Wait to create a channel until after accepting.

[waterson]

Create a new table in 'peer_state' to maintain unaccepted inbound channels; i.e., a channel for which we've received an 'open_channel' message but that user code has not yet confirmed for acceptance. When user code accepts the channel (e.g. via 'accept_inbound_channel'), create the channel object and as before.

Currently, the 'open_channel' message eagerly creates an InboundV1Channel object before determining if the channel should be accepted. Because this happens /before/ the channel has been assigned a user identity (which happens in the handler for OpenChannelRequest), the channel is assigned a random user identity. As part of the creation process, the channel's cryptographic material is initialized, which then uses this randomly generated value for the user's channel identity e.g. in SignerProvider::generate_channel_keys_id.

By delaying the creation of the InboundV1Channel until /after/ the channel has been accepted, we ensure that we defer cryptographic initialization until we have given the user the opportunity to assign an identity to the channel.

[dunxen]

We're looking at actually reducing the maps we create and going with an enum approach and single map for channels #2422, so this might make sense as an AwaitingAccept variant.

Thanks for bringing this up. We could discuss on this PR, but I think an issue would be better.

[waterson]

Sounds good. I made some changes to get the tests to pass; would be interested in discussing those. Let me update the PR.

[codecov-commenter]

Codecov Report

Patch coverage: 96.26% and project coverage change: -0.04% ⚠️

Comparison is base (131560e) 90.35% compared to head (2888f76) 90.32%.

❗ Current head 2888f76 differs from pull request most recent head 0184727. Consider uploading reports for the commit 0184727 to get more accurate results

❗ Your organization is not using the GitHub App Integration. As a result you may experience degraded service beginning May 15th. Please install the Github App Integration for your organization. Read more.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2428      +/-   ##
==========================================
- Coverage   90.35%   90.32%   -0.04%     
==========================================
  Files         106      106              
  Lines       56242    56232      -10     
  Branches    56242    56232      -10     
==========================================
- Hits        50816    50789      -27     
- Misses       5426     5443      +17     

Files Changed	Coverage Δ
lightning/src/events/mod.rs	42.51% <ø> (ø)
lightning/src/ln/functional_tests.rs	98.17% <75.00%> (-0.06%)	⬇️
lightning/src/ln/channelmanager.rs	85.61% <97.50%> (-0.07%)	⬇️
lightning/src/ln/channel.rs	89.48% <100.00%> (+0.02%)	⬆️
lightning/src/ln/shutdown_tests.rs	98.45% <100.00%> (ø)

... and 2 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[dunxen]

Thanks this is looking like the right direction. I need to do some more review of what’s moved around but this looks good.

[TheBlueMatt]

Oof, indeed, nice catch. Looks like this needs a small rebase, sorry about that.

[alecchendev]

Looks like rebase caught some extra commits :). Otherwise, LGTM besides one comment and a nit

[waterson]

Thank you for the reviews! PTAL when you get a chance!

[dunxen]

Looking good. I'm wondering if we can now do away with ChannelContext's inbound_awaiting_accept and InboundV1Channel::is_awaiting_accept()

[dunxen]

I'm wondering if we can now do away with ChannelContext's inbound_awaiting_accept and InboundV1Channel::is_awaiting_accept()

Actually I think we can punt this to a follow-up, but it would be nice to remove it if this PR makes it obsolete.

[waterson]

@dunxen fwiw here is a patch that removes inbound_awaiting_accept. It compiles and passes tests. I can add it to the commit chain here if you think that makes sense,.

[dunxen]

@dunxen fwiw here is a patch that removes inbound_awaiting_accept. It compiles and passes tests. I can add it to the commit chain here if you think that makes sense,.

Looks good! As for this comment, we can actually get rid of the InboundV1Channel::set_0conf() method entirely as we'll now know if we must set 0conf when invoking InboundV1Channel::new(), so I think we just need a field there like set_0conf: bool and then inside InboundV1Channel::new() we can then override the minimum_depth based on that. Then we must still keep the if !accept_0conf && channel.context.get_channel_type().requires_zero_conf() check.

We can do this since having an InboundV1Channel will always mean that it's not awaiting accept anymore, unless I'm mistaken?

EDIT: This also means we could probably get rid of the ChannelContext::inbound_awaiting_accept field entirely too. We don't use or serialize it anywhere else.

[waterson]

@dunxen fwiw here is a patch that removes inbound_awaiting_accept. It compiles and passes tests. I can add it to the commit chain here if you think that makes sense,.

Looks good! As for this comment, we can actually get rid of the InboundV1Channel::set_0conf() method entirely as we'll now know if we must set 0conf when invoking InboundV1Channel::new(), so I think we just need a field there like set_0conf: bool and then inside InboundV1Channel::new() we can then override the minimum_depth based on that. Then we must still keep the if !accept_0conf && channel.context.get_channel_type().requires_zero_conf() check.

We can do this since having an InboundV1Channel will always mean that it's not awaiting accept anymore, unless I'm mistaken?

EDIT: This also means we could probably get rid of the ChannelContext::inbound_awaiting_accept field entirely too. We don't use or serialize it anywhere else.

So... I'm a bit worried about this exploding into a mega PR that will become increasingly difficult to review. Would you be comfortable to pursuing this cleanup in a follow-on?

[dunxen]

So... I'm a bit worried about this exploding into a mega PR that will become increasingly difficult to review. Would you be comfortable to pursuing this cleanup in a follow-on?

Haha sure. I thought the PR blowing up might be the case 😄

[dunxen]

Ok so I believe this looks good, and I think we can squash any fixups. We'll need another reviewer though

[wpaulino]

Feel free to squash before addressing my feedback.

[waterson]

Thank you for the review @wpaulino! PTAL when you get a chance. Also a few unresolved that might need some advice... :)

[dunxen]

Oh hmm. I might have missed it but we'll need to make sure these requests get purged after some time like we do with inbound channels that are taking too long to finish handshake.

And probably on disconnecting too although maybe we can keep them and try when reconnected. Probably best to just drop them on disconnect for now.

EDIT: I don't see anything wrong with keeping them on disconnect so long as we still expire them after some time.

[dunxen]

The CI failures look like we're just missing some use of the new parameter for InboundV1Channel::new in some tests.

Otherwise looks good for squash.

[wpaulino]

LGTM but still needs a squash on commits 8d00338, 30101b3, and 3a3ba4b. Also, please keep commit messages to 72 characters max per line.

[TheBlueMatt]

Grr, this needs a trivial rebase, sorry about that. Conceptually LGTM, tho.

[TheBlueMatt]

Oops, one issue (we fail to send an error message when failing the channel) and a few nits.

[TheBlueMatt]

You can do this updating in the retain body.

[waterson]

Ope, hmm... after addressing the issue below I think that it might make more sense to have a separate loop. In particular, the retain lambda gets sad about the use of peer_state.

[TheBlueMatt]

Ah, you can make it less sad by explicitly taking reference to the inner variables separately as individual variables before the retain, but its not all that critical.

[dunxen]

Thanks! Small nit.

[dunxen]

I think we need a clearer description in the message here. I know we might not know the real reason for not letting the request time out, but maybe we could just say:

"Channel force-closed due to acceptance timeout" or something better. What do you think?

P.S. I've added the missing MessageSendEvent in #2496, which we I will rebase on main when this PR lands.

[TheBlueMatt]

There's no conflict between the PRs, so landed that one.

[dunxen]

Oh, right lol

[TheBlueMatt]

LGTM, thanks!

[TheBlueMatt]

oubtound_scid_alias is now unused (always zero), so we should drop the argument here.

[TheBlueMatt]

Oops we also need to wipe this on peer disconnection and when handling errors from peers, I'll do that in a quick followup.