Commit Graph

4637 Commits

Author SHA1 Message Date
Olaoluwa Osuntokun
1e39cfc65f
Merge pull request #1364 from halseth/data-loss-protect
Data loss protection
2018-07-31 20:53:42 -07:00
Olaoluwa Osuntokun
639beb96ec
Merge pull request #1659 from cfromknecht/link-suppress-batch-ticker
htlcswitch/link: conditional batch ticker
2018-07-31 20:52:35 -07:00
Johan T. Halseth
afccca59c4
lnd_test: add testDataLossProtection
This commit adds the integration test testDataLossProtection, that
ensures that when a node loses state, the channel counterparty will
force close the channel, and they both can recover their funds.
2018-07-31 15:16:24 +02:00
Johan T. Halseth
00154bda24
contractcourt/chain_watcher: attempt dispatchRemoteClose using data loss commitPoint
This commit makes the chainwatcher attempt to dispatch a remote close
when it detects a remote state with a state number higher than our
known remote state. This can mean that we lost some state, and we check
the database for (hopefully) a data loss commit point retrieved during
channel sync with the remote peer. If this commit point is found in the
database we use it to try to recover our funds from the commitment.
2018-07-31 15:16:24 +02:00
Johan T. Halseth
ebed786b2a
htlcswitch/link: inspect sync errors, force close channel
This commit makes the link inspect the error encountered during channel
sync, force closing the channel if we detect a remote data loss.
2018-07-31 15:16:23 +02:00
Johan T. Halseth
410b730778
lnwallet/channel test: add TestChanSyncFailure 2018-07-31 15:16:23 +02:00
Johan T. Halseth
78a4a15bb4
lnwallet/channel: check validity of received commitPoint
This commit adds a check for the LocalUnrevokedCommitPoint sent to us by
the remote during channel reestablishment, ensuring it is the same point
as they have previously sent us.
2018-07-31 15:16:23 +02:00
Johan T. Halseth
a2f2d28d0b
lnwallet/channel: enumerate error cases from remote chain desync
This commit enumerates the various error cases we can encounter when we
compare our remote commit chain to the view the remote communicates to us
via msg.NextLocalCommitHeight.

We now compare this height to our remote tail and tip height, returning
relevant error in case of a unrecoverable desync, and re-send a
commitment signature (including log updates) in case we owe one.
2018-07-31 15:16:23 +02:00
Johan T. Halseth
f1757d6da4
lnwallet/channel: enumerate error cases from local chain desync
This commit enumerates the various error cases we can encounter when we
compare our local commit chain to the view the remote communicates to us
via msg.RemoteCommitTailHeight.

We now compare this height to our local tail height (note that there's
never a local "tip" at this point), returning relevant error in case of
a unrecoverable desync, and re-send a revocation in case we owe one.
2018-07-31 15:16:23 +02:00
Johan T. Halseth
7fb3be84df
lnwallet/channel test: rename ErrCommitSyncDataLoss->ErrCommitSyncLocalDataLoss 2018-07-31 15:16:23 +02:00
Johan T. Halseth
48f1458ae5
lnwallet/channel: define channel sync errors
This commit defines a few new errors that we can potentially encounter
during channel reestablishment:
* ErrInvalidLocalUnrevokedCommitPoint
* ErrCommitSyncLocalDataLoss
* ErrCommitSyncRemoteDataLoss

in addition to the already defined errors
* ErrInvalidLastCommitSecret
* ErrCannotSyncCommitChains
2018-07-31 15:16:23 +02:00
Johan T. Halseth
3825ca71dd
lnwallet/channel: reduce scope of commitSecretCorrect 2018-07-31 15:16:22 +02:00
Johan T. Halseth
6cdf0e2d6e
channeldb/channel: methods for marking borked+dataloss commitPoint in db 2018-07-31 15:16:22 +02:00
Johan T. Halseth
ea6aca26a5
channeldb: make chanStatus unexported
Since the ChanStatus field can be changed from concurrent callers, we
make it unexported and add the method ChanStatus() for safe retrieval.
2018-07-31 15:07:30 +02:00
Johan T. Halseth
eed052eba5
lnwallet/channel: extract local balance from spend instead of stored commit 2018-07-31 08:27:03 +02:00
Johan T. Halseth
2626bba105
contractcourt/chain_watcher: use commitPoint directly instead of isPendingCommit 2018-07-31 08:27:03 +02:00
Johan T. Halseth
d9e9b6197c
lnwallet/channel test: take commitPoint in NewUnilateralCloseSummary 2018-07-31 08:27:03 +02:00
Johan T. Halseth
06ceba429f
lnwallet/channel: make NewUnilateralCloseSummary take commitPoint 2018-07-31 08:27:03 +02:00
Johan T. Halseth
f8751350bc
lnd_test: set --nolisten for node being cheated
In this commit we modify the integration tests slightly, by setting the
parties that gets breached during the breach tests to --nolisten. We do
this to ensure that once the data protection logic is in place, they
nodes won't automatically connect, detect the state desync and recover
before we are able to trigger the breach.
2018-07-31 08:27:03 +02:00
Johan T. Halseth
22e21da370
htlcswitch tests: add missing OnChannelFailure to test link configs 2018-07-31 08:27:03 +02:00
Johan T. Halseth
c48ecb85f6
Merge pull request #1657 from cfromknecht/resend-ann-copy-key
discovery/gossiper: copy bolt key to prevent panic
2018-07-31 08:26:23 +02:00
Conner Fromknecht
0efe5ca49d
peer: only pass duration to htlcswitch.NewBatchTicker 2018-07-30 22:33:37 -07:00
Conner Fromknecht
3ed2241a94
htlcswitch/link_test: only pass duration to NewBatchTicker 2018-07-30 22:33:37 -07:00
Conner Fromknecht
5af19bb2b4
htlcswitch/link: reusable BatchTicker
This commit modifies the default BatchTicker
implementation such that it will generate a
new ticker with each call to Start(). This
allows us to create a new ticker after
releasing an old one due to the batch
being empty.
2018-07-30 22:33:37 -07:00
Conner Fromknecht
bd9a6bd625
htlcswitch/link: conditional batch ticker
In this commit, we prevent the htlcManager from
being woken up by the batchTicker when there is no
work to be done. Profiling has shown a significant
portion of CPU time idling, since the batch ticker
endlessly demands resources. We resolve this by only
selecting on the batch ticker when we have a
non-empty batch of downstream packets from the
switch.
2018-07-30 21:44:49 -07:00
Conner Fromknecht
54c4b09f87
discovery/gossiper: copy bolt key to prevent panic
Corrects an instance that holds a reference to a boltdb
byte slice after returning from the transaction. This
can cause panics under certain conditions, which is
avoided by creating a copy of the key.
2018-07-30 18:30:19 -07:00
Olaoluwa Osuntokun
2e6e2a06c1
Merge pull request #1655 from Roasbeef/send-to-route-defense
routing: ensure generateSphinxPacket can handle being passed empty set of routes
2018-07-30 18:56:57 -04:00
Olaoluwa Osuntokun
a6c814010c
routing: exit gracefully if generateSphinxPacket is passed a nil set of hops 2018-07-30 13:41:06 -07:00
Olaoluwa Osuntokun
c903a9a711
routing: add new TestEmptyRoutesGenerateSphinxPacket test 2018-07-30 13:40:25 -07:00
Olaoluwa Osuntokun
205a32380a
Merge pull request #1582 from halseth/lnd-test-assert-waiting-close
[integration tests] assert waiting close also for force closes
2018-07-30 14:51:43 -04:00
Olaoluwa Osuntokun
804598057d
Merge pull request #1643 from cfromknecht/fail-expiry-too-soon
[htlcswitch/link] use FailFinalExpiryTooSoon as exit hop
2018-07-29 23:05:35 -04:00
Conner Fromknecht
d76bacee0e
htlcswitch/link: send FailFinalExpiryTooSoon from exit hop
This commit corrects our exit hop logic to return
FailFinalExpiryTooSoon if the following check is true:
   pd.Timeout-expiryGraceDelta <= heightNow

Previously we returned FailFinalIncorrectCltvExpiry, which
should only be returned if the packet was misconstructed.
2018-07-27 15:52:09 -07:00
Conner Fromknecht
982a09ac60
htlcswitch/link_test: check for FailFinalExpiryTooSoon 2018-07-27 15:50:00 -07:00
Johan T. Halseth
92b0b10dc7
Merge pull request #1613 from halseth/rpctest-increase-timeout
make: if timeout not set, use 20m instead of default 10m
2018-07-26 21:52:13 +02:00
Johan T. Halseth
44982ea98d
make: if timeout not set, use 20m instead of default 10m
go test's default timeout is 10m, which is no longer enough during
integration tests. This commit increases it to 20m.
2018-07-26 13:29:23 +02:00
Johan T. Halseth
45a1fa54d8
lnd_test: check close status also for force closes
This commit makes sure the channels that are force closed also are put
into the state "waiting close" before the commitment transaction is
confirmed, and exits this state when it confirms.

This was previously not checked, as this check was added before the
"waiting close" state was introduced.
2018-07-26 09:18:42 +02:00
Johan T. Halseth
f73a2f362e
lnd_test: correct that Bob can sweep immediately
This commit fixes a flake within the integration tests, where we would
mine a set of blocks before checking if Bob's sweep tx was in the
mempool. Usually this would pass since the blocks were generated before
the tx hit the miner's mempool, but sometimes it was mined and then we
would check the mempool.

This commit fixes this by correctly waiting immediately for Bob to sweep
his funds, as they are not time locked.
2018-07-26 09:18:42 +02:00
Olaoluwa Osuntokun
098cd940e3
Merge pull request #1622 from cfromknecht/hide-hodl-config-production
Hide hodl config production
2018-07-25 20:33:16 -07:00
Olaoluwa Osuntokun
b8c3987fd7
Merge pull request #1618 from cfromknecht/resolver-subscribe-order
contractcourt/contract_resolvers: fix subscribe preimage race
2018-07-25 20:29:14 -07:00
Stefan Menzel
e776a06cfb rpc: disallow a negative invoice amount in AddInvoice 2018-07-25 20:11:46 -07:00
Olaoluwa Osuntokun
8cd6eebadc
Merge pull request #1617 from cfromknecht/to-local-script-size
lnwallet/size: correct commit to-local and 2nd stage script/witness sizes
2018-07-25 17:16:15 -07:00
Conner Fromknecht
a5e841c6b7
htlcswitch/hodl/config_production: hide cli hodl flags in prod
This commit replaces the debug Config struct with an empty
one, so that the command line flags are hidden in production
builds.

Production help before commit:

Tor:
      --tor.active
      --tor.socks=
      --tor.dns=
      --tor.streamisolation
      --tor.control=
      --tor.v2
      --tor.v2privatekeypath=
      --tor.v3

hodl:
      --hodl.exit-settle
      --hodl.add-incoming
      --hodl.settle-incoming
      --hodl.fail-incoming
      --hodl.add-outgoing
      --hodl.settle-outgoing
      --hodl.fail-outgoing
      --hodl.commit
      --hodl.bogus-settle

Help Options:
  -h, --help

Production help after commit:

Tor:
      --tor.active
      --tor.socks=
      --tor.dns=
      --tor.streamisolation
      --tor.control=
      --tor.v2
      --tor.v2privatekeypath=
      --tor.v3

Help Options:
  -h, --help
2018-07-25 03:33:36 -07:00
Conner Fromknecht
0df2bcd18c
htlcswitch/hodl/config_debug: only expose hodl flags in debug
This commit places hodl command line flags behind the debug flag,
so that they're only accessible during testing builds.
2018-07-25 03:30:12 -07:00
Conner Fromknecht
aa6e5bdd2a
contractcourt/contract_resolvers: fix subscribe preimage race
This commit fixes a potential race condition within the
IncomingContestResolver, that could cause us to miss a
preimage that was delivered in time.

Currently we query the db for the preimage, and then
subscribe for notifications. This permits the following
ordering of events:
 - query for preimage, returns nothing
 - preimage is added and delivered to subscribers
 - subscribe to preimages
 - preimage never comes through!!

We fix this by reordering to subscribe for preimages and
then query just in case it already exists. The effect is
that the query will always return a valid read of the
preimages that are currently queued for delivery.
2018-07-25 03:15:51 -07:00
Conner Fromknecht
d41d63a409
breacharbiter: use ToLocalPenaltyWitnessSize for stage 2 htlcs 2018-07-24 22:53:17 -07:00
Conner Fromknecht
381579477c
utxonursery: use symmetric second level htlc witness size
This commit switches over the estimates for htlc success/timeout
witness sizes to use a symmetric variable, highlighting their
equivalence in size.
2018-07-24 22:53:17 -07:00
Conner Fromknecht
ee2f2573c1
lnwallet/size: correct commit to-local and 2nd stage script sizes
In this commit, we correct our size estimates for to-local scripts,
which are used on the commitment transaction and the htlc
success/timeout transactions. There have been observed cases of
transactions getting stuck because our estimates were too low, and cause
the transactions to not be relayed.

Our previous estimate for the commitment to-local script was derived
from an older version of the script. Though the estimate is greater than
the actual size, this has been updated with the current estimate of 79
bytes.

This estimates makes the assumption that CSV delays will be at most
4 bytes when serialized. Since this value is expressed in relative block
heights, this should be more than sufficient for our needs, even though
the maximum possible size for the little-endian int64 is 9 bytes (plus
an OP_DATA).

The other correction is to use the ToLocalScriptSize as our estimate for
htlc timeout/success scripts, as they are the same script. Previously,
our estimate was derived from the proper script, though we were 6 bytes
shy of the new to-local estimate, since we counted the csv_delay as 1
byte, and missed some other OP_DATAs.

All derived estimates have been updating depending on the new and
improved ToLocalScriptSize estimate, and fix some estimates that did not
include the witness length in the estimate.

Finally, we correct some weight miscalculations in:
 - AcceptedHtlcTimeoutWitnessSize: missing data push lengths
 - OfferedHtlcSuccessWitnessSize: extra 73 byte sig, missing data push lengths
 - OfferedHtlcPenaltyWitnessSize: missing 33 byte pubkey
2018-07-24 22:53:13 -07:00
Olaoluwa Osuntokun
e0baa49690
Merge pull request #1387 from wpaulino/send-disable-chan-update
multi: send a channel update with disabled flag set on channel close
2018-07-23 17:46:37 -07:00
Olaoluwa Osuntokun
2eeced5f5e
Merge pull request #1531 from halseth/only-vonfirmed-spends
Only act on confirmed spends
2018-07-23 17:36:09 -07:00
Olaoluwa Osuntokun
ef56f76200
routing: demote channel update logging to trace 2018-07-23 17:01:39 -07:00