-
Notifications
You must be signed in to change notification settings - Fork 493
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bolt7: add channel update flag for scid alias #999
Conversation
What does this mean? You should never "wait" for a channel_announcement - if you receive a channel_update first you should drop it on the floor and ignore it (unless its your own channel/direct peer).
If you have a channel_announcement first and the channel_update matches the announcement and what's on-chain, then you're done. Not sure why this matters. |
I don't think this helps the lnd implementation any since we know which SCID aliases we are using for a given channel |
Sorry, this was poorly phrased. We validate Mostly what we'd like is to be able to properly type Being able to properly type It's trivial for senders to set this bit, it remove some ambiguity in how the message is interpreted, so it feels like a useful change? |
But as a receiver, when you receive a |
Yes, we have to lookup that we know of the alias, but I think this patch doesn't get rid of that except if the update designates that the SCID is not an alias -- If I receive an update saying this is for an alias, I still need to check my maps to check that the alias exists? |
Okay, I still don't see how this proposal materially helps you? If you haven't received/aren't processing the channel_announcement you can still drop the channel_update. Even if you don't want to reach ahead to implement that, presumably you have some anti-DoS mechanism to limit the queue size, can you not simply let the queue fill with these updates and drop them as new updates come in?
But the answer is usually "both" - yes, it may be a channel update for a local channel, but that doesn't mean you don't have to also handle it as gossip, in general you need to handle all gossip for your public channels in both ways. |
Lnd uses a range of [16_000_000, 16_250_000] and if we receive a value in that range, we know it's an alias so it serves the same purpose as this SCID bit |
Yes, that's true. But having the bit set lets us save one lookup in an internal table for one of the cases (which exact lookup you save depends on what you check first when you receive a Granted, this is something we can live without. It's not so much about the optimization of one call to a lookup table, but rather the ability of strongly typing
But when you have a lot of private channels (which is the case for LSPs), you receive many private |
What?!? But you can't expect other implementations to use exactly that range (and we expect our node to be able to handle more than 250k channels with wallets, so we'd need a bigger range than that)! A specified bit that everybody agrees on is widely better than a heuristic that will work only for lnd... |
It's like 2^58 possible SCIDs, that's just the block range. Since the counter-party only sends my aliases during gossip, this is fine - lnd stores counter-party aliases in a separate table and JIT inserts the alias in the gossip message if necessary? Rust-lightning was able to handle our SCID range just fine EDIT: I see your point, you may not use an obvious range, so you always have to query your mapping to determine if it's an alias |
Right, I guess my reaction here is more that its not strongly-typed as a result, you've taken one of many different cases (public-our-channel, public-not-our-channel, nonpublic-our-channel, nonpublic-alias-our-channel) and flagged it, but you haven't flagged the other cases, which have similar handling issues/concerns. If we want to strongly-type this we should flag more than just this type. |
Ok, I didn't understand that this was the range of the You're also completely right that we only care about the range we use for our own aliases, because the only |
Bleh, why not use realistic values? Especially post-taproot-in-use its a nice privacy win to do so. |
It's true, it isn't perfect, but it's already better than nothing, because it lets you immediately identify |
No? If you receive a channel_update for a private channel today with a real SCID you have the same issue. I'm not sure how SCID aliases changed anything, but I'd be happy to see the flag repurposed to indicate more so that this could be implemented. |
Less chance of me messing something up in a tricky part of the codebase
is it not necessary to validate the announcement for public 0-conf after 6 confs? |
Yes you should, but after 6-conf the
Do you mean that we should add the following message flags to make this more useful?
If so I'd be happy to add them. I should experiment a bit more with the code to see if those are the only ones we need, does this look correct to you? |
Yes, that's my alternative proposal here. |
Thinking about this more, I'm not sure we need more flags. Correct me if I'm missing something, but I believe the only thing we want to know is: "is this channel update supposed to stay private between me and my peer?". There are two cases where that is true:
The |
Yes, agreed, I just figured the extra flag distinction may be useful to someone so might as well, but I don't feel strongly about that.
Hmm, maybe? That's a good point I hadn't thought about that. I'm maybe a bit dubious that we should add a flag for something that people rely on meaning X, when the protocol allows it to mean Y, even though it usually means X. That seems like a great way to mis-implement it. |
The issue is that an additional
Are you talking about the I think I'd rather add only this flag to the spec, wait for 6 months until enough nodes on the network advertise support for
WDYT? |
I mean this isn't entirely true, scid aliases have been deployed in LDK for some time now, but, sure, its not super broad and those users upgrade quickly currently. Still, I think the broader point is that this flag is really a hint to the recipient to skip the processing of it as if it were about a public channel, which doesn't really need backwards compatibility?
Well, no, you're talking about using it for Y here, where Y is "skip the processing of this message as if it were a public channel". Its defined around the SCID being an alias, but the change in handling is presumably only on the public-graph part of the codebase?
Sure, but you can do the same whether the bit(s) are defined as uses-alias as you can do if the bits are defined more generally. |
I didn't know it had been deployed so soon after the spec PR was merged, it indeed means we'll need those early adopters to upgrade quickly.
My point is that with this exact flag + making |
Seems like the meeting conclusion here was to either use a flag to mean "not public channel update" or have two flags as I'd proposed. Is that what you took away form the conversation? |
0d10541
to
d89fcd5
Compare
Add a message flag to channel update to specify that an update is private and should not be rebroadcast to other nodes. We log an error if a private channel update gets into the rebroadcast list. See lightning/bolts#999
Add a message flag to channel update to specify that an update is private and should not be rebroadcast to other nodes. We log an error if a private channel update gets into the rebroadcast list. See lightning/bolts#999
Add a message flag to channel update to specify that an update is private and should not be rebroadcast to other nodes. We log an error if a private channel update gets into the rebroadcast list. See lightning/bolts#999
Add a message flag to channel update to specify that an update is private and should not be rebroadcast to other nodes. We log an error if a private channel update gets into the rebroadcast list. See lightning/bolts#999
Ack, this seems good. Closes 996... |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM 🍬
This is implemented in ACINQ/eclair#2362, let me know if you want me to do cross-compat tests between eclair and another implementation! |
Add a message flag to channel update to specify that an update is private and should not be rebroadcast to other nodes. We log an error if a private channel update gets into the rebroadcast list. See lightning/bolts#999
After the merge of this PR, the spec no longer describes what
In particular, I think it would be helpful to restore the following two lines to somewhere in the spec:
It looks to me like the PR that this PR superseded did that: #996 FWIW, I noticed this when trying to confirm my understanding of Alternatively, maybe the term should be added to the glossary in BOLT0 |
Thanks @harding, you're right this is my mistake! I'll correct that with a follow-up PR. |
Requirements for the htlc_maximum_msat field in channel_update were inadvertently removed by lightning#999 (this PR meant to make this field mandatory, not removed explanations about what it does).
Requirements for the htlc_maximum_msat field in channel_update were inadvertently removed by #999 (this PR meant to make this field mandatory, not removed explanations about what it does).
Add a message flag to channel update to specify that an update is private and should not be rebroadcast to other nodes. We log an error if a private channel update gets into the rebroadcast list. See lightning/bolts#999
Since #910, nodes are allowed to use aliases instead of real scids. It would be quite helpful to be explicit about it and set a flag in
channel_update
when an alias is used instead of a real scid for a few reasons:channel_update
is meant to be kept private and can internally store it separately from "real" channel updates without requiring a lookup into an internal mapping tableWe also make the
htlc_maximum_msat
field mandatory: every node on the network currently sets it, so we can simplify message parsing. This makes this PR an alternative to #996@cdecker @TheBlueMatt @Crypt-iQ is that message flag helpful for your implementation's router logic?
DAMN I could have gotten PR number 1000, I'm always off-by-one (unless there was a PR number 0)