Clarify relative order of some messages after reestablish #810
Conversation
The existing requirements were not specifying the case where both a `commitment_signed` and `revoke_and_ack` need to be retransmitted. This is an important case to specify because if the relative order is not preserved, the channel will close. Fixes #794
|
ACK fc07aab |
|
Interestingly, I considered this case when first implementing our retransmission ordering and arbitrarily chose an ordering: https://github.com/lightningnetwork/lnd/blob/master/lnwallet/channel.go#L3810 |
|
However the ordering may not be the same with how we implement it atm, since we always do revoke->sig if we need to send both. |
| @@ -1256,6 +1256,10 @@ A node: | |||
| the last `revoke_and_ack` the receiving node sent, AND the receiving node | |||
| hasn't already received a `closing_signed`: | |||
| - MUST re-send the `revoke_and_ack`. | |||
| - if it has previously sent a `commitment_signed` that needs to be | |||
| retransmitted: | |||
| - MUST retransmit `revoke_and_ack` and `commitment_signed` in the same | |||
There was a problem hiding this comment.
Perhaps we should also spell out the recommended persistence requirements here as well? This was something lnd did incorrectly in a few places (not storing what we need to in order to properly reconstruct a commitment to validate a retransmission. However np with also leaving this off for a more fundamental path to make things more explicit generally.
There was a problem hiding this comment.
Ah re-reading again, there is a light requirement re naive persistence down below where the diff touches the spec.
There was a problem hiding this comment.
Yes, I didn't update that paragraph about persistence that rusty wrote a while ago, but I could, let me know what changes you think would make sense there (if any)!
|
One question that comes to mind: do we need to care about backwards compatibility for this at all? I'm leaning towards no, as this is the "right" way, although switching to this may create a period of instability (spurious force closes) in the network). |
|
Fixes lightningnetwork/lnd#4613 ?
There are already spurious force closes... So I think it does not matter |
|
@Roasbeef do you think I need to add some changes, or is the last state of the PR ok to you? |
When replaying messages during channel-reestablishment, previously we first resent all update messages, along with potential commitment_signed messages, and then we potentially resent a single revoke_and_ack. This can result in incorrect behaviour in case both a commitment_signed and a revoke_and_ack needs to be resent. When replaying messages, the relative order of commitment_signed and revoke_and_messages needs to be preserved. (the order of updates (htlc/fee) in relation to the revack messages does not matter) implements lightning/bolts#810 The logic here is somewhat based on what c-lightning does: https://github.com/ElementsProject/lightning/blob/01e5f1886e31816e652f417a1ff789a26aaeec3b/channeld/channeld.c#L3059
When replaying messages during channel-reestablishment, previously we first resent all update messages, along with potential commitment_signed messages, and then we potentially resent a single revoke_and_ack. This can result in incorrect behaviour in case both a commitment_signed and a revoke_and_ack needs to be resent. When replaying messages, the relative order of commitment_signed and revoke_and_messages needs to be preserved. (the order of updates (htlc/fee) in relation to the revack messages does not matter) implements lightning/bolts#810 The logic here is somewhat based on what c-lightning does: https://github.com/ElementsProject/lightning/blob/01e5f1886e31816e652f417a1ff789a26aaeec3b/channeld/channeld.c#L3059
When replaying messages during channel-reestablishment, previously we first resent all update messages, along with potential commitment_signed messages, and then we potentially resent a single revoke_and_ack. This can result in incorrect behaviour in case both a commitment_signed and a revoke_and_ack needs to be resent. When replaying messages, the relative order of commitment_signed and revoke_and_messages needs to be preserved. (the order of updates (htlc/fee) in relation to the revack messages does not matter) implements lightning/bolts#810 The logic here is somewhat based on what c-lightning does: https://github.com/ElementsProject/lightning/blob/01e5f1886e31816e652f417a1ff789a26aaeec3b/channeld/channeld.c#L3059
When replaying messages during channel-reestablishment, previously we first resent all update messages, along with potential commitment_signed messages, and then we potentially resent a single revoke_and_ack. This can result in incorrect behaviour in case both a commitment_signed and a revoke_and_ack needs to be resent. When replaying messages, the relative order of commitment_signed and revoke_and_messages needs to be preserved. (the order of updates (htlc/fee) in relation to the revack messages does not matter) implements lightning/bolts#810 The logic here is somewhat based on what c-lightning does: https://github.com/ElementsProject/lightning/blob/01e5f1886e31816e652f417a1ff789a26aaeec3b/channeld/channeld.c#L3059
When replaying messages during channel-reestablishment, previously we first resent all update messages, along with potential commitment_signed messages, and then we potentially resent a single revoke_and_ack. This can result in incorrect behaviour in case both a commitment_signed and a revoke_and_ack needs to be resent. When replaying messages, the relative order of commitment_signed and revoke_and_messages needs to be preserved. (the order of updates (htlc/fee) in relation to the revack messages does not matter) implements lightning/bolts#810 The logic here is somewhat based on what c-lightning does: https://github.com/ElementsProject/lightning/blob/01e5f1886e31816e652f417a1ff789a26aaeec3b/channeld/channeld.c#L3059
The existing requirements were not specifying the case where both a
commitment_signedandrevoke_and_ackneed to be retransmitted.This is an important case to specify because if the relative order is not preserved, the channel will close.
See for example the following two scenarios.
Rev then Sig
A needs to retransmit:
With some leeway on when she sends the
add: it can be either before or afterrev, she can choose to not send it at all, or update the fees. The important point is thatsigmust occur afterrev.Sig then Rev
A needs to retransmit:
With some leeway on the
add, she may choose to omit it, update the fees, etc (but all of these before thesig). The important point is thatsigmust occur beforerev.Fixes #794