channeld: log broken message if we receive HTLCs out of order.

We didn't care, but other implementations (particularly lnd) do. And it does violate the spec. (We need to use skip not xfail on the test which catches this, since xfail doesn't seem to stop errors reported by cleanup) (Includes Christian's typo fix!) Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
rustyrussell · Oct 14, 2020 · 306edea · 306edea
1 parent 90acf50
commit 306edea
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 0 deletions.
diff --git a/channeld/full_channel.c b/channeld/full_channel.c
@@ -758,6 +758,13 @@ enum channel_add_err channel_add_htlc(struct channel *channel,
 	else
 		state = RCVD_ADD_HTLC;
 
+	/* BOLT #2:
+	 * - MUST increase the value of `id` by 1 for each successive offer.
+	 */
+	/* This is a weak (bit cheap) check: */
+	if (htlc_get(channel->htlcs, id+1, sender))
+		status_broken("Peer sent out-of-order HTLC ids (is that you, old c-lightning node?)");
+
 	return add_htlc(channel, state, id, amount, cltv_expiry,
 			payment_hash, routing, blinding,
 			htlcp, true, htlc_fee);

diff --git a/tests/test_connection.py b/tests/test_connection.py
@@ -2193,6 +2193,7 @@ def test_dataloss_protection(node_factory, bitcoind):
     assert (closetxid, "confirmed") in set([(o['txid'], o['status']) for o in l2.rpc.listfunds()['outputs']])
 
 
+@unittest.skip("Broken")
 @unittest.skipIf(not DEVELOPER, "needs dev_disconnect")
 def test_restart_multi_htlc_rexmit(node_factory, bitcoind, executor):
     # l1 disables commit timer once we send first htlc, dies on commit