When in neutrino mode, it seems that the node is not closed during the cleanup, so if a block is received between the time the DB is closed and the server is closed (or if the process is still running after the server is shutdown like on a mobile app), the code panic's and crashes with:
panic: unable to write block header: database not open
goroutine 41 [running]:
github.com/lightningnetwork/lnd/vendor/github.com/lightninglabs/neutrino.(*blockManager).handleHeadersMsg(0x9a1ec0a0, 0x9a3e6030)
/ext-go/1/src/github.com/lightningnetwork/lnd/vendor/github.com/lightninglabs/neutrino/blockmanager.go:1164 +0x2224
github.com/lightningnetwork/lnd/vendor/github.com/lightninglabs/neutrino.(*blockManager).blockHandler(0x9a1ec0a0)
/ext-go/1/src/github.com/lightningnetwork/lnd/vendor/github.com/lightninglabs/neutrino/blockmanager.go:347 +0x3b4
created by github.com/lightningnetwork/lnd/vendor/github.com/lightninglabs/neutrino.(*blockManager).Start
/ext-go/1/src/github.com/lightningnetwork/lnd/vendor/github.com/lightninglabs/neutrino/blockmanager.go:200 +0xe8
Here's a log of shutdown before the change:
[INF] LTND: Gracefully shutting down the server...
[INF] FNDG: Funding manager shutting down
[INF] SPHX: Block epoch canceled, decaying hash log shutting down
[INF] CRTR: Channel Router shutting down
[INF] CRTR: FilteredChainView stopping
[INF] HSWC: HTLC Switch shutting down
[INF] UTXN: UTXO nursery shutting down
[INF] BRAR: Breach arbiter shutting down
[INF] DISC: Authenticated Gossiper is stopping
[INF] CNCT: Stopping ChainArbitrator
[INF] LTND: Shutdown complete
And here's a log of shutdown after the change:
[INF] LTND: Gracefully shutting down the server...
[INF] FNDG: Funding manager shutting down
[INF] SPHX: Block epoch canceled, decaying hash log shutting down
[INF] CRTR: Channel Router shutting down
[INF] CRTR: FilteredChainView stopping
[INF] HSWC: HTLC Switch shutting down
[INF] UTXN: UTXO nursery shutting down
[INF] BRAR: Breach arbiter shutting down
[INF] DISC: Authenticated Gossiper is stopping
[INF] CNCT: Stopping ChainArbitrator
[INF] LTND: Shutdown complete
[INF] BTCN: Block manager shutting down
[INF] BTCN: Address manager shutting down
This commit moves the call to the bitcoind backend to start watching an
outpoint for spentness to after we have recorded the outpoint in our
list of clients. This is done to avoid a race that we saw using the btcd
backend, and it is probable that it can also happen using bitcoind.
This commit moves the call to the btcd backend to start watching an
outpoint for spentness to after we have recorded the outpoint in our
list of clients. This is done to avoid a race that could occur if btcd
quicly sent a spend notification before we had been able to record it in
our map, essentially losing it.
In this commit, we add an additional check within CreateCommitTx to
ensure that we will never create or accept a commitment transaction that
wasn't valid by consensus. To enforce this check, we use the
blockchain.CheckTransactionSanity method.
This commit is a follow up to the prior commit which fixed a rounding
error bug in lnwallet. For uniformity, we also fix other occurrences in
the breach arbiter, as well as the integration tests.
In this commit, we fix an existing rounding related bug in the codebase.
The RPC interface for btcd and bitcoind return values in BTC rather than
in satoshis. So in several places, we're forced to convert ourselves
manually. The existing logic attempted to do this, but didn't properly
account for rounding. As a result, our values can be off due to not
rounding incorrectly.
The fix for this is easy: simply properly use btcutil.NewAmount
everywhere which does rounding properly.
Fixes#939.
In this commit, we update our set of dependencies to a new version of
our zmq lib that implements automatic reconnection. With this change,
bitcoind users will have a more robust experience, as if the connection
is dropped, we'll reconnect automatically.
Fixes#875.
Fixes#871.
Fixes#857.
Fixed formatting for autopilot config params, as well as added check for
`MaxChannels` param which was presumably a mistaken copypaste from the
`MaxChannelSize' param.
In this commit, we add a new node to the current default test graph
that we use for our path finding tests. This new node connects roasbeef
to sophon via a new route with very high fees. With this new node and
the two channels it adds, we can properly test that we’ll route around
failures that we run into during payment routing.
In this commit, we add vertex pruning for any non-final CLTV error.
Before this commit, we assumed that any source of this error was due to
the local node setting the incorrect time lock. However, it’s been
recently noticed on main net that there’re a set of nodes that seem to
not be properly scanned to the chain. Without this patch, users aren’t
able to route successfully as atm, we’ll stop all path finding attempts
if we encounter this.
In this commit, we fix a minor deviation in our implementation from the
specification. Before if we encountered an unknown error type, we would
disconnect the peer. Instead, we’ll now just continue along parsing the
remainder of the messages. This was flared up recently by some
c-lightning related incompatibilities that emerged on main net.
This commit fixes a broadcast loop within the breach arbiter, that would
occur when HTLC outputs had been taken to the second level. The breach
arbiter would register for a spend event, but would immediately go on to
create and publish the justice, without waiting for the response to be
received on the spend channel. This lead to a race, where the outpoint
could actually already have been spent, but the notification would
arrive after the breach arbiter checked the channel, and publishing the
justice TX would fail because it was a double spend. This would create a
"broadcast loop", as seen in the logs from the integration test
revoked_uncooperative_close_retribution_remote_hodl.
This is fixed by reusing an existing spend event for the outputs,
meaning we will actually receive on the first channel we initiated,
making the broadcast loop more likely to terminate.
This commit adds a check that will make LightningChannel reject a
received commitment if it is accompanied with too many HTLC signatures.
This enforces the requirement in BOLT-2, saying:
if num_htlcs is not equal to the number of HTLC outputs in the local commitment transaction:
* MUST fail the channel.
A test exercising the behaviour is added.
This commit fixes an issue which would arise in some cases when the
local and remote dust limits would differ, resulting in lnd not
producing the expected number of HTLC signatures. This was a result of
checking dust against the local instead of the remote dust limit.
A test exercising the scenario is added.
This commit fixes an issue where we would blindly accept a commitment
which came without any accompanying HTLC signatures. A test exercising
the scenario is added.
This commit fixes an out of bounds error that would occur in the case
where we received a new commitment where the accompanying HTLC sigs were
too few. Now we'll just reject such an commitment.
A test exercising the behavior is also added.
In this commit, we address a number of edge cases that were unaccounted
for when responding to errors that can be sent back due to an HTLC
routing failure. Namely:
* We’ll no longer stop payment attempts if we’re unable to apply a
channel update, instead, we’ll log the error, prune the channel and
continue.
* We’ll no remember which channels were pruned due to insufficient
fee errors. If we ever get a repeat fee error from a channel, then we
prune it. This ensure that we don’t get stuck in a loop due to a node
continually advertising the same fees.
* We also correct an error in which node we’d prune due to a
temporary or permanent node failure. Before this commit, we would prune
the next node, when we should actually be pruning the node that sent us
the error.
Finally, we also add a new test to exercise the fee insufficient error
handling and channel pruning.
Fixes#865.
In this commit, we add a new field to the LightningPayment struct:
PayAttemptTimeout. This new field allows the caller to control exactly
how much time should be spent attempting to route a payment to the
destination. The default value we’ll use is 60 seconds, but callers are
able to specify a diff value. Once the timeout has passed, we’ll
abandon th e payment attempt, and return an error back to the original
caller.
In this commit, we wrap up the prior ones and introduce config
settings, as well as proper generation for a new invoice-only macaroon.
All prior invoice path rules are also properly enforced of this new
invoice.macaroon.
In this commit, we modify the existing invoice RPC macaroon permissions
to target a more specific entity: “invoices”. As a result of this
commit, once node operators update, they’ll need to regenerate their
readonly.macaroon as it now needs this additional entity encoded within
it.