Browse Source

payalgo: Be willing to overpay up to maxfeepercent, for privacy.

This obscures how far an intermediate hop is from the ultimate
payee, and also obscures slightly the exact payment value.

Fixes: #1089
ppa-0.6.1
ZmnSCPxj 7 years ago
committed by Christian Decker
parent
commit
c1a43a04af
  1. 20
      lightningd/payalgo.c

20
lightningd/payalgo.c

@ -5,6 +5,7 @@
#include <ccan/tal/str/str.h>
#include <ccan/time/time.h>
#include <common/bolt11.h>
#include <common/pseudorand.h>
#include <common/timeout.h>
#include <common/type_to_string.h>
#include <gossipd/gen_gossip_wire.h>
@ -487,6 +488,8 @@ static bool json_pay_try(struct pay *pay)
struct command *cmd = pay->cmd;
struct timeabs now = time_now();
struct siphash_seed seed;
u64 maxoverpayment;
u64 overpayment;
/* If too late anyway, fail now. */
if (time_after(now, pay->expiry)) {
@ -513,13 +516,28 @@ static bool json_pay_try(struct pay *pay)
/* Generate random seed */
randombytes_buf(&seed, sizeof(seed));
/* Generate an overpayment, from fuzz * maxfee. */
/* Now normally the use of double for money is very bad.
* Note however that a later stage will ensure that
* we do not end up paying more than maxfeepercent
* of the msatoshi we intend to pay. */
maxoverpayment = ((double) pay->msatoshi * pay->fuzz * pay->maxfeepercent)
/ 100.0;
if (maxoverpayment > 0) {
/* We will never generate the maximum computed
* overpayment this way. Maybe OK for most
* purposes. */
overpayment = pseudorand(maxoverpayment);
} else
overpayment = 0;
++pay->getroute_tries;
/* FIXME: use b11->routes */
req = towire_gossip_getroute_request(pay->try_parent,
&cmd->ld->id,
&pay->receiver_id,
pay->msatoshi,
pay->msatoshi + overpayment,
pay->riskfactor,
pay->min_final_cltv_expiry,
&pay->fuzz,

Loading…
Cancel
Save