Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow specifying an error when failing back HTLC #1948

Merged
merged 2 commits into from
Jan 25, 2023

Conversation

alecchendev
Copy link
Contributor

@alecchendev alecchendev commented Jan 12, 2023

Fixes #1570. This PR adds a new FailureCode enum, and a new function ChannelManager::fail_htlc_backwards_with_reason to allow the user to input their own failure reason (FailureCode) to form an HTLCFailReason to send to peers when failing back in response to an Event::PaymentClaimable. It also adds do_test_fail_htlc_backwards_with_reason and the test test_fail_htlc_backwards_with_reason.

Notes

  • (DONE) Would like to DRY up between fail_htlc_backwards and fail_htlc_backwards_with_reason but because the msat + height data is found individually for each HTLC to form the error (in fail_htlc_backwards), not sure how I would.

To do

  • (DONE) Add test(s). I was planning to test the new function similarly to fail_htlc_backwards, however I couldn't really find where fail_htlc_backwards was explicitly tested, mainly just used/indirectly tested throughout ln/functional_tests.rs. Still figuring what the best way to test this is.

Questions

  • (DONE) Could anyone explain (or point me to a resource that explains) what the failure codes in HTLCFailReason::Reason are? I couldn’t find much in the docs/comments, I saw some stuff about failure codes in BOLT#2 for malformed HTLCs but this seems more general than that? Answer

This is my first PR on this repo so please forgive me if I'm asking something trivial! I'm going to try and participate in more code review to get more assimilated to the repo, but in the meantime if anyone is able to provide any feedback I'd greatly appreciate it.

@codecov-commenter
Copy link

codecov-commenter commented Jan 12, 2023

Codecov Report

Base: 90.80% // Head: 90.75% // Decreases project coverage by -0.05% ⚠️

Coverage data is based on head (6e485ae) compared to base (e0a0add).
Patch coverage: 93.44% of modified lines in pull request are covered.

❗ Current head 6e485ae differs from pull request most recent head 48aef2d. Consider uploading reports for the commit 48aef2d to get more accurate results

📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more

Additional details and impacted files
@@            Coverage Diff             @@
##             main    #1948      +/-   ##
==========================================
- Coverage   90.80%   90.75%   -0.05%     
==========================================
  Files          98       98              
  Lines       51507    51733     +226     
  Branches    51507    51733     +226     
==========================================
+ Hits        46770    46952     +182     
- Misses       4737     4781      +44     
Impacted Files Coverage Δ
lightning/src/util/events.rs 30.50% <ø> (ø)
lightning/src/ln/channelmanager.rs 87.24% <91.66%> (+0.05%) ⬆️
lightning/src/ln/onion_route_tests.rs 97.41% <93.87%> (-0.22%) ⬇️
lightning/src/ln/inbound_payment.rs 92.00% <0.00%> (-1.50%) ⬇️
lightning-invoice/src/utils.rs 96.94% <0.00%> (-0.83%) ⬇️
lightning/src/ln/functional_tests.rs 96.76% <0.00%> (-0.35%) ⬇️
lightning/src/chain/channelmonitor.rs 90.87% <0.00%> (-0.20%) ⬇️
lightning-invoice/src/lib.rs 87.37% <0.00%> (-0.11%) ⬇️
lightning/src/chain/keysinterface.rs 83.46% <0.00%> (ø)
lightning/src/ln/functional_test_utils.rs 91.21% <0.00%> (ø)
... and 3 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

Copy link
Contributor

@valentinewallace valentinewallace left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could anyone explain (or point me to a resource that explains) what the failure codes in HTLCFailReason::Reason are?

Here are the possible failure codes/messages: https://github.com/lightning/bolts/blob/master/04-onion-routing.md#failure-messages

Re: testing, the expect_payment_failed macro in functional_test_utils checks a failed payment's error code and data :)

lightning/src/ln/channelmanager.rs Outdated Show resolved Hide resolved
lightning/src/ln/channelmanager.rs Outdated Show resolved Hide resolved
lightning/src/ln/channelmanager.rs Outdated Show resolved Hide resolved
@alecchendev
Copy link
Contributor Author

Thanks so much for the feedback @valentinewallace! I'll try to address most of the suggestions in about an hour or so.

@valentinewallace
Copy link
Contributor

Looking pretty good to me. You'll want to amend your commit history at some point, we follow bitcoin core's guidelines: https://github.com/bitcoin/bitcoin/blob/master/CONTRIBUTING.md#squashing-commits

@valentinewallace
Copy link
Contributor

Feel free to request a review once you've added tests or otherwise want another look

@alecchendev
Copy link
Contributor Author

Will rebase tomorrow, but besides that I've mostly gotten through a new implementation that I think makes more sense as well as some tests.

I only implemented the four failure codes @TheBlueMatt mentioned (unknown_payment_details, temporary_node_failure, required_channel_feature_missing, expiry_too_soon) to start, but I still have to think about other ones I might want to add. Also might move the conversion from FailureCode to HTLCFailReason to a separate function especially if I add more.

In fail_htlc_backwards_with_reason, for the FailureCode::ExpiryTooSoon branch, I have a ton of unwraps, not super sure what's the best way to handle these--I see other places that are doing similar things (getting a channel from a short channel id) take different approaches, e.g. they sometimes just unwrap, sometimes propagate an error, sometimes handle it based on local context. Seems like it would be sorta unreasonable to panic when a user just tries to fail back an HTLC, so I'm thinking I might want to default to a certain failure code or maybe propagate an error so they can choose how to handle it. I would need to take some more time to think about which places it makes sense to just unwrap vs. properly handle the error, so suggestions welcome.

Also had some miscellaneous questions:

  • For the check commits CI check, should I try to be passing that all the time, or mainly only after squashing at the end?
  • While working on this I mainly just wanted to run the one test, but it took quite a while to compile because I assume it compiles all the other tests even if it doesn't use them...is there a way around this?

@alecchendev alecchendev marked this pull request as ready for review January 17, 2023 23:10
Copy link
Collaborator

@TheBlueMatt TheBlueMatt left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice! This looks pretty great to me. Instead of merging in upstream changes, please rebase per the guide at https://github.com/bitcoin/bitcoin/blob/master/CONTRIBUTING.md#rebasing-changes (and squash down fixup commits into one linear history that has logically separate commits that don't fix previous commits in the same PR).

lightning/src/ln/channelmanager.rs Outdated Show resolved Hide resolved
lightning/src/ln/channelmanager.rs Outdated Show resolved Hide resolved
lightning/src/ln/channelmanager.rs Outdated Show resolved Hide resolved
@TheBlueMatt
Copy link
Collaborator

While working on this I mainly just wanted to run the one test, but it took quite a while to compile because I assume it compiles all the other tests even if it doesn't use them...is there a way around this?

Sadly, no. Rust has some ability to just recompile files that have changed, but its been on and off depending on the rust version due to various bugs. We also are (very slowly) working on breaking up our functional tests into more files to make this less painful. Speaking of which, please consider moving your new test to onion_route_tests :)

@alecchendev
Copy link
Contributor Author

Instead of merging in upstream changes, please rebase per the guide at https://github.com/bitcoin/bitcoin/blob/master/CONTRIBUTING.md#rebasing-changes

Oh I see, thanks.

(and squash down fixup commits into one linear history that has logically separate commits that don't fix previous commits in the same PR).

Just to clarify, should I be squashing any time I make changes in the PR or just at the end?

@TheBlueMatt
Copy link
Collaborator

TheBlueMatt commented Jan 18, 2023

Just to clarify, should I be squashing any time I make changes in the PR or just at the end?

It depends on the reviewer, in general we usually coordinate with reviewers by asking if they're ready for squashing, though that can delay PRs some so if its a relatively minor change feel free to just squash as you go - there's no hard rule here, we're flexible.

lightning/src/util/events.rs Outdated Show resolved Hide resolved
lightning/src/ln/channelmanager.rs Outdated Show resolved Hide resolved
lightning/src/ln/channelmanager.rs Outdated Show resolved Hide resolved
lightning/src/ln/channelmanager.rs Outdated Show resolved Hide resolved
lightning/src/ln/channelmanager.rs Outdated Show resolved Hide resolved
lightning/src/ln/channelmanager.rs Outdated Show resolved Hide resolved
lightning/src/ln/channelmanager.rs Outdated Show resolved Hide resolved
@alecchendev alecchendev force-pushed the custom-fail-back-err branch 3 times, most recently from cb1b3ea to 3935324 Compare January 20, 2023 04:38
@alecchendev
Copy link
Contributor Author

Btw I moved the code to fetch the corresponding error data to create the HTLCFailReason to a separate internal function get_htlc_fail_reason_from_failure_code. I rebased this to streamline the commits but realized leaving the separate commits temporarily would've probably been a helpful indicator, so just wanted to give a heads up.

@alecchendev alecchendev force-pushed the custom-fail-back-err branch 2 times, most recently from 9ddf1e6 to 037226a Compare January 24, 2023 00:23
@TheBlueMatt
Copy link
Collaborator

LGTM, I think. Please squash the fixup commit at the end back down into the second commit so we don't have commits fixing previous commits in the same PR.

@alecchendev alecchendev force-pushed the custom-fail-back-err branch 2 times, most recently from 31de6db to 9f50950 Compare January 25, 2023 03:33
lightning/src/ln/channelmanager.rs Outdated Show resolved Hide resolved
lightning/src/ln/channelmanager.rs Outdated Show resolved Hide resolved
@alecchendev
Copy link
Contributor Author

Okay, I think the commits should be all fixed up 👍

@alecchendev
Copy link
Contributor Author

Just squashed the first two commits together because the added function from the second commit was referenced in the first commit's documentation. Now it should be good I think.

TheBlueMatt
TheBlueMatt previously approved these changes Jan 25, 2023
lightning/src/ln/channelmanager.rs Outdated Show resolved Hide resolved
FailureCode is used to specify which error code and data to send
to peers when failing back an HTLC.

ChannelManager::fail_htlc_backwards_with_reason
allows a user to specify the error code and
corresponding data to send to peers when failing back an HTLC.
This function is mentioned in Event::PaymentClaimable docs.
ChannelManager::get_htlc_fail_reason_from_failure_code was also
added to assist with this function.
Add a test for newly added function failing back a basic payment
and ensuring the intended failure code and data are sent back
to the peer.
@TheBlueMatt TheBlueMatt merged commit abbd295 into lightningdevkit:main Jan 25, 2023
k0k0ne pushed a commit to bitlightlabs/rust-lightning that referenced this pull request Sep 30, 2024
0.0.114 - Mar 3, 2023 - "Faster Async BOLT12 Retries"

API Updates
===========

 * `InvoicePayer` has been removed and its features moved directly into
   `ChannelManager`. As such it now requires a simplified `Router` and supports
   `send_payment_with_retry` (and friends). `ChannelManager::retry_payment` was
   removed in favor of the automated retries. Invoice payment utilities in
   `lightning-invoice` now call the new code (lightningdevkit#1812, lightningdevkit#1916, lightningdevkit#1929, lightningdevkit#2007, etc).
 * `Sign`/`BaseSign` has been renamed `ChannelSigner`, with `EcdsaChannelSigner`
   split out in anticipation of future schnorr/taproot support (lightningdevkit#1967).
 * The catch-all `KeysInterface` was split into `EntropySource`, `NodeSigner`,
   and `SignerProvider`. `KeysManager` implements all three (lightningdevkit#1910, lightningdevkit#1930).
 * `KeysInterface::get_node_secret` is now `KeysManager::get_node_secret_key`
   and is no longer required for external signers (lightningdevkit#1951, lightningdevkit#2070).
 * A `lightning-transaction-sync` crate has been added which implements keeping
   LDK in sync with the chain via an esplora server (lightningdevkit#1870). Note that it can
   only be used on nodes that *never* ran a previous version of LDK.
 * `Score` is updated in `BackgroundProcessor` instead of via `Router` (lightningdevkit#1996).
 * `ChainAccess::get_utxo` (now `UtxoAccess`) can now be resolved async (lightningdevkit#1980).
 * BOLT12 `Offer`, `InvoiceRequest`, `Invoice` and `Refund` structs as well as
   associated builders have been added. Such invoices cannot yet be paid due to
   missing support for blinded path payments (lightningdevkit#1927, lightningdevkit#1908, lightningdevkit#1926).
 * A `lightning-custom-message` crate has been added to make combining multiple
   custom messages into one enum/handler easier (lightningdevkit#1832).
 * `Event::PaymentPathFailure` is now generated for failure to send an HTLC
   over the first hop on our local channel (lightningdevkit#2014, lightningdevkit#2043).
 * `lightning-net-tokio` no longer requires an `Arc` on `PeerManager` (lightningdevkit#1968).
 * `ChannelManager::list_recent_payments` was added (lightningdevkit#1873).
 * `lightning-background-processor` `std` is now optional in async mode (lightningdevkit#1962).
 * `create_phantom_invoice` can now be used in `no-std` (lightningdevkit#1985).
 * The required final CLTV delta on inbound payments is now configurable (lightningdevkit#1878)
 * bitcoind RPC error code and message are now surfaced in `block-sync` (lightningdevkit#2057).
 * Get `historical_estimated_channel_liquidity_probabilities` was added (lightningdevkit#1961).
 * `ChannelManager::fail_htlc_backwards_with_reason` was added (lightningdevkit#1948).
 * Macros which implement serialization using TLVs or straight writing of struct
   fields are now public (lightningdevkit#1823, lightningdevkit#1976, lightningdevkit#1977).

Backwards Compatibility
=======================

 * Any inbound payments with a custom final CLTV delta will be rejected by LDK
   if you downgrade prior to receipt (lightningdevkit#1878).
 * `Event::PaymentPathFailed::network_update` will always be `None` if an
   0.0.114-generated event is read by a prior version of LDK (lightningdevkit#2043).
 * `Event::PaymentPathFailed::all_paths_removed` will always be false if an
   0.0.114-generated event is read by a prior version of LDK. Users who rely on
   it to determine payment retries should migrate to `Event::PaymentFailed`, in
   a separate release prior to upgrading to LDK 0.0.114 if downgrading is
   supported (lightningdevkit#2043).

Performance Improvements
========================

 * Channel data is now stored per-peer and channel updates across multiple
   peers can be operated on simultaneously (lightningdevkit#1507).
 * Routefinding is roughly 1.5x faster (lightningdevkit#1799).
 * Deserializing a `NetworkGraph` is roughly 6x faster (lightningdevkit#2016).
 * Memory usage for a `NetworkGraph` has been reduced substantially (lightningdevkit#2040).
 * `KeysInterface::get_secure_random_bytes` is roughly 200x faster (lightningdevkit#1974).

Bug Fixes
=========

 * Fixed a bug where a delay in processing a `PaymentSent` event longer than the
   time taken to persist a `ChannelMonitor` update, when occurring immediately
   prior to a crash, may result in the `PaymentSent` event being lost (lightningdevkit#2048).
 * Fixed spurious rejections of rapid gossip sync data when the graph has been
   updated by other means between gossip syncs (lightningdevkit#2046).
 * Fixed a panic in `KeysManager` when the high bit of `starting_time_nanos`
   is set (lightningdevkit#1935).
 * Resolved an issue where the `ChannelManager::get_persistable_update_future`
   future would fail to wake until a second notification occurs (lightningdevkit#2064).
 * Resolved a memory leak when using `ChannelManager::send_probe` (lightningdevkit#2037).
 * Fixed a deadlock on some platforms at least when using async `ChannelMonitor`
   updating (lightningdevkit#2006).
 * Removed debug-only assertions which were reachable in threaded code (lightningdevkit#1964).
 * In some cases when payment sending fails on our local channel retries no
   longer take the same path and thus never succeed (lightningdevkit#2014).
 * Retries for spontaneous payments have been fixed (lightningdevkit#2002).
 * Return an `Err` if `lightning-persister` fails to read the directory listing
   rather than panicing (lightningdevkit#1943).
 * `peer_disconnected` will now never be called without `peer_connected` (lightningdevkit#2035)

Security
========

0.0.114 fixes several denial-of-service vulnerabilities which are reachable from
untrusted input from channel counterparties or in deployments accepting inbound
connections or channels. It also fixes a denial-of-service vulnerability in rare
cases in the route finding logic.
 * The number of pending un-funded channels as well as peers without funded
   channels is now limited to avoid denial of service (lightningdevkit#1988).
 * A second `channel_ready` message received immediately after the first could
   lead to a spurious panic (lightningdevkit#2071). This issue was introduced with 0conf
   support in LDK 0.0.107.
 * A division-by-zero issue was fixed in the `ProbabilisticScorer` if the amount
   being sent (including previous-hop fees) is equal to a channel's capacity
   while walking the graph (lightningdevkit#2072). The division-by-zero was introduced with
   historical data tracking in LDK 0.0.112.

In total, this release features 130 files changed, 21457 insertions, 10113
deletions in 343 commits from 18 authors, in alphabetical order:
 * Alec Chen
 * Allan Douglas R. de Oliveira
 * Andrei
 * Arik Sosman
 * Daniel Granhão
 * Duncan Dean
 * Elias Rohrer
 * Jeffrey Czyz
 * John Cantrell
 * Kurtsley
 * Matt Corallo
 * Max Fang
 * Omer Yacine
 * Valentine Wallace
 * Viktor Tigerström
 * Wilmer Paulino
 * benthecarman
 * jurvis
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Allow specifying an error when failing back
4 participants