Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BOLT 2: forget the check about update_* messages, and check what must not happens during shutdown #972

Closed
wants to merge 1 commit into from
Closed

BOLT 2: forget the check about update_* messages, and check what must not happens during shutdown #972

wants to merge 1 commit into from

Conversation

vincenzopalazzo
Copy link
Contributor

@vincenzopalazzo vincenzopalazzo commented Apr 6, 2022
edited
Loading

The rationale around this PR that is a simplification of #970 is that a node should not care about what it receives but only about what it must not receive. Just to quote @TheBlueMatt

The actual Close Channel spec tell us exactly when we need to fail, we need just to remove the confusing part related to the update_* messages

So, the concept proposed is to use a black list of messages that a node should never receive during a shutdown, and the actual status the black list contains only is just an add_htlc.

lnprototest reference implementation: rustyrussell/lnprototest#37

@vincenzopalazzo vincenzopalazzo changed the title bolt2: forget the check about the update_* messages, and check what must not happens BOLT 2: forget the check about update_* messages, and check what must not happens Apr 6, 2022
@vincenzopalazzo vincenzopalazzo changed the title BOLT 2: forget the check about update_* messages, and check what must not happens BOLT 2: forget the check about update_* messages, and check what must not happens during shutdown Apr 6, 2022
@t-bast t-bast mentioned this pull request Apr 7, 2022
Closed
20 tasks
@TheBlueMatt
Copy link
Collaborator

Any thoughts @Crypt-iQ ?

@t-bast t-bast mentioned this pull request Apr 21, 2022
Closed
23 tasks
@Crypt-iQ
Copy link
Contributor

The changes look fine, but I think we should specify when it's ok to send closing_signed

@TheBlueMatt
Copy link
Collaborator

Right, agreed, this only does half of what #970 was doing, we still need to clarify the "when can you send closing_signed" part.

@vincenzopalazzo
Copy link
Contributor Author

vincenzopalazzo commented Apr 22, 2022
edited
Loading

The changes look fine, but I think we should specify when it's ok to send closing_signed

Good point! In this case, we can use the same idea to simplify the code, with the following way:

  • (from the sender side) send a closing_signed message when the are no pending htlcs, and
  • (from the receiver side) we can accept closing_signed only when there are no pending htlcs, and if a closing_signed when there are htlcs to resolve, the received will send a warning message (or error to fail the close operation?)

What do you think?

@TheBlueMatt
Copy link
Collaborator

Good point! In this case, we can use the same idea to simplify the code, with the following way:

Lets do this in a separate PR, probably #970, I think the parts of #970 that do this are fine, though can be a bit better-defined.

@TheBlueMatt TheBlueMatt mentioned this pull request Apr 28, 2022
Open
@vincenzopalazzo vincenzopalazzo mentioned this pull request Apr 29, 2022
Closed
t-bast
t-bast approved these changes May 4, 2022
View reviewed changes
Copy link
Collaborator

@t-bast t-bast left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ACK a16bfe9

Eclair already handles receiving update_fee after shutdown and actually also sends update_fee if the feerate changes a lot, so this would align with our behavior.

@vincenzopalazzo
Copy link
Contributor Author

Another good thing that we can introduce here @t-bast is how manage the update_fee, how @Crypt-iQ a node can continue to send update_fee for any reason, and this can stop a node with the current master BOLT to close a channel.

However, we can also add a line to specify that update_fee need to stay in the range defined in the message description

  • if the update_fee is too low for timely processing, OR is unreasonably large: MUST send a warning and close the connection, or send an error and fail the channel

Where the unreasonable definition is up to the implementation, in this way we will solve also the problem to when send the closing_signed because if the update fee are to much faster, the node can pic one that he choose defined in a reasonable time and send the closing_signed

@t-bast
Copy link
Collaborator

t-bast commented May 9, 2022

However, we can also add a line to specify that update_fee need to stay in the range defined in the message description

if the update_fee is too low for timely processing, OR is unreasonably large: MUST send a warning and close the connection, or send an error and fail the channel

That would be unnecessary, we only need to have this paragraph in the section about update_fee, no need to duplicate it here it would only bloat the requirements.

@Roasbeef
Copy link
Collaborator

Roasbeef commented May 9, 2022
edited
Loading

Today lnd doesn't actually handle update_fee if it's sent after a shutdown. At this point we assume that no other updates can happen to a channel, so we ignore them (read the message and just drop it). I'll make an issue on our end to start handling it properly, since it is the case that you need it even w/ anchors if the relay fee grows too high.

@TheBlueMatt
Copy link
Collaborator

TheBlueMatt commented May 10, 2022
edited
Loading

no other updates can happen to a channel

I assume this does not include HTLC removal updates? Just checking to make sure. This would imply if a peer removes an HTLC and sends a fee update you'll just force-close on them?

@Crypt-iQ
Copy link
Contributor

no other updates can happen to a channel

I assume this does not include HTLC removal updates? Just checking to make sure. This would imply if a peer removes an HTLC and sends a fee update you'll just force-close on them?

lnd doesn't do shutdown until the channel state is totally clean. lnd won't force close if you send messages at this point, it will just drop them. this will be fixed once the spec is a little more clear

@TheBlueMatt
Copy link
Collaborator

lnd doesn't do shutdown until the channel state is totally clean.

Ah that's...an interesting interpretation of the spec. But in practice I'd imagine that means this isn't a big deal - update_fee after channel is clear should be really rare, but before of course it may be common. That said it does imply lnd is willing to relay/send over a channel that will always reject the HTLC :/

@t-bast t-bast mentioned this pull request May 18, 2022
Closed
23 tasks
@t-bast t-bast mentioned this pull request Jun 16, 2022
Closed
24 tasks
@t-bast t-bast mentioned this pull request Jun 29, 2022
Closed
24 tasks
@Roasbeef Roasbeef mentioned this pull request Aug 1, 2022
Closed
25 tasks
@t-bast t-bast mentioned this pull request Aug 12, 2022
Closed
25 tasks
@t-bast t-bast mentioned this pull request Aug 29, 2022
Closed
25 tasks
@vincenzopalazzo
bolt2: forget the check about the update_* messages.
6287f95 
The rational around this commit is that a node should not care about what he receive but only about what it must not receive.

The actual Close Channel spec tell us exactly when we need to fail, we need just to remove the confusing part related to the `update_*`

Signed-off-by: Vincenzo Palazzo <vincenzopalazzodev@gmail.com>
@vincenzopalazzo
Copy link
Contributor Author

Mh! I jump on this PR because I was looking inside some work in lnprototest and I think this PR should add some additional info related to the message that is banned on the shutdown. or it is fine in this way?

This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@t-bast t-bast t-bast approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@vincenzopalazzo @TheBlueMatt @Crypt-iQ @t-bast @Roasbeef