common/tlvstream: put TLV checking back in the generic function.

Callers were supposed to call "tlv_fields_valid" after fromwire_tlv,
but few did.  Make this the default, and call the underlying function
directly where we want to be more flexible (one place).

This loses the ability to allow misordered fields, or to pass through
*any* even fields.  We restore that for special cases in the next
patch.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

plugins/keysend.c

@@ -342,6 +342,9 @@ static struct command_result *htlc_accepted_call(struct command *cmd,
 	struct out_req *req;
 	struct timeabs now = time_now();
 	const char *err;
+	u64 *allowed = tal_arr(cmd, u64, 1);
+	size_t err_off;
+	u64 err_type;
 
 	err = json_scan(tmpctx, buf, params,
 			"{onion:{payload:%},htlc:{payment_hash:%}}",
@@ -356,10 +359,15 @@ static struct command_result *htlc_accepted_call(struct command *cmd,
 	if (s != max) {
 		return htlc_accepted_continue(cmd, NULL);
 	}
-	payload = fromwire_tlv_tlv_payload(cmd, &rawpayload, &max);
-	if (!payload) {
+
+	/* We explicitly allow our type. */
+	allowed[0] = 5482373484;
+	payload = tlv_tlv_payload_new(cmd);
+	if (!fromwire_tlv(&rawpayload, &max, tlvs_tlv_tlv_payload, TLVS_ARRAY_SIZE_tlv_tlv_payload,
+			  payload, &payload->fields, allowed, &err_off, &err_type)) {
 		plugin_log(
-		    cmd->plugin, LOG_UNUSUAL, "Malformed TLV payload %.*s",
+		    cmd->plugin, LOG_UNUSUAL, "Malformed TLV payload type %"PRIu64" at off %zu %.*s",
+		    err_type, err_off,
 		    json_tok_full_len(params),
 		    json_tok_full(buf, params));
 		return htlc_accepted_continue(cmd, NULL);