-03 16:07:55 +02:00
// switch. Additionally, the link encapsulate logic of commitment protocol
// message ordering and updates.
type channelLink struct {
htlcswitch: implement full HTLC onion payload validation logic This commit puts a missing piece in place by properly parsing and validating the per hop payload received in incoming HTLC’s. When forwarding HTLC’s we ensure that the payload recovered is consistent with our current forwarding policy. Additionally, when we’re the “exit node” for a payment, then we ensure that the HTLC extended matches up with our expectation w.r.t the payment amount to be received.
2017-06-16 23:58:02 +02:00
// The following fields are only meant to be used *atomically*
htlcswitch/link: restrict EligibleToForward to wait for reestablish This commit modifies the link's EligibleToForward() method only return true once the peers have successfully exchanged channel reestablish messages. This is a preliminary step to increasing the reestablish timeout, ensuring the switch won't try to forward over links while we're waiting for the remote peer to resume the connection.
2019-09-19 21:46:56 +02:00
started int32
reestablished int32
shutdown int32
htlcswitch: implement full HTLC onion payload validation logic This commit puts a missing piece in place by properly parsing and validating the per hop payload received in incoming HTLC’s. When forwarding HTLC’s we ensure that the payload recovered is consistent with our current forwarding policy. Additionally, when we’re the “exit node” for a payment, then we ensure that the HTLC extended matches up with our expectation w.r.t the payment amount to be received.
2017-06-16 23:58:02 +02:00
htlcswitch/link: add failed variable to ensure exit
2018-05-23 15:14:46 +02:00
// failed should be set to true in case a link error happens, making
// sure we don't process any more updates.
failed bool
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
// keystoneBatch represents a volatile list of keystones that must be
htlcswitch: add additional comments and logging
2018-03-13 02:52:52 +01:00
// written before attempting to sign the next commitment txn. These
// represent all the HTLC's forwarded to the link from the switch. Once
// we lock them into our outgoing commitment, then the circuit has a
// keystone, and is fully opened.
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
keystoneBatch []Keystone
htlcswitch: add additional comments and logging
2018-03-13 02:52:52 +01:00
// openedCircuits is the set of all payment circuits that will be open
// once we make our next commitment. After making the commitment we'll
// ACK all these from our mailbox to ensure that they don't get
// re-delivered if we reconnect.
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
openedCircuits []CircuitKey
htlcswitch: add additional comments and logging
2018-03-13 02:52:52 +01:00
// closedCircuits is the set of all payment circuits that will be
// closed once we make our next commitment. After taking the commitment
// we'll ACK all these to ensure that they don't get re-delivered if we
// reconnect.
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
closedCircuits []CircuitKey
htlcswitch: remove redudant variables Because processing of onion blob have been moved in another place we could get rid of the variables which are not needed any more. NOTE: pendingBatch have been replaced with batchCounter variable, but it should be removed at all, because number of pending batch updates might be counted by the state machine itself.
2017-05-01 23:06:10 +02:00
// channel is a lightning network channel to which we apply htlc
// updates.
channel *lnwallet.LightningChannel
htlcswitch: add channel link config Step №1 in making htlcManager (aka channelLink) testable: Start use config which will allow as mock/stub external subsystems.
2017-05-03 16:02:22 +02:00
// cfg is a structure which carries all dependable fields/handlers
// which may affect behaviour of the service.
htlcswitch: implement full HTLC onion payload validation logic This commit puts a missing piece in place by properly parsing and validating the per hop payload received in incoming HTLC’s. When forwarding HTLC’s we ensure that the payload recovered is consistent with our current forwarding policy. Additionally, when we’re the “exit node” for a payment, then we ensure that the HTLC extended matches up with our expectation w.r.t the payment amount to be received.
2017-06-16 23:58:02 +02:00
cfg ChannelLinkConfig
htlcswitch: make channel link implements interface Step №2 in making htlcManager (aka channelLink) testable: Implement the ChannelLink interface which is needed to use it in pair with htlc switch. With this commit channel link impelements interface, but isn't able to operate properly yet.
2017-05-03 16:07:55 +02:00
htlcswitch: utilize memoryMailBox within link, no longer spawn goroutine to forward in switch In this commit, we’ve modified the link and the switch to start to use the new mailBox in place of the existing synchronous message send directly into the link’s upstream/downstream channels. With his change, we no longer need to spawn a new goroutine each time an HTLC needs to be forwarded, or a user payment is initiated.
2017-11-10 23:48:23 +01:00
// mailBox is the main interface between the outside world and the
// link. All incoming messages will be sent over this mailBox. Messages
// include new updates from our connected peer, and new packets to be
// forwarded sent by the switch.
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
mailBox MailBox
htlcswitch: use atomic integer to track link bandwidth internally This commit modifies the way the bandwidth of a given channel link is tracked, and reported externally. The prior approach pushed most of the logic for tracking channel bandwidth into the link itself, and relied on a report from the queue in order to determine the total available bandwidth. This approach at times could inadvertently introduce deadlocks when working on new features as since the query was handled internally, it required the link to be _active_ and non-blocked in order to respond to. We’ve now abandoned this approach in favor of lifting the bandwidth accounting to the highest possible abstraction layer within the link itself. We now maintain a availableBandwidth integer that’s used atomically within the link in response to: us adding+settling an HTLC, and the remote party failing one of our HTLC’s.
2017-09-25 21:31:52 +02:00
htlcswitch: implement full HTLC onion payload validation logic This commit puts a missing piece in place by properly parsing and validating the per hop payload received in incoming HTLC’s. When forwarding HTLC’s we ensure that the payload recovered is consistent with our current forwarding policy. Additionally, when we’re the “exit node” for a payment, then we ensure that the HTLC extended matches up with our expectation w.r.t the payment amount to be received.
2017-06-16 23:58:02 +02:00
// upstream is a channel that new messages sent from the remote peer to
// the local peer will be sent across.
htlcswitch: make channel link implements interface Step №2 in making htlcManager (aka channelLink) testable: Implement the ChannelLink interface which is needed to use it in pair with htlc switch. With this commit channel link impelements interface, but isn't able to operate properly yet.
2017-05-03 16:07:55 +02:00
upstream chan lnwire.Message
htlcswitch: implement full HTLC onion payload validation logic This commit puts a missing piece in place by properly parsing and validating the per hop payload received in incoming HTLC’s. When forwarding HTLC’s we ensure that the payload recovered is consistent with our current forwarding policy. Additionally, when we’re the “exit node” for a payment, then we ensure that the HTLC extended matches up with our expectation w.r.t the payment amount to be received.
2017-06-16 23:58:02 +02:00
// downstream is a channel in which new multi-hop HTLC's to be
// forwarded will be sent across. Messages from this channel are sent
// by the HTLC switch.
htlcswitch: make channel link implements interface Step №2 in making htlcManager (aka channelLink) testable: Implement the ChannelLink interface which is needed to use it in pair with htlc switch. With this commit channel link impelements interface, but isn't able to operate properly yet.
2017-05-03 16:07:55 +02:00
downstream chan *htlcPacket
peer+htlcswitch: randomize link commitment fee updates In this commit, we modify the behavior of links updating their commitment fees. Rather than attempting to update the commitment fee for each link every time a new block comes in, we'll use a timer with a random interval between 10 and 60 minutes for each link to determine when to update their corresponding commitment fee. This prevents us from oscillating the fee rate for our various commitment transactions.
2018-05-10 23:40:29 +02:00
// updateFeeTimer is the timer responsible for updating the link's
// commitment fee every time it fires.
updateFeeTimer *time.Timer
htlcswitch/link: batch write to preimage cache This commit makes use of the batched AddWitness method of the WitnessCache, in order to avoid performing one write for each accepted preimage. Additionally, this fixes an existing hole in the consistency guarantees since the batched writes are now guaranteed to take place before accepting the next CommitSig. Previously, these writes were processed in an unsynchronized go routine that could be delayed arbitrarily long before being executed. With this change, the async_payments_benchmarks actually shows a slight improvement in performance, presumably because we no longer do an individual write per preimage, even though the execution is now explicitly in the critical path. There is likely also a marginal performance improvement from the reduction in goroutine overhead.
2019-02-20 02:06:15 +01:00
// uncommittedPreimages stores a list of all preimages that have been
// learned since receiving the last CommitSig from the remote peer. The
// batch will be flushed just before accepting the subsequent CommitSig
// or on shutdown to avoid doing a write for each preimage received.
uncommittedPreimages []lntypes.Preimage
funding+htlcswitch: dynamically update short chan id of existing link In this commit, we fix an existing bug that would result in some payments getting “stuck”. This would happen if one side restarted before the channel was fully locked in. In this case, since upon re-connection, the link will get added to the switch with a *short channel ID of zero*. If A then tries to make a multi-hop payment through B, B will fail to forward the payment, as it’ll mistakenly think that the payment originated from a local-subsystem as the channel ID is zero. A short channel ID of zero is used to map local payments back to their caller. With fix this by allowing the funding manager to dynamically update the short channel ID of a link after it discovers the short channel ID. In this commit, we fix a second instance of reported “stuck” payments by users.
2018-02-04 03:14:09 +01:00
sync.RWMutex
htlcswitch: hodl invoice This commit modifies the invoice registry to handle invoices for which the preimage is not known yet (hodl invoices). In that case, the resolution channel passed in from links and resolvers is stored until we either learn the preimage or want to cancel the htlc.
2019-02-11 12:01:05 +01:00
// hodlQueue is used to receive exit hop htlc resolutions from invoice
// registry.
hodlQueue *queue.ConcurrentQueue
htlcswitch+invoices: circuit key based hodl notifications This commit modifies hodl htlc notification from invoice registry from a single notification per hash to distinct notifications per htlc. This prepares for htlc-specific information (accept height) to be added to the notification.
2019-08-14 21:11:34 +02:00
// hodlMap stores related htlc data for a circuit key. It allows
htlcswitch: hodl invoice This commit modifies the invoice registry to handle invoices for which the preimage is not known yet (hodl invoices). In that case, the resolution channel passed in from links and resolvers is stored until we either learn the preimage or want to cancel the htlc.
2019-02-11 12:01:05 +01:00
// resolving those htlcs when we receive a message on hodlQueue.
multi: create channeldb/models package Add a new subpackage to `lnd/channeldb` to hold some of the types that are used in the package itself and in other packages that should not depend on `channeldb`.
2022-11-18 12:15:22 +01:00
hodlMap map[models.CircuitKey]hodlHtlc
htlcswitch: hodl invoice This commit modifies the invoice registry to handle invoices for which the preimage is not known yet (hodl invoices). In that case, the resolution channel passed in from links and resolvers is stored until we either learn the preimage or want to cancel the htlc.
2019-02-11 12:01:05 +01:00
htlcswitch: use prefix logger in link
2019-10-01 11:06:56 +02:00
// log is a link-specific logging instance.
log btclog.Logger
htlcswitch: implement flush api for channelLink
2023-11-28 02:32:03 +01:00
// isOutgoingAddBlocked tracks whether the channelLink can send an
// UpdateAddHTLC.
isOutgoingAddBlocked atomic.Bool
// isIncomingAddBlocked tracks whether the channelLink can receive an
// UpdateAddHTLC.
isIncomingAddBlocked atomic.Bool
htlcswitch: implement flush and commit lifecycle hooks for channelLink
2023-11-28 05:26:21 +01:00
// flushHooks is a hookMap that is triggered when we reach a channel
// state with no live HTLCs.
flushHooks hookMap
// outgoingCommitHooks is a hookMap that is triggered after we send our
// next CommitSig.
outgoingCommitHooks hookMap
// incomingCommitHooks is a hookMap that is triggered after we receive
// our next CommitSig.
incomingCommitHooks hookMap
multi: link quit can interrupt commitment signing In this commit, we make sig job handling when singing a next commitment non-blocking by allowing the shutdown of a channel link to prevent further waiting on sig jobs by the channel state machine. This addresses possible cases where the aux signer may be shut down via a separate quit signal, so the state machine could block indefinitely on receiving an update on a sig job.
2024-10-17 13:38:34 +02:00
// ContextGuard is a helper that encapsulates a wait group and quit
// channel and allows contexts that either block or cancel on those
// depending on the use case.
*fn.ContextGuard
htlcswitch: make channel link implements interface Step №2 in making htlcManager (aka channelLink) testable: Implement the ChannelLink interface which is needed to use it in pair with htlc switch. With this commit channel link impelements interface, but isn't able to operate properly yet.
2017-05-03 16:07:55 +02:00
}
htlcswitch: implement flush and commit lifecycle hooks for channelLink
2023-11-28 05:26:21 +01:00
// hookMap is a data structure that is used to track the hooks that need to be
// called in various parts of the channelLink's lifecycle.
//
// WARNING: NOT thread-safe.
type hookMap struct {
// allocIdx keeps track of the next id we haven't yet allocated.
allocIdx atomic.Uint64
// transient is a map of hooks that are only called the next time invoke
// is called. These hooks are deleted during invoke.
transient map[uint64]func()
// newTransients is a channel that we use to accept new hooks into the
// hookMap.
newTransients chan func()
}
// newHookMap initializes a new empty hookMap.
func newHookMap() hookMap {
return hookMap{
allocIdx: atomic.Uint64{},
transient: make(map[uint64]func()),
newTransients: make(chan func()),
}
}
// alloc allocates space in the hook map for the supplied hook, the second
// argument determines whether it goes into the transient or persistent part
// of the hookMap.
func (m *hookMap) alloc(hook func()) uint64 {
// We assume we never overflow a uint64. Seems OK.
hookID := m.allocIdx.Add(1)
if hookID == 0 {
panic("hookMap allocIdx overflow")
}
m.transient[hookID] = hook
return hookID
}
// invoke is used on a hook map to call all the registered hooks and then clear
// out the transient hooks so they are not called again.
func (m *hookMap) invoke() {
for _, hook := range m.transient {
hook()
}
m.transient = make(map[uint64]func())
}
htlcswitch: abtract invoice from link This commit detaches signaling the invoice registry that an htlc was locked in from the actually settling of the htlc. It is a preparation for hodl invoices.
2019-02-20 12:11:15 +01:00
// hodlHtlc contains htlc data that is required for resolution.
type hodlHtlc struct {
htlcswitch: remove PaymentDescriptor from hodlHtlc This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:05:54 +02:00
add lnwire.UpdateAddHTLC
sourceRef channeldb.AddRef
htlcswitch: move hop iterator into htlcswitch/hop package Prepares for onion blob decoding outside of htlcswitch.
2019-09-05 13:35:39 +02:00
obfuscator hop.ErrorEncrypter
htlcswitch: abtract invoice from link This commit detaches signaling the invoice registry that an htlc was locked in from the actually settling of the htlc. It is a preparation for hodl invoices.
2019-02-20 12:11:15 +01:00
}
htlcswitch: implement full HTLC onion payload validation logic This commit puts a missing piece in place by properly parsing and validating the per hop payload received in incoming HTLC’s. When forwarding HTLC’s we ensure that the payload recovered is consistent with our current forwarding policy. Additionally, when we’re the “exit node” for a payment, then we ensure that the HTLC extended matches up with our expectation w.r.t the payment amount to be received.
2017-06-16 23:58:02 +02:00
// NewChannelLink creates a new instance of a ChannelLink given a configuration
// and active channel that will be used to verify/apply updates to.
multi: move block epochs dependency from links to switch In this commit, we move the block height dependency from the links in the switch to the switch itself. This is possible due to a recent change on the links no longer depending on the block height to update their commitment fees. We'll now only have the switch be alerted of new blocks coming in and links will retrieve the height from it atomically.
2018-06-01 05:31:40 +02:00
func NewChannelLink(cfg ChannelLinkConfig,
channel *lnwallet.LightningChannel) ChannelLink {
htlcswitch: remove redudant variables Because processing of onion blob have been moved in another place we could get rid of the variables which are not needed any more. NOTE: pendingBatch have been replaced with batchCounter variable, but it should be removed at all, because number of pending batch updates might be counted by the state machine itself.
2017-05-01 23:06:10 +02:00
htlcswitch: log link message with channel point In lnd, log messages about channels are generally logged with a reference to their channel point rather than the short channel id. Channel point is reorg-resistant and also easier to look up in for example a block explorer. In the link however, all log messages are accompanied by short channel id. This makes it difficult to grep a log for all channel activity. The PEER message for example which are often crucial to analyse, are logged with channel points. This commit modifies the link logging to also use channel points.
2021-07-13 10:10:38 +02:00
logPrefix := fmt.Sprintf("ChannelLink(%v):", channel.ChannelPoint())
htlcswitch: use prefix logger in link
2019-10-01 11:06:56 +02:00
htlcswitch+lnwallet: calculate fee exposure as commit fees + dust This commit expands the definition of the dust limit to take into account commitment fees as well as dust HTLCs. The dust limit is now known as a fee exposure threshold. Dust HTLCs are fees anyways so it makes sense to account for commitment fees as well. The link has been modified slightly to calculate dust. In the future, the switch dust calculations can be removed.
2024-06-03 18:43:33 +02:00
// If the max fee exposure isn't set, use the default.
if cfg.MaxFeeExposure == 0 {
cfg.MaxFeeExposure = DefaultMaxFeeExposure
}
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
return &channelLink{
htlcswitch: implement flush and commit lifecycle hooks for channelLink
2023-11-28 05:26:21 +01:00
cfg: cfg,
channel: channel,
hodlMap: make(map[models.CircuitKey]hodlHtlc),
hodlQueue: queue.NewConcurrentQueue(10),
log: build.NewPrefixLog(logPrefix, log),
flushHooks: newHookMap(),
outgoingCommitHooks: newHookMap(),
incomingCommitHooks: newHookMap(),
multi: link quit can interrupt commitment signing In this commit, we make sig job handling when singing a next commitment non-blocking by allowing the shutdown of a channel link to prevent further waiting on sig jobs by the channel state machine. This addresses possible cases where the aux signer may be shut down via a separate quit signal, so the state machine could block indefinitely on receiving an update on a sig job.
2024-10-17 13:38:34 +02:00
ContextGuard: fn.NewContextGuard(),
htlcswitch: remove redudant variables Because processing of onion blob have been moved in another place we could get rid of the variables which are not needed any more. NOTE: pendingBatch have been replaced with batchCounter variable, but it should be removed at all, because number of pending batch updates might be counted by the state machine itself.
2017-05-01 23:06:10 +02:00
}
}
htlcswitch: make channel link implements interface Step №2 in making htlcManager (aka channelLink) testable: Implement the ChannelLink interface which is needed to use it in pair with htlc switch. With this commit channel link impelements interface, but isn't able to operate properly yet.
2017-05-03 16:07:55 +02:00
// A compile time check to ensure channelLink implements the ChannelLink
// interface.
var _ ChannelLink = (*channelLink)(nil)
htlcswitch: re-introduce dynamic commitment log tick timer This commit fixes a slight regression in the logic of the switch by ensuring that the log commitment timer is only start _after_ we receive a new commitment signature. Otherwise, the ticker will keep ticking and possibly settle HTLC’s that’ve yet to be locked in, or waste a signature causing us to be deprived of a revocation which is required for us to initiate a new state transition. Additionally, the commit performs a few minor post-merge clean ups.
2017-06-01 01:43:37 +02:00
// Start starts all helper goroutines required for the operation of the channel
// link.
//
htlcswitch: make channel link implements interface Step №2 in making htlcManager (aka channelLink) testable: Implement the ChannelLink interface which is needed to use it in pair with htlc switch. With this commit channel link impelements interface, but isn't able to operate properly yet.
2017-05-03 16:07:55 +02:00
// NOTE: Part of the ChannelLink interface.
func (l *channelLink) Start() error {
if !atomic.CompareAndSwapInt32(&l.started, 0, 1) {
htlcswitch: replace errors package implementation
2024-04-06 02:08:38 +02:00
err := fmt.Errorf("channel link(%v): already started", l)
htlcswitch: use prefix logger for remaining log statements in link
2019-10-01 11:16:24 +02:00
l.log.Warn("already started")
htlcswitch+channel: add channel states synchronization In this commit BOLT№2 retranmission logic for the channel link have been added. Now if channel link have been initialised with the 'SyncState' field than it will send the lnwire.ChannelReestablish message and will be waiting for receiving the same message from remote side. Exchange of this message allow both sides understand which updates they should exchange with each other in order sync their states.
2017-07-09 01:30:20 +02:00
return err
htlcswitch: make channel link implements interface Step №2 in making htlcManager (aka channelLink) testable: Implement the ChannelLink interface which is needed to use it in pair with htlc switch. With this commit channel link impelements interface, but isn't able to operate properly yet.
2017-05-03 16:07:55 +02:00
}
htlcswitch: use prefix logger for remaining log statements in link
2019-10-01 11:16:24 +02:00
l.log.Info("starting")
htlcswitch: make channel link implements interface Step №2 in making htlcManager (aka channelLink) testable: Implement the ChannelLink interface which is needed to use it in pair with htlc switch. With this commit channel link impelements interface, but isn't able to operate properly yet.
2017-05-03 16:07:55 +02:00
htlcswitch/link: backup revoked states to watchtower
2019-06-14 02:28:14 +02:00
// If the config supplied watchtower client, ensure the channel is
// registered before trying to use it during operation.
link+peer: thread anchor tower client to link
2020-11-26 00:06:46 +01:00
if l.cfg.TowerClient != nil {
multi: move BackupState and RegisterChannel to Manager This commit moves over the last two methods, `RegisterChannel` and `BackupState` from the `Client` to the `Manager` interface. With this change, we no longer need to pass around the individual clients around and now only need to pass the manager around. To do this change, all the goroutines that handle channel closes, closable sessions needed to be moved to the Manager and so a large part of this commit is just moving this code from the TowerClient to the Manager.
2023-05-16 15:22:45 +02:00
err := l.cfg.TowerClient.RegisterChannel(
l.ChanID(), l.channel.State().ChanType,
)
htlcswitch/link: backup revoked states to watchtower
2019-06-14 02:28:14 +02:00
if err != nil {
return err
}
}
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
l.mailBox.ResetMessages()
htlcswitch: hodl invoice This commit modifies the invoice registry to handle invoices for which the preimage is not known yet (hodl invoices). In that case, the resolution channel passed in from links and resolvers is stored until we either learn the preimage or want to cancel the htlc.
2019-02-11 12:01:05 +01:00
l.hodlQueue.Start()
htlcswitch: re-write link's packet overflow queue for readability+extensibility This commit completes a full re-write of the link’s packet overflow queue with the goals of the making the code itself more understandable and also allowing it to be more extensible in the future with various algorithms for handling HTLC congestion avoidance and persistent queue back pressure. The new design is simpler and consumes much less coroutines (no longer a new goroutine for each active HLTC). We now implement a simple synchronized queue using a standard condition variable.
2017-09-23 00:54:10 +02:00
htlcswitch: move link trimming to link start up In this commit, we fix a race in the set of TestChannelLinkTrimCircuits* tests. Before this commit, we would trim the circuits in the htlcManager goroutine. However, this was problematic as the scheduling order of goroutines isn't predictable. Instead, we'll now trim the circuits in the Start method. Additionally, we fix a series of off-by-2 bugs in the tests themselves.
2018-05-04 05:11:46 +02:00
// Before launching the htlcManager messages, revert any circuits that
// were marked open in the switch's circuit map, but did not make it
// into a commitment txn. We use the next local htlc index as the cut
// off point, since all indexes below that are committed. This action
// is only performed if the link's final short channel ID has been
// assigned, otherwise we would try to trim the htlcs belonging to the
htlcswitch/hop: move hop.Exit and hop.Source to hop pkg
2019-08-30 23:11:38 +02:00
// all-zero, hop.Source ID.
if l.ShortChanID() != hop.Source {
htlcswitch: move link trimming to link start up In this commit, we fix a race in the set of TestChannelLinkTrimCircuits* tests. Before this commit, we would trim the circuits in the htlcManager goroutine. However, this was problematic as the scheduling order of goroutines isn't predictable. Instead, we'll now trim the circuits in the Start method. Additionally, we fix a series of off-by-2 bugs in the tests themselves.
2018-05-04 05:11:46 +02:00
localHtlcIndex, err := l.channel.NextLocalHtlcIndex()
if err != nil {
return fmt.Errorf("unable to retrieve next local "+
"htlc index: %v", err)
}
// NOTE: This is automatically done by the switch when it
// starts up, but is necessary to prevent inconsistencies in
// the case that the link flaps. This is a result of a link's
// life-cycle being shorter than that of the switch.
chanID := l.ShortChanID()
err = l.cfg.Circuits.TrimOpenCircuits(chanID, localHtlcIndex)
if err != nil {
return fmt.Errorf("unable to trim circuits above "+
"local htlc index %d: %v", localHtlcIndex, err)
}
htlcswitch/link: only update contract signals on start if live link
2018-07-13 03:16:32 +02:00
// Since the link is live, before we start the link we'll update
// the ChainArbitrator with the set of new channel signals for
// this channel.
//
// TODO(roasbeef): split goroutines within channel arb to avoid
go func() {
signals := &contractcourt.ContractSignals{
ShortChanID: l.channel.ShortChanID(),
}
err := l.cfg.UpdateContractSignals(signals)
if err != nil {
htlcswitch: log in lower case
2019-10-02 15:53:29 +02:00
l.log.Errorf("unable to update signals")
htlcswitch/link: only update contract signals on start if live link
2018-07-13 03:16:32 +02:00
}
}()
htlcswitch: move link trimming to link start up In this commit, we fix a race in the set of TestChannelLinkTrimCircuits* tests. Before this commit, we would trim the circuits in the htlcManager goroutine. However, this was problematic as the scheduling order of goroutines isn't predictable. Instead, we'll now trim the circuits in the Start method. Additionally, we fix a series of off-by-2 bugs in the tests themselves.
2018-05-04 05:11:46 +02:00
}
peer+htlcswitch: randomize link commitment fee updates In this commit, we modify the behavior of links updating their commitment fees. Rather than attempting to update the commitment fee for each link every time a new block comes in, we'll use a timer with a random interval between 10 and 60 minutes for each link to determine when to update their corresponding commitment fee. This prevents us from oscillating the fee rate for our various commitment transactions.
2018-05-10 23:40:29 +02:00
l.updateFeeTimer = time.NewTimer(l.randomFeeUpdateTimeout())
multi: link quit can interrupt commitment signing In this commit, we make sig job handling when singing a next commitment non-blocking by allowing the shutdown of a channel link to prevent further waiting on sig jobs by the channel state machine. This addresses possible cases where the aux signer may be shut down via a separate quit signal, so the state machine could block indefinitely on receiving an update on a sig job.
2024-10-17 13:38:34 +02:00
l.Wg.Add(1)
htlcswitch: implement full HTLC onion payload validation logic This commit puts a missing piece in place by properly parsing and validating the per hop payload received in incoming HTLC’s. When forwarding HTLC’s we ensure that the payload recovered is consistent with our current forwarding policy. Additionally, when we’re the “exit node” for a payment, then we ensure that the HTLC extended matches up with our expectation w.r.t the payment amount to be received.
2017-06-16 23:58:02 +02:00
go l.htlcManager()
htlcswitch: make channel link implements interface Step №2 in making htlcManager (aka channelLink) testable: Implement the ChannelLink interface which is needed to use it in pair with htlc switch. With this commit channel link impelements interface, but isn't able to operate properly yet.
2017-05-03 16:07:55 +02:00
return nil
}
// Stop gracefully stops all active helper goroutines, then waits until they've
// exited.
htlcswitch: re-introduce dynamic commitment log tick timer This commit fixes a slight regression in the logic of the switch by ensuring that the log commitment timer is only start _after_ we receive a new commitment signature. Otherwise, the ticker will keep ticking and possibly settle HTLC’s that’ve yet to be locked in, or waste a signature causing us to be deprived of a revocation which is required for us to initiate a new state transition. Additionally, the commit performs a few minor post-merge clean ups.
2017-06-01 01:43:37 +02:00
//
htlcswitch: make channel link implements interface Step №2 in making htlcManager (aka channelLink) testable: Implement the ChannelLink interface which is needed to use it in pair with htlc switch. With this commit channel link impelements interface, but isn't able to operate properly yet.
2017-05-03 16:07:55 +02:00
// NOTE: Part of the ChannelLink interface.
func (l *channelLink) Stop() {
if !atomic.CompareAndSwapInt32(&l.shutdown, 0, 1) {
htlcswitch: use prefix logger for remaining log statements in link
2019-10-01 11:16:24 +02:00
l.log.Warn("already stopped")
htlcswitch: make channel link implements interface Step №2 in making htlcManager (aka channelLink) testable: Implement the ChannelLink interface which is needed to use it in pair with htlc switch. With this commit channel link impelements interface, but isn't able to operate properly yet.
2017-05-03 16:07:55 +02:00
return
}
htlcswitch: use prefix logger for remaining log statements in link
2019-10-01 11:16:24 +02:00
l.log.Info("stopping")
htlcswitch: make channel link implements interface Step №2 in making htlcManager (aka channelLink) testable: Implement the ChannelLink interface which is needed to use it in pair with htlc switch. With this commit channel link impelements interface, but isn't able to operate properly yet.
2017-05-03 16:07:55 +02:00
mutli: rename HodlEvent to HtlcResolution This commit renames HodlEvent to HtlcResolution to better reflect the fact that the struct is only used for htlc settles and cancels, and that it is not specifically used for hodl invoices.
2019-12-20 11:25:07 +01:00
// As the link is stopping, we are no longer interested in htlc
// resolutions coming from the invoice registry.
htlcswitch: hodl invoice This commit modifies the invoice registry to handle invoices for which the preimage is not known yet (hodl invoices). In that case, the resolution channel passed in from links and resolvers is stored until we either learn the preimage or want to cancel the htlc.
2019-02-11 12:01:05 +01:00
l.cfg.Registry.HodlUnsubscribeAll(l.hodlQueue.ChanIn())
htlcswitch: update to use new event stream from the chainWatcher
2018-01-18 23:15:42 +01:00
if l.cfg.ChainEvents.Cancel != nil {
l.cfg.ChainEvents.Cancel()
}
htlcswitch: close the updateFeeTimer properly
2020-12-01 23:20:31 +01:00
// Ensure the channel for the timer is drained.
multi: prevent nil panics in stop methods. With this PR we might call the stop method even when the start method of a subsystem did not successfully finish therefore we need to make sure we guard the stop methods for potential panics if some variables are not initialized in the contructors of the subsystems.
2024-07-27 14:39:46 +02:00
if l.updateFeeTimer != nil {
if !l.updateFeeTimer.Stop() {
select {
case <-l.updateFeeTimer.C:
default:
}
htlcswitch: close the updateFeeTimer properly
2020-12-01 23:20:31 +01:00
}
}
multi: prevent nil panics in stop methods. With this PR we might call the stop method even when the start method of a subsystem did not successfully finish therefore we need to make sure we guard the stop methods for potential panics if some variables are not initialized in the contructors of the subsystems.
2024-07-27 14:39:46 +02:00
if l.hodlQueue != nil {
l.hodlQueue.Stop()
}
htlcswitch: re-write link's packet overflow queue for readability+extensibility This commit completes a full re-write of the link’s packet overflow queue with the goals of the making the code itself more understandable and also allowing it to be more extensible in the future with various algorithms for handling HTLC congestion avoidance and persistent queue back pressure. The new design is simpler and consumes much less coroutines (no longer a new goroutine for each active HLTC). We now implement a simple synchronized queue using a standard condition variable.
2017-09-23 00:54:10 +02:00
multi: link quit can interrupt commitment signing In this commit, we make sig job handling when singing a next commitment non-blocking by allowing the shutdown of a channel link to prevent further waiting on sig jobs by the channel state machine. This addresses possible cases where the aux signer may be shut down via a separate quit signal, so the state machine could block indefinitely on receiving an update on a sig job.
2024-10-17 13:38:34 +02:00
close(l.Quit)
l.Wg.Wait()
htlcswitch/link: batch write to preimage cache This commit makes use of the batched AddWitness method of the WitnessCache, in order to avoid performing one write for each accepted preimage. Additionally, this fixes an existing hole in the consistency guarantees since the batched writes are now guaranteed to take place before accepting the next CommitSig. Previously, these writes were processed in an unsynchronized go routine that could be delayed arbitrarily long before being executed. With this change, the async_payments_benchmarks actually shows a slight improvement in performance, presumably because we no longer do an individual write per preimage, even though the execution is now explicitly in the critical path. There is likely also a marginal performance improvement from the reduction in goroutine overhead.
2019-02-20 02:06:15 +01:00
htlcswitch/mailbox: fail htlcs when delayed for 1 minute Now that packet failure is handled by the mailbox, we can now enforce a delivery deadline and fail the packet if it the deadilne is exceeded. This gives senders quicker feedback about tried routes, and allows them to try alternative paths to the destination in the meantime.
2020-04-14 19:50:07 +02:00
// Now that the htlcManager has completely exited, reset the packet
// courier. This allows the mailbox to revaluate any lingering Adds that
// were delivered but didn't make it on a commitment to be failed back
// if the link is offline for an extended period of time. The error is
// ignored since it can only fail when the daemon is exiting.
_ = l.mailBox.ResetPackets()
htlcswitch/link: batch write to preimage cache This commit makes use of the batched AddWitness method of the WitnessCache, in order to avoid performing one write for each accepted preimage. Additionally, this fixes an existing hole in the consistency guarantees since the batched writes are now guaranteed to take place before accepting the next CommitSig. Previously, these writes were processed in an unsynchronized go routine that could be delayed arbitrarily long before being executed. With this change, the async_payments_benchmarks actually shows a slight improvement in performance, presumably because we no longer do an individual write per preimage, even though the execution is now explicitly in the critical path. There is likely also a marginal performance improvement from the reduction in goroutine overhead.
2019-02-20 02:06:15 +01:00
// As a final precaution, we will attempt to flush any uncommitted
// preimages to the preimage cache. The preimages should be re-delivered
// after channel reestablishment, however this adds an extra layer of
// protection in case the peer never returns. Without this, we will be
// unable to settle any contracts depending on the preimages even though
// we had learned them at some point.
err := l.cfg.PreimageCache.AddPreimages(l.uncommittedPreimages...)
if err != nil {
htlcswitch: log in lower case
2019-10-02 15:53:29 +02:00
l.log.Errorf("unable to add preimages=%v to cache: %v",
htlcswitch/link: batch write to preimage cache This commit makes use of the batched AddWitness method of the WitnessCache, in order to avoid performing one write for each accepted preimage. Additionally, this fixes an existing hole in the consistency guarantees since the batched writes are now guaranteed to take place before accepting the next CommitSig. Previously, these writes were processed in an unsynchronized go routine that could be delayed arbitrarily long before being executed. With this change, the async_payments_benchmarks actually shows a slight improvement in performance, presumably because we no longer do an individual write per preimage, even though the execution is now explicitly in the critical path. There is likely also a marginal performance improvement from the reduction in goroutine overhead.
2019-02-20 02:06:15 +01:00
l.uncommittedPreimages, err)
}
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
}
htlcswitch/link: add WaitForShutdown method for testing
2018-06-27 03:05:39 +02:00
// WaitForShutdown blocks until the link finishes shutting down, which includes
// termination of all dependent goroutines.
func (l *channelLink) WaitForShutdown() {
multi: link quit can interrupt commitment signing In this commit, we make sig job handling when singing a next commitment non-blocking by allowing the shutdown of a channel link to prevent further waiting on sig jobs by the channel state machine. This addresses possible cases where the aux signer may be shut down via a separate quit signal, so the state machine could block indefinitely on receiving an update on a sig job.
2024-10-17 13:38:34 +02:00
l.Wg.Wait()
htlcswitch/link: add WaitForShutdown method for testing
2018-06-27 03:05:39 +02:00
}
htlcswitch: add new method to the ChannelLink interface, EligibleToForward In this commit, we add a new method to the ChanneLink interface: EligibleToForward. This method allows a link to be added to the switch, but in an intermediate state which indicates that it isn’t yet ready to forward any incoming HTLC’s.
2017-12-06 02:48:28 +01:00
// EligibleToForward returns a bool indicating if the channel is able to
// actively accept requests to forward HTLC's. We're able to forward HTLC's if
htlcswitch: make link forward eligibility flush aware
2023-11-26 21:43:21 +01:00
// we are eligible to update AND the channel isn't currently flushing the
// outgoing half of the channel.
htlcswitch: add new method to the ChannelLink interface, EligibleToForward In this commit, we add a new method to the ChanneLink interface: EligibleToForward. This method allows a link to be added to the switch, but in an intermediate state which indicates that it isn’t yet ready to forward any incoming HTLC’s.
2017-12-06 02:48:28 +01:00
func (l *channelLink) EligibleToForward() bool {
htlcswitch: make link forward eligibility flush aware
2023-11-26 21:43:21 +01:00
return l.EligibleToUpdate() &&
!l.IsFlushing(Outgoing)
}
// EligibleToUpdate returns a bool indicating if the channel is able to update
// channel state. We're able to update channel state if we know the remote
// party's next revocation point. Otherwise, we can't initiate new channel
// state. We also require that the short channel ID not be the all-zero source
// ID, meaning that the channel has had its ID finalized.
func (l *channelLink) EligibleToUpdate() bool {
htlcswitch/link: fix UpdateShortChanID
2018-05-02 01:29:47 +02:00
return l.channel.RemoteNextRevocation() != nil &&
htlcswitch/link: restrict EligibleToForward to wait for reestablish This commit modifies the link's EligibleToForward() method only return true once the peers have successfully exchanged channel reestablish messages. This is a preliminary step to increasing the reestablish timeout, ensuring the switch won't try to forward over links while we're waiting for the remote peer to resume the connection.
2019-09-19 21:46:56 +02:00
l.ShortChanID() != hop.Source &&
l.isReestablished()
}
htlcswitch+peer: add flush api and lifecycle hooks to ChannelUpdateHandler We also add dummy implementations to channelLink and various mocks.
2023-11-21 22:20:53 +01:00
// EnableAdds sets the ChannelUpdateHandler state to allow UpdateAddHtlc's in
peer+htlcswitch: update Enable/DisableAdds API In this commit, the `ChannelUpdateHandler`'s `EnableAdds` and `DisableAdds` methods are adjusted to return booleans instead of errors. This is done becuase currently, any error returned by these methods is treated by just logging the error since today all it means is that the proposed update has already been done. And so all we do today is log the error. But in future, if these methods are updated to return actual errors that need to be handled, then we might forget to handle them correctly at the various call sights. So we instead change the signature of the function to just return a boolean. In future, if we do need to return any error, we will have to go inspect every call sight in any case to fix compliation & then we can be sure we are handling the errors correctly.
2024-02-07 11:39:37 +01:00
// the specified direction. It returns true if the state was changed and false
// if the desired state was already set before the method was called.
func (l *channelLink) EnableAdds(linkDirection LinkDirection) bool {
htlcswitch: implement flush api for channelLink
2023-11-28 02:32:03 +01:00
if linkDirection == Outgoing {
peer+htlcswitch: update Enable/DisableAdds API In this commit, the `ChannelUpdateHandler`'s `EnableAdds` and `DisableAdds` methods are adjusted to return booleans instead of errors. This is done becuase currently, any error returned by these methods is treated by just logging the error since today all it means is that the proposed update has already been done. And so all we do today is log the error. But in future, if these methods are updated to return actual errors that need to be handled, then we might forget to handle them correctly at the various call sights. So we instead change the signature of the function to just return a boolean. In future, if we do need to return any error, we will have to go inspect every call sight in any case to fix compliation & then we can be sure we are handling the errors correctly.
2024-02-07 11:39:37 +01:00
return l.isOutgoingAddBlocked.Swap(false)
htlcswitch: implement flush api for channelLink
2023-11-28 02:32:03 +01:00
}
peer+htlcswitch: update Enable/DisableAdds API In this commit, the `ChannelUpdateHandler`'s `EnableAdds` and `DisableAdds` methods are adjusted to return booleans instead of errors. This is done becuase currently, any error returned by these methods is treated by just logging the error since today all it means is that the proposed update has already been done. And so all we do today is log the error. But in future, if these methods are updated to return actual errors that need to be handled, then we might forget to handle them correctly at the various call sights. So we instead change the signature of the function to just return a boolean. In future, if we do need to return any error, we will have to go inspect every call sight in any case to fix compliation & then we can be sure we are handling the errors correctly.
2024-02-07 11:39:37 +01:00
return l.isIncomingAddBlocked.Swap(false)
htlcswitch+peer: add flush api and lifecycle hooks to ChannelUpdateHandler We also add dummy implementations to channelLink and various mocks.
2023-11-21 22:20:53 +01:00
}
multi: fix various typos
2024-01-31 11:09:02 +01:00
// DisableAdds sets the ChannelUpdateHandler state to allow UpdateAddHtlc's in
peer+htlcswitch: update Enable/DisableAdds API In this commit, the `ChannelUpdateHandler`'s `EnableAdds` and `DisableAdds` methods are adjusted to return booleans instead of errors. This is done becuase currently, any error returned by these methods is treated by just logging the error since today all it means is that the proposed update has already been done. And so all we do today is log the error. But in future, if these methods are updated to return actual errors that need to be handled, then we might forget to handle them correctly at the various call sights. So we instead change the signature of the function to just return a boolean. In future, if we do need to return any error, we will have to go inspect every call sight in any case to fix compliation & then we can be sure we are handling the errors correctly.
2024-02-07 11:39:37 +01:00
// the specified direction. It returns true if the state was changed and false
// if the desired state was already set before the method was called.
func (l *channelLink) DisableAdds(linkDirection LinkDirection) bool {
htlcswitch: implement flush api for channelLink
2023-11-28 02:32:03 +01:00
if linkDirection == Outgoing {
peer+htlcswitch: update Enable/DisableAdds API In this commit, the `ChannelUpdateHandler`'s `EnableAdds` and `DisableAdds` methods are adjusted to return booleans instead of errors. This is done becuase currently, any error returned by these methods is treated by just logging the error since today all it means is that the proposed update has already been done. And so all we do today is log the error. But in future, if these methods are updated to return actual errors that need to be handled, then we might forget to handle them correctly at the various call sights. So we instead change the signature of the function to just return a boolean. In future, if we do need to return any error, we will have to go inspect every call sight in any case to fix compliation & then we can be sure we are handling the errors correctly.
2024-02-07 11:39:37 +01:00
return !l.isOutgoingAddBlocked.Swap(true)
htlcswitch: implement flush api for channelLink
2023-11-28 02:32:03 +01:00
}
peer+htlcswitch: update Enable/DisableAdds API In this commit, the `ChannelUpdateHandler`'s `EnableAdds` and `DisableAdds` methods are adjusted to return booleans instead of errors. This is done becuase currently, any error returned by these methods is treated by just logging the error since today all it means is that the proposed update has already been done. And so all we do today is log the error. But in future, if these methods are updated to return actual errors that need to be handled, then we might forget to handle them correctly at the various call sights. So we instead change the signature of the function to just return a boolean. In future, if we do need to return any error, we will have to go inspect every call sight in any case to fix compliation & then we can be sure we are handling the errors correctly.
2024-02-07 11:39:37 +01:00
return !l.isIncomingAddBlocked.Swap(true)
htlcswitch+peer: add flush api and lifecycle hooks to ChannelUpdateHandler We also add dummy implementations to channelLink and various mocks.
2023-11-21 22:20:53 +01:00
}
// IsFlushing returns true when UpdateAddHtlc's are disabled in the direction of
// the argument.
htlcswitch: implement flush api for channelLink
2023-11-28 02:32:03 +01:00
func (l *channelLink) IsFlushing(linkDirection LinkDirection) bool {
if linkDirection == Outgoing {
return l.isOutgoingAddBlocked.Load()
}
return l.isIncomingAddBlocked.Load()
htlcswitch+peer: add flush api and lifecycle hooks to ChannelUpdateHandler We also add dummy implementations to channelLink and various mocks.
2023-11-21 22:20:53 +01:00
}
htlcswitch: implement flush and commit lifecycle hooks for channelLink
2023-11-28 05:26:21 +01:00
// OnFlushedOnce adds a hook that will be called the next time the channel
// state reaches zero htlcs. This hook will only ever be called once. If the
// channel state already has zero htlcs, then this will be called immediately.
func (l *channelLink) OnFlushedOnce(hook func()) {
select {
case l.flushHooks.newTransients <- hook:
multi: link quit can interrupt commitment signing In this commit, we make sig job handling when singing a next commitment non-blocking by allowing the shutdown of a channel link to prevent further waiting on sig jobs by the channel state machine. This addresses possible cases where the aux signer may be shut down via a separate quit signal, so the state machine could block indefinitely on receiving an update on a sig job.
2024-10-17 13:38:34 +02:00
case <-l.Quit:
htlcswitch: implement flush and commit lifecycle hooks for channelLink
2023-11-28 05:26:21 +01:00
}
htlcswitch+peer: add flush api and lifecycle hooks to ChannelUpdateHandler We also add dummy implementations to channelLink and various mocks.
2023-11-21 22:20:53 +01:00
}
// OnCommitOnce adds a hook that will be called the next time a CommitSig
// message is sent in the argument's LinkDirection. This hook will only ever be
// called once. If no CommitSig is owed in the argument's LinkDirection, then
htlcswitch: implement flush and commit lifecycle hooks for channelLink
2023-11-28 05:26:21 +01:00
// we will call this hook be run immediately.
func (l *channelLink) OnCommitOnce(direction LinkDirection, hook func()) {
var queue chan func()
if direction == Outgoing {
queue = l.outgoingCommitHooks.newTransients
} else {
queue = l.incomingCommitHooks.newTransients
}
select {
case queue <- hook:
multi: link quit can interrupt commitment signing In this commit, we make sig job handling when singing a next commitment non-blocking by allowing the shutdown of a channel link to prevent further waiting on sig jobs by the channel state machine. This addresses possible cases where the aux signer may be shut down via a separate quit signal, so the state machine could block indefinitely on receiving an update on a sig job.
2024-10-17 13:38:34 +02:00
case <-l.Quit:
htlcswitch: implement flush and commit lifecycle hooks for channelLink
2023-11-28 05:26:21 +01:00
}
htlcswitch+peer: add flush api and lifecycle hooks to ChannelUpdateHandler We also add dummy implementations to channelLink and various mocks.
2023-11-21 22:20:53 +01:00
}
htlcswitch/link: restrict EligibleToForward to wait for reestablish This commit modifies the link's EligibleToForward() method only return true once the peers have successfully exchanged channel reestablish messages. This is a preliminary step to increasing the reestablish timeout, ensuring the switch won't try to forward over links while we're waiting for the remote peer to resume the connection.
2019-09-19 21:46:56 +02:00
// isReestablished returns true if the link has successfully completed the
// channel reestablishment dance.
func (l *channelLink) isReestablished() bool {
return atomic.LoadInt32(&l.reestablished) == 1
}
// markReestablished signals that the remote peer has successfully exchanged
// channel reestablish messages and that the channel is ready to process
// subsequent messages.
func (l *channelLink) markReestablished() {
atomic.StoreInt32(&l.reestablished, 1)
htlcswitch: add new method to the ChannelLink interface, EligibleToForward In this commit, we add a new method to the ChanneLink interface: EligibleToForward. This method allows a link to be added to the switch, but in an intermediate state which indicates that it isn’t yet ready to forward any incoming HTLC’s.
2017-12-06 02:48:28 +01:00
}
server+htlcswitch: prevent privacy leaks, allow alias routing This intent of this change is to prevent privacy leaks when routing with aliases and also to allow routing when using an alias. The aliases are our aliases. Introduces are two maps: * aliasToReal: This is an N->1 mapping for a channel. The keys are the set of aliases and the value is the confirmed, on-chain SCID. * baseIndex: This is also an N->1 mapping for a channel. The keys are the set of aliases and the value is the "base" SCID (whatever is in the OpenChannel.ShortChannelID field). There is also a base->base mapping, so not all keys are aliases. The above maps are populated when a link is added to the switch and when the channel has confirmed on-chain. The maps are not removed from if the link is removed, but this is fine since forwarding won't occur. * getLinkByMapping This function is introduced to adhere to the spec requirements that using the confirmed SCID of a private, scid-alias-feature-bit channel does not work. Lnd implements a stricter version of the spec and disallows this behavior if the feature-bit was negotiated, rather than just the channel type. The old, privacy-leak behavior is preserved. The spec also requires that if we must fail back an HTLC, the ChannelUpdate must use the SCID of whatever was in the onion, to avoid a privacy leak. This is also done by passing in the relevant SCID to the mailbox and link. Lnd will also cancel back on the "incoming" side if the InterceptableSwitch was used or if the link failed to decrypt the onion. In this case, we are cautious and replace the SCID if an alias exists.
2022-04-04 22:44:51 +02:00
// IsUnadvertised returns true if the underlying channel is unadvertised.
func (l *channelLink) IsUnadvertised() bool {
state := l.channel.State()
return state.ChannelFlags&lnwire.FFAnnounceChannel == 0
}
htlcswitch: within link, with each new block, check to see if commit fee should change In this commit we add a new case to the main select statement within a channel link. This select statement will serve as a Sipping Bird which will check the network fee rate (as returned by the fee estimator) and compare that to the fee on the commitment transaction. Using the shouldAdjustCommitFee function, we determine if we should update the commitment fee. If so, then we’ll send an UpdateFee message and also trigger a new commitment update. We also add a new unit test: TestChannelLinkUpdateCommitFee to ensure that we update the fee accordingly if the fee increases or decreases by a large portion.
2017-11-24 05:31:45 +01:00
// sampleNetworkFee samples the current fee rate on the network to get into the
// chain in a timely manner. The returned value is expressed in fee-per-kw, as
// this is the native rate used when computing the fee for commitment
// transactions, and the second-level HTLC transactions.
chainfee: create new chainfee package extracting fees from lnwallet In this commit, we create a new chainfee package, that houses all fee related functionality used within the codebase. The creation of this new package furthers our long-term goal of extracting functionality from the bloated `lnwallet` package into new distinct packages. Additionally, this new packages resolves a class of import cycle that could arise if a new package that was imported by something in `lnwallet` wanted to use the existing fee related functions in the prior `lnwallet` package.
2019-10-31 03:43:05 +01:00
func (l *channelLink) sampleNetworkFee() (chainfee.SatPerKWeight, error) {
multi: update to latest fee estimation interface
2018-07-28 03:20:58 +02:00
// We'll first query for the sat/kw recommended to be confirmed within 3
// blocks.
feePerKw, err := l.cfg.FeeEstimator.EstimateFeePerKW(3)
htlcswitch: within link, with each new block, check to see if commit fee should change In this commit we add a new case to the main select statement within a channel link. This select statement will serve as a Sipping Bird which will check the network fee rate (as returned by the fee estimator) and compare that to the fee on the commitment transaction. Using the shouldAdjustCommitFee function, we determine if we should update the commitment fee. If so, then we’ll send an UpdateFee message and also trigger a new commitment update. We also add a new unit test: TestChannelLinkUpdateCommitFee to ensure that we update the fee accordingly if the fee increases or decreases by a large portion.
2017-11-24 05:31:45 +01:00
if err != nil {
return 0, err
}
htlcswitch: use prefix logger for remaining log statements in link
2019-10-01 11:16:24 +02:00
l.log.Debugf("sampled fee rate for 3 block conf: %v sat/kw",
int64(feePerKw))
htlcswitch: within link, with each new block, check to see if commit fee should change In this commit we add a new case to the main select statement within a channel link. This select statement will serve as a Sipping Bird which will check the network fee rate (as returned by the fee estimator) and compare that to the fee on the commitment transaction. Using the shouldAdjustCommitFee function, we determine if we should update the commitment fee. If so, then we’ll send an UpdateFee message and also trigger a new commitment update. We also add a new unit test: TestChannelLinkUpdateCommitFee to ensure that we update the fee accordingly if the fee increases or decreases by a large portion.
2017-11-24 05:31:45 +01:00
return feePerKw, nil
}
htlcswitch: add new shouldAdjustCommitFee helper function In this commit, we add a new helper function to the link which will be utilized in a later commit. This helper function will help us determine if we should update the commitment fee, in response to a change in the network fee return by our fee estimators.
2017-11-24 05:21:46 +01:00
// shouldAdjustCommitFee returns true if we should update our commitment fee to
// match that of the network fee. We'll only update our commitment fee if the
htlcswitch: respect minimum relay fee When channels fee rates are being considered for an update, the minimum relay fee should also be considered.
2021-06-23 14:28:25 +02:00
// network fee is +/- 10% to our commitment fee or if our current commitment
// fee is below the minimum relay fee.
func shouldAdjustCommitFee(netFee, chanFee,
minRelayFee chainfee.SatPerKWeight) bool {
htlcswitch: add new shouldAdjustCommitFee helper function In this commit, we add a new helper function to the link which will be utilized in a later commit. This helper function will help us determine if we should update the commitment fee, in response to a change in the network fee return by our fee estimators.
2017-11-24 05:21:46 +01:00
switch {
htlcswitch: respect minimum relay fee When channels fee rates are being considered for an update, the minimum relay fee should also be considered.
2021-06-23 14:28:25 +02:00
// If the network fee is greater than our current commitment fee and
// our current commitment fee is below the minimum relay fee then
// we should switch to it no matter if it is less than a 10% increase.
case netFee > chanFee && chanFee < minRelayFee:
return true
htlcswitch: add new shouldAdjustCommitFee helper function In this commit, we add a new helper function to the link which will be utilized in a later commit. This helper function will help us determine if we should update the commitment fee, in response to a change in the network fee return by our fee estimators.
2017-11-24 05:21:46 +01:00
// If the network fee is greater than the commitment fee, then we'll
// switch to it if it's at least 10% greater than the commit fee.
case netFee > chanFee && netFee >= (chanFee+(chanFee*10)/100):
return true
// If the network fee is less than our commitment fee, then we'll
// switch to it if it's at least 10% less than the commitment fee.
case netFee < chanFee && netFee <= (chanFee-(chanFee*10)/100):
return true
// Otherwise, we won't modify our fee.
default:
return false
}
}
server+htlcswitch: prevent privacy leaks, allow alias routing This intent of this change is to prevent privacy leaks when routing with aliases and also to allow routing when using an alias. The aliases are our aliases. Introduces are two maps: * aliasToReal: This is an N->1 mapping for a channel. The keys are the set of aliases and the value is the confirmed, on-chain SCID. * baseIndex: This is also an N->1 mapping for a channel. The keys are the set of aliases and the value is the "base" SCID (whatever is in the OpenChannel.ShortChannelID field). There is also a base->base mapping, so not all keys are aliases. The above maps are populated when a link is added to the switch and when the channel has confirmed on-chain. The maps are not removed from if the link is removed, but this is fine since forwarding won't occur. * getLinkByMapping This function is introduced to adhere to the spec requirements that using the confirmed SCID of a private, scid-alias-feature-bit channel does not work. Lnd implements a stricter version of the spec and disallows this behavior if the feature-bit was negotiated, rather than just the channel type. The old, privacy-leak behavior is preserved. The spec also requires that if we must fail back an HTLC, the ChannelUpdate must use the SCID of whatever was in the onion, to avoid a privacy leak. This is also done by passing in the relevant SCID to the mailbox and link. Lnd will also cancel back on the "incoming" side if the InterceptableSwitch was used or if the link failed to decrypt the onion. In this case, we are cautious and replace the SCID if an alias exists.
2022-04-04 22:44:51 +02:00
// failCb is used to cut down on the argument verbosity.
multi: rename ChannelUpdate to ChannelUpdate1 In preparation for adding a new ChannelUpdate2 message and a ChannelUpdate interface, we rename the existing message to ChannelUpdate1.
2024-08-21 08:39:37 +02:00
type failCb func(update *lnwire.ChannelUpdate1) lnwire.FailureMessage
server+htlcswitch: prevent privacy leaks, allow alias routing This intent of this change is to prevent privacy leaks when routing with aliases and also to allow routing when using an alias. The aliases are our aliases. Introduces are two maps: * aliasToReal: This is an N->1 mapping for a channel. The keys are the set of aliases and the value is the confirmed, on-chain SCID. * baseIndex: This is also an N->1 mapping for a channel. The keys are the set of aliases and the value is the "base" SCID (whatever is in the OpenChannel.ShortChannelID field). There is also a base->base mapping, so not all keys are aliases. The above maps are populated when a link is added to the switch and when the channel has confirmed on-chain. The maps are not removed from if the link is removed, but this is fine since forwarding won't occur. * getLinkByMapping This function is introduced to adhere to the spec requirements that using the confirmed SCID of a private, scid-alias-feature-bit channel does not work. Lnd implements a stricter version of the spec and disallows this behavior if the feature-bit was negotiated, rather than just the channel type. The old, privacy-leak behavior is preserved. The spec also requires that if we must fail back an HTLC, the ChannelUpdate must use the SCID of whatever was in the onion, to avoid a privacy leak. This is also done by passing in the relevant SCID to the mailbox and link. Lnd will also cancel back on the "incoming" side if the InterceptableSwitch was used or if the link failed to decrypt the onion. In this case, we are cautious and replace the SCID if an alias exists.
2022-04-04 22:44:51 +02:00
// createFailureWithUpdate creates a ChannelUpdate when failing an incoming or
// outgoing HTLC. It may return a FailureMessage that references a channel's
// alias. If the channel does not have an alias, then the regular channel
// update from disk will be returned.
func (l *channelLink) createFailureWithUpdate(incoming bool,
outgoingScid lnwire.ShortChannelID, cb failCb) lnwire.FailureMessage {
// Determine which SCID to use in case we need to use aliases in the
// ChannelUpdate.
scid := outgoingScid
if incoming {
scid = l.ShortChanID()
}
// Try using the FailAliasUpdate function. If it returns nil, fallback
// to the non-alias behavior.
update := l.cfg.FailAliasUpdate(scid, incoming)
if update == nil {
// Fallback to the non-alias behavior.
var err error
update, err = l.cfg.FetchLastChannelUpdate(l.ShortChanID())
if err != nil {
return &lnwire.FailTemporaryNodeFailure{}
}
htlcswitch: extract failure message creation
2019-09-27 16:01:18 +02:00
}
return cb(update)
}
htlcswitch: move channel re-sync into distinct function
2018-01-17 05:15:51 +01:00
// syncChanState attempts to synchronize channel states with the remote party.
// This method is to be called upon reconnection after the initial funding
// flow. We'll compare out commitment chains with the remote party, and re-send
// either a danging commit signature, a revocation, or both.
func (l *channelLink) syncChanStates() error {
multi: enhance logging around channel reestablishment
2023-11-22 16:12:49 +01:00
chanState := l.channel.State()
l.log.Infof("Attempting to re-synchronize channel: %v", chanState)
htlcswitch: move channel re-sync into distinct function
2018-01-17 05:15:51 +01:00
// First, we'll generate our ChanSync message to send to the other
// side. Based on this message, the remote party will decide if they
// need to retransmit any data or not.
channeldb+lnwallet: don't pass isRestoredChan to ChanSyncMsg Since we have access to the internal state of the channel, we can instead get it directly instead of passing it in as a parameter.
2019-09-11 11:15:57 +02:00
localChanSyncMsg, err := chanState.ChanSyncMsg()
htlcswitch: move channel re-sync into distinct function
2018-01-17 05:15:51 +01:00
if err != nil {
return fmt.Errorf("unable to generate chan sync message for "+
"ChannelPoint(%v)", l.channel.ChannelPoint())
}
htlcswitch: synchronously send the chan sync message to the remote peer In this commit, we modify the starting link logic to always send the chan sync message to the remote peer in a synchronous manner. Otherwise, it's possible that we fail very quickly below this block, and don't ever send the message to the remote peer.
2019-04-10 04:48:34 +02:00
if err := l.cfg.Peer.SendMessage(true, localChanSyncMsg); err != nil {
misc: fix error formatting in multiple files
2020-04-14 19:56:05 +02:00
return fmt.Errorf("unable to send chan sync message for "+
htlcswitch: add causing error to log and err msg
2020-03-05 15:57:28 +01:00
"ChannelPoint(%v): %v", l.channel.ChannelPoint(), err)
htlcswitch: move channel re-sync into distinct function
2018-01-17 05:15:51 +01:00
}
var msgsToReSend []lnwire.Message
htlcswitch/link: remove channel reestablish deadline Now that the link will remain ineligible until it receives channel_reestablish from the remote peer, we can remove the channel reestablish timeout entirely.
2019-09-19 21:47:08 +02:00
// Next, we'll wait indefinitely to receive the ChanSync message. The
// first message sent MUST be the ChanSync message.
htlcswitch: move channel re-sync into distinct function
2018-01-17 05:15:51 +01:00
select {
case msg := <-l.upstream:
multi: add more trace logs regarding link activate flow
2023-03-20 09:35:09 +01:00
l.log.Tracef("Received msg=%v from peer(%x)", msg.MsgType(),
l.cfg.Peer.PubKey())
htlcswitch: move channel re-sync into distinct function
2018-01-17 05:15:51 +01:00
remoteChanSyncMsg, ok := msg.(*lnwire.ChannelReestablish)
if !ok {
return fmt.Errorf("first message sent to sync "+
"should be ChannelReestablish, instead "+
"received: %T", msg)
}
// If the remote party indicates that they think we haven't
// done any state updates yet, then we'll retransmit the
multi: update "funding locked" comments Replace a few un-caught instances of "funding locked" in some comments with "channel_ready"
2023-04-27 20:02:34 +02:00
// channel_ready message first. We do this, as at this point
htlcswitch: move channel re-sync into distinct function
2018-01-17 05:15:51 +01:00
// we can't be sure if they've really received the
multi: replace `FundingLocked` related docs This commit replaces `FundingLocked` found in docs using the following command, ```shell find . -name "*.go" -exec sed -i '' 's/FundingLocked/ChannelReady/g' {} \; find . -name "*.go" -exec sed -i '' 's/FundingLock/ChannelReady/g' {} \; ```
2023-03-15 22:45:14 +01:00
// ChannelReady message.
htlcswitch: move channel re-sync into distinct function
2018-01-17 05:15:51 +01:00
if remoteChanSyncMsg.NextLocalCommitHeight == 1 &&
localChanSyncMsg.NextLocalCommitHeight == 1 &&
!l.channel.IsPending() {
multi: replace `FundingLocked` and `funding_locked` strings This commit is created by running the following commands, ```shell find . -name "*.go" -exec sed -i '' 's/\"FundingLocked/\"ChannelReady/g' {} \; find . -name "*.go" -exec sed -i '' 's/FundingLocked\"/ChannelReady\"/g' {} \; find . -name "*.go" -exec sed -i '' 's/\ funding_locked/\ channel_ready/g' {} \; ```
2023-03-15 22:36:58 +01:00
l.log.Infof("resending ChannelReady message to peer")
htlcswitch: move channel re-sync into distinct function
2018-01-17 05:15:51 +01:00
nextRevocation, err := l.channel.NextRevocationKey()
if err != nil {
return fmt.Errorf("unable to create next "+
"revocation: %v", err)
}
multi: rename `fundingLockedMsg` to `channelReadyMsg` This commit is created by running, ```shell gofmt -d -w -r 'fundingLockedMsg -> channelReadyMsg' . ```
2023-03-15 22:00:17 +01:00
channelReadyMsg := lnwire.NewChannelReady(
htlcswitch: move channel re-sync into distinct function
2018-01-17 05:15:51 +01:00
l.ChanID(), nextRevocation,
)
server+htlcswitch: prevent privacy leaks, allow alias routing This intent of this change is to prevent privacy leaks when routing with aliases and also to allow routing when using an alias. The aliases are our aliases. Introduces are two maps: * aliasToReal: This is an N->1 mapping for a channel. The keys are the set of aliases and the value is the confirmed, on-chain SCID. * baseIndex: This is also an N->1 mapping for a channel. The keys are the set of aliases and the value is the "base" SCID (whatever is in the OpenChannel.ShortChannelID field). There is also a base->base mapping, so not all keys are aliases. The above maps are populated when a link is added to the switch and when the channel has confirmed on-chain. The maps are not removed from if the link is removed, but this is fine since forwarding won't occur. * getLinkByMapping This function is introduced to adhere to the spec requirements that using the confirmed SCID of a private, scid-alias-feature-bit channel does not work. Lnd implements a stricter version of the spec and disallows this behavior if the feature-bit was negotiated, rather than just the channel type. The old, privacy-leak behavior is preserved. The spec also requires that if we must fail back an HTLC, the ChannelUpdate must use the SCID of whatever was in the onion, to avoid a privacy leak. This is also done by passing in the relevant SCID to the mailbox and link. Lnd will also cancel back on the "incoming" side if the InterceptableSwitch was used or if the link failed to decrypt the onion. In this case, we are cautious and replace the SCID if an alias exists.
2022-04-04 22:44:51 +02:00
lnwallet: handle nonce init in ProcessChanSyncMsg In this commit, we update the logic to handle nonce init in ProcessChanSyncMsg. Once a channel is already open, this is where we'll get the new nonce data from the remote party we'll use to gain the nonce we need to sign for their next state.
2023-07-12 04:04:31 +02:00
// If this is a taproot channel, then we'll send the
// very same nonce that we sent above, as they should
// take the latest verification nonce we send.
if chanState.ChanType.IsTaproot() {
funding+peer: add support for new musig2 channel funding flow In this commit, we add support for the new musig2 channel funding flow. This flow is identical to the existing flow, but not both sides need to exchange local nonces up front, and then signatures sent are now partial signatures instead of regular signatures. The funding manager also gains some new state of the local nonces it needs to generate in order to send the funding locked message, and also process the funding locked message from the remote party. In order to allow the funding manger to generate the nonces that need to be applied to each channel, then AddNewChannel method has been modified to accept a set of options that the peer will then use to bind the nonces to a new channel.
2023-01-20 05:26:05 +01:00
//nolint:lll
channelReadyMsg.NextLocalNonce = localChanSyncMsg.LocalNonce
lnwallet: handle nonce init in ProcessChanSyncMsg In this commit, we update the logic to handle nonce init in ProcessChanSyncMsg. Once a channel is already open, this is where we'll get the new nonce data from the remote party we'll use to gain the nonce we need to sign for their next state.
2023-07-12 04:04:31 +02:00
}
server+htlcswitch: prevent privacy leaks, allow alias routing This intent of this change is to prevent privacy leaks when routing with aliases and also to allow routing when using an alias. The aliases are our aliases. Introduces are two maps: * aliasToReal: This is an N->1 mapping for a channel. The keys are the set of aliases and the value is the confirmed, on-chain SCID. * baseIndex: This is also an N->1 mapping for a channel. The keys are the set of aliases and the value is the "base" SCID (whatever is in the OpenChannel.ShortChannelID field). There is also a base->base mapping, so not all keys are aliases. The above maps are populated when a link is added to the switch and when the channel has confirmed on-chain. The maps are not removed from if the link is removed, but this is fine since forwarding won't occur. * getLinkByMapping This function is introduced to adhere to the spec requirements that using the confirmed SCID of a private, scid-alias-feature-bit channel does not work. Lnd implements a stricter version of the spec and disallows this behavior if the feature-bit was negotiated, rather than just the channel type. The old, privacy-leak behavior is preserved. The spec also requires that if we must fail back an HTLC, the ChannelUpdate must use the SCID of whatever was in the onion, to avoid a privacy leak. This is also done by passing in the relevant SCID to the mailbox and link. Lnd will also cancel back on the "incoming" side if the InterceptableSwitch was used or if the link failed to decrypt the onion. In this case, we are cautious and replace the SCID if an alias exists.
2022-04-04 22:44:51 +02:00
// For channels that negotiated the option-scid-alias
// feature bit, ensure that we send over the alias in
multi: replace `FundingLocked` and `funding_locked` strings This commit is created by running the following commands, ```shell find . -name "*.go" -exec sed -i '' 's/\"FundingLocked/\"ChannelReady/g' {} \; find . -name "*.go" -exec sed -i '' 's/FundingLocked\"/ChannelReady\"/g' {} \; find . -name "*.go" -exec sed -i '' 's/\ funding_locked/\ channel_ready/g' {} \; ```
2023-03-15 22:36:58 +01:00
// the channel_ready message. We'll send the first
server+htlcswitch: prevent privacy leaks, allow alias routing This intent of this change is to prevent privacy leaks when routing with aliases and also to allow routing when using an alias. The aliases are our aliases. Introduces are two maps: * aliasToReal: This is an N->1 mapping for a channel. The keys are the set of aliases and the value is the confirmed, on-chain SCID. * baseIndex: This is also an N->1 mapping for a channel. The keys are the set of aliases and the value is the "base" SCID (whatever is in the OpenChannel.ShortChannelID field). There is also a base->base mapping, so not all keys are aliases. The above maps are populated when a link is added to the switch and when the channel has confirmed on-chain. The maps are not removed from if the link is removed, but this is fine since forwarding won't occur. * getLinkByMapping This function is introduced to adhere to the spec requirements that using the confirmed SCID of a private, scid-alias-feature-bit channel does not work. Lnd implements a stricter version of the spec and disallows this behavior if the feature-bit was negotiated, rather than just the channel type. The old, privacy-leak behavior is preserved. The spec also requires that if we must fail back an HTLC, the ChannelUpdate must use the SCID of whatever was in the onion, to avoid a privacy leak. This is also done by passing in the relevant SCID to the mailbox and link. Lnd will also cancel back on the "incoming" side if the InterceptableSwitch was used or if the link failed to decrypt the onion. In this case, we are cautious and replace the SCID if an alias exists.
2022-04-04 22:44:51 +02:00
// alias we find for the channel since it does not
// matter which alias we send. We'll error out if no
// aliases are found.
if l.negotiatedAliasFeature() {
aliases := l.getAliases()
if len(aliases) == 0 {
// This shouldn't happen since we
// always add at least one alias before
// the channel reaches the link.
return fmt.Errorf("no aliases found")
}
// getAliases returns a copy of the alias slice
// so it is ok to use a pointer to the first
// entry.
multi: rename `fundingLockedMsg` to `channelReadyMsg` This commit is created by running, ```shell gofmt -d -w -r 'fundingLockedMsg -> channelReadyMsg' . ```
2023-03-15 22:00:17 +01:00
channelReadyMsg.AliasScid = &aliases[0]
server+htlcswitch: prevent privacy leaks, allow alias routing This intent of this change is to prevent privacy leaks when routing with aliases and also to allow routing when using an alias. The aliases are our aliases. Introduces are two maps: * aliasToReal: This is an N->1 mapping for a channel. The keys are the set of aliases and the value is the confirmed, on-chain SCID. * baseIndex: This is also an N->1 mapping for a channel. The keys are the set of aliases and the value is the "base" SCID (whatever is in the OpenChannel.ShortChannelID field). There is also a base->base mapping, so not all keys are aliases. The above maps are populated when a link is added to the switch and when the channel has confirmed on-chain. The maps are not removed from if the link is removed, but this is fine since forwarding won't occur. * getLinkByMapping This function is introduced to adhere to the spec requirements that using the confirmed SCID of a private, scid-alias-feature-bit channel does not work. Lnd implements a stricter version of the spec and disallows this behavior if the feature-bit was negotiated, rather than just the channel type. The old, privacy-leak behavior is preserved. The spec also requires that if we must fail back an HTLC, the ChannelUpdate must use the SCID of whatever was in the onion, to avoid a privacy leak. This is also done by passing in the relevant SCID to the mailbox and link. Lnd will also cancel back on the "incoming" side if the InterceptableSwitch was used or if the link failed to decrypt the onion. In this case, we are cautious and replace the SCID if an alias exists.
2022-04-04 22:44:51 +02:00
}
multi: rename `fundingLockedMsg` to `channelReadyMsg` This commit is created by running, ```shell gofmt -d -w -r 'fundingLockedMsg -> channelReadyMsg' . ```
2023-03-15 22:00:17 +01:00
err = l.cfg.Peer.SendMessage(false, channelReadyMsg)
htlcswitch: move channel re-sync into distinct function
2018-01-17 05:15:51 +01:00
if err != nil {
return fmt.Errorf("unable to re-send "+
multi: replace `FundingLocked` and `funding_locked` strings This commit is created by running the following commands, ```shell find . -name "*.go" -exec sed -i '' 's/\"FundingLocked/\"ChannelReady/g' {} \; find . -name "*.go" -exec sed -i '' 's/FundingLocked\"/ChannelReady\"/g' {} \; find . -name "*.go" -exec sed -i '' 's/\ funding_locked/\ channel_ready/g' {} \; ```
2023-03-15 22:36:58 +01:00
"ChannelReady: %v", err)
htlcswitch: move channel re-sync into distinct function
2018-01-17 05:15:51 +01:00
}
}
// In any case, we'll then process their ChanSync message.
htlcswitch: log in lower case
2019-10-02 15:53:29 +02:00
l.log.Info("received re-establishment message from remote side")
htlcswitch: move channel re-sync into distinct function
2018-01-17 05:15:51 +01:00
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
var (
openedCircuits []CircuitKey
closedCircuits []CircuitKey
)
htlcswitch: add additional comments and logging
2018-03-13 02:52:52 +01:00
// We've just received a ChanSync message from the remote
// party, so we'll process the message in order to determine
// if we need to re-transmit any messages to the remote party.
multi: link quit can interrupt commitment signing In this commit, we make sig job handling when singing a next commitment non-blocking by allowing the shutdown of a channel link to prevent further waiting on sig jobs by the channel state machine. This addresses possible cases where the aux signer may be shut down via a separate quit signal, so the state machine could block indefinitely on receiving an update on a sig job.
2024-10-17 13:38:34 +02:00
ctx, cancel := l.WithCtxQuitNoTimeout()
defer cancel()
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
msgsToReSend, openedCircuits, closedCircuits, err =
multi: link quit can interrupt commitment signing In this commit, we make sig job handling when singing a next commitment non-blocking by allowing the shutdown of a channel link to prevent further waiting on sig jobs by the channel state machine. This addresses possible cases where the aux signer may be shut down via a separate quit signal, so the state machine could block indefinitely on receiving an update on a sig job.
2024-10-17 13:38:34 +02:00
l.channel.ProcessChanSyncMsg(ctx, remoteChanSyncMsg)
htlcswitch: move channel re-sync into distinct function
2018-01-17 05:15:51 +01:00
if err != nil {
htlcswitch/link: inspect sync errors, force close channel This commit makes the link inspect the error encountered during channel sync, force closing the channel if we detect a remote data loss.
2018-07-12 11:02:54 +02:00
return err
htlcswitch: move channel re-sync into distinct function
2018-01-17 05:15:51 +01:00
}
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
// Repopulate any identifiers for circuits that may have been
htlcswitch: add additional comments and logging
2018-03-13 02:52:52 +01:00
// opened or unclosed. This may happen if we needed to
// retransmit a commitment signature message.
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
l.openedCircuits = openedCircuits
l.closedCircuits = closedCircuits
// Ensure that all packets have been have been removed from the
// link's mailbox.
htlcswitch/link: remove circuit deletion forgiveness This commit removes the concept of "circuit deletion forgivness" from the link. This was originally implemented due to the strict semantics of the original DeleteCircuit implementation, which would fail if we tried to delete unknown circuits. Forgivness is used on startup to ignore this error in case the circuits had already been deleted before shutting down. Now that the circuit deletion has been relaxed, this behavior is no longer necessary, as requests to delete unknown (or previously deleted) circuits will be ignored. This is necessary for future changes regarding switch cleanup, which may attempt to cleanup already deleted circuits.
2018-08-19 04:35:20 +02:00
if err := l.ackDownStreamPackets(); err != nil {
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
return err
}
htlcswitch: move channel re-sync into distinct function
2018-01-17 05:15:51 +01:00
if len(msgsToReSend) > 0 {
htlcswitch: log in lower case
2019-10-02 15:53:29 +02:00
l.log.Infof("sending %v updates to synchronize the "+
htlcswitch: use prefix logger for remaining log statements in link
2019-10-01 11:16:24 +02:00
"state", len(msgsToReSend))
htlcswitch: move channel re-sync into distinct function
2018-01-17 05:15:51 +01:00
}
// If we have any messages to retransmit, we'll do so
// immediately so we return to a synchronized state as soon as
// possible.
for _, msg := range msgsToReSend {
htlcswitch/link: upgrade to use lnpeer.Peer.SendMessage
2018-06-08 05:17:15 +02:00
l.cfg.Peer.SendMessage(false, msg)
htlcswitch: move channel re-sync into distinct function
2018-01-17 05:15:51 +01:00
}
multi: link quit can interrupt commitment signing In this commit, we make sig job handling when singing a next commitment non-blocking by allowing the shutdown of a channel link to prevent further waiting on sig jobs by the channel state machine. This addresses possible cases where the aux signer may be shut down via a separate quit signal, so the state machine could block indefinitely on receiving an update on a sig job.
2024-10-17 13:38:34 +02:00
case <-l.Quit:
htlcswitch/link: fix UpdateShortChanID
2018-05-02 01:29:47 +02:00
return ErrLinkShuttingDown
htlcswitch: move channel re-sync into distinct function
2018-01-17 05:15:51 +01:00
}
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
return nil
}
htlcswitch: move channel re-sync into distinct function
2018-01-17 05:15:51 +01:00
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
// resolveFwdPkgs loads any forwarding packages for this link from disk, and
htlcswitch: add additional comments and logging
2018-03-13 02:52:52 +01:00
// reprocesses them in order. The primary goal is to make sure that any HTLCs
// we previously received are reinstated in memory, and forwarded to the switch
// if necessary. After a restart, this will also delete any previously
// completed packages.
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
func (l *channelLink) resolveFwdPkgs() error {
fwdPkgs, err := l.channel.LoadFwdPkgs()
if err != nil {
return err
htlcswitch: move channel re-sync into distinct function
2018-01-17 05:15:51 +01:00
}
htlcswitch: use prefix logger in link
2019-10-01 11:06:56 +02:00
l.log.Debugf("loaded %d fwd pks", len(fwdPkgs))
htlcswitch: upon restart, examine all active HTLC's, settle those that we can In this commit, we address a lingering TODO: before this if we had a set of HTLC’s that we knew the pre-image to on our commitment transaction after a restart, then we wouldn’t attempt to settle them. With this new change, we’ll check that we didn’t already retransmit the settles for them, and check the preimage cache to see if we already know the preimage. If we do, then we’ll immediately settle them.
2018-01-17 05:18:35 +01:00
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
for _, fwdPkg := range fwdPkgs {
htlcswitch+lnwallet: replace updateNeeded by check on channel itself Instead of tracking local updates in a separate link variable, query this state from the channel itself. This commit also fixes the issue where the commit tx was not updated anymore after a failed first attempt because the revocation window was closed. Also those pending updates will be taken into account when the remote party revokes.
2019-04-10 13:10:25 +02:00
if err := l.resolveFwdPkg(fwdPkg); err != nil {
htlcswitch: upon restart, examine all active HTLC's, settle those that we can In this commit, we address a lingering TODO: before this if we had a set of HTLC’s that we knew the pre-image to on our commitment transaction after a restart, then we wouldn’t attempt to settle them. With this new change, we’ll check that we didn’t already retransmit the settles for them, and check the preimage cache to see if we already know the preimage. If we do, then we’ll immediately settle them.
2018-01-17 05:18:35 +01:00
return err
}
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
}
// If any of our reprocessing steps require an update to the commitment
// txn, we initiate a state transition to capture all relevant changes.
lnwallet+htlcswitch: define expanded NumPendingUpdates This commit squashes the below operations for a net result where we have an expanded capability of assessing pending updates. This is made possible by packing the components into Duals in the prior commits. We squash the operations to simplify review. htlcswitch+lnwallet: rename PendingLocalUpdateCount lnwallet: complete pending update queries API for LightningChannel lnwallet+htlcswitch: consolidate NumPendingUpdates using ChannelParty This commit makes the observation that we can cleanly define the NumPendingUpdates function using a single expression by taking advantage of the relevant fields being properly packed into Duals.
2023-12-12 04:18:57 +01:00
if l.channel.NumPendingUpdates(lntypes.Local, lntypes.Remote) > 0 {
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
return l.updateCommitTx()
}
return nil
}
// resolveFwdPkg interprets the FwdState of the provided package, either
// reprocesses any outstanding htlcs in the package, or performs garbage
// collection on the package.
htlcswitch+lnwallet: replace updateNeeded by check on channel itself Instead of tracking local updates in a separate link variable, query this state from the channel itself. This commit also fixes the issue where the commit tx was not updated anymore after a failed first attempt because the revocation window was closed. Also those pending updates will be taken into account when the remote party revokes.
2019-04-10 13:10:25 +02:00
func (l *channelLink) resolveFwdPkg(fwdPkg *channeldb.FwdPkg) error {
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
// Remove any completed packages to clear up space.
if fwdPkg.State == channeldb.FwdStateCompleted {
htlcswitch: use prefix logger in link
2019-10-01 11:06:56 +02:00
l.log.Debugf("removing completed fwd pkg for height=%d",
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
fwdPkg.Height)
htlcswitch+channeldb: single tx for removing fwdpkgs This commit changes RemoveFwdPkg to RemoveFwdPkgs so that a single tx is used instead of N where N is the number of fwd pkgs to remove.
2020-08-19 16:52:44 +02:00
err := l.channel.RemoveFwdPkgs(fwdPkg.Height)
htlcswitch: upon restart, examine all active HTLC's, settle those that we can In this commit, we address a lingering TODO: before this if we had a set of HTLC’s that we knew the pre-image to on our commitment transaction after a restart, then we wouldn’t attempt to settle them. With this new change, we’ll check that we didn’t already retransmit the settles for them, and check the preimage cache to see if we already know the preimage. If we do, then we’ll immediately settle them.
2018-01-17 05:18:35 +01:00
if err != nil {
htlcswitch: use prefix logger in link
2019-10-01 11:06:56 +02:00
l.log.Errorf("unable to remove fwd pkg for height=%d: "+
"%v", fwdPkg.Height, err)
htlcswitch+lnwallet: replace updateNeeded by check on channel itself Instead of tracking local updates in a separate link variable, query this state from the channel itself. This commit also fixes the issue where the commit tx was not updated anymore after a failed first attempt because the revocation window was closed. Also those pending updates will be taken into account when the remote party revokes.
2019-04-10 13:10:25 +02:00
return err
htlcswitch: upon restart, examine all active HTLC's, settle those that we can In this commit, we address a lingering TODO: before this if we had a set of HTLC’s that we knew the pre-image to on our commitment transaction after a restart, then we wouldn’t attempt to settle them. With this new change, we’ll check that we didn’t already retransmit the settles for them, and check the preimage cache to see if we already know the preimage. If we do, then we’ll immediately settle them.
2018-01-17 05:18:35 +01:00
}
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
}
htlcswitch: upon restart, examine all active HTLC's, settle those that we can In this commit, we address a lingering TODO: before this if we had a set of HTLC’s that we knew the pre-image to on our commitment transaction after a restart, then we wouldn’t attempt to settle them. With this new change, we’ll check that we didn’t already retransmit the settles for them, and check the preimage cache to see if we already know the preimage. If we do, then we’ll immediately settle them.
2018-01-17 05:18:35 +01:00
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
// Otherwise this is either a new package or one has gone through
htlcswitch: add additional comments and logging
2018-03-13 02:52:52 +01:00
// processing, but contains htlcs that need to be restored in memory.
// We replay this forwarding package to make sure our local mem state
// is resurrected, we mimic any original responses back to the remote
// party, and re-forward the relevant HTLCs to the switch.
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
// If the package is fully acked but not completed, it must still have
// settles and fails to propagate.
if !fwdPkg.SettleFailFilter.IsFull() {
htlcswitch: remove PaymentDescriptor from processRemoteSettleFails call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:28:44 +02:00
l.processRemoteSettleFails(fwdPkg)
htlcswitch: upon restart, examine all active HTLC's, settle those that we can In this commit, we address a lingering TODO: before this if we had a set of HTLC’s that we knew the pre-image to on our commitment transaction after a restart, then we wouldn’t attempt to settle them. With this new change, we’ll check that we didn’t already retransmit the settles for them, and check the preimage cache to see if we already know the preimage. If we do, then we’ll immediately settle them.
2018-01-17 05:18:35 +01:00
}
htlcswitch: add additional comments and logging
2018-03-13 02:52:52 +01:00
// Finally, replay *ALL ADDS* in this forwarding package. The
// downstream logic is able to filter out any duplicates, but we must
// shove the entire, original set of adds down the pipeline so that the
// batch of adds presented to the sphinx router does not ever change.
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
if !fwdPkg.AckFilter.IsFull() {
htlcswitch: remove PaymentDescriptor from processRemoteAdds call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:19:36 +02:00
l.processRemoteAdds(fwdPkg)
htlcswitch/link: add failed variable to ensure exit
2018-05-23 15:14:46 +02:00
// If the link failed during processing the adds, we must
// return to ensure we won't attempted to update the state
// further.
if l.failed {
htlcswitch+lnwallet: replace updateNeeded by check on channel itself Instead of tracking local updates in a separate link variable, query this state from the channel itself. This commit also fixes the issue where the commit tx was not updated anymore after a failed first attempt because the revocation window was closed. Also those pending updates will be taken into account when the remote party revokes.
2019-04-10 13:10:25 +02:00
return fmt.Errorf("link failed while " +
htlcswitch/link: add failed variable to ensure exit
2018-05-23 15:14:46 +02:00
"processing remote adds")
}
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
}
htlcswitch+lnwallet: replace updateNeeded by check on channel itself Instead of tracking local updates in a separate link variable, query this state from the channel itself. This commit also fixes the issue where the commit tx was not updated anymore after a failed first attempt because the revocation window was closed. Also those pending updates will be taken into account when the remote party revokes.
2019-04-10 13:10:25 +02:00
return nil
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
}
// fwdPkgGarbager periodically reads all forwarding packages from disk and
// removes those that can be discarded. It is safe to do this entirely in the
// background, since all state is coordinated on disk. This also ensures the
// link can continue to process messages and interleave database accesses.
//
// NOTE: This MUST be run as a goroutine.
func (l *channelLink) fwdPkgGarbager() {
multi: link quit can interrupt commitment signing In this commit, we make sig job handling when singing a next commitment non-blocking by allowing the shutdown of a channel link to prevent further waiting on sig jobs by the channel state machine. This addresses possible cases where the aux signer may be shut down via a separate quit signal, so the state machine could block indefinitely on receiving an update on a sig job.
2024-10-17 13:38:34 +02:00
defer l.Wg.Done()
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
htlcswitch/link: replace batch ticker with... resumable ticker.Ticker interface
2018-08-01 21:42:38 +02:00
l.cfg.FwdPkgGCTicker.Resume()
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
defer l.cfg.FwdPkgGCTicker.Stop()
htlcswitch+peer: remove fwd pkgs once before tick, bump timer to 1hr This commit changes the logic when garbage collecting forwarding packages such that they are removed once when the function is called, and then again upon subsequent ticks. This allows us to bump the peer timer to 1 hour to limit the number of db transactions happening in lnd. The forwarding packages need to be removed initially as otherwise a flappy node will never have them garbage collected.
2020-08-19 17:09:48 +02:00
if err := l.loadAndRemove(); err != nil {
l.log.Warnf("unable to run initial fwd pkgs gc: %v", err)
}
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
for {
select {
htlcswitch/link: replace batch ticker with... resumable ticker.Ticker interface
2018-08-01 21:42:38 +02:00
case <-l.cfg.FwdPkgGCTicker.Ticks():
htlcswitch+peer: remove fwd pkgs once before tick, bump timer to 1hr This commit changes the logic when garbage collecting forwarding packages such that they are removed once when the function is called, and then again upon subsequent ticks. This allows us to bump the peer timer to 1 hour to limit the number of db transactions happening in lnd. The forwarding packages need to be removed initially as otherwise a flappy node will never have them garbage collected.
2020-08-19 17:09:48 +02:00
if err := l.loadAndRemove(); err != nil {
l.log.Warnf("unable to remove fwd pkgs: %v",
htlcswitch: use prefix logger in link
2019-10-01 11:06:56 +02:00
err)
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
continue
}
multi: link quit can interrupt commitment signing In this commit, we make sig job handling when singing a next commitment non-blocking by allowing the shutdown of a channel link to prevent further waiting on sig jobs by the channel state machine. This addresses possible cases where the aux signer may be shut down via a separate quit signal, so the state machine could block indefinitely on receiving an update on a sig job.
2024-10-17 13:38:34 +02:00
case <-l.Quit:
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
return
}
}
htlcswitch: upon restart, examine all active HTLC's, settle those that we can In this commit, we address a lingering TODO: before this if we had a set of HTLC’s that we knew the pre-image to on our commitment transaction after a restart, then we wouldn’t attempt to settle them. With this new change, we’ll check that we didn’t already retransmit the settles for them, and check the preimage cache to see if we already know the preimage. If we do, then we’ll immediately settle them.
2018-01-17 05:18:35 +01:00
}
htlcswitch+peer: remove fwd pkgs once before tick, bump timer to 1hr This commit changes the logic when garbage collecting forwarding packages such that they are removed once when the function is called, and then again upon subsequent ticks. This allows us to bump the peer timer to 1 hour to limit the number of db transactions happening in lnd. The forwarding packages need to be removed initially as otherwise a flappy node will never have them garbage collected.
2020-08-19 17:09:48 +02:00
// loadAndRemove loads all the channels forwarding packages and determines if
// they can be removed. It is called once before the FwdPkgGCTicker ticks so that
// a longer tick interval can be used.
func (l *channelLink) loadAndRemove() error {
fwdPkgs, err := l.channel.LoadFwdPkgs()
if err != nil {
return err
}
var removeHeights []uint64
for _, fwdPkg := range fwdPkgs {
if fwdPkg.State != channeldb.FwdStateCompleted {
continue
}
removeHeights = append(removeHeights, fwdPkg.Height)
}
// If removeHeights is empty, return early so we don't use a db
// transaction.
if len(removeHeights) == 0 {
return nil
}
return l.channel.RemoveFwdPkgs(removeHeights...)
}
htlcswitch: extract error handling for syncChanStates
2024-04-06 01:48:27 +02:00
// handleChanSyncErr performs the error handling logic in the case where we
// could not successfully syncChanStates with our channel peer.
func (l *channelLink) handleChanSyncErr(err error) {
l.log.Warnf("error when syncing channel states: %v", err)
var errDataLoss *lnwallet.ErrCommitSyncLocalDataLoss
switch {
case errors.Is(err, ErrLinkShuttingDown):
l.log.Debugf("unable to sync channel states, link is " +
"shutting down")
return
// We failed syncing the commit chains, probably because the remote has
// lost state. We should force close the channel.
case errors.Is(err, lnwallet.ErrCommitSyncRemoteDataLoss):
fallthrough
// The remote sent us an invalid last commit secret, we should force
// close the channel.
// TODO(halseth): and permanently ban the peer?
case errors.Is(err, lnwallet.ErrInvalidLastCommitSecret):
fallthrough
// The remote sent us a commit point different from what they sent us
// before.
// TODO(halseth): ban peer?
case errors.Is(err, lnwallet.ErrInvalidLocalUnrevokedCommitPoint):
// We'll fail the link and tell the peer to force close the
// channel. Note that the database state is not updated here,
// but will be updated when the close transaction is ready to
// avoid that we go down before storing the transaction in the
// db.
l.failf(
LinkFailureError{
code: ErrSyncError,
FailureAction: LinkFailureForceClose,
},
"unable to synchronize channel states: %v", err,
)
// We have lost state and cannot safely force close the channel. Fail
// the channel and wait for the remote to hopefully force close it. The
// remote has sent us its latest unrevoked commitment point, and we'll
// store it in the database, such that we can attempt to recover the
// funds if the remote force closes the channel.
case errors.As(err, &errDataLoss):
err := l.channel.MarkDataLoss(
errDataLoss.CommitPoint,
)
if err != nil {
l.log.Errorf("unable to mark channel data loss: %v",
err)
}
// We determined the commit chains were not possible to sync. We
// cautiously fail the channel, but don't force close.
// TODO(halseth): can we safely force close in any cases where this
// error is returned?
case errors.Is(err, lnwallet.ErrCannotSyncCommitChains):
if err := l.channel.MarkBorked(); err != nil {
l.log.Errorf("unable to mark channel borked: %v", err)
}
// Other, unspecified error.
default:
}
l.failf(
LinkFailureError{
code: ErrRecoveryError,
FailureAction: LinkFailureForceNone,
},
"unable to synchronize channel states: %v", err,
)
}
htlcswitch: implement full HTLC onion payload validation logic This commit puts a missing piece in place by properly parsing and validating the per hop payload received in incoming HTLC’s. When forwarding HTLC’s we ensure that the payload recovered is consistent with our current forwarding policy. Additionally, when we’re the “exit node” for a payment, then we ensure that the HTLC extended matches up with our expectation w.r.t the payment amount to be received.
2017-06-16 23:58:02 +02:00
// htlcManager is the primary goroutine which drives a channel's commitment
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
// update state-machine in response to messages received via several channels.
htlcswitch: start using config in channel link Step №3 in making htlcManager (aka channelLink) testable: Apply the channel link config inside the channel link itself.
2017-05-03 23:03:47 +02:00
// This goroutine reads messages from the upstream (remote) peer, and also from
// downstream channel managed by the channel link. In the event that an htlc
// needs to be forwarded, then send-only forward handler is used which sends
multi: typo fixes [skip ci]
2022-04-17 00:53:32 +02:00
// htlc packets to the switch. Additionally, this goroutine handles acting upon
// all timeouts for any active HTLCs, manages the channel's revocation window,
// and also the htlc trickle queue+timer for this active channels.
htlcswitch: re-introduce dynamic commitment log tick timer This commit fixes a slight regression in the logic of the switch by ensuring that the log commitment timer is only start _after_ we receive a new commitment signature. Otherwise, the ticker will keep ticking and possibly settle HTLC’s that’ve yet to be locked in, or waste a signature causing us to be deprived of a revocation which is required for us to initiate a new state transition. Additionally, the commit performs a few minor post-merge clean ups.
2017-06-01 01:43:37 +02:00
//
// NOTE: This MUST be run as a goroutine.
htlcswitch: implement full HTLC onion payload validation logic This commit puts a missing piece in place by properly parsing and validating the per hop payload received in incoming HTLC’s. When forwarding HTLC’s we ensure that the payload recovered is consistent with our current forwarding policy. Additionally, when we’re the “exit node” for a payment, then we ensure that the HTLC extended matches up with our expectation w.r.t the payment amount to be received.
2017-06-16 23:58:02 +02:00
func (l *channelLink) htlcManager() {
htlcswitch: add quit case to initial channel state sync select in channelLink In this commit we add a quit case to the select statement that’s entered once a link is created. Before this commit, upon restart it would be possible that the deamon would never ben able to shutdown as the link would be waiting for the messages to be sent by the other side.
2017-11-11 04:37:47 +01:00
defer func() {
htlcswitch/link: reusable BatchTicker This commit modifies the default BatchTicker implementation such that it will generate a new ticker with each call to Start(). This allows us to create a new ticker after releasing an old one due to the batch being empty.
2018-07-31 07:25:38 +02:00
l.cfg.BatchTicker.Stop()
multi: link quit can interrupt commitment signing In this commit, we make sig job handling when singing a next commitment non-blocking by allowing the shutdown of a channel link to prevent further waiting on sig jobs by the channel state machine. This addresses possible cases where the aux signer may be shut down via a separate quit signal, so the state machine could block indefinitely on receiving an update on a sig job.
2024-10-17 13:38:34 +02:00
l.Wg.Done()
htlcswitch: use prefix logger for remaining log statements in link
2019-10-01 11:16:24 +02:00
l.log.Infof("exited")
htlcswitch: add quit case to initial channel state sync select in channelLink In this commit we add a quit case to the select statement that’s entered once a link is created. Before this commit, upon restart it would be possible that the deamon would never ben able to shutdown as the link would be waiting for the messages to be sent by the other side.
2017-11-11 04:37:47 +01:00
}()
htlcswitch: start using config in channel link Step №3 in making htlcManager (aka channelLink) testable: Apply the channel link config inside the channel link itself.
2017-05-03 23:03:47 +02:00
htlcswitch: use prefix logger for remaining log statements in link
2019-10-01 11:16:24 +02:00
l.log.Infof("HTLC manager started, bandwidth=%v", l.Bandwidth())
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
multi: link notifies subscribers of ActiveLinkEvent, rpc ignores
2020-03-07 04:42:58 +01:00
// Notify any clients that the link is now in the switch via an
htlcswitch+peer: notify inactive link event when `htlcManager` exits
2022-11-23 23:58:33 +01:00
// ActiveLinkEvent. We'll also defer an inactive link notification for
// when the link exits to ensure that every active notification is
// matched by an inactive one.
htlcswitch: prevent ChannelLink from leaking ChannelPoint pointer
2024-01-29 22:55:20 +01:00
l.cfg.NotifyActiveLink(l.ChannelPoint())
defer l.cfg.NotifyInactiveLinkEvent(l.ChannelPoint())
multi: link notifies subscribers of ActiveLinkEvent, rpc ignores
2020-03-07 04:42:58 +01:00
htlcswitch: re-write channel connection re-establishment for correctness In this commit, we’ve re-written the process of syncing the state of channels after we reconnect. This re-write ensure correctness, and also simplified the existing logic which would attempt to launch another goroutine to handle requests from the switch to ensure that it doesn’t block. This is no longer necessary as the AddPacket method that the switch indirectly calls is non-blocking.
2017-11-10 23:57:59 +01:00
// TODO(roasbeef): need to call wipe chan whenever D/C?
// If this isn't the first time that this channel link has been
// created, then we'll need to check to see if we need to
htlcswitch: move channel re-sync into distinct function
2018-01-17 05:15:51 +01:00
// re-synchronize state with the remote peer. settledHtlcs is a map of
// HTLC's that we re-settled as part of the channel state sync.
htlcswitch+channel: add channel states synchronization In this commit BOLT№2 retranmission logic for the channel link have been added. Now if channel link have been initialised with the 'SyncState' field than it will send the lnwire.ChannelReestablish message and will be waiting for receiving the same message from remote side. Exchange of this message allow both sides understand which updates they should exchange with each other in order sync their states.
2017-07-09 01:30:20 +02:00
if l.cfg.SyncStates {
htlcswitch/link: fix UpdateShortChanID
2018-05-02 01:29:47 +02:00
err := l.syncChanStates()
if err != nil {
htlcswitch: extract error handling for syncChanStates
2024-04-06 01:48:27 +02:00
l.handleChanSyncErr(err)
htlcswitch+channel: add channel states synchronization In this commit BOLT№2 retranmission logic for the channel link have been added. Now if channel link have been initialised with the 'SyncState' field than it will send the lnwire.ChannelReestablish message and will be waiting for receiving the same message from remote side. Exchange of this message allow both sides understand which updates they should exchange with each other in order sync their states.
2017-07-09 01:30:20 +02:00
return
}
}
htlcswitch: ability to start link in shutdown mode In this commit, we add the ability to start a link in shutdown mode. This means that we immediately disable any new HTLC adds in the outgoing direction and that we queue up a Shutdown message after the next CommitSig message is sent (or immediately if no CommitSig message is owed).
2024-02-06 15:14:36 +01:00
// If a shutdown message has previously been sent on this link, then we
// need to make sure that we have disabled any HTLC adds on the outgoing
// direction of the link and that we re-resend the same shutdown message
// that we previously sent.
l.cfg.PreviouslySentShutdown.WhenSome(func(shutdown lnwire.Shutdown) {
// Immediately disallow any new outgoing HTLCs.
if !l.DisableAdds(Outgoing) {
l.log.Warnf("Outgoing link adds already disabled")
}
// Re-send the shutdown message the peer. Since syncChanStates
// would have sent any outstanding CommitSig, it is fine for us
// to immediately queue the shutdown message now.
err := l.cfg.Peer.SendMessage(false, &shutdown)
if err != nil {
l.log.Warnf("Error sending shutdown message: %v", err)
}
})
htlcswitch/link: restrict EligibleToForward to wait for reestablish This commit modifies the link's EligibleToForward() method only return true once the peers have successfully exchanged channel reestablish messages. This is a preliminary step to increasing the reestablish timeout, ensuring the switch won't try to forward over links while we're waiting for the remote peer to resume the connection.
2019-09-19 21:46:56 +02:00
// We've successfully reestablished the channel, mark it as such to
// allow the switch to forward HTLCs in the outbound direction.
l.markReestablished()
multi: update "funding locked" comments Replace a few un-caught instances of "funding locked" in some comments with "channel_ready"
2023-04-27 20:02:34 +02:00
// Now that we've received both channel_ready and channel reestablish,
htlcswitch/link: restrict EligibleToForward to wait for reestablish This commit modifies the link's EligibleToForward() method only return true once the peers have successfully exchanged channel reestablish messages. This is a preliminary step to increasing the reestablish timeout, ensuring the switch won't try to forward over links while we're waiting for the remote peer to resume the connection.
2019-09-19 21:46:56 +02:00
// we can go ahead and send the active channel notification. We'll also
// defer the inactive notification for when the link exits to ensure
// that every active notification is matched by an inactive one.
htlcswitch: prevent ChannelLink from leaking ChannelPoint pointer
2024-01-29 22:55:20 +01:00
l.cfg.NotifyActiveChannel(l.ChannelPoint())
defer l.cfg.NotifyInactiveChannel(l.ChannelPoint())
htlcswitch/link: restrict EligibleToForward to wait for reestablish This commit modifies the link's EligibleToForward() method only return true once the peers have successfully exchanged channel reestablish messages. This is a preliminary step to increasing the reestablish timeout, ensuring the switch won't try to forward over links while we're waiting for the remote peer to resume the connection.
2019-09-19 21:46:56 +02:00
htlcswitch: add additional comments and logging
2018-03-13 02:52:52 +01:00
// With the channel states synced, we now reset the mailbox to ensure
// we start processing all unacked packets in order. This is done here
// to ensure that all acknowledgments that occur during channel
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
// resynchronization have taken affect, causing us only to pull unacked
// packets after starting to read from the downstream mailbox.
l.mailBox.ResetPackets()
// After cleaning up any memory pertaining to incoming packets, we now
// replay our forwarding packages to handle any htlcs that can be
htlcswitch/link: only resovle+gc fwdpkgs for live channels
2018-08-22 03:47:52 +02:00
// processed locally, or need to be forwarded out to the switch. We will
// only attempt to resolve packages if our short chan id indicates that
// the channel is not pending, otherwise we should have no htlcs to
// reforward.
htlcswitch/hop: move hop.Exit and hop.Source to hop pkg
2019-08-30 23:11:38 +02:00
if l.ShortChanID() != hop.Source {
htlcswitch: remove synchronous link handoff, special-case keystone err This allows Switch-initiated payments to be failed back if they don't make it into a commitment. Prior to this commit, a Switch-initiated HTLC could get "lost" meaning the circuit wouldn't get deleted except if conditions were "right" and the network result store would never be made aware of the HTLC's fate. Switch-initiated HTLC's are now passed to the link's mailbox to ensure they can be failed back. This change also special-cases the ErrDuplicateKeystone error from OpenCircuits(...) so that callers of updateCommitTx() in the link don't send an Error to the peer if they encounter the keystone error. With the first async change, the keystone error should now always be recoverable.
2022-05-09 20:33:45 +02:00
err := l.resolveFwdPkgs()
switch err {
// No error was encountered, success.
case nil:
// If the duplicate keystone error was encountered, we'll fail
// without sending an Error message to the peer.
case ErrDuplicateKeystone:
multi: update linter, fix new issues
2024-08-20 12:46:24 +02:00
l.failf(LinkFailureError{code: ErrCircuitError},
htlcswitch: remove synchronous link handoff, special-case keystone err This allows Switch-initiated payments to be failed back if they don't make it into a commitment. Prior to this commit, a Switch-initiated HTLC could get "lost" meaning the circuit wouldn't get deleted except if conditions were "right" and the network result store would never be made aware of the HTLC's fate. Switch-initiated HTLC's are now passed to the link's mailbox to ensure they can be failed back. This change also special-cases the ErrDuplicateKeystone error from OpenCircuits(...) so that callers of updateCommitTx() in the link don't send an Error to the peer if they encounter the keystone error. With the first async change, the keystone error should now always be recoverable.
2022-05-09 20:33:45 +02:00
"temporary circuit error: %v", err)
return
// A non-nil error was encountered, send an Error message to
// the peer.
default:
multi: update linter, fix new issues
2024-08-20 12:46:24 +02:00
l.failf(LinkFailureError{code: ErrInternalError},
htlcswitch/link: only resovle+gc fwdpkgs for live channels
2018-08-22 03:47:52 +02:00
"unable to resolve fwd pkgs: %v", err)
return
}
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
htlcswitch/link: only resovle+gc fwdpkgs for live channels
2018-08-22 03:47:52 +02:00
// With our link's in-memory state fully reconstructed, spawn a
// goroutine to manage the reclamation of disk space occupied by
// completed forwarding packages.
multi: link quit can interrupt commitment signing In this commit, we make sig job handling when singing a next commitment non-blocking by allowing the shutdown of a channel link to prevent further waiting on sig jobs by the channel state machine. This addresses possible cases where the aux signer may be shut down via a separate quit signal, so the state machine could block indefinitely on receiving an update on a sig job.
2024-10-17 13:38:34 +02:00
l.Wg.Add(1)
htlcswitch/link: only resovle+gc fwdpkgs for live channels
2018-08-22 03:47:52 +02:00
go l.fwdPkgGarbager()
}
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
for {
htlcswitch/link: add failed variable to ensure exit
2018-05-23 15:14:46 +02:00
// We must always check if we failed at some point processing
// the last update before processing the next.
if l.failed {
htlcswitch: use prefix logger in link
2019-10-01 11:06:56 +02:00
l.log.Errorf("link failed, exiting htlcManager")
htlcswitch/link: use return instead of break out There is no clean up logic after the loop, done purely to improve clarity.
2020-04-14 19:50:45 +02:00
return
htlcswitch/link: add failed variable to ensure exit
2018-05-23 15:14:46 +02:00
}
htlcswitch: stop batch timer if there are no updates
2019-09-24 11:49:32 +02:00
// If the previous event resulted in a non-empty batch, resume
// the batch ticker so that it can be cleared. Otherwise pause
// the ticker to prevent waking up the htlcManager while the
// batch is empty.
lnwallet+htlcswitch: define expanded NumPendingUpdates This commit squashes the below operations for a net result where we have an expanded capability of assessing pending updates. This is made possible by packing the components into Duals in the prior commits. We squash the operations to simplify review. htlcswitch+lnwallet: rename PendingLocalUpdateCount lnwallet: complete pending update queries API for LightningChannel lnwallet+htlcswitch: consolidate NumPendingUpdates using ChannelParty This commit makes the observation that we can cleanly define the NumPendingUpdates function using a single expression by taking advantage of the relevant fields being properly packed into Duals.
2023-12-12 04:18:57 +01:00
numUpdates := l.channel.NumPendingUpdates(
lntypes.Local, lntypes.Remote,
)
if numUpdates > 0 {
htlcswitch: increase batch counter for exit hop settle and fail The idea of the batch counter is to increase it for commit tx updates, so that if the commit tx cannot be updated immediately (revocation window exhausted), the batch ticker makes sure it happens later. The batch counter was increased for forwarded htlcs, but not for exit hop resolutions. This lead to the situation where the commitment tx would not be updated, even though the htlc was settled locally. When no other changes happen on the channel, the htlc eventually reaches its expiry and the channel is force closed.
2019-04-09 16:22:50 +02:00
l.cfg.BatchTicker.Resume()
htlcswitch+lnwallet: add trace logs for tickers
2022-01-21 00:35:56 +01:00
l.log.Tracef("BatchTicker resumed, "+
lnwallet+htlcswitch: define expanded NumPendingUpdates This commit squashes the below operations for a net result where we have an expanded capability of assessing pending updates. This is made possible by packing the components into Duals in the prior commits. We squash the operations to simplify review. htlcswitch+lnwallet: rename PendingLocalUpdateCount lnwallet: complete pending update queries API for LightningChannel lnwallet+htlcswitch: consolidate NumPendingUpdates using ChannelParty This commit makes the observation that we can cleanly define the NumPendingUpdates function using a single expression by taking advantage of the relevant fields being properly packed into Duals.
2023-12-12 04:18:57 +01:00
"NumPendingUpdates(Local, Remote)=%d",
numUpdates,
)
htlcswitch: stop batch timer if there are no updates
2019-09-24 11:49:32 +02:00
} else {
l.cfg.BatchTicker.Pause()
htlcswitch+lnwallet: add trace logs for tickers
2022-01-21 00:35:56 +01:00
l.log.Trace("BatchTicker paused due to zero " +
lnwallet+htlcswitch: define expanded NumPendingUpdates This commit squashes the below operations for a net result where we have an expanded capability of assessing pending updates. This is made possible by packing the components into Duals in the prior commits. We squash the operations to simplify review. htlcswitch+lnwallet: rename PendingLocalUpdateCount lnwallet: complete pending update queries API for LightningChannel lnwallet+htlcswitch: consolidate NumPendingUpdates using ChannelParty This commit makes the observation that we can cleanly define the NumPendingUpdates function using a single expression by taking advantage of the relevant fields being properly packed into Duals.
2023-12-12 04:18:57 +01:00
"NumPendingUpdates(Local, Remote)")
htlcswitch: increase batch counter for exit hop settle and fail The idea of the batch counter is to increase it for commit tx updates, so that if the commit tx cannot be updated immediately (revocation window exhausted), the batch ticker makes sure it happens later. The batch counter was increased for forwarded htlcs, but not for exit hop resolutions. This lead to the situation where the commitment tx would not be updated, even though the htlc was settled locally. When no other changes happen on the channel, the htlc eventually reaches its expiry and the channel is force closed.
2019-04-09 16:22:50 +02:00
}
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
select {
htlcswitch: implement flush and commit lifecycle hooks for channelLink
2023-11-28 05:26:21 +01:00
// We have a new hook that needs to be run when we reach a clean
// channel state.
case hook := <-l.flushHooks.newTransients:
if l.channel.IsChannelClean() {
hook()
} else {
l.flushHooks.alloc(hook)
}
// We have a new hook that needs to be run when we have
// committed all of our updates.
case hook := <-l.outgoingCommitHooks.newTransients:
if !l.channel.OweCommitment() {
hook()
} else {
l.outgoingCommitHooks.alloc(hook)
}
// We have a new hook that needs to be run when our peer has
// committed all of their updates.
case hook := <-l.incomingCommitHooks.newTransients:
if !l.channel.NeedCommitment() {
hook()
} else {
l.incomingCommitHooks.alloc(hook)
}
peer+htlcswitch: randomize link commitment fee updates In this commit, we modify the behavior of links updating their commitment fees. Rather than attempting to update the commitment fee for each link every time a new block comes in, we'll use a timer with a random interval between 10 and 60 minutes for each link to determine when to update their corresponding commitment fee. This prevents us from oscillating the fee rate for our various commitment transactions.
2018-05-10 23:40:29 +02:00
// Our update fee timer has fired, so we'll check the network
// fee to see if we should adjust our commitment fee.
case <-l.updateFeeTimer.C:
l.updateFeeTimer.Reset(l.randomFeeUpdateTimeout())
htlcswitch: reject HTLC's which expire too soon This commit implements a missing policy within the current ChannelLink interface. If an HTLC arrives that is too close to the current block height, then we’ll reject it. As otherwise, it may be possible for us to lose an on-chain claim if they HTLC expires already or expires before we’re able to get a commitment transaction in the chain. As the exit node, we have a grace period that governs out decision. As an intermediate node, we ensure that the HTLC isn’t close to expiry on our outgoing link end if we forward it.
2017-08-03 06:10:35 +02:00
htlcswitch: within link, with each new block, check to see if commit fee should change In this commit we add a new case to the main select statement within a channel link. This select statement will serve as a Sipping Bird which will check the network fee rate (as returned by the fee estimator) and compare that to the fee on the commitment transaction. Using the shouldAdjustCommitFee function, we determine if we should update the commitment fee. If so, then we’ll send an UpdateFee message and also trigger a new commitment update. We also add a new unit test: TestChannelLinkUpdateCommitFee to ensure that we update the fee accordingly if the fee increases or decreases by a large portion.
2017-11-24 05:31:45 +01:00
// If we're not the initiator of the channel, don't we
// don't control the fees, so we can ignore this.
if !l.channel.IsInitiator() {
continue
}
// If we are the initiator, then we'll sample the
// current fee rate to get into the chain within 3
// blocks.
htlcswitch: cap fee updates to max fee allocation In this commit, we begin to enforce a maximum channel commitment fee for channel initiators when attempting to update their commitment fee. Now, if the new commitment fee happens to exceed their maximum, then a fee update of the maximum fee allocation will be proposed instead if needed. A default of up to 50% of the channel initiator's balance is enforced for the maximum channel commitment fee. It can be modified through the `--max-channel-fee-allocation` CLI flag.
2019-08-24 01:04:59 +02:00
netFee, err := l.sampleNetworkFee()
htlcswitch: within link, with each new block, check to see if commit fee should change In this commit we add a new case to the main select statement within a channel link. This select statement will serve as a Sipping Bird which will check the network fee rate (as returned by the fee estimator) and compare that to the fee on the commitment transaction. Using the shouldAdjustCommitFee function, we determine if we should update the commitment fee. If so, then we’ll send an UpdateFee message and also trigger a new commitment update. We also add a new unit test: TestChannelLinkUpdateCommitFee to ensure that we update the fee accordingly if the fee increases or decreases by a large portion.
2017-11-24 05:31:45 +01:00
if err != nil {
htlcswitch: use prefix logger for remaining log statements in link
2019-10-01 11:16:24 +02:00
l.log.Errorf("unable to sample network fee: %v",
err)
htlcswitch: within link, with each new block, check to see if commit fee should change In this commit we add a new case to the main select statement within a channel link. This select statement will serve as a Sipping Bird which will check the network fee rate (as returned by the fee estimator) and compare that to the fee on the commitment transaction. Using the shouldAdjustCommitFee function, we determine if we should update the commitment fee. If so, then we’ll send an UpdateFee message and also trigger a new commitment update. We also add a new unit test: TestChannelLinkUpdateCommitFee to ensure that we update the fee accordingly if the fee increases or decreases by a large portion.
2017-11-24 05:31:45 +01:00
continue
}
htlcswitch: respect minimum relay fee When channels fee rates are being considered for an update, the minimum relay fee should also be considered.
2021-06-23 14:28:25 +02:00
minRelayFee := l.cfg.FeeEstimator.RelayFeePerKW()
newCommitFee := l.channel.IdealCommitFeeRate(
netFee, minRelayFee,
multi: cap anchors feerate at configurable maximum This commit caps the update fee the initiator will send when the anchors channel type is used. We do not limit anything on the receiver side. 10 sat/vbyte is the current default max fee rate we use. This should be enough to ensure propagation before anchoring down the commitment transaction.
2020-12-10 14:16:53 +01:00
l.cfg.MaxAnchorsCommitFeeRate,
htlcswitch: respect minimum relay fee When channels fee rates are being considered for an update, the minimum relay fee should also be considered.
2021-06-23 14:28:25 +02:00
l.cfg.MaxFeeAllocation,
multi: cap anchors feerate at configurable maximum This commit caps the update fee the initiator will send when the anchors channel type is used. We do not limit anything on the receiver side. 10 sat/vbyte is the current default max fee rate we use. This should be enough to ensure propagation before anchoring down the commitment transaction.
2020-12-10 14:16:53 +01:00
)
htlcswitch: respect minimum relay fee When channels fee rates are being considered for an update, the minimum relay fee should also be considered.
2021-06-23 14:28:25 +02:00
// We determine if we should adjust the commitment fee
// based on the current commitment fee, the suggested
// new commitment fee and the current minimum relay fee
// rate.
commitFee := l.channel.CommitFeeRate()
if !shouldAdjustCommitFee(
newCommitFee, commitFee, minRelayFee,
) {
multi: formatting and comment fixes
2022-02-07 13:58:28 +01:00
htlcswitch: within link, with each new block, check to see if commit fee should change In this commit we add a new case to the main select statement within a channel link. This select statement will serve as a Sipping Bird which will check the network fee rate (as returned by the fee estimator) and compare that to the fee on the commitment transaction. Using the shouldAdjustCommitFee function, we determine if we should update the commitment fee. If so, then we’ll send an UpdateFee message and also trigger a new commitment update. We also add a new unit test: TestChannelLinkUpdateCommitFee to ensure that we update the fee accordingly if the fee increases or decreases by a large portion.
2017-11-24 05:31:45 +01:00
continue
}
// If we do, then we'll send a new UpdateFee message to
// the remote party, to be locked in with a new update.
htlcswitch: cap fee updates to max fee allocation In this commit, we begin to enforce a maximum channel commitment fee for channel initiators when attempting to update their commitment fee. Now, if the new commitment fee happens to exceed their maximum, then a fee update of the maximum fee allocation will be proposed instead if needed. A default of up to 50% of the channel initiator's balance is enforced for the maximum channel commitment fee. It can be modified through the `--max-channel-fee-allocation` CLI flag.
2019-08-24 01:04:59 +02:00
if err := l.updateChannelFee(newCommitFee); err != nil {
htlcswitch: use prefix logger for remaining log statements in link
2019-10-01 11:16:24 +02:00
l.log.Errorf("unable to update fee rate: %v",
err)
htlcswitch: within link, with each new block, check to see if commit fee should change In this commit we add a new case to the main select statement within a channel link. This select statement will serve as a Sipping Bird which will check the network fee rate (as returned by the fee estimator) and compare that to the fee on the commitment transaction. Using the shouldAdjustCommitFee function, we determine if we should update the commitment fee. If so, then we’ll send an UpdateFee message and also trigger a new commitment update. We also add a new unit test: TestChannelLinkUpdateCommitFee to ensure that we update the fee accordingly if the fee increases or decreases by a large portion.
2017-11-24 05:31:45 +01:00
continue
}
htlcswitch: implement full HTLC onion payload validation logic This commit puts a missing piece in place by properly parsing and validating the per hop payload received in incoming HTLC’s. When forwarding HTLC’s we ensure that the payload recovered is consistent with our current forwarding policy. Additionally, when we’re the “exit node” for a payment, then we ensure that the HTLC extended matches up with our expectation w.r.t the payment amount to be received.
2017-06-16 23:58:02 +02:00
// The underlying channel has notified us of a unilateral close
// carried out by the remote peer. In the case of such an
// event, we'll wipe the channel state from the peer, and mark
// the contract as fully settled. Afterwards we can exit.
htlcswitch: add set of tests for the forwarding log
2018-02-28 07:19:21 +01:00
//
// TODO(roasbeef): add force closure? also breach?
htlcswitch/link: rename UnilateralClose -> RemoteUnilateralClose
2018-03-16 15:19:11 +01:00
case <-l.cfg.ChainEvents.RemoteUnilateralClosure:
htlcswitch: log in lower case
2019-10-02 15:53:29 +02:00
l.log.Warnf("remote peer has closed on-chain")
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
htlcswitch: re-write channel connection re-establishment for correctness In this commit, we’ve re-written the process of syncing the state of channels after we reconnect. This re-write ensure correctness, and also simplified the existing logic which would attempt to launch another goroutine to handle requests from the switch to ensure that it doesn’t block. This is no longer necessary as the AddPacket method that the switch indirectly calls is non-blocking.
2017-11-10 23:57:59 +01:00
// TODO(roasbeef): remove all together
htlcswitch: make stop of the link not in the goroutine In order to be able to properly restart switch several times we should have the sequential process of channel link stop. In other words if we stopped the switch we should be sure that all channel links have been stopped too. Addition of the goroutine during the force close was added because of the deadlock: Trace: 1. link:force_close_notification 2. link:wipe_channel 3. peer:switch_remove_link 4. switch:stop_link 5. link:wait <-- deadlock
2017-07-09 01:20:56 +02:00
go func() {
htlcswitch: update WipeChannel on Peer interface to simply take the chanPoint The WipeChannel method doesn’t need to take the channel itself, as any relevant indexes should be able to be queried based on the channel point along.
2017-11-23 08:15:21 +01:00
chanPoint := l.channel.ChannelPoint()
multi: don't leak underlying pointer to LightningChannel.ChannelPoint()
2024-01-29 21:59:51 +01:00
l.cfg.Peer.WipeChannel(&chanPoint)
htlcswitch: make stop of the link not in the goroutine In order to be able to properly restart switch several times we should have the sequential process of channel link stop. In other words if we stopped the switch we should be sure that all channel links have been stopped too. Addition of the goroutine during the force close was added because of the deadlock: Trace: 1. link:force_close_notification 2. link:wipe_channel 3. peer:switch_remove_link 4. switch:stop_link 5. link:wait <-- deadlock
2017-07-09 01:20:56 +02:00
}()
htlcswitch: implement full HTLC onion payload validation logic This commit puts a missing piece in place by properly parsing and validating the per hop payload received in incoming HTLC’s. When forwarding HTLC’s we ensure that the payload recovered is consistent with our current forwarding policy. Additionally, when we’re the “exit node” for a payment, then we ensure that the HTLC extended matches up with our expectation w.r.t the payment amount to be received.
2017-06-16 23:58:02 +02:00
htlcswitch/link: use return instead of break out There is no clean up logic after the loop, done purely to improve clarity.
2020-04-14 19:50:45 +02:00
return
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
htlcswitch/link: replace batch ticker with... resumable ticker.Ticker interface
2018-08-01 21:42:38 +02:00
case <-l.cfg.BatchTicker.Ticks():
htlcswitch: stop batch timer if there are no updates
2019-09-24 11:49:32 +02:00
// Attempt to extend the remote commitment chain
// including all the currently pending entries. If the
// send was unsuccessful, then abandon the update,
// waiting for the revocation window to open up.
htlcswitch: extract updateCommitTxOrFail in link Deduplicate code and prepare for further split of handleDownstreamPkt.
2020-05-13 15:22:56 +02:00
if !l.updateCommitTxOrFail() {
htlcswitch/link: use return instead of break out There is no clean up logic after the loop, done purely to improve clarity.
2020-04-14 19:50:45 +02:00
return
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
}
htlcswitch/link: add pending commit ticker for stall detection This commit adds a PendingCommitTicker to the link config, which allows us to control how quickly we fail the link if the commitment dance stalls. Now that the mailbox has the ability to cancel packets, when the link fails it will reset the mailbox packets on exit, forcing a reevaluation of the HTLCs against their mailbox expiries.
2020-04-14 19:51:30 +02:00
case <-l.cfg.PendingCommitTicker.Ticks():
multi: update linter, fix new issues
2024-08-20 12:46:24 +02:00
l.failf(
htlcswitch: add new LinkFailureDisconnect action In this commit, we add a new LinkFailureDisconnect action that'll be used if we detect that the remote party hasn't sent a revoke and ack when it actually should. Before this commit, we would log our action, tear down the link, but then not actually force a connection recycle, as we assumed that if the TCP connection was actually stale, then the read/write timeout would expire. In practice this doesn't always seem to be the case, so we make a strong action here to actually force a disconnection in hopes that either side will reconnect and keep the good times rollin' 🕺.
2023-05-20 02:18:00 +02:00
LinkFailureError{
code: ErrRemoteUnresponsive,
FailureAction: LinkFailureDisconnect,
},
"unable to complete dance",
)
htlcswitch/link: add pending commit ticker for stall detection This commit adds a PendingCommitTicker to the link config, which allows us to control how quickly we fail the link if the commitment dance stalls. Now that the mailbox has the ability to cancel packets, when the link fails it will reset the mailbox packets on exit, forcing a reevaluation of the HTLCs against their mailbox expiries.
2020-04-14 19:51:30 +02:00
return
htlcswitch: implement full HTLC onion payload validation logic This commit puts a missing piece in place by properly parsing and validating the per hop payload received in incoming HTLC’s. When forwarding HTLC’s we ensure that the payload recovered is consistent with our current forwarding policy. Additionally, when we’re the “exit node” for a payment, then we ensure that the HTLC extended matches up with our expectation w.r.t the payment amount to be received.
2017-06-16 23:58:02 +02:00
// A message from the switch was just received. This indicates
// that the link is an intermediate hop in a multi-hop HTLC
// circuit.
htlcswitch: start using config in channel link Step №3 in making htlcManager (aka channelLink) testable: Apply the channel link config inside the channel link itself.
2017-05-03 23:03:47 +02:00
case pkt := <-l.downstream:
htlcswitch/link: remove unused isReProcess argument
2020-04-07 20:55:25 +02:00
l.handleDownstreamPkt(pkt)
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
htlcswitch: implement full HTLC onion payload validation logic This commit puts a missing piece in place by properly parsing and validating the per hop payload received in incoming HTLC’s. When forwarding HTLC’s we ensure that the payload recovered is consistent with our current forwarding policy. Additionally, when we’re the “exit node” for a payment, then we ensure that the HTLC extended matches up with our expectation w.r.t the payment amount to be received.
2017-06-16 23:58:02 +02:00
// A message from the connected peer was just received. This
// indicates that we have a new incoming HTLC, either directly
// for us, or part of a multi-hop HTLC circuit.
htlcswitch: start using config in channel link Step №3 in making htlcManager (aka channelLink) testable: Apply the channel link config inside the channel link itself.
2017-05-03 23:03:47 +02:00
case msg := <-l.upstream:
l.handleUpstreamMsg(msg)
mutli: rename HodlEvent to HtlcResolution This commit renames HodlEvent to HtlcResolution to better reflect the fact that the struct is only used for htlc settles and cancels, and that it is not specifically used for hodl invoices.
2019-12-20 11:25:07 +01:00
// A htlc resolution is received. This means that we now have a
htlcswitch: hodl invoice This commit modifies the invoice registry to handle invoices for which the preimage is not known yet (hodl invoices). In that case, the resolution channel passed in from links and resolvers is stored until we either learn the preimage or want to cancel the htlc.
2019-02-11 12:01:05 +01:00
// resolution for a previously accepted htlc.
case hodlItem := <-l.hodlQueue.ChanOut():
mutli: rename HodlEvent to HtlcResolution This commit renames HodlEvent to HtlcResolution to better reflect the fact that the struct is only used for htlc settles and cancels, and that it is not specifically used for hodl invoices.
2019-12-20 11:25:07 +01:00
htlcResolution := hodlItem.(invoices.HtlcResolution)
err := l.processHodlQueue(htlcResolution)
htlcswitch: remove synchronous link handoff, special-case keystone err This allows Switch-initiated payments to be failed back if they don't make it into a commitment. Prior to this commit, a Switch-initiated HTLC could get "lost" meaning the circuit wouldn't get deleted except if conditions were "right" and the network result store would never be made aware of the HTLC's fate. Switch-initiated HTLC's are now passed to the link's mailbox to ensure they can be failed back. This change also special-cases the ErrDuplicateKeystone error from OpenCircuits(...) so that callers of updateCommitTx() in the link don't send an Error to the peer if they encounter the keystone error. With the first async change, the keystone error should now always be recoverable.
2022-05-09 20:33:45 +02:00
switch err {
// No error, success.
case nil:
// If the duplicate keystone error was encountered,
// fail back gracefully.
case ErrDuplicateKeystone:
multi: update linter, fix new issues
2024-08-20 12:46:24 +02:00
l.failf(LinkFailureError{
code: ErrCircuitError,
}, "process hodl queue: "+
"temporary circuit error: %v",
err,
htlcswitch: remove synchronous link handoff, special-case keystone err This allows Switch-initiated payments to be failed back if they don't make it into a commitment. Prior to this commit, a Switch-initiated HTLC could get "lost" meaning the circuit wouldn't get deleted except if conditions were "right" and the network result store would never be made aware of the HTLC's fate. Switch-initiated HTLC's are now passed to the link's mailbox to ensure they can be failed back. This change also special-cases the ErrDuplicateKeystone error from OpenCircuits(...) so that callers of updateCommitTx() in the link don't send an Error to the peer if they encounter the keystone error. With the first async change, the keystone error should now always be recoverable.
2022-05-09 20:33:45 +02:00
)
// Send an Error message to the peer.
default:
multi: update linter, fix new issues
2024-08-20 12:46:24 +02:00
l.failf(LinkFailureError{
code: ErrInternalError,
}, "process hodl queue: unable to update "+
"commitment: %v", err,
htlcswitch: hodl invoice This commit modifies the invoice registry to handle invoices for which the preimage is not known yet (hodl invoices). In that case, the resolution channel passed in from links and resolvers is stored until we either learn the preimage or want to cancel the htlc.
2019-02-11 12:01:05 +01:00
)
}
multi: link quit can interrupt commitment signing In this commit, we make sig job handling when singing a next commitment non-blocking by allowing the shutdown of a channel link to prevent further waiting on sig jobs by the channel state machine. This addresses possible cases where the aux signer may be shut down via a separate quit signal, so the state machine could block indefinitely on receiving an update on a sig job.
2024-10-17 13:38:34 +02:00
case <-l.Quit:
htlcswitch/link: use return instead of break out There is no clean up logic after the loop, done purely to improve clarity.
2020-04-14 19:50:45 +02:00
return
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
}
}
}
mutli: rename HodlEvent to HtlcResolution This commit renames HodlEvent to HtlcResolution to better reflect the fact that the struct is only used for htlc settles and cancels, and that it is not specifically used for hodl invoices.
2019-12-20 11:25:07 +01:00
// processHodlQueue processes a received htlc resolution and continues reading
// from the hodl queue until no more resolutions remain. When this function
// returns without an error, the commit tx should be updated.
func (l *channelLink) processHodlQueue(
firstResolution invoices.HtlcResolution) error {
htlcswitch: hodl invoice This commit modifies the invoice registry to handle invoices for which the preimage is not known yet (hodl invoices). In that case, the resolution channel passed in from links and resolvers is stored until we either learn the preimage or want to cancel the htlc.
2019-02-11 12:01:05 +01:00
// Try to read all waiting resolution messages, so that they can all be
// processed in a single commitment tx update.
mutli: rename HodlEvent to HtlcResolution This commit renames HodlEvent to HtlcResolution to better reflect the fact that the struct is only used for htlc settles and cancels, and that it is not specifically used for hodl invoices.
2019-12-20 11:25:07 +01:00
htlcResolution := firstResolution
htlcswitch: hodl invoice This commit modifies the invoice registry to handle invoices for which the preimage is not known yet (hodl invoices). In that case, the resolution channel passed in from links and resolvers is stored until we either learn the preimage or want to cancel the htlc.
2019-02-11 12:01:05 +01:00
loop:
for {
htlcswitch+invoices: circuit key based hodl notifications This commit modifies hodl htlc notification from invoice registry from a single notification per hash to distinct notifications per htlc. This prepares for htlc-specific information (accept height) to be added to the notification.
2019-08-14 21:11:34 +02:00
// Lookup all hodl htlcs that can be failed or settled with this event.
// The hodl htlc must be present in the map.
multi: replace htlcResolution with an interface This commit repalces the htlcResolution struct with an interface. This interface is implemeted by failure, settle and accept resolution structs. Only settles and fails are exported because the existing code that handles htlc resolutions uses a nil resolution to indicate that a htlc was accepted. The accept resolution is used internally to report on the resolution result of the accepted htlc, but a nil resolution is surfaced. Further refactoring of all the functions that call NotifyExitHopHtlc to handle a htlc accept case (rather than having a nil check) is required.
2020-02-06 18:35:10 +01:00
circuitKey := htlcResolution.CircuitKey()
htlcswitch+invoices: circuit key based hodl notifications This commit modifies hodl htlc notification from invoice registry from a single notification per hash to distinct notifications per htlc. This prepares for htlc-specific information (accept height) to be added to the notification.
2019-08-14 21:11:34 +02:00
hodlHtlc, ok := l.hodlMap[circuitKey]
if !ok {
return fmt.Errorf("hodl htlc not found: %v", circuitKey)
}
link+contractcourt: rename processHodlEvent to processHtlcResolution
2019-12-20 11:25:07 +01:00
if err := l.processHtlcResolution(htlcResolution, hodlHtlc); err != nil {
htlcswitch: hodl invoice This commit modifies the invoice registry to handle invoices for which the preimage is not known yet (hodl invoices). In that case, the resolution channel passed in from links and resolvers is stored until we either learn the preimage or want to cancel the htlc.
2019-02-11 12:01:05 +01:00
return err
}
htlcswitch+invoices: circuit key based hodl notifications This commit modifies hodl htlc notification from invoice registry from a single notification per hash to distinct notifications per htlc. This prepares for htlc-specific information (accept height) to be added to the notification.
2019-08-14 21:11:34 +02:00
// Clean up hodl map.
delete(l.hodlMap, circuitKey)
htlcswitch: hodl invoice This commit modifies the invoice registry to handle invoices for which the preimage is not known yet (hodl invoices). In that case, the resolution channel passed in from links and resolvers is stored until we either learn the preimage or want to cancel the htlc.
2019-02-11 12:01:05 +01:00
select {
case item := <-l.hodlQueue.ChanOut():
mutli: rename HodlEvent to HtlcResolution This commit renames HodlEvent to HtlcResolution to better reflect the fact that the struct is only used for htlc settles and cancels, and that it is not specifically used for hodl invoices.
2019-12-20 11:25:07 +01:00
htlcResolution = item.(invoices.HtlcResolution)
htlcswitch: hodl invoice This commit modifies the invoice registry to handle invoices for which the preimage is not known yet (hodl invoices). In that case, the resolution channel passed in from links and resolvers is stored until we either learn the preimage or want to cancel the htlc.
2019-02-11 12:01:05 +01:00
default:
break loop
}
}
// Update the commitment tx.
if err := l.updateCommitTx(); err != nil {
htlcswitch: remove synchronous link handoff, special-case keystone err This allows Switch-initiated payments to be failed back if they don't make it into a commitment. Prior to this commit, a Switch-initiated HTLC could get "lost" meaning the circuit wouldn't get deleted except if conditions were "right" and the network result store would never be made aware of the HTLC's fate. Switch-initiated HTLC's are now passed to the link's mailbox to ensure they can be failed back. This change also special-cases the ErrDuplicateKeystone error from OpenCircuits(...) so that callers of updateCommitTx() in the link don't send an Error to the peer if they encounter the keystone error. With the first async change, the keystone error should now always be recoverable.
2022-05-09 20:33:45 +02:00
return err
htlcswitch: hodl invoice This commit modifies the invoice registry to handle invoices for which the preimage is not known yet (hodl invoices). In that case, the resolution channel passed in from links and resolvers is stored until we either learn the preimage or want to cancel the htlc.
2019-02-11 12:01:05 +01:00
}
return nil
}
link+contractcourt: rename processHodlEvent to processHtlcResolution
2019-12-20 11:25:07 +01:00
// processHtlcResolution applies a received htlc resolution to the provided
// htlc. When this function returns without an error, the commit tx should be
// updated.
func (l *channelLink) processHtlcResolution(resolution invoices.HtlcResolution,
htlcswitch+invoices: circuit key based hodl notifications This commit modifies hodl htlc notification from invoice registry from a single notification per hash to distinct notifications per htlc. This prepares for htlc-specific information (accept height) to be added to the notification.
2019-08-14 21:11:34 +02:00
htlc hodlHtlc) error {
multi: replace htlcResolution with an interface This commit repalces the htlcResolution struct with an interface. This interface is implemeted by failure, settle and accept resolution structs. Only settles and fails are exported because the existing code that handles htlc resolutions uses a nil resolution to indicate that a htlc was accepted. The accept resolution is used internally to report on the resolution result of the accepted htlc, but a nil resolution is surfaced. Further refactoring of all the functions that call NotifyExitHopHtlc to handle a htlc accept case (rather than having a nil check) is required.
2020-02-06 18:35:10 +01:00
circuitKey := resolution.CircuitKey()
htlcswitch: abtract invoice from link This commit detaches signaling the invoice registry that an htlc was locked in from the actually settling of the htlc. It is a preparation for hodl invoices.
2019-02-20 12:11:15 +01:00
multi: replace htlcResolution with an interface This commit repalces the htlcResolution struct with an interface. This interface is implemeted by failure, settle and accept resolution structs. Only settles and fails are exported because the existing code that handles htlc resolutions uses a nil resolution to indicate that a htlc was accepted. The accept resolution is used internally to report on the resolution result of the accepted htlc, but a nil resolution is surfaced. Further refactoring of all the functions that call NotifyExitHopHtlc to handle a htlc accept case (rather than having a nil check) is required.
2020-02-06 18:35:10 +01:00
// Determine required action for the resolution based on the type of
// resolution we have received.
switch res := resolution.(type) {
// Settle htlcs that returned a settle resolution using the preimage
// in the resolution.
case *invoices.HtlcSettleResolution:
htlcswitch/link: correct link log statement
2020-04-14 19:47:47 +02:00
l.log.Debugf("received settle resolution for %v "+
multi: replace htlcResolution with an interface This commit repalces the htlcResolution struct with an interface. This interface is implemeted by failure, settle and accept resolution structs. Only settles and fails are exported because the existing code that handles htlc resolutions uses a nil resolution to indicate that a htlc was accepted. The accept resolution is used internally to report on the resolution result of the accepted htlc, but a nil resolution is surfaced. Further refactoring of all the functions that call NotifyExitHopHtlc to handle a htlc accept case (rather than having a nil check) is required.
2020-02-06 18:35:10 +01:00
"with outcome: %v", circuitKey, res.Outcome)
cnct+htlcswitch+invoices: move invoice parameter check out of link This commit is the final step in making the link unaware of invoices. It now purely offers the htlc to the invoice registry and follows instructions from the invoice registry about how and when to respond to the htlc. The change also fixes a bug where upon restart, hodl htlcs were subjected to the invoice minimum cltv delta requirement again. If the block height has increased in the mean while, the htlc would be canceled back. Furthermore the invoice registry interaction is aligned between link and contract resolvers.
2019-04-16 12:11:20 +02:00
htlcswitch: remove PaymentDescriptor from settleHTLC's call signature This is done as part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 21:48:04 +02:00
return l.settleHTLC(
htlcswitch: remove PaymentDescriptor from hodlHtlc This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:05:54 +02:00
res.Preimage, htlc.add.ID, htlc.sourceRef,
htlcswitch: remove PaymentDescriptor from settleHTLC's call signature This is done as part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 21:48:04 +02:00
)
htlcswitch: abtract invoice from link This commit detaches signaling the invoice registry that an htlc was locked in from the actually settling of the htlc. It is a preparation for hodl invoices.
2019-02-20 12:11:15 +01:00
multi: replace htlcResolution with an interface This commit repalces the htlcResolution struct with an interface. This interface is implemeted by failure, settle and accept resolution structs. Only settles and fails are exported because the existing code that handles htlc resolutions uses a nil resolution to indicate that a htlc was accepted. The accept resolution is used internally to report on the resolution result of the accepted htlc, but a nil resolution is surfaced. Further refactoring of all the functions that call NotifyExitHopHtlc to handle a htlc accept case (rather than having a nil check) is required.
2020-02-06 18:35:10 +01:00
// For htlc failures, we get the relevant failure message based
// on the failure resolution and then fail the htlc.
case *invoices.HtlcFailResolution:
l.log.Debugf("received cancel resolution for "+
"%v with outcome: %v", circuitKey, res.Outcome)
htlcswitch: increase batch counter for exit hop settle and fail The idea of the batch counter is to increase it for commit tx updates, so that if the commit tx cannot be updated immediately (revocation window exhausted), the batch ticker makes sure it happens later. The batch counter was increased for forwarded htlcs, but not for exit hop resolutions. This lead to the situation where the commitment tx would not be updated, even though the htlc was settled locally. When no other changes happen on the channel, the htlc eventually reaches its expiry and the channel is force closed.
2019-04-09 16:22:50 +02:00
multi: replace htlcResolution with an interface This commit repalces the htlcResolution struct with an interface. This interface is implemeted by failure, settle and accept resolution structs. Only settles and fails are exported because the existing code that handles htlc resolutions uses a nil resolution to indicate that a htlc was accepted. The accept resolution is used internally to report on the resolution result of the accepted htlc, but a nil resolution is surfaced. Further refactoring of all the functions that call NotifyExitHopHtlc to handle a htlc accept case (rather than having a nil check) is required.
2020-02-06 18:35:10 +01:00
// Get the lnwire failure message based on the resolution
// result.
htlcswitch: remove PaymentDescriptor from hodlHtlc This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:05:54 +02:00
failure := getResolutionFailure(res, htlc.add.Amount)
htlcswitch: abtract invoice from link This commit detaches signaling the invoice registry that an htlc was locked in from the actually settling of the htlc. It is a preparation for hodl invoices.
2019-02-20 12:11:15 +01:00
multi: replace htlcResolution with an interface This commit repalces the htlcResolution struct with an interface. This interface is implemeted by failure, settle and accept resolution structs. Only settles and fails are exported because the existing code that handles htlc resolutions uses a nil resolution to indicate that a htlc was accepted. The accept resolution is used internally to report on the resolution result of the accepted htlc, but a nil resolution is surfaced. Further refactoring of all the functions that call NotifyExitHopHtlc to handle a htlc accept case (rather than having a nil check) is required.
2020-02-06 18:35:10 +01:00
l.sendHTLCError(
htlcswitch: remove PaymentDescriptor from hodlHtlc This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:05:54 +02:00
htlc.add, htlc.sourceRef, failure, htlc.obfuscator,
htlcswitch: remove PaymentDescriptor from sendHTLCError's call signature This is done as part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 21:45:35 +02:00
true,
multi: replace htlcResolution with an interface This commit repalces the htlcResolution struct with an interface. This interface is implemeted by failure, settle and accept resolution structs. Only settles and fails are exported because the existing code that handles htlc resolutions uses a nil resolution to indicate that a htlc was accepted. The accept resolution is used internally to report on the resolution result of the accepted htlc, but a nil resolution is surfaced. Further refactoring of all the functions that call NotifyExitHopHtlc to handle a htlc accept case (rather than having a nil check) is required.
2020-02-06 18:35:10 +01:00
)
return nil
// Fail if we do not get a settle of fail resolution, since we
// are only expecting to handle settles and fails.
default:
return fmt.Errorf("unknown htlc resolution type: %T",
resolution)
}
htlcswitch: abtract invoice from link This commit detaches signaling the invoice registry that an htlc was locked in from the actually settling of the htlc. It is a preparation for hodl invoices.
2019-02-20 12:11:15 +01:00
}
htlcswitch+invoices: fail mpp timeouts with FailMPPTimeout This commit adds a getResolutionFailure function which returns an appropriate wire failure based on the outcome of a htlc resolution. It also updates the MissionControlStore test to ensure that lnd can handle failures which occur due to mpp timeout.
2019-12-20 11:25:08 +01:00
// getResolutionFailure returns the wire message that a htlc resolution should
// be failed with.
multi: replace htlcResolution with an interface This commit repalces the htlcResolution struct with an interface. This interface is implemeted by failure, settle and accept resolution structs. Only settles and fails are exported because the existing code that handles htlc resolutions uses a nil resolution to indicate that a htlc was accepted. The accept resolution is used internally to report on the resolution result of the accepted htlc, but a nil resolution is surfaced. Further refactoring of all the functions that call NotifyExitHopHtlc to handle a htlc accept case (rather than having a nil check) is required.
2020-02-06 18:35:10 +01:00
func getResolutionFailure(resolution *invoices.HtlcFailResolution,
htlcswitch: add failure details to incoming failures This commit adds LinkErrors with failure details to htlcs which fail on our incoming link. This change is made with the intention of notifying detailed htlc failure reasons in sendHTLCError. The FailureDetail interface is implemented on FailureResolutionResults so that they can directly be used to enrich LinkErrors. sendHtlcError is updated to take a LinkError in preparation for the addition of a htlcnotifier which will notify the detail of the error.
2020-02-06 18:35:17 +01:00
amount lnwire.MilliSatoshi) *LinkError {
htlcswitch+invoices: fail mpp timeouts with FailMPPTimeout This commit adds a getResolutionFailure function which returns an appropriate wire failure based on the outcome of a htlc resolution. It also updates the MissionControlStore test to ensure that lnd can handle failures which occur due to mpp timeout.
2019-12-20 11:25:08 +01:00
multi: replace htlcResolution with an interface This commit repalces the htlcResolution struct with an interface. This interface is implemeted by failure, settle and accept resolution structs. Only settles and fails are exported because the existing code that handles htlc resolutions uses a nil resolution to indicate that a htlc was accepted. The accept resolution is used internally to report on the resolution result of the accepted htlc, but a nil resolution is surfaced. Further refactoring of all the functions that call NotifyExitHopHtlc to handle a htlc accept case (rather than having a nil check) is required.
2020-02-06 18:35:10 +01:00
// If the resolution has been resolved as part of a MPP timeout,
// we need to fail the htlc with lnwire.FailMppTimeout.
htlcswitch+invoices: fail mpp timeouts with FailMPPTimeout This commit adds a getResolutionFailure function which returns an appropriate wire failure based on the outcome of a htlc resolution. It also updates the MissionControlStore test to ensure that lnd can handle failures which occur due to mpp timeout.
2019-12-20 11:25:08 +01:00
if resolution.Outcome == invoices.ResultMppTimeout {
htlcswitch: add failure details to incoming failures This commit adds LinkErrors with failure details to htlcs which fail on our incoming link. This change is made with the intention of notifying detailed htlc failure reasons in sendHTLCError. The FailureDetail interface is implemented on FailureResolutionResults so that they can directly be used to enrich LinkErrors. sendHtlcError is updated to take a LinkError in preparation for the addition of a htlcnotifier which will notify the detail of the error.
2020-02-06 18:35:17 +01:00
return NewDetailedLinkError(
&lnwire.FailMPPTimeout{}, resolution.Outcome,
)
htlcswitch+invoices: fail mpp timeouts with FailMPPTimeout This commit adds a getResolutionFailure function which returns an appropriate wire failure based on the outcome of a htlc resolution. It also updates the MissionControlStore test to ensure that lnd can handle failures which occur due to mpp timeout.
2019-12-20 11:25:08 +01:00
}
multi: replace htlcResolution with an interface This commit repalces the htlcResolution struct with an interface. This interface is implemeted by failure, settle and accept resolution structs. Only settles and fails are exported because the existing code that handles htlc resolutions uses a nil resolution to indicate that a htlc was accepted. The accept resolution is used internally to report on the resolution result of the accepted htlc, but a nil resolution is surfaced. Further refactoring of all the functions that call NotifyExitHopHtlc to handle a htlc accept case (rather than having a nil check) is required.
2020-02-06 18:35:10 +01:00
// If the htlc is not a MPP timeout, we fail it with
// FailIncorrectDetails. This error is sent for invoice payment
// failures such as underpayment/ expiry too soon and hodl invoices
// (which return FailIncorrectDetails to avoid leaking information).
htlcswitch: add failure details to incoming failures This commit adds LinkErrors with failure details to htlcs which fail on our incoming link. This change is made with the intention of notifying detailed htlc failure reasons in sendHTLCError. The FailureDetail interface is implemented on FailureResolutionResults so that they can directly be used to enrich LinkErrors. sendHtlcError is updated to take a LinkError in preparation for the addition of a htlcnotifier which will notify the detail of the error.
2020-02-06 18:35:17 +01:00
incorrectDetails := lnwire.NewFailIncorrectDetails(
htlcswitch+invoices: fail mpp timeouts with FailMPPTimeout This commit adds a getResolutionFailure function which returns an appropriate wire failure based on the outcome of a htlc resolution. It also updates the MissionControlStore test to ensure that lnd can handle failures which occur due to mpp timeout.
2019-12-20 11:25:08 +01:00
amount, uint32(resolution.AcceptHeight),
)
htlcswitch: add failure details to incoming failures This commit adds LinkErrors with failure details to htlcs which fail on our incoming link. This change is made with the intention of notifying detailed htlc failure reasons in sendHTLCError. The FailureDetail interface is implemented on FailureResolutionResults so that they can directly be used to enrich LinkErrors. sendHtlcError is updated to take a LinkError in preparation for the addition of a htlcnotifier which will notify the detail of the error.
2020-02-06 18:35:17 +01:00
return NewDetailedLinkError(incorrectDetails, resolution.Outcome)
htlcswitch+invoices: fail mpp timeouts with FailMPPTimeout This commit adds a getResolutionFailure function which returns an appropriate wire failure based on the outcome of a htlc resolution. It also updates the MissionControlStore test to ensure that lnd can handle failures which occur due to mpp timeout.
2019-12-20 11:25:08 +01:00
}
peer+htlcswitch: randomize link commitment fee updates In this commit, we modify the behavior of links updating their commitment fees. Rather than attempting to update the commitment fee for each link every time a new block comes in, we'll use a timer with a random interval between 10 and 60 minutes for each link to determine when to update their corresponding commitment fee. This prevents us from oscillating the fee rate for our various commitment transactions.
2018-05-10 23:40:29 +02:00
// randomFeeUpdateTimeout returns a random timeout between the bounds defined
// within the link's configuration that will be used to determine when the link
// should propose an update to its commitment fee rate.
func (l *channelLink) randomFeeUpdateTimeout() time.Duration {
lnwallet: add configurable cache for web fee estimator Add fee.min-update-timeout and fee.max-update-timeout config options to allow configuration of the web fee estimator cache.
2024-04-23 09:49:04 +02:00
lower := int64(l.cfg.MinUpdateTimeout)
upper := int64(l.cfg.MaxUpdateTimeout)
htlcswitch/link: correct bias in fee update backoff This commit corrects the distribution used to schedule a link's randomized backoff for fee updates. Currently, our algorithm biases the lowest value in the range, with probability equal to lower/upper, or the ratio of the lower bound to the upper. This distribution is skewed more heavily as lower approaches upper. The solution is to sample a random value in the range upper-lower, then add this to our lower bound. The effect is a uniformly distributed timeout in [lower, upper).
2018-06-30 03:22:08 +02:00
return time.Duration(prand.Int63n(upper-lower) + lower)
peer+htlcswitch: randomize link commitment fee updates In this commit, we modify the behavior of links updating their commitment fees. Rather than attempting to update the commitment fee for each link every time a new block comes in, we'll use a timer with a random interval between 10 and 60 minutes for each link to determine when to update their corresponding commitment fee. This prevents us from oscillating the fee rate for our various commitment transactions.
2018-05-10 23:40:29 +02:00
}
htlcswitch: extract handleDownstreamUpdateAdd in link To be able to call just the UpdateAdd logic for synchronously handled local adds in a later commit.
2020-05-13 15:29:31 +02:00
// handleDownstreamUpdateAdd processes an UpdateAddHTLC packet sent from the
// downstream HTLC Switch.
htlcswitch: sync link hand-off This commit extends the link with a new synchronous delivery point for local UpdateAddHTLC messages. The switch method SendHTLC is updated to use this delivery point and thereby becomes a synchronous call. For MPP payments, synchronous hand-off is important. Otherwise the next pathfinding round could start without the channel balance updated yet.
2020-04-13 17:29:52 +02:00
func (l *channelLink) handleDownstreamUpdateAdd(pkt *htlcPacket) error {
htlc, ok := pkt.htlc.(*lnwire.UpdateAddHTLC)
if !ok {
return errors.New("not an UpdateAddHTLC packet")
}
htlcswitch: extract handleDownstreamUpdateAdd in link To be able to call just the UpdateAdd logic for synchronously handled local adds in a later commit.
2020-05-13 15:29:31 +02:00
htlcswitch: bounce downstream adds when flushing
2023-11-26 22:45:55 +01:00
// If we are flushing the link in the outgoing direction we can't add
// new htlcs to the link and we need to bounce it
if l.IsFlushing(Outgoing) {
l.mailBox.FailAdd(pkt)
return NewDetailedLinkError(
&lnwire.FailPermanentChannelFailure{},
OutgoingFailureLinkNotEligible,
)
}
htlcswitch: extract handleDownstreamUpdateAdd in link To be able to call just the UpdateAdd logic for synchronously handled local adds in a later commit.
2020-05-13 15:29:31 +02:00
// If hodl.AddOutgoing mode is active, we exit early to simulate
// arbitrary delays between the switch adding an ADD to the
// mailbox, and the HTLC being added to the commitment state.
if l.cfg.HodlMask.Active(hodl.AddOutgoing) {
l.log.Warnf(hodl.AddOutgoing.Warning())
l.mailBox.AckPacket(pkt.inKey())
htlcswitch: sync link hand-off This commit extends the link with a new synchronous delivery point for local UpdateAddHTLC messages. The switch method SendHTLC is updated to use this delivery point and thereby becomes a synchronous call. For MPP payments, synchronous hand-off is important. Otherwise the next pathfinding round could start without the channel balance updated yet.
2020-04-13 17:29:52 +02:00
return nil
htlcswitch: extract handleDownstreamUpdateAdd in link To be able to call just the UpdateAdd logic for synchronously handled local adds in a later commit.
2020-05-13 15:29:31 +02:00
}
htlcswitch+lnwallet: calculate fee exposure as commit fees + dust This commit expands the definition of the dust limit to take into account commitment fees as well as dust HTLCs. The dust limit is now known as a fee exposure threshold. Dust HTLCs are fees anyways so it makes sense to account for commitment fees as well. The link has been modified slightly to calculate dust. In the future, the switch dust calculations can be removed.
2024-06-03 18:43:33 +02:00
// Check if we can add the HTLC here without exceededing the max fee
// exposure threshold.
if l.isOverexposedWithHtlc(htlc, false) {
l.log.Debugf("Unable to handle downstream HTLC - max fee " +
"exposure exceeded")
l.mailBox.FailAdd(pkt)
return NewDetailedLinkError(
lnwire.NewTemporaryChannelFailure(nil),
OutgoingFailureDownstreamHtlcAdd,
)
}
htlcswitch: extract handleDownstreamUpdateAdd in link To be able to call just the UpdateAdd logic for synchronously handled local adds in a later commit.
2020-05-13 15:29:31 +02:00
// A new payment has been initiated via the downstream channel,
// so we add the new HTLC to our local log, then update the
// commitment chains.
htlc.ChanID = l.ChanID()
openCircuitRef := pkt.inKey()
lnwallet+htlcswitch: Introduce a fee buffer. We take into account a fee buffer of twice the current fee rate of the commitment transaction plus an additional htlc output when we are the opener of the channel hence pay when publishing the commitment transaction. This buffer is not consensus critical because we only consider it when we are in control of adding a new htlc to the state. The goal is to prevent situations where we push our local balance below our channel reserve due to parallel adding of htlcs to the state. Its not a panacea for these situations but until we have __option_simplified_update__ deployed widely on the network its a good precaution to protect against fee spikes and parallel adding of htlcs to the update log. Moreover the way the available balance for a channel changed. We now need to account for a fee buffer when we are the channel opener. Therefore all the tests had to be adopted.
2023-11-05 11:29:34 +01:00
// We enforce the fee buffer for the commitment transaction because
// we are in control of adding this htlc. Nothing has locked-in yet so
// we can securely enforce the fee buffer which is only relevant if we
// are the initiator of the channel.
htlcswitch: extract handleDownstreamUpdateAdd in link To be able to call just the UpdateAdd logic for synchronously handled local adds in a later commit.
2020-05-13 15:29:31 +02:00
index, err := l.channel.AddHTLC(htlc, &openCircuitRef)
if err != nil {
// The HTLC was unable to be added to the state machine,
// as a result, we'll signal the switch to cancel the
// pending payment.
l.log.Warnf("Unable to handle downstream add HTLC: %v",
err)
// Remove this packet from the link's mailbox, this
// prevents it from being reprocessed if the link
// restarts and resets it mailbox. If this response
// doesn't make it back to the originating link, it will
// be rejected upon attempting to reforward the Add to
// the switch, since the circuit was never fully opened,
// and the forwarding package shows it as
// unacknowledged.
l.mailBox.FailAdd(pkt)
htlcswitch: sync link hand-off This commit extends the link with a new synchronous delivery point for local UpdateAddHTLC messages. The switch method SendHTLC is updated to use this delivery point and thereby becomes a synchronous call. For MPP payments, synchronous hand-off is important. Otherwise the next pathfinding round could start without the channel balance updated yet.
2020-04-13 17:29:52 +02:00
return NewDetailedLinkError(
lnwire.NewTemporaryChannelFailure(nil),
OutgoingFailureDownstreamHtlcAdd,
)
htlcswitch: extract handleDownstreamUpdateAdd in link To be able to call just the UpdateAdd logic for synchronously handled local adds in a later commit.
2020-05-13 15:29:31 +02:00
}
l.log.Tracef("received downstream htlc: payment_hash=%x, "+
"local_log_index=%v, pend_updates=%v",
htlc.PaymentHash[:], index,
lnwallet+htlcswitch: define expanded NumPendingUpdates This commit squashes the below operations for a net result where we have an expanded capability of assessing pending updates. This is made possible by packing the components into Duals in the prior commits. We squash the operations to simplify review. htlcswitch+lnwallet: rename PendingLocalUpdateCount lnwallet: complete pending update queries API for LightningChannel lnwallet+htlcswitch: consolidate NumPendingUpdates using ChannelParty This commit makes the observation that we can cleanly define the NumPendingUpdates function using a single expression by taking advantage of the relevant fields being properly packed into Duals.
2023-12-12 04:18:57 +01:00
l.channel.NumPendingUpdates(lntypes.Local, lntypes.Remote))
htlcswitch: extract handleDownstreamUpdateAdd in link To be able to call just the UpdateAdd logic for synchronously handled local adds in a later commit.
2020-05-13 15:29:31 +02:00
pkt.outgoingChanID = l.ShortChanID()
pkt.outgoingHTLCID = index
htlc.ID = index
l.log.Debugf("queueing keystone of ADD open circuit: %s->%s",
pkt.inKey(), pkt.outKey())
l.openedCircuits = append(l.openedCircuits, pkt.inKey())
l.keystoneBatch = append(l.keystoneBatch, pkt.keystone())
_ = l.cfg.Peer.SendMessage(false, htlc)
// Send a forward event notification to htlcNotifier.
l.cfg.HtlcNotifier.NotifyForwardingEvent(
newHtlcKey(pkt),
HtlcInfo{
IncomingTimeLock: pkt.incomingTimeout,
IncomingAmt: pkt.incomingAmount,
OutgoingTimeLock: htlc.Expiry,
OutgoingAmt: htlc.Amount,
},
getEventType(pkt),
)
l.tryBatchUpdateCommitTx()
htlcswitch: sync link hand-off This commit extends the link with a new synchronous delivery point for local UpdateAddHTLC messages. The switch method SendHTLC is updated to use this delivery point and thereby becomes a synchronous call. For MPP payments, synchronous hand-off is important. Otherwise the next pathfinding round could start without the channel balance updated yet.
2020-04-13 17:29:52 +02:00
return nil
htlcswitch: extract handleDownstreamUpdateAdd in link To be able to call just the UpdateAdd logic for synchronously handled local adds in a later commit.
2020-05-13 15:29:31 +02:00
}
htlcswitch/link: remove unused isReProcess argument
2020-04-07 20:55:25 +02:00
// handleDownstreamPkt processes an HTLC packet sent from the downstream HTLC
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
// Switch. Possible messages sent by the switch include requests to forward new
// HTLCs, timeout previously cleared HTLCs, and finally to settle currently
// cleared HTLCs with the upstream peer.
htlcswitch+test: send switch back error on lnwallet.ErrInsufficientBalance This commit fixes a bug related to swallowing an error that should go to the switch in the case of an insufficient balance error when attempting to add a new HTLC to the channel state machine. In this case, an error would never be returned back to the client/switch, and the internal processing within the channelLink would loop forever, attempting to add an HTLC that can’t be added due to insufficient balance to state machine itself. We fix this issue by only treating the lnwallet.ErrMaxHTLCNumber as the only error that prompts adding an HTLC to the overflow queue rather than sending the error directly back to the switch.
2017-09-26 01:09:48 +02:00
//
// TODO(roasbeef): add sync ntfn to ensure switch always has consistent view?
htlcswitch/link: remove unused isReProcess argument
2020-04-07 20:55:25 +02:00
func (l *channelLink) handleDownstreamPkt(pkt *htlcPacket) {
htlcswitch: start using config in channel link Step №3 in making htlcManager (aka channelLink) testable: Apply the channel link config inside the channel link itself.
2017-05-03 23:03:47 +02:00
switch htlc := pkt.htlc.(type) {
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
case *lnwire.UpdateAddHTLC:
htlcswitch: sync link hand-off This commit extends the link with a new synchronous delivery point for local UpdateAddHTLC messages. The switch method SendHTLC is updated to use this delivery point and thereby becomes a synchronous call. For MPP payments, synchronous hand-off is important. Otherwise the next pathfinding round could start without the channel balance updated yet.
2020-04-13 17:29:52 +02:00
// Handle add message. The returned error can be ignored,
// because it is also sent through the mailbox.
_ = l.handleDownstreamUpdateAdd(pkt)
htlcswitch: update commit tx per downstream msg type Unroll common code to allow splitting in separate handlers per message type.
2020-05-13 15:26:41 +02:00
multi: comprehensive typo fixes across all packages
2018-02-07 04:11:11 +01:00
case *lnwire.UpdateFulfillHTLC:
htlcswitch/link: adds HodlFlag breakpoints This commit inserts an initial set of HodlFlags into their correct places within the switch. In lieu of the existing HtlcHodl mode, it is been replaced with a configurable HodlMask, which is a bitvector representing the desired breakpoints. This will allow for fine grained testing of the switch's internals, since we can create arbitrary delays inside a otherwise asynchronous system.
2018-04-27 11:51:13 +02:00
// If hodl.SettleOutgoing mode is active, we exit early to
// simulate arbitrary delays between the switch adding the
// SETTLE to the mailbox, and the HTLC being added to the
// commitment state.
multi: remove debug invoices Debug invoices are rarely used nowadays, but keep asking for maintenance every time refactoring in primarily the invoice registry occurs. We have passed the cost/benefit tipping point, so therefore the debug invoice concept is removed in this commit. Previously the debughtlc flag also controlled whether hodl masks were active. It is safe to remove that additional condition because the hodl masks are still guarded by the dev build tag.
2019-08-14 19:57:31 +02:00
if l.cfg.HodlMask.Active(hodl.SettleOutgoing) {
htlcswitch: use prefix logger in link
2019-10-01 11:06:56 +02:00
l.log.Warnf(hodl.SettleOutgoing.Warning())
htlcswitch/link: cleanup spurious fail/settle responses
2018-07-27 12:21:12 +02:00
l.mailBox.AckPacket(pkt.inKey())
htlcswitch/link: adds HodlFlag breakpoints This commit inserts an initial set of HodlFlags into their correct places within the switch. In lieu of the existing HtlcHodl mode, it is been replaced with a configurable HodlMask, which is a bitvector representing the desired breakpoints. This will allow for fine grained testing of the switch's internals, since we can create arbitrary delays inside a otherwise asynchronous system.
2018-04-27 11:51:13 +02:00
return
}
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
// An HTLC we forward to the switch has just settled somewhere
// upstream. Therefore we settle the HTLC within the our local
// state machine.
htlcswitch/link: cleanup spurious fail/settle responses
2018-07-27 12:21:12 +02:00
inKey := pkt.inKey()
err := l.channel.SettleHTLC(
htlcswitch/link: integrate persistence changes to lnwallet APIs
2018-02-24 07:40:55 +01:00
htlc.PaymentPreimage,
pkt.incomingHTLCID,
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
pkt.sourceRef,
pkt.destRef,
htlcswitch/link: cleanup spurious fail/settle responses
2018-07-27 12:21:12 +02:00
&inKey,
)
if err != nil {
htlcswitch: use prefix logger in link
2019-10-01 11:06:56 +02:00
l.log.Errorf("unable to settle incoming HTLC for "+
htlcswitch/link: cleanup spurious fail/settle responses
2018-07-27 12:21:12 +02:00
"circuit-key=%v: %v", inKey, err)
// If the HTLC index for Settle response was not known
// to our commitment state, it has already been
// cleaned up by a prior response. We'll thus try to
// clean up any lingering state to ensure we don't
// continue reforwarding.
if _, ok := err.(lnwallet.ErrUnknownHtlcIndex); ok {
l.cleanupSpuriousResponse(pkt)
}
// Remove the packet from the link's mailbox to ensure
// it doesn't get replayed after a reconnection.
l.mailBox.AckPacket(inKey)
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
return
}
htlcswitch: log in lower case
2019-10-02 15:53:29 +02:00
l.log.Debugf("queueing removal of SETTLE closed circuit: "+
htlcswitch: use prefix logger in link
2019-10-01 11:06:56 +02:00
"%s->%s", pkt.inKey(), pkt.outKey())
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
l.closedCircuits = append(l.closedCircuits, pkt.inKey())
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
// With the HTLC settled, we'll need to populate the wire
// message to target the specific channel and HTLC to be
multi: fix canceled spelling
2019-10-03 17:22:43 +02:00
// canceled.
htlcswitch: start using config in channel link Step №3 in making htlcManager (aka channelLink) testable: Apply the channel link config inside the channel link itself.
2017-05-03 23:03:47 +02:00
htlc.ChanID = l.ChanID()
htlcswitch: Rename htlcPacket fields for clarity. The src/dest terminology for routing packets is kind of confusing because the source HTLC may not be the source of the packet for settles/fails traversing the circuit in the opposite direction. This changes the nomenclature to incoming/outgoing and always references the HTLCs themselves.
2017-10-30 19:56:51 +01:00
htlc.ID = pkt.incomingHTLCID
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
// Then we send the HTLC settle message to the connected peer
// so we can continue the propagation of the settle message.
htlcswitch/link: upgrade to use lnpeer.Peer.SendMessage
2018-06-08 05:17:15 +02:00
l.cfg.Peer.SendMessage(false, htlc)
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
htlcswitch: add notifications for forwards This commit adds notifications for htlcs which are forwarded through our node. Forwards are notified when the htlc is added on our ougoing link, settles when we send a settle message to the downstream peer. If a failure occurs, we check whether it occurred at our node, then notify a link or forwarding failure accordingly. Note that this change also adds forward event notifications for sends which are initiated by our node because the handling code for adding a htlc which originates from our node is the same as that for handling forwards. Htlcs for our locally initiated sends have our internal pid set in the incoming htlcs id field, so we extract this value and notify with a zero htlc id to be consistent with receives (which have zero outgoing circuits). Subsequent settles or failures are not noitfied for local sends in this commit, and will be handled in a follow up.
2020-02-19 17:03:22 +01:00
// Send a settle event notification to htlcNotifier.
l.cfg.HtlcNotifier.NotifySettleEvent(
newHtlcKey(pkt),
feature: expose preimage in forward+settle event Until now, clients of SubscribeHTLCEvents didn't have access to the settled preimage. The API allows to intercept forward event and to be updated on forward events however the forward+settle event does not include the payment preimage. This pr changes allows it.
2021-06-15 21:01:24 +02:00
htlc.PaymentPreimage,
htlcswitch: add notifications for forwards This commit adds notifications for htlcs which are forwarded through our node. Forwards are notified when the htlc is added on our ougoing link, settles when we send a settle message to the downstream peer. If a failure occurs, we check whether it occurred at our node, then notify a link or forwarding failure accordingly. Note that this change also adds forward event notifications for sends which are initiated by our node because the handling code for adding a htlc which originates from our node is the same as that for handling forwards. Htlcs for our locally initiated sends have our internal pid set in the incoming htlcs id field, so we extract this value and notify with a zero htlc id to be consistent with receives (which have zero outgoing circuits). Subsequent settles or failures are not noitfied for local sends in this commit, and will be handled in a follow up.
2020-02-19 17:03:22 +01:00
getEventType(pkt),
)
htlcswitch: update commit tx per downstream msg type Unroll common code to allow splitting in separate handlers per message type.
2020-05-13 15:26:41 +02:00
// Immediately update the commitment tx to minimize latency.
l.updateCommitTxOrFail()
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
case *lnwire.UpdateFailHTLC:
htlcswitch/link: adds HodlFlag breakpoints This commit inserts an initial set of HodlFlags into their correct places within the switch. In lieu of the existing HtlcHodl mode, it is been replaced with a configurable HodlMask, which is a bitvector representing the desired breakpoints. This will allow for fine grained testing of the switch's internals, since we can create arbitrary delays inside a otherwise asynchronous system.
2018-04-27 11:51:13 +02:00
// If hodl.FailOutgoing mode is active, we exit early to
// simulate arbitrary delays between the switch adding a FAIL to
// the mailbox, and the HTLC being added to the commitment
// state.
multi: remove debug invoices Debug invoices are rarely used nowadays, but keep asking for maintenance every time refactoring in primarily the invoice registry occurs. We have passed the cost/benefit tipping point, so therefore the debug invoice concept is removed in this commit. Previously the debughtlc flag also controlled whether hodl masks were active. It is safe to remove that additional condition because the hodl masks are still guarded by the dev build tag.
2019-08-14 19:57:31 +02:00
if l.cfg.HodlMask.Active(hodl.FailOutgoing) {
htlcswitch: use prefix logger in link
2019-10-01 11:06:56 +02:00
l.log.Warnf(hodl.FailOutgoing.Warning())
htlcswitch/link: cleanup spurious fail/settle responses
2018-07-27 12:21:12 +02:00
l.mailBox.AckPacket(pkt.inKey())
htlcswitch/link: adds HodlFlag breakpoints This commit inserts an initial set of HodlFlags into their correct places within the switch. In lieu of the existing HtlcHodl mode, it is been replaced with a configurable HodlMask, which is a bitvector representing the desired breakpoints. This will allow for fine grained testing of the switch's internals, since we can create arbitrary delays inside a otherwise asynchronous system.
2018-04-27 11:51:13 +02:00
return
}
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
// An HTLC cancellation has been triggered somewhere upstream,
// we'll remove then HTLC from our local state machine.
htlcswitch/link: cleanup spurious fail/settle responses
2018-07-27 12:21:12 +02:00
inKey := pkt.inKey()
err := l.channel.FailHTLC(
htlcswitch/link: integrate persistence changes to lnwallet APIs
2018-02-24 07:40:55 +01:00
pkt.incomingHTLCID,
htlc.Reason,
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
pkt.sourceRef,
pkt.destRef,
htlcswitch/link: cleanup spurious fail/settle responses
2018-07-27 12:21:12 +02:00
&inKey,
)
if err != nil {
htlcswitch: use prefix logger in link
2019-10-01 11:06:56 +02:00
l.log.Errorf("unable to cancel incoming HTLC for "+
htlcswitch/link: cleanup spurious fail/settle responses
2018-07-27 12:21:12 +02:00
"circuit-key=%v: %v", inKey, err)
// If the HTLC index for Fail response was not known to
// our commitment state, it has already been cleaned up
// by a prior response. We'll thus try to clean up any
// lingering state to ensure we don't continue
// reforwarding.
if _, ok := err.(lnwallet.ErrUnknownHtlcIndex); ok {
l.cleanupSpuriousResponse(pkt)
}
// Remove the packet from the link's mailbox to ensure
// it doesn't get replayed after a reconnection.
l.mailBox.AckPacket(inKey)
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
return
}
htlcswitch: log in lower case
2019-10-02 15:53:29 +02:00
l.log.Debugf("queueing removal of FAIL closed circuit: %s->%s",
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
pkt.inKey(), pkt.outKey())
l.closedCircuits = append(l.closedCircuits, pkt.inKey())
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
// With the HTLC removed, we'll need to populate the wire
// message to target the specific channel and HTLC to be
multi: fix canceled spelling
2019-10-03 17:22:43 +02:00
// canceled. The "Reason" field will have already been set
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
// within the switch.
htlcswitch: start using config in channel link Step №3 in making htlcManager (aka channelLink) testable: Apply the channel link config inside the channel link itself.
2017-05-03 23:03:47 +02:00
htlc.ChanID = l.ChanID()
htlcswitch: Rename htlcPacket fields for clarity. The src/dest terminology for routing packets is kind of confusing because the source HTLC may not be the source of the packet for settles/fails traversing the circuit in the opposite direction. This changes the nomenclature to incoming/outgoing and always references the HTLCs themselves.
2017-10-30 19:56:51 +01:00
htlc.ID = pkt.incomingHTLCID
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
htlcswitch: add notifications for forwards This commit adds notifications for htlcs which are forwarded through our node. Forwards are notified when the htlc is added on our ougoing link, settles when we send a settle message to the downstream peer. If a failure occurs, we check whether it occurred at our node, then notify a link or forwarding failure accordingly. Note that this change also adds forward event notifications for sends which are initiated by our node because the handling code for adding a htlc which originates from our node is the same as that for handling forwards. Htlcs for our locally initiated sends have our internal pid set in the incoming htlcs id field, so we extract this value and notify with a zero htlc id to be consistent with receives (which have zero outgoing circuits). Subsequent settles or failures are not noitfied for local sends in this commit, and will be handled in a follow up.
2020-02-19 17:03:22 +01:00
// We send the HTLC message to the peer which initially created
htlcswitch: convert blinded failures for blinded payments
2024-04-08 21:51:15 +02:00
// the HTLC. If the incoming blinding point is non-nil, we
// know that we are a relaying node in a blinded path.
// Otherwise, we're either an introduction node or not part of
// a blinded path at all.
if err := l.sendIncomingHTLCFailureMsg(
htlc.ID,
pkt.obfuscator,
htlc.Reason,
); err != nil {
l.log.Errorf("unable to send HTLC failure: %v",
err)
return
}
htlcswitch: add notifications for forwards This commit adds notifications for htlcs which are forwarded through our node. Forwards are notified when the htlc is added on our ougoing link, settles when we send a settle message to the downstream peer. If a failure occurs, we check whether it occurred at our node, then notify a link or forwarding failure accordingly. Note that this change also adds forward event notifications for sends which are initiated by our node because the handling code for adding a htlc which originates from our node is the same as that for handling forwards. Htlcs for our locally initiated sends have our internal pid set in the incoming htlcs id field, so we extract this value and notify with a zero htlc id to be consistent with receives (which have zero outgoing circuits). Subsequent settles or failures are not noitfied for local sends in this commit, and will be handled in a follow up.
2020-02-19 17:03:22 +01:00
// If the packet does not have a link failure set, it failed
// further down the route so we notify a forwarding failure.
// Otherwise, we notify a link failure because it failed at our
// node.
if pkt.linkFailure != nil {
l.cfg.HtlcNotifier.NotifyLinkFailEvent(
newHtlcKey(pkt),
newHtlcInfo(pkt),
getEventType(pkt),
pkt.linkFailure,
false,
)
} else {
l.cfg.HtlcNotifier.NotifyForwardingFailEvent(
newHtlcKey(pkt), getEventType(pkt),
)
}
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
htlcswitch: update commit tx per downstream msg type Unroll common code to allow splitting in separate handlers per message type.
2020-05-13 15:26:41 +02:00
// Immediately update the commitment tx to minimize latency.
l.updateCommitTxOrFail()
}
}
htlcswitch: remove batch counter Now that channel exposes the number of pending local updates, it is no longer necessary to track the batch size separately in the link.
2019-04-10 15:28:55 +02:00
htlcswitch: update commit tx per downstream msg type Unroll common code to allow splitting in separate handlers per message type.
2020-05-13 15:26:41 +02:00
// tryBatchUpdateCommitTx updates the commitment transaction if the batch is
// full.
func (l *channelLink) tryBatchUpdateCommitTx() {
lnwallet+htlcswitch: define expanded NumPendingUpdates This commit squashes the below operations for a net result where we have an expanded capability of assessing pending updates. This is made possible by packing the components into Duals in the prior commits. We squash the operations to simplify review. htlcswitch+lnwallet: rename PendingLocalUpdateCount lnwallet: complete pending update queries API for LightningChannel lnwallet+htlcswitch: consolidate NumPendingUpdates using ChannelParty This commit makes the observation that we can cleanly define the NumPendingUpdates function using a single expression by taking advantage of the relevant fields being properly packed into Duals.
2023-12-12 04:18:57 +01:00
pending := l.channel.NumPendingUpdates(lntypes.Local, lntypes.Remote)
if pending < uint64(l.cfg.BatchSize) {
htlcswitch: update commit tx per downstream msg type Unroll common code to allow splitting in separate handlers per message type.
2020-05-13 15:26:41 +02:00
return
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
}
htlcswitch: update commit tx per downstream msg type Unroll common code to allow splitting in separate handlers per message type.
2020-05-13 15:26:41 +02:00
l.updateCommitTxOrFail()
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
}
htlcswitch/link: cleanup spurious fail/settle responses
2018-07-27 12:21:12 +02:00
// cleanupSpuriousResponse attempts to ack any AddRef or SettleFailRef
// associated with this packet. If successful in doing so, it will also purge
// the open circuit from the circuit map and remove the packet from the link's
// mailbox.
func (l *channelLink) cleanupSpuriousResponse(pkt *htlcPacket) {
inKey := pkt.inKey()
htlcswitch: log in lower case
2019-10-02 15:53:29 +02:00
l.log.Debugf("cleaning up spurious response for incoming "+
htlcswitch: use prefix logger in link
2019-10-01 11:06:56 +02:00
"circuit-key=%v", inKey)
htlcswitch/link: cleanup spurious fail/settle responses
2018-07-27 12:21:12 +02:00
// If the htlc packet doesn't have a source reference, it is unsafe to
// proceed, as skipping this ack may cause the htlc to be reforwarded.
if pkt.sourceRef == nil {
htlcswitch: fix typo
2021-05-17 12:10:58 +02:00
l.log.Errorf("unable to cleanup response for incoming "+
htlcswitch/link: cleanup spurious fail/settle responses
2018-07-27 12:21:12 +02:00
"circuit-key=%v, does not contain source reference",
inKey)
return
}
// If the source reference is present, we will try to prevent this link
// from resending the packet to the switch. To do so, we ack the AddRef
// of the incoming HTLC belonging to this link.
err := l.channel.AckAddHtlcs(*pkt.sourceRef)
if err != nil {
htlcswitch: use prefix logger in link
2019-10-01 11:06:56 +02:00
l.log.Errorf("unable to ack AddRef for incoming "+
htlcswitch/link: cleanup spurious fail/settle responses
2018-07-27 12:21:12 +02:00
"circuit-key=%v: %v", inKey, err)
// If this operation failed, it is unsafe to attempt removal of
// the destination reference or circuit, so we exit early. The
// cleanup may proceed with a different packet in the future
// that succeeds on this step.
return
}
// Now that we know this link will stop retransmitting Adds to the
// switch, we can begin to teardown the response reference and circuit
// map.
//
// If the packet includes a destination reference, then a response for
// this HTLC was locked into the outgoing channel. Attempt to remove
// this reference, so we stop retransmitting the response internally.
// Even if this fails, we will proceed in trying to delete the circuit.
// When retransmitting responses, the destination references will be
// cleaned up if an open circuit is not found in the circuit map.
if pkt.destRef != nil {
err := l.channel.AckSettleFails(*pkt.destRef)
if err != nil {
htlcswitch: use prefix logger in link
2019-10-01 11:06:56 +02:00
l.log.Errorf("unable to ack SettleFailRef "+
htlcswitch/link: cleanup spurious fail/settle responses
2018-07-27 12:21:12 +02:00
"for incoming circuit-key=%v: %v",
inKey, err)
}
}
htlcswitch: log in lower case
2019-10-02 15:53:29 +02:00
l.log.Debugf("deleting circuit for incoming circuit-key=%x", inKey)
htlcswitch/link: cleanup spurious fail/settle responses
2018-07-27 12:21:12 +02:00
// With all known references acked, we can now safely delete the circuit
// from the switch's circuit map, as the state is no longer needed.
err = l.cfg.Circuits.DeleteCircuits(inKey)
if err != nil {
htlcswitch: use prefix logger in link
2019-10-01 11:06:56 +02:00
l.log.Errorf("unable to delete circuit for "+
htlcswitch/link: cleanup spurious fail/settle responses
2018-07-27 12:21:12 +02:00
"circuit-key=%v: %v", inKey, err)
}
}
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
// handleUpstreamMsg processes wire messages related to commitment state
// updates from the upstream peer. The upstream peer is the peer whom we have a
// direct channel with, updating our respective commitment chains.
htlcswitch: start using config in channel link Step №3 in making htlcManager (aka channelLink) testable: Apply the channel link config inside the channel link itself.
2017-05-03 23:03:47 +02:00
func (l *channelLink) handleUpstreamMsg(msg lnwire.Message) {
switch msg := msg.(type) {
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
case *lnwire.UpdateAddHTLC:
htlcswitch: drop the connection when receiving an invalid add When the link is flushing in the incoming direction, it means adds are invalid. The best chance we have at dealing with this is to drop the connection. This should roll back the channel state to the last CommitSig. If the remote has already sent a CommitSig we haven't received yet, channel state will be re-synchronized with a ChannelReestablish message upon reconnection and the protocol state that caused us to flush the link will be rolled back. In the event that there was some non-deterministic behavior in the remote that caused them to violate the protocol, we have a decent shot at correcting it this way, since reconnecting will put us in the cleanest possible state to try again.
2023-12-09 00:10:30 +01:00
if l.IsFlushing(Incoming) {
// This is forbidden by the protocol specification.
// The best chance we have to deal with this is to drop
// the connection. This should roll back the channel
// state to the last CommitSig. If the remote has
// already sent a CommitSig we haven't received yet,
// channel state will be re-synchronized with a
// ChannelReestablish message upon reconnection and the
// protocol state that caused us to flush the link will
// be rolled back. In the event that there was some
// non-deterministic behavior in the remote that caused
// them to violate the protocol, we have a decent shot
// at correcting it this way, since reconnecting will
// put us in the cleanest possible state to try again.
//
// In addition to the above, it is possible for us to
// hit this case in situations where we improperly
// handle message ordering due to concurrency choices.
// An issue has been filed to address this here:
// https://github.com/lightningnetwork/lnd/issues/8393
multi: update linter, fix new issues
2024-08-20 12:46:24 +02:00
l.failf(
htlcswitch: drop the connection when receiving an invalid add When the link is flushing in the incoming direction, it means adds are invalid. The best chance we have at dealing with this is to drop the connection. This should roll back the channel state to the last CommitSig. If the remote has already sent a CommitSig we haven't received yet, channel state will be re-synchronized with a ChannelReestablish message upon reconnection and the protocol state that caused us to flush the link will be rolled back. In the event that there was some non-deterministic behavior in the remote that caused them to violate the protocol, we have a decent shot at correcting it this way, since reconnecting will put us in the cleanest possible state to try again.
2023-12-09 00:10:30 +01:00
LinkFailureError{
code: ErrInvalidUpdate,
FailureAction: LinkFailureDisconnect,
PermanentFailure: false,
Warning: true,
},
"received add while link is flushing",
)
return
}
multi: add option to disable route blinding, rejecting at link Add an option to disable route blinding, failing back any HTLC with a blinding point set when we haven't got the feature enabled. Note that this commit only handles the case where we're chosen as the relaying node (where the blinding point is in update_add_htlc), we'll add handling for the introduction node case once we get to handling of blinded payloads).
2024-04-02 15:04:27 +02:00
// Disallow htlcs with blinding points set if we haven't
// enabled the feature. This saves us from having to process
// the onion at all, but will only catch blinded payments
// where we are a relaying node (as the blinding point will
// be in the payload when we're the introduction node).
if msg.BlindingPoint.IsSome() && l.cfg.DisallowRouteBlinding {
multi: update linter, fix new issues
2024-08-20 12:46:24 +02:00
l.failf(LinkFailureError{code: ErrInvalidUpdate},
multi: add option to disable route blinding, rejecting at link Add an option to disable route blinding, failing back any HTLC with a blinding point set when we haven't got the feature enabled. Note that this commit only handles the case where we're chosen as the relaying node (where the blinding point is in update_add_htlc), we'll add handling for the introduction node case once we get to handling of blinded payloads).
2024-04-02 15:04:27 +02:00
"blinding point included when route blinding "+
"is disabled")
return
}
htlcswitch+lnwallet: calculate fee exposure as commit fees + dust This commit expands the definition of the dust limit to take into account commitment fees as well as dust HTLCs. The dust limit is now known as a fee exposure threshold. Dust HTLCs are fees anyways so it makes sense to account for commitment fees as well. The link has been modified slightly to calculate dust. In the future, the switch dust calculations can be removed.
2024-06-03 18:43:33 +02:00
// We have to check the limit here rather than later in the
// switch because the counterparty can keep sending HTLC's
// without sending a revoke. This would mean that the switch
// check would only occur later.
if l.isOverexposedWithHtlc(msg, true) {
multi: update linter, fix new issues
2024-08-20 12:46:24 +02:00
l.failf(LinkFailureError{code: ErrInternalError},
htlcswitch+lnwallet: calculate fee exposure as commit fees + dust This commit expands the definition of the dust limit to take into account commitment fees as well as dust HTLCs. The dust limit is now known as a fee exposure threshold. Dust HTLCs are fees anyways so it makes sense to account for commitment fees as well. The link has been modified slightly to calculate dust. In the future, the switch dust calculations can be removed.
2024-06-03 18:43:33 +02:00
"peer sent us an HTLC that exceeded our max "+
"fee exposure")
return
}
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
// We just received an add request from an upstream peer, so we
// add it to our state machine, then add the HTLC to our
htlcswitch: re-introduce dynamic commitment log tick timer This commit fixes a slight regression in the logic of the switch by ensuring that the log commitment timer is only start _after_ we receive a new commitment signature. Otherwise, the ticker will keep ticking and possibly settle HTLC’s that’ve yet to be locked in, or waste a signature causing us to be deprived of a revocation which is required for us to initiate a new state transition. Additionally, the commit performs a few minor post-merge clean ups.
2017-06-01 01:43:37 +02:00
// "settle" list in the event that we know the preimage.
htlcswitch: start using config in channel link Step №3 in making htlcManager (aka channelLink) testable: Apply the channel link config inside the channel link itself.
2017-05-03 23:03:47 +02:00
index, err := l.channel.ReceiveHTLC(msg)
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
if err != nil {
multi: update linter, fix new issues
2024-08-20 12:46:24 +02:00
l.failf(LinkFailureError{code: ErrInvalidUpdate},
htlcswitch/link: make fail() call OnChannelFailure with LinkFailureError Adds a new closure OnChannelFailure to the link config, which is called when the link fails. This function closure should use the given LinkFailureError to properly force close the channel, send an error to the peer, and disconnect the peer.
2018-05-09 15:49:58 +02:00
"unable to handle upstream add HTLC: %v", err)
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
return
}
htlcswitch: re-write channel connection re-establishment for correctness In this commit, we’ve re-written the process of syncing the state of channels after we reconnect. This re-write ensure correctness, and also simplified the existing logic which would attempt to launch another goroutine to handle requests from the switch to ensure that it doesn’t block. This is no longer necessary as the AddPacket method that the switch indirectly calls is non-blocking.
2017-11-10 23:57:59 +01:00
htlcswitch: log in lower case
2019-10-02 15:53:29 +02:00
l.log.Tracef("receive upstream htlc with payment hash(%x), "+
htlcswitch: implement full HTLC onion payload validation logic This commit puts a missing piece in place by properly parsing and validating the per hop payload received in incoming HTLC’s. When forwarding HTLC’s we ensure that the payload recovered is consistent with our current forwarding policy. Additionally, when we’re the “exit node” for a payment, then we ensure that the HTLC extended matches up with our expectation w.r.t the payment amount to be received.
2017-06-16 23:58:02 +02:00
"assigning index: %v", msg.PaymentHash[:], index)
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
multi: comprehensive typo fixes across all packages
2018-02-07 04:11:11 +01:00
case *lnwire.UpdateFulfillHTLC:
htlcswitch: start using config in channel link Step №3 in making htlcManager (aka channelLink) testable: Apply the channel link config inside the channel link itself.
2017-05-03 23:03:47 +02:00
pre := msg.PaymentPreimage
idx := msg.ID
htlcswitch: only pipeline settle if add is locked-in The counter-party shouldn't be doing this anyways as they would be giving away a preimage for free. Them doing this would bork their own channel due to open circuits not getting trimmed on startup. Removing this faulty behavior also makes it easier to reason about the circuit logic.
2022-02-09 18:02:13 +01:00
// Before we pipeline the settle, we'll check the set of active
// htlc's to see if the related UpdateAddHTLC has been fully
// locked-in.
var lockedin bool
htlcs := l.channel.ActiveHtlcs()
for _, add := range htlcs {
// The HTLC will be outgoing and match idx.
if !add.Incoming && add.HtlcIndex == idx {
lockedin = true
break
}
}
if !lockedin {
multi: update linter, fix new issues
2024-08-20 12:46:24 +02:00
l.failf(
htlcswitch: only pipeline settle if add is locked-in The counter-party shouldn't be doing this anyways as they would be giving away a preimage for free. Them doing this would bork their own channel due to open circuits not getting trimmed on startup. Removing this faulty behavior also makes it easier to reason about the circuit logic.
2022-02-09 18:02:13 +01:00
LinkFailureError{code: ErrInvalidUpdate},
"unable to handle upstream settle",
)
return
}
htlcswitch: start using config in channel link Step №3 in making htlcManager (aka channelLink) testable: Apply the channel link config inside the channel link itself.
2017-05-03 23:03:47 +02:00
if err := l.channel.ReceiveHTLCSettle(pre, idx); err != nil {
multi: update linter, fix new issues
2024-08-20 12:46:24 +02:00
l.failf(
htlcswitch/link: make fail() call OnChannelFailure with LinkFailureError Adds a new closure OnChannelFailure to the link config, which is called when the link fails. This function closure should use the given LinkFailureError to properly force close the channel, send an error to the peer, and disconnect the peer.
2018-05-09 15:49:58 +02:00
LinkFailureError{
htlcswitch: add new LinkFailureAction enum In this commit, we add a new LinkFailureAction enum to take over the old force close bool. Force closing isn't the only thing we might want to do when we decide to fail the link, so this is a prep refactoring for an upcoming change.
2023-05-20 02:16:25 +02:00
code: ErrInvalidUpdate,
FailureAction: LinkFailureForceClose,
htlcswitch/link: make fail() call OnChannelFailure with LinkFailureError Adds a new closure OnChannelFailure to the link config, which is called when the link fails. This function closure should use the given LinkFailureError to properly force close the channel, send an error to the peer, and disconnect the peer.
2018-05-09 15:49:58 +02:00
},
"unable to handle upstream settle HTLC: %v", err,
)
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
return
}
htlcswitch: pipeline settles to switch This commit makes the outgoing link pipeline the settle to the switch as soon as it receives it. Previously, it would wait for a revocation before sending it, which caused increased latency on payments as well as possibly never settling on the incoming link. A duplicate settle is still sent to the switch, but it is handled gracefully. A new AckEventTicker was added to the switch which acknowledges any pending settle / fail entries in an outgoing link's fwd pkgs in batch. This was needed in order to reduce the number of db txn's which would have been incurred by acking whenever we receive a duplicate settle without batching.
2019-05-30 18:26:24 +02:00
settlePacket := &htlcPacket{
outgoingChanID: l.ShortChanID(),
outgoingHTLCID: idx,
htlc: &lnwire.UpdateFulfillHTLC{
PaymentPreimage: pre,
},
}
htlcswitch: once we discover a pre-image, add it to the witness cache In this commit, we add some additional logic to the case when we receive a pre-image from an upstream peer. We’ll immediately add it to the witness cache, as an incoming HTLC might be waiting on-chain to fully resolve the HTLC with knowledge of the newly discovered pre-image.
2018-01-17 05:13:16 +01:00
htlcswitch/link: batch write to preimage cache This commit makes use of the batched AddWitness method of the WitnessCache, in order to avoid performing one write for each accepted preimage. Additionally, this fixes an existing hole in the consistency guarantees since the batched writes are now guaranteed to take place before accepting the next CommitSig. Previously, these writes were processed in an unsynchronized go routine that could be delayed arbitrarily long before being executed. With this change, the async_payments_benchmarks actually shows a slight improvement in performance, presumably because we no longer do an individual write per preimage, even though the execution is now explicitly in the critical path. There is likely also a marginal performance improvement from the reduction in goroutine overhead.
2019-02-20 02:06:15 +01:00
// Add the newly discovered preimage to our growing list of
// uncommitted preimage. These will be written to the witness
// cache just before accepting the next commitment signature
// from the remote peer.
l.uncommittedPreimages = append(l.uncommittedPreimages, pre)
htlcswitch+router: add onion error obfuscation Within the network, it's important that when an HTLC forwarding failure occurs, the recipient is notified in a timely manner in order to ensure that errors are graceful and not unknown. For that reason with accordance to BOLT №4 onion failure obfuscation have been added.
2017-06-29 15:40:45 +02:00
htlcswitch: pipeline settles to switch This commit makes the outgoing link pipeline the settle to the switch as soon as it receives it. Previously, it would wait for a revocation before sending it, which caused increased latency on payments as well as possibly never settling on the incoming link. A duplicate settle is still sent to the switch, but it is handled gracefully. A new AckEventTicker was added to the switch which acknowledges any pending settle / fail entries in an outgoing link's fwd pkgs in batch. This was needed in order to reduce the number of db txn's which would have been incurred by acking whenever we receive a duplicate settle without batching.
2019-05-30 18:26:24 +02:00
// Pipeline this settle, send it to the switch.
htlcswitch: add an always on mode to interceptable switch Co-authored-by: Juan Pablo Civile <elementohb@gmail.com>
2022-02-03 15:34:25 +01:00
go l.forwardBatch(false, settlePacket)
htlcswitch: pipeline settles to switch This commit makes the outgoing link pipeline the settle to the switch as soon as it receives it. Previously, it would wait for a revocation before sending it, which caused increased latency on payments as well as possibly never settling on the incoming link. A duplicate settle is still sent to the switch, but it is handled gracefully. A new AckEventTicker was added to the switch which acknowledges any pending settle / fail entries in an outgoing link's fwd pkgs in batch. This was needed in order to reduce the number of db txn's which would have been incurred by acking whenever we receive a duplicate settle without batching.
2019-05-30 18:26:24 +02:00
htlcswitch+router: add onion error obfuscation Within the network, it's important that when an HTLC forwarding failure occurs, the recipient is notified in a timely manner in order to ensure that errors are graceful and not unknown. For that reason with accordance to BOLT №4 onion failure obfuscation have been added.
2017-06-29 15:40:45 +02:00
case *lnwire.UpdateFailMalformedHTLC:
lnwire+htlcswitch: minor grammatical, formatting fixes after error PR
2017-07-15 05:08:29 +02:00
// Convert the failure type encoded within the HTLC fail
// message to the proper generic lnwire error code.
htlcswitch+router: add onion error obfuscation Within the network, it's important that when an HTLC forwarding failure occurs, the recipient is notified in a timely manner in order to ensure that errors are graceful and not unknown. For that reason with accordance to BOLT №4 onion failure obfuscation have been added.
2017-06-29 15:40:45 +02:00
var failure lnwire.FailureMessage
switch msg.FailureCode {
case lnwire.CodeInvalidOnionVersion:
failure = &lnwire.FailInvalidOnionVersion{
OnionSHA256: msg.ShaOnionBlob,
}
case lnwire.CodeInvalidOnionHmac:
failure = &lnwire.FailInvalidOnionHmac{
OnionSHA256: msg.ShaOnionBlob,
}
case lnwire.CodeInvalidOnionKey:
failure = &lnwire.FailInvalidOnionKey{
OnionSHA256: msg.ShaOnionBlob,
}
htlcswitch: handle malformed HTLC with invalid onion blinding code This commit adds handling for malformed HTLC errors related to blinded paths. We expect to receive these errors _within_ a blinded path, because all non-introduction nodes are instructed to return malformed errors for failures. Note that we may actually switch back to a malformed error later on if we too are a relaying node in the route, but we handle that case the incoming link.
2024-03-08 19:33:10 +01:00
// Handle malformed errors that are part of a blinded route.
// This case is slightly different, because we expect every
// relaying node in the blinded portion of the route to send
// malformed errors. If we're also a relaying node, we're
// likely going to switch this error out anyway for our own
// malformed error, but we handle the case here for
// completeness.
case lnwire.CodeInvalidBlinding:
failure = &lnwire.FailInvalidBlinding{
OnionSHA256: msg.ShaOnionBlob,
}
htlcswitch+router: add onion error obfuscation Within the network, it's important that when an HTLC forwarding failure occurs, the recipient is notified in a timely manner in order to ensure that errors are graceful and not unknown. For that reason with accordance to BOLT №4 onion failure obfuscation have been added.
2017-06-29 15:40:45 +02:00
default:
htlcswitch: log in lower case
2019-10-02 15:53:29 +02:00
l.log.Warnf("unexpected failure code received in "+
htlcswitch: always assume an onion error for malformed htlc failures Previously a temporary channel failure was returning for unexpected malformed htlc failures. This is not what we want to communicate to the sender, because the sender may apply a penalty to us only. Returning the temporary channel failure is especially problematic if we ourselves are the sender and the malformed htlc failure comes from our direct peer. When interpretating the failure, we aren't able to distinguish anymore between our channel not having enough balance and our peer sending an unexpected failure back.
2019-08-16 19:46:51 +02:00
"UpdateFailMailformedHTLC: %v", msg.FailureCode)
// We don't just pass back the error we received from
// our successor. Otherwise we might report a failure
// that penalizes us more than needed. If the onion that
// we forwarded was correct, the node should have been
// able to send back its own failure. The node did not
// send back its own failure, so we assume there was a
// problem with the onion and report that back. We reuse
// the invalid onion key failure because there is no
// specific error for this case.
failure = &lnwire.FailInvalidOnionKey{
OnionSHA256: msg.ShaOnionBlob,
}
htlcswitch+router: add onion error obfuscation Within the network, it's important that when an HTLC forwarding failure occurs, the recipient is notified in a timely manner in order to ensure that errors are graceful and not unknown. For that reason with accordance to BOLT №4 onion failure obfuscation have been added.
2017-06-29 15:40:45 +02:00
}
lnwire+htlcswitch: minor grammatical, formatting fixes after error PR
2017-07-15 05:08:29 +02:00
// With the error parsed, we'll convert the into it's opaque
// form.
htlcswitch+router: add onion error obfuscation Within the network, it's important that when an HTLC forwarding failure occurs, the recipient is notified in a timely manner in order to ensure that errors are graceful and not unknown. For that reason with accordance to BOLT №4 onion failure obfuscation have been added.
2017-06-29 15:40:45 +02:00
var b bytes.Buffer
if err := lnwire.EncodeFailure(&b, failure, 0); err != nil {
htlcswitch: use prefix logger in link
2019-10-01 11:06:56 +02:00
l.log.Errorf("unable to encode malformed error: %v", err)
htlcswitch+router: add onion error obfuscation Within the network, it's important that when an HTLC forwarding failure occurs, the recipient is notified in a timely manner in order to ensure that errors are graceful and not unknown. For that reason with accordance to BOLT №4 onion failure obfuscation have been added.
2017-06-29 15:40:45 +02:00
return
}
htlcswitch+channel: remove cancel reasons from channel link
2017-07-10 12:48:43 +02:00
// If remote side have been unable to parse the onion blob we
// have sent to it, than we should transform the malformed HTLC
// message to the usual HTLC fail message.
lnwallet: Change channel update methods to accept HTLC ID. Previously, some methods on a LightningChannel like SettleHTLC and FailHTLC would identify HTLCs by payment hash. This would not always work correctly if there are multiple HTLCs with the same payment hash, so instead we change these methods to identify HTLCs by their unique identifiers instead.
2017-10-24 09:48:52 +02:00
err := l.channel.ReceiveFailHTLC(msg.ID, b.Bytes())
htlcswitch+channel: remove cancel reasons from channel link
2017-07-10 12:48:43 +02:00
if err != nil {
multi: update linter, fix new issues
2024-08-20 12:46:24 +02:00
l.failf(LinkFailureError{code: ErrInvalidUpdate},
htlcswitch/link: make fail() call OnChannelFailure with LinkFailureError Adds a new closure OnChannelFailure to the link config, which is called when the link fails. This function closure should use the given LinkFailureError to properly force close the channel, send an error to the peer, and disconnect the peer.
2018-05-09 15:49:58 +02:00
"unable to handle upstream fail HTLC: %v", err)
htlcswitch+channel: remove cancel reasons from channel link
2017-07-10 12:48:43 +02:00
return
}
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
case *lnwire.UpdateFailHTLC:
link: ensure minimum failure reason length This commit modifies the link behavior so that every failure reason that we pass back is length-compliant (>=256 bytes).
2022-10-26 13:44:57 +02:00
// Verify that the failure reason is at least 256 bytes plus
// overhead.
const minimumFailReasonLength = lnwire.FailureMessageLength +
2 + 2 + 32
if len(msg.Reason) < minimumFailReasonLength {
// We've received a reason with a non-compliant length.
// Older nodes happily relay back these failures that
// may originate from a node further downstream.
// Therefore we can't just fail the channel.
//
// We want to be compliant ourselves, so we also can't
// pass back the reason unmodified. And we must make
// sure that we don't hit the magic length check of 260
// bytes in processRemoteSettleFails either.
//
// Because the reason is unreadable for the payer
// anyway, we just replace it by a compliant-length
// series of random bytes.
msg.Reason = make([]byte, minimumFailReasonLength)
_, err := crand.Read(msg.Reason[:])
if err != nil {
l.log.Errorf("Random generation error: %v", err)
return
}
}
// Add fail to the update log.
htlcswitch: start using config in channel link Step №3 in making htlcManager (aka channelLink) testable: Apply the channel link config inside the channel link itself.
2017-05-03 23:03:47 +02:00
idx := msg.ID
lnwallet: Change channel update methods to accept HTLC ID. Previously, some methods on a LightningChannel like SettleHTLC and FailHTLC would identify HTLCs by payment hash. This would not always work correctly if there are multiple HTLCs with the same payment hash, so instead we change these methods to identify HTLCs by their unique identifiers instead.
2017-10-24 09:48:52 +02:00
err := l.channel.ReceiveFailHTLC(idx, msg.Reason[:])
htlcswitch: use atomic integer to track link bandwidth internally This commit modifies the way the bandwidth of a given channel link is tracked, and reported externally. The prior approach pushed most of the logic for tracking channel bandwidth into the link itself, and relied on a report from the queue in order to determine the total available bandwidth. This approach at times could inadvertently introduce deadlocks when working on new features as since the query was handled internally, it required the link to be _active_ and non-blocked in order to respond to. We’ve now abandoned this approach in favor of lifting the bandwidth accounting to the highest possible abstraction layer within the link itself. We now maintain a availableBandwidth integer that’s used atomically within the link in response to: us adding+settling an HTLC, and the remote party failing one of our HTLC’s.
2017-09-25 21:31:52 +02:00
if err != nil {
multi: update linter, fix new issues
2024-08-20 12:46:24 +02:00
l.failf(LinkFailureError{code: ErrInvalidUpdate},
htlcswitch/link: make fail() call OnChannelFailure with LinkFailureError Adds a new closure OnChannelFailure to the link config, which is called when the link fails. This function closure should use the given LinkFailureError to properly force close the channel, send an error to the peer, and disconnect the peer.
2018-05-09 15:49:58 +02:00
"unable to handle upstream fail HTLC: %v", err)
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
return
}
case *lnwire.CommitSig:
htlcswitch/link: batch write to preimage cache This commit makes use of the batched AddWitness method of the WitnessCache, in order to avoid performing one write for each accepted preimage. Additionally, this fixes an existing hole in the consistency guarantees since the batched writes are now guaranteed to take place before accepting the next CommitSig. Previously, these writes were processed in an unsynchronized go routine that could be delayed arbitrarily long before being executed. With this change, the async_payments_benchmarks actually shows a slight improvement in performance, presumably because we no longer do an individual write per preimage, even though the execution is now explicitly in the critical path. There is likely also a marginal performance improvement from the reduction in goroutine overhead.
2019-02-20 02:06:15 +01:00
// Since we may have learned new preimages for the first time,
// we'll add them to our preimage cache. By doing this, we
// ensure any contested contracts watched by any on-chain
// arbitrators can now sweep this HTLC on-chain. We delay
// committing the preimages until just before accepting the new
// remote commitment, as afterwards the peer won't resend the
// Settle messages on the next channel reestablishment. Doing so
// allows us to more effectively batch this operation, instead
// of doing a single write per preimage.
err := l.cfg.PreimageCache.AddPreimages(
l.uncommittedPreimages...,
)
if err != nil {
multi: update linter, fix new issues
2024-08-20 12:46:24 +02:00
l.failf(
htlcswitch/link: batch write to preimage cache This commit makes use of the batched AddWitness method of the WitnessCache, in order to avoid performing one write for each accepted preimage. Additionally, this fixes an existing hole in the consistency guarantees since the batched writes are now guaranteed to take place before accepting the next CommitSig. Previously, these writes were processed in an unsynchronized go routine that could be delayed arbitrarily long before being executed. With this change, the async_payments_benchmarks actually shows a slight improvement in performance, presumably because we no longer do an individual write per preimage, even though the execution is now explicitly in the critical path. There is likely also a marginal performance improvement from the reduction in goroutine overhead.
2019-02-20 02:06:15 +01:00
LinkFailureError{code: ErrInternalError},
"unable to add preimages=%v to cache: %v",
l.uncommittedPreimages, err,
)
return
}
// Instead of truncating the slice to conserve memory
// allocations, we simply set the uncommitted preimage slice to
// nil so that a new one will be initialized if any more
htlcswitch: relax final onion packet check The spec allows the final HTLC value and CLTV expiry to exceed the value and expiry specified in the payload of the last hop of the onion packet. We were over-restricting it to require that it matches exactly.
2023-06-14 22:02:34 +02:00
// witnesses are discovered. We do this because the maximum size
// that the slice can occupy is 15KB, and we want to ensure we
// release that memory back to the runtime.
htlcswitch/link: batch write to preimage cache This commit makes use of the batched AddWitness method of the WitnessCache, in order to avoid performing one write for each accepted preimage. Additionally, this fixes an existing hole in the consistency guarantees since the batched writes are now guaranteed to take place before accepting the next CommitSig. Previously, these writes were processed in an unsynchronized go routine that could be delayed arbitrarily long before being executed. With this change, the async_payments_benchmarks actually shows a slight improvement in performance, presumably because we no longer do an individual write per preimage, even though the execution is now explicitly in the critical path. There is likely also a marginal performance improvement from the reduction in goroutine overhead.
2019-02-20 02:06:15 +01:00
l.uncommittedPreimages = nil
htlcswitch: if we detect an InvalidCommitSigError, send over detailed error In this commit, we add an additional case when handling a failed commitment signature. If we detect that it’s a InvalidCommitSigError, then we’ll send over an lnwire.Error message with the full details. We don’t yet properly dispatch this error on the reciting side, but that will be done in a follow up a commit.
2018-01-09 03:56:52 +01:00
// We just received a new updates to our local commitment
// chain, validate this new commitment, closing the link if
// invalid.
multi: obtain+verify aux sigs for all second level HTLCs In this commit, we start to use the new AuxSigner to obtain+verify aux sigs for all second level HTLCs. This is similar to the existing SigPool, but we'll only attempt to do this if the AuxSigner is present (won't be for most channels).
2024-04-09 04:48:36 +02:00
auxSigBlob, err := msg.CustomRecords.Serialize()
if err != nil {
l.failf(
LinkFailureError{code: ErrInvalidCommitment},
"unable to serialize custom records: %v", err,
)
return
}
lnwallet+htlcswitch: add NewCommitState struct, modify send/recv sig to accept In this commit, we add a new NewCommitState struct. This preps us for the future change wherein a partial signature is also added to the mix. All related tests and type signatures have also been updated accordingly.
2023-01-20 03:27:07 +01:00
err = l.channel.ReceiveNewCommitment(&lnwallet.CommitSigs{
htlcswitch: add awareness of new partial sig fields and musig2 nonces
2023-01-20 05:30:10 +01:00
CommitSig: msg.CommitSig,
HtlcSigs: msg.HtlcSigs,
PartialSig: msg.PartialSig,
multi: obtain+verify aux sigs for all second level HTLCs In this commit, we start to use the new AuxSigner to obtain+verify aux sigs for all second level HTLCs. This is similar to the existing SigPool, but we'll only attempt to do this if the AuxSigner is present (won't be for most channels).
2024-04-09 04:48:36 +02:00
AuxSigBlob: auxSigBlob,
lnwallet+htlcswitch: add NewCommitState struct, modify send/recv sig to accept In this commit, we add a new NewCommitState struct. This preps us for the future change wherein a partial signature is also added to the mix. All related tests and type signatures have also been updated accordingly.
2023-01-20 03:27:07 +01:00
})
htlcswitch: modify channelLink to use new create+verify commitment API
2017-07-30 23:08:25 +02:00
if err != nil {
htlcswitch: if we detect an InvalidCommitSigError, send over detailed error In this commit, we add an additional case when handling a failed commitment signature. If we detect that it’s a InvalidCommitSigError, then we’ll send over an lnwire.Error message with the full details. We don’t yet properly dispatch this error on the reciting side, but that will be done in a follow up a commit.
2018-01-09 03:56:52 +01:00
// If we were unable to reconstruct their proposed
// commitment, then we'll examine the type of error. If
// it's an InvalidCommitSigError, then we'll send a
// direct error.
htlcswitch/link: make fail() call OnChannelFailure with LinkFailureError Adds a new closure OnChannelFailure to the link config, which is called when the link fails. This function closure should use the given LinkFailureError to properly force close the channel, send an error to the peer, and disconnect the peer.
2018-05-09 15:49:58 +02:00
var sendData []byte
htlcswitch: send a direct Error if we get a known channel error on validate commit
2018-04-05 02:41:40 +02:00
switch err.(type) {
case *lnwallet.InvalidCommitSigError:
htlcswitch/link: make fail() call OnChannelFailure with LinkFailureError Adds a new closure OnChannelFailure to the link config, which is called when the link fails. This function closure should use the given LinkFailureError to properly force close the channel, send an error to the peer, and disconnect the peer.
2018-05-09 15:49:58 +02:00
sendData = []byte(err.Error())
htlcswitch: send a direct Error if we get a known channel error on validate commit
2018-04-05 02:41:40 +02:00
case *lnwallet.InvalidHtlcSigError:
htlcswitch/link: make fail() call OnChannelFailure with LinkFailureError Adds a new closure OnChannelFailure to the link config, which is called when the link fails. This function closure should use the given LinkFailureError to properly force close the channel, send an error to the peer, and disconnect the peer.
2018-05-09 15:49:58 +02:00
sendData = []byte(err.Error())
htlcswitch: if we detect an InvalidCommitSigError, send over detailed error In this commit, we add an additional case when handling a failed commitment signature. If we detect that it’s a InvalidCommitSigError, then we’ll send over an lnwire.Error message with the full details. We don’t yet properly dispatch this error on the reciting side, but that will be done in a follow up a commit.
2018-01-09 03:56:52 +01:00
}
multi: update linter, fix new issues
2024-08-20 12:46:24 +02:00
l.failf(
htlcswitch/link: make fail() call OnChannelFailure with LinkFailureError Adds a new closure OnChannelFailure to the link config, which is called when the link fails. This function closure should use the given LinkFailureError to properly force close the channel, send an error to the peer, and disconnect the peer.
2018-05-09 15:49:58 +02:00
LinkFailureError{
htlcswitch: add new LinkFailureAction enum In this commit, we add a new LinkFailureAction enum to take over the old force close bool. Force closing isn't the only thing we might want to do when we decide to fail the link, so this is a prep refactoring for an upcoming change.
2023-05-20 02:16:25 +02:00
code: ErrInvalidCommitment,
FailureAction: LinkFailureForceClose,
SendData: sendData,
htlcswitch/link: make fail() call OnChannelFailure with LinkFailureError Adds a new closure OnChannelFailure to the link config, which is called when the link fails. This function closure should use the given LinkFailureError to properly force close the channel, send an error to the peer, and disconnect the peer.
2018-05-09 15:49:58 +02:00
},
"ChannelPoint(%v): unable to accept new "+
"commitment: %v",
l.channel.ChannelPoint(), err,
)
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
return
}
multi: fix typos in comments
2018-04-18 04:03:27 +02:00
// As we've just accepted a new state, we'll now
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
// immediately send the remote peer a revocation for our prior
// state.
htlcswitch: add final htlc event to notifier
2022-08-29 13:28:17 +02:00
nextRevocation, currentHtlcs, finalHTLCs, err :=
htlcswitch: keep final htlc outcome
2022-05-10 12:33:44 +02:00
l.channel.RevokeCurrentCommitment()
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
if err != nil {
htlcswitch: use prefix logger for remaining log statements in link
2019-10-01 11:16:24 +02:00
l.log.Errorf("unable to revoke commitment: %v", err)
multi: ensure link is always torn down due to db failures, add exponential back off for sql-kvdb failures (#7927) * lnwallet: fix log output msg The log message is off by one. * htlcswitch: fail channel when revoking it fails. When the revocation of a channel state fails after receiving a new CommitmentSigned msg we have to fail the channel otherwise we continue with an unclean state. * docs: update release-docs * htlcswitch: tear down connection if revocation processing fails If we couldn't revoke due to a DB error, then we want to also tear down the connection, as we don't want the other party to continue to send updates. That may lead to de-sync'd state an eventual force close. Otherwise, the database might be able to recover come the next reconnection attempt. * kvdb: use sql.LevelSerializable for all backends In this commit, we modify the default isolation level to be `sql.LevelSerializable. This is the strictness isolation type for postgres. For sqlite, there's only ever a single writer, so this doesn't apply directly. * kvdb/sqlbase: add randomized exponential backoff for serialization failures In this commit, we add randomized exponential backoff for serialization failures. For postgres, we''ll his this any time a transaction set fails to be linearized. For sqlite, we'll his this if we have many writers trying to grab the write lock at time same time, manifesting as a `SQLITE_BUSY` error code. As is, we'll retry up to 10 times, waiting a minimum of 50 miliseconds between each attempt, up to 5 seconds without any delay at all. For sqlite, this is also bounded by the busy timeout set, which applies on top of this retry logic (block for busy timeout seconds, then apply this back off logic). * docs/release-notes: add entry for sqlite/postgres tx retry --------- Co-authored-by: ziggie <ziggie1984@protonmail.com>
2023-08-31 01:48:00 +02:00
// We need to fail the channel in case revoking our
// local commitment does not succeed. We might have
// already advanced our channel state which would lead
// us to proceed with an unclean state.
//
// NOTE: We do not trigger a force close because this
// could resolve itself in case our db was just busy
// not accepting new transactions.
multi: update linter, fix new issues
2024-08-20 12:46:24 +02:00
l.failf(
multi: ensure link is always torn down due to db failures, add exponential back off for sql-kvdb failures (#7927) * lnwallet: fix log output msg The log message is off by one. * htlcswitch: fail channel when revoking it fails. When the revocation of a channel state fails after receiving a new CommitmentSigned msg we have to fail the channel otherwise we continue with an unclean state. * docs: update release-docs * htlcswitch: tear down connection if revocation processing fails If we couldn't revoke due to a DB error, then we want to also tear down the connection, as we don't want the other party to continue to send updates. That may lead to de-sync'd state an eventual force close. Otherwise, the database might be able to recover come the next reconnection attempt. * kvdb: use sql.LevelSerializable for all backends In this commit, we modify the default isolation level to be `sql.LevelSerializable. This is the strictness isolation type for postgres. For sqlite, there's only ever a single writer, so this doesn't apply directly. * kvdb/sqlbase: add randomized exponential backoff for serialization failures In this commit, we add randomized exponential backoff for serialization failures. For postgres, we''ll his this any time a transaction set fails to be linearized. For sqlite, we'll his this if we have many writers trying to grab the write lock at time same time, manifesting as a `SQLITE_BUSY` error code. As is, we'll retry up to 10 times, waiting a minimum of 50 miliseconds between each attempt, up to 5 seconds without any delay at all. For sqlite, this is also bounded by the busy timeout set, which applies on top of this retry logic (block for busy timeout seconds, then apply this back off logic). * docs/release-notes: add entry for sqlite/postgres tx retry --------- Co-authored-by: ziggie <ziggie1984@protonmail.com>
2023-08-31 01:48:00 +02:00
LinkFailureError{
code: ErrInternalError,
Warning: true,
FailureAction: LinkFailureDisconnect,
},
"ChannelPoint(%v): unable to accept new "+
"commitment: %v",
l.channel.ChannelPoint(), err,
)
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
return
}
htlcswitch: implement flush and commit lifecycle hooks for channelLink
2023-11-28 05:26:21 +01:00
// As soon as we are ready to send our next revocation, we can
// invoke the incoming commit hooks.
l.RWMutex.Lock()
l.incomingCommitHooks.invoke()
l.RWMutex.Unlock()
htlcswitch/link: upgrade to use lnpeer.Peer.SendMessage
2018-06-08 05:17:15 +02:00
l.cfg.Peer.SendMessage(false, nextRevocation)
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
htlcswitch: add final htlc event to notifier
2022-08-29 13:28:17 +02:00
// Notify the incoming htlcs of which the resolutions were
// locked in.
for id, settled := range finalHTLCs {
l.cfg.HtlcNotifier.NotifyFinalHtlcEvent(
multi: create channeldb/models package Add a new subpackage to `lnd/channeldb` to hold some of the types that are used in the package itself and in other packages that should not depend on `channeldb`.
2022-11-18 12:15:22 +01:00
models.CircuitKey{
htlcswitch: remove redundant field from channelLink
2024-02-23 01:17:09 +01:00
ChanID: l.ShortChanID(),
htlcswitch: add final htlc event to notifier
2022-08-29 13:28:17 +02:00
HtlcID: id,
},
channeldb.FinalHtlcInfo{
Settled: settled,
Offchain: true,
},
)
}
htlcswitch: after each new state update, notify callers to set of new HTLC's
2018-01-17 05:15:08 +01:00
// Since we just revoked our commitment, we may have a new set
multi: reliable hand-off from htlcswitch to contractcourt This is achieved by changing the 1-way handoff to a 2-way handoff with a done channel.
2022-01-04 22:21:36 +01:00
// of HTLC's on our commitment, so we'll send them using our
// function closure NotifyContractUpdate.
newUpdate := &contractcourt.ContractUpdate{
multi: address lingering TODO by no longer wiping out local HTLCs on remote close In this commit, we fix a lingering TOOD statement in the channel arb. Before this commitment, we would simply wipe our our local HTLC set of the HTLC set that was on the remote commitment transaction on force close. This was incorrect as if our commitment transaction had an HTLC that the remote commitment didn't, then we would fail to cancel that back, and cause both channels to time out on chain. In order to remedy this, we introduce a new `HtlcSetKey` struct to track all 3 possible in-flight set of HTLCs: ours, theirs, and their pending. We also we start to tack on additional data to all the unilateral close messages we send to subscribers. This new data is the CommitSet, or the set of valid commitments at channel closure time. This new information will be used by the channel arb in an upcoming commit to ensure it will cancel back HTLCs in the case of split commitment state. Finally, we start to thread through an optional *CommitSet to the advanceState method. This additional information will give the channel arb addition information it needs to ensure it properly cancels back HTLCs that are about to time out or may time out depending on which commitment is played. Within the htlcswitch pakage, we modify the `SignNextCommitment` method to return the new set of pending HTLCs for the remote party's commitment transaction and `ReceiveRevocation` to return the latest set of commitment transactions on the remote party's commitment as well. This is a preparatory change which is part of a larger change to address a lingering TODO in the cnct. Additionally, rather than just send of the set of HTLCs after the we revoke, we'll also send of the set of HTLCs after the remote party revokes, and we create a pending commitment state for it.
2019-05-17 02:23:26 +02:00
HtlcKey: contractcourt.LocalHtlcSet,
Htlcs: currentHtlcs,
multi: reliable hand-off from htlcswitch to contractcourt This is achieved by changing the 1-way handoff to a 2-way handoff with a done channel.
2022-01-04 22:21:36 +01:00
}
err = l.cfg.NotifyContractUpdate(newUpdate)
if err != nil {
l.log.Errorf("unable to notify contract update: %v",
err)
return
}
select {
multi: link quit can interrupt commitment signing In this commit, we make sig job handling when singing a next commitment non-blocking by allowing the shutdown of a channel link to prevent further waiting on sig jobs by the channel state machine. This addresses possible cases where the aux signer may be shut down via a separate quit signal, so the state machine could block indefinitely on receiving an update on a sig job.
2024-10-17 13:38:34 +02:00
case <-l.Quit:
htlcswitch: after each new state update, notify callers to set of new HTLC's
2018-01-17 05:15:08 +01:00
return
multi: reliable hand-off from htlcswitch to contractcourt This is achieved by changing the 1-way handoff to a 2-way handoff with a done channel.
2022-01-04 22:21:36 +01:00
default:
htlcswitch: after each new state update, notify callers to set of new HTLC's
2018-01-17 05:15:08 +01:00
}
htlcswitch: implement flush and commit lifecycle hooks for channelLink
2023-11-28 05:26:21 +01:00
// If the remote party initiated the state transition,
// we'll reply with a signature to provide them with their
// version of the latest commitment. Otherwise, both commitment
// chains are fully synced from our PoV, then we don't need to
// reply with a signature as both sides already have a
// commitment with the latest accepted.
if l.channel.OweCommitment() {
if !l.updateCommitTxOrFail() {
return
}
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
}
htlcswitch: implement flush and commit lifecycle hooks for channelLink
2023-11-28 05:26:21 +01:00
// Now that we have finished processing the incoming CommitSig
// and sent out our RevokeAndAck, we invoke the flushHooks if
// the channel state is clean.
l.RWMutex.Lock()
if l.channel.IsChannelClean() {
l.flushHooks.invoke()
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
}
htlcswitch: implement flush and commit lifecycle hooks for channelLink
2023-11-28 05:26:21 +01:00
l.RWMutex.Unlock()
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
case *lnwire.RevokeAndAck:
// We've received a revocation from the remote chain, if valid,
// this moves the remote chain forward, and expands our
// revocation window.
multi: use new revocation log when creating breach retribution This commit changes the `NewBreachRetribution` to use the new revocation log format, while maintaining the compatibilty to use an older revocation log format. Unit tests have been added to make sure a breach retribution can be created in both log formats. This also means the watch tower needs to pass the relevant commit tx at its backup height when creating the breach retribution during backing up. This is achieved by recording the current remote commitment state before advancing the remote commitment chain.
2022-04-13 16:33:07 +02:00
// We now process the message and advance our remote commit
// chain.
htlcswitch+lnwallet: remove PaymentDescriptor from ReceiveRevocation returns This is part of a systematic removal of PaymentDescriptor from the public API of the lnwallet package. This marks the last change needed before we make the PaymentDescriptor structure private.
2024-08-16 23:35:49 +02:00
fwdPkg, remoteHTLCs, err := l.channel.ReceiveRevocation(msg)
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
if err != nil {
htlcswitch/link: make fail() call OnChannelFailure with LinkFailureError Adds a new closure OnChannelFailure to the link config, which is called when the link fails. This function closure should use the given LinkFailureError to properly force close the channel, send an error to the peer, and disconnect the peer.
2018-05-09 15:49:58 +02:00
// TODO(halseth): force close?
multi: update linter, fix new issues
2024-08-20 12:46:24 +02:00
l.failf(
multi: ensure link is always torn down due to db failures, add exponential back off for sql-kvdb failures (#7927) * lnwallet: fix log output msg The log message is off by one. * htlcswitch: fail channel when revoking it fails. When the revocation of a channel state fails after receiving a new CommitmentSigned msg we have to fail the channel otherwise we continue with an unclean state. * docs: update release-docs * htlcswitch: tear down connection if revocation processing fails If we couldn't revoke due to a DB error, then we want to also tear down the connection, as we don't want the other party to continue to send updates. That may lead to de-sync'd state an eventual force close. Otherwise, the database might be able to recover come the next reconnection attempt. * kvdb: use sql.LevelSerializable for all backends In this commit, we modify the default isolation level to be `sql.LevelSerializable. This is the strictness isolation type for postgres. For sqlite, there's only ever a single writer, so this doesn't apply directly. * kvdb/sqlbase: add randomized exponential backoff for serialization failures In this commit, we add randomized exponential backoff for serialization failures. For postgres, we''ll his this any time a transaction set fails to be linearized. For sqlite, we'll his this if we have many writers trying to grab the write lock at time same time, manifesting as a `SQLITE_BUSY` error code. As is, we'll retry up to 10 times, waiting a minimum of 50 miliseconds between each attempt, up to 5 seconds without any delay at all. For sqlite, this is also bounded by the busy timeout set, which applies on top of this retry logic (block for busy timeout seconds, then apply this back off logic). * docs/release-notes: add entry for sqlite/postgres tx retry --------- Co-authored-by: ziggie <ziggie1984@protonmail.com>
2023-08-31 01:48:00 +02:00
LinkFailureError{
code: ErrInvalidRevocation,
FailureAction: LinkFailureDisconnect,
},
"unable to accept revocation: %v", err,
)
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
return
}
multi: address lingering TODO by no longer wiping out local HTLCs on remote close In this commit, we fix a lingering TOOD statement in the channel arb. Before this commitment, we would simply wipe our our local HTLC set of the HTLC set that was on the remote commitment transaction on force close. This was incorrect as if our commitment transaction had an HTLC that the remote commitment didn't, then we would fail to cancel that back, and cause both channels to time out on chain. In order to remedy this, we introduce a new `HtlcSetKey` struct to track all 3 possible in-flight set of HTLCs: ours, theirs, and their pending. We also we start to tack on additional data to all the unilateral close messages we send to subscribers. This new data is the CommitSet, or the set of valid commitments at channel closure time. This new information will be used by the channel arb in an upcoming commit to ensure it will cancel back HTLCs in the case of split commitment state. Finally, we start to thread through an optional *CommitSet to the advanceState method. This additional information will give the channel arb addition information it needs to ensure it properly cancels back HTLCs that are about to time out or may time out depending on which commitment is played. Within the htlcswitch pakage, we modify the `SignNextCommitment` method to return the new set of pending HTLCs for the remote party's commitment transaction and `ReceiveRevocation` to return the latest set of commitment transactions on the remote party's commitment as well. This is a preparatory change which is part of a larger change to address a lingering TODO in the cnct. Additionally, rather than just send of the set of HTLCs after the we revoke, we'll also send of the set of HTLCs after the remote party revokes, and we create a pending commitment state for it.
2019-05-17 02:23:26 +02:00
// The remote party now has a new primary commitment, so we'll
// update the contract court to be aware of this new set (the
// prior old remote pending).
multi: reliable hand-off from htlcswitch to contractcourt This is achieved by changing the 1-way handoff to a 2-way handoff with a done channel.
2022-01-04 22:21:36 +01:00
newUpdate := &contractcourt.ContractUpdate{
multi: address lingering TODO by no longer wiping out local HTLCs on remote close In this commit, we fix a lingering TOOD statement in the channel arb. Before this commitment, we would simply wipe our our local HTLC set of the HTLC set that was on the remote commitment transaction on force close. This was incorrect as if our commitment transaction had an HTLC that the remote commitment didn't, then we would fail to cancel that back, and cause both channels to time out on chain. In order to remedy this, we introduce a new `HtlcSetKey` struct to track all 3 possible in-flight set of HTLCs: ours, theirs, and their pending. We also we start to tack on additional data to all the unilateral close messages we send to subscribers. This new data is the CommitSet, or the set of valid commitments at channel closure time. This new information will be used by the channel arb in an upcoming commit to ensure it will cancel back HTLCs in the case of split commitment state. Finally, we start to thread through an optional *CommitSet to the advanceState method. This additional information will give the channel arb addition information it needs to ensure it properly cancels back HTLCs that are about to time out or may time out depending on which commitment is played. Within the htlcswitch pakage, we modify the `SignNextCommitment` method to return the new set of pending HTLCs for the remote party's commitment transaction and `ReceiveRevocation` to return the latest set of commitment transactions on the remote party's commitment as well. This is a preparatory change which is part of a larger change to address a lingering TODO in the cnct. Additionally, rather than just send of the set of HTLCs after the we revoke, we'll also send of the set of HTLCs after the remote party revokes, and we create a pending commitment state for it.
2019-05-17 02:23:26 +02:00
HtlcKey: contractcourt.RemoteHtlcSet,
Htlcs: remoteHTLCs,
multi: reliable hand-off from htlcswitch to contractcourt This is achieved by changing the 1-way handoff to a 2-way handoff with a done channel.
2022-01-04 22:21:36 +01:00
}
err = l.cfg.NotifyContractUpdate(newUpdate)
if err != nil {
l.log.Errorf("unable to notify contract update: %v",
err)
return
}
select {
multi: link quit can interrupt commitment signing In this commit, we make sig job handling when singing a next commitment non-blocking by allowing the shutdown of a channel link to prevent further waiting on sig jobs by the channel state machine. This addresses possible cases where the aux signer may be shut down via a separate quit signal, so the state machine could block indefinitely on receiving an update on a sig job.
2024-10-17 13:38:34 +02:00
case <-l.Quit:
multi: address lingering TODO by no longer wiping out local HTLCs on remote close In this commit, we fix a lingering TOOD statement in the channel arb. Before this commitment, we would simply wipe our our local HTLC set of the HTLC set that was on the remote commitment transaction on force close. This was incorrect as if our commitment transaction had an HTLC that the remote commitment didn't, then we would fail to cancel that back, and cause both channels to time out on chain. In order to remedy this, we introduce a new `HtlcSetKey` struct to track all 3 possible in-flight set of HTLCs: ours, theirs, and their pending. We also we start to tack on additional data to all the unilateral close messages we send to subscribers. This new data is the CommitSet, or the set of valid commitments at channel closure time. This new information will be used by the channel arb in an upcoming commit to ensure it will cancel back HTLCs in the case of split commitment state. Finally, we start to thread through an optional *CommitSet to the advanceState method. This additional information will give the channel arb addition information it needs to ensure it properly cancels back HTLCs that are about to time out or may time out depending on which commitment is played. Within the htlcswitch pakage, we modify the `SignNextCommitment` method to return the new set of pending HTLCs for the remote party's commitment transaction and `ReceiveRevocation` to return the latest set of commitment transactions on the remote party's commitment as well. This is a preparatory change which is part of a larger change to address a lingering TODO in the cnct. Additionally, rather than just send of the set of HTLCs after the we revoke, we'll also send of the set of HTLCs after the remote party revokes, and we create a pending commitment state for it.
2019-05-17 02:23:26 +02:00
return
multi: reliable hand-off from htlcswitch to contractcourt This is achieved by changing the 1-way handoff to a 2-way handoff with a done channel.
2022-01-04 22:21:36 +01:00
default:
multi: address lingering TODO by no longer wiping out local HTLCs on remote close In this commit, we fix a lingering TOOD statement in the channel arb. Before this commitment, we would simply wipe our our local HTLC set of the HTLC set that was on the remote commitment transaction on force close. This was incorrect as if our commitment transaction had an HTLC that the remote commitment didn't, then we would fail to cancel that back, and cause both channels to time out on chain. In order to remedy this, we introduce a new `HtlcSetKey` struct to track all 3 possible in-flight set of HTLCs: ours, theirs, and their pending. We also we start to tack on additional data to all the unilateral close messages we send to subscribers. This new data is the CommitSet, or the set of valid commitments at channel closure time. This new information will be used by the channel arb in an upcoming commit to ensure it will cancel back HTLCs in the case of split commitment state. Finally, we start to thread through an optional *CommitSet to the advanceState method. This additional information will give the channel arb addition information it needs to ensure it properly cancels back HTLCs that are about to time out or may time out depending on which commitment is played. Within the htlcswitch pakage, we modify the `SignNextCommitment` method to return the new set of pending HTLCs for the remote party's commitment transaction and `ReceiveRevocation` to return the latest set of commitment transactions on the remote party's commitment as well. This is a preparatory change which is part of a larger change to address a lingering TODO in the cnct. Additionally, rather than just send of the set of HTLCs after the we revoke, we'll also send of the set of HTLCs after the remote party revokes, and we create a pending commitment state for it.
2019-05-17 02:23:26 +02:00
}
link+peer: thread anchor tower client to link
2020-11-26 00:06:46 +01:00
// If we have a tower client for this channel type, we'll
multi: use new revocation log when creating breach retribution This commit changes the `NewBreachRetribution` to use the new revocation log format, while maintaining the compatibilty to use an older revocation log format. Unit tests have been added to make sure a breach retribution can be created in both log formats. This also means the watch tower needs to pass the relevant commit tx at its backup height when creating the breach retribution during backing up. This is achieved by recording the current remote commitment state before advancing the remote commitment chain.
2022-04-13 16:33:07 +02:00
// create a backup for the current state.
link+peer: thread anchor tower client to link
2020-11-26 00:06:46 +01:00
if l.cfg.TowerClient != nil {
state := l.channel.State()
htlcswitch/link: backup revoked states to watchtower
2019-06-14 02:28:14 +02:00
chanID := l.ChanID()
multi: build retribution info in TowerClient Since the TowerClient now has a callback that it can use to retrieve the retribution for a certain channel and commit height, let it use this call back instead of requiring the info to be passed to it through BackupState.
2023-02-02 10:40:33 +01:00
watchtower+htlcswitch: update client tower logic to recognize safu commitments In this commit, we update the tower+link logic to tag a commitment as the new (tweakless) format if it applies. In order to do this, the BackupTask method has gained an additional parameter to indicate the type of commitment that we're attempting to upload. This new tweakless bool is then threaded through all the way to back up task creation to ensure that we make the proper input.Input. Finally, we've added a new test case for each existing test case to test each case w/ and w/o the tweakless modifier.
2019-08-08 04:49:59 +02:00
err = l.cfg.TowerClient.BackupState(
multi: build retribution info in TowerClient Since the TowerClient now has a callback that it can use to retrieve the retribution for a certain channel and commit height, let it use this call back instead of requiring the info to be passed to it through BackupState.
2023-02-02 10:40:33 +01:00
&chanID, state.RemoteCommitment.CommitHeight-1,
watchtower+htlcswitch: update client tower logic to recognize safu commitments In this commit, we update the tower+link logic to tag a commitment as the new (tweakless) format if it applies. In order to do this, the BackupTask method has gained an additional parameter to indicate the type of commitment that we're attempting to upload. This new tweakless bool is then threaded through all the way to back up task creation to ensure that we make the proper input.Input. Finally, we've added a new test case for each existing test case to test each case w/ and w/o the tweakless modifier.
2019-08-08 04:49:59 +02:00
)
htlcswitch/link: backup revoked states to watchtower
2019-06-14 02:28:14 +02:00
if err != nil {
multi: update linter, fix new issues
2024-08-20 12:46:24 +02:00
l.failf(LinkFailureError{
code: ErrInternalError,
}, "unable to queue breach backup: %v", err)
htlcswitch/link: backup revoked states to watchtower
2019-06-14 02:28:14 +02:00
return
}
}
htlcswitch: remove PaymentDescriptor from processRemoteSettleFails call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:28:44 +02:00
l.processRemoteSettleFails(fwdPkg)
htlcswitch: remove PaymentDescriptor from processRemoteAdds call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:19:36 +02:00
l.processRemoteAdds(fwdPkg)
htlcswitch/link: add failed variable to ensure exit
2018-05-23 15:14:46 +02:00
// If the link failed during processing the adds, we must
// return to ensure we won't attempted to update the state
// further.
if l.failed {
return
}
htlcswitch: remove logCommitTick Replace logCommitTick as a way to deal with revocation window exhaustion by retrying to update the commit tx when the remote revocation is received. The rationale is that the revocation window always opens up because of a revoke message that is received from the other party. It is therefore not necessary to set a timer for this. The reception of the revoke message is the trigger to send a new commit sig if necessary.
2019-04-10 16:05:09 +02:00
// The revocation window opened up. If there are pending local
// updates, try to update the commit tx. Pending updates could
// already have been present because of a previously failed
// update to the commit tx or freshly added in by
// processRemoteAdds. Also in case there are no local updates,
// but there are still remote updates that are not in the remote
// commit tx yet, send out an update.
lnwallet+htlcswitch: remove the redundant param in OweCommitment This commit removes the bool param found in OweCommitment, which we only ever use `true`.
2022-03-19 17:59:19 +01:00
if l.channel.OweCommitment() {
htlcswitch: extract updateCommitTxOrFail in link Deduplicate code and prepare for further split of handleDownstreamPkt.
2020-05-13 15:22:56 +02:00
if !l.updateCommitTxOrFail() {
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
return
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
}
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
}
not finished index persistence
2017-08-15 19:09:16 +02:00
htlcswitch: implement flush and commit lifecycle hooks for channelLink
2023-11-28 05:26:21 +01:00
// Now that we have finished processing the RevokeAndAck, we
// can invoke the flushHooks if the channel state is clean.
l.RWMutex.Lock()
if l.channel.IsChannelClean() {
l.flushHooks.invoke()
}
l.RWMutex.Unlock()
htlcswitch: handle update_fee message received from peer. This commit makes the channellink update a channel's fee if an update_fee message is received from the peer.
2017-07-14 20:40:42 +02:00
case *lnwire.UpdateFee:
htlcswitch+lnwallet: calculate fee exposure as commit fees + dust This commit expands the definition of the dust limit to take into account commitment fees as well as dust HTLCs. The dust limit is now known as a fee exposure threshold. Dust HTLCs are fees anyways so it makes sense to account for commitment fees as well. The link has been modified slightly to calculate dust. In the future, the switch dust calculations can be removed.
2024-06-03 18:43:33 +02:00
// Check and see if their proposed fee-rate would make us
// exceed the fee threshold.
fee := chainfee.SatPerKWeight(msg.FeePerKw)
isDust, err := l.exceedsFeeExposureLimit(fee)
if err != nil {
// This shouldn't typically happen. If it does, it
// indicates something is wrong with our channel state.
l.log.Errorf("Unable to determine if fee threshold " +
"exceeded")
multi: update linter, fix new issues
2024-08-20 12:46:24 +02:00
l.failf(LinkFailureError{code: ErrInternalError},
htlcswitch+lnwallet: calculate fee exposure as commit fees + dust This commit expands the definition of the dust limit to take into account commitment fees as well as dust HTLCs. The dust limit is now known as a fee exposure threshold. Dust HTLCs are fees anyways so it makes sense to account for commitment fees as well. The link has been modified slightly to calculate dust. In the future, the switch dust calculations can be removed.
2024-06-03 18:43:33 +02:00
"error calculating fee exposure: %v", err)
return
}
if isDust {
// The proposed fee-rate makes us exceed the fee
// threshold.
multi: update linter, fix new issues
2024-08-20 12:46:24 +02:00
l.failf(LinkFailureError{code: ErrInternalError},
htlcswitch+lnwallet: calculate fee exposure as commit fees + dust This commit expands the definition of the dust limit to take into account commitment fees as well as dust HTLCs. The dust limit is now known as a fee exposure threshold. Dust HTLCs are fees anyways so it makes sense to account for commitment fees as well. The link has been modified slightly to calculate dust. In the future, the switch dust calculations can be removed.
2024-06-03 18:43:33 +02:00
"fee threshold exceeded: %v", err)
return
}
htlcswitch: re-write channel connection re-establishment for correctness In this commit, we’ve re-written the process of syncing the state of channels after we reconnect. This re-write ensure correctness, and also simplified the existing logic which would attempt to launch another goroutine to handle requests from the switch to ensure that it doesn’t block. This is no longer necessary as the AddPacket method that the switch indirectly calls is non-blocking.
2017-11-10 23:57:59 +01:00
// We received fee update from peer. If we are the initiator we
htlcswitch: reject HTLC's which expire too soon This commit implements a missing policy within the current ChannelLink interface. If an HTLC arrives that is too close to the current block height, then we’ll reject it. As otherwise, it may be possible for us to lose an on-chain claim if they HTLC expires already or expires before we’re able to get a commitment transaction in the chain. As the exit node, we have a grace period that governs out decision. As an intermediate node, we ensure that the HTLC isn’t close to expiry on our outgoing link end if we forward it.
2017-08-03 06:10:35 +02:00
// will fail the channel, if not we will apply the update.
htlcswitch: handle update_fee message received from peer. This commit makes the channellink update a channel's fee if an update_fee message is received from the peer.
2017-07-14 20:40:42 +02:00
if err := l.channel.ReceiveUpdateFee(fee); err != nil {
multi: update linter, fix new issues
2024-08-20 12:46:24 +02:00
l.failf(LinkFailureError{code: ErrInvalidUpdate},
htlcswitch/link: make fail() call OnChannelFailure with LinkFailureError Adds a new closure OnChannelFailure to the link config, which is called when the link fails. This function closure should use the given LinkFailureError to properly force close the channel, send an error to the peer, and disconnect the peer.
2018-05-09 15:49:58 +02:00
"error receiving fee update: %v", err)
htlcswitch: handle update_fee message received from peer. This commit makes the channellink update a channel's fee if an update_fee message is received from the peer.
2017-07-14 20:40:42 +02:00
return
}
htlcswitch: extend ChannelLink iface with dustHandler iface This allows the Switch to determine the dust exposure of a certain channel and allows the link to set the feerate of the mailbox given a fee update.
2021-09-28 17:43:51 +02:00
// Update the mailbox's feerate as well.
l.mailBox.SetFeeRate(fee)
multi: add ability to read warning messages and log on link level Warning messages are intended to add "softer" failure modes for peers, so to start with we simply log the warnings sent to us. While we "may" disconnect from the peer according to the spec, we start with the least extreme option (which is also not a change in behavior because previously we'd just log that we received an unknown odd message).
2022-05-16 18:19:07 +02:00
// In the case where we receive a warning message from our peer, just
// log it and move on. We choose not to disconnect from our peer,
// although we "MAY" do so according to the specification.
case *lnwire.Warning:
l.log.Warnf("received warning message from peer: %v",
multi: stop casting peer warning messages as errors Split the logic for processing `error` and `warning` messages from our peers.
2022-08-24 21:26:42 +02:00
msg.Warning())
multi: add ability to read warning messages and log on link level Warning messages are intended to add "softer" failure modes for peers, so to start with we simply log the warnings sent to us. While we "may" disconnect from the peer according to the spec, we start with the least extreme option (which is also not a change in behavior because previously we'd just log that we received an unknown odd message).
2022-05-16 18:19:07 +02:00
htlcswitch/link: fail channel on lnwire.Error
2018-03-01 00:39:26 +01:00
case *lnwire.Error:
// Error received from remote, MUST fail channel, but should
// only print the contents of the error message if all
// characters are printable ASCII.
multi: update linter, fix new issues
2024-08-20 12:46:24 +02:00
l.failf(
htlcswitch/link: set PermanentFailure in case of remote error
2018-10-08 15:46:14 +02:00
LinkFailureError{
htlcswitch/link: revert borking channels on received Errors Since it turned out borking channels on every received error could cause us to bork channels in case of a sync error with C-lightning, we revert this for now.
2020-11-23 14:42:41 +01:00
code: ErrRemoteError,
// TODO(halseth): we currently don't fail the
// channel permanently, as there are some sync
// issues with other implementations that will
// lead to them sending an error message, but
// we can recover from on next connection. See
// https://github.com/ElementsProject/lightning/issues/4212
PermanentFailure: false,
htlcswitch/link: set PermanentFailure in case of remote error
2018-10-08 15:46:14 +02:00
},
htlcswitch/link: make fail() call OnChannelFailure with LinkFailureError Adds a new closure OnChannelFailure to the link config, which is called when the link fails. This function closure should use the given LinkFailureError to properly force close the channel, send an error to the peer, and disconnect the peer.
2018-05-09 15:49:58 +02:00
"ChannelPoint(%v): received error from peer: %v",
htlcswitch/link: set PermanentFailure in case of remote error
2018-10-08 15:46:14 +02:00
l.channel.ChannelPoint(), msg.Error(),
)
htlcswitch/link: fail channel on lnwire.Error
2018-03-01 00:39:26 +01:00
default:
htlcswitch: use prefix logger for remaining log statements in link
2019-10-01 11:16:24 +02:00
l.log.Warnf("received unknown message of type %T", msg)
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
}
htlcswitch/link: fail channel on lnwire.Error
2018-03-01 00:39:26 +01:00
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
}
htlcswitch: add additional comments and logging
2018-03-13 02:52:52 +01:00
// ackDownStreamPackets is responsible for removing htlcs from a link's mailbox
// for packets delivered from server, and cleaning up any circuits closed by
// signing a previous commitment txn. This method ensures that the circuits are
// removed from the circuit map before removing them from the link's mailbox,
// otherwise it could be possible for some circuit to be missed if this link
// flaps.
htlcswitch/link: remove circuit deletion forgiveness This commit removes the concept of "circuit deletion forgivness" from the link. This was originally implemented due to the strict semantics of the original DeleteCircuit implementation, which would fail if we tried to delete unknown circuits. Forgivness is used on startup to ignore this error in case the circuits had already been deleted before shutting down. Now that the circuit deletion has been relaxed, this behavior is no longer necessary, as requests to delete unknown (or previously deleted) circuits will be ignored. This is necessary for future changes regarding switch cleanup, which may attempt to cleanup already deleted circuits.
2018-08-19 04:35:20 +02:00
func (l *channelLink) ackDownStreamPackets() error {
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
// First, remove the downstream Add packets that were included in the
// previous commitment signature. This will prevent the Adds from being
// replayed if this link disconnects.
for _, inKey := range l.openedCircuits {
htlcswitch: add additional comments and logging
2018-03-13 02:52:52 +01:00
// In order to test the sphinx replay logic of the remote
// party, unsafe replay does not acknowledge the packets from
// the mailbox. We can then force a replay of any Add packets
// held in memory by disconnecting and reconnecting the link.
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
if l.cfg.UnsafeReplay {
continue
}
htlcswitch: use prefix logger in link
2019-10-01 11:06:56 +02:00
l.log.Debugf("removing Add packet %s from mailbox", inKey)
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
l.mailBox.AckPacket(inKey)
}
// Now, we will delete all circuits closed by the previous commitment
// signature, which is the result of downstream Settle/Fail packets. We
// batch them here to ensure circuits are closed atomically and for
// performance.
err := l.cfg.Circuits.DeleteCircuits(l.closedCircuits...)
switch err {
case nil:
// Successful deletion.
default:
htlcswitch: use prefix logger in link
2019-10-01 11:06:56 +02:00
l.log.Errorf("unable to delete %d circuits: %v",
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
len(l.closedCircuits), err)
return err
}
// With the circuits removed from memory and disk, we now ack any
// Settle/Fails in the mailbox to ensure they do not get redelivered
// after startup. If forgive is enabled and we've reached this point,
// the circuits must have been removed at some point, so it is now safe
htlcswitch: add additional comments and logging
2018-03-13 02:52:52 +01:00
// to un-queue the corresponding Settle/Fails.
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
for _, inKey := range l.closedCircuits {
htlcswitch: use prefix logger in link
2019-10-01 11:06:56 +02:00
l.log.Debugf("removing Fail/Settle packet %s from mailbox",
inKey)
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
l.mailBox.AckPacket(inKey)
}
// Lastly, reset our buffers to be empty while keeping any acquired
// growth in the backing array.
l.openedCircuits = l.openedCircuits[:0]
l.closedCircuits = l.closedCircuits[:0]
return nil
}
htlcswitch: extract updateCommitTxOrFail in link Deduplicate code and prepare for further split of handleDownstreamPkt.
2020-05-13 15:22:56 +02:00
// updateCommitTxOrFail updates the commitment tx and if that fails, it fails
// the link.
func (l *channelLink) updateCommitTxOrFail() bool {
htlcswitch: remove synchronous link handoff, special-case keystone err This allows Switch-initiated payments to be failed back if they don't make it into a commitment. Prior to this commit, a Switch-initiated HTLC could get "lost" meaning the circuit wouldn't get deleted except if conditions were "right" and the network result store would never be made aware of the HTLC's fate. Switch-initiated HTLC's are now passed to the link's mailbox to ensure they can be failed back. This change also special-cases the ErrDuplicateKeystone error from OpenCircuits(...) so that callers of updateCommitTx() in the link don't send an Error to the peer if they encounter the keystone error. With the first async change, the keystone error should now always be recoverable.
2022-05-09 20:33:45 +02:00
err := l.updateCommitTx()
switch err {
// No error encountered, success.
case nil:
// A duplicate keystone error should be resolved and is not fatal, so
// we won't send an Error message to the peer.
case ErrDuplicateKeystone:
multi: update linter, fix new issues
2024-08-20 12:46:24 +02:00
l.failf(LinkFailureError{code: ErrCircuitError},
htlcswitch: remove synchronous link handoff, special-case keystone err This allows Switch-initiated payments to be failed back if they don't make it into a commitment. Prior to this commit, a Switch-initiated HTLC could get "lost" meaning the circuit wouldn't get deleted except if conditions were "right" and the network result store would never be made aware of the HTLC's fate. Switch-initiated HTLC's are now passed to the link's mailbox to ensure they can be failed back. This change also special-cases the ErrDuplicateKeystone error from OpenCircuits(...) so that callers of updateCommitTx() in the link don't send an Error to the peer if they encounter the keystone error. With the first async change, the keystone error should now always be recoverable.
2022-05-09 20:33:45 +02:00
"temporary circuit error: %v", err)
return false
// Any other error is treated results in an Error message being sent to
// the peer.
default:
multi: update linter, fix new issues
2024-08-20 12:46:24 +02:00
l.failf(LinkFailureError{code: ErrInternalError},
htlcswitch: extract updateCommitTxOrFail in link Deduplicate code and prepare for further split of handleDownstreamPkt.
2020-05-13 15:22:56 +02:00
"unable to update commitment: %v", err)
return false
}
return true
}
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
// updateCommitTx signs, then sends an update to the remote peer adding a new
// commitment to their commitment chain which includes all the latest updates
// we've received+processed up to this point.
htlcswitch: start using config in channel link Step №3 in making htlcManager (aka channelLink) testable: Apply the channel link config inside the channel link itself.
2017-05-03 23:03:47 +02:00
func (l *channelLink) updateCommitTx() error {
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
// Preemptively write all pending keystones to disk, just in case the
// HTLCs we have in memory are included in the subsequent attempt to
// sign a commitment state.
err := l.cfg.Circuits.OpenCircuits(l.keystoneBatch...)
if err != nil {
htlcswitch: remove synchronous link handoff, special-case keystone err This allows Switch-initiated payments to be failed back if they don't make it into a commitment. Prior to this commit, a Switch-initiated HTLC could get "lost" meaning the circuit wouldn't get deleted except if conditions were "right" and the network result store would never be made aware of the HTLC's fate. Switch-initiated HTLC's are now passed to the link's mailbox to ensure they can be failed back. This change also special-cases the ErrDuplicateKeystone error from OpenCircuits(...) so that callers of updateCommitTx() in the link don't send an Error to the peer if they encounter the keystone error. With the first async change, the keystone error should now always be recoverable.
2022-05-09 20:33:45 +02:00
// If ErrDuplicateKeystone is returned, the caller will catch
// it.
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
return err
}
// Reset the batch, but keep the backing buffer to avoid reallocating.
l.keystoneBatch = l.keystoneBatch[:0]
htlcswitch/link: adds HodlFlag breakpoints This commit inserts an initial set of HodlFlags into their correct places within the switch. In lieu of the existing HtlcHodl mode, it is been replaced with a configurable HodlMask, which is a bitvector representing the desired breakpoints. This will allow for fine grained testing of the switch's internals, since we can create arbitrary delays inside a otherwise asynchronous system.
2018-04-27 11:51:13 +02:00
// If hodl.Commit mode is active, we will refrain from attempting to
// commit any in-memory modifications to the channel state. Exiting here
// permits testing of either the switch or link's ability to trim
// circuits that have been opened, but unsuccessfully committed.
multi: remove debug invoices Debug invoices are rarely used nowadays, but keep asking for maintenance every time refactoring in primarily the invoice registry occurs. We have passed the cost/benefit tipping point, so therefore the debug invoice concept is removed in this commit. Previously the debughtlc flag also controlled whether hodl masks were active. It is safe to remove that additional condition because the hodl masks are still guarded by the dev build tag.
2019-08-14 19:57:31 +02:00
if l.cfg.HodlMask.Active(hodl.Commit) {
htlcswitch: use prefix logger in link
2019-10-01 11:06:56 +02:00
l.log.Warnf(hodl.Commit.Warning())
htlcswitch/link: adds HodlFlag breakpoints This commit inserts an initial set of HodlFlags into their correct places within the switch. In lieu of the existing HtlcHodl mode, it is been replaced with a configurable HodlMask, which is a bitvector representing the desired breakpoints. This will allow for fine grained testing of the switch's internals, since we can create arbitrary delays inside a otherwise asynchronous system.
2018-04-27 11:51:13 +02:00
return nil
}
multi: link quit can interrupt commitment signing In this commit, we make sig job handling when singing a next commitment non-blocking by allowing the shutdown of a channel link to prevent further waiting on sig jobs by the channel state machine. This addresses possible cases where the aux signer may be shut down via a separate quit signal, so the state machine could block indefinitely on receiving an update on a sig job.
2024-10-17 13:38:34 +02:00
ctx, done := l.WithCtxQuitNoTimeout()
defer done()
newCommit, err := l.channel.SignNextCommitment(ctx)
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
if err == lnwallet.ErrNoWindow {
htlcswitch/link: add pending commit ticker for stall detection This commit adds a PendingCommitTicker to the link config, which allows us to control how quickly we fail the link if the commitment dance stalls. Now that the mailbox has the ability to cancel packets, when the link fails it will reset the mailbox packets on exit, forcing a reevaluation of the HTLCs against their mailbox expiries.
2020-04-14 19:51:30 +02:00
l.cfg.PendingCommitTicker.Resume()
htlcswitch+lnwallet: add trace logs for tickers
2022-01-21 00:35:56 +01:00
l.log.Trace("PendingCommitTicker resumed")
htlcswitch/link: add pending commit ticker for stall detection This commit adds a PendingCommitTicker to the link config, which allows us to control how quickly we fail the link if the commitment dance stalls. Now that the mailbox has the ability to cancel packets, when the link fails it will reset the mailbox packets on exit, forcing a reevaluation of the HTLCs against their mailbox expiries.
2020-04-14 19:51:30 +02:00
lnwallet+htlcswitch: define expanded NumPendingUpdates This commit squashes the below operations for a net result where we have an expanded capability of assessing pending updates. This is made possible by packing the components into Duals in the prior commits. We squash the operations to simplify review. htlcswitch+lnwallet: rename PendingLocalUpdateCount lnwallet: complete pending update queries API for LightningChannel lnwallet+htlcswitch: consolidate NumPendingUpdates using ChannelParty This commit makes the observation that we can cleanly define the NumPendingUpdates function using a single expression by taking advantage of the relevant fields being properly packed into Duals.
2023-12-12 04:18:57 +01:00
n := l.channel.NumPendingUpdates(lntypes.Local, lntypes.Remote)
htlcswitch: use prefix logger in link
2019-10-01 11:06:56 +02:00
l.log.Tracef("revocation window exhausted, unable to send: "+
lnwallet+htlcswitch: define expanded NumPendingUpdates This commit squashes the below operations for a net result where we have an expanded capability of assessing pending updates. This is made possible by packing the components into Duals in the prior commits. We squash the operations to simplify review. htlcswitch+lnwallet: rename PendingLocalUpdateCount lnwallet: complete pending update queries API for LightningChannel lnwallet+htlcswitch: consolidate NumPendingUpdates using ChannelParty This commit makes the observation that we can cleanly define the NumPendingUpdates function using a single expression by taking advantage of the relevant fields being properly packed into Duals.
2023-12-12 04:18:57 +01:00
"%v, pend_updates=%v, dangling_closes%v", n,
multi: add `SpewLogClosure` to avoid code repetition
2024-07-25 16:18:00 +02:00
lnutils.SpewLogClosure(l.openedCircuits),
lnutils.SpewLogClosure(l.closedCircuits))
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
return nil
} else if err != nil {
return err
}
htlcswitch: switch ackDownStreamPackets order with contract update call This commit modifies updateCommitTx to error with ErrLinkShuttingDown when we try to send a ContractUpdate on the htlcUpdates chan and the link has closed the quit chan. It also changes the order of the call to ackDownStreamPackets and contract update call for consistency since the packets should be acknowledged before the link goes down.
2020-03-09 18:36:33 +01:00
if err := l.ackDownStreamPackets(); err != nil {
return err
}
htlcswitch/link: add pending commit ticker for stall detection This commit adds a PendingCommitTicker to the link config, which allows us to control how quickly we fail the link if the commitment dance stalls. Now that the mailbox has the ability to cancel packets, when the link fails it will reset the mailbox packets on exit, forcing a reevaluation of the HTLCs against their mailbox expiries.
2020-04-14 19:51:30 +02:00
l.cfg.PendingCommitTicker.Pause()
htlcswitch+lnwallet: add trace logs for tickers
2022-01-21 00:35:56 +01:00
l.log.Trace("PendingCommitTicker paused after ackDownStreamPackets")
htlcswitch/link: add pending commit ticker for stall detection This commit adds a PendingCommitTicker to the link config, which allows us to control how quickly we fail the link if the commitment dance stalls. Now that the mailbox has the ability to cancel packets, when the link fails it will reset the mailbox packets on exit, forcing a reevaluation of the HTLCs against their mailbox expiries.
2020-04-14 19:51:30 +02:00
multi: address lingering TODO by no longer wiping out local HTLCs on remote close In this commit, we fix a lingering TOOD statement in the channel arb. Before this commitment, we would simply wipe our our local HTLC set of the HTLC set that was on the remote commitment transaction on force close. This was incorrect as if our commitment transaction had an HTLC that the remote commitment didn't, then we would fail to cancel that back, and cause both channels to time out on chain. In order to remedy this, we introduce a new `HtlcSetKey` struct to track all 3 possible in-flight set of HTLCs: ours, theirs, and their pending. We also we start to tack on additional data to all the unilateral close messages we send to subscribers. This new data is the CommitSet, or the set of valid commitments at channel closure time. This new information will be used by the channel arb in an upcoming commit to ensure it will cancel back HTLCs in the case of split commitment state. Finally, we start to thread through an optional *CommitSet to the advanceState method. This additional information will give the channel arb addition information it needs to ensure it properly cancels back HTLCs that are about to time out or may time out depending on which commitment is played. Within the htlcswitch pakage, we modify the `SignNextCommitment` method to return the new set of pending HTLCs for the remote party's commitment transaction and `ReceiveRevocation` to return the latest set of commitment transactions on the remote party's commitment as well. This is a preparatory change which is part of a larger change to address a lingering TODO in the cnct. Additionally, rather than just send of the set of HTLCs after the we revoke, we'll also send of the set of HTLCs after the remote party revokes, and we create a pending commitment state for it.
2019-05-17 02:23:26 +02:00
// The remote party now has a new pending commitment, so we'll update
// the contract court to be aware of this new set (the prior old remote
// pending).
multi: reliable hand-off from htlcswitch to contractcourt This is achieved by changing the 1-way handoff to a 2-way handoff with a done channel.
2022-01-04 22:21:36 +01:00
newUpdate := &contractcourt.ContractUpdate{
multi: address lingering TODO by no longer wiping out local HTLCs on remote close In this commit, we fix a lingering TOOD statement in the channel arb. Before this commitment, we would simply wipe our our local HTLC set of the HTLC set that was on the remote commitment transaction on force close. This was incorrect as if our commitment transaction had an HTLC that the remote commitment didn't, then we would fail to cancel that back, and cause both channels to time out on chain. In order to remedy this, we introduce a new `HtlcSetKey` struct to track all 3 possible in-flight set of HTLCs: ours, theirs, and their pending. We also we start to tack on additional data to all the unilateral close messages we send to subscribers. This new data is the CommitSet, or the set of valid commitments at channel closure time. This new information will be used by the channel arb in an upcoming commit to ensure it will cancel back HTLCs in the case of split commitment state. Finally, we start to thread through an optional *CommitSet to the advanceState method. This additional information will give the channel arb addition information it needs to ensure it properly cancels back HTLCs that are about to time out or may time out depending on which commitment is played. Within the htlcswitch pakage, we modify the `SignNextCommitment` method to return the new set of pending HTLCs for the remote party's commitment transaction and `ReceiveRevocation` to return the latest set of commitment transactions on the remote party's commitment as well. This is a preparatory change which is part of a larger change to address a lingering TODO in the cnct. Additionally, rather than just send of the set of HTLCs after the we revoke, we'll also send of the set of HTLCs after the remote party revokes, and we create a pending commitment state for it.
2019-05-17 02:23:26 +02:00
HtlcKey: contractcourt.RemotePendingHtlcSet,
lnwallet+htlcswitch: add NewCommitState struct, modify send/recv sig to accept In this commit, we add a new NewCommitState struct. This preps us for the future change wherein a partial signature is also added to the mix. All related tests and type signatures have also been updated accordingly.
2023-01-20 03:27:07 +01:00
Htlcs: newCommit.PendingHTLCs,
multi: reliable hand-off from htlcswitch to contractcourt This is achieved by changing the 1-way handoff to a 2-way handoff with a done channel.
2022-01-04 22:21:36 +01:00
}
err = l.cfg.NotifyContractUpdate(newUpdate)
if err != nil {
l.log.Errorf("unable to notify contract update: %v", err)
return err
}
select {
multi: link quit can interrupt commitment signing In this commit, we make sig job handling when singing a next commitment non-blocking by allowing the shutdown of a channel link to prevent further waiting on sig jobs by the channel state machine. This addresses possible cases where the aux signer may be shut down via a separate quit signal, so the state machine could block indefinitely on receiving an update on a sig job.
2024-10-17 13:38:34 +02:00
case <-l.Quit:
htlcswitch: switch ackDownStreamPackets order with contract update call This commit modifies updateCommitTx to error with ErrLinkShuttingDown when we try to send a ContractUpdate on the htlcUpdates chan and the link has closed the quit chan. It also changes the order of the call to ackDownStreamPackets and contract update call for consistency since the packets should be acknowledged before the link goes down.
2020-03-09 18:36:33 +01:00
return ErrLinkShuttingDown
multi: reliable hand-off from htlcswitch to contractcourt This is achieved by changing the 1-way handoff to a 2-way handoff with a done channel.
2022-01-04 22:21:36 +01:00
default:
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
}
multi: obtain+verify aux sigs for all second level HTLCs In this commit, we start to use the new AuxSigner to obtain+verify aux sigs for all second level HTLCs. This is similar to the existing SigPool, but we'll only attempt to do this if the AuxSigner is present (won't be for most channels).
2024-04-09 04:48:36 +02:00
auxBlobRecords, err := lnwire.ParseCustomRecords(newCommit.AuxSigBlob)
if err != nil {
return fmt.Errorf("error parsing aux sigs: %w", err)
}
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
commitSig := &lnwire.CommitSig{
multi: obtain+verify aux sigs for all second level HTLCs In this commit, we start to use the new AuxSigner to obtain+verify aux sigs for all second level HTLCs. This is similar to the existing SigPool, but we'll only attempt to do this if the AuxSigner is present (won't be for most channels).
2024-04-09 04:48:36 +02:00
ChanID: l.ChanID(),
CommitSig: newCommit.CommitSig,
HtlcSigs: newCommit.HtlcSigs,
PartialSig: newCommit.PartialSig,
CustomRecords: auxBlobRecords,
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
}
htlcswitch/link: upgrade to use lnpeer.Peer.SendMessage
2018-06-08 05:17:15 +02:00
l.cfg.Peer.SendMessage(false, commitSig)
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
htlcswitch: implement flush and commit lifecycle hooks for channelLink
2023-11-28 05:26:21 +01:00
// Now that we have sent out a new CommitSig, we invoke the outgoing set
// of commit hooks.
l.RWMutex.Lock()
l.outgoingCommitHooks.invoke()
l.RWMutex.Unlock()
htlcswitch: copy the initial representation of htlc manager In this commit all initial code which will be transformed into channel link have been added. Rather than changing the in the same commit is better to create the standalone commit, in order to see the changes which have been applied to relocated code.
2017-05-01 19:03:41 +02:00
return nil
}
htlcswitch: re-introduce dynamic commitment log tick timer This commit fixes a slight regression in the logic of the switch by ensuring that the log commitment timer is only start _after_ we receive a new commitment signature. Otherwise, the ticker will keep ticking and possibly settle HTLC’s that’ve yet to be locked in, or waste a signature causing us to be deprived of a revocation which is required for us to initiate a new state transition. Additionally, the commit performs a few minor post-merge clean ups.
2017-06-01 01:43:37 +02:00
// Peer returns the representation of remote peer with which we have the
// channel link opened.
//
htlcswitch: make channel link implements interface Step №2 in making htlcManager (aka channelLink) testable: Implement the ChannelLink interface which is needed to use it in pair with htlc switch. With this commit channel link impelements interface, but isn't able to operate properly yet.
2017-05-03 16:07:55 +02:00
// NOTE: Part of the ChannelLink interface.
htlcswitch: avoid leaking peer interface from link Here we notice that the only use of the Peer call on the link is to find out what the peer's pubkey is. To avoid leaking handles to IO actions outside the interface we reduce the surface area to just return the peer's public key.
2024-02-26 22:10:22 +01:00
func (l *channelLink) PeerPubKey() [33]byte {
return l.cfg.Peer.PubKey()
htlcswitch: make channel link implements interface Step №2 in making htlcManager (aka channelLink) testable: Implement the ChannelLink interface which is needed to use it in pair with htlc switch. With this commit channel link impelements interface, but isn't able to operate properly yet.
2017-05-03 16:07:55 +02:00
}
htlcswitch/link: add ChannelPoint() to retrieve the channel outpoint. This function will be used in the switch to retrieve the channel point for a link, allowing the switch to retrieve individual channels from the database.
2018-10-30 10:36:27 +01:00
// ChannelPoint returns the channel outpoint for the channel link.
// NOTE: Part of the ChannelLink interface.
htlcswitch: prevent ChannelLink from leaking ChannelPoint pointer
2024-01-29 22:55:20 +01:00
func (l *channelLink) ChannelPoint() wire.OutPoint {
return l.channel.ChannelPoint()
htlcswitch/link: add ChannelPoint() to retrieve the channel outpoint. This function will be used in the switch to retrieve the channel point for a link, allowing the switch to retrieve individual channels from the database.
2018-10-30 10:36:27 +01:00
}
htlcswitch: add a ShortChanID method to the ChannelLink interface
2017-06-16 23:32:41 +02:00
// ShortChanID returns the short channel ID for the channel link. The short
// channel ID encodes the exact location in the main chain that the original
// funding output can be found.
//
// NOTE: Part of the ChannelLink interface.
func (l *channelLink) ShortChanID() lnwire.ShortChannelID {
htlcswitch: perform fee related checks at forwarding time In this commit, we fix a very old, lingering bug within the link. When accepting an HTLC we are meant to validate the fee against the constraints of the *outgoing* link. This is due to the fact that we're offering a payment transit service on our outgoing link. Before this commit, we would use the policies of the *incoming* link. This would at times lead to odd routing errors as we would go to route, get an error update and then route again, repeating the process. With this commit, we'll properly use the incoming link for timelock related constraints, and the outgoing link for fee related constraints. We do this by introducing a new HtlcSatisfiesPolicy method in the link. This method should return a non-nil error if the link can carry the HTLC as it satisfies its current forwarding policy. We'll use this method now at *forwarding* time to ensure that we only forward to links that actually accept the policy. This fixes a number of bugs that existed before that could result in a link accepting an HTLC that actually violated its policy. In the case that the policy is violated for *all* links, we take care to return the error returned by the *target* link so the caller can update their sending accordingly. In this commit, we also remove the prior linkControl channel in the channelLink. Instead, of sending a message to update the internal link policy, we'll use a mutex in place. This simplifies the code, and also adds some necessary refactoring in anticipation of the next follow up commit.
2018-04-04 04:51:40 +02:00
l.RLock()
defer l.RUnlock()
htlcswitch: remove redundant field from channelLink
2024-02-23 01:17:09 +01:00
return l.channel.ShortChanID()
funding+htlcswitch: dynamically update short chan id of existing link In this commit, we fix an existing bug that would result in some payments getting “stuck”. This would happen if one side restarted before the channel was fully locked in. In this case, since upon re-connection, the link will get added to the switch with a *short channel ID of zero*. If A then tries to make a multi-hop payment through B, B will fail to forward the payment, as it’ll mistakenly think that the payment originated from a local-subsystem as the channel ID is zero. A short channel ID of zero is used to map local payments back to their caller. With fix this by allowing the funding manager to dynamically update the short channel ID of a link after it discovers the short channel ID. In this commit, we fix a second instance of reported “stuck” payments by users.
2018-02-04 03:14:09 +01:00
}
// UpdateShortChanID updates the short channel ID for a link. This may be
// required in the event that a link is created before the short chan ID for it
// is known, or a re-org occurs, and the funding transaction changes location
// within the chain.
//
// NOTE: Part of the ChannelLink interface.
htlcswitch/link: fix UpdateShortChanID
2018-05-02 01:29:47 +02:00
func (l *channelLink) UpdateShortChanID() (lnwire.ShortChannelID, error) {
chanID := l.ChanID()
funding+htlcswitch: dynamically update short chan id of existing link In this commit, we fix an existing bug that would result in some payments getting “stuck”. This would happen if one side restarted before the channel was fully locked in. In this case, since upon re-connection, the link will get added to the switch with a *short channel ID of zero*. If A then tries to make a multi-hop payment through B, B will fail to forward the payment, as it’ll mistakenly think that the payment originated from a local-subsystem as the channel ID is zero. A short channel ID of zero is used to map local payments back to their caller. With fix this by allowing the funding manager to dynamically update the short channel ID of a link after it discovers the short channel ID. In this commit, we fix a second instance of reported “stuck” payments by users.
2018-02-04 03:14:09 +01:00
htlcswitch/link: fix UpdateShortChanID
2018-05-02 01:29:47 +02:00
// Refresh the channel state's short channel ID by loading it from disk.
// This ensures that the channel state accurately reflects the updated
// short channel ID.
channeldb: BigSize migration, store zero-conf, scid-alias bits This introduces a BigSize migration that is used to expand the width of the ChannelStatus and ChannelType fields. Three channel "types" are added - ZeroConfBit, ScidAliasChanBit, and ScidAliasFeatureBit. ScidAliasChanBit denotes that the scid-alias channel type was negotiated for the channel. ScidAliasFeatureBit denotes that the scid-alias feature bit was negotiated during the *lifetime* of the channel. Several helper functions on the OpenChannel struct are exposed to aid callers from different packages. The RefreshShortChanID has been renamed to Refresh. A new function BroadcastHeight is used to guard access to the mutable FundingBroadcastHeight member. This prevents data races.
2022-04-04 22:09:15 +02:00
err := l.channel.State().Refresh()
htlcswitch/link: fix UpdateShortChanID
2018-05-02 01:29:47 +02:00
if err != nil {
htlcswitch: use prefix logger in link
2019-10-01 11:06:56 +02:00
l.log.Errorf("unable to refresh short_chan_id for chan_id=%v: "+
"%v", chanID, err)
htlcswitch/hop: move hop.Exit and hop.Source to hop pkg
2019-08-30 23:11:38 +02:00
return hop.Source, err
htlcswitch/link: fix UpdateShortChanID
2018-05-02 01:29:47 +02:00
}
server+htlcswitch: prevent privacy leaks, allow alias routing This intent of this change is to prevent privacy leaks when routing with aliases and also to allow routing when using an alias. The aliases are our aliases. Introduces are two maps: * aliasToReal: This is an N->1 mapping for a channel. The keys are the set of aliases and the value is the confirmed, on-chain SCID. * baseIndex: This is also an N->1 mapping for a channel. The keys are the set of aliases and the value is the "base" SCID (whatever is in the OpenChannel.ShortChannelID field). There is also a base->base mapping, so not all keys are aliases. The above maps are populated when a link is added to the switch and when the channel has confirmed on-chain. The maps are not removed from if the link is removed, but this is fine since forwarding won't occur. * getLinkByMapping This function is introduced to adhere to the spec requirements that using the confirmed SCID of a private, scid-alias-feature-bit channel does not work. Lnd implements a stricter version of the spec and disallows this behavior if the feature-bit was negotiated, rather than just the channel type. The old, privacy-leak behavior is preserved. The spec also requires that if we must fail back an HTLC, the ChannelUpdate must use the SCID of whatever was in the onion, to avoid a privacy leak. This is also done by passing in the relevant SCID to the mailbox and link. Lnd will also cancel back on the "incoming" side if the InterceptableSwitch was used or if the link failed to decrypt the onion. In this case, we are cautious and replace the SCID if an alias exists.
2022-04-04 22:44:51 +02:00
return hop.Source, nil
htlcswitch: add a ShortChanID method to the ChannelLink interface
2017-06-16 23:32:41 +02:00
}
// ChanID returns the channel ID for the channel link. The channel ID is a more
// compact representation of a channel's full outpoint.
htlcswitch: re-introduce dynamic commitment log tick timer This commit fixes a slight regression in the logic of the switch by ensuring that the log commitment timer is only start _after_ we receive a new commitment signature. Otherwise, the ticker will keep ticking and possibly settle HTLC’s that’ve yet to be locked in, or waste a signature causing us to be deprived of a revocation which is required for us to initiate a new state transition. Additionally, the commit performs a few minor post-merge clean ups.
2017-06-01 01:43:37 +02:00
//
htlcswitch: make channel link implements interface Step №2 in making htlcManager (aka channelLink) testable: Implement the ChannelLink interface which is needed to use it in pair with htlc switch. With this commit channel link impelements interface, but isn't able to operate properly yet.
2017-05-03 16:07:55 +02:00
// NOTE: Part of the ChannelLink interface.
func (l *channelLink) ChanID() lnwire.ChannelID {
multi: make NewChanIDFromOutpoint accept value instead of pointer
2024-01-29 22:19:15 +01:00
return lnwire.NewChanIDFromOutPoint(l.channel.ChannelPoint())
htlcswitch: make channel link implements interface Step №2 in making htlcManager (aka channelLink) testable: Implement the ChannelLink interface which is needed to use it in pair with htlc switch. With this commit channel link impelements interface, but isn't able to operate properly yet.
2017-05-03 16:07:55 +02:00
}
htlcswitch: use atomic integer to track link bandwidth internally This commit modifies the way the bandwidth of a given channel link is tracked, and reported externally. The prior approach pushed most of the logic for tracking channel bandwidth into the link itself, and relied on a report from the queue in order to determine the total available bandwidth. This approach at times could inadvertently introduce deadlocks when working on new features as since the query was handled internally, it required the link to be _active_ and non-blocked in order to respond to. We’ve now abandoned this approach in favor of lifting the bandwidth accounting to the highest possible abstraction layer within the link itself. We now maintain a availableBandwidth integer that’s used atomically within the link in response to: us adding+settling an HTLC, and the remote party failing one of our HTLC’s.
2017-09-25 21:31:52 +02:00
// Bandwidth returns the total amount that can flow through the channel link at
htlcswitch: re-write channel connection re-establishment for correctness In this commit, we’ve re-written the process of syncing the state of channels after we reconnect. This re-write ensure correctness, and also simplified the existing logic which would attempt to launch another goroutine to handle requests from the switch to ensure that it doesn’t block. This is no longer necessary as the AddPacket method that the switch indirectly calls is non-blocking.
2017-11-10 23:57:59 +01:00
// this given instance. The value returned is expressed in millisatoshi and can
// be used by callers when making forwarding decisions to determine if a link
// can accept an HTLC.
htlcswitch: re-introduce dynamic commitment log tick timer This commit fixes a slight regression in the logic of the switch by ensuring that the log commitment timer is only start _after_ we receive a new commitment signature. Otherwise, the ticker will keep ticking and possibly settle HTLC’s that’ve yet to be locked in, or waste a signature causing us to be deprived of a revocation which is required for us to initiate a new state transition. Additionally, the commit performs a few minor post-merge clean ups.
2017-06-01 01:43:37 +02:00
//
htlcswitch: make channel link implements interface Step №2 in making htlcManager (aka channelLink) testable: Implement the ChannelLink interface which is needed to use it in pair with htlc switch. With this commit channel link impelements interface, but isn't able to operate properly yet.
2017-05-03 16:07:55 +02:00
// NOTE: Part of the ChannelLink interface.
Htlcswitch: switch all accounting and forwarding decisions to use mSAT's
2017-08-22 08:36:43 +02:00
func (l *channelLink) Bandwidth() lnwire.MilliSatoshi {
link+lnwallet: move bandwidth channel reserve validation into channel Since we want to handle the edge case where paying the HTLC fee would take the initiator below the reserve, we move the subtraction of the reserve into availableBalance where this calculation will be performed.
2020-02-19 12:27:42 +01:00
// Get the balance available on the channel for new HTLCs. This takes
// the channel reserve into account so HTLCs up to this value won't
// violate it.
htlcswitch/link: remove overflow queue This commit removes the overflowQueue from the link. We do so in order to promote better UX for senders, so that HTLCs are failed faster when the commitment is full. This gives the sender the opportunity to try another, more open path, rather than perceive the HTLC as being stuck. At the same time, we remove the total number of active goroutines in lnd by a factor of N where N is the number of active channels.
2020-04-07 20:56:47 +02:00
return l.channel.AvailableBalance()
htlcswitch: make channel link implements interface Step №2 in making htlcManager (aka channelLink) testable: Implement the ChannelLink interface which is needed to use it in pair with htlc switch. With this commit channel link impelements interface, but isn't able to operate properly yet.
2017-05-03 16:07:55 +02:00
}
multi: thread bandwidth check amount down to MayAddOutgoingHtlc Pass htlc amount down to the channel so that we don't need to rely on minHtlc (and pad it when the channel sets a 0 min htlc). Update test to just check some sane values since we're no longer relying on minHtlc amount at all.
2021-10-19 09:37:47 +02:00
// MayAddOutgoingHtlc indicates whether we can add an outgoing htlc with the
// amount provided to the link. This check does not reserve a space, since
// forwards or other payments may use the available slot, so it should be
// considered best-effort.
func (l *channelLink) MayAddOutgoingHtlc(amt lnwire.MilliSatoshi) error {
return l.channel.MayAddOutgoingHtlc(amt)
multi: surface may add outgoing hltc
2021-06-22 13:56:08 +02:00
}
htlcswitch: extend ChannelLink iface with dustHandler iface This allows the Switch to determine the dust exposure of a certain channel and allows the link to set the feerate of the mailbox given a fee update.
2021-09-28 17:43:51 +02:00
// getDustSum is a wrapper method that calls the underlying channel's dust sum
// method.
//
// NOTE: Part of the dustHandler interface.
htlcswitch: refactor dust handling to use ChannelParty
2024-07-31 02:05:04 +02:00
func (l *channelLink) getDustSum(whoseCommit lntypes.ChannelParty,
htlcswitch+lnwallet: calculate fee exposure as commit fees + dust This commit expands the definition of the dust limit to take into account commitment fees as well as dust HTLCs. The dust limit is now known as a fee exposure threshold. Dust HTLCs are fees anyways so it makes sense to account for commitment fees as well. The link has been modified slightly to calculate dust. In the future, the switch dust calculations can be removed.
2024-06-03 18:43:33 +02:00
dryRunFee fn.Option[chainfee.SatPerKWeight]) lnwire.MilliSatoshi {
htlcswitch: refactor dust handling to use ChannelParty
2024-07-31 02:05:04 +02:00
return l.channel.GetDustSum(whoseCommit, dryRunFee)
htlcswitch: extend ChannelLink iface with dustHandler iface This allows the Switch to determine the dust exposure of a certain channel and allows the link to set the feerate of the mailbox given a fee update.
2021-09-28 17:43:51 +02:00
}
// getFeeRate is a wrapper method that retrieves the underlying channel's
// feerate.
//
// NOTE: Part of the dustHandler interface.
func (l *channelLink) getFeeRate() chainfee.SatPerKWeight {
return l.channel.CommitFeeRate()
}
// getDustClosure returns a closure that can be used by the switch or mailbox
// to evaluate whether a given HTLC is dust.
//
// NOTE: Part of the dustHandler interface.
func (l *channelLink) getDustClosure() dustClosure {
localDustLimit := l.channel.State().LocalChanCfg.DustLimit
remoteDustLimit := l.channel.State().RemoteChanCfg.DustLimit
chanType := l.channel.State().ChanType
return dustHelper(chanType, localDustLimit, remoteDustLimit)
}
htlcswitch+lnwallet: calculate fee exposure as commit fees + dust This commit expands the definition of the dust limit to take into account commitment fees as well as dust HTLCs. The dust limit is now known as a fee exposure threshold. Dust HTLCs are fees anyways so it makes sense to account for commitment fees as well. The link has been modified slightly to calculate dust. In the future, the switch dust calculations can be removed.
2024-06-03 18:43:33 +02:00
// getCommitFee returns either the local or remote CommitFee in satoshis. This
// is used so that the Switch can have access to the commitment fee without
// needing to have a *LightningChannel. This doesn't include dust.
//
// NOTE: Part of the dustHandler interface.
func (l *channelLink) getCommitFee(remote bool) btcutil.Amount {
if remote {
return l.channel.State().RemoteCommitment.CommitFee
}
return l.channel.State().LocalCommitment.CommitFee
}
// exceedsFeeExposureLimit returns whether or not the new proposed fee-rate
// increases the total dust and fees within the channel past the configured
// fee threshold. It first calculates the dust sum over every update in the
// update log with the proposed fee-rate and taking into account both the local
// and remote dust limits. It uses every update in the update log instead of
// what is actually on the local and remote commitments because it is assumed
// that in a worst-case scenario, every update in the update log could
// theoretically be on either commitment transaction and this needs to be
// accounted for with this fee-rate. It then calculates the local and remote
// commitment fees given the proposed fee-rate. Finally, it tallies the results
// and determines if the fee threshold has been exceeded.
func (l *channelLink) exceedsFeeExposureLimit(
feePerKw chainfee.SatPerKWeight) (bool, error) {
dryRunFee := fn.Some[chainfee.SatPerKWeight](feePerKw)
// Get the sum of dust for both the local and remote commitments using
// this "dry-run" fee.
htlcswitch: refactor dust handling to use ChannelParty
2024-07-31 02:05:04 +02:00
localDustSum := l.getDustSum(lntypes.Local, dryRunFee)
remoteDustSum := l.getDustSum(lntypes.Remote, dryRunFee)
htlcswitch+lnwallet: calculate fee exposure as commit fees + dust This commit expands the definition of the dust limit to take into account commitment fees as well as dust HTLCs. The dust limit is now known as a fee exposure threshold. Dust HTLCs are fees anyways so it makes sense to account for commitment fees as well. The link has been modified slightly to calculate dust. In the future, the switch dust calculations can be removed.
2024-06-03 18:43:33 +02:00
// Calculate the local and remote commitment fees using this dry-run
// fee.
localFee, remoteFee, err := l.channel.CommitFeeTotalAt(feePerKw)
if err != nil {
return false, err
}
// Finally, check whether the max fee exposure was exceeded on either
// future commitment transaction with the fee-rate.
totalLocalDust := localDustSum + lnwire.NewMSatFromSatoshis(localFee)
if totalLocalDust > l.cfg.MaxFeeExposure {
htlcswitch: increase log
2024-10-12 18:30:34 +02:00
l.log.Debugf("ChannelLink(%v): exceeds fee exposure limit: "+
"local dust: %v, local fee: %v", l.ShortChanID(),
totalLocalDust, localFee)
htlcswitch+lnwallet: calculate fee exposure as commit fees + dust This commit expands the definition of the dust limit to take into account commitment fees as well as dust HTLCs. The dust limit is now known as a fee exposure threshold. Dust HTLCs are fees anyways so it makes sense to account for commitment fees as well. The link has been modified slightly to calculate dust. In the future, the switch dust calculations can be removed.
2024-06-03 18:43:33 +02:00
return true, nil
}
totalRemoteDust := remoteDustSum + lnwire.NewMSatFromSatoshis(
remoteFee,
)
htlcswitch: increase log
2024-10-12 18:30:34 +02:00
if totalRemoteDust > l.cfg.MaxFeeExposure {
l.log.Debugf("ChannelLink(%v): exceeds fee exposure limit: "+
"remote dust: %v, remote fee: %v", l.ShortChanID(),
totalRemoteDust, remoteFee)
return true, nil
}
return false, nil
htlcswitch+lnwallet: calculate fee exposure as commit fees + dust This commit expands the definition of the dust limit to take into account commitment fees as well as dust HTLCs. The dust limit is now known as a fee exposure threshold. Dust HTLCs are fees anyways so it makes sense to account for commitment fees as well. The link has been modified slightly to calculate dust. In the future, the switch dust calculations can be removed.
2024-06-03 18:43:33 +02:00
}
// isOverexposedWithHtlc calculates whether the proposed HTLC will make the
// channel exceed the fee threshold. It first fetches the largest fee-rate that
// may be on any unrevoked commitment transaction. Then, using this fee-rate,
// determines if the to-be-added HTLC is dust. If the HTLC is dust, it adds to
// the overall dust sum. If it is not dust, it contributes to weight, which
// also adds to the overall dust sum by an increase in fees. If the dust sum on
// either commitment exceeds the configured fee threshold, this function
// returns true.
func (l *channelLink) isOverexposedWithHtlc(htlc *lnwire.UpdateAddHTLC,
incoming bool) bool {
dustClosure := l.getDustClosure()
feeRate := l.channel.WorstCaseFeeRate()
amount := htlc.Amount.ToSatoshis()
// See if this HTLC is dust on both the local and remote commitments.
htlcswitch: refactor dust handling to use ChannelParty
2024-07-31 02:05:04 +02:00
isLocalDust := dustClosure(feeRate, incoming, lntypes.Local, amount)
isRemoteDust := dustClosure(feeRate, incoming, lntypes.Remote, amount)
htlcswitch+lnwallet: calculate fee exposure as commit fees + dust This commit expands the definition of the dust limit to take into account commitment fees as well as dust HTLCs. The dust limit is now known as a fee exposure threshold. Dust HTLCs are fees anyways so it makes sense to account for commitment fees as well. The link has been modified slightly to calculate dust. In the future, the switch dust calculations can be removed.
2024-06-03 18:43:33 +02:00
// Calculate the dust sum for the local and remote commitments.
htlcswitch: refactor dust handling to use ChannelParty
2024-07-31 02:05:04 +02:00
localDustSum := l.getDustSum(
lntypes.Local, fn.None[chainfee.SatPerKWeight](),
)
remoteDustSum := l.getDustSum(
lntypes.Remote, fn.None[chainfee.SatPerKWeight](),
)
htlcswitch+lnwallet: calculate fee exposure as commit fees + dust This commit expands the definition of the dust limit to take into account commitment fees as well as dust HTLCs. The dust limit is now known as a fee exposure threshold. Dust HTLCs are fees anyways so it makes sense to account for commitment fees as well. The link has been modified slightly to calculate dust. In the future, the switch dust calculations can be removed.
2024-06-03 18:43:33 +02:00
// Grab the larger of the local and remote commitment fees w/o dust.
commitFee := l.getCommitFee(false)
if l.getCommitFee(true) > commitFee {
commitFee = l.getCommitFee(true)
}
htlcswitch: increase log
2024-10-12 18:30:34 +02:00
commitFeeMSat := lnwire.NewMSatFromSatoshis(commitFee)
localDustSum += commitFeeMSat
remoteDustSum += commitFeeMSat
htlcswitch+lnwallet: calculate fee exposure as commit fees + dust This commit expands the definition of the dust limit to take into account commitment fees as well as dust HTLCs. The dust limit is now known as a fee exposure threshold. Dust HTLCs are fees anyways so it makes sense to account for commitment fees as well. The link has been modified slightly to calculate dust. In the future, the switch dust calculations can be removed.
2024-06-03 18:43:33 +02:00
// Calculate the additional fee increase if this is a non-dust HTLC.
weight := lntypes.WeightUnit(input.HTLCWeight)
additional := lnwire.NewMSatFromSatoshis(
feeRate.FeeForWeight(weight),
)
if isLocalDust {
// If this is dust, it doesn't contribute to weight but does
// contribute to the overall dust sum.
localDustSum += lnwire.NewMSatFromSatoshis(amount)
} else {
// Account for the fee increase that comes with an increase in
// weight.
localDustSum += additional
}
if localDustSum > l.cfg.MaxFeeExposure {
// The max fee exposure was exceeded.
htlcswitch: increase log
2024-10-12 18:30:34 +02:00
l.log.Debugf("ChannelLink(%v): HTLC %v makes the channel "+
"overexposed, total local dust: %v (current commit "+
"fee: %v)", l.ShortChanID(), htlc, localDustSum)
htlcswitch+lnwallet: calculate fee exposure as commit fees + dust This commit expands the definition of the dust limit to take into account commitment fees as well as dust HTLCs. The dust limit is now known as a fee exposure threshold. Dust HTLCs are fees anyways so it makes sense to account for commitment fees as well. The link has been modified slightly to calculate dust. In the future, the switch dust calculations can be removed.
2024-06-03 18:43:33 +02:00
return true
}
if isRemoteDust {
// If this is dust, it doesn't contribute to weight but does
// contribute to the overall dust sum.
remoteDustSum += lnwire.NewMSatFromSatoshis(amount)
} else {
// Account for the fee increase that comes with an increase in
// weight.
remoteDustSum += additional
}
htlcswitch: increase log
2024-10-12 18:30:34 +02:00
if remoteDustSum > l.cfg.MaxFeeExposure {
// The max fee exposure was exceeded.
l.log.Debugf("ChannelLink(%v): HTLC %v makes the channel "+
"overexposed, total remote dust: %v (current commit "+
"fee: %v)", l.ShortChanID(), htlc, remoteDustSum)
return true
}
return false
htlcswitch+lnwallet: calculate fee exposure as commit fees + dust This commit expands the definition of the dust limit to take into account commitment fees as well as dust HTLCs. The dust limit is now known as a fee exposure threshold. Dust HTLCs are fees anyways so it makes sense to account for commitment fees as well. The link has been modified slightly to calculate dust. In the future, the switch dust calculations can be removed.
2024-06-03 18:43:33 +02:00
}
htlcswitch: extend Mailbox iface with dust, fee methods This commit extends the Mailbox interface with the SetDustClosure, SetFeeRate, and DustPackets methods. This enables the mailbox to report the dust exposure to the Switch when the Switch decides whether to forward a dust packet. The dust is counted from the time an Add is introduced via AddPacket until it is removed via AckPacket. This can lead to some packets being counted twice before they are signed for, but this is a trade-off between accuracy and simplicity.
2021-09-28 17:37:37 +02:00
// dustClosure is a function that evaluates whether an HTLC is dust. It returns
// true if the HTLC is dust. It takes in a feerate, a boolean denoting whether
// the HTLC is incoming (i.e. one that the remote sent), a boolean denoting
// whether to evaluate on the local or remote commit, and finally an HTLC
// amount to test.
htlcswitch: refactor dust handling to use ChannelParty
2024-07-31 02:05:04 +02:00
type dustClosure func(feerate chainfee.SatPerKWeight, incoming bool,
whoseCommit lntypes.ChannelParty, amt btcutil.Amount) bool
htlcswitch: extend Mailbox iface with dust, fee methods This commit extends the Mailbox interface with the SetDustClosure, SetFeeRate, and DustPackets methods. This enables the mailbox to report the dust exposure to the Switch when the Switch decides whether to forward a dust packet. The dust is counted from the time an Add is introduced via AddPacket until it is removed via AckPacket. This can lead to some packets being counted twice before they are signed for, but this is a trade-off between accuracy and simplicity.
2021-09-28 17:37:37 +02:00
// dustHelper is used to construct the dustClosure.
func dustHelper(chantype channeldb.ChannelType, localDustLimit,
remoteDustLimit btcutil.Amount) dustClosure {
htlcswitch: refactor dust handling to use ChannelParty
2024-07-31 02:05:04 +02:00
isDust := func(feerate chainfee.SatPerKWeight, incoming bool,
whoseCommit lntypes.ChannelParty, amt btcutil.Amount) bool {
htlcswitch: extend Mailbox iface with dust, fee methods This commit extends the Mailbox interface with the SetDustClosure, SetFeeRate, and DustPackets methods. This enables the mailbox to report the dust exposure to the Switch when the Switch decides whether to forward a dust packet. The dust is counted from the time an Add is introduced via AddPacket until it is removed via AckPacket. This can lead to some packets being counted twice before they are signed for, but this is a trade-off between accuracy and simplicity.
2021-09-28 17:37:37 +02:00
htlcswitch: refactor dust handling to use ChannelParty
2024-07-31 02:05:04 +02:00
var dustLimit btcutil.Amount
if whoseCommit.IsLocal() {
dustLimit = localDustLimit
} else {
dustLimit = remoteDustLimit
htlcswitch: extend Mailbox iface with dust, fee methods This commit extends the Mailbox interface with the SetDustClosure, SetFeeRate, and DustPackets methods. This enables the mailbox to report the dust exposure to the Switch when the Switch decides whether to forward a dust packet. The dust is counted from the time an Add is introduced via AddPacket until it is removed via AckPacket. This can lead to some packets being counted twice before they are signed for, but this is a trade-off between accuracy and simplicity.
2021-09-28 17:37:37 +02:00
}
return lnwallet.HtlcIsDust(
htlcswitch: refactor dust handling to use ChannelParty
2024-07-31 02:05:04 +02:00
chantype, incoming, whoseCommit, feerate, amt,
dustLimit,
htlcswitch: extend Mailbox iface with dust, fee methods This commit extends the Mailbox interface with the SetDustClosure, SetFeeRate, and DustPackets methods. This enables the mailbox to report the dust exposure to the Switch when the Switch decides whether to forward a dust packet. The dust is counted from the time an Add is introduced via AddPacket until it is removed via AckPacket. This can lead to some packets being counted twice before they are signed for, but this is a trade-off between accuracy and simplicity.
2021-09-28 17:37:37 +02:00
)
}
return isDust
}
server+htlcswitch: prevent privacy leaks, allow alias routing This intent of this change is to prevent privacy leaks when routing with aliases and also to allow routing when using an alias. The aliases are our aliases. Introduces are two maps: * aliasToReal: This is an N->1 mapping for a channel. The keys are the set of aliases and the value is the confirmed, on-chain SCID. * baseIndex: This is also an N->1 mapping for a channel. The keys are the set of aliases and the value is the "base" SCID (whatever is in the OpenChannel.ShortChannelID field). There is also a base->base mapping, so not all keys are aliases. The above maps are populated when a link is added to the switch and when the channel has confirmed on-chain. The maps are not removed from if the link is removed, but this is fine since forwarding won't occur. * getLinkByMapping This function is introduced to adhere to the spec requirements that using the confirmed SCID of a private, scid-alias-feature-bit channel does not work. Lnd implements a stricter version of the spec and disallows this behavior if the feature-bit was negotiated, rather than just the channel type. The old, privacy-leak behavior is preserved. The spec also requires that if we must fail back an HTLC, the ChannelUpdate must use the SCID of whatever was in the onion, to avoid a privacy leak. This is also done by passing in the relevant SCID to the mailbox and link. Lnd will also cancel back on the "incoming" side if the InterceptableSwitch was used or if the link failed to decrypt the onion. In this case, we are cautious and replace the SCID if an alias exists.
2022-04-04 22:44:51 +02:00
// zeroConfConfirmed returns whether or not the zero-conf channel has
// confirmed on-chain.
//
// Part of the scidAliasHandler interface.
func (l *channelLink) zeroConfConfirmed() bool {
return l.channel.State().ZeroConfConfirmed()
}
// confirmedScid returns the confirmed SCID for a zero-conf channel. This
// should not be called for non-zero-conf channels.
//
// Part of the scidAliasHandler interface.
func (l *channelLink) confirmedScid() lnwire.ShortChannelID {
return l.channel.State().ZeroConfRealScid()
}
// isZeroConf returns whether or not the underlying channel is a zero-conf
// channel.
//
// Part of the scidAliasHandler interface.
func (l *channelLink) isZeroConf() bool {
return l.channel.State().IsZeroConf()
}
// negotiatedAliasFeature returns whether or not the underlying channel has
// negotiated the option-scid-alias feature bit. This will be true for both
// option-scid-alias and zero-conf channel-types. It will also be true for
// channels with the feature bit but without the above channel-types.
//
// Part of the scidAliasFeature interface.
func (l *channelLink) negotiatedAliasFeature() bool {
return l.channel.State().NegotiatedAliasFeature()
}
// getAliases returns the set of aliases for the underlying channel.
//
// Part of the scidAliasHandler interface.
func (l *channelLink) getAliases() []lnwire.ShortChannelID {
return l.cfg.GetAliases(l.ShortChanID())
}
// attachFailAliasUpdate sets the link's FailAliasUpdate function.
//
// Part of the scidAliasHandler interface.
func (l *channelLink) attachFailAliasUpdate(closure func(
multi: rename ChannelUpdate to ChannelUpdate1 In preparation for adding a new ChannelUpdate2 message and a ChannelUpdate interface, we rename the existing message to ChannelUpdate1.
2024-08-21 08:39:37 +02:00
sid lnwire.ShortChannelID, incoming bool) *lnwire.ChannelUpdate1) {
server+htlcswitch: prevent privacy leaks, allow alias routing This intent of this change is to prevent privacy leaks when routing with aliases and also to allow routing when using an alias. The aliases are our aliases. Introduces are two maps: * aliasToReal: This is an N->1 mapping for a channel. The keys are the set of aliases and the value is the confirmed, on-chain SCID. * baseIndex: This is also an N->1 mapping for a channel. The keys are the set of aliases and the value is the "base" SCID (whatever is in the OpenChannel.ShortChannelID field). There is also a base->base mapping, so not all keys are aliases. The above maps are populated when a link is added to the switch and when the channel has confirmed on-chain. The maps are not removed from if the link is removed, but this is fine since forwarding won't occur. * getLinkByMapping This function is introduced to adhere to the spec requirements that using the confirmed SCID of a private, scid-alias-feature-bit channel does not work. Lnd implements a stricter version of the spec and disallows this behavior if the feature-bit was negotiated, rather than just the channel type. The old, privacy-leak behavior is preserved. The spec also requires that if we must fail back an HTLC, the ChannelUpdate must use the SCID of whatever was in the onion, to avoid a privacy leak. This is also done by passing in the relevant SCID to the mailbox and link. Lnd will also cancel back on the "incoming" side if the InterceptableSwitch was used or if the link failed to decrypt the onion. In this case, we are cautious and replace the SCID if an alias exists.
2022-04-04 22:44:51 +02:00
l.Lock()
l.cfg.FailAliasUpdate = closure
l.Unlock()
}
htlcswitch: add additional comments and logging
2018-03-13 02:52:52 +01:00
// AttachMailBox updates the current mailbox used by this link, and hooks up
// the mailbox's message and packet outboxes to the link's upstream and
// downstream chans, respectively.
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
func (l *channelLink) AttachMailBox(mailbox MailBox) {
l.Lock()
l.mailBox = mailbox
l.upstream = mailbox.MessageOutBox()
l.downstream = mailbox.PacketOutBox()
l.Unlock()
htlcswitch: extend ChannelLink iface with dustHandler iface This allows the Switch to determine the dust exposure of a certain channel and allows the link to set the feerate of the mailbox given a fee update.
2021-09-28 17:43:51 +02:00
// Set the mailbox's fee rate. This may be refreshing a feerate that was
// never committed.
l.mailBox.SetFeeRate(l.getFeeRate())
// Also set the mailbox's dust closure so that it can query whether HTLC's
// are dust given the current feerate.
l.mailBox.SetDustClosure(l.getDustClosure())
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
}
htlcswitch: add a new UpdateFeePolicy to ChannelLink interface This commit adds a new method to the ChannelLink interface which is meant to allow outside sub-system to update the forwarding policy of a channel. This can be triggered either by a new RPC method, or automatically by some sort of control system which seeks to optimize fee revenue, or block off channels, etc.
2017-06-17 00:01:00 +02:00
// UpdateForwardingPolicy updates the forwarding policy for the target
// ChannelLink. Once updated, the link will use the new forwarding policy to
discovery+switch: apply zero forwarding policy updates in-memory as well as on disk In this commit, we fix a bug where if a user updates a forwarding policy to be zero, the update will be applied to the policy correctly on-disk, but not in-memory. We solve this issue by having the gossiper return the list of on-disk updated policies and passing these policies to the switch, so the switch can assume that zero-valued fields are intentional and not just uninitialized.
2019-08-30 02:54:08 +02:00
// govern if it an incoming HTLC should be forwarded or not. We assume that
// fields that are zero are intentionally set to zero, so we'll use newPolicy to
// update all of the link's FwrdingPolicy's values.
htlcswitch: add a new UpdateFeePolicy to ChannelLink interface This commit adds a new method to the ChannelLink interface which is meant to allow outside sub-system to update the forwarding policy of a channel. This can be triggered either by a new RPC method, or automatically by some sort of control system which seeks to optimize fee revenue, or block off channels, etc.
2017-06-17 00:01:00 +02:00
//
// NOTE: Part of the ChannelLink interface.
multi: use fwding policy from models pkg
2023-07-17 12:53:24 +02:00
func (l *channelLink) UpdateForwardingPolicy(
newPolicy models.ForwardingPolicy) {
htlcswitch: perform fee related checks at forwarding time In this commit, we fix a very old, lingering bug within the link. When accepting an HTLC we are meant to validate the fee against the constraints of the *outgoing* link. This is due to the fact that we're offering a payment transit service on our outgoing link. Before this commit, we would use the policies of the *incoming* link. This would at times lead to odd routing errors as we would go to route, get an error update and then route again, repeating the process. With this commit, we'll properly use the incoming link for timelock related constraints, and the outgoing link for fee related constraints. We do this by introducing a new HtlcSatisfiesPolicy method in the link. This method should return a non-nil error if the link can carry the HTLC as it satisfies its current forwarding policy. We'll use this method now at *forwarding* time to ensure that we only forward to links that actually accept the policy. This fixes a number of bugs that existed before that could result in a link accepting an HTLC that actually violated its policy. In the case that the policy is violated for *all* links, we take care to return the error returned by the *target* link so the caller can update their sending accordingly. In this commit, we also remove the prior linkControl channel in the channelLink. Instead, of sending a message to update the internal link policy, we'll use a mutex in place. This simplifies the code, and also adds some necessary refactoring in anticipation of the next follow up commit.
2018-04-04 04:51:40 +02:00
l.Lock()
defer l.Unlock()
discovery+switch: apply zero forwarding policy updates in-memory as well as on disk In this commit, we fix a bug where if a user updates a forwarding policy to be zero, the update will be applied to the policy correctly on-disk, but not in-memory. We solve this issue by having the gossiper return the list of on-disk updated policies and passing these policies to the switch, so the switch can assume that zero-valued fields are intentional and not just uninitialized.
2019-08-30 02:54:08 +02:00
l.cfg.FwrdingPolicy = newPolicy
htlcswitch: perform fee related checks at forwarding time In this commit, we fix a very old, lingering bug within the link. When accepting an HTLC we are meant to validate the fee against the constraints of the *outgoing* link. This is due to the fact that we're offering a payment transit service on our outgoing link. Before this commit, we would use the policies of the *incoming* link. This would at times lead to odd routing errors as we would go to route, get an error update and then route again, repeating the process. With this commit, we'll properly use the incoming link for timelock related constraints, and the outgoing link for fee related constraints. We do this by introducing a new HtlcSatisfiesPolicy method in the link. This method should return a non-nil error if the link can carry the HTLC as it satisfies its current forwarding policy. We'll use this method now at *forwarding* time to ensure that we only forward to links that actually accept the policy. This fixes a number of bugs that existed before that could result in a link accepting an HTLC that actually violated its policy. In the case that the policy is violated for *all* links, we take care to return the error returned by the *target* link so the caller can update their sending accordingly. In this commit, we also remove the prior linkControl channel in the channelLink. Instead, of sending a message to update the internal link policy, we'll use a mutex in place. This simplifies the code, and also adds some necessary refactoring in anticipation of the next follow up commit.
2018-04-04 04:51:40 +02:00
}
htlcswitch: add a new UpdateFeePolicy to ChannelLink interface This commit adds a new method to the ChannelLink interface which is meant to allow outside sub-system to update the forwarding policy of a channel. This can be triggered either by a new RPC method, or automatically by some sort of control system which seeks to optimize fee revenue, or block off channels, etc.
2017-06-17 00:01:00 +02:00
htlcswitch: use LinkError for internal errors Update the ChannelLink interface to specifically return the LinkError struct. This error implements the ClearTextError interface, so will be picked up as a routing realted error by the router. With LinkErrors implemented, the switch now returns a LinkError for all failures on our incoming/outgoing link and ForwardingError when the failure occurs down the line.
2020-01-14 14:07:42 +01:00
// CheckHtlcForward should return a nil error if the passed HTLC details
// satisfy the current forwarding policy fo the target link. Otherwise,
// a LinkError with a valid protocol failure message should be returned
// in order to signal to the source of the HTLC, the policy consistency
// issue.
htlcswitch: perform fee related checks at forwarding time In this commit, we fix a very old, lingering bug within the link. When accepting an HTLC we are meant to validate the fee against the constraints of the *outgoing* link. This is due to the fact that we're offering a payment transit service on our outgoing link. Before this commit, we would use the policies of the *incoming* link. This would at times lead to odd routing errors as we would go to route, get an error update and then route again, repeating the process. With this commit, we'll properly use the incoming link for timelock related constraints, and the outgoing link for fee related constraints. We do this by introducing a new HtlcSatisfiesPolicy method in the link. This method should return a non-nil error if the link can carry the HTLC as it satisfies its current forwarding policy. We'll use this method now at *forwarding* time to ensure that we only forward to links that actually accept the policy. This fixes a number of bugs that existed before that could result in a link accepting an HTLC that actually violated its policy. In the case that the policy is violated for *all* links, we take care to return the error returned by the *target* link so the caller can update their sending accordingly. In this commit, we also remove the prior linkControl channel in the channelLink. Instead, of sending a message to update the internal link policy, we'll use a mutex in place. This simplifies the code, and also adds some necessary refactoring in anticipation of the next follow up commit.
2018-04-04 04:51:40 +02:00
//
// NOTE: Part of the ChannelLink interface.
htlcswitch: rename policy check functions
2019-09-27 16:21:34 +02:00
func (l *channelLink) CheckHtlcForward(payHash [32]byte,
htlcswitch: extend the HtlcSatifiesPolicy to also accept timelock/height info In this commit, we extend the existing HtlcSatifiesPolicy method to also accept timelock and height information. This is required as an upcoming commit will fix an existing bug in the forwarding logic wherein we use the time lock policies of the incoming node rather than that of the outgoing node.
2018-06-26 05:15:46 +02:00
incomingHtlcAmt, amtToForward lnwire.MilliSatoshi,
incomingTimeout, outgoingTimeout uint32,
htlcswitch: add receiver-side inbound fee support
2022-09-19 12:06:34 +02:00
inboundFee models.InboundFee,
server+htlcswitch: prevent privacy leaks, allow alias routing This intent of this change is to prevent privacy leaks when routing with aliases and also to allow routing when using an alias. The aliases are our aliases. Introduces are two maps: * aliasToReal: This is an N->1 mapping for a channel. The keys are the set of aliases and the value is the confirmed, on-chain SCID. * baseIndex: This is also an N->1 mapping for a channel. The keys are the set of aliases and the value is the "base" SCID (whatever is in the OpenChannel.ShortChannelID field). There is also a base->base mapping, so not all keys are aliases. The above maps are populated when a link is added to the switch and when the channel has confirmed on-chain. The maps are not removed from if the link is removed, but this is fine since forwarding won't occur. * getLinkByMapping This function is introduced to adhere to the spec requirements that using the confirmed SCID of a private, scid-alias-feature-bit channel does not work. Lnd implements a stricter version of the spec and disallows this behavior if the feature-bit was negotiated, rather than just the channel type. The old, privacy-leak behavior is preserved. The spec also requires that if we must fail back an HTLC, the ChannelUpdate must use the SCID of whatever was in the onion, to avoid a privacy leak. This is also done by passing in the relevant SCID to the mailbox and link. Lnd will also cancel back on the "incoming" side if the InterceptableSwitch was used or if the link failed to decrypt the onion. In this case, we are cautious and replace the SCID if an alias exists.
2022-04-04 22:44:51 +02:00
heightNow uint32, originalScid lnwire.ShortChannelID) *LinkError {
htlcswitch: perform fee related checks at forwarding time In this commit, we fix a very old, lingering bug within the link. When accepting an HTLC we are meant to validate the fee against the constraints of the *outgoing* link. This is due to the fact that we're offering a payment transit service on our outgoing link. Before this commit, we would use the policies of the *incoming* link. This would at times lead to odd routing errors as we would go to route, get an error update and then route again, repeating the process. With this commit, we'll properly use the incoming link for timelock related constraints, and the outgoing link for fee related constraints. We do this by introducing a new HtlcSatisfiesPolicy method in the link. This method should return a non-nil error if the link can carry the HTLC as it satisfies its current forwarding policy. We'll use this method now at *forwarding* time to ensure that we only forward to links that actually accept the policy. This fixes a number of bugs that existed before that could result in a link accepting an HTLC that actually violated its policy. In the case that the policy is violated for *all* links, we take care to return the error returned by the *target* link so the caller can update their sending accordingly. In this commit, we also remove the prior linkControl channel in the channelLink. Instead, of sending a message to update the internal link policy, we'll use a mutex in place. This simplifies the code, and also adds some necessary refactoring in anticipation of the next follow up commit.
2018-04-04 04:51:40 +02:00
l.RLock()
htlcswitch/link: remove deadlock in htlc validation This commit removes a possible deadlock in the switch, which can be triggered under certain failure conditions. Previously, we would acquire the link's read lock for the duration of HtlcSatisfiesPolicy, though we only need to use it grab the current policy. The deadlock could be caused in the cases where we attempt to log the failure, which access the read-protected ShortChanID method.
2018-06-07 03:07:20 +02:00
policy := l.cfg.FwrdingPolicy
l.RUnlock()
htlcswitch: perform fee related checks at forwarding time In this commit, we fix a very old, lingering bug within the link. When accepting an HTLC we are meant to validate the fee against the constraints of the *outgoing* link. This is due to the fact that we're offering a payment transit service on our outgoing link. Before this commit, we would use the policies of the *incoming* link. This would at times lead to odd routing errors as we would go to route, get an error update and then route again, repeating the process. With this commit, we'll properly use the incoming link for timelock related constraints, and the outgoing link for fee related constraints. We do this by introducing a new HtlcSatisfiesPolicy method in the link. This method should return a non-nil error if the link can carry the HTLC as it satisfies its current forwarding policy. We'll use this method now at *forwarding* time to ensure that we only forward to links that actually accept the policy. This fixes a number of bugs that existed before that could result in a link accepting an HTLC that actually violated its policy. In the case that the policy is violated for *all* links, we take care to return the error returned by the *target* link so the caller can update their sending accordingly. In this commit, we also remove the prior linkControl channel in the channelLink. Instead, of sending a message to update the internal link policy, we'll use a mutex in place. This simplifies the code, and also adds some necessary refactoring in anticipation of the next follow up commit.
2018-04-04 04:51:40 +02:00
htlcswitch: add receiver-side inbound fee support
2022-09-19 12:06:34 +02:00
// Using the outgoing HTLC amount, we'll calculate the outgoing
// fee this incoming HTLC must carry in order to satisfy the constraints
// of the outgoing link.
outFee := ExpectedFee(policy, amtToForward)
// Then calculate the inbound fee that we charge based on the sum of
// outgoing HTLC amount and outgoing fee.
inFee := inboundFee.CalcFee(amtToForward + outFee)
// Add up both fee components. It is important to calculate both fees
// separately. An alternative way of calculating is to first determine
// an aggregate fee and apply that to the outgoing HTLC amount. However,
// rounding may cause the result to be slightly higher than in the case
// of separately rounded fee components. This potentially causes failed
// forwards for senders and is something to be avoided.
expectedFee := inFee + int64(outFee)
htlcswitch: check channel policy for local htlcs
2019-04-19 11:11:16 +02:00
// If the actual fee is less than our expected fee, then we'll reject
// this HTLC as it didn't provide a sufficient amount of fees, or the
// values have been tampered with, or the send used incorrect/dated
// information to construct the forwarding information for this hop. In
htlcswitch: add receiver-side inbound fee support
2022-09-19 12:06:34 +02:00
// any case, we'll cancel this HTLC.
actualFee := int64(incomingHtlcAmt) - int64(amtToForward)
htlcswitch: check channel policy for local htlcs
2019-04-19 11:11:16 +02:00
if incomingHtlcAmt < amtToForward || actualFee < expectedFee {
htlcswitch: change errors to warnings for issues caused by bogus incoming HTLC data
2021-05-17 12:13:59 +02:00
l.log.Warnf("outgoing htlc(%x) has insufficient fee: "+
htlcswitch: add receiver-side inbound fee support
2022-09-19 12:06:34 +02:00
"expected %v, got %v: incoming=%v, outgoing=%v, "+
"inboundFee=%v",
payHash[:], expectedFee, actualFee,
incomingHtlcAmt, amtToForward, inboundFee,
)
htlcswitch: check channel policy for local htlcs
2019-04-19 11:11:16 +02:00
// As part of the returned error, we'll send our latest routing
// policy so the sending node obtains the most up to date data.
multi: rename ChannelUpdate to ChannelUpdate1 In preparation for adding a new ChannelUpdate2 message and a ChannelUpdate interface, we rename the existing message to ChannelUpdate1.
2024-08-21 08:39:37 +02:00
cb := func(upd *lnwire.ChannelUpdate1) lnwire.FailureMessage {
server+htlcswitch: prevent privacy leaks, allow alias routing This intent of this change is to prevent privacy leaks when routing with aliases and also to allow routing when using an alias. The aliases are our aliases. Introduces are two maps: * aliasToReal: This is an N->1 mapping for a channel. The keys are the set of aliases and the value is the confirmed, on-chain SCID. * baseIndex: This is also an N->1 mapping for a channel. The keys are the set of aliases and the value is the "base" SCID (whatever is in the OpenChannel.ShortChannelID field). There is also a base->base mapping, so not all keys are aliases. The above maps are populated when a link is added to the switch and when the channel has confirmed on-chain. The maps are not removed from if the link is removed, but this is fine since forwarding won't occur. * getLinkByMapping This function is introduced to adhere to the spec requirements that using the confirmed SCID of a private, scid-alias-feature-bit channel does not work. Lnd implements a stricter version of the spec and disallows this behavior if the feature-bit was negotiated, rather than just the channel type. The old, privacy-leak behavior is preserved. The spec also requires that if we must fail back an HTLC, the ChannelUpdate must use the SCID of whatever was in the onion, to avoid a privacy leak. This is also done by passing in the relevant SCID to the mailbox and link. Lnd will also cancel back on the "incoming" side if the InterceptableSwitch was used or if the link failed to decrypt the onion. In this case, we are cautious and replace the SCID if an alias exists.
2022-04-04 22:44:51 +02:00
return lnwire.NewFeeInsufficient(amtToForward, *upd)
}
failure := l.createFailureWithUpdate(false, originalScid, cb)
htlcswitch: use LinkError for internal errors Update the ChannelLink interface to specifically return the LinkError struct. This error implements the ClearTextError interface, so will be picked up as a routing realted error by the router. With LinkErrors implemented, the switch now returns a LinkError for all failures on our incoming/outgoing link and ForwardingError when the failure occurs down the line.
2020-01-14 14:07:42 +01:00
return NewLinkError(failure)
htlcswitch: check channel policy for local htlcs
2019-04-19 11:11:16 +02:00
}
htlcswitch: return `FEE_INSUFFICIENT` before checking balance
2023-03-08 07:27:45 +01:00
// Check whether the outgoing htlc satisfies the channel policy.
err := l.canSendHtlc(
policy, payHash, amtToForward, outgoingTimeout, heightNow,
originalScid,
)
if err != nil {
return err
}
htlcswitch: check channel policy for local htlcs
2019-04-19 11:11:16 +02:00
// Finally, we'll ensure that the time-lock on the outgoing HTLC meets
// the following constraint: the incoming time-lock minus our time-lock
// delta should equal the outgoing time lock. Otherwise, whether the
// sender messed up, or an intermediate node tampered with the HTLC.
timeDelta := policy.TimeLockDelta
if incomingTimeout < outgoingTimeout+timeDelta {
htlcswitch: change errors to warnings for issues caused by bogus incoming HTLC data
2021-05-17 12:13:59 +02:00
l.log.Warnf("incoming htlc(%x) has incorrect time-lock value: "+
htlcswitch: check channel policy for local htlcs
2019-04-19 11:11:16 +02:00
"expected at least %v block delta, got %v block delta",
payHash[:], timeDelta, incomingTimeout-outgoingTimeout)
// Grab the latest routing policy so the sending node is up to
// date with our current policy.
multi: rename ChannelUpdate to ChannelUpdate1 In preparation for adding a new ChannelUpdate2 message and a ChannelUpdate interface, we rename the existing message to ChannelUpdate1.
2024-08-21 08:39:37 +02:00
cb := func(upd *lnwire.ChannelUpdate1) lnwire.FailureMessage {
server+htlcswitch: prevent privacy leaks, allow alias routing This intent of this change is to prevent privacy leaks when routing with aliases and also to allow routing when using an alias. The aliases are our aliases. Introduces are two maps: * aliasToReal: This is an N->1 mapping for a channel. The keys are the set of aliases and the value is the confirmed, on-chain SCID. * baseIndex: This is also an N->1 mapping for a channel. The keys are the set of aliases and the value is the "base" SCID (whatever is in the OpenChannel.ShortChannelID field). There is also a base->base mapping, so not all keys are aliases. The above maps are populated when a link is added to the switch and when the channel has confirmed on-chain. The maps are not removed from if the link is removed, but this is fine since forwarding won't occur. * getLinkByMapping This function is introduced to adhere to the spec requirements that using the confirmed SCID of a private, scid-alias-feature-bit channel does not work. Lnd implements a stricter version of the spec and disallows this behavior if the feature-bit was negotiated, rather than just the channel type. The old, privacy-leak behavior is preserved. The spec also requires that if we must fail back an HTLC, the ChannelUpdate must use the SCID of whatever was in the onion, to avoid a privacy leak. This is also done by passing in the relevant SCID to the mailbox and link. Lnd will also cancel back on the "incoming" side if the InterceptableSwitch was used or if the link failed to decrypt the onion. In this case, we are cautious and replace the SCID if an alias exists.
2022-04-04 22:44:51 +02:00
return lnwire.NewIncorrectCltvExpiry(
incomingTimeout, *upd,
)
}
failure := l.createFailureWithUpdate(false, originalScid, cb)
htlcswitch: use LinkError for internal errors Update the ChannelLink interface to specifically return the LinkError struct. This error implements the ClearTextError interface, so will be picked up as a routing realted error by the router. With LinkErrors implemented, the switch now returns a LinkError for all failures on our incoming/outgoing link and ForwardingError when the failure occurs down the line.
2020-01-14 14:07:42 +01:00
return NewLinkError(failure)
htlcswitch: check channel policy for local htlcs
2019-04-19 11:11:16 +02:00
}
return nil
}
htlcswitch: use LinkError for internal errors Update the ChannelLink interface to specifically return the LinkError struct. This error implements the ClearTextError interface, so will be picked up as a routing realted error by the router. With LinkErrors implemented, the switch now returns a LinkError for all failures on our incoming/outgoing link and ForwardingError when the failure occurs down the line.
2020-01-14 14:07:42 +01:00
// CheckHtlcTransit should return a nil error if the passed HTLC details
// satisfy the current channel policy. Otherwise, a LinkError with a
// valid protocol failure message should be returned in order to signal
// the violation. This call is intended to be used for locally initiated
// payments for which there is no corresponding incoming htlc.
htlcswitch: rename policy check functions
2019-09-27 16:21:34 +02:00
func (l *channelLink) CheckHtlcTransit(payHash [32]byte,
htlcswitch: check channel policy for local htlcs
2019-04-19 11:11:16 +02:00
amt lnwire.MilliSatoshi, timeout uint32,
htlcswitch: use LinkError for internal errors Update the ChannelLink interface to specifically return the LinkError struct. This error implements the ClearTextError interface, so will be picked up as a routing realted error by the router. With LinkErrors implemented, the switch now returns a LinkError for all failures on our incoming/outgoing link and ForwardingError when the failure occurs down the line.
2020-01-14 14:07:42 +01:00
heightNow uint32) *LinkError {
htlcswitch: check channel policy for local htlcs
2019-04-19 11:11:16 +02:00
l.RLock()
policy := l.cfg.FwrdingPolicy
l.RUnlock()
server+htlcswitch: prevent privacy leaks, allow alias routing This intent of this change is to prevent privacy leaks when routing with aliases and also to allow routing when using an alias. The aliases are our aliases. Introduces are two maps: * aliasToReal: This is an N->1 mapping for a channel. The keys are the set of aliases and the value is the confirmed, on-chain SCID. * baseIndex: This is also an N->1 mapping for a channel. The keys are the set of aliases and the value is the "base" SCID (whatever is in the OpenChannel.ShortChannelID field). There is also a base->base mapping, so not all keys are aliases. The above maps are populated when a link is added to the switch and when the channel has confirmed on-chain. The maps are not removed from if the link is removed, but this is fine since forwarding won't occur. * getLinkByMapping This function is introduced to adhere to the spec requirements that using the confirmed SCID of a private, scid-alias-feature-bit channel does not work. Lnd implements a stricter version of the spec and disallows this behavior if the feature-bit was negotiated, rather than just the channel type. The old, privacy-leak behavior is preserved. The spec also requires that if we must fail back an HTLC, the ChannelUpdate must use the SCID of whatever was in the onion, to avoid a privacy leak. This is also done by passing in the relevant SCID to the mailbox and link. Lnd will also cancel back on the "incoming" side if the InterceptableSwitch was used or if the link failed to decrypt the onion. In this case, we are cautious and replace the SCID if an alias exists.
2022-04-04 22:44:51 +02:00
// We pass in hop.Source here as this is only used in the Switch when
// trying to send over a local link. This causes the fallback mechanism
// to occur.
htlcswitch: rename policy check functions
2019-09-27 16:21:34 +02:00
return l.canSendHtlc(
server+htlcswitch: prevent privacy leaks, allow alias routing This intent of this change is to prevent privacy leaks when routing with aliases and also to allow routing when using an alias. The aliases are our aliases. Introduces are two maps: * aliasToReal: This is an N->1 mapping for a channel. The keys are the set of aliases and the value is the confirmed, on-chain SCID. * baseIndex: This is also an N->1 mapping for a channel. The keys are the set of aliases and the value is the "base" SCID (whatever is in the OpenChannel.ShortChannelID field). There is also a base->base mapping, so not all keys are aliases. The above maps are populated when a link is added to the switch and when the channel has confirmed on-chain. The maps are not removed from if the link is removed, but this is fine since forwarding won't occur. * getLinkByMapping This function is introduced to adhere to the spec requirements that using the confirmed SCID of a private, scid-alias-feature-bit channel does not work. Lnd implements a stricter version of the spec and disallows this behavior if the feature-bit was negotiated, rather than just the channel type. The old, privacy-leak behavior is preserved. The spec also requires that if we must fail back an HTLC, the ChannelUpdate must use the SCID of whatever was in the onion, to avoid a privacy leak. This is also done by passing in the relevant SCID to the mailbox and link. Lnd will also cancel back on the "incoming" side if the InterceptableSwitch was used or if the link failed to decrypt the onion. In this case, we are cautious and replace the SCID if an alias exists.
2022-04-04 22:44:51 +02:00
policy, payHash, amt, timeout, heightNow, hop.Source,
htlcswitch: check channel policy for local htlcs
2019-04-19 11:11:16 +02:00
)
}
htlcswitch: fix documentation
2021-05-15 12:07:13 +02:00
// canSendHtlc checks whether the given htlc parameters satisfy
htlcswitch: check channel policy for local htlcs
2019-04-19 11:11:16 +02:00
// the channel's amount and time lock constraints.
multi: use fwding policy from models pkg
2023-07-17 12:53:24 +02:00
func (l *channelLink) canSendHtlc(policy models.ForwardingPolicy,
htlcswitch: check channel policy for local htlcs
2019-04-19 11:11:16 +02:00
payHash [32]byte, amt lnwire.MilliSatoshi, timeout uint32,
server+htlcswitch: prevent privacy leaks, allow alias routing This intent of this change is to prevent privacy leaks when routing with aliases and also to allow routing when using an alias. The aliases are our aliases. Introduces are two maps: * aliasToReal: This is an N->1 mapping for a channel. The keys are the set of aliases and the value is the confirmed, on-chain SCID. * baseIndex: This is also an N->1 mapping for a channel. The keys are the set of aliases and the value is the "base" SCID (whatever is in the OpenChannel.ShortChannelID field). There is also a base->base mapping, so not all keys are aliases. The above maps are populated when a link is added to the switch and when the channel has confirmed on-chain. The maps are not removed from if the link is removed, but this is fine since forwarding won't occur. * getLinkByMapping This function is introduced to adhere to the spec requirements that using the confirmed SCID of a private, scid-alias-feature-bit channel does not work. Lnd implements a stricter version of the spec and disallows this behavior if the feature-bit was negotiated, rather than just the channel type. The old, privacy-leak behavior is preserved. The spec also requires that if we must fail back an HTLC, the ChannelUpdate must use the SCID of whatever was in the onion, to avoid a privacy leak. This is also done by passing in the relevant SCID to the mailbox and link. Lnd will also cancel back on the "incoming" side if the InterceptableSwitch was used or if the link failed to decrypt the onion. In this case, we are cautious and replace the SCID if an alias exists.
2022-04-04 22:44:51 +02:00
heightNow uint32, originalScid lnwire.ShortChannelID) *LinkError {
htlcswitch: check channel policy for local htlcs
2019-04-19 11:11:16 +02:00
htlcswitch: perform fee related checks at forwarding time In this commit, we fix a very old, lingering bug within the link. When accepting an HTLC we are meant to validate the fee against the constraints of the *outgoing* link. This is due to the fact that we're offering a payment transit service on our outgoing link. Before this commit, we would use the policies of the *incoming* link. This would at times lead to odd routing errors as we would go to route, get an error update and then route again, repeating the process. With this commit, we'll properly use the incoming link for timelock related constraints, and the outgoing link for fee related constraints. We do this by introducing a new HtlcSatisfiesPolicy method in the link. This method should return a non-nil error if the link can carry the HTLC as it satisfies its current forwarding policy. We'll use this method now at *forwarding* time to ensure that we only forward to links that actually accept the policy. This fixes a number of bugs that existed before that could result in a link accepting an HTLC that actually violated its policy. In the case that the policy is violated for *all* links, we take care to return the error returned by the *target* link so the caller can update their sending accordingly. In this commit, we also remove the prior linkControl channel in the channelLink. Instead, of sending a message to update the internal link policy, we'll use a mutex in place. This simplifies the code, and also adds some necessary refactoring in anticipation of the next follow up commit.
2018-04-04 04:51:40 +02:00
// As our first sanity check, we'll ensure that the passed HTLC isn't
// too small for the next hop. If so, then we'll cancel the HTLC
// directly.
multi: distinguish between htlc in and out constraints
2019-11-15 10:09:27 +01:00
if amt < policy.MinHTLCOut {
htlcswitch: change errors to warnings for issues caused by bogus incoming HTLC data
2021-05-17 12:13:59 +02:00
l.log.Warnf("outgoing htlc(%x) is too small: min_htlc=%v, "+
multi: distinguish between htlc in and out constraints
2019-11-15 10:09:27 +01:00
"htlc_value=%v", payHash[:], policy.MinHTLCOut,
htlcswitch: check channel policy for local htlcs
2019-04-19 11:11:16 +02:00
amt)
htlcswitch: perform fee related checks at forwarding time In this commit, we fix a very old, lingering bug within the link. When accepting an HTLC we are meant to validate the fee against the constraints of the *outgoing* link. This is due to the fact that we're offering a payment transit service on our outgoing link. Before this commit, we would use the policies of the *incoming* link. This would at times lead to odd routing errors as we would go to route, get an error update and then route again, repeating the process. With this commit, we'll properly use the incoming link for timelock related constraints, and the outgoing link for fee related constraints. We do this by introducing a new HtlcSatisfiesPolicy method in the link. This method should return a non-nil error if the link can carry the HTLC as it satisfies its current forwarding policy. We'll use this method now at *forwarding* time to ensure that we only forward to links that actually accept the policy. This fixes a number of bugs that existed before that could result in a link accepting an HTLC that actually violated its policy. In the case that the policy is violated for *all* links, we take care to return the error returned by the *target* link so the caller can update their sending accordingly. In this commit, we also remove the prior linkControl channel in the channelLink. Instead, of sending a message to update the internal link policy, we'll use a mutex in place. This simplifies the code, and also adds some necessary refactoring in anticipation of the next follow up commit.
2018-04-04 04:51:40 +02:00
// As part of the returned error, we'll send our latest routing
// policy so the sending node obtains the most up to date data.
multi: rename ChannelUpdate to ChannelUpdate1 In preparation for adding a new ChannelUpdate2 message and a ChannelUpdate interface, we rename the existing message to ChannelUpdate1.
2024-08-21 08:39:37 +02:00
cb := func(upd *lnwire.ChannelUpdate1) lnwire.FailureMessage {
server+htlcswitch: prevent privacy leaks, allow alias routing This intent of this change is to prevent privacy leaks when routing with aliases and also to allow routing when using an alias. The aliases are our aliases. Introduces are two maps: * aliasToReal: This is an N->1 mapping for a channel. The keys are the set of aliases and the value is the confirmed, on-chain SCID. * baseIndex: This is also an N->1 mapping for a channel. The keys are the set of aliases and the value is the "base" SCID (whatever is in the OpenChannel.ShortChannelID field). There is also a base->base mapping, so not all keys are aliases. The above maps are populated when a link is added to the switch and when the channel has confirmed on-chain. The maps are not removed from if the link is removed, but this is fine since forwarding won't occur. * getLinkByMapping This function is introduced to adhere to the spec requirements that using the confirmed SCID of a private, scid-alias-feature-bit channel does not work. Lnd implements a stricter version of the spec and disallows this behavior if the feature-bit was negotiated, rather than just the channel type. The old, privacy-leak behavior is preserved. The spec also requires that if we must fail back an HTLC, the ChannelUpdate must use the SCID of whatever was in the onion, to avoid a privacy leak. This is also done by passing in the relevant SCID to the mailbox and link. Lnd will also cancel back on the "incoming" side if the InterceptableSwitch was used or if the link failed to decrypt the onion. In this case, we are cautious and replace the SCID if an alias exists.
2022-04-04 22:44:51 +02:00
return lnwire.NewAmountBelowMinimum(amt, *upd)
}
failure := l.createFailureWithUpdate(false, originalScid, cb)
htlcswitch: use LinkError for internal errors Update the ChannelLink interface to specifically return the LinkError struct. This error implements the ClearTextError interface, so will be picked up as a routing realted error by the router. With LinkErrors implemented, the switch now returns a LinkError for all failures on our incoming/outgoing link and ForwardingError when the failure occurs down the line.
2020-01-14 14:07:42 +01:00
return NewLinkError(failure)
htlcswitch: add a new UpdateFeePolicy to ChannelLink interface This commit adds a new method to the ChannelLink interface which is meant to allow outside sub-system to update the forwarding policy of a channel. This can be triggered either by a new RPC method, or automatically by some sort of control system which seeks to optimize fee revenue, or block off channels, etc.
2017-06-17 00:01:00 +02:00
}
htlcswitch: extract failure message creation
2019-09-27 16:01:18 +02:00
// Next, ensure that the passed HTLC isn't too large. If so, we'll
// cancel the HTLC directly.
htlcswitch: check channel policy for local htlcs
2019-04-19 11:11:16 +02:00
if policy.MaxHTLC != 0 && amt > policy.MaxHTLC {
htlcswitch: change errors to warnings for issues caused by bogus incoming HTLC data
2021-05-17 12:13:59 +02:00
l.log.Warnf("outgoing htlc(%x) is too large: max_htlc=%v, "+
htlcswitch: check channel policy for local htlcs
2019-04-19 11:11:16 +02:00
"htlc_value=%v", payHash[:], policy.MaxHTLC, amt)
htlcswitch/link: verify an htlc is not too large in HtlcSatifiesPolicy Before forwarding an HTLC, ensure that the amount to forward including fees does not exceed the max HTLC set for the channel link.
2018-12-09 03:21:18 +01:00
htlcswitch: extract failure message creation
2019-09-27 16:01:18 +02:00
// As part of the returned error, we'll send our latest routing
// policy so the sending node obtains the most up-to-date data.
multi: rename ChannelUpdate to ChannelUpdate1 In preparation for adding a new ChannelUpdate2 message and a ChannelUpdate interface, we rename the existing message to ChannelUpdate1.
2024-08-21 08:39:37 +02:00
cb := func(upd *lnwire.ChannelUpdate1) lnwire.FailureMessage {
server+htlcswitch: prevent privacy leaks, allow alias routing This intent of this change is to prevent privacy leaks when routing with aliases and also to allow routing when using an alias. The aliases are our aliases. Introduces are two maps: * aliasToReal: This is an N->1 mapping for a channel. The keys are the set of aliases and the value is the confirmed, on-chain SCID. * baseIndex: This is also an N->1 mapping for a channel. The keys are the set of aliases and the value is the "base" SCID (whatever is in the OpenChannel.ShortChannelID field). There is also a base->base mapping, so not all keys are aliases. The above maps are populated when a link is added to the switch and when the channel has confirmed on-chain. The maps are not removed from if the link is removed, but this is fine since forwarding won't occur. * getLinkByMapping This function is introduced to adhere to the spec requirements that using the confirmed SCID of a private, scid-alias-feature-bit channel does not work. Lnd implements a stricter version of the spec and disallows this behavior if the feature-bit was negotiated, rather than just the channel type. The old, privacy-leak behavior is preserved. The spec also requires that if we must fail back an HTLC, the ChannelUpdate must use the SCID of whatever was in the onion, to avoid a privacy leak. This is also done by passing in the relevant SCID to the mailbox and link. Lnd will also cancel back on the "incoming" side if the InterceptableSwitch was used or if the link failed to decrypt the onion. In this case, we are cautious and replace the SCID if an alias exists.
2022-04-04 22:44:51 +02:00
return lnwire.NewTemporaryChannelFailure(upd)
}
failure := l.createFailureWithUpdate(false, originalScid, cb)
htlcswitch: rename FailureDetail to OutgoingFailure Rename FailureDetail in a separate commit so that a FailureDetail interface can be introduced in the following commit. OutgoingFailureOnionDecode is renamed to OutgoingFailureDecodeError to specifically indicate that we could not decode the wire failure that our payment experienced.
2020-02-06 18:35:16 +01:00
return NewDetailedLinkError(failure, OutgoingFailureHTLCExceedsMax)
htlcswitch/link: verify an htlc is not too large in HtlcSatifiesPolicy Before forwarding an HTLC, ensure that the amount to forward including fees does not exceed the max HTLC set for the channel link.
2018-12-09 03:21:18 +01:00
}
link: also check expiry grace delta for forwarded htlcs Previously there was no minimum remaining blocks requirement on forwarded htlcs, which may cause channel arbitrator to force close the channel directly after forwarding the htlc. Co-authored-by: Jim Posen <jim.posen@gmail.com>
2019-03-26 11:54:08 +01:00
// We want to avoid offering an HTLC which will expire in the near
link: rewrite height comparisons without subtraction Prevent the case where a uint32 wrap around could happen.
2019-04-05 10:50:00 +02:00
// future, so we'll reject an HTLC if the outgoing expiration time is
// too close to the current height.
htlcswitch: check channel policy for local htlcs
2019-04-19 11:11:16 +02:00
if timeout <= heightNow+l.cfg.OutgoingCltvRejectDelta {
htlcswitch: change errors to warnings for issues caused by bogus incoming HTLC data
2021-05-17 12:13:59 +02:00
l.log.Warnf("htlc(%x) has an expiry that's too soon: "+
htlcswitch: move timelock policy verification logic to HtlcSatifiesPolicy In this commit, we extract the time lock policy verification logic from the processRemoteAdds method to the HtlcSatifiesPolicy method. With this change, we fix a lingering bug within the link: we'll no longer verify time lock polices within the incoming link, instead we'll verify it at forwarding time like we should. This is a bug left over from the switch of what the CLTV delta denotes in the channel update message we made within the spec sometime last year.
2018-06-26 05:23:10 +02:00
"outgoing_expiry=%v, best_height=%v", payHash[:],
htlcswitch: check channel policy for local htlcs
2019-04-19 11:11:16 +02:00
timeout, heightNow)
server+htlcswitch: prevent privacy leaks, allow alias routing This intent of this change is to prevent privacy leaks when routing with aliases and also to allow routing when using an alias. The aliases are our aliases. Introduces are two maps: * aliasToReal: This is an N->1 mapping for a channel. The keys are the set of aliases and the value is the confirmed, on-chain SCID. * baseIndex: This is also an N->1 mapping for a channel. The keys are the set of aliases and the value is the "base" SCID (whatever is in the OpenChannel.ShortChannelID field). There is also a base->base mapping, so not all keys are aliases. The above maps are populated when a link is added to the switch and when the channel has confirmed on-chain. The maps are not removed from if the link is removed, but this is fine since forwarding won't occur. * getLinkByMapping This function is introduced to adhere to the spec requirements that using the confirmed SCID of a private, scid-alias-feature-bit channel does not work. Lnd implements a stricter version of the spec and disallows this behavior if the feature-bit was negotiated, rather than just the channel type. The old, privacy-leak behavior is preserved. The spec also requires that if we must fail back an HTLC, the ChannelUpdate must use the SCID of whatever was in the onion, to avoid a privacy leak. This is also done by passing in the relevant SCID to the mailbox and link. Lnd will also cancel back on the "incoming" side if the InterceptableSwitch was used or if the link failed to decrypt the onion. In this case, we are cautious and replace the SCID if an alias exists.
2022-04-04 22:44:51 +02:00
multi: rename ChannelUpdate to ChannelUpdate1 In preparation for adding a new ChannelUpdate2 message and a ChannelUpdate interface, we rename the existing message to ChannelUpdate1.
2024-08-21 08:39:37 +02:00
cb := func(upd *lnwire.ChannelUpdate1) lnwire.FailureMessage {
server+htlcswitch: prevent privacy leaks, allow alias routing This intent of this change is to prevent privacy leaks when routing with aliases and also to allow routing when using an alias. The aliases are our aliases. Introduces are two maps: * aliasToReal: This is an N->1 mapping for a channel. The keys are the set of aliases and the value is the confirmed, on-chain SCID. * baseIndex: This is also an N->1 mapping for a channel. The keys are the set of aliases and the value is the "base" SCID (whatever is in the OpenChannel.ShortChannelID field). There is also a base->base mapping, so not all keys are aliases. The above maps are populated when a link is added to the switch and when the channel has confirmed on-chain. The maps are not removed from if the link is removed, but this is fine since forwarding won't occur. * getLinkByMapping This function is introduced to adhere to the spec requirements that using the confirmed SCID of a private, scid-alias-feature-bit channel does not work. Lnd implements a stricter version of the spec and disallows this behavior if the feature-bit was negotiated, rather than just the channel type. The old, privacy-leak behavior is preserved. The spec also requires that if we must fail back an HTLC, the ChannelUpdate must use the SCID of whatever was in the onion, to avoid a privacy leak. This is also done by passing in the relevant SCID to the mailbox and link. Lnd will also cancel back on the "incoming" side if the InterceptableSwitch was used or if the link failed to decrypt the onion. In this case, we are cautious and replace the SCID if an alias exists.
2022-04-04 22:44:51 +02:00
return lnwire.NewExpiryTooSoon(*upd)
}
failure := l.createFailureWithUpdate(false, originalScid, cb)
htlcswitch: use LinkError for internal errors Update the ChannelLink interface to specifically return the LinkError struct. This error implements the ClearTextError interface, so will be picked up as a routing realted error by the router. With LinkErrors implemented, the switch now returns a LinkError for all failures on our incoming/outgoing link and ForwardingError when the failure occurs down the line.
2020-01-14 14:07:42 +01:00
return NewLinkError(failure)
htlcswitch: move timelock policy verification logic to HtlcSatifiesPolicy In this commit, we extract the time lock policy verification logic from the processRemoteAdds method to the HtlcSatifiesPolicy method. With this change, we fix a lingering bug within the link: we'll no longer verify time lock polices within the incoming link, instead we'll verify it at forwarding time like we should. This is a bug left over from the switch of what the CLTV delta denotes in the channel update message we made within the spec sometime last year.
2018-06-26 05:23:10 +02:00
}
link: rewrite height comparisons without subtraction Prevent the case where a uint32 wrap around could happen.
2019-04-05 10:50:00 +02:00
// Check absolute max delta.
htlcswitch+lnd: make max cltv expiry configurable
2019-07-27 03:05:58 +02:00
if timeout > l.cfg.MaxOutgoingCltvExpiry+heightNow {
htlcswitch: change errors to warnings for issues caused by bogus incoming HTLC data
2021-05-17 12:13:59 +02:00
l.log.Warnf("outgoing htlc(%x) has a time lock too far in "+
htlcswitch: use prefix logger in link
2019-10-01 11:06:56 +02:00
"the future: got %v, but maximum is %v", payHash[:],
htlcswitch+lnd: make max cltv expiry configurable
2019-07-27 03:05:58 +02:00
timeout-heightNow, l.cfg.MaxOutgoingCltvExpiry)
htlcswitch+routing: implement expiry_too_far failure In this commit we add a check to HtlcSatifiesPolicy to verify that the time lock for the outgoing htlc that is requested in the onion packet isn't too far in the future. Without this check, anyone could force an unreasonably long time lock on the forwarding node.
2018-10-15 08:41:56 +02:00
htlcswitch: use LinkError for internal errors Update the ChannelLink interface to specifically return the LinkError struct. This error implements the ClearTextError interface, so will be picked up as a routing realted error by the router. With LinkErrors implemented, the switch now returns a LinkError for all failures on our incoming/outgoing link and ForwardingError when the failure occurs down the line.
2020-01-14 14:07:42 +01:00
return NewLinkError(&lnwire.FailExpiryTooFar{})
htlcswitch+routing: implement expiry_too_far failure In this commit we add a check to HtlcSatifiesPolicy to verify that the time lock for the outgoing htlc that is requested in the onion packet isn't too far in the future. Without this check, anyone could force an unreasonably long time lock on the forwarding node.
2018-10-15 08:41:56 +02:00
}
htlcswitch: fix returned failure for insufficient balance In the scenario where the requested channel does not have enough balance and another channel towards the same node generates a different failure, we erroneously returned UnknownNextPeer instead of the expected TemporaryChannelFailure. This commit rewrites the non-strict forwarding logic in the switch to return the proper failure message. Part of this is moving the link balance check inside the link.
2019-09-27 16:49:16 +02:00
// Check to see if there is enough balance in this channel.
if amt > l.Bandwidth() {
htlcswitch: change errors to warnings for issues caused by bogus incoming HTLC data
2021-05-17 12:13:59 +02:00
l.log.Warnf("insufficient bandwidth to route htlc: %v is "+
htlcswitch: add detailed "insufficient bandwidth" log message fixes #5250
2021-05-15 12:07:51 +02:00
"larger than %v", amt, l.Bandwidth())
multi: rename ChannelUpdate to ChannelUpdate1 In preparation for adding a new ChannelUpdate2 message and a ChannelUpdate interface, we rename the existing message to ChannelUpdate1.
2024-08-21 08:39:37 +02:00
cb := func(upd *lnwire.ChannelUpdate1) lnwire.FailureMessage {
server+htlcswitch: prevent privacy leaks, allow alias routing This intent of this change is to prevent privacy leaks when routing with aliases and also to allow routing when using an alias. The aliases are our aliases. Introduces are two maps: * aliasToReal: This is an N->1 mapping for a channel. The keys are the set of aliases and the value is the confirmed, on-chain SCID. * baseIndex: This is also an N->1 mapping for a channel. The keys are the set of aliases and the value is the "base" SCID (whatever is in the OpenChannel.ShortChannelID field). There is also a base->base mapping, so not all keys are aliases. The above maps are populated when a link is added to the switch and when the channel has confirmed on-chain. The maps are not removed from if the link is removed, but this is fine since forwarding won't occur. * getLinkByMapping This function is introduced to adhere to the spec requirements that using the confirmed SCID of a private, scid-alias-feature-bit channel does not work. Lnd implements a stricter version of the spec and disallows this behavior if the feature-bit was negotiated, rather than just the channel type. The old, privacy-leak behavior is preserved. The spec also requires that if we must fail back an HTLC, the ChannelUpdate must use the SCID of whatever was in the onion, to avoid a privacy leak. This is also done by passing in the relevant SCID to the mailbox and link. Lnd will also cancel back on the "incoming" side if the InterceptableSwitch was used or if the link failed to decrypt the onion. In this case, we are cautious and replace the SCID if an alias exists.
2022-04-04 22:44:51 +02:00
return lnwire.NewTemporaryChannelFailure(upd)
}
failure := l.createFailureWithUpdate(false, originalScid, cb)
htlcswitch: use LinkError for internal errors Update the ChannelLink interface to specifically return the LinkError struct. This error implements the ClearTextError interface, so will be picked up as a routing realted error by the router. With LinkErrors implemented, the switch now returns a LinkError for all failures on our incoming/outgoing link and ForwardingError when the failure occurs down the line.
2020-01-14 14:07:42 +01:00
return NewDetailedLinkError(
htlcswitch: rename FailureDetail to OutgoingFailure Rename FailureDetail in a separate commit so that a FailureDetail interface can be introduced in the following commit. OutgoingFailureOnionDecode is renamed to OutgoingFailureDecodeError to specifically indicate that we could not decode the wire failure that our payment experienced.
2020-02-06 18:35:16 +01:00
failure, OutgoingFailureInsufficientBalance,
htlcswitch: use LinkError for internal errors Update the ChannelLink interface to specifically return the LinkError struct. This error implements the ClearTextError interface, so will be picked up as a routing realted error by the router. With LinkErrors implemented, the switch now returns a LinkError for all failures on our incoming/outgoing link and ForwardingError when the failure occurs down the line.
2020-01-14 14:07:42 +01:00
)
htlcswitch: fix returned failure for insufficient balance In the scenario where the requested channel does not have enough balance and another channel towards the same node generates a different failure, we erroneously returned UnknownNextPeer instead of the expected TemporaryChannelFailure. This commit rewrites the non-strict forwarding logic in the switch to return the proper failure message. Part of this is moving the link balance check inside the link.
2019-09-27 16:49:16 +02:00
}
htlcswitch: perform fee related checks at forwarding time In this commit, we fix a very old, lingering bug within the link. When accepting an HTLC we are meant to validate the fee against the constraints of the *outgoing* link. This is due to the fact that we're offering a payment transit service on our outgoing link. Before this commit, we would use the policies of the *incoming* link. This would at times lead to odd routing errors as we would go to route, get an error update and then route again, repeating the process. With this commit, we'll properly use the incoming link for timelock related constraints, and the outgoing link for fee related constraints. We do this by introducing a new HtlcSatisfiesPolicy method in the link. This method should return a non-nil error if the link can carry the HTLC as it satisfies its current forwarding policy. We'll use this method now at *forwarding* time to ensure that we only forward to links that actually accept the policy. This fixes a number of bugs that existed before that could result in a link accepting an HTLC that actually violated its policy. In the case that the policy is violated for *all* links, we take care to return the error returned by the *target* link so the caller can update their sending accordingly. In this commit, we also remove the prior linkControl channel in the channelLink. Instead, of sending a message to update the internal link policy, we'll use a mutex in place. This simplifies the code, and also adds some necessary refactoring in anticipation of the next follow up commit.
2018-04-04 04:51:40 +02:00
return nil
htlcswitch: add a new UpdateFeePolicy to ChannelLink interface This commit adds a new method to the ChannelLink interface which is meant to allow outside sub-system to update the forwarding policy of a channel. This can be triggered either by a new RPC method, or automatically by some sort of control system which seeks to optimize fee revenue, or block off channels, etc.
2017-06-17 00:01:00 +02:00
}
htlcswitch: re-introduce dynamic commitment log tick timer This commit fixes a slight regression in the logic of the switch by ensuring that the log commitment timer is only start _after_ we receive a new commitment signature. Otherwise, the ticker will keep ticking and possibly settle HTLC’s that’ve yet to be locked in, or waste a signature causing us to be deprived of a revocation which is required for us to initiate a new state transition. Additionally, the commit performs a few minor post-merge clean ups.
2017-06-01 01:43:37 +02:00
// Stats returns the statistics of channel link.
//
htlcswitch: make channel link implements interface Step №2 in making htlcManager (aka channelLink) testable: Implement the ChannelLink interface which is needed to use it in pair with htlc switch. With this commit channel link impelements interface, but isn't able to operate properly yet.
2017-05-03 16:07:55 +02:00
// NOTE: Part of the ChannelLink interface.
Htlcswitch: switch all accounting and forwarding decisions to use mSAT's
2017-08-22 08:36:43 +02:00
func (l *channelLink) Stats() (uint64, lnwire.MilliSatoshi, lnwire.MilliSatoshi) {
htlcswitch: make channel link implements interface Step №2 in making htlcManager (aka channelLink) testable: Implement the ChannelLink interface which is needed to use it in pair with htlc switch. With this commit channel link impelements interface, but isn't able to operate properly yet.
2017-05-03 16:07:55 +02:00
snapshot := l.channel.StateSnapshot()
htlcswitch: add new UpdateForwardingPolicies method This commit adds a new method to the HtlcSwitch: UpdateForwardingPolicies. With this method callers are now able to modify the forwarding policies of all, or some currently active links. We also make a slight modification to the way that forwarding policy updates are handled within the links themselves to ensure that we don’t override with a zero value for any of the fields.
2017-08-22 08:50:12 +02:00
htlcswitch: update link to adhere to new channeldb API's
2017-11-10 23:58:28 +01:00
return snapshot.ChannelCommitment.CommitHeight,
snapshot.TotalMSatSent,
snapshot.TotalMSatReceived
htlcswitch: make channel link implements interface Step №2 in making htlcManager (aka channelLink) testable: Implement the ChannelLink interface which is needed to use it in pair with htlc switch. With this commit channel link impelements interface, but isn't able to operate properly yet.
2017-05-03 16:07:55 +02:00
}
// String returns the string representation of channel link.
htlcswitch: re-introduce dynamic commitment log tick timer This commit fixes a slight regression in the logic of the switch by ensuring that the log commitment timer is only start _after_ we receive a new commitment signature. Otherwise, the ticker will keep ticking and possibly settle HTLC’s that’ve yet to be locked in, or waste a signature causing us to be deprived of a revocation which is required for us to initiate a new state transition. Additionally, the commit performs a few minor post-merge clean ups.
2017-06-01 01:43:37 +02:00
//
htlcswitch: make channel link implements interface Step №2 in making htlcManager (aka channelLink) testable: Implement the ChannelLink interface which is needed to use it in pair with htlc switch. With this commit channel link impelements interface, but isn't able to operate properly yet.
2017-05-03 16:07:55 +02:00
// NOTE: Part of the ChannelLink interface.
func (l *channelLink) String() string {
return l.channel.ChannelPoint().String()
}
htlcswitch: introduce and embed packetHandler interface in ChannelLink This will allow separating the now-private *htlcPacket methods from the publicly-used ChannelLink interface methods.
2021-08-03 20:59:15 +02:00
// handleSwitchPacket handles the switch packets. This packets which might be
htlcswitch: re-introduce dynamic commitment log tick timer This commit fixes a slight regression in the logic of the switch by ensuring that the log commitment timer is only start _after_ we receive a new commitment signature. Otherwise, the ticker will keep ticking and possibly settle HTLC’s that’ve yet to be locked in, or waste a signature causing us to be deprived of a revocation which is required for us to initiate a new state transition. Additionally, the commit performs a few minor post-merge clean ups.
2017-06-01 01:43:37 +02:00
// forwarded to us from another channel link in case the htlc update came from
// another peer or if the update was created by user
//
htlcswitch: introduce and embed packetHandler interface in ChannelLink This will allow separating the now-private *htlcPacket methods from the publicly-used ChannelLink interface methods.
2021-08-03 20:59:15 +02:00
// NOTE: Part of the packetHandler interface.
func (l *channelLink) handleSwitchPacket(pkt *htlcPacket) error {
htlcswitch: use prefix logger in link
2019-10-01 11:06:56 +02:00
l.log.Tracef("received switch packet inkey=%v, outkey=%v",
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
pkt.inKey(), pkt.outKey())
htlcswitch: add additional comments and logging
2018-03-13 02:52:52 +01:00
htlcswitch/link: return error from AddPacket
2020-04-15 07:33:53 +02:00
return l.mailBox.AddPacket(pkt)
htlcswitch: make channel link implements interface Step №2 in making htlcManager (aka channelLink) testable: Implement the ChannelLink interface which is needed to use it in pair with htlc switch. With this commit channel link impelements interface, but isn't able to operate properly yet.
2017-05-03 16:07:55 +02:00
}
htlcswitch: re-introduce dynamic commitment log tick timer This commit fixes a slight regression in the logic of the switch by ensuring that the log commitment timer is only start _after_ we receive a new commitment signature. Otherwise, the ticker will keep ticking and possibly settle HTLC’s that’ve yet to be locked in, or waste a signature causing us to be deprived of a revocation which is required for us to initiate a new state transition. Additionally, the commit performs a few minor post-merge clean ups.
2017-06-01 01:43:37 +02:00
// HandleChannelUpdate handles the htlc requests as settle/add/fail which sent
// to us from remote peer we have a channel with.
//
htlcswitch: make channel link implements interface Step №2 in making htlcManager (aka channelLink) testable: Implement the ChannelLink interface which is needed to use it in pair with htlc switch. With this commit channel link impelements interface, but isn't able to operate properly yet.
2017-05-03 16:07:55 +02:00
// NOTE: Part of the ChannelLink interface.
func (l *channelLink) HandleChannelUpdate(message lnwire.Message) {
htlcswitch: fix HandleChannelUpdate by selecting on link's quit chan
2023-02-16 06:25:53 +01:00
select {
multi: link quit can interrupt commitment signing In this commit, we make sig job handling when singing a next commitment non-blocking by allowing the shutdown of a channel link to prevent further waiting on sig jobs by the channel state machine. This addresses possible cases where the aux signer may be shut down via a separate quit signal, so the state machine could block indefinitely on receiving an update on a sig job.
2024-10-17 13:38:34 +02:00
case <-l.Quit:
htlcswitch: fix HandleChannelUpdate by selecting on link's quit chan
2023-02-16 06:25:53 +01:00
// Return early if the link is already in the process of
// quitting. It doesn't make sense to hand the message to the
// mailbox here.
return
default:
}
htlcswitch: placate confused linter
2024-01-12 01:03:03 +01:00
err := l.mailBox.AddMessage(message)
if err != nil {
l.log.Errorf("failed to add Message to mailbox: %v", err)
}
htlcswitch: make channel link implements interface Step №2 in making htlcManager (aka channelLink) testable: Implement the ChannelLink interface which is needed to use it in pair with htlc switch. With this commit channel link impelements interface, but isn't able to operate properly yet.
2017-05-03 16:07:55 +02:00
}
htlcswitch: move onion blob processing Step №4 in making htlcManager (aka channelLink) testable: This step consist of two: 1. Start using the hop iterator abstraction, the concrete implementation of which will be added later, basically it will we the same sphinx onion packet processor, but wrapped in hop iterator abstraction. 2. The RevokAndAck processing part have been replaced by the "processLockedInHtlcs" function which implement the same logic, but make it a bit simpler. Such changes will allow as to get rid of the the unnecessary variables.
2017-05-03 17:57:13 +02:00
htlcswitch: handle update_fee message received from peer. This commit makes the channellink update a channel's fee if an update_fee message is received from the peer.
2017-07-14 20:40:42 +02:00
// updateChannelFee updates the commitment fee-per-kw on this channel by
// committing to an update_fee message.
chainfee: create new chainfee package extracting fees from lnwallet In this commit, we create a new chainfee package, that houses all fee related functionality used within the codebase. The creation of this new package furthers our long-term goal of extracting functionality from the bloated `lnwallet` package into new distinct packages. Additionally, this new packages resolves a class of import cycle that could arise if a new package that was imported by something in `lnwallet` wanted to use the existing fee related functions in the prior `lnwallet` package.
2019-10-31 03:43:05 +01:00
func (l *channelLink) updateChannelFee(feePerKw chainfee.SatPerKWeight) error {
[skip ci] htlcswitch: fix double sat/kw output
2023-05-04 15:38:51 +02:00
l.log.Infof("updating commit fee to %v", feePerKw)
htlcswitch: within link, with each new block, check to see if commit fee should change In this commit we add a new case to the main select statement within a channel link. This select statement will serve as a Sipping Bird which will check the network fee rate (as returned by the fee estimator) and compare that to the fee on the commitment transaction. Using the shouldAdjustCommitFee function, we determine if we should update the commitment fee. If so, then we’ll send an UpdateFee message and also trigger a new commitment update. We also add a new unit test: TestChannelLinkUpdateCommitFee to ensure that we update the fee accordingly if the fee increases or decreases by a large portion.
2017-11-24 05:31:45 +01:00
htlcswitch: don't add UpdateFee to channel if not able to forward This commit is a follow up to a prior commit which skipped sending the commitment sig message (and sending out the update fee) message if the channel wasn’t yet able to forward any HTLC’s. We’ll modify the prior commit to not add the fee update to the channel at all. Otherwise, we risk a state desynchronization.
2017-12-11 01:19:13 +01:00
// We skip sending the UpdateFee message if the channel is not
multi: comprehensive typo fixes across all packages
2018-02-07 04:11:11 +01:00
// currently eligible to forward messages.
htlcswitch: make link forward eligibility flush aware
2023-11-26 21:43:21 +01:00
if !l.EligibleToUpdate() {
htlcswitch: use prefix logger for remaining log statements in link
2019-10-01 11:16:24 +02:00
l.log.Debugf("skipping fee update for inactive channel")
htlcswitch: don't add UpdateFee to channel if not able to forward This commit is a follow up to a prior commit which skipped sending the commitment sig message (and sending out the update fee) message if the channel wasn’t yet able to forward any HTLC’s. We’ll modify the prior commit to not add the fee update to the channel at all. Otherwise, we risk a state desynchronization.
2017-12-11 01:19:13 +01:00
return nil
}
htlcswitch+lnwallet: calculate fee exposure as commit fees + dust This commit expands the definition of the dust limit to take into account commitment fees as well as dust HTLCs. The dust limit is now known as a fee exposure threshold. Dust HTLCs are fees anyways so it makes sense to account for commitment fees as well. The link has been modified slightly to calculate dust. In the future, the switch dust calculations can be removed.
2024-06-03 18:43:33 +02:00
// Check and see if our proposed fee-rate would make us exceed the fee
// threshold.
thresholdExceeded, err := l.exceedsFeeExposureLimit(feePerKw)
if err != nil {
// This shouldn't typically happen. If it does, it indicates
// something is wrong with our channel state.
return err
}
if thresholdExceeded {
return fmt.Errorf("link fee threshold exceeded")
}
htlcswitch: within link, with each new block, check to see if commit fee should change In this commit we add a new case to the main select statement within a channel link. This select statement will serve as a Sipping Bird which will check the network fee rate (as returned by the fee estimator) and compare that to the fee on the commitment transaction. Using the shouldAdjustCommitFee function, we determine if we should update the commitment fee. If so, then we’ll send an UpdateFee message and also trigger a new commitment update. We also add a new unit test: TestChannelLinkUpdateCommitFee to ensure that we update the fee accordingly if the fee increases or decreases by a large portion.
2017-11-24 05:31:45 +01:00
// First, we'll update the local fee on our commitment.
htlcswitch: handle update_fee message received from peer. This commit makes the channellink update a channel's fee if an update_fee message is received from the peer.
2017-07-14 20:40:42 +02:00
if err := l.channel.UpdateFee(feePerKw); err != nil {
return err
}
htlcswitch: extend ChannelLink iface with dustHandler iface This allows the Switch to determine the dust exposure of a certain channel and allows the link to set the feerate of the mailbox given a fee update.
2021-09-28 17:43:51 +02:00
// The fee passed the channel's validation checks, so we update the
// mailbox feerate.
l.mailBox.SetFeeRate(feePerKw)
htlcswitch: within link, with each new block, check to see if commit fee should change In this commit we add a new case to the main select statement within a channel link. This select statement will serve as a Sipping Bird which will check the network fee rate (as returned by the fee estimator) and compare that to the fee on the commitment transaction. Using the shouldAdjustCommitFee function, we determine if we should update the commitment fee. If so, then we’ll send an UpdateFee message and also trigger a new commitment update. We also add a new unit test: TestChannelLinkUpdateCommitFee to ensure that we update the fee accordingly if the fee increases or decreases by a large portion.
2017-11-24 05:31:45 +01:00
// We'll then attempt to send a new UpdateFee message, and also lock it
// in immediately by triggering a commitment update.
htlcswitch: update UpdateFee usage due to recent API change
2017-12-01 07:17:48 +01:00
msg := lnwire.NewUpdateFee(l.ChanID(), uint32(feePerKw))
htlcswitch/link: upgrade to use lnpeer.Peer.SendMessage
2018-06-08 05:17:15 +02:00
if err := l.cfg.Peer.SendMessage(false, msg); err != nil {
htlcswitch: within link, with each new block, check to see if commit fee should change In this commit we add a new case to the main select statement within a channel link. This select statement will serve as a Sipping Bird which will check the network fee rate (as returned by the fee estimator) and compare that to the fee on the commitment transaction. Using the shouldAdjustCommitFee function, we determine if we should update the commitment fee. If so, then we’ll send an UpdateFee message and also trigger a new commitment update. We also add a new unit test: TestChannelLinkUpdateCommitFee to ensure that we update the fee accordingly if the fee increases or decreases by a large portion.
2017-11-24 05:31:45 +01:00
return err
}
return l.updateCommitTx()
htlcswitch: handle update_fee message received from peer. This commit makes the channellink update a channel's fee if an update_fee message is received from the peer.
2017-07-14 20:40:42 +02:00
}
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
// processRemoteSettleFails accepts a batch of settle/fail payment descriptors
// after receiving a revocation from the remote party, and reprocesses them in
// the context of the provided forwarding package. Any settles or fails that
// have already been acknowledged in the forwarding package will not be sent to
// the switch.
htlcswitch: remove PaymentDescriptor from processRemoteSettleFails call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:28:44 +02:00
func (l *channelLink) processRemoteSettleFails(fwdPkg *channeldb.FwdPkg) {
if len(fwdPkg.SettleFails) == 0 {
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
return
}
channeldb+htlcswitch: make sure circuit is not nil in `teardownCircuit`
2023-11-14 20:58:54 +01:00
l.log.Debugf("settle-fail-filter: %v", fwdPkg.SettleFailFilter)
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
var switchPackets []*htlcPacket
htlcswitch: remove PaymentDescriptor from processRemoteSettleFails call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:28:44 +02:00
for i, update := range fwdPkg.SettleFails {
destRef := fwdPkg.DestRef(uint16(i))
htlcswitch: add additional comments and logging
2018-03-13 02:52:52 +01:00
// Skip any settles or fails that have already been
// acknowledged by the incoming link that originated the
// forwarded Add.
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
if fwdPkg.SettleFailFilter.Contains(uint16(i)) {
continue
}
htlcswitch: move onion blob processing Step №4 in making htlcManager (aka channelLink) testable: This step consist of two: 1. Start using the hop iterator abstraction, the concrete implementation of which will be added later, basically it will we the same sphinx onion packet processor, but wrapped in hop iterator abstraction. 2. The RevokAndAck processing part have been replaced by the "processLockedInHtlcs" function which implement the same logic, but make it a bit simpler. Such changes will allow as to get rid of the the unnecessary variables.
2017-05-03 17:57:13 +02:00
htlcswitch: add additional comments and logging
2018-03-13 02:52:52 +01:00
// TODO(roasbeef): rework log entries to a shared
// interface.
htlcswitch: remove PaymentDescriptor from processRemoteSettleFails call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:28:44 +02:00
switch msg := update.UpdateMsg.(type) {
htlcswitch: implement full HTLC onion payload validation logic This commit puts a missing piece in place by properly parsing and validating the per hop payload received in incoming HTLC’s. When forwarding HTLC’s we ensure that the payload recovered is consistent with our current forwarding policy. Additionally, when we’re the “exit node” for a payment, then we ensure that the HTLC extended matches up with our expectation w.r.t the payment amount to be received.
2017-06-16 23:58:02 +02:00
// A settle for an HTLC we previously forwarded HTLC has been
htlcswitch: when forwarding htlcs, set the incomingHtlcAmt
2018-02-28 07:14:44 +01:00
// received. So we'll forward the HTLC to the switch which will
// handle propagating the settle to the prior hop.
htlcswitch: remove PaymentDescriptor from processRemoteSettleFails call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:28:44 +02:00
case *lnwire.UpdateFulfillHTLC:
htlcswitch/link: adds HodlFlag breakpoints This commit inserts an initial set of HodlFlags into their correct places within the switch. In lieu of the existing HtlcHodl mode, it is been replaced with a configurable HodlMask, which is a bitvector representing the desired breakpoints. This will allow for fine grained testing of the switch's internals, since we can create arbitrary delays inside a otherwise asynchronous system.
2018-04-27 11:51:13 +02:00
// If hodl.SettleIncoming is requested, we will not
// forward the SETTLE to the switch and will not signal
// a free slot on the commitment transaction.
multi: remove debug invoices Debug invoices are rarely used nowadays, but keep asking for maintenance every time refactoring in primarily the invoice registry occurs. We have passed the cost/benefit tipping point, so therefore the debug invoice concept is removed in this commit. Previously the debughtlc flag also controlled whether hodl masks were active. It is safe to remove that additional condition because the hodl masks are still guarded by the dev build tag.
2019-08-14 19:57:31 +02:00
if l.cfg.HodlMask.Active(hodl.SettleIncoming) {
htlcswitch: use prefix logger in link
2019-10-01 11:06:56 +02:00
l.log.Warnf(hodl.SettleIncoming.Warning())
htlcswitch/link: adds HodlFlag breakpoints This commit inserts an initial set of HodlFlags into their correct places within the switch. In lieu of the existing HtlcHodl mode, it is been replaced with a configurable HodlMask, which is a bitvector representing the desired breakpoints. This will allow for fine grained testing of the switch's internals, since we can create arbitrary delays inside a otherwise asynchronous system.
2018-04-27 11:51:13 +02:00
continue
}
htlcswitch: Remove constructor functions for htlcPacket. The constructor functions have no additional logic other than passing function parameters into struct fields. Given the large function signatures, it is more clear to directly construct the htlcPacket in client code than call a function with lots of positional arguments.
2017-10-24 08:18:26 +02:00
settlePacket := &htlcPacket{
htlcswitch: Rename htlcPacket fields for clarity. The src/dest terminology for routing packets is kind of confusing because the source HTLC may not be the source of the packet for settles/fails traversing the circuit in the opposite direction. This changes the nomenclature to incoming/outgoing and always references the HTLCs themselves.
2017-10-30 19:56:51 +01:00
outgoingChanID: l.ShortChanID(),
htlcswitch: remove PaymentDescriptor from processRemoteSettleFails call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:28:44 +02:00
outgoingHTLCID: msg.ID,
destRef: &destRef,
htlc: msg,
htlcswitch: implement full HTLC onion payload validation logic This commit puts a missing piece in place by properly parsing and validating the per hop payload received in incoming HTLC’s. When forwarding HTLC’s we ensure that the payload recovered is consistent with our current forwarding policy. Additionally, when we’re the “exit node” for a payment, then we ensure that the HTLC extended matches up with our expectation w.r.t the payment amount to be received.
2017-06-16 23:58:02 +02:00
}
// Add the packet to the batch to be forwarded, and
// notify the overflow queue that a spare spot has been
// freed up within the commitment state.
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
switchPackets = append(switchPackets, settlePacket)
htlcswitch: move onion blob processing Step №4 in making htlcManager (aka channelLink) testable: This step consist of two: 1. Start using the hop iterator abstraction, the concrete implementation of which will be added later, basically it will we the same sphinx onion packet processor, but wrapped in hop iterator abstraction. 2. The RevokAndAck processing part have been replaced by the "processLockedInHtlcs" function which implement the same logic, but make it a bit simpler. Such changes will allow as to get rid of the the unnecessary variables.
2017-05-03 17:57:13 +02:00
htlcswitch: when forwarding htlcs, set the incomingHtlcAmt
2018-02-28 07:14:44 +01:00
// A failureCode message for a previously forwarded HTLC has
// been received. As a result a new slot will be freed up in
// our commitment state, so we'll forward this to the switch so
// the backwards undo can continue.
htlcswitch: remove PaymentDescriptor from processRemoteSettleFails call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:28:44 +02:00
case *lnwire.UpdateFailHTLC:
htlcswitch/link: adds HodlFlag breakpoints This commit inserts an initial set of HodlFlags into their correct places within the switch. In lieu of the existing HtlcHodl mode, it is been replaced with a configurable HodlMask, which is a bitvector representing the desired breakpoints. This will allow for fine grained testing of the switch's internals, since we can create arbitrary delays inside a otherwise asynchronous system.
2018-04-27 11:51:13 +02:00
// If hodl.SettleIncoming is requested, we will not
// forward the FAIL to the switch and will not signal a
// free slot on the commitment transaction.
multi: remove debug invoices Debug invoices are rarely used nowadays, but keep asking for maintenance every time refactoring in primarily the invoice registry occurs. We have passed the cost/benefit tipping point, so therefore the debug invoice concept is removed in this commit. Previously the debughtlc flag also controlled whether hodl masks were active. It is safe to remove that additional condition because the hodl masks are still guarded by the dev build tag.
2019-08-14 19:57:31 +02:00
if l.cfg.HodlMask.Active(hodl.FailIncoming) {
htlcswitch: use prefix logger in link
2019-10-01 11:06:56 +02:00
l.log.Warnf(hodl.FailIncoming.Warning())
htlcswitch/link: adds HodlFlag breakpoints This commit inserts an initial set of HodlFlags into their correct places within the switch. In lieu of the existing HtlcHodl mode, it is been replaced with a configurable HodlMask, which is a bitvector representing the desired breakpoints. This will allow for fine grained testing of the switch's internals, since we can create arbitrary delays inside a otherwise asynchronous system.
2018-04-27 11:51:13 +02:00
continue
}
multi: fix canceled spelling
2019-10-03 17:22:43 +02:00
// Fetch the reason the HTLC was canceled so we can
htlcswitch: add linkError field to htlcpacket This commit adds a linkError field to track the value of failures which occur at our node. This field is set when local payments or multi hop htlcs fail in the switch or on our outgoing link. This addition is required for the addition of a htlc notifier which will notify these failures in handleDownstreamPacket. The passing of link error to failAddPacket removes the need for an additional error field, because the link error's failure detail will contain any additional metadata. In the places where the failure detail does not cover all the metadata that was previously supplied by addr err, the error is logged before calling failAddPacket so that this change does not reduce the amount of information we log.
2020-02-06 18:35:17 +01:00
// continue to propagate it. This failure originated
// from another node, so the linkFailure field is not
// set on the packet.
htlcswitch: Remove constructor functions for htlcPacket. The constructor functions have no additional logic other than passing function parameters into struct fields. Given the large function signatures, it is more clear to directly construct the htlcPacket in client code than call a function with lots of positional arguments.
2017-10-24 08:18:26 +02:00
failPacket := &htlcPacket{
htlcswitch: Rename htlcPacket fields for clarity. The src/dest terminology for routing packets is kind of confusing because the source HTLC may not be the source of the packet for settles/fails traversing the circuit in the opposite direction. This changes the nomenclature to incoming/outgoing and always references the HTLCs themselves.
2017-10-30 19:56:51 +01:00
outgoingChanID: l.ShortChanID(),
htlcswitch: remove PaymentDescriptor from processRemoteSettleFails call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:28:44 +02:00
outgoingHTLCID: msg.ID,
destRef: &destRef,
htlc: msg,
htlcswitch: implement full HTLC onion payload validation logic This commit puts a missing piece in place by properly parsing and validating the per hop payload received in incoming HTLC’s. When forwarding HTLC’s we ensure that the payload recovered is consistent with our current forwarding policy. Additionally, when we’re the “exit node” for a payment, then we ensure that the HTLC extended matches up with our expectation w.r.t the payment amount to be received.
2017-06-16 23:58:02 +02:00
}
htlcswitch: remove PaymentDescriptor from processRemoteSettleFails call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:28:44 +02:00
l.log.Debugf("Failed to send HTLC with ID=%d", msg.ID)
htlcswitch: log amount for failures fixes #5367
2021-07-08 20:32:42 +02:00
htlcswitch: for UpdateFailMalformedHTLC packets mark fail as needing conversion In this commit, we start the first phase of fixing an existing bug within the switch. As is, we don't properly convert `UpdateFailMalformedHTLC` to regular `UpdateFailHTLC` messages that are fully encrypted. When we receive a `UpdateFailMalformedHTLC` today, we'll convert it into a regular fail message by simply encoding the failure message raw. This failure message doesn't have a MAC yet, so if we sent it backwards, then the destination wouldn't be able to decrypt it. We can recognize this type of failure as it'll be the same size as the raw failure message max size, but it has 4 extra bytes for the encoding. When we come across this message, we'll mark is as needing conversion so the switch can take care of it.
2019-05-01 03:20:23 +02:00
// If the failure message lacks an HMAC (but includes
// the 4 bytes for encoding the message and padding
// lengths, then this means that we received it as an
// UpdateFailMalformedHTLC. As a result, we'll signal
// that we need to convert this error within the switch
// to an actual error, by encrypting it as if we were
// the originating hop.
convertedErrorSize := lnwire.FailureMessageLength + 4
htlcswitch: remove PaymentDescriptor from processRemoteSettleFails call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:28:44 +02:00
if len(msg.Reason) == convertedErrorSize {
htlcswitch: for UpdateFailMalformedHTLC packets mark fail as needing conversion In this commit, we start the first phase of fixing an existing bug within the switch. As is, we don't properly convert `UpdateFailMalformedHTLC` to regular `UpdateFailHTLC` messages that are fully encrypted. When we receive a `UpdateFailMalformedHTLC` today, we'll convert it into a regular fail message by simply encoding the failure message raw. This failure message doesn't have a MAC yet, so if we sent it backwards, then the destination wouldn't be able to decrypt it. We can recognize this type of failure as it'll be the same size as the raw failure message max size, but it has 4 extra bytes for the encoding. When we come across this message, we'll mark is as needing conversion so the switch can take care of it.
2019-05-01 03:20:23 +02:00
failPacket.convertedError = true
}
htlcswitch: implement full HTLC onion payload validation logic This commit puts a missing piece in place by properly parsing and validating the per hop payload received in incoming HTLC’s. When forwarding HTLC’s we ensure that the payload recovered is consistent with our current forwarding policy. Additionally, when we’re the “exit node” for a payment, then we ensure that the HTLC extended matches up with our expectation w.r.t the payment amount to be received.
2017-06-16 23:58:02 +02:00
// Add the packet to the batch to be forwarded, and
// notify the overflow queue that a spare spot has been
// freed up within the commitment state.
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
switchPackets = append(switchPackets, failPacket)
}
}
htlcswitch/link: ensure circuits are committed in-order This commit makes the call to forwardBatch after locking in Adds synchronous. This ensures that circuits for any Add packets are added to the switch in the same order that they are prescribed in the channel state. Though it is very unlikely this case would arise, it may happen under more greater loads. In addition, this also makes some trivial optimizations wrt. to not spawning unnecessary goroutines if no settle/fail packets are locked in.
2018-05-08 05:55:07 +02:00
// Only spawn the task forward packets we have a non-zero number.
if len(switchPackets) > 0 {
htlcswitch: add an always on mode to interceptable switch Co-authored-by: Juan Pablo Civile <elementohb@gmail.com>
2022-02-03 15:34:25 +01:00
go l.forwardBatch(false, switchPackets...)
htlcswitch/link: ensure circuits are committed in-order This commit makes the call to forwardBatch after locking in Adds synchronous. This ensures that circuits for any Add packets are added to the switch in the same order that they are prescribed in the channel state. Though it is very unlikely this case would arise, it may happen under more greater loads. In addition, this also makes some trivial optimizations wrt. to not spawning unnecessary goroutines if no settle/fail packets are locked in.
2018-05-08 05:55:07 +02:00
}
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
}
// processRemoteAdds serially processes each of the Add payment descriptors
// which have been "locked-in" by receiving a revocation from the remote party.
// The forwarding package provided instructs how to process this batch,
// indicating whether this is the first time these Adds are being processed, or
// whether we are reprocessing as a result of a failure or restart. Adds that
// have already been acknowledged in the forwarding package will be ignored.
htlcswitch: remove PaymentDescriptor from processRemoteAdds call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:19:36 +02:00
//
//nolint:funlen
func (l *channelLink) processRemoteAdds(fwdPkg *channeldb.FwdPkg) {
htlcswitch: use prefix logger in link
2019-10-01 11:06:56 +02:00
l.log.Tracef("processing %d remote adds for height %d",
htlcswitch: remove PaymentDescriptor from processRemoteAdds call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:19:36 +02:00
len(fwdPkg.Adds), fwdPkg.Height)
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
htlcswitch: move hop iterator into htlcswitch/hop package Prepares for onion blob decoding outside of htlcswitch.
2019-09-05 13:35:39 +02:00
decodeReqs := make(
htlcswitch: remove PaymentDescriptor from processRemoteAdds call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:19:36 +02:00
[]hop.DecodeHopIteratorRequest, 0, len(fwdPkg.Adds),
htlcswitch: move hop iterator into htlcswitch/hop package Prepares for onion blob decoding outside of htlcswitch.
2019-09-05 13:35:39 +02:00
)
htlcswitch: remove PaymentDescriptor from processRemoteAdds call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:19:36 +02:00
for _, update := range fwdPkg.Adds {
if msg, ok := update.UpdateMsg.(*lnwire.UpdateAddHTLC); ok {
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
// Before adding the new htlc to the state machine,
// parse the onion object in order to obtain the
// routing information with DecodeHopIterator function
// which process the Sphinx packet.
htlcswitch: remove PaymentDescriptor from processRemoteAdds call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:19:36 +02:00
onionReader := bytes.NewReader(msg.OnionBlob[:])
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
htlcswitch: move hop iterator into htlcswitch/hop package Prepares for onion blob decoding outside of htlcswitch.
2019-09-05 13:35:39 +02:00
req := hop.DecodeHopIteratorRequest{
htlcswitch: add incoming amount and to decode hop iterator request When we have payments inside of a blinded route, we need to know the incoming amount to be able to back-calculate the amount that we need to forward using the forwarding parameters provided in the blinded route encrypted data. This commit adds the payment amount to our DecodeHopIteratorRequest so that it can be threaded down to payment forwarding information creation in later commits.
2023-01-27 20:19:56 +01:00
OnionReader: onionReader,
htlcswitch: remove PaymentDescriptor from processRemoteAdds call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:19:36 +02:00
RHash: msg.PaymentHash[:],
IncomingCltv: msg.Expiry,
IncomingAmount: msg.Amount,
BlindingPoint: msg.BlindingPoint,
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
}
decodeReqs = append(decodeReqs, req)
}
}
// Atomically decode the incoming htlcs, simultaneously checking for
// replay attempts. A particular index in the returned, spare list of
htlcswitch: add additional comments and logging
2018-03-13 02:52:52 +01:00
// channel iterators should only be used if the failure code at the
// same index is lnwire.FailCodeNone.
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
decodeResps, sphinxErr := l.cfg.DecodeHopIterators(
fwdPkg.ID(), decodeReqs,
)
if sphinxErr != nil {
multi: update linter, fix new issues
2024-08-20 12:46:24 +02:00
l.failf(LinkFailureError{code: ErrInternalError},
htlcswitch/link: make fail() call OnChannelFailure with LinkFailureError Adds a new closure OnChannelFailure to the link config, which is called when the link fails. This function closure should use the given LinkFailureError to properly force close the channel, send an error to the peer, and disconnect the peer.
2018-05-09 15:49:58 +02:00
"unable to decode hop iterators: %v", sphinxErr)
htlcswitch+lnwallet: replace updateNeeded by check on channel itself Instead of tracking local updates in a separate link variable, query this state from the channel itself. This commit also fixes the issue where the commit tx was not updated anymore after a failed first attempt because the revocation window was closed. Also those pending updates will be taken into account when the remote party revokes.
2019-04-10 13:10:25 +02:00
return
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
}
htlcswitch+lnwallet: replace updateNeeded by check on channel itself Instead of tracking local updates in a separate link variable, query this state from the channel itself. This commit also fixes the issue where the commit tx was not updated anymore after a failed first attempt because the revocation window was closed. Also those pending updates will be taken into account when the remote party revokes.
2019-04-10 13:10:25 +02:00
var switchPackets []*htlcPacket
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
htlcswitch: remove PaymentDescriptor from processRemoteAdds call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:19:36 +02:00
for i, update := range fwdPkg.Adds {
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
idx := uint16(i)
htlcswitch: remove PaymentDescriptor from processRemoteAdds call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:19:36 +02:00
//nolint:forcetypeassert
add := *update.UpdateMsg.(*lnwire.UpdateAddHTLC)
sourceRef := fwdPkg.SourceRef(idx)
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
if fwdPkg.State == channeldb.FwdStateProcessed &&
fwdPkg.AckFilter.Contains(idx) {
htlcswitch: add additional comments and logging
2018-03-13 02:52:52 +01:00
// If this index is already found in the ack filter,
// the response to this forwarding decision has already
// been committed by one of our commitment txns. ADDs
// in this state are waiting for the rest of the fwding
// package to get acked before being garbage collected.
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
continue
}
htlcswitch: implement full HTLC onion payload validation logic This commit puts a missing piece in place by properly parsing and validating the per hop payload received in incoming HTLC’s. When forwarding HTLC’s we ensure that the payload recovered is consistent with our current forwarding policy. Additionally, when we’re the “exit node” for a payment, then we ensure that the HTLC extended matches up with our expectation w.r.t the payment amount to be received.
2017-06-16 23:58:02 +02:00
// An incoming HTLC add has been full-locked in. As a result we
lnwallet: Simplify updateLog struct by removing redundant pointers. The updateLog struct contains pointers that refer to the state of the commitment chains. Instead, query the commitments directly.
2017-10-19 02:36:28 +02:00
// can now examine the forwarding details of the HTLC, and the
lnwire+htlcswitch: minor grammatical, formatting fixes after error PR
2017-07-15 05:08:29 +02:00
// HTLC itself to decide if: we should forward it, cancel it,
htlcswitch: implement full HTLC onion payload validation logic This commit puts a missing piece in place by properly parsing and validating the per hop payload received in incoming HTLC’s. When forwarding HTLC’s we ensure that the payload recovered is consistent with our current forwarding policy. Additionally, when we’re the “exit node” for a payment, then we ensure that the HTLC extended matches up with our expectation w.r.t the payment amount to be received.
2017-06-16 23:58:02 +02:00
// or are able to settle it (and it adheres to our fee related
// constraints).
htlcswitch: eliminate unnecessary indentation in processRemoteAdds In this commit, we remove a ton of unnecessary indentation in the processRemoteAdds method. Before this commit, we had a switch statement on the type of the entry. This was required before when the method was generic, but now since we already know that it’s an Add, we no longer require such a statement.
2018-03-13 02:55:04 +01:00
// Before adding the new htlc to the state machine, parse the
// onion object in order to obtain the routing information with
// DecodeHopIterator function which process the Sphinx packet.
chanIterator, failureCode := decodeResps[i].Result()
if failureCode != lnwire.CodeNone {
htlcswitch: create error obfuscator with wrapped type for blinded Create our error encrypter with a wrapped type if we have a blinding point present. Doing this in the iterator allows us to track this information when we have both pieces of information available to us, compared to trying to handle this later down the line: - Downstream link on failure: we know that we've set a blinding point for out outgoing HTLC, but not whether we're introduction or not - Upstream link on failure: once the failure packet has been sent through the switch, we no longer know whether we were the introduction point (without looking it up / examining our payload again / propagating this information through the switch).
2024-04-23 18:33:04 +02:00
// If we're unable to process the onion blob then we
htlcswitch: eliminate unnecessary indentation in processRemoteAdds In this commit, we remove a ton of unnecessary indentation in the processRemoteAdds method. Before this commit, we had a switch statement on the type of the entry. This was required before when the method was generic, but now since we already know that it’s an Add, we no longer require such a statement.
2018-03-13 02:55:04 +01:00
// should send the malformed htlc error to payment
// sender.
htlcswitch: remove PaymentDescriptor from processRemoteAdds call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:19:36 +02:00
l.sendMalformedHTLCError(
add.ID, failureCode, add.OnionBlob, &sourceRef,
)
htlcswitch: eliminate unnecessary indentation in processRemoteAdds In this commit, we remove a ton of unnecessary indentation in the processRemoteAdds method. Before this commit, we had a switch statement on the type of the entry. This was required before when the method was generic, but now since we already know that it’s an Add, we no longer require such a statement.
2018-03-13 02:55:04 +01:00
htlcswitch: use prefix logger for remaining log statements in link
2019-10-01 11:16:24 +02:00
l.log.Errorf("unable to decode onion hop "+
htlcswitch: eliminate unnecessary indentation in processRemoteAdds In this commit, we remove a ton of unnecessary indentation in the processRemoteAdds method. Before this commit, we had a switch statement on the type of the entry. This was required before when the method was generic, but now since we already know that it’s an Add, we no longer require such a statement.
2018-03-13 02:55:04 +01:00
"iterator: %v", failureCode)
continue
}
lnwire+htlcswitch: minor grammatical, formatting fixes after error PR
2017-07-15 05:08:29 +02:00
htlcswitch+peer: pass BestHeight to ChannelLinkConfig This allows non-test usages of ChannelLinkConfig to omit the raw htlcswitch.Switch pointer.
2021-08-03 20:49:17 +02:00
heightNow := l.cfg.BestHeight()
htlcswitch: eliminate unnecessary indentation in processRemoteAdds In this commit, we remove a ton of unnecessary indentation in the processRemoteAdds method. Before this commit, we had a switch statement on the type of the entry. This was required before when the method was generic, but now since we already know that it’s an Add, we no longer require such a statement.
2018-03-13 02:55:04 +01:00
htlcswitch: create error obfuscator with wrapped type for blinded Create our error encrypter with a wrapped type if we have a blinding point present. Doing this in the iterator allows us to track this information when we have both pieces of information available to us, compared to trying to handle this later down the line: - Downstream link on failure: we know that we've set a blinding point for out outgoing HTLC, but not whether we're introduction or not - Upstream link on failure: once the failure packet has been sent through the switch, we no longer know whether we were the introduction point (without looking it up / examining our payload again / propagating this information through the switch).
2024-04-23 18:33:04 +02:00
pld, routeRole, pldErr := chanIterator.HopPayload()
multi: return route role from HopPayload We need to know what role we're playing to be able to handle errors correctly, but the information that we need for this is held by our iterator: - Whether we had a blinding point in update add (blinding kit) - Whether we had a blinding point in payload As we're now going to use the route role return value even when our err!=nil, we rename the error to signal that we're using less canonical golang here. An alternative to this approach is to attach a RouteRole to our ErrInvalidPayload. The downside of that approach is: - Propagate context through parsing (whether we had updateAddHtlc) - Clumsy handling for errors that are not of type ErrInvalidPayload
2024-04-25 15:46:31 +02:00
if pldErr != nil {
multi: add TLV awareness to htlcswitch, pass extra EOB to the invoice registry In this commit, we update the `HopIterator` to gain awareness of the new TLV hop payload. The default `HopIterator` will now hide the details of the TLV from the caller, and return the same `ForwardingInfo` struct in a uniform manner. We also add a new method: `ExtraOnionBlob` to allow the caller to obtain the raw EOB (the serialized TLV stream) to pass around. Within the link, we'll now pass the EOB information into the invoice registry. This allows the registry to parse out any additional information from the EOB that it needs to settle the payment, such as a preimage shard in the AMP case.
2019-07-31 06:52:17 +02:00
// If we're unable to process the onion payload, or we
htlcswitch/link: return InvalidOnionPayload failure This commit modifies the link return an InvalidOnionPayload failure when it cannot parse a TLV payload. The offset is left at zero, since its unclear how useful it will be in practice and would require some significant reworkings of the abstractions in the tlv package. TODO: add unit tests. currently none of the test unit infrastructure is setup to handle TLV payloads, so this would require implementing a separate mock iterator for TLV payloads that also supports injecting invalid payloads. Deferring this non-trival effor till a later date
2019-10-31 05:19:53 +01:00
// received invalid onion payload failure, then we
// should send an error back to the caller so the HTLC
// can be canceled.
var failedType uint64
multi: return route role from HopPayload We need to know what role we're playing to be able to handle errors correctly, but the information that we need for this is held by our iterator: - Whether we had a blinding point in update add (blinding kit) - Whether we had a blinding point in payload As we're now going to use the route role return value even when our err!=nil, we rename the error to signal that we're using less canonical golang here. An alternative to this approach is to attach a RouteRole to our ErrInvalidPayload. The downside of that approach is: - Propagate context through parsing (whether we had updateAddHtlc) - Clumsy handling for errors that are not of type ErrInvalidPayload
2024-04-25 15:46:31 +02:00
// We need to get the underlying error value, so we
// can't use errors.As as suggested by the linter.
//nolint:errorlint
if e, ok := pldErr.(hop.ErrInvalidPayload); ok {
htlcswitch/link: return InvalidOnionPayload failure This commit modifies the link return an InvalidOnionPayload failure when it cannot parse a TLV payload. The offset is left at zero, since its unclear how useful it will be in practice and would require some significant reworkings of the abstractions in the tlv package. TODO: add unit tests. currently none of the test unit infrastructure is setup to handle TLV payloads, so this would require implementing a separate mock iterator for TLV payloads that also supports injecting invalid payloads. Deferring this non-trival effor till a later date
2019-10-31 05:19:53 +01:00
failedType = uint64(e.Type)
}
htlcswitch: create error obfuscator with wrapped type for blinded Create our error encrypter with a wrapped type if we have a blinding point present. Doing this in the iterator allows us to track this information when we have both pieces of information available to us, compared to trying to handle this later down the line: - Downstream link on failure: we know that we've set a blinding point for out outgoing HTLC, but not whether we're introduction or not - Upstream link on failure: once the failure packet has been sent through the switch, we no longer know whether we were the introduction point (without looking it up / examining our payload again / propagating this information through the switch).
2024-04-23 18:33:04 +02:00
// If we couldn't parse the payload, make our best
// effort at creating an error encrypter that knows
// what blinding type we were, but if we couldn't
// parse the payload we have no way of knowing whether
// we were the introduction node or not.
//
//nolint:lll
obfuscator, failCode := chanIterator.ExtractErrorEncrypter(
l.cfg.ExtractErrorEncrypter,
// We need our route role here because we
// couldn't parse or validate the payload.
routeRole == hop.RouteRoleIntroduction,
)
if failCode != lnwire.CodeNone {
l.log.Errorf("could not extract error "+
"encrypter: %v", pldErr)
// We can't process this htlc, send back
// malformed.
l.sendMalformedHTLCError(
htlcswitch: remove PaymentDescriptor from processRemoteAdds call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:19:36 +02:00
add.ID, failureCode, add.OnionBlob,
&sourceRef,
htlcswitch: create error obfuscator with wrapped type for blinded Create our error encrypter with a wrapped type if we have a blinding point present. Doing this in the iterator allows us to track this information when we have both pieces of information available to us, compared to trying to handle this later down the line: - Downstream link on failure: we know that we've set a blinding point for out outgoing HTLC, but not whether we're introduction or not - Upstream link on failure: once the failure packet has been sent through the switch, we no longer know whether we were the introduction point (without looking it up / examining our payload again / propagating this information through the switch).
2024-04-23 18:33:04 +02:00
)
continue
}
htlcswitch/link: return InvalidOnionPayload failure This commit modifies the link return an InvalidOnionPayload failure when it cannot parse a TLV payload. The offset is left at zero, since its unclear how useful it will be in practice and would require some significant reworkings of the abstractions in the tlv package. TODO: add unit tests. currently none of the test unit infrastructure is setup to handle TLV payloads, so this would require implementing a separate mock iterator for TLV payloads that also supports injecting invalid payloads. Deferring this non-trival effor till a later date
2019-10-31 05:19:53 +01:00
// TODO: currently none of the test unit infrastructure
// is setup to handle TLV payloads, so testing this
// would require implementing a separate mock iterator
// for TLV payloads that also supports injecting invalid
// payloads. Deferring this non-trival effort till a
// later date
htlcswitch: add failure details to incoming failures This commit adds LinkErrors with failure details to htlcs which fail on our incoming link. This change is made with the intention of notifying detailed htlc failure reasons in sendHTLCError. The FailureDetail interface is implemented on FailureResolutionResults so that they can directly be used to enrich LinkErrors. sendHtlcError is updated to take a LinkError in preparation for the addition of a htlcnotifier which will notify the detail of the error.
2020-02-06 18:35:17 +01:00
failure := lnwire.NewInvalidOnionPayload(failedType, 0)
htlcswitch: remove PaymentDescriptor from sendHTLCError's call signature This is done as part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 21:45:35 +02:00
multi: add TLV awareness to htlcswitch, pass extra EOB to the invoice registry In this commit, we update the `HopIterator` to gain awareness of the new TLV hop payload. The default `HopIterator` will now hide the details of the TLV from the caller, and return the same `ForwardingInfo` struct in a uniform manner. We also add a new method: `ExtraOnionBlob` to allow the caller to obtain the raw EOB (the serialized TLV stream) to pass around. Within the link, we'll now pass the EOB information into the invoice registry. This allows the registry to parse out any additional information from the EOB that it needs to settle the payment, such as a preimage shard in the AMP case.
2019-07-31 06:52:17 +02:00
l.sendHTLCError(
htlcswitch: remove PaymentDescriptor from processRemoteAdds call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:19:36 +02:00
add, sourceRef, NewLinkError(failure),
htlcswitch: remove PaymentDescriptor from sendHTLCError's call signature This is done as part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 21:45:35 +02:00
obfuscator, false,
multi: add TLV awareness to htlcswitch, pass extra EOB to the invoice registry In this commit, we update the `HopIterator` to gain awareness of the new TLV hop payload. The default `HopIterator` will now hide the details of the TLV from the caller, and return the same `ForwardingInfo` struct in a uniform manner. We also add a new method: `ExtraOnionBlob` to allow the caller to obtain the raw EOB (the serialized TLV stream) to pass around. Within the link, we'll now pass the EOB information into the invoice registry. This allows the registry to parse out any additional information from the EOB that it needs to settle the payment, such as a preimage shard in the AMP case.
2019-07-31 06:52:17 +02:00
)
htlcswitch: log in lower case
2019-10-02 15:53:29 +02:00
l.log.Errorf("unable to decode forwarding "+
multi: return route role from HopPayload We need to know what role we're playing to be able to handle errors correctly, but the information that we need for this is held by our iterator: - Whether we had a blinding point in update add (blinding kit) - Whether we had a blinding point in payload As we're now going to use the route role return value even when our err!=nil, we rename the error to signal that we're using less canonical golang here. An alternative to this approach is to attach a RouteRole to our ErrInvalidPayload. The downside of that approach is: - Propagate context through parsing (whether we had updateAddHtlc) - Clumsy handling for errors that are not of type ErrInvalidPayload
2024-04-25 15:46:31 +02:00
"instructions: %v", pldErr)
multi: add TLV awareness to htlcswitch, pass extra EOB to the invoice registry In this commit, we update the `HopIterator` to gain awareness of the new TLV hop payload. The default `HopIterator` will now hide the details of the TLV from the caller, and return the same `ForwardingInfo` struct in a uniform manner. We also add a new method: `ExtraOnionBlob` to allow the caller to obtain the raw EOB (the serialized TLV stream) to pass around. Within the link, we'll now pass the EOB information into the invoice registry. This allows the registry to parse out any additional information from the EOB that it needs to settle the payment, such as a preimage shard in the AMP case.
2019-07-31 06:52:17 +02:00
continue
}
htlcswitch: create error obfuscator with wrapped type for blinded Create our error encrypter with a wrapped type if we have a blinding point present. Doing this in the iterator allows us to track this information when we have both pieces of information available to us, compared to trying to handle this later down the line: - Downstream link on failure: we know that we've set a blinding point for out outgoing HTLC, but not whether we're introduction or not - Upstream link on failure: once the failure packet has been sent through the switch, we no longer know whether we were the introduction point (without looking it up / examining our payload again / propagating this information through the switch).
2024-04-23 18:33:04 +02:00
// Retrieve onion obfuscator from onion blob in order to
// produce initial obfuscation of the onion failureCode.
obfuscator, failureCode := chanIterator.ExtractErrorEncrypter(
l.cfg.ExtractErrorEncrypter,
routeRole == hop.RouteRoleIntroduction,
)
if failureCode != lnwire.CodeNone {
// If we're unable to process the onion blob than we
// should send the malformed htlc error to payment
// sender.
l.sendMalformedHTLCError(
htlcswitch: remove PaymentDescriptor from processRemoteAdds call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:19:36 +02:00
add.ID, failureCode, add.OnionBlob,
&sourceRef,
htlcswitch: create error obfuscator with wrapped type for blinded Create our error encrypter with a wrapped type if we have a blinding point present. Doing this in the iterator allows us to track this information when we have both pieces of information available to us, compared to trying to handle this later down the line: - Downstream link on failure: we know that we've set a blinding point for out outgoing HTLC, but not whether we're introduction or not - Upstream link on failure: once the failure packet has been sent through the switch, we no longer know whether we were the introduction point (without looking it up / examining our payload again / propagating this information through the switch).
2024-04-23 18:33:04 +02:00
)
l.log.Errorf("unable to decode onion "+
"obfuscator: %v", failureCode)
continue
}
htlcswitch: return hop.Payload from HopIterator
2019-11-05 00:10:15 +01:00
fwdInfo := pld.ForwardingInfo()
htlcswitch: reject HTLCs that use use as introduction if disabled Reject any HTLCs that use us as an introduction point in a blinded route if we have disabled route blinding. We have to do this after we've processed the payload, because we only know we're an introduction point once we've processed the payload itself.
2024-04-03 14:58:53 +02:00
// Check whether the payload we've just processed uses our
// node as the introduction point (gave us a blinding key in
// the payload itself) and fail it back if we don't support
// route blinding.
if fwdInfo.NextBlinding.IsSome() &&
l.cfg.DisallowRouteBlinding {
failure := lnwire.NewInvalidBlinding(
htlcswitch: remove PaymentDescriptor from processRemoteAdds call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:19:36 +02:00
fn.Some(add.OnionBlob),
htlcswitch: reject HTLCs that use use as introduction if disabled Reject any HTLCs that use us as an introduction point in a blinded route if we have disabled route blinding. We have to do this after we've processed the payload, because we only know we're an introduction point once we've processed the payload itself.
2024-04-03 14:58:53 +02:00
)
htlcswitch: remove PaymentDescriptor from sendHTLCError's call signature This is done as part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 21:45:35 +02:00
htlcswitch: reject HTLCs that use use as introduction if disabled Reject any HTLCs that use us as an introduction point in a blinded route if we have disabled route blinding. We have to do this after we've processed the payload, because we only know we're an introduction point once we've processed the payload itself.
2024-04-03 14:58:53 +02:00
l.sendHTLCError(
htlcswitch: remove PaymentDescriptor from processRemoteAdds call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:19:36 +02:00
add, sourceRef, NewLinkError(failure),
htlcswitch: remove PaymentDescriptor from sendHTLCError's call signature This is done as part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 21:45:35 +02:00
obfuscator, false,
htlcswitch: reject HTLCs that use use as introduction if disabled Reject any HTLCs that use us as an introduction point in a blinded route if we have disabled route blinding. We have to do this after we've processed the payload, because we only know we're an introduction point once we've processed the payload itself.
2024-04-03 14:58:53 +02:00
)
l.log.Error("rejected htlc that uses use as an " +
"introduction point when we do not support " +
"route blinding")
continue
}
htlcswitch: eliminate unnecessary indentation in processRemoteAdds In this commit, we remove a ton of unnecessary indentation in the processRemoteAdds method. Before this commit, we had a switch statement on the type of the entry. This was required before when the method was generic, but now since we already know that it’s an Add, we no longer require such a statement.
2018-03-13 02:55:04 +01:00
switch fwdInfo.NextHop {
htlcswitch/hop: move hop.Exit and hop.Source to hop pkg
2019-08-30 23:11:38 +02:00
case hop.Exit:
htlcswitch+lnwallet: replace updateNeeded by check on channel itself Instead of tracking local updates in a separate link variable, query this state from the channel itself. This commit also fixes the issue where the commit tx was not updated anymore after a failed first attempt because the revocation window was closed. Also those pending updates will be taken into account when the remote party revokes.
2019-04-10 13:10:25 +02:00
err := l.processExitHop(
htlcswitch: remove PaymentDescriptor from processRemoteAdds call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:19:36 +02:00
add, sourceRef, obfuscator, fwdInfo,
htlcswitch: remove PaymentDescriptor from the processExitHop's call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:02:51 +02:00
heightNow, pld,
htlcswitch: modify the InvoiceDatabase interface to allow specifying final payment amt In this commit, we modify the InvoiceDatabase slightly to allow the link to record what the final payment about for an invoice was. It may be the case that the invoice actually had no specified value, or that the payer paid more than necessary. As a result, it's important that our on-disk records properly reflect this. To fix this issue, the SettleInvoice method now also accepts the final amount paid. Fixes #856.
2018-04-25 05:43:55 +02:00
)
htlcswitch: eliminate unnecessary indentation in processRemoteAdds In this commit, we remove a ton of unnecessary indentation in the processRemoteAdds method. Before this commit, we had a switch statement on the type of the entry. This was required before when the method was generic, but now since we already know that it’s an Add, we no longer require such a statement.
2018-03-13 02:55:04 +01:00
if err != nil {
multi: update linter, fix new issues
2024-08-20 12:46:24 +02:00
l.failf(LinkFailureError{
code: ErrInternalError,
}, err.Error()) //nolint
htlcswitch: move onion blob processing Step №4 in making htlcManager (aka channelLink) testable: This step consist of two: 1. Start using the hop iterator abstraction, the concrete implementation of which will be added later, basically it will we the same sphinx onion packet processor, but wrapped in hop iterator abstraction. 2. The RevokAndAck processing part have been replaced by the "processLockedInHtlcs" function which implement the same logic, but make it a bit simpler. Such changes will allow as to get rid of the the unnecessary variables.
2017-05-03 17:57:13 +02:00
htlcswitch+lnwallet: replace updateNeeded by check on channel itself Instead of tracking local updates in a separate link variable, query this state from the channel itself. This commit also fixes the issue where the commit tx was not updated anymore after a failed first attempt because the revocation window was closed. Also those pending updates will be taken into account when the remote party revokes.
2019-04-10 13:10:25 +02:00
return
htlcswitch/link: settle with fake preimage if BogusSettle active
2018-05-18 14:01:01 +02:00
}
htlcswitch: eliminate unnecessary indentation in processRemoteAdds In this commit, we remove a ton of unnecessary indentation in the processRemoteAdds method. Before this commit, we had a switch statement on the type of the entry. This was required before when the method was generic, but now since we already know that it’s an Add, we no longer require such a statement.
2018-03-13 02:55:04 +01:00
// There are additional channels left within this route. So
htlcswitch: move timelock policy verification logic to HtlcSatifiesPolicy In this commit, we extract the time lock policy verification logic from the processRemoteAdds method to the HtlcSatifiesPolicy method. With this change, we fix a lingering bug within the link: we'll no longer verify time lock polices within the incoming link, instead we'll verify it at forwarding time like we should. This is a bug left over from the switch of what the CLTV delta denotes in the channel update message we made within the spec sometime last year.
2018-06-26 05:23:10 +02:00
// we'll simply do some forwarding package book-keeping.
htlcswitch: eliminate unnecessary indentation in processRemoteAdds In this commit, we remove a ton of unnecessary indentation in the processRemoteAdds method. Before this commit, we had a switch statement on the type of the entry. This was required before when the method was generic, but now since we already know that it’s an Add, we no longer require such a statement.
2018-03-13 02:55:04 +01:00
default:
htlcswitch/link: adds HodlFlag breakpoints This commit inserts an initial set of HodlFlags into their correct places within the switch. In lieu of the existing HtlcHodl mode, it is been replaced with a configurable HodlMask, which is a bitvector representing the desired breakpoints. This will allow for fine grained testing of the switch's internals, since we can create arbitrary delays inside a otherwise asynchronous system.
2018-04-27 11:51:13 +02:00
// If hodl.AddIncoming is requested, we will not
// validate the forwarded ADD, nor will we send the
// packet to the htlc switch.
multi: remove debug invoices Debug invoices are rarely used nowadays, but keep asking for maintenance every time refactoring in primarily the invoice registry occurs. We have passed the cost/benefit tipping point, so therefore the debug invoice concept is removed in this commit. Previously the debughtlc flag also controlled whether hodl masks were active. It is safe to remove that additional condition because the hodl masks are still guarded by the dev build tag.
2019-08-14 19:57:31 +02:00
if l.cfg.HodlMask.Active(hodl.AddIncoming) {
htlcswitch: use prefix logger in link
2019-10-01 11:06:56 +02:00
l.log.Warnf(hodl.AddIncoming.Warning())
htlcswitch/link: adds HodlFlag breakpoints This commit inserts an initial set of HodlFlags into their correct places within the switch. In lieu of the existing HtlcHodl mode, it is been replaced with a configurable HodlMask, which is a bitvector representing the desired breakpoints. This will allow for fine grained testing of the switch's internals, since we can create arbitrary delays inside a otherwise asynchronous system.
2018-04-27 11:51:13 +02:00
continue
}
htlcswitch: eliminate unnecessary indentation in processRemoteAdds In this commit, we remove a ton of unnecessary indentation in the processRemoteAdds method. Before this commit, we had a switch statement on the type of the entry. This was required before when the method was generic, but now since we already know that it’s an Add, we no longer require such a statement.
2018-03-13 02:55:04 +01:00
switch fwdPkg.State {
case channeldb.FwdStateProcessed:
// This add was not forwarded on the previous
// processing phase, run it through our
// validation pipeline to reproduce an error.
// This may trigger a different error due to
// expiring timelocks, but we expect that an
// error will be reproduced.
if !fwdPkg.FwdFilter.Contains(idx) {
break
}
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
htlcswitch: eliminate unnecessary indentation in processRemoteAdds In this commit, we remove a ton of unnecessary indentation in the processRemoteAdds method. Before this commit, we had a switch statement on the type of the entry. This was required before when the method was generic, but now since we already know that it’s an Add, we no longer require such a statement.
2018-03-13 02:55:04 +01:00
// Otherwise, it was already processed, we can
htlcswitch: remove PaymentDescriptor from processRemoteAdds call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:19:36 +02:00
// can collect it and continue.
outgoingAdd := &lnwire.UpdateAddHTLC{
htlcswitch: add NextBlinding to ForwardingInfo and set in UpdateAddHtlc When we have a HTLC that is part of a blinded route, we need to include the next ephemeral blinding point in UpdateAddHtlc for the next hop. The way that we handle the addition of this key is the same for introduction nodes and relaying nodes within the route.
2024-04-02 15:50:13 +02:00
Expiry: fwdInfo.OutgoingCTLV,
Amount: fwdInfo.AmountToForward,
htlcswitch: remove PaymentDescriptor from processRemoteAdds call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:19:36 +02:00
PaymentHash: add.PaymentHash,
htlcswitch: add NextBlinding to ForwardingInfo and set in UpdateAddHtlc When we have a HTLC that is part of a blinded route, we need to include the next ephemeral blinding point in UpdateAddHtlc for the next hop. The way that we handle the addition of this key is the same for introduction nodes and relaying nodes within the route.
2024-04-02 15:50:13 +02:00
BlindingPoint: fwdInfo.NextBlinding,
htlcswitch: eliminate unnecessary indentation in processRemoteAdds In this commit, we remove a ton of unnecessary indentation in the processRemoteAdds method. Before this commit, we had a switch statement on the type of the entry. This was required before when the method was generic, but now since we already know that it’s an Add, we no longer require such a statement.
2018-03-13 02:55:04 +01:00
}
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
htlcswitch: eliminate unnecessary indentation in processRemoteAdds In this commit, we remove a ton of unnecessary indentation in the processRemoteAdds method. Before this commit, we had a switch statement on the type of the entry. This was required before when the method was generic, but now since we already know that it’s an Add, we no longer require such a statement.
2018-03-13 02:55:04 +01:00
// Finally, we'll encode the onion packet for
// the _next_ hop using the hop iterator
// decoded for the current hop.
htlcswitch: remove PaymentDescriptor from processRemoteAdds call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:19:36 +02:00
buf := bytes.NewBuffer(
outgoingAdd.OnionBlob[0:0],
)
htlcswitch: eliminate unnecessary indentation in processRemoteAdds In this commit, we remove a ton of unnecessary indentation in the processRemoteAdds method. Before this commit, we had a switch statement on the type of the entry. This was required before when the method was generic, but now since we already know that it’s an Add, we no longer require such a statement.
2018-03-13 02:55:04 +01:00
// We know this cannot fail, as this ADD
// was marked forwarded in a previous
// round of processing.
chanIterator.EncodeNextHop(buf)
htlcswitch: add receiver-side inbound fee support
2022-09-19 12:06:34 +02:00
inboundFee := l.cfg.FwrdingPolicy.InboundFee
multi: use wire records on payment and intercept flows
2024-04-16 12:29:15 +02:00
//nolint:lll
htlcswitch: eliminate unnecessary indentation in processRemoteAdds In this commit, we remove a ton of unnecessary indentation in the processRemoteAdds method. Before this commit, we had a switch statement on the type of the entry. This was required before when the method was generic, but now since we already know that it’s an Add, we no longer require such a statement.
2018-03-13 02:55:04 +01:00
updatePacket := &htlcPacket{
multi: use wire records on payment and intercept flows
2024-04-16 12:29:15 +02:00
incomingChanID: l.ShortChanID(),
htlcswitch: remove PaymentDescriptor from processRemoteAdds call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:19:36 +02:00
incomingHTLCID: add.ID,
multi: use wire records on payment and intercept flows
2024-04-16 12:29:15 +02:00
outgoingChanID: fwdInfo.NextHop,
htlcswitch: remove PaymentDescriptor from processRemoteAdds call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:19:36 +02:00
sourceRef: &sourceRef,
incomingAmount: add.Amount,
amount: outgoingAdd.Amount,
htlc: outgoingAdd,
multi: use wire records on payment and intercept flows
2024-04-16 12:29:15 +02:00
obfuscator: obfuscator,
htlcswitch: remove PaymentDescriptor from processRemoteAdds call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:19:36 +02:00
incomingTimeout: add.Expiry,
multi: use wire records on payment and intercept flows
2024-04-16 12:29:15 +02:00
outgoingTimeout: fwdInfo.OutgoingCTLV,
inOnionCustomRecords: pld.CustomRecords(),
inboundFee: inboundFee,
htlcswitch: remove PaymentDescriptor from processRemoteAdds call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:19:36 +02:00
inWireCustomRecords: add.CustomRecords.Copy(),
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
}
htlcswitch: perform fee related checks at forwarding time In this commit, we fix a very old, lingering bug within the link. When accepting an HTLC we are meant to validate the fee against the constraints of the *outgoing* link. This is due to the fact that we're offering a payment transit service on our outgoing link. Before this commit, we would use the policies of the *incoming* link. This would at times lead to odd routing errors as we would go to route, get an error update and then route again, repeating the process. With this commit, we'll properly use the incoming link for timelock related constraints, and the outgoing link for fee related constraints. We do this by introducing a new HtlcSatisfiesPolicy method in the link. This method should return a non-nil error if the link can carry the HTLC as it satisfies its current forwarding policy. We'll use this method now at *forwarding* time to ensure that we only forward to links that actually accept the policy. This fixes a number of bugs that existed before that could result in a link accepting an HTLC that actually violated its policy. In the case that the policy is violated for *all* links, we take care to return the error returned by the *target* link so the caller can update their sending accordingly. In this commit, we also remove the prior linkControl channel in the channelLink. Instead, of sending a message to update the internal link policy, we'll use a mutex in place. This simplifies the code, and also adds some necessary refactoring in anticipation of the next follow up commit.
2018-04-04 04:51:40 +02:00
switchPackets = append(
switchPackets, updatePacket,
)
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
htlcswitch: eliminate unnecessary indentation in processRemoteAdds In this commit, we remove a ton of unnecessary indentation in the processRemoteAdds method. Before this commit, we had a switch statement on the type of the entry. This was required before when the method was generic, but now since we already know that it’s an Add, we no longer require such a statement.
2018-03-13 02:55:04 +01:00
continue
}
htlcswitch: reject HTLC's which expire too soon This commit implements a missing policy within the current ChannelLink interface. If an HTLC arrives that is too close to the current block height, then we’ll reject it. As otherwise, it may be possible for us to lose an on-chain claim if they HTLC expires already or expires before we’re able to get a commitment transaction in the chain. As the exit node, we have a grace period that governs out decision. As an intermediate node, we ensure that the HTLC isn’t close to expiry on our outgoing link end if we forward it.
2017-08-03 06:10:35 +02:00
htlcswitch: move timelock policy verification logic to HtlcSatifiesPolicy In this commit, we extract the time lock policy verification logic from the processRemoteAdds method to the HtlcSatifiesPolicy method. With this change, we fix a lingering bug within the link: we'll no longer verify time lock polices within the incoming link, instead we'll verify it at forwarding time like we should. This is a bug left over from the switch of what the CLTV delta denotes in the channel update message we made within the spec sometime last year.
2018-06-26 05:23:10 +02:00
// TODO(roasbeef): ensure don't accept outrageous
// timeout for htlc
htlcswitch+router: add onion error obfuscation Within the network, it's important that when an HTLC forwarding failure occurs, the recipient is notified in a timely manner in order to ensure that errors are graceful and not unknown. For that reason with accordance to BOLT №4 onion failure obfuscation have been added.
2017-06-29 15:40:45 +02:00
htlcswitch: eliminate unnecessary indentation in processRemoteAdds In this commit, we remove a ton of unnecessary indentation in the processRemoteAdds method. Before this commit, we had a switch statement on the type of the entry. This was required before when the method was generic, but now since we already know that it’s an Add, we no longer require such a statement.
2018-03-13 02:55:04 +01:00
// With all our forwarding constraints met, we'll
// create the outgoing HTLC using the parameters as
// specified in the forwarding info.
addMsg := &lnwire.UpdateAddHTLC{
htlcswitch: add NextBlinding to ForwardingInfo and set in UpdateAddHtlc When we have a HTLC that is part of a blinded route, we need to include the next ephemeral blinding point in UpdateAddHtlc for the next hop. The way that we handle the addition of this key is the same for introduction nodes and relaying nodes within the route.
2024-04-02 15:50:13 +02:00
Expiry: fwdInfo.OutgoingCTLV,
Amount: fwdInfo.AmountToForward,
htlcswitch: remove PaymentDescriptor from processRemoteAdds call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:19:36 +02:00
PaymentHash: add.PaymentHash,
htlcswitch: add NextBlinding to ForwardingInfo and set in UpdateAddHtlc When we have a HTLC that is part of a blinded route, we need to include the next ephemeral blinding point in UpdateAddHtlc for the next hop. The way that we handle the addition of this key is the same for introduction nodes and relaying nodes within the route.
2024-04-02 15:50:13 +02:00
BlindingPoint: fwdInfo.NextBlinding,
htlcswitch: eliminate unnecessary indentation in processRemoteAdds In this commit, we remove a ton of unnecessary indentation in the processRemoteAdds method. Before this commit, we had a switch statement on the type of the entry. This was required before when the method was generic, but now since we already know that it’s an Add, we no longer require such a statement.
2018-03-13 02:55:04 +01:00
}
htlcswitch: implement full HTLC onion payload validation logic This commit puts a missing piece in place by properly parsing and validating the per hop payload received in incoming HTLC’s. When forwarding HTLC’s we ensure that the payload recovered is consistent with our current forwarding policy. Additionally, when we’re the “exit node” for a payment, then we ensure that the HTLC extended matches up with our expectation w.r.t the payment amount to be received.
2017-06-16 23:58:02 +02:00
htlcswitch: eliminate unnecessary indentation in processRemoteAdds In this commit, we remove a ton of unnecessary indentation in the processRemoteAdds method. Before this commit, we had a switch statement on the type of the entry. This was required before when the method was generic, but now since we already know that it’s an Add, we no longer require such a statement.
2018-03-13 02:55:04 +01:00
// Finally, we'll encode the onion packet for the
// _next_ hop using the hop iterator decoded for the
// current hop.
buf := bytes.NewBuffer(addMsg.OnionBlob[0:0])
err := chanIterator.EncodeNextHop(buf)
if err != nil {
htlcswitch: use prefix logger for remaining log statements in link
2019-10-01 11:16:24 +02:00
l.log.Errorf("unable to encode the "+
htlcswitch: eliminate unnecessary indentation in processRemoteAdds In this commit, we remove a ton of unnecessary indentation in the processRemoteAdds method. Before this commit, we had a switch statement on the type of the entry. This was required before when the method was generic, but now since we already know that it’s an Add, we no longer require such a statement.
2018-03-13 02:55:04 +01:00
"remaining route %v", err)
multi: rename ChannelUpdate to ChannelUpdate1 In preparation for adding a new ChannelUpdate2 message and a ChannelUpdate interface, we rename the existing message to ChannelUpdate1.
2024-08-21 08:39:37 +02:00
cb := func(upd *lnwire.ChannelUpdate1) lnwire.FailureMessage { //nolint:lll
server+htlcswitch: prevent privacy leaks, allow alias routing This intent of this change is to prevent privacy leaks when routing with aliases and also to allow routing when using an alias. The aliases are our aliases. Introduces are two maps: * aliasToReal: This is an N->1 mapping for a channel. The keys are the set of aliases and the value is the confirmed, on-chain SCID. * baseIndex: This is also an N->1 mapping for a channel. The keys are the set of aliases and the value is the "base" SCID (whatever is in the OpenChannel.ShortChannelID field). There is also a base->base mapping, so not all keys are aliases. The above maps are populated when a link is added to the switch and when the channel has confirmed on-chain. The maps are not removed from if the link is removed, but this is fine since forwarding won't occur. * getLinkByMapping This function is introduced to adhere to the spec requirements that using the confirmed SCID of a private, scid-alias-feature-bit channel does not work. Lnd implements a stricter version of the spec and disallows this behavior if the feature-bit was negotiated, rather than just the channel type. The old, privacy-leak behavior is preserved. The spec also requires that if we must fail back an HTLC, the ChannelUpdate must use the SCID of whatever was in the onion, to avoid a privacy leak. This is also done by passing in the relevant SCID to the mailbox and link. Lnd will also cancel back on the "incoming" side if the InterceptableSwitch was used or if the link failed to decrypt the onion. In this case, we are cautious and replace the SCID if an alias exists.
2022-04-04 22:44:51 +02:00
return lnwire.NewTemporaryChannelFailure(upd)
}
htlcswitch: extract failure message creation
2019-09-27 16:01:18 +02:00
failure := l.createFailureWithUpdate(
server+htlcswitch: prevent privacy leaks, allow alias routing This intent of this change is to prevent privacy leaks when routing with aliases and also to allow routing when using an alias. The aliases are our aliases. Introduces are two maps: * aliasToReal: This is an N->1 mapping for a channel. The keys are the set of aliases and the value is the confirmed, on-chain SCID. * baseIndex: This is also an N->1 mapping for a channel. The keys are the set of aliases and the value is the "base" SCID (whatever is in the OpenChannel.ShortChannelID field). There is also a base->base mapping, so not all keys are aliases. The above maps are populated when a link is added to the switch and when the channel has confirmed on-chain. The maps are not removed from if the link is removed, but this is fine since forwarding won't occur. * getLinkByMapping This function is introduced to adhere to the spec requirements that using the confirmed SCID of a private, scid-alias-feature-bit channel does not work. Lnd implements a stricter version of the spec and disallows this behavior if the feature-bit was negotiated, rather than just the channel type. The old, privacy-leak behavior is preserved. The spec also requires that if we must fail back an HTLC, the ChannelUpdate must use the SCID of whatever was in the onion, to avoid a privacy leak. This is also done by passing in the relevant SCID to the mailbox and link. Lnd will also cancel back on the "incoming" side if the InterceptableSwitch was used or if the link failed to decrypt the onion. In this case, we are cautious and replace the SCID if an alias exists.
2022-04-04 22:44:51 +02:00
true, hop.Source, cb,
htlcswitch+server: ensure we always send an update w/ a TempChannelFailure In this commit, we ensure that any time we send a TempChannelFailure that's destined for a multi-hop source sender, then we'll always package the latest channel update along with it.
2018-05-08 05:00:32 +02:00
)
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
htlcswitch: eliminate unnecessary indentation in processRemoteAdds In this commit, we remove a ton of unnecessary indentation in the processRemoteAdds method. Before this commit, we had a switch statement on the type of the entry. This was required before when the method was generic, but now since we already know that it’s an Add, we no longer require such a statement.
2018-03-13 02:55:04 +01:00
l.sendHTLCError(
htlcswitch: remove PaymentDescriptor from processRemoteAdds call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:19:36 +02:00
add, sourceRef, NewLinkError(failure),
obfuscator, false,
htlcswitch: eliminate unnecessary indentation in processRemoteAdds In this commit, we remove a ton of unnecessary indentation in the processRemoteAdds method. Before this commit, we had a switch statement on the type of the entry. This was required before when the method was generic, but now since we already know that it’s an Add, we no longer require such a statement.
2018-03-13 02:55:04 +01:00
)
continue
}
// Now that this add has been reprocessed, only append
// it to our list of packets to forward to the switch
// this is the first time processing the add. If the
// fwd pkg has already been processed, then we entered
// the above section to recreate a previous error. If
// the packet had previously been forwarded, it would
// have been added to switchPackets at the top of this
// section.
if fwdPkg.State == channeldb.FwdStateLockedIn {
htlcswitch: add receiver-side inbound fee support
2022-09-19 12:06:34 +02:00
inboundFee := l.cfg.FwrdingPolicy.InboundFee
multi: use wire records on payment and intercept flows
2024-04-16 12:29:15 +02:00
//nolint:lll
htlcswitch: eliminate unnecessary indentation in processRemoteAdds In this commit, we remove a ton of unnecessary indentation in the processRemoteAdds method. Before this commit, we had a switch statement on the type of the entry. This was required before when the method was generic, but now since we already know that it’s an Add, we no longer require such a statement.
2018-03-13 02:55:04 +01:00
updatePacket := &htlcPacket{
multi: use wire records on payment and intercept flows
2024-04-16 12:29:15 +02:00
incomingChanID: l.ShortChanID(),
htlcswitch: remove PaymentDescriptor from processRemoteAdds call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:19:36 +02:00
incomingHTLCID: add.ID,
multi: use wire records on payment and intercept flows
2024-04-16 12:29:15 +02:00
outgoingChanID: fwdInfo.NextHop,
htlcswitch: remove PaymentDescriptor from processRemoteAdds call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:19:36 +02:00
sourceRef: &sourceRef,
incomingAmount: add.Amount,
multi: use wire records on payment and intercept flows
2024-04-16 12:29:15 +02:00
amount: addMsg.Amount,
htlc: addMsg,
obfuscator: obfuscator,
htlcswitch: remove PaymentDescriptor from processRemoteAdds call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:19:36 +02:00
incomingTimeout: add.Expiry,
multi: use wire records on payment and intercept flows
2024-04-16 12:29:15 +02:00
outgoingTimeout: fwdInfo.OutgoingCTLV,
inOnionCustomRecords: pld.CustomRecords(),
inboundFee: inboundFee,
htlcswitch: remove PaymentDescriptor from processRemoteAdds call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:19:36 +02:00
inWireCustomRecords: add.CustomRecords.Copy(),
htlcswitch: Remove constructor functions for htlcPacket. The constructor functions have no additional logic other than passing function parameters into struct fields. Given the large function signatures, it is more clear to directly construct the htlcPacket in client code than call a function with lots of positional arguments.
2017-10-24 08:18:26 +02:00
}
htlcswitch: eliminate unnecessary indentation in processRemoteAdds In this commit, we remove a ton of unnecessary indentation in the processRemoteAdds method. Before this commit, we had a switch statement on the type of the entry. This was required before when the method was generic, but now since we already know that it’s an Add, we no longer require such a statement.
2018-03-13 02:55:04 +01:00
fwdPkg.FwdFilter.Set(idx)
switchPackets = append(switchPackets,
updatePacket)
htlcswitch: move onion blob processing Step №4 in making htlcManager (aka channelLink) testable: This step consist of two: 1. Start using the hop iterator abstraction, the concrete implementation of which will be added later, basically it will we the same sphinx onion packet processor, but wrapped in hop iterator abstraction. 2. The RevokAndAck processing part have been replaced by the "processLockedInHtlcs" function which implement the same logic, but make it a bit simpler. Such changes will allow as to get rid of the the unnecessary variables.
2017-05-03 17:57:13 +02:00
}
}
}
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
// Commit the htlcs we are intending to forward if this package has not
// been fully processed.
if fwdPkg.State == channeldb.FwdStateLockedIn {
err := l.channel.SetFwdFilter(fwdPkg.Height, fwdPkg.FwdFilter)
if err != nil {
multi: update linter, fix new issues
2024-08-20 12:46:24 +02:00
l.failf(LinkFailureError{code: ErrInternalError},
htlcswitch/link: make fail() call OnChannelFailure with LinkFailureError Adds a new closure OnChannelFailure to the link config, which is called when the link fails. This function closure should use the given LinkFailureError to properly force close the channel, send an error to the peer, and disconnect the peer.
2018-05-09 15:49:58 +02:00
"unable to set fwd filter: %v", err)
htlcswitch+lnwallet: replace updateNeeded by check on channel itself Instead of tracking local updates in a separate link variable, query this state from the channel itself. This commit also fixes the issue where the commit tx was not updated anymore after a failed first attempt because the revocation window was closed. Also those pending updates will be taken into account when the remote party revokes.
2019-04-10 13:10:25 +02:00
return
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
}
}
if len(switchPackets) == 0 {
htlcswitch+lnwallet: replace updateNeeded by check on channel itself Instead of tracking local updates in a separate link variable, query this state from the channel itself. This commit also fixes the issue where the commit tx was not updated anymore after a failed first attempt because the revocation window was closed. Also those pending updates will be taken into account when the remote party revokes.
2019-04-10 13:10:25 +02:00
return
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
}
htlcswitch: add an always on mode to interceptable switch Co-authored-by: Juan Pablo Civile <elementohb@gmail.com>
2022-02-03 15:34:25 +01:00
replay := fwdPkg.State != channeldb.FwdStateLockedIn
l.log.Debugf("forwarding %d packets to switch: replay=%v",
len(switchPackets), replay)
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
htlcswitch/link: ensure circuits are committed in-order This commit makes the call to forwardBatch after locking in Adds synchronous. This ensures that circuits for any Add packets are added to the switch in the same order that they are prescribed in the channel state. Though it is very unlikely this case would arise, it may happen under more greater loads. In addition, this also makes some trivial optimizations wrt. to not spawning unnecessary goroutines if no settle/fail packets are locked in.
2018-05-08 05:55:07 +02:00
// NOTE: This call is made synchronous so that we ensure all circuits
// are committed in the exact order that they are processed in the link.
// Failing to do this could cause reorderings/gaps in the range of
// opened circuits, which violates assumptions made by the circuit
// trimming.
htlcswitch: add an always on mode to interceptable switch Co-authored-by: Juan Pablo Civile <elementohb@gmail.com>
2022-02-03 15:34:25 +01:00
l.forwardBatch(replay, switchPackets...)
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
}
htlcswitch: extract exit hop processing to method
2019-02-08 10:01:54 +01:00
// processExitHop handles an htlc for which this link is the exit hop. It
// returns a boolean indicating whether the commitment tx needs an update.
htlcswitch: remove PaymentDescriptor from the processExitHop's call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:02:51 +02:00
func (l *channelLink) processExitHop(add lnwire.UpdateAddHTLC,
sourceRef channeldb.AddRef, obfuscator hop.ErrorEncrypter,
fwdInfo hop.ForwardingInfo, heightNow uint32,
payload invoices.Payload) error {
htlcswitch: extract exit hop processing to method
2019-02-08 10:01:54 +01:00
// If hodl.ExitSettle is requested, we will not validate the final hop's
// ADD, nor will we settle the corresponding invoice or respond with the
// preimage.
multi: remove debug invoices Debug invoices are rarely used nowadays, but keep asking for maintenance every time refactoring in primarily the invoice registry occurs. We have passed the cost/benefit tipping point, so therefore the debug invoice concept is removed in this commit. Previously the debughtlc flag also controlled whether hodl masks were active. It is safe to remove that additional condition because the hodl masks are still guarded by the dev build tag.
2019-08-14 19:57:31 +02:00
if l.cfg.HodlMask.Active(hodl.ExitSettle) {
htlcswitch: increase logs
2024-10-31 17:35:27 +01:00
l.log.Warnf("%s for htlc(rhash=%x,htlcIndex=%v)",
hodl.ExitSettle.Warning(), add.PaymentHash, add.ID)
htlcswitch: extract exit hop processing to method
2019-02-08 10:01:54 +01:00
htlcswitch+lnwallet: replace updateNeeded by check on channel itself Instead of tracking local updates in a separate link variable, query this state from the channel itself. This commit also fixes the issue where the commit tx was not updated anymore after a failed first attempt because the revocation window was closed. Also those pending updates will be taken into account when the remote party revokes.
2019-04-10 13:10:25 +02:00
return nil
htlcswitch: extract exit hop processing to method
2019-02-08 10:01:54 +01:00
}
// As we're the exit hop, we'll double check the hop-payload included in
// the HTLC to ensure that it was crafted correctly by the sender and
htlcswitch: relax final onion packet check The spec allows the final HTLC value and CLTV expiry to exceed the value and expiry specified in the payload of the last hop of the onion packet. We were over-restricting it to require that it matches exactly.
2023-06-14 22:02:34 +02:00
// is compatible with the HTLC we were extended.
htlcswitch: override amount check on custom records
2024-05-23 13:26:32 +02:00
//
// For a special case, if the fwdInfo doesn't have any blinded path
// information, and the incoming HTLC had special extra data, then
// we'll skip this amount check. The invoice acceptor will make sure we
// reject the HTLC if it's not containing the correct amount after
// examining the custom data.
hasBlindedPath := fwdInfo.NextBlinding.IsSome()
customHTLC := len(add.CustomRecords) > 0 && !hasBlindedPath
log.Tracef("Exit hop has_blinded_path=%v custom_htlc_bypass=%v",
hasBlindedPath, customHTLC)
if !customHTLC && add.Amount < fwdInfo.AmountToForward {
htlcswitch: relax final onion packet check The spec allows the final HTLC value and CLTV expiry to exceed the value and expiry specified in the payload of the last hop of the onion packet. We were over-restricting it to require that it matches exactly.
2023-06-14 22:02:34 +02:00
l.log.Errorf("onion payload of incoming htlc(%x) has "+
htlcswitch: remove PaymentDescriptor from the processExitHop's call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:02:51 +02:00
"incompatible value: expected <=%v, got %v",
add.PaymentHash, add.Amount, fwdInfo.AmountToForward)
htlcswitch: extract exit hop processing to method
2019-02-08 10:01:54 +01:00
htlcswitch: add failure details to incoming failures This commit adds LinkErrors with failure details to htlcs which fail on our incoming link. This change is made with the intention of notifying detailed htlc failure reasons in sendHTLCError. The FailureDetail interface is implemented on FailureResolutionResults so that they can directly be used to enrich LinkErrors. sendHtlcError is updated to take a LinkError in preparation for the addition of a htlcnotifier which will notify the detail of the error.
2020-02-06 18:35:17 +01:00
failure := NewLinkError(
htlcswitch: remove PaymentDescriptor from the processExitHop's call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:02:51 +02:00
lnwire.NewFinalIncorrectHtlcAmount(add.Amount),
htlcswitch: add failure details to incoming failures This commit adds LinkErrors with failure details to htlcs which fail on our incoming link. This change is made with the intention of notifying detailed htlc failure reasons in sendHTLCError. The FailureDetail interface is implemented on FailureResolutionResults so that they can directly be used to enrich LinkErrors. sendHtlcError is updated to take a LinkError in preparation for the addition of a htlcnotifier which will notify the detail of the error.
2020-02-06 18:35:17 +01:00
)
htlcswitch: remove PaymentDescriptor from the processExitHop's call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:02:51 +02:00
l.sendHTLCError(add, sourceRef, failure, obfuscator, true)
htlcswitch: extract exit hop processing to method
2019-02-08 10:01:54 +01:00
htlcswitch+lnwallet: replace updateNeeded by check on channel itself Instead of tracking local updates in a separate link variable, query this state from the channel itself. This commit also fixes the issue where the commit tx was not updated anymore after a failed first attempt because the revocation window was closed. Also those pending updates will be taken into account when the remote party revokes.
2019-04-10 13:10:25 +02:00
return nil
htlcswitch: extract exit hop processing to method
2019-02-08 10:01:54 +01:00
}
// We'll also ensure that our time-lock value has been computed
cnct+htlcswitch+invoices: move invoice parameter check out of link This commit is the final step in making the link unaware of invoices. It now purely offers the htlc to the invoice registry and follows instructions from the invoice registry about how and when to respond to the htlc. The change also fixes a bug where upon restart, hodl htlcs were subjected to the invoice minimum cltv delta requirement again. If the block height has increased in the mean while, the htlc would be canceled back. Furthermore the invoice registry interaction is aligned between link and contract resolvers.
2019-04-16 12:11:20 +02:00
// correctly.
htlcswitch: remove PaymentDescriptor from the processExitHop's call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:02:51 +02:00
if add.Expiry < fwdInfo.OutgoingCTLV {
htlcswitch: relax final onion packet check The spec allows the final HTLC value and CLTV expiry to exceed the value and expiry specified in the payload of the last hop of the onion packet. We were over-restricting it to require that it matches exactly.
2023-06-14 22:02:34 +02:00
l.log.Errorf("onion payload of incoming htlc(%x) has "+
"incompatible time-lock: expected <=%v, got %v",
htlcswitch: remove PaymentDescriptor from the processExitHop's call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:02:51 +02:00
add.PaymentHash, add.Expiry, fwdInfo.OutgoingCTLV)
htlcswitch: extract exit hop processing to method
2019-02-08 10:01:54 +01:00
htlcswitch: add failure details to incoming failures This commit adds LinkErrors with failure details to htlcs which fail on our incoming link. This change is made with the intention of notifying detailed htlc failure reasons in sendHTLCError. The FailureDetail interface is implemented on FailureResolutionResults so that they can directly be used to enrich LinkErrors. sendHtlcError is updated to take a LinkError in preparation for the addition of a htlcnotifier which will notify the detail of the error.
2020-02-06 18:35:17 +01:00
failure := NewLinkError(
htlcswitch: remove PaymentDescriptor from the processExitHop's call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:02:51 +02:00
lnwire.NewFinalIncorrectCltvExpiry(add.Expiry),
htlcswitch: add failure details to incoming failures This commit adds LinkErrors with failure details to htlcs which fail on our incoming link. This change is made with the intention of notifying detailed htlc failure reasons in sendHTLCError. The FailureDetail interface is implemented on FailureResolutionResults so that they can directly be used to enrich LinkErrors. sendHtlcError is updated to take a LinkError in preparation for the addition of a htlcnotifier which will notify the detail of the error.
2020-02-06 18:35:17 +01:00
)
htlcswitch: remove PaymentDescriptor from sendHTLCError's call signature This is done as part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 21:45:35 +02:00
htlcswitch: remove PaymentDescriptor from the processExitHop's call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:02:51 +02:00
l.sendHTLCError(add, sourceRef, failure, obfuscator, true)
htlcswitch: extract exit hop processing to method
2019-02-08 10:01:54 +01:00
htlcswitch+lnwallet: replace updateNeeded by check on channel itself Instead of tracking local updates in a separate link variable, query this state from the channel itself. This commit also fixes the issue where the commit tx was not updated anymore after a failed first attempt because the revocation window was closed. Also those pending updates will be taken into account when the remote party revokes.
2019-04-10 13:10:25 +02:00
return nil
htlcswitch: extract exit hop processing to method
2019-02-08 10:01:54 +01:00
}
htlcswitch: abtract invoice from link This commit detaches signaling the invoice registry that an htlc was locked in from the actually settling of the htlc. It is a preparation for hodl invoices.
2019-02-20 12:11:15 +01:00
// Notify the invoiceRegistry of the exit hop htlc. If we crash right
// after this, this code will be re-executed after restart. We will
// receive back a resolution event.
htlcswitch: remove PaymentDescriptor from the processExitHop's call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:02:51 +02:00
invoiceHash := lntypes.Hash(add.PaymentHash)
cnct+htlcswitch+invoices: move invoice parameter check out of link This commit is the final step in making the link unaware of invoices. It now purely offers the htlc to the invoice registry and follows instructions from the invoice registry about how and when to respond to the htlc. The change also fixes a bug where upon restart, hodl htlcs were subjected to the invoice minimum cltv delta requirement again. If the block height has increased in the mean while, the htlc would be canceled back. Furthermore the invoice registry interaction is aligned between link and contract resolvers.
2019-04-16 12:11:20 +02:00
multi: create channeldb/models package Add a new subpackage to `lnd/channeldb` to hold some of the types that are used in the package itself and in other packages that should not depend on `channeldb`.
2022-11-18 12:15:22 +01:00
circuitKey := models.CircuitKey{
cnct+htlcswitch+invoices: report circuit key to invoice registry Currently the invoice registry cannot tell apart the htlcs that pay to an invoice. Because htlcs may also be replayed on startup, it isn't possible to determine the total amount paid to an invoice. This commit is a first step towards fixing that. It reports the circuit keys of htlcs to the invoice registry, which forms the basis for accurate invoice accounting.
2019-08-08 15:48:31 +02:00
ChanID: l.ShortChanID(),
htlcswitch: remove PaymentDescriptor from the processExitHop's call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:02:51 +02:00
HtlcID: add.ID,
cnct+htlcswitch+invoices: report circuit key to invoice registry Currently the invoice registry cannot tell apart the htlcs that pay to an invoice. Because htlcs may also be replayed on startup, it isn't possible to determine the total amount paid to an invoice. This commit is a first step towards fixing that. It reports the circuit keys of htlcs to the invoice registry, which forms the basis for accurate invoice accounting.
2019-08-08 15:48:31 +02:00
}
htlcswitch: abtract invoice from link This commit detaches signaling the invoice registry that an htlc was locked in from the actually settling of the htlc. It is a preparation for hodl invoices.
2019-02-20 12:11:15 +01:00
event, err := l.cfg.Registry.NotifyExitHopHtlc(
htlcswitch: remove PaymentDescriptor from the processExitHop's call signature This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:02:51 +02:00
invoiceHash, add.Amount, add.Expiry, int32(heightNow),
multi: pass `UpdateAddHtlc` message custom records to invoice modifier
2024-05-08 19:17:05 +02:00
circuitKey, l.hodlQueue.ChanIn(), add.CustomRecords, payload,
htlcswitch: abtract invoice from link This commit detaches signaling the invoice registry that an htlc was locked in from the actually settling of the htlc. It is a preparation for hodl invoices.
2019-02-20 12:11:15 +01:00
)
multi: replace errInvoiceNotFound with resolution result This commit moves handling of invoice not found errors into NotifyExitHopHtlc and exposes a resolution result to the calling functions. The intention of this change is to make calling functions as naive of the invoice registry's mechanics as possible. When NotifyExitHopHtlc is called and an invoice is not found, calling functions can take action based on the HtlcResolution's InvoiceNotFound outcome rather than having to add a special error check on every call to handle the error.
2019-12-20 11:25:08 +01:00
if err != nil {
htlcswitch+lnwallet: replace updateNeeded by check on channel itself Instead of tracking local updates in a separate link variable, query this state from the channel itself. This commit also fixes the issue where the commit tx was not updated anymore after a failed first attempt because the revocation window was closed. Also those pending updates will be taken into account when the remote party revokes.
2019-04-10 13:10:25 +02:00
return err
htlcswitch: extract exit hop processing to method
2019-02-08 10:01:54 +01:00
}
htlcswitch: hodl invoice This commit modifies the invoice registry to handle invoices for which the preimage is not known yet (hodl invoices). In that case, the resolution channel passed in from links and resolvers is stored until we either learn the preimage or want to cancel the htlc.
2019-02-11 12:01:05 +01:00
// Create a hodlHtlc struct and decide either resolved now or later.
htlcswitch: abtract invoice from link This commit detaches signaling the invoice registry that an htlc was locked in from the actually settling of the htlc. It is a preparation for hodl invoices.
2019-02-20 12:11:15 +01:00
htlc := hodlHtlc{
htlcswitch: remove PaymentDescriptor from hodlHtlc This is part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 22:05:54 +02:00
add: add,
sourceRef: sourceRef,
htlcswitch: abtract invoice from link This commit detaches signaling the invoice registry that an htlc was locked in from the actually settling of the htlc. It is a preparation for hodl invoices.
2019-02-20 12:11:15 +01:00
obfuscator: obfuscator,
}
htlcswitch: hodl invoice This commit modifies the invoice registry to handle invoices for which the preimage is not known yet (hodl invoices). In that case, the resolution channel passed in from links and resolvers is stored until we either learn the preimage or want to cancel the htlc.
2019-02-11 12:01:05 +01:00
invoices: add resolution result to htlcResolution This commit adds the resolution result obtained while updating an invoice in the registry to htlcResolution. The field can be used by calling functions to determine the outcome of the update and act appropriately.
2019-12-20 11:25:07 +01:00
// If the event is nil, the invoice is being held, so we save payment
// descriptor for future reference.
htlcswitch: hodl invoice This commit modifies the invoice registry to handle invoices for which the preimage is not known yet (hodl invoices). In that case, the resolution channel passed in from links and resolvers is stored until we either learn the preimage or want to cancel the htlc.
2019-02-11 12:01:05 +01:00
if event == nil {
htlcswitch+invoices: circuit key based hodl notifications This commit modifies hodl htlc notification from invoice registry from a single notification per hash to distinct notifications per htlc. This prepares for htlc-specific information (accept height) to be added to the notification.
2019-08-14 21:11:34 +02:00
l.hodlMap[circuitKey] = htlc
htlcswitch+lnwallet: replace updateNeeded by check on channel itself Instead of tracking local updates in a separate link variable, query this state from the channel itself. This commit also fixes the issue where the commit tx was not updated anymore after a failed first attempt because the revocation window was closed. Also those pending updates will be taken into account when the remote party revokes.
2019-04-10 13:10:25 +02:00
return nil
htlcswitch: hodl invoice This commit modifies the invoice registry to handle invoices for which the preimage is not known yet (hodl invoices). In that case, the resolution channel passed in from links and resolvers is stored until we either learn the preimage or want to cancel the htlc.
2019-02-11 12:01:05 +01:00
}
// Process the received resolution.
multi: replace htlcResolution with an interface This commit repalces the htlcResolution struct with an interface. This interface is implemeted by failure, settle and accept resolution structs. Only settles and fails are exported because the existing code that handles htlc resolutions uses a nil resolution to indicate that a htlc was accepted. The accept resolution is used internally to report on the resolution result of the accepted htlc, but a nil resolution is surfaced. Further refactoring of all the functions that call NotifyExitHopHtlc to handle a htlc accept case (rather than having a nil check) is required.
2020-02-06 18:35:10 +01:00
return l.processHtlcResolution(event, htlc)
htlcswitch: extract settle invoice into method
2019-02-08 10:57:50 +01:00
}
// settleHTLC settles the HTLC on the channel.
htlcswitch: notify local receive settles
2020-02-19 16:34:48 +01:00
func (l *channelLink) settleHTLC(preimage lntypes.Preimage,
htlcswitch: remove PaymentDescriptor from settleHTLC's call signature This is done as part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 21:48:04 +02:00
htlcIndex uint64, sourceRef channeldb.AddRef) error {
htlcswitch: extract settle invoice into method
2019-02-08 10:57:50 +01:00
hash := preimage.Hash()
htlcswitch: use prefix logger in link
2019-10-01 11:06:56 +02:00
l.log.Infof("settling htlc %v as exit hop", hash)
htlcswitch: extract settle invoice into method
2019-02-08 10:57:50 +01:00
err := l.channel.SettleHTLC(
htlcswitch: remove PaymentDescriptor from settleHTLC's call signature This is done as part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 21:48:04 +02:00
preimage, htlcIndex, &sourceRef, nil, nil,
htlcswitch: resolve invoice cancelation race condition Previously it could happen that an invoice was open at the time of the LookupInvoice call, the htlc was settled because of that, but when the SettleInvoice call was made eventually, it would fail because the invoice was canceled in the mean time. The htlc would then be settled, but the invoice not marked as such.
2019-02-18 21:27:54 +01:00
)
if err != nil {
multi: fix fmt.Errorf error wrapping Refactor fmt.Errorf usage to correctly wrap errors instead of using non-wrapping format verbs.
2024-02-26 12:19:38 +01:00
return fmt.Errorf("unable to settle htlc: %w", err)
htlcswitch: resolve invoice cancelation race condition Previously it could happen that an invoice was open at the time of the LookupInvoice call, the htlc was settled because of that, but when the SettleInvoice call was made eventually, it would fail because the invoice was canceled in the mean time. The htlc would then be settled, but the invoice not marked as such.
2019-02-18 21:27:54 +01:00
}
htlcswitch: extract exit hop processing to method
2019-02-08 10:01:54 +01:00
// If the link is in hodl.BogusSettle mode, replace the preimage with a
// fake one before sending it to the peer.
multi: remove debug invoices Debug invoices are rarely used nowadays, but keep asking for maintenance every time refactoring in primarily the invoice registry occurs. We have passed the cost/benefit tipping point, so therefore the debug invoice concept is removed in this commit. Previously the debughtlc flag also controlled whether hodl masks were active. It is safe to remove that additional condition because the hodl masks are still guarded by the dev build tag.
2019-08-14 19:57:31 +02:00
if l.cfg.HodlMask.Active(hodl.BogusSettle) {
htlcswitch: use prefix logger in link
2019-10-01 11:06:56 +02:00
l.log.Warnf(hodl.BogusSettle.Warning())
htlcswitch: extract exit hop processing to method
2019-02-08 10:01:54 +01:00
preimage = [32]byte{}
copy(preimage[:], bytes.Repeat([]byte{2}, 32))
}
// HTLC was successfully settled locally send notification about it
// remote peer.
l.cfg.Peer.SendMessage(false, &lnwire.UpdateFulfillHTLC{
ChanID: l.ChanID(),
htlcswitch: remove PaymentDescriptor from settleHTLC's call signature This is done as part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 21:48:04 +02:00
ID: htlcIndex,
htlcswitch: extract exit hop processing to method
2019-02-08 10:01:54 +01:00
PaymentPreimage: preimage,
})
htlcswitch: notify local receive settles
2020-02-19 16:34:48 +01:00
// Once we have successfully settled the htlc, notify a settle event.
l.cfg.HtlcNotifier.NotifySettleEvent(
HtlcKey{
multi: create channeldb/models package Add a new subpackage to `lnd/channeldb` to hold some of the types that are used in the package itself and in other packages that should not depend on `channeldb`.
2022-11-18 12:15:22 +01:00
IncomingCircuit: models.CircuitKey{
htlcswitch: notify local receive settles
2020-02-19 16:34:48 +01:00
ChanID: l.ShortChanID(),
htlcswitch: remove PaymentDescriptor from settleHTLC's call signature This is done as part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 21:48:04 +02:00
HtlcID: htlcIndex,
htlcswitch: notify local receive settles
2020-02-19 16:34:48 +01:00
},
},
feature: expose preimage in forward+settle event Until now, clients of SubscribeHTLCEvents didn't have access to the settled preimage. The API allows to intercept forward event and to be updated on forward events however the forward+settle event does not include the payment preimage. This pr changes allows it.
2021-06-15 21:01:24 +02:00
preimage,
htlcswitch: notify local receive settles
2020-02-19 16:34:48 +01:00
HtlcEventTypeReceive,
)
htlcswitch: extract settle invoice into method
2019-02-08 10:57:50 +01:00
return nil
htlcswitch: extract exit hop processing to method
2019-02-08 10:01:54 +01:00
}
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
// forwardBatch forwards the given htlcPackets to the switch, and waits on the
// err chan for the individual responses. This method is intended to be spawned
// as a goroutine so the responses can be handled in the background.
htlcswitch: add an always on mode to interceptable switch Co-authored-by: Juan Pablo Civile <elementohb@gmail.com>
2022-02-03 15:34:25 +01:00
func (l *channelLink) forwardBatch(replay bool, packets ...*htlcPacket) {
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
// Don't forward packets for which we already have a response in our
// mailbox. This could happen if a packet fails and is buffered in the
// mailbox, and the incoming link flaps.
var filteredPkts = make([]*htlcPacket, 0, len(packets))
for _, pkt := range packets {
if l.mailBox.HasPacket(pkt.inKey()) {
continue
htlcswitch: move onion blob processing Step №4 in making htlcManager (aka channelLink) testable: This step consist of two: 1. Start using the hop iterator abstraction, the concrete implementation of which will be added later, basically it will we the same sphinx onion packet processor, but wrapped in hop iterator abstraction. 2. The RevokAndAck processing part have been replaced by the "processLockedInHtlcs" function which implement the same logic, but make it a bit simpler. Such changes will allow as to get rid of the the unnecessary variables.
2017-05-03 17:57:13 +02:00
}
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
filteredPkts = append(filteredPkts, pkt)
htlcswitch: move onion blob processing Step №4 in making htlcManager (aka channelLink) testable: This step consist of two: 1. Start using the hop iterator abstraction, the concrete implementation of which will be added later, basically it will we the same sphinx onion packet processor, but wrapped in hop iterator abstraction. 2. The RevokAndAck processing part have been replaced by the "processLockedInHtlcs" function which implement the same logic, but make it a bit simpler. Such changes will allow as to get rid of the the unnecessary variables.
2017-05-03 17:57:13 +02:00
}
multi: link quit can interrupt commitment signing In this commit, we make sig job handling when singing a next commitment non-blocking by allowing the shutdown of a channel link to prevent further waiting on sig jobs by the channel state machine. This addresses possible cases where the aux signer may be shut down via a separate quit signal, so the state machine could block indefinitely on receiving an update on a sig job.
2024-10-17 13:38:34 +02:00
err := l.cfg.ForwardPackets(l.Quit, replay, filteredPkts...)
htlcswitch: add an always on mode to interceptable switch Co-authored-by: Juan Pablo Civile <elementohb@gmail.com>
2022-02-03 15:34:25 +01:00
if err != nil {
htlcswitch: change ForwardPackets to return error As part of the preparation to the switch interceptor feature, this function is changed to return error instead of error channel that is closed automatically. Returning an error channel has become complex to maintain and implement when adding more asynchronous flows to the switch. The change doesn't affect the current behavior which logs the errors as before.
2020-05-19 11:13:02 +02:00
log.Errorf("Unhandled error while reforwarding htlc "+
"settle/fail over htlcswitch: %v", err)
}
htlcswitch: move onion blob processing Step №4 in making htlcManager (aka channelLink) testable: This step consist of two: 1. Start using the hop iterator abstraction, the concrete implementation of which will be added later, basically it will we the same sphinx onion packet processor, but wrapped in hop iterator abstraction. 2. The RevokAndAck processing part have been replaced by the "processLockedInHtlcs" function which implement the same logic, but make it a bit simpler. Such changes will allow as to get rid of the the unnecessary variables.
2017-05-03 17:57:13 +02:00
}
lnwire+htlcswitch: minor grammatical, formatting fixes after error PR
2017-07-15 05:08:29 +02:00
// sendHTLCError functions cancels HTLC and send cancel message back to the
// peer from which HTLC was received.
htlcswitch: remove PaymentDescriptor from sendHTLCError's call signature This is done as part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 21:45:35 +02:00
func (l *channelLink) sendHTLCError(add lnwire.UpdateAddHTLC,
sourceRef channeldb.AddRef, failure *LinkError,
e hop.ErrorEncrypter, isReceive bool) {
Htlcswitch: rename Deobfuscator and Obfuscator interfaces This commit renames the Deobfuscator interface to ErrorDecrypter and the Obfuscator interface to ErrorEncrypter. With this rename, the purpose of these two interfaces are a bit clearer. Additionally, DecryptError (which was formerly Deobfuscate) now directly returns an ForwardingError type instead of the lnwire.FailureMessage.
2017-10-11 04:36:52 +02:00
htlcswitch: add failure details to incoming failures This commit adds LinkErrors with failure details to htlcs which fail on our incoming link. This change is made with the intention of notifying detailed htlc failure reasons in sendHTLCError. The FailureDetail interface is implemented on FailureResolutionResults so that they can directly be used to enrich LinkErrors. sendHtlcError is updated to take a LinkError in preparation for the addition of a htlcnotifier which will notify the detail of the error.
2020-02-06 18:35:17 +01:00
reason, err := e.EncryptFirstHop(failure.WireMessage())
htlcswitch+router: add onion error obfuscation Within the network, it's important that when an HTLC forwarding failure occurs, the recipient is notified in a timely manner in order to ensure that errors are graceful and not unknown. For that reason with accordance to BOLT №4 onion failure obfuscation have been added.
2017-06-29 15:40:45 +02:00
if err != nil {
htlcswitch: use prefix logger for remaining log statements in link
2019-10-01 11:16:24 +02:00
l.log.Errorf("unable to obfuscate error: %v", err)
htlcswitch+router: add onion error obfuscation Within the network, it's important that when an HTLC forwarding failure occurs, the recipient is notified in a timely manner in order to ensure that errors are graceful and not unknown. For that reason with accordance to BOLT №4 onion failure obfuscation have been added.
2017-06-29 15:40:45 +02:00
return
}
htlcswitch: move onion blob processing Step №4 in making htlcManager (aka channelLink) testable: This step consist of two: 1. Start using the hop iterator abstraction, the concrete implementation of which will be added later, basically it will we the same sphinx onion packet processor, but wrapped in hop iterator abstraction. 2. The RevokAndAck processing part have been replaced by the "processLockedInHtlcs" function which implement the same logic, but make it a bit simpler. Such changes will allow as to get rid of the the unnecessary variables.
2017-05-03 17:57:13 +02:00
htlcswitch: remove PaymentDescriptor from sendHTLCError's call signature This is done as part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 21:45:35 +02:00
err = l.channel.FailHTLC(add.ID, reason, &sourceRef, nil, nil)
htlcswitch: move onion blob processing Step №4 in making htlcManager (aka channelLink) testable: This step consist of two: 1. Start using the hop iterator abstraction, the concrete implementation of which will be added later, basically it will we the same sphinx onion packet processor, but wrapped in hop iterator abstraction. 2. The RevokAndAck processing part have been replaced by the "processLockedInHtlcs" function which implement the same logic, but make it a bit simpler. Such changes will allow as to get rid of the the unnecessary variables.
2017-05-03 17:57:13 +02:00
if err != nil {
htlcswitch: use prefix logger for remaining log statements in link
2019-10-01 11:16:24 +02:00
l.log.Errorf("unable cancel htlc: %v", err)
htlcswitch: move onion blob processing Step №4 in making htlcManager (aka channelLink) testable: This step consist of two: 1. Start using the hop iterator abstraction, the concrete implementation of which will be added later, basically it will we the same sphinx onion packet processor, but wrapped in hop iterator abstraction. 2. The RevokAndAck processing part have been replaced by the "processLockedInHtlcs" function which implement the same logic, but make it a bit simpler. Such changes will allow as to get rid of the the unnecessary variables.
2017-05-03 17:57:13 +02:00
return
}
htlcswitch: convert blinded failures for blinded payments
2024-04-08 21:51:15 +02:00
// Send the appropriate failure message depending on whether we're
// in a blinded route or not.
if err := l.sendIncomingHTLCFailureMsg(
htlcswitch: remove PaymentDescriptor from sendHTLCError's call signature This is done as part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 21:45:35 +02:00
add.ID, e, reason,
htlcswitch: convert blinded failures for blinded payments
2024-04-08 21:51:15 +02:00
); err != nil {
l.log.Errorf("unable to send HTLC failure: %v", err)
return
}
htlcswitch: notify incoming link failures This commit adds link failure notifications for failures which occur on our incoming link. These failures may be receives which we failed or forwards which we could not parse.
2020-02-19 16:34:47 +01:00
// Notify a link failure on our incoming link. Outgoing htlc information
// is not available at this point, because we have not decrypted the
// onion, so it is excluded.
var eventType HtlcEventType
if isReceive {
eventType = HtlcEventTypeReceive
} else {
eventType = HtlcEventTypeForward
}
l.cfg.HtlcNotifier.NotifyLinkFailEvent(
HtlcKey{
multi: create channeldb/models package Add a new subpackage to `lnd/channeldb` to hold some of the types that are used in the package itself and in other packages that should not depend on `channeldb`.
2022-11-18 12:15:22 +01:00
IncomingCircuit: models.CircuitKey{
htlcswitch: notify incoming link failures This commit adds link failure notifications for failures which occur on our incoming link. These failures may be receives which we failed or forwards which we could not parse.
2020-02-19 16:34:47 +01:00
ChanID: l.ShortChanID(),
htlcswitch: remove PaymentDescriptor from sendHTLCError's call signature This is done as part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 21:45:35 +02:00
HtlcID: add.ID,
htlcswitch: notify incoming link failures This commit adds link failure notifications for failures which occur on our incoming link. These failures may be receives which we failed or forwards which we could not parse.
2020-02-19 16:34:47 +01:00
},
},
HtlcInfo{
htlcswitch: remove PaymentDescriptor from sendHTLCError's call signature This is done as part of a systematic removal of PaymentDescriptor from the mechanics of the htlcswitch package.
2024-08-16 21:45:35 +02:00
IncomingTimeLock: add.Expiry,
IncomingAmt: add.Amount,
htlcswitch: notify incoming link failures This commit adds link failure notifications for failures which occur on our incoming link. These failures may be receives which we failed or forwards which we could not parse.
2020-02-19 16:34:47 +01:00
},
eventType,
failure,
true,
)
htlcswitch: move onion blob processing Step №4 in making htlcManager (aka channelLink) testable: This step consist of two: 1. Start using the hop iterator abstraction, the concrete implementation of which will be added later, basically it will we the same sphinx onion packet processor, but wrapped in hop iterator abstraction. 2. The RevokAndAck processing part have been replaced by the "processLockedInHtlcs" function which implement the same logic, but make it a bit simpler. Such changes will allow as to get rid of the the unnecessary variables.
2017-05-03 17:57:13 +02:00
}
peer+server+htlcswitch: add reason to disconnnect function In order to recognize exact reason of the disconnect the additional field have been added in the disconnect function.
2017-07-12 15:44:17 +02:00
htlcswitch: convert blinded failures for blinded payments
2024-04-08 21:51:15 +02:00
// sendPeerHTLCFailure handles sending a HTLC failure message back to the
// peer from which the HTLC was received. This function is primarily used to
// handle the special requirements of route blinding, specifically:
// - Forwarding nodes must switch out any errors with MalformedFailHTLC
// - Introduction nodes should return regular HTLC failure messages.
//
// It accepts the original opaque failure, which will be used in the case
// that we're not part of a blinded route and an error encrypter that'll be
// used if we are the introduction node and need to present an error as if
// we're the failing party.
func (l *channelLink) sendIncomingHTLCFailureMsg(htlcIndex uint64,
e hop.ErrorEncrypter,
originalFailure lnwire.OpaqueReason) error {
var msg lnwire.Message
switch {
// Our circuit's error encrypter will be nil if this was a locally
// initiated payment. We can only hit a blinded error for a locally
// initiated payment if we allow ourselves to be picked as the
// introduction node for our own payments and in that case we
// shouldn't reach this code. To prevent the HTLC getting stuck,
// we fail it back and log an error.
// code.
case e == nil:
msg = &lnwire.UpdateFailHTLC{
ChanID: l.ChanID(),
ID: htlcIndex,
Reason: originalFailure,
}
l.log.Errorf("Unexpected blinded failure when "+
"we are the sending node, incoming htlc: %v(%v)",
l.ShortChanID(), htlcIndex)
// For cleartext hops (ie, non-blinded/normal) we don't need any
// transformation on the error message and can just send the original.
case !e.Type().IsBlinded():
msg = &lnwire.UpdateFailHTLC{
ChanID: l.ChanID(),
ID: htlcIndex,
Reason: originalFailure,
}
// When we're the introduction node, we need to convert the error to
// a UpdateFailHTLC.
case e.Type() == hop.EncrypterTypeIntroduction:
l.log.Debugf("Introduction blinded node switching out failure "+
"error: %v", htlcIndex)
// The specification does not require that we set the onion
// blob.
lnwire+htlcswitch: change NewInvalidBlinding to use array instead of slice
2024-08-20 19:28:37 +02:00
failureMsg := lnwire.NewInvalidBlinding(
fn.None[[lnwire.OnionPacketSize]byte](),
)
htlcswitch: convert blinded failures for blinded payments
2024-04-08 21:51:15 +02:00
reason, err := e.EncryptFirstHop(failureMsg)
if err != nil {
return err
}
msg = &lnwire.UpdateFailHTLC{
ChanID: l.ChanID(),
ID: htlcIndex,
Reason: reason,
}
// If we are a relaying node, we need to switch out any error that
// we've received to a malformed HTLC error.
case e.Type() == hop.EncrypterTypeRelaying:
l.log.Debugf("Relaying blinded node switching out malformed "+
"error: %v", htlcIndex)
msg = &lnwire.UpdateFailMalformedHTLC{
ChanID: l.ChanID(),
ID: htlcIndex,
FailureCode: lnwire.CodeInvalidBlinding,
}
default:
return fmt.Errorf("unexpected encrypter: %d", e)
}
if err := l.cfg.Peer.SendMessage(false, msg); err != nil {
l.log.Warnf("Send update fail failed: %v", err)
}
return nil
}
lnwire+htlcswitch: minor grammatical, formatting fixes after error PR
2017-07-15 05:08:29 +02:00
// sendMalformedHTLCError helper function which sends the malformed HTLC update
htlcswitch+router: add onion error obfuscation Within the network, it's important that when an HTLC forwarding failure occurs, the recipient is notified in a timely manner in order to ensure that errors are graceful and not unknown. For that reason with accordance to BOLT №4 onion failure obfuscation have been added.
2017-06-29 15:40:45 +02:00
// to the payment sender.
lnwallet: Change channel update methods to accept HTLC ID. Previously, some methods on a LightningChannel like SettleHTLC and FailHTLC would identify HTLCs by payment hash. This would not always work correctly if there are multiple HTLCs with the same payment hash, so instead we change these methods to identify HTLCs by their unique identifiers instead.
2017-10-24 09:48:52 +02:00
func (l *channelLink) sendMalformedHTLCError(htlcIndex uint64,
htlcswitch: change sendMalformedHTLCError to take array instead of slice
2024-08-20 19:01:34 +02:00
code lnwire.FailCode, onionBlob [lnwire.OnionPacketSize]byte,
sourceRef *channeldb.AddRef) {
htlcswitch+lnwallet: add malformed payment descriptor
2017-08-14 13:21:57 +02:00
htlcswitch: change sendMalformedHTLCError to take array instead of slice
2024-08-20 19:01:34 +02:00
shaOnionBlob := sha256.Sum256(onionBlob[:])
htlcswitch/link: batches processing of locked in htlcs
2017-11-27 08:20:17 +01:00
err := l.channel.MalformedFailHTLC(htlcIndex, code, shaOnionBlob, sourceRef)
htlcswitch+router: add onion error obfuscation Within the network, it's important that when an HTLC forwarding failure occurs, the recipient is notified in a timely manner in order to ensure that errors are graceful and not unknown. For that reason with accordance to BOLT №4 onion failure obfuscation have been added.
2017-06-29 15:40:45 +02:00
if err != nil {
htlcswitch: use prefix logger for remaining log statements in link
2019-10-01 11:16:24 +02:00
l.log.Errorf("unable cancel htlc: %v", err)
htlcswitch+router: add onion error obfuscation Within the network, it's important that when an HTLC forwarding failure occurs, the recipient is notified in a timely manner in order to ensure that errors are graceful and not unknown. For that reason with accordance to BOLT №4 onion failure obfuscation have been added.
2017-06-29 15:40:45 +02:00
return
}
htlcswitch/link: upgrade to use lnpeer.Peer.SendMessage
2018-06-08 05:17:15 +02:00
l.cfg.Peer.SendMessage(false, &lnwire.UpdateFailMalformedHTLC{
htlcswitch+router: add onion error obfuscation Within the network, it's important that when an HTLC forwarding failure occurs, the recipient is notified in a timely manner in order to ensure that errors are graceful and not unknown. For that reason with accordance to BOLT №4 onion failure obfuscation have been added.
2017-06-29 15:40:45 +02:00
ChanID: l.ChanID(),
lnwallet: Change channel update methods to accept HTLC ID. Previously, some methods on a LightningChannel like SettleHTLC and FailHTLC would identify HTLCs by payment hash. This would not always work correctly if there are multiple HTLCs with the same payment hash, so instead we change these methods to identify HTLCs by their unique identifiers instead.
2017-10-24 09:48:52 +02:00
ID: htlcIndex,
htlcswitch+lnwallet: add malformed payment descriptor
2017-08-14 13:21:57 +02:00
ShaOnionBlob: shaOnionBlob,
htlcswitch+router: add onion error obfuscation Within the network, it's important that when an HTLC forwarding failure occurs, the recipient is notified in a timely manner in order to ensure that errors are graceful and not unknown. For that reason with accordance to BOLT №4 onion failure obfuscation have been added.
2017-06-29 15:40:45 +02:00
FailureCode: code,
htlcswitch/link: upgrade to use lnpeer.Peer.SendMessage
2018-06-08 05:17:15 +02:00
})
htlcswitch+router: add onion error obfuscation Within the network, it's important that when an HTLC forwarding failure occurs, the recipient is notified in a timely manner in order to ensure that errors are graceful and not unknown. For that reason with accordance to BOLT №4 onion failure obfuscation have been added.
2017-06-29 15:40:45 +02:00
}
multi: update linter, fix new issues
2024-08-20 12:46:24 +02:00
// failf is a function which is used to encapsulate the action necessary for
htlcswitch/link: make fail() call OnChannelFailure with LinkFailureError Adds a new closure OnChannelFailure to the link config, which is called when the link fails. This function closure should use the given LinkFailureError to properly force close the channel, send an error to the peer, and disconnect the peer.
2018-05-09 15:49:58 +02:00
// properly failing the link. It takes a LinkFailureError, which will be passed
// to the OnChannelFailure closure, in order for it to determine if we should
// force close the channel, and if we should send an error message to the
// remote peer.
multi: update linter, fix new issues
2024-08-20 12:46:24 +02:00
func (l *channelLink) failf(linkErr LinkFailureError, format string,
a ...interface{}) {
htlcswitch: replace errors package implementation
2024-04-06 02:08:38 +02:00
reason := fmt.Errorf(format, a...)
htlcswitch/link: add failed variable to ensure exit
2018-05-23 15:14:46 +02:00
// Return if we have already notified about a failure.
if l.failed {
htlcswitch: log in lower case
2019-10-02 15:53:29 +02:00
l.log.Warnf("ignoring link failure (%v), as link already "+
htlcswitch: use prefix logger in link
2019-10-01 11:06:56 +02:00
"failed", reason)
htlcswitch/link: add failed variable to ensure exit
2018-05-23 15:14:46 +02:00
return
}
htlcswitch: add causing error to log and err msg
2020-03-05 15:57:28 +01:00
l.log.Errorf("failing link: %s with error: %v", reason, linkErr)
htlcswitch/link: add failed variable to ensure exit
2018-05-23 15:14:46 +02:00
// Set failed, such that we won't process any more updates, and notify
// the peer about the failure.
l.failed = true
htlcswitch/link: make fail() call OnChannelFailure with LinkFailureError Adds a new closure OnChannelFailure to the link config, which is called when the link fails. This function closure should use the given LinkFailureError to properly force close the channel, send an error to the peer, and disconnect the peer.
2018-05-09 15:49:58 +02:00
l.cfg.OnChannelFailure(l.ChanID(), l.ShortChanID(), linkErr)
htlcswitch+router: add onion error obfuscation Within the network, it's important that when an HTLC forwarding failure occurs, the recipient is notified in a timely manner in order to ensure that errors are graceful and not unknown. For that reason with accordance to BOLT №4 onion failure obfuscation have been added.
2017-06-29 15:40:45 +02:00
}
htlcswitch: expose custom channel blob from link
2024-05-02 16:52:47 +02:00
// FundingCustomBlob returns the custom funding blob of the channel that this
// link is associated with. The funding blob represents static information about
// the channel that was created at channel funding time.
func (l *channelLink) FundingCustomBlob() fn.Option[tlv.Blob] {
if l.channel == nil {
return fn.None[tlv.Blob]()
}
if l.channel.State() == nil {
return fn.None[tlv.Blob]()
}
return l.channel.State().CustomBlob
}
// CommitmentCustomBlob returns the custom blob of the current local commitment
// of the channel that this link is associated with.
func (l *channelLink) CommitmentCustomBlob() fn.Option[tlv.Blob] {
if l.channel == nil {
return fn.None[tlv.Blob]()
}
return l.channel.LocalCommitmentBlob()
}
Reference in New Issue Copy Permalink