Commit Graph

10339 Commits

Author SHA1 Message Date
Oliver Gugger
8988a01d7e
lnd+rpcserver: allow external subservers to specify macaroon validator
Give the external subservers the possibility to also use their own
validator to check any macaroons attached to calls to their registered
gRPC URIs.
This allows them to have their own root key ID database and permission
entities.
2020-09-10 10:24:10 +02:00
Oliver Gugger
c3227057f4
macaroons: allow external validators to be registered
When external subservers register themselves to be served through the
same gRPC interface as the main lnd RPC, their requests are also
intercepted by the main lnd macaroon interceptor.
If the external subservers want to use their own macaroons that are
independent of lnd's, they need a way to overwrite the default validator
of the macaroon interceptor. We add this mechanism with the concept of
external validators.
2020-09-10 10:24:09 +02:00
Oliver Gugger
d4c4cf01f0
lnd+macaroons: specify location when creating macaroon service
To allow the macaroon service to be used in other projects, we want the
location to be passed in as a parameter instead of being hard coded.
2020-09-10 10:24:08 +02:00
Dan Janosik
52c7a1519f
docs: fix "tor.active" item in sample-lnd.conf
When starting up with lnd.conf that contains the sample line
"tor.active", lnd crashes and prints the error:

malformed key=value (tor.active)

Using "tor.active=true" instead works as expected.
2020-09-09 16:27:57 -04:00
Oliver Gugger
8668248d96
Merge pull request #4310 from guggero/lncli-profiles
lncli: add profiles for easy multi-node management
2020-09-09 09:00:27 +02:00
Joost Jager
bbfeeec8b1
routing: add proportional attempt cost 2020-09-08 15:47:08 +02:00
Joost Jager
60a22ff09d
routing/test: parametrize test amount 2020-09-08 15:28:49 +02:00
carla
e2c0604657
multi: add flap count and last flap time to listpeers 2020-09-08 15:01:06 +02:00
carla
6cf66aea47
chanfitness: cool down flap count for rate limiting
Since we store all-time flap count for a peer, we add a cooldown factor
which will discount poor flap counts in the past. This is only applied
to peers that have not flapped for at least a cooldown period, so that
we do not downgrade our rate limiting for badly behaved peers.
2020-09-08 15:01:02 +02:00
Joost Jager
17a6175e8b
routing+routerrpc: rename PaymentAttemptPenalty to AttemptCost
Make field names consistent with the command line flag.
2020-09-08 14:07:56 +02:00
carla
a550ca3d64
multi: store peer flap rate on disk on best effort basis
Since we will use peer flap rate to determine how we rate limit, we
store this value on disk per peer per channel. This allows us to
restart with memory of our peers past behaviour, so we don't give badly
behaving peers have a fresh start on restart. Last flap timestamp is
stored with our flap count so that we can degrade this all time flap
count over time for peers that have not recently flapped.
2020-09-08 13:49:46 +02:00
carla
70bca1f350
chanfitness: add flap count based rate limiting
To prevent flapping peers from endlessly dos-ing us with online and
offline events, we rate limit the number of events we will store per
period using their flap rate to determine how often we will add their
events to our in memory list of online events.

Since we are tracking online events, we need to track the aggregate
change over the rate limited period, otherwise we will lose track of
a peer's current state. For example, if we store an online event, then
do not store the subsequent offline event, we will believe that the
peer is online when they actually aren't. To address this, we "stage"
a single event which keeps track of all the events that occurred while
we were rate limiting the peer. At the end of the rate limting period,
we will store the last state for that peer, thereby ensureing that
we maintain our record of their most recent state.
2020-09-08 13:47:20 +02:00
carla
8b09b2d716
chanfitness: record timestamped flap count for peers
In preparation for storing our flap count on disk, we start tracking
flap count per-peer.
2020-09-08 13:47:19 +02:00
carla
e05b4a8e2e
chanfitness: refactor to store channels by peer
When dealing with online events, we actually need to track our events
by peer, not by channel. All we need to track channels is to have a
set of online events for a peer which at least contain those events.
This change refactors chanfitness to track by peer.
2020-09-08 13:47:18 +02:00
carla
10f9ba952e
chanfitness: unify requests to store in single chan info struct
We currently query the store for uptime and lifespan individually. As
we add more fields, we will need to add more queries with this design.
This change combines requests into a single channel infor request so
that we do not need to add unnecessary boilerplate going forward.
2020-09-08 13:47:17 +02:00
carla
7930ef7cf4
chanfitness: make online period calculation tolerant of duplicates
To get our uptime, we first filter our event log to get online periods.
This change updates this code to be tolerant of consecutive online or
offline events in the log. This will be required for rate limiting,
because we will not record every event for anti-dos reasons, so we could
record an online event, ignore an offline event and then record another
offline event. We could just ignore this duplicate event, but we will
also need this tolerance for when we persist uptime and our peers
can have their last event before restart as an online event and record
another online event when we come back up.
2020-09-08 13:47:16 +02:00
carla
c33d0aad46
chanfitness/test: switchover to testify 2020-09-08 13:47:15 +02:00
carla
94accfb69d
chanfitness: pass clock in to chaneventstore for testing 2020-09-08 13:47:15 +02:00
carla
7afd113b9f
chanfitness: add test context for better testing
As we add more elements to the chanfitness subsystem, we will require
more complex testing. The current tests are built around the inability
to mock subscriptions, which is remedied by addition of our own mock.
This context allows us to run the full store in a test, rather than
having to manually spin up the main goroutine. Mocking our subscriptions
is required so that we can block our subscribe updates on consumption,
using the real package provides us with no guarantee that the client
receives the update before shutdown, which produces test flakes.

This change also makes a move towards separating out the testing of our
event store from testing the underlying event logs to prepare for
further refactoring.
2020-09-08 13:47:14 +02:00
carla
3aa008ab04
multi: add interface for subscribe client so it can be mocked
The current implementation of subscribe is difficult to mock because
the queue that we send updates on in unexported, so you cannot create
a subscribe.Client object and then add your own updates. While it is
possible to run a subscribe server in tests, subscribe servers will
shutdown before dispatching their udpates to all clients, which can be
flakey (and is difficult to workaround). In this commit, we add a
subscription interface so that these testing struggles can be addressed
with a mock.
2020-09-08 13:47:13 +02:00
carla
25b0c40d05
chanfitness: fix line wrapping
Original PR was written with 4 spaces instead of 8, do a once off fix
here rather than fixing bit-by bit in the subsequent commits and
cluttering them for review.
2020-09-08 13:47:12 +02:00
Olaoluwa Osuntokun
751b02361e
Merge pull request #4600 from guggero/master-version
build: bump version of master branch to v0.11.99-beta
2020-09-07 12:43:12 -07:00
Oliver Gugger
d792a8ef61
lncli: use readPassword function everywhere 2020-09-07 15:55:05 +02:00
Oliver Gugger
070cfb804f
lncli: use profiles 2020-09-07 15:55:04 +02:00
Oliver Gugger
a2721a15a8
lncli: use CleanAndExpandPath from lncfg 2020-09-07 15:55:04 +02:00
Oliver Gugger
10f73b3b91
lncli: add new profile commands
We add a new 'profile' sub command to lncli to manage pre-defined
configuration profiles for all of lncli's CLI flags.
2020-09-07 15:55:04 +02:00
Oliver Gugger
e2c14edd7b
lncli: add struct to hold profile configuration
A profile file can contain multiple profile entries. Each
entry has a name, a set of default options to use and an optional list
of macaroons in a jar. The profile file can be
serialized/deserialized to and from JSON.
2020-09-07 15:23:17 +02:00
Oliver Gugger
c34732af3d
lncli: add encrypted macaroon jar
With this commit we add a simple macaroon jar that can encrypt its
content with a user-provided password when being serialized to JSON.
2020-09-07 15:23:12 +02:00
Oliver Gugger
907c744189
build: bump version of master branch to v0.11.99-beta 2020-09-07 15:06:07 +02:00
Olaoluwa Osuntokun
16d564e2b8
Merge pull request #4596 from guggero/router-fix
routerrpc: pass in probability source
2020-09-04 12:28:55 -07:00
Oliver Gugger
d33f87493e
routerrpc: pass in probability source 2020-09-04 16:39:52 +02:00
Oliver Gugger
b4bf4b2906
Merge pull request #4463 from guggero/macaroon-custom-permissions
Advanced macaroons 1/2: Custom URI permissions
2020-09-04 11:42:42 +02:00
Oliver Gugger
4996b28dab
lnrpc+lncli: add command to print macaroon 2020-09-04 09:50:42 +02:00
Oliver Gugger
3ce7f72cd4
lncli: add new listpermissions command 2020-09-04 09:50:41 +02:00
Oliver Gugger
830ce163c6
lncli: add new URI permissions to bakemacaroon 2020-09-04 09:50:41 +02:00
Oliver Gugger
295bd44fea
itest: test custom permissions 2020-09-04 09:50:41 +02:00
Oliver Gugger
decd2d975c
itest: parallelize test steps 2020-09-04 09:50:40 +02:00
Oliver Gugger
9862ee7cd6
itest: extract connection setup 2020-09-04 09:50:40 +02:00
Oliver Gugger
17276e9a7f
itest: use only one timeout context
All these operations should be very fast and can be done in just one
timeout context.
2020-09-04 09:50:39 +02:00
Oliver Gugger
a929f56781
itest: use require for macaroon tests 2020-09-04 09:50:39 +02:00
Oliver Gugger
906011f278
itest: add _test file name suffix to tests
To fix the compiler of some IDEs complaining about types and functions
it cannot find, we rename all files that contain tests back to lnd_xxx_test.go to make
sure they are compiled correctly.
2020-09-04 09:50:39 +02:00
Oliver Gugger
ba6156d41d
lnrpc+rpcserver: add ListPermissions RPC
As a convenience method for users to look up what RPC method URIs exist
and what permissions they require, we add a new ListPermissions call
that simply returns all registered URIs (including internal and external
subservers) and their required permissions.
2020-09-04 09:50:38 +02:00
Oliver Gugger
84879fddc6
rpcserver: allow to bake macaroons for specific URIs
To support the new URI specific permissions, we allow them to be added
in the BakeMacaroon call.
2020-09-04 09:22:36 +02:00
Oliver Gugger
6d201ef4fc
macaroons: add special permission entity for URI specific permissions
To make the permission system even more fine-grained, we want to allow
users to specify exact gRPC URIs in the macaroon permissions instead of
just broad entity/action groups.
For this we add the special entity "uri" which allows an URI specific
permission to be defined as "uri:/lnrpc.Lightning/GetInfo" for example
instead of the more coarse "info:read" which gives access to multiple
URIs.
2020-09-04 09:22:35 +02:00
Olaoluwa Osuntokun
2284d8c775
Merge pull request #4556 from Roasbeef/update-sample-lnd-conf-08-2020
docs: update sample-lnd.conf
2020-09-03 18:29:11 -07:00
Olaoluwa Osuntokun
104a909498
docs: update sample-lnd.conf
In this commit, we update the `sample-lnd.conf` example config file to
be up to date with all the new configuration parameters we've added over
the past few release.
2020-09-03 18:27:38 -07:00
Conner Fromknecht
7c91f744ee
Merge pull request #4547 from Crypt-iQ/fwdpkg_cleanup_0819
htlcswitch: reduce db contention when removing forwarding packages
2020-09-02 16:58:28 -07:00
eugene
ea467783e9 htlcswitch+peer: remove fwd pkgs once before tick, bump timer to 1hr
This commit changes the logic when garbage collecting forwarding
packages such that they are removed once when the function is called,
and then again upon subsequent ticks. This allows us to bump the
peer timer to 1 hour to limit the number of db transactions happening
in lnd. The forwarding packages need to be removed initially as
otherwise a flappy node will never have them garbage collected.
2020-08-31 20:52:51 -04:00
eugene
62e19185f1 htlcswitch+channeldb: single tx for removing fwdpkgs
This commit changes RemoveFwdPkg to RemoveFwdPkgs so that a single
tx is used instead of N where N is the number of fwd pkgs to remove.
2020-08-31 20:52:51 -04:00
eugene
9ce89c1b46 lnd: delete mock.go, move mockSpendNotifier to lntest/mock 2020-08-31 20:06:11 -04:00