Allow configurable min_final_cltv_expiry_delta
#1878
Conversation
dunxen
force-pushed
the
2022-11-config-minfinalcltvexpiry
branch
3 times, most recently
from
a297bba to
354fab2
Compare
dunxen
force-pushed
the
2022-11-config-minfinalcltvexpiry
branch
2 times, most recently
from
64b8e36 to
91db879
Compare
dunxen
changed the title
min_final_cltv_expiry_deltamin_final_cltv_expiry_delta
|
Ugh, needs rebase, sorry about that. |
it's the way of the git lol |
dunxen
force-pushed
the
2022-11-config-minfinalcltvexpiry
branch
2 times, most recently
from
01197fb to
147be43
Compare
|
I went the "add param onto existing methods" route because I feel it's compatible with all utility methods. Didn't feel right at the time to create more variants of each method which also seems a bit much. I know optional params are usually not ideal. Open to ideas. |
You can have In my opinion, having this parameter as optional in |
Yeah that too, but wanted to avoid validating the value in many places and just in the lowest level internal functions, so that's why some internal functions just pass through the Option. |
dunxen
force-pushed
the
2022-11-config-minfinalcltvexpiry
branch
from
147be43 to
652c45d
Compare
|
Still working on that test coverage, but rebased an pushed some fixes so long. |
Codecov ReportBase: 90.80% // Head: 90.69% // Decreases project coverage by
Additional details and impacted files@@ Coverage Diff @@
## main #1878 +/- ##
==========================================
- Coverage 90.80% 90.69% -0.12%
==========================================
Files 98 97 -1
Lines 51507 50871 -636
Branches 51507 50871 -636
==========================================
- Hits 46770 46135 -635
+ Misses 4737 4736 -1
Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here. ☔ View full report at Codecov. |
|
Let me know when you get the test coverage in place and I'll take another look. In the mean time, we should get another reviewer on this. |
Should have it up in the morning tomorrow. |
|
Oops. This needs to be changed and tested, right?: rust-lightning/lightning/src/ln/channelmanager.rs Line 2075 in 975984f Also, I'm not sure where we ever enforced the |
Yes, indeed, we need to compare against the inbound_payment decoded version and reject the payment.
We dont - we enforce |
Cool. Happy if I squash and rebase after fixing up to get it to a cleaner state for reviewers? There's also no rush on this one since I guess 114 is coming in Q1 so I can jump on more review/dual funding while I wait. |
|
Yes, feel free to squash. There's no specific rush, no, but of course always better to have fewer open PRs :) |
|
Looks like this needs rebase. |
|
Back on this now. Rebased locally, but busy debugging a failing test. |
|
The rebase conflicts were a little intense so had to squash some of the fixups otherwise things would get a little wild here. |
dunxen
force-pushed
the
2022-11-config-minfinalcltvexpiry
branch
2 times, most recently
from
d10f48c to
30772df
Compare
| @@ -882,7 +882,7 @@ pub(super) const CLTV_FAR_FAR_AWAY: u32 = 14 * 24 * 6; | |||
| // Note that we fail if exactly HTLC_FAIL_BACK_BUFFER + 1 was used, so we need to add one for | |||
| // any payments to succeed. Further, we don't want payments to fail if a block was found while | |||
| // a payment was being routed, so we add an extra block to be safe. | |||
| pub const MIN_FINAL_CLTV_EXPIRY_DELTA: u32 = HTLC_FAIL_BACK_BUFFER + 3; | |||
| pub const MIN_FINAL_CLTV_EXPIRY_DELTA: u16 = HTLC_FAIL_BACK_BUFFER as u16 + 3; | |||
There was a problem hiding this comment.
Is it too much hassle to make HTLC_FAIL_BACK_BUFFER a u16?
There was a problem hiding this comment.
Was considering it and reckoned it might blow this PR up, but it would be more sanitary. Will wait for some more feedback on it. 👍
dunxen
force-pushed
the
2022-11-config-minfinalcltvexpiry
branch
from
30772df to
0eb4550
Compare
dunxen
force-pushed
the
2022-11-config-minfinalcltvexpiry
branch
from
0eb4550 to
f180062
Compare
|
Feel free to squash. |
dunxen
force-pushed
the
2022-11-config-minfinalcltvexpiry
branch
from
f180062 to
c2fe4d0
Compare
This matches the spec and helps avoid any confusion around naming. We're also then consistent with `cltv_expiry` in an HTLC being the actual block height value for the CLTV and not a delta.
All utility functions for invoice construction will now also accept an Option<>al `min_final_cltv_expiry_delta` which is useful for things like swaps etc. The `min_final_cltv_expiry_delta` will default back to `MIN_FINAL_CLTV_EXPIRY_DELTA` if `None` is provided.
dunxen
force-pushed
the
2022-11-config-minfinalcltvexpiry
branch
3 times, most recently
from
3a74c8d to
8cd50d8
Compare
|
Feel free to squash |
dunxen
force-pushed
the
2022-11-config-minfinalcltvexpiry
branch
from
8cd50d8 to
6fc348d
Compare
Adds two new payment `Method`s for identifying payments with custom `min_final_cltv_expiry_delta` as payments with LDK or user payment hashes. The `min_final_cltv_expiry_delta` value is packed into the first 2 bytes of the expiry timestamp in the payment secret metadata.
dunxen
force-pushed
the
2022-11-config-minfinalcltvexpiry
branch
from
6fc348d to
5b53670
Compare
| pub(super) fn verify<L: Deref>(payment_hash: PaymentHash, payment_data: &msgs::FinalOnionHopData, highest_seen_timestamp: u64, keys: &ExpandedKey, logger: &L) -> Result<Option<PaymentPreimage>, ()> | ||
| pub(super) fn verify<L: Deref>(payment_hash: PaymentHash, payment_data: &msgs::FinalOnionHopData, | ||
| highest_seen_timestamp: u64, keys: &ExpandedKey, logger: &L) -> Result< | ||
| (Option<PaymentPreimage>, Option<u16>), ()> |
There was a problem hiding this comment.
Nit: this wrapping is not consistent
| @@ -362,13 +392,18 @@ fn _create_invoice_from_channelmanager_and_duration_since_epoch<M: Deref, T: Der | |||
| R::Target: Router, | |||
| L::Target: Logger, | |||
| { | |||
| if min_final_cltv_expiry_delta.is_some() && min_final_cltv_expiry_delta.unwrap().saturating_add(3) < MIN_FINAL_CLTV_EXPIRY_DELTA { | |||
There was a problem hiding this comment.
nit: this check is redundant
There was a problem hiding this comment.
I don't think so, the others are part of a different flow.
0.0.114 - Mar 3, 2023 - "Faster Async BOLT12 Retries" API Updates =========== * `InvoicePayer` has been removed and its features moved directly into `ChannelManager`. As such it now requires a simplified `Router` and supports `send_payment_with_retry` (and friends). `ChannelManager::retry_payment` was removed in favor of the automated retries. Invoice payment utilities in `lightning-invoice` now call the new code (lightningdevkit#1812, lightningdevkit#1916, lightningdevkit#1929, lightningdevkit#2007, etc). * `Sign`/`BaseSign` has been renamed `ChannelSigner`, with `EcdsaChannelSigner` split out in anticipation of future schnorr/taproot support (lightningdevkit#1967). * The catch-all `KeysInterface` was split into `EntropySource`, `NodeSigner`, and `SignerProvider`. `KeysManager` implements all three (lightningdevkit#1910, lightningdevkit#1930). * `KeysInterface::get_node_secret` is now `KeysManager::get_node_secret_key` and is no longer required for external signers (lightningdevkit#1951, lightningdevkit#2070). * A `lightning-transaction-sync` crate has been added which implements keeping LDK in sync with the chain via an esplora server (lightningdevkit#1870). Note that it can only be used on nodes that *never* ran a previous version of LDK. * `Score` is updated in `BackgroundProcessor` instead of via `Router` (lightningdevkit#1996). * `ChainAccess::get_utxo` (now `UtxoAccess`) can now be resolved async (lightningdevkit#1980). * BOLT12 `Offer`, `InvoiceRequest`, `Invoice` and `Refund` structs as well as associated builders have been added. Such invoices cannot yet be paid due to missing support for blinded path payments (lightningdevkit#1927, lightningdevkit#1908, lightningdevkit#1926). * A `lightning-custom-message` crate has been added to make combining multiple custom messages into one enum/handler easier (lightningdevkit#1832). * `Event::PaymentPathFailure` is now generated for failure to send an HTLC over the first hop on our local channel (lightningdevkit#2014, lightningdevkit#2043). * `lightning-net-tokio` no longer requires an `Arc` on `PeerManager` (lightningdevkit#1968). * `ChannelManager::list_recent_payments` was added (lightningdevkit#1873). * `lightning-background-processor` `std` is now optional in async mode (lightningdevkit#1962). * `create_phantom_invoice` can now be used in `no-std` (lightningdevkit#1985). * The required final CLTV delta on inbound payments is now configurable (lightningdevkit#1878) * bitcoind RPC error code and message are now surfaced in `block-sync` (lightningdevkit#2057). * Get `historical_estimated_channel_liquidity_probabilities` was added (lightningdevkit#1961). * `ChannelManager::fail_htlc_backwards_with_reason` was added (lightningdevkit#1948). * Macros which implement serialization using TLVs or straight writing of struct fields are now public (lightningdevkit#1823, lightningdevkit#1976, lightningdevkit#1977). Backwards Compatibility ======================= * Any inbound payments with a custom final CLTV delta will be rejected by LDK if you downgrade prior to receipt (lightningdevkit#1878). * `Event::PaymentPathFailed::network_update` will always be `None` if an 0.0.114-generated event is read by a prior version of LDK (lightningdevkit#2043). * `Event::PaymentPathFailed::all_paths_removed` will always be false if an 0.0.114-generated event is read by a prior version of LDK. Users who rely on it to determine payment retries should migrate to `Event::PaymentFailed`, in a separate release prior to upgrading to LDK 0.0.114 if downgrading is supported (lightningdevkit#2043). Performance Improvements ======================== * Channel data is now stored per-peer and channel updates across multiple peers can be operated on simultaneously (lightningdevkit#1507). * Routefinding is roughly 1.5x faster (lightningdevkit#1799). * Deserializing a `NetworkGraph` is roughly 6x faster (lightningdevkit#2016). * Memory usage for a `NetworkGraph` has been reduced substantially (lightningdevkit#2040). * `KeysInterface::get_secure_random_bytes` is roughly 200x faster (lightningdevkit#1974). Bug Fixes ========= * Fixed a bug where a delay in processing a `PaymentSent` event longer than the time taken to persist a `ChannelMonitor` update, when occurring immediately prior to a crash, may result in the `PaymentSent` event being lost (lightningdevkit#2048). * Fixed spurious rejections of rapid gossip sync data when the graph has been updated by other means between gossip syncs (lightningdevkit#2046). * Fixed a panic in `KeysManager` when the high bit of `starting_time_nanos` is set (lightningdevkit#1935). * Resolved an issue where the `ChannelManager::get_persistable_update_future` future would fail to wake until a second notification occurs (lightningdevkit#2064). * Resolved a memory leak when using `ChannelManager::send_probe` (lightningdevkit#2037). * Fixed a deadlock on some platforms at least when using async `ChannelMonitor` updating (lightningdevkit#2006). * Removed debug-only assertions which were reachable in threaded code (lightningdevkit#1964). * In some cases when payment sending fails on our local channel retries no longer take the same path and thus never succeed (lightningdevkit#2014). * Retries for spontaneous payments have been fixed (lightningdevkit#2002). * Return an `Err` if `lightning-persister` fails to read the directory listing rather than panicing (lightningdevkit#1943). * `peer_disconnected` will now never be called without `peer_connected` (lightningdevkit#2035) Security ======== 0.0.114 fixes several denial-of-service vulnerabilities which are reachable from untrusted input from channel counterparties or in deployments accepting inbound connections or channels. It also fixes a denial-of-service vulnerability in rare cases in the route finding logic. * The number of pending un-funded channels as well as peers without funded channels is now limited to avoid denial of service (lightningdevkit#1988). * A second `channel_ready` message received immediately after the first could lead to a spurious panic (lightningdevkit#2071). This issue was introduced with 0conf support in LDK 0.0.107. * A division-by-zero issue was fixed in the `ProbabilisticScorer` if the amount being sent (including previous-hop fees) is equal to a channel's capacity while walking the graph (lightningdevkit#2072). The division-by-zero was introduced with historical data tracking in LDK 0.0.112. In total, this release features 130 files changed, 21457 insertions, 10113 deletions in 343 commits from 18 authors, in alphabetical order: * Alec Chen * Allan Douglas R. de Oliveira * Andrei * Arik Sosman * Daniel Granhão * Duncan Dean * Elias Rohrer * Jeffrey Czyz * John Cantrell * Kurtsley * Matt Corallo * Max Fang * Omer Yacine * Valentine Wallace * Viktor Tigerström * Wilmer Paulino * benthecarman * jurvis
Adds two new payment
Methods for identifying payments with custommin_final_cltv_expiry_deltaas payments with LDK or user paymenthashes.
The
min_final_cltv_expiry_deltavalue is packed into the metadatabytes of the payment secret, taking up 12 bits.
Fixes #1850