lukechilds
/
lightning
mirror of https://github.com/lukechilds/lightning.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

openingd: pull out check_configs into a common place 

We'll re-use it for dualopend!
bump-pyln-proto
niftynei 4 years ago
committed by Rusty Russell
parent
6607f1d629
commit
72a098a4ad
5 changed files with 246 additions and 189 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 1
      common/initial_commit_tx.h
  2. 4
      openingd/Makefile
  3. 197
      openingd/common.c
  4. 21
      openingd/common.h
  5. 212
      openingd/openingd.c

1
common/initial_commit_tx.h
View File

@ -10,6 +10,7 @@
struct bitcoin_txid; struct bitcoin_txid;
struct keyset; struct keyset;
struct wally_tx_output;
/* BOLT #3: /* BOLT #3:
* *

4
openingd/Makefile
View File

@ -1,6 +1,8 @@
#! /usr/bin/make #! /usr/bin/make
OPENINGD_HEADERS := openingd/openingd_wiregen.h OPENINGD_HEADERS := \
openingd/common.h \
openingd/openingd_wiregen.h
OPENINGD_SRC := openingd/openingd.c \ OPENINGD_SRC := openingd/openingd.c \
$(OPENINGD_HEADERS:.h=.c) $(OPENINGD_HEADERS:.h=.c)

197
openingd/common.c
View File

@ -0,0 +1,197 @@
#include <ccan/ccan/tal/str/str.h>
#include <common/amount.h>
#include <common/channel_config.h>
#include <common/initial_commit_tx.h>
#include <common/type_to_string.h>
#include <openingd/common.h>
/*~ This is the key function that checks that their configuration is reasonable:
* it applied for both the case where they're trying to open a channel, and when
* they've accepted our open. */
bool check_config_bounds(const tal_t *ctx,
struct amount_sat funding,
u32 feerate_per_kw,
u32 max_to_self_delay,
struct amount_msat min_effective_htlc_capacity,
const struct channel_config *remoteconf,
const struct channel_config *localconf,
bool am_opener,
bool option_anchor_outputs,
char **err_reason)
{
struct amount_sat capacity;
struct amount_sat reserve;
struct amount_sat fee;
/* BOLT #2:
*
* The receiving node MUST fail the channel if:
*...
* - `to_self_delay` is unreasonably large.
*/
if (remoteconf->to_self_delay > max_to_self_delay) {
*err_reason = tal_fmt(ctx,
"to_self_delay %u larger than %u",
remoteconf->to_self_delay,
max_to_self_delay);
return false;
}
/* BOLT #2:
*
* The receiving node MAY fail the channel if:
*...
* - `funding_satoshis` is too small.
* - it considers `htlc_minimum_msat` too large.
* - it considers `max_htlc_value_in_flight_msat` too small.
* - it considers `channel_reserve_satoshis` too large.
* - it considers `max_accepted_htlcs` too small.
*/
/* We accumulate this into an effective bandwidth minimum. */
/* Add both reserves to deduct from capacity. */
if (!amount_sat_add(&reserve,
remoteconf->channel_reserve,
localconf->channel_reserve)) {
*err_reason = tal_fmt(ctx,
"channel_reserve_satoshis %s"
" too large",
type_to_string(ctx, struct amount_sat,
&remoteconf->channel_reserve));
return false;
}
/* BOLT-a12da24dd0102c170365124782b46d9710950ac1 #2:
* - if `option_anchor_outputs` applies to this commitment
* transaction and the sending node is the funder:
* - MUST be able to additionally pay for `to_local_anchor` and
* `to_remote_anchor` above its reserve.
*/
/* (We simply include in "reserve" here if they opened). */
if (option_anchor_outputs
&& !am_opener
&& !amount_sat_add(&reserve, reserve, AMOUNT_SAT(660))) {
*err_reason = tal_fmt(ctx,
"cannot add anchors to reserve %s",
type_to_string(ctx, struct amount_sat,
&reserve));
return false;
}
/* If reserves are larger than total sat, we fail. */
if (!amount_sat_sub(&capacity, funding, reserve)) {
*err_reason = tal_fmt(ctx, "channel_reserve_satoshis %s"
" and %s too large for funding %s",
type_to_string(ctx, struct amount_sat,
&remoteconf->channel_reserve),
type_to_string(ctx, struct amount_sat,
&localconf->channel_reserve),
type_to_string(ctx, struct amount_sat,
&funding));
return false;
}
/* They have to pay for fees, too. Assuming HTLC is dust, though,
* we don't account for an HTLC output. */
fee = commit_tx_base_fee(feerate_per_kw, 0, option_anchor_outputs);
if (!amount_sat_sub(&capacity, capacity, fee)) {
*err_reason = tal_fmt(ctx, "channel_reserve_satoshis %s"
" and %s plus fee %s too large for "
"funding %s",
type_to_string(tmpctx, struct amount_sat,
&remoteconf->channel_reserve),
type_to_string(tmpctx, struct amount_sat,
&localconf->channel_reserve),
type_to_string(tmpctx, struct amount_sat,
&fee),
type_to_string(tmpctx, struct amount_sat,
&funding));
return false;
}
/* If they set the max HTLC value to less than that number, it caps
* the channel capacity. */
if (amount_sat_greater(capacity,
amount_msat_to_sat_round_down(remoteconf->max_htlc_value_in_flight)))
capacity = amount_msat_to_sat_round_down(remoteconf->max_htlc_value_in_flight);
/* If the minimum htlc is greater than the capacity, the channel is
* useless. */
if (amount_msat_greater_sat(remoteconf->htlc_minimum, capacity)) {
*err_reason = tal_fmt(ctx, "htlc_minimum_msat %s"
" too large for funding %s"
" capacity_msat %s",
type_to_string(ctx, struct amount_msat,
&remoteconf->htlc_minimum),
type_to_string(ctx, struct amount_sat,
&funding),
type_to_string(ctx, struct amount_sat,
&capacity));
return false;
}
/* If the resulting channel doesn't meet our minimum "effective capacity"
* set by lightningd, don't bother opening it. */
if (amount_msat_greater_sat(min_effective_htlc_capacity,
capacity)) {
*err_reason = tal_fmt(ctx,
"channel capacity with funding %s,"
" reserves %s/%s,"
" max_htlc_value_in_flight_msat is %s,"
" channel capacity is %s, which is below %s",
type_to_string(ctx, struct amount_sat,
&funding),
type_to_string(ctx, struct amount_sat,
&remoteconf->channel_reserve),
type_to_string(ctx, struct amount_sat,
&localconf->channel_reserve),
type_to_string(ctx, struct amount_msat,
&remoteconf->max_htlc_value_in_flight),
type_to_string(ctx, struct amount_sat,
&capacity),
type_to_string(ctx, struct amount_msat,
&min_effective_htlc_capacity));
return false;
}
/* We don't worry about how many HTLCs they accept, as long as > 0! */
if (remoteconf->max_accepted_htlcs == 0) {
*err_reason = tal_fmt(ctx,
"max_accepted_htlcs %u invalid",
remoteconf->max_accepted_htlcs);
return false;
}
/* BOLT #2:
*
* The receiving node MUST fail the channel if:
*...
* - `max_accepted_htlcs` is greater than 483.
*/
if (remoteconf->max_accepted_htlcs > 483) {
*err_reason = tal_fmt(ctx,
"max_accepted_htlcs %u too large",
remoteconf->max_accepted_htlcs);
return false;
}
/* BOLT #2:
*
* The receiving node MUST fail the channel if:
*...
* - `dust_limit_satoshis` is greater than `channel_reserve_satoshis`.
*/
if (amount_sat_greater(remoteconf->dust_limit,
remoteconf->channel_reserve)) {
*err_reason = tal_fmt(ctx,
"dust_limit_satoshis %s"
" too large for channel_reserve_satoshis %s",
type_to_string(ctx, struct amount_sat,
&remoteconf->dust_limit),
type_to_string(ctx, struct amount_sat,
&remoteconf->channel_reserve));
return false;
}
return true;
}

21
openingd/common.h
View File

@ -0,0 +1,21 @@
#ifndef LIGHTNING_OPENINGD_COMMON_H
#define LIGHTNING_OPENINGD_COMMON_H
#include "config.h"
struct amount_sat;
struct channel_config;
bool check_config_bounds(const tal_t *ctx,
struct amount_sat funding,
u32 feerate_per_kw,
u32 max_to_self_delay,
struct amount_msat min_effective_htlc_capacity,
const struct channel_config *remoteconf,
const struct channel_config *localconf,
bool am_opener,
bool option_anchor_outputs,
char **err_reason);
#endif /* LIGHTNING_OPENINGD_COMMON_H */

212
openingd/openingd.c
View File

@ -44,6 +44,7 @@
#include <gossipd/gossipd_peerd_wiregen.h> #include <gossipd/gossipd_peerd_wiregen.h>
#include <hsmd/hsmd_wiregen.h> #include <hsmd/hsmd_wiregen.h>
#include <inttypes.h> #include <inttypes.h>
#include <openingd/common.h>
#include <openingd/openingd_wiregen.h> #include <openingd/openingd_wiregen.h>
#include <poll.h> #include <poll.h>
#include <secp256k1.h> #include <secp256k1.h>
@ -195,192 +196,6 @@ static void negotiation_failed(struct state *state, bool am_opener,
negotiation_aborted(state, am_opener, errmsg); negotiation_aborted(state, am_opener, errmsg);
} }
/*~ This is the key function that checks that their configuration is reasonable:
* it applied for both the case where they're trying to open a channel, and when
* they've accepted our open. */
static bool check_config_bounds(struct state *state,
const struct channel_config *remoteconf,
bool am_opener)
{
struct amount_sat capacity;
struct amount_sat reserve;
struct amount_sat fee;
/* BOLT #2:
*
* The receiving node MUST fail the channel if:
*...
* - `to_self_delay` is unreasonably large.
*/
if (remoteconf->to_self_delay > state->max_to_self_delay) {
negotiation_failed(state, am_opener,
"to_self_delay %u larger than %u",
remoteconf->to_self_delay,
state->max_to_self_delay);
return false;
}
/* BOLT #2:
*
* The receiving node MAY fail the channel if:
*...
* - `funding_satoshis` is too small.
* - it considers `htlc_minimum_msat` too large.
* - it considers `max_htlc_value_in_flight_msat` too small.
* - it considers `channel_reserve_satoshis` too large.
* - it considers `max_accepted_htlcs` too small.
*/
/* We accumulate this into an effective bandwidth minimum. */
/* Add both reserves to deduct from capacity. */
if (!amount_sat_add(&reserve,
remoteconf->channel_reserve,
state->localconf.channel_reserve)) {
negotiation_failed(state, am_opener,
"channel_reserve_satoshis %s"
" too large",
type_to_string(tmpctx, struct amount_sat,
&remoteconf->channel_reserve));
return false;
}
/* BOLT #2:
* - if `option_anchor_outputs` applies to this commitment
* transaction and the sending node is the funder:
* - MUST be able to additionally pay for `to_local_anchor` and
* `to_remote_anchor` above its reserve.
*/
/* We simply include in "reserve" here. */
if (state->option_anchor_outputs
&& !amount_sat_add(&reserve, reserve, AMOUNT_SAT(660))) {
negotiation_failed(state, am_opener,
"cannot add anchors to reserve %s",
type_to_string(tmpctx, struct amount_sat,
&reserve));
return false;
}
/* If reserves are larger than total sat, we fail. */
if (!amount_sat_sub(&capacity, state->funding, reserve)) {
negotiation_failed(state, am_opener,
"channel_reserve_satoshis %s"
" and %s too large for funding %s",
type_to_string(tmpctx, struct amount_sat,
&remoteconf->channel_reserve),
type_to_string(tmpctx, struct amount_sat,
&state->localconf.channel_reserve),
type_to_string(tmpctx, struct amount_sat,
&state->funding));
return false;
}
/* They have to pay for fees, too. Assuming HTLC is dust, though,
* we don't account for an HTLC output. */
fee = commit_tx_base_fee(state->feerate_per_kw, 0,
state->option_anchor_outputs);
if (!amount_sat_sub(&capacity, capacity, fee)) {
negotiation_failed(state, am_opener,
"channel_reserve_satoshis %s"
" and %s plus fee %s too large for funding %s",
type_to_string(tmpctx, struct amount_sat,
&remoteconf->channel_reserve),
type_to_string(tmpctx, struct amount_sat,
&state->localconf.channel_reserve),
type_to_string(tmpctx, struct amount_sat,
&fee),
type_to_string(tmpctx, struct amount_sat,
&state->funding));
return false;
}
/* If they set the max HTLC value to less than that number, it caps
* the channel capacity. */
if (amount_sat_greater(capacity,
amount_msat_to_sat_round_down(remoteconf->max_htlc_value_in_flight)))
capacity = amount_msat_to_sat_round_down(remoteconf->max_htlc_value_in_flight);
/* If the minimum htlc is greater than the capacity, the channel is
* useless. */
if (amount_msat_greater_sat(remoteconf->htlc_minimum, capacity)) {
negotiation_failed(state, am_opener,
"htlc_minimum_msat %s"
" too large for funding %s"
" capacity_msat %s",
type_to_string(tmpctx, struct amount_msat,
&remoteconf->htlc_minimum),
type_to_string(tmpctx, struct amount_sat,
&state->funding),
type_to_string(tmpctx, struct amount_sat,
&capacity));
return false;
}
/* If the resulting channel doesn't meet our minimum "effective capacity"
* set by lightningd, don't bother opening it. */
if (amount_msat_greater_sat(state->min_effective_htlc_capacity,
capacity)) {
negotiation_failed(state, am_opener,
"channel capacity with funding %s,"
" reserves %s/%s,"
" max_htlc_value_in_flight_msat is %s,"
" channel capacity is %s, which is below %s",
type_to_string(tmpctx, struct amount_sat,
&state->funding),
type_to_string(tmpctx, struct amount_sat,
&remoteconf->channel_reserve),
type_to_string(tmpctx, struct amount_sat,
&state->localconf.channel_reserve),
type_to_string(tmpctx, struct amount_msat,
&remoteconf->max_htlc_value_in_flight),
type_to_string(tmpctx, struct amount_sat,
&capacity),
type_to_string(tmpctx, struct amount_msat,
&state->min_effective_htlc_capacity));
return false;
}
/* We don't worry about how many HTLCs they accept, as long as > 0! */
if (remoteconf->max_accepted_htlcs == 0) {
negotiation_failed(state, am_opener,
"max_accepted_htlcs %u invalid",
remoteconf->max_accepted_htlcs);
return false;
}
/* BOLT #2:
*
* The receiving node MUST fail the channel if:
*...
* - `max_accepted_htlcs` is greater than 483.
*/
if (remoteconf->max_accepted_htlcs > 483) {
negotiation_failed(state, am_opener,
"max_accepted_htlcs %u too large",
remoteconf->max_accepted_htlcs);
return false;
}
/* BOLT #2:
*
* The receiving node MUST fail the channel if:
*...
* - `dust_limit_satoshis` is greater than `channel_reserve_satoshis`.
*/
if (amount_sat_greater(remoteconf->dust_limit,
remoteconf->channel_reserve)) {
negotiation_failed(state, am_opener,
"dust_limit_satoshis %s"
" too large for channel_reserve_satoshis %s",
type_to_string(tmpctx, struct amount_sat,
&remoteconf->dust_limit),
type_to_string(tmpctx, struct amount_sat,
&remoteconf->channel_reserve));
return false;
}
return true;
}
/* We always set channel_reserve_satoshis to 1%, rounded down. */ /* We always set channel_reserve_satoshis to 1%, rounded down. */
static void set_reserve(struct state *state) static void set_reserve(struct state *state)
{ {
@ -567,6 +382,7 @@ static u8 *funder_channel_start(struct state *state, u8 channel_flags)
struct channel_id id_in; struct channel_id id_in;
struct tlv_open_channel_tlvs *open_tlvs; struct tlv_open_channel_tlvs *open_tlvs;
struct tlv_accept_channel_tlvs *accept_tlvs; struct tlv_accept_channel_tlvs *accept_tlvs;
char *err_reason;
if (!setup_channel_funder(state)) if (!setup_channel_funder(state))
return NULL; return NULL;
@ -665,8 +481,18 @@ static u8 *funder_channel_start(struct state *state, u8 channel_flags)
return NULL; return NULL;
} }
if (!check_config_bounds(state, &state->remoteconf, true)) if (!check_config_bounds(tmpctx, state->funding,
state->feerate_per_kw,
state->max_to_self_delay,
state->min_effective_htlc_capacity,
&state->remoteconf,
&state->localconf,
true,
state->option_anchor_outputs,
&err_reason)) {
negotiation_failed(state, true, "%s", err_reason);
return NULL; return NULL;
}
funding_output_script = funding_output_script =
scriptpubkey_p2wsh(tmpctx, scriptpubkey_p2wsh(tmpctx,
@ -1100,8 +926,18 @@ static u8 *fundee_channel(struct state *state, const u8 *open_channel_msg)
} }
/* These checks are the same whether we're opener or accepter... */ /* These checks are the same whether we're opener or accepter... */
if (!check_config_bounds(state, &state->remoteconf, false)) if (!check_config_bounds(tmpctx, state->funding,
state->feerate_per_kw,
state->max_to_self_delay,
state->min_effective_htlc_capacity,
&state->remoteconf,
&state->localconf,
false,
state->option_anchor_outputs,
&err_reason)) {
negotiation_failed(state, false, "%s", err_reason);
return NULL; return NULL;
}
/* Check with lightningd that we can accept this? In particular, /* Check with lightningd that we can accept this? In particular,
* if we have an existing channel, we don't support it. */ * if we have an existing channel, we don't support it. */

Write Preview
Loading…
Cancel
Save