aljaz/lightning
1
0
Fork 0
mirror of https://github.com/aljazceru/lightning.git synced 2025-12-23 09:04:22 +01:00
Code Issues Packages Projects Releases Wiki Activity

channeld: give some tolerance for empty commitments.

Browse Source 
The spec says not to send a commitment_signed without any changes, but LND
does this.  To understand why, you have to understand how LND works.  I
haven't read the code, but I'm pretty sure it works like this:

1. lnd slows down to do garbage collection, because it's in Go.
2. When an alert timer goes off, noticing it's not making process, it
   sends a twitter message to @roasbeef.
3. @roasbeef sshs into the user's machine and binary patches lnd to send
   a commitment_signed message.
4. Unfortunately he works so fast that various laws of causality are broken,
   meaning sometimes the commitment_signed is sent before any of thes
   other things happen.

I'm fairly sure that this will stop as @roasbeef ages, or lnd introduces
some kind of causality enforcement fix.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This commit is contained in:
Rusty Russell
2019-04-16 13:30:15 +09:30
committed by neil saitug
parent c053dc9a6a
commit c84cade270
2 changed files with 12 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@@ -36,7 +36,7 @@ changes.
- `--bind-addr=<path>` fixed for nodes using local sockets (eg. testing). - `--bind-addr=<path>` fixed for nodes using local sockets (eg. testing).
- Unannounced local channels were forgotten for routing on restart until reconnection occurred. - Unannounced local channels were forgotten for routing on restart until reconnection occurred.
- lightning-cli: arguments containing `"` now succeed, rather than causing JSON errors. - lightning-cli: arguments containing `"` now succeed, rather than causing JSON errors.
- protocol: handle lnd sending more messages before `reestablish`; don't fail channel. - protocol: handle lnd sending more messages before `reestablish`; don't fail channel, and handle older lnd's spurious empty commitments.
### Security ### Security

14
channeld/channeld.c
View File

@@ -157,6 +157,9 @@ struct peer {
/* Additional confirmations need for local lockin. */ /* Additional confirmations need for local lockin. */
u32 depth_togo; u32 depth_togo;
/* Empty commitments. Spec violation, but a minor one. */
u64 last_empty_commitment;
}; };
static u8 *create_channel_announcement(const tal_t *ctx, struct peer *peer); static u8 *create_channel_announcement(const tal_t *ctx, struct peer *peer);
@@ -1344,9 +1347,13 @@ static void handle_peer_commit_sig(struct peer *peer, const u8 *msg)
* - MUST NOT send a `commitment_signed` message that does not * - MUST NOT send a `commitment_signed` message that does not
* include any updates. * include any updates.
*/ */
peer_failed(&peer->cs, status_trace("Oh hi LND! Empty commitment at #%"PRIu64,
&peer->channel_id, peer->next_index[LOCAL]);
"commit_sig with no changes"); if (peer->last_empty_commitment == peer->next_index[LOCAL] - 1)
peer_failed(&peer->cs,
&peer->channel_id,
"commit_sig with no changes (again!)");
peer->last_empty_commitment = peer->next_index[LOCAL];
} }
/* We were supposed to check this was affordable as we go. */ /* We were supposed to check this was affordable as we go. */
@@ -2967,6 +2974,7 @@ int main(int argc, char *argv[])
peer->last_update_timestamp = 0; peer->last_update_timestamp = 0;
/* We actually received it in the previous daemon, but near enough */ /* We actually received it in the previous daemon, but near enough */
peer->last_recv = time_now(); peer->last_recv = time_now();
peer->last_empty_commitment = 0;
/* We send these to HSM to get real signatures; don't have valgrind /* We send these to HSM to get real signatures; don't have valgrind
* complain. */ * complain. */