Browse Source

status: use common status codes for all the failures.

This change is really to allow us to have a --dev-fail-on-subdaemon-fail option
so we can handle failures from subdaemons generically.

It also neatens handling so we can have an explicit callback for "peer
did something wrong" (which matters if we want to close the channel in
that case).

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
ppa-0.6.1
Rusty Russell 7 years ago
committed by Christian Decker
parent
commit
ef28b6112c
  1. 168
      channeld/channel.c
  2. 16
      channeld/channel_wire.csv
  3. 1
      closingd/Makefile
  4. 64
      closingd/closing.c
  5. 16
      closingd/closing_wire.csv
  6. 4
      common/peer_failed.c
  7. 7
      common/peer_failed.h
  8. 14
      common/status.c
  9. 32
      common/status.h
  10. 48
      gossipd/gossip.c
  11. 8
      gossipd/gossip_wire.csv
  12. 94
      handshaked/handshake.c
  13. 25
      handshaked/handshake_wire.csv
  14. 53
      hsmd/hsm.c
  15. 7
      hsmd/hsm_wire.csv
  16. 10
      lightningd/gossip_control.c
  17. 2
      lightningd/new_connection.c
  18. 94
      lightningd/peer_control.c
  19. 121
      lightningd/subd.c
  20. 5
      lightningd/subd.h
  21. 47
      onchaind/onchain.c
  22. 5
      onchaind/onchain_wire.csv
  23. 93
      openingd/opening.c
  24. 13
      openingd/opening_wire.csv

168
channeld/channel.c

@ -160,8 +160,9 @@ static struct io_plan *gossip_client_recv(struct io_conn *conn,
type == WIRE_NODE_ANNOUNCEMENT)
msg_enqueue(&peer->peer_out, msg);
else
status_failed(WIRE_CHANNEL_GOSSIP_BAD_MESSAGE,
"Got bad message from gossipd: %d", type);
status_failed(STATUS_FAIL_GOSSIP_IO,
"Got bad message from gossipd: %s",
tal_hex(msg, msg));
return daemon_conn_read_next(conn, dc);
}
@ -191,14 +192,16 @@ static void send_announcement_signatures(struct peer *peer)
if (!wire_sync_write(HSM_FD, req))
status_failed(WIRE_CHANNEL_HSM_FAILED,
"Writing cannouncement_sig_req");
status_failed(STATUS_FAIL_HSM_IO,
"Writing cannouncement_sig_req: %s",
strerror(errno));
msg = wire_sync_read(tmpctx, HSM_FD);
if (!msg || !fromwire_hsm_cannouncement_sig_reply(msg, NULL,
&peer->announcement_node_sigs[LOCAL]))
status_failed(WIRE_CHANNEL_HSM_FAILED,
"Reading cannouncement_sig_resp");
status_failed(STATUS_FAIL_HSM_IO,
"Reading cannouncement_sig_resp: %s",
strerror(errno));
/* Double-check that HSM gave a valid signature. */
sha256_double(&hash, ca + offset, tal_len(ca) - offset);
@ -207,7 +210,7 @@ static void send_announcement_signatures(struct peer *peer)
/* It's ok to fail here, the channel announcement is
* unique, unlike the channel update which may have
* been replaced in the meantime. */
status_failed(WIRE_CHANNEL_HSM_FAILED,
status_failed(STATUS_FAIL_HSM_IO,
"HSM returned an invalid signature");
}
@ -247,13 +250,15 @@ static void send_channel_update(struct peer *peer, bool disabled)
msg = towire_hsm_cupdate_sig_req(tmpctx, cupdate);
if (!wire_sync_write(HSM_FD, msg))
status_failed(WIRE_CHANNEL_HSM_FAILED,
"Writing cupdate_sig_req");
status_failed(STATUS_FAIL_HSM_IO,
"Writing cupdate_sig_req: %s",
strerror(errno));
msg = wire_sync_read(tmpctx, HSM_FD);
if (!msg || !fromwire_hsm_cupdate_sig_reply(tmpctx, msg, NULL, &cupdate))
status_failed(WIRE_CHANNEL_HSM_FAILED,
"Reading cupdate_sig_req");
status_failed(STATUS_FAIL_HSM_IO,
"Reading cupdate_sig_req: %s",
strerror(errno));
daemon_conn_send(&peer->gossip_client, cupdate);
msg_enqueue(&peer->peer_out, cupdate);
@ -328,12 +333,15 @@ static struct io_plan *handle_peer_funding_locked(struct io_conn *conn,
peer->old_remote_per_commit = peer->remote_per_commit;
if (!fromwire_funding_locked(msg, NULL, &chanid,
&peer->remote_per_commit))
status_failed(WIRE_CHANNEL_PEER_BAD_MESSAGE,
peer_failed(PEER_FD, &peer->pcs.cs, &peer->channel_id,
"Bad funding_locked %s", tal_hex(msg, msg));
if (!structeq(&chanid, &peer->channel_id))
status_failed(WIRE_CHANNEL_PEER_BAD_MESSAGE,
"Wrong channel id in %s", tal_hex(trc, msg));
peer_failed(PEER_FD, &peer->pcs.cs, &peer->channel_id,
"Wrong channel id in %s (expected %s)",
tal_hex(trc, msg),
type_to_string(msg, struct channel_id,
&peer->channel_id));
peer->funding_locked[REMOTE] = true;
wire_sync_write(MASTER_FD,
@ -370,14 +378,14 @@ static struct io_plan *handle_peer_announcement_signatures(struct io_conn *conn,
&peer->short_channel_ids[REMOTE],
&peer->announcement_node_sigs[REMOTE],
&peer->announcement_bitcoin_sigs[REMOTE]))
status_failed(WIRE_CHANNEL_PEER_BAD_MESSAGE,
peer_failed(PEER_FD, &peer->pcs.cs, &peer->channel_id,
"Bad announcement_signatures %s",
tal_hex(msg, msg));
/* Make sure we agree on the channel ids */
/* FIXME: Check short_channel_id */
if (!structeq(&chanid, &peer->channel_id)) {
status_failed(WIRE_CHANNEL_PEER_BAD_MESSAGE,
peer_failed(PEER_FD, &peer->pcs.cs, &peer->channel_id,
"Wrong channel_id or short_channel_id in %s or %s",
tal_hexstr(trc, &chanid, sizeof(struct channel_id)),
tal_hexstr(trc, &peer->short_channel_ids[REMOTE],
@ -410,7 +418,6 @@ static struct io_plan *handle_peer_add_htlc(struct io_conn *conn,
peer_failed(io_conn_fd(peer->peer_conn),
&peer->pcs.cs,
&peer->channel_id,
WIRE_CHANNEL_PEER_BAD_MESSAGE,
"Bad peer_add_htlc %s", tal_hex(msg, msg));
add_err = channel_add_htlc(peer->channel, REMOTE, id, amount_msat,
@ -420,7 +427,6 @@ static struct io_plan *handle_peer_add_htlc(struct io_conn *conn,
peer_failed(io_conn_fd(peer->peer_conn),
&peer->pcs.cs,
&peer->channel_id,
WIRE_CHANNEL_PEER_BAD_MESSAGE,
"Bad peer_add_htlc: %u", add_err);
return peer_read_message(conn, &peer->pcs, peer_in);
}
@ -497,7 +503,7 @@ static u8 *master_wait_sync_reply(const tal_t *ctx,
channel_wire_type_name(fromwire_peektype(msg)));
if (!wire_sync_write(MASTER_FD, msg))
status_failed(WIRE_CHANNEL_INTERNAL_ERROR,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"Could not set sync write to master: %s",
strerror(errno));
@ -507,7 +513,7 @@ static u8 *master_wait_sync_reply(const tal_t *ctx,
for (;;) {
reply = wire_sync_read(ctx, MASTER_FD);
if (!reply)
status_failed(WIRE_CHANNEL_INTERNAL_ERROR,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"Could not set sync read from master: %s",
strerror(errno));
if (fromwire_peektype(reply) == replytype) {
@ -540,13 +546,13 @@ static struct commit_sigs *calc_commitsigs(const tal_t *ctx,
&peer->channel->basepoints[LOCAL].payment,
&peer->remote_per_commit,
&local_secretkey))
status_failed(WIRE_CHANNEL_CRYPTO_FAILED,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"Deriving local_secretkey");
if (!derive_simple_key(&peer->channel->basepoints[LOCAL].payment,
&peer->remote_per_commit,
&localkey))
status_failed(WIRE_CHANNEL_CRYPTO_FAILED,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"Deriving localkey");
status_trace("Derived key %s from basepoint %s, point %s",
@ -703,7 +709,7 @@ static u8 *make_revocation_msg(const struct peer *peer, u64 revoke_index)
/* Sanity check that it corresponds to the point we sent. */
pubkey_from_privkey((struct privkey *)&old_commit_secret, &point);
if (!per_commit_point(&peer->shaseed, &oldpoint, revoke_index))
status_failed(WIRE_CHANNEL_CRYPTO_FAILED,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"Invalid point %"PRIu64" for commit_point",
revoke_index);
@ -712,14 +718,14 @@ static u8 *make_revocation_msg(const struct peer *peer, u64 revoke_index)
type_to_string(trc, struct pubkey, &oldpoint));
if (!pubkey_eq(&point, &oldpoint))
status_failed(WIRE_CHANNEL_CRYPTO_FAILED,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"Invalid secret %s for commit_point",
tal_hexstr(trc, &old_commit_secret,
sizeof(old_commit_secret)));
/* We're revoking N-1th commit, sending N+1th point. */
if (!per_commit_point(&peer->shaseed, &point, revoke_index+2))
status_failed(WIRE_CHANNEL_CRYPTO_FAILED,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"Deriving next commit_point");
return towire_revoke_and_ack(peer, &peer->channel_id, &old_commit_secret,
@ -772,11 +778,11 @@ static void get_shared_secret(const struct htlc *htlc,
ephemeral.pubkey = op->ephemeralkey;
msg = towire_hsm_ecdh_req(tmpctx, &ephemeral);
if (!wire_sync_write(HSM_FD, msg))
status_failed(WIRE_CHANNEL_HSM_FAILED, "Writing ecdh req");
status_failed(STATUS_FAIL_HSM_IO, "Writing ecdh req");
msg = wire_sync_read(tmpctx, HSM_FD);
/* Gives all-zero shares_secret if it was invalid. */
if (!msg || !fromwire_hsm_ecdh_resp(msg, NULL, shared_secret))
status_failed(WIRE_CHANNEL_HSM_FAILED, "Reading ecdh response");
status_failed(STATUS_FAIL_HSM_IO, "Reading ecdh response");
tal_free(tmpctx);
}
@ -874,7 +880,6 @@ static struct io_plan *handle_peer_commit_sig(struct io_conn *conn,
peer_failed(io_conn_fd(peer->peer_conn),
&peer->pcs.cs,
&peer->channel_id,
WIRE_CHANNEL_PEER_BAD_MESSAGE,
"commit_sig with no changes");
}
@ -883,12 +888,11 @@ static struct io_plan *handle_peer_commit_sig(struct io_conn *conn,
peer_failed(io_conn_fd(peer->peer_conn),
&peer->pcs.cs,
&peer->channel_id,
WIRE_CHANNEL_PEER_BAD_MESSAGE,
"Bad commit_sig %s", tal_hex(msg, msg));
if (!per_commit_point(&peer->shaseed, &point,
peer->next_index[LOCAL]))
status_failed(WIRE_CHANNEL_CRYPTO_FAILED,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"Deriving per_commit_point for %"PRIu64,
peer->next_index[LOCAL]);
@ -897,7 +901,7 @@ static struct io_plan *handle_peer_commit_sig(struct io_conn *conn,
if (!derive_simple_key(&peer->channel->basepoints[REMOTE].payment,
&point, &remotekey))
status_failed(WIRE_CHANNEL_CRYPTO_FAILED,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"Deriving remotekey");
status_trace("Derived key %s from basepoint %s, point %s",
type_to_string(trc, struct pubkey, &remotekey),
@ -916,7 +920,6 @@ static struct io_plan *handle_peer_commit_sig(struct io_conn *conn,
peer_failed(io_conn_fd(peer->peer_conn),
&peer->pcs.cs,
&peer->channel_id,
WIRE_CHANNEL_PEER_BAD_MESSAGE,
"Bad commit_sig signature %"PRIu64" %s for tx %s wscript %s key %s",
peer->next_index[LOCAL],
type_to_string(msg, secp256k1_ecdsa_signature,
@ -938,7 +941,6 @@ static struct io_plan *handle_peer_commit_sig(struct io_conn *conn,
peer_failed(io_conn_fd(peer->peer_conn),
&peer->pcs.cs,
&peer->channel_id,
WIRE_CHANNEL_PEER_BAD_MESSAGE,
"Expected %zu htlc sigs, not %zu",
tal_count(txs) - 1, tal_count(htlc_sigs));
@ -954,7 +956,6 @@ static struct io_plan *handle_peer_commit_sig(struct io_conn *conn,
peer_failed(io_conn_fd(peer->peer_conn),
&peer->pcs.cs,
&peer->channel_id,
WIRE_CHANNEL_PEER_BAD_MESSAGE,
"Bad commit_sig signature %s for htlc %s wscript %s key %s",
type_to_string(msg, secp256k1_ecdsa_signature, &htlc_sigs[i]),
type_to_string(msg, struct bitcoin_tx, txs[1+i]),
@ -1031,7 +1032,6 @@ static struct io_plan *handle_peer_revoke_and_ack(struct io_conn *conn,
peer_failed(io_conn_fd(peer->peer_conn),
&peer->pcs.cs,
&peer->channel_id,
WIRE_CHANNEL_PEER_BAD_MESSAGE,
"Bad revoke_and_ack %s", tal_hex(msg, msg));
}
@ -1046,7 +1046,6 @@ static struct io_plan *handle_peer_revoke_and_ack(struct io_conn *conn,
peer_failed(io_conn_fd(peer->peer_conn),
&peer->pcs.cs,
&peer->channel_id,
WIRE_CHANNEL_PEER_BAD_MESSAGE,
"Bad privkey %s",
type_to_string(msg, struct privkey, &privkey));
}
@ -1054,7 +1053,6 @@ static struct io_plan *handle_peer_revoke_and_ack(struct io_conn *conn,
peer_failed(io_conn_fd(peer->peer_conn),
&peer->pcs.cs,
&peer->channel_id,
WIRE_CHANNEL_PEER_BAD_MESSAGE,
"Wrong privkey %s for %"PRIu64" %s",
type_to_string(msg, struct privkey, &privkey),
peer->next_index[LOCAL]-2,
@ -1102,7 +1100,6 @@ static struct io_plan *handle_peer_fulfill_htlc(struct io_conn *conn,
peer_failed(io_conn_fd(peer->peer_conn),
&peer->pcs.cs,
&peer->channel_id,
WIRE_CHANNEL_PEER_BAD_MESSAGE,
"Bad update_fulfill_htlc %s", tal_hex(msg, msg));
}
@ -1123,7 +1120,6 @@ static struct io_plan *handle_peer_fulfill_htlc(struct io_conn *conn,
peer_failed(io_conn_fd(peer->peer_conn),
&peer->pcs.cs,
&peer->channel_id,
WIRE_CHANNEL_PEER_BAD_MESSAGE,
"Bad update_fulfill_htlc: failed to fulfill %"
PRIu64 " error %u", id, e);
}
@ -1144,7 +1140,6 @@ static struct io_plan *handle_peer_fail_htlc(struct io_conn *conn,
peer_failed(io_conn_fd(peer->peer_conn),
&peer->pcs.cs,
&peer->channel_id,
WIRE_CHANNEL_PEER_BAD_MESSAGE,
"Bad update_fulfill_htlc %s", tal_hex(msg, msg));
}
@ -1164,7 +1159,6 @@ static struct io_plan *handle_peer_fail_htlc(struct io_conn *conn,
peer_failed(io_conn_fd(peer->peer_conn),
&peer->pcs.cs,
&peer->channel_id,
WIRE_CHANNEL_PEER_BAD_MESSAGE,
"Bad update_fail_htlc: failed to remove %"
PRIu64 " error %u", id, e);
}
@ -1189,7 +1183,6 @@ static struct io_plan *handle_peer_fail_malformed_htlc(struct io_conn *conn,
peer_failed(io_conn_fd(peer->peer_conn),
&peer->pcs.cs,
&peer->channel_id,
WIRE_CHANNEL_PEER_BAD_MESSAGE,
"Bad update_fail_malformed_htlc %s",
tal_hex(msg, msg));
}
@ -1203,7 +1196,6 @@ static struct io_plan *handle_peer_fail_malformed_htlc(struct io_conn *conn,
peer_failed(io_conn_fd(peer->peer_conn),
&peer->pcs.cs,
&peer->channel_id,
WIRE_CHANNEL_PEER_BAD_MESSAGE,
"Bad update_fail_malformed_htlc failure code %u",
failure_code);
}
@ -1244,7 +1236,6 @@ static struct io_plan *handle_peer_fail_malformed_htlc(struct io_conn *conn,
peer_failed(io_conn_fd(peer->peer_conn),
&peer->pcs.cs,
&peer->channel_id,
WIRE_CHANNEL_PEER_BAD_MESSAGE,
"Bad update_fail_malformed_htlc: failed to remove %"
PRIu64 " error %u", id, e);
}
@ -1260,7 +1251,6 @@ static struct io_plan *handle_ping(struct io_conn *conn,
peer_failed(io_conn_fd(peer->peer_conn),
&peer->pcs.cs,
&peer->channel_id,
WIRE_CHANNEL_PEER_BAD_MESSAGE,
"Bad ping");
status_trace("Got ping, sending %s", pong ?
@ -1279,10 +1269,16 @@ static struct io_plan *handle_pong(struct io_conn *conn,
status_trace("Got pong!");
if (!fromwire_pong(pong, pong, NULL, &ignored))
status_failed(WIRE_CHANNEL_PEER_READ_FAILED, "Bad pong");
peer_failed(io_conn_fd(peer->peer_conn),
&peer->pcs.cs,
&peer->channel_id,
"Bad pong %s", tal_hex(pong, pong));
if (!peer->num_pings_outstanding)
status_failed(WIRE_CHANNEL_PEER_READ_FAILED, "Unexpected pong");
peer_failed(io_conn_fd(peer->peer_conn),
&peer->pcs.cs,
&peer->channel_id,
"Unexpected pong");
peer->num_pings_outstanding--;
wire_sync_write(MASTER_FD,
@ -1298,7 +1294,10 @@ static struct io_plan *handle_peer_shutdown(struct io_conn *conn,
u8 *scriptpubkey;
if (!fromwire_shutdown(peer, shutdown, NULL, &channel_id, &scriptpubkey))
status_failed(WIRE_CHANNEL_PEER_READ_FAILED, "Bad shutdown");
peer_failed(io_conn_fd(peer->peer_conn),
&peer->pcs.cs,
&peer->channel_id,
"Bad shutdown %s", tal_hex(peer, shutdown));
/* Tell master, it will tell us what to send (if any). */
wire_sync_write(MASTER_FD,
@ -1327,7 +1326,6 @@ static struct io_plan *peer_in(struct io_conn *conn, struct peer *peer, u8 *msg)
peer_failed(io_conn_fd(peer->peer_conn),
&peer->pcs.cs,
&peer->channel_id,
WIRE_CHANNEL_PEER_BAD_MESSAGE,
"%s (%u) before funding locked",
wire_type_name(type), type);
}
@ -1377,7 +1375,6 @@ static struct io_plan *peer_in(struct io_conn *conn, struct peer *peer, u8 *msg)
peer_failed(io_conn_fd(peer->peer_conn),
&peer->pcs.cs,
&peer->channel_id,
WIRE_CHANNEL_PEER_BAD_MESSAGE,
"Unimplemented message %u (%s)",
type, wire_type_name(type));
}
@ -1386,7 +1383,6 @@ badmessage:
peer_failed(io_conn_fd(peer->peer_conn),
&peer->pcs.cs,
&peer->channel_id,
WIRE_CHANNEL_PEER_BAD_MESSAGE,
"Peer sent unknown message %u (%s)",
type, wire_type_name(type));
}
@ -1406,7 +1402,7 @@ static void peer_conn_broken(struct io_conn *conn, struct peer *peer)
/* Make sure gossipd actually gets this message before dying */
daemon_conn_sync_flush(&peer->gossip_client);
}
status_failed(WIRE_CHANNEL_PEER_READ_FAILED,
status_failed(STATUS_FAIL_PEER_IO,
"peer connection broken: %s", strerror(errno));
}
@ -1437,7 +1433,6 @@ static void send_fail_or_fulfill(struct peer *peer, const struct htlc *h)
peer_failed(io_conn_fd(peer->peer_conn),
&peer->pcs.cs,
&peer->channel_id,
WIRE_CHANNEL_PEER_BAD_MESSAGE,
"HTLC %"PRIu64" state %s not failed/fulfilled",
h->id, htlc_state_name(h->state));
msg_enqueue(&peer->peer_out, take(msg));
@ -1471,7 +1466,6 @@ static void resend_commitment(struct peer *peer, const struct changed_htlc *last
peer_failed(io_conn_fd(peer->peer_conn),
&peer->pcs.cs,
&peer->channel_id,
WIRE_CHANNEL_PEER_BAD_MESSAGE,
"Can't find HTLC %"PRIu64" to resend",
last[i].id);
@ -1524,13 +1518,13 @@ static void peer_reconnect(struct peer *peer)
peer->next_index[LOCAL],
peer->revocations_received);
if (!sync_crypto_write(&peer->pcs.cs, PEER_FD, take(msg)))
status_failed(WIRE_CHANNEL_PEER_WRITE_FAILED,
status_failed(STATUS_FAIL_PEER_IO,
"Failed writing reestablish: %s", strerror(errno));
again:
msg = sync_crypto_read(peer, &peer->pcs.cs, PEER_FD);
if (!msg)
status_failed(WIRE_CHANNEL_PEER_READ_FAILED,
status_failed(STATUS_FAIL_PEER_IO,
"Failed reading reestablish: %s", strerror(errno));
if (is_gossip_msg(msg)) {
@ -1542,7 +1536,7 @@ again:
if (!fromwire_channel_reestablish(msg, NULL, &channel_id,
&next_local_commitment_number,
&next_remote_revocation_number)) {
status_failed(WIRE_CHANNEL_PEER_READ_FAILED,
status_failed(STATUS_FAIL_PEER_IO,
"bad reestablish msg: %s %s",
wire_type_name(fromwire_peektype(msg)),
tal_hex(msg, msg));
@ -1589,14 +1583,14 @@ again:
if (next_remote_revocation_number == peer->next_index[LOCAL] - 2) {
/* Don't try to retransmit revocation index -1! */
if (peer->next_index[LOCAL] < 2) {
status_failed(WIRE_CHANNEL_PEER_READ_FAILED,
status_failed(STATUS_FAIL_PEER_IO,
"bad reestablish revocation_number: %"
PRIu64,
next_remote_revocation_number);
}
retransmit_revoke_and_ack = true;
} else if (next_remote_revocation_number != peer->next_index[LOCAL] - 1) {
status_failed(WIRE_CHANNEL_PEER_READ_FAILED,
status_failed(STATUS_FAIL_PEER_IO,
"bad reestablish revocation_number: %"PRIu64
" vs %"PRIu64,
next_remote_revocation_number,
@ -1619,7 +1613,7 @@ again:
if (next_local_commitment_number == peer->next_index[REMOTE] - 1) {
/* We completed opening, we don't re-transmit that one! */
if (next_local_commitment_number == 0)
status_failed(WIRE_CHANNEL_PEER_READ_FAILED,
status_failed(STATUS_FAIL_PEER_IO,
"bad reestablish commitment_number: %"
PRIu64,
next_local_commitment_number);
@ -1636,7 +1630,6 @@ again:
peer_failed(PEER_FD,
&peer->pcs.cs,
&peer->channel_id,
WIRE_CHANNEL_PEER_BAD_MESSAGE,
"bad reestablish commitment_number: %"PRIu64
" vs %"PRIu64,
next_local_commitment_number,
@ -1677,7 +1670,7 @@ static void handle_funding_locked(struct peer *peer, const u8 *msg)
if (!fromwire_channel_funding_locked(msg, NULL,
&peer->short_channel_ids[LOCAL]))
status_failed(WIRE_CHANNEL_BAD_COMMAND, "%s", tal_hex(msg, msg));
master_badmsg(WIRE_CHANNEL_FUNDING_LOCKED, msg);
per_commit_point(&peer->shaseed,
&next_per_commit_point, peer->next_index[LOCAL]);
@ -1720,14 +1713,13 @@ static void handle_offer_htlc(struct peer *peer, const u8 *inmsg)
const char *failmsg;
if (!peer->funding_locked[LOCAL] || !peer->funding_locked[REMOTE])
status_failed(WIRE_CHANNEL_BAD_COMMAND, "funding not locked");
status_failed(STATUS_FAIL_MASTER_IO,
"funding not locked for offer_htlc");
if (!fromwire_channel_offer_htlc(inmsg, NULL, &amount_msat,
&cltv_expiry, &payment_hash,
onion_routing_packet))
status_failed(WIRE_CHANNEL_BAD_COMMAND,
"bad offer_htlc message %s",
tal_hex(inmsg, inmsg));
master_badmsg(WIRE_CHANNEL_OFFER_HTLC, inmsg);
e = channel_add_htlc(peer->channel, LOCAL, peer->htlc_id,
amount_msat, cltv_expiry, &payment_hash,
@ -1756,7 +1748,7 @@ static void handle_offer_htlc(struct peer *peer, const u8 *inmsg)
goto failed;
case CHANNEL_ERR_DUPLICATE:
case CHANNEL_ERR_DUPLICATE_ID_DIFFERENT:
status_failed(WIRE_CHANNEL_BAD_COMMAND,
status_failed(STATUS_FAIL_MASTER_IO,
"Duplicate HTLC %"PRIu64, peer->htlc_id);
/* FIXME: Fuzz the boundaries a bit to avoid probing? */
@ -1796,8 +1788,7 @@ static void handle_preimage(struct peer *peer, const u8 *inmsg)
struct preimage preimage;
if (!fromwire_channel_fulfill_htlc(inmsg, NULL, &id, &preimage))
status_failed(WIRE_CHANNEL_BAD_COMMAND,
"Invalid channel_fulfill_htlc");
master_badmsg(WIRE_CHANNEL_FULFILL_HTLC, inmsg);
switch (channel_fulfill_htlc(peer->channel, REMOTE, id, &preimage)) {
case CHANNEL_ERR_REMOVE_OK:
@ -1814,7 +1805,7 @@ static void handle_preimage(struct peer *peer, const u8 *inmsg)
case CHANNEL_ERR_HTLC_UNCOMMITTED:
case CHANNEL_ERR_HTLC_NOT_IRREVOCABLE:
case CHANNEL_ERR_BAD_PREIMAGE:
status_failed(WIRE_CHANNEL_BAD_COMMAND,
status_failed(STATUS_FAIL_MASTER_IO,
"HTLC %"PRIu64" preimage failed", id);
}
abort();
@ -1830,11 +1821,10 @@ static void handle_fail(struct peer *peer, const u8 *inmsg)
if (!fromwire_channel_fail_htlc(inmsg, inmsg, NULL, &id, &malformed,
&errpkt))
status_failed(WIRE_CHANNEL_BAD_COMMAND,
"Invalid channel_fail_htlc");
master_badmsg(WIRE_CHANNEL_FAIL_HTLC, inmsg);
if (malformed && !(malformed & BADONION))
status_failed(WIRE_CHANNEL_BAD_COMMAND,
status_failed(STATUS_FAIL_MASTER_IO,
"Invalid channel_fail_htlc: bad malformed 0x%x",
malformed);
@ -1865,7 +1855,7 @@ static void handle_fail(struct peer *peer, const u8 *inmsg)
case CHANNEL_ERR_HTLC_UNCOMMITTED:
case CHANNEL_ERR_HTLC_NOT_IRREVOCABLE:
case CHANNEL_ERR_BAD_PREIMAGE:
status_failed(WIRE_CHANNEL_BAD_COMMAND,
status_failed(STATUS_FAIL_MASTER_IO,
"HTLC %"PRIu64" removal failed: %i", id, e);
}
abort();
@ -1877,11 +1867,11 @@ static void handle_ping_cmd(struct peer *peer, const u8 *inmsg)
u8 *ping;
if (!fromwire_channel_ping(inmsg, NULL, &num_pong_bytes, &ping_len))
status_failed(WIRE_CHANNEL_BAD_COMMAND, "Bad channel_ping");
master_badmsg(WIRE_CHANNEL_PING, inmsg);
ping = make_ping(peer, num_pong_bytes, ping_len);
if (tal_len(ping) > 65535)
status_failed(WIRE_CHANNEL_BAD_COMMAND, "Oversize channel_ping");
status_failed(STATUS_FAIL_MASTER_IO, "Oversize channel_ping");
msg_enqueue(&peer->peer_out, take(ping));
@ -1906,7 +1896,7 @@ static void handle_shutdown_cmd(struct peer *peer, const u8 *inmsg)
u8 *scriptpubkey;
if (!fromwire_channel_send_shutdown(peer, inmsg, NULL, &scriptpubkey))
status_failed(WIRE_CHANNEL_BAD_COMMAND, "Bad send_shutdown");
master_badmsg(WIRE_CHANNEL_SEND_SHUTDOWN, inmsg);
/* We can't send this until commit (if any) is done, so start timer<. */
peer->unsent_shutdown_scriptpubkey = scriptpubkey;
@ -1940,18 +1930,10 @@ static void req_in(struct peer *peer, const u8 *msg)
handle_shutdown_cmd(peer, msg);
goto out;
case WIRE_CHANNEL_BAD_COMMAND:
case WIRE_CHANNEL_HSM_FAILED:
case WIRE_CHANNEL_CRYPTO_FAILED:
case WIRE_CHANNEL_GOSSIP_BAD_MESSAGE:
case WIRE_CHANNEL_INTERNAL_ERROR:
case WIRE_CHANNEL_PEER_WRITE_FAILED:
case WIRE_CHANNEL_PEER_READ_FAILED:
case WIRE_CHANNEL_NORMAL_OPERATION:
case WIRE_CHANNEL_INIT:
case WIRE_CHANNEL_OFFER_HTLC_REPLY:
case WIRE_CHANNEL_PING_REPLY:
case WIRE_CHANNEL_PEER_BAD_MESSAGE:
case WIRE_CHANNEL_ANNOUNCED:
case WIRE_CHANNEL_SENDING_COMMITSIG:
case WIRE_CHANNEL_GOT_COMMITSIG:
@ -1964,8 +1946,7 @@ static void req_in(struct peer *peer, const u8 *msg)
case WIRE_CHANNEL_SHUTDOWN_COMPLETE:
break;
}
status_failed(WIRE_CHANNEL_BAD_COMMAND, "%u %s", t,
channel_wire_type_name(t));
master_badmsg(-1, msg);
out:
tal_free(msg);
@ -2041,8 +2022,7 @@ static void init_channel(struct peer *peer)
&peer->shutdown_sent[REMOTE],
&peer->channel_flags,
&funding_signed))
status_failed(WIRE_CHANNEL_BAD_COMMAND, "Init: %s",
tal_hex(msg, msg));
master_badmsg(WIRE_CHANNEL_INIT, msg);
status_trace("init %s: remote_per_commit = %s, old_remote_per_commit = %s"
" next_idx_local = %"PRIu64
@ -2081,7 +2061,7 @@ static void init_channel(struct peer *peer)
if (!channel_force_htlcs(peer->channel, htlcs, hstates,
fulfilled, fulfilled_sides,
failed, failed_sides))
status_failed(WIRE_CHANNEL_BAD_COMMAND,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"Could not restore HTLCs");
peer->channel_direction = get_channel_direction(
@ -2104,7 +2084,7 @@ static void init_channel(struct peer *peer)
#ifndef TESTING
static void gossip_gone(struct io_conn *unused, struct daemon_conn *dc)
{
status_failed(WIRE_CHANNEL_GOSSIP_BAD_MESSAGE,
status_failed(STATUS_FAIL_GOSSIP_IO,
"Gossip connection closed");
}
@ -2114,14 +2094,14 @@ static void send_shutdown_complete(struct peer *peer)
/* Push out any outstanding messages to peer. */
if (!io_flush_sync(peer->peer_conn))
status_failed(WIRE_CHANNEL_PEER_WRITE_FAILED, "Syncing conn");
status_failed(STATUS_FAIL_PEER_IO, "Syncing conn");
/* Set FD blocking to flush it */
io_fd_block(PEER_FD, true);
while ((msg = msg_dequeue(&peer->peer_out)) != NULL) {
if (!sync_crypto_write(&peer->pcs.cs, PEER_FD, take(msg)))
status_failed(WIRE_CHANNEL_PEER_WRITE_FAILED,
status_failed(STATUS_FAIL_PEER_IO,
"Flushing msgs");
}
@ -2174,7 +2154,7 @@ static int poll_with_masterfd(struct pollfd *fds, nfds_t nfds, int timeout)
u8 *msg = wire_sync_read(peer, MASTER_FD);
if (!msg)
status_failed(WIRE_CHANNEL_BAD_COMMAND,
status_failed(STATUS_FAIL_MASTER_IO,
"Can't read command: %s",
strerror(errno));
msg_enqueue(&peer->from_master, take(msg));

16
channeld/channel_wire.csv

@ -1,19 +1,3 @@
# Shouldn't happen
channel_bad_command,0x8000
# Also shouldn't happen
channel_hsm_failed,0x8001
channel_crypto_failed,0x8002
channel_internal_error,0x8003
channel_gossip_bad_message,0x8004
# These are due to peer.
channel_peer_write_failed,0x8010
channel_peer_read_failed,0x8011
channel_peer_bad_message,0x8012
channel_peer_bad_message,,len,u16
channel_peer_bad_message,,msg,len*u8
# Received and sent funding_locked
channel_normal_operation,1001

Can't render this file because it has a wrong number of fields in line 2.

1
closingd/Makefile

@ -51,6 +51,7 @@ CLOSINGD_COMMON_OBJS := \
common/derive_basepoints.o \
common/htlc_wire.o \
common/msg_queue.o \
common/peer_failed.o \
common/permute_tx.o \
common/status.o \
common/type_to_string.o \

64
closingd/closing.c

@ -5,6 +5,7 @@
#include <common/debug.h>
#include <common/derive_basepoints.h>
#include <common/htlc.h>
#include <common/peer_failed.h>
#include <common/status.h>
#include <common/type_to_string.h>
#include <common/utils.h>
@ -23,6 +24,8 @@
#define GOSSIP_FD 4
static struct bitcoin_tx *close_tx(const tal_t *ctx,
struct crypto_state *cs,
const struct channel_id *channel_id,
u8 *scriptpubkey[NUM_SIDES],
const struct sha256_double *funding_txid,
unsigned int funding_txout,
@ -35,7 +38,7 @@ static struct bitcoin_tx *close_tx(const tal_t *ctx,
struct bitcoin_tx *tx;
if (satoshi_out[funder] < fee)
status_failed(WIRE_CLOSING_NEGOTIATION_ERROR,
peer_failed(PEER_FD, cs, channel_id,
"Funder cannot afford fee %"PRIu64
" (%"PRIu64" and %"PRIu64")",
fee, satoshi_out[LOCAL],
@ -44,7 +47,9 @@ static struct bitcoin_tx *close_tx(const tal_t *ctx,
status_trace("Making close tx at = %"PRIu64"/%"PRIu64" fee %"PRIu64,
satoshi_out[LOCAL], satoshi_out[REMOTE], fee);
tx = create_close_tx(ctx, scriptpubkey[LOCAL], scriptpubkey[REMOTE],
/* FIXME: We need to allow this! */
tx = create_close_tx(ctx,
scriptpubkey[LOCAL], scriptpubkey[REMOTE],
funding_txid,
funding_txout,
funding_satoshi,
@ -52,7 +57,7 @@ static struct bitcoin_tx *close_tx(const tal_t *ctx,
satoshi_out[REMOTE] - (funder == REMOTE ? fee : 0),
dust_limit);
if (!tx)
status_failed(WIRE_CLOSING_NEGOTIATION_ERROR,
peer_failed(PEER_FD, cs, channel_id,
"Both outputs below dust limit:"
" funding = %"PRIu64
" fee = %"PRIu64
@ -101,26 +106,25 @@ static void do_reconnect(struct crypto_state *cs,
next_index[LOCAL],
revocations_received);
if (!sync_crypto_write(cs, PEER_FD, take(msg)))
status_failed(WIRE_CLOSING_PEER_WRITE_FAILED,
status_failed(STATUS_FAIL_PEER_IO,
"Failed writing reestablish: %s", strerror(errno));
again:
msg = sync_crypto_read(tmpctx, cs, PEER_FD);
if (!msg)
status_failed(WIRE_CLOSING_PEER_READ_FAILED,
status_failed(STATUS_FAIL_PEER_IO,
"Failed reading reestablish: %s", strerror(errno));
if (is_gossip_msg(msg)) {
if (!wire_sync_write(GOSSIP_FD, take(msg)))
status_failed(WIRE_CLOSING_GOSSIP_FAILED,
"Writing gossip");
status_failed(STATUS_FAIL_GOSSIP_IO, "Writing gossip");
goto again;
}
if (!fromwire_channel_reestablish(msg, NULL, &their_channel_id,
&next_local_commitment_number,
&next_remote_revocation_number)) {
status_failed(WIRE_CLOSING_PEER_READ_FAILED,
peer_failed(PEER_FD, cs, channel_id,
"bad reestablish msg: %s %s",
wire_type_name(fromwire_peektype(msg)),
tal_hex(tmpctx, msg));
@ -194,10 +198,9 @@ int main(int argc, char *argv[])
&reconnected,
&next_index[LOCAL],
&next_index[REMOTE],
&revocations_received)) {
status_failed(WIRE_CLOSING_PEER_BAD_MESSAGE,
"Bad init message %s", tal_hex(ctx, msg));
}
&revocations_received))
master_badmsg(WIRE_CLOSING_INIT, msg);
status_trace("satoshi_out = %"PRIu64"/%"PRIu64,
satoshi_out[LOCAL], satoshi_out[REMOTE]);
status_trace("dustlimit = %"PRIu64, our_dust_limit);
@ -236,7 +239,8 @@ int main(int argc, char *argv[])
* the close transaction as specified in [BOLT
* #3](03-transactions.md#closing-transaction).
*/
tx = close_tx(tmpctx, scriptpubkey,
tx = close_tx(tmpctx, &cs, &channel_id,
scriptpubkey,
&funding_txid,
funding_txout,
funding_satoshi,
@ -260,7 +264,7 @@ int main(int argc, char *argv[])
/* Now send closing offer */
msg = towire_closing_signed(tmpctx, &channel_id, sent_fee, &sig);
if (!sync_crypto_write(&cs, PEER_FD, take(msg)))
status_failed(WIRE_CLOSING_PEER_WRITE_FAILED,
status_failed(STATUS_FAIL_PEER_IO,
"Writing closing_signed");
/* Did we just agree with them? If so, we're done. */
@ -270,13 +274,12 @@ int main(int argc, char *argv[])
again:
msg = sync_crypto_read(tmpctx, &cs, PEER_FD);
if (!msg)
status_failed(WIRE_CLOSING_PEER_READ_FAILED,
"Reading input");
status_failed(STATUS_FAIL_PEER_IO, "Reading input");
/* We don't send gossip at this stage, but we can recv it */
if (is_gossip_msg(msg)) {
if (!wire_sync_write(GOSSIP_FD, take(msg)))
status_failed(WIRE_CLOSING_GOSSIP_FAILED,
status_failed(STATUS_FAIL_GOSSIP_IO,
"Writing gossip");
goto again;
}
@ -305,7 +308,7 @@ int main(int argc, char *argv[])
if (!fromwire_closing_signed(msg, NULL, &channel_id,
&received_fee, &sig))
status_failed(WIRE_CLOSING_PEER_BAD_MESSAGE,
peer_failed(PEER_FD, &cs, &channel_id,
"Expected closing_signed: %s",
tal_hex(trc, msg));
@ -316,7 +319,8 @@ int main(int argc, char *argv[])
* #3](03-transactions.md#closing-transaction), and MUST fail
* the connection if it is not.
*/
tx = close_tx(tmpctx, scriptpubkey,
tx = close_tx(tmpctx, &cs, &channel_id,
scriptpubkey,
&funding_txid,
funding_txout,
funding_satoshi,
@ -342,7 +346,8 @@ int main(int argc, char *argv[])
* own `dust_limit_satoshis`, and MAY also eliminate
* its own output.
*/
trimmed = close_tx(tmpctx, scriptpubkey,
trimmed = close_tx(tmpctx, &cs, &channel_id,
scriptpubkey,
&funding_txid,
funding_txout,
funding_satoshi,
@ -351,7 +356,7 @@ int main(int argc, char *argv[])
if (!trimmed
|| !check_tx_sig(trimmed, 0, NULL, funding_wscript,
&funding_pubkey[REMOTE], &sig)) {
status_failed(WIRE_CLOSING_PEER_BAD_MESSAGE,
peer_failed(PEER_FD, &cs, &channel_id,
"Bad closing_signed signature for"
" %s (and trimmed version %s)",
type_to_string(tmpctx,
@ -374,9 +379,8 @@ int main(int argc, char *argv[])
* `fee_satoshis` is greater than the base fee of the final
* commitment transaction as calculated in [BOLT #3] */
if (received_fee > maxfee)
status_failed(WIRE_CLOSING_PEER_BAD_MESSAGE,
"Bad closing_signed fee %"PRIu64
" > %"PRIu64,
peer_failed(PEER_FD, &cs, &channel_id,
"Bad closing_signed fee %"PRIu64" > %"PRIu64,
received_fee, maxfee);
/* Is fee reasonable? Tell master. */
@ -388,13 +392,13 @@ int main(int argc, char *argv[])
msg = towire_closing_received_signature(tmpctx,
&sig, tx);
if (!wire_sync_write(REQ_FD, take(msg)))
status_failed(WIRE_CLOSING_INTERNAL_ERROR,
status_failed(STATUS_FAIL_MASTER_IO,
"Writing received to master: %s",
strerror(errno));
msg = wire_sync_read(tmpctx, REQ_FD);
if (!fromwire_closing_received_signature_reply(msg,NULL))
status_failed(WIRE_CLOSING_INTERNAL_ERROR,
"Bad received reply from master");
master_badmsg(WIRE_CLOSING_RECEIVED_SIGNATURE_REPLY,
msg);
limit_fee = received_fee;
}
@ -420,7 +424,7 @@ int main(int argc, char *argv[])
/* They went away from our offer? */
if (dir != previous_dir)
status_failed(WIRE_CLOSING_NEGOTIATION_ERROR,
peer_failed(PEER_FD, &cs, &channel_id,
"Their fee went %"
PRIu64" to %"PRIu64
" when ours was %"PRIu64,
@ -430,7 +434,7 @@ int main(int argc, char *argv[])
/* They jumped over our offer? */
if (next_dir != previous_dir)
status_failed(WIRE_CLOSING_NEGOTIATION_ERROR,
peer_failed(PEER_FD, &cs, &channel_id,
"Their fee jumped %"
PRIu64" to %"PRIu64
" when ours was %"PRIu64,
@ -457,7 +461,7 @@ int main(int argc, char *argv[])
/* If we didn't move, give up (we're ~ at min/max). */
if (new_fee == sent_fee)
status_failed(WIRE_CLOSING_NEGOTIATION_ERROR,
peer_failed(PEER_FD, &cs, &channel_id,
"Final fee %"PRIu64" vs %"PRIu64
" at limits %"PRIu64"-%"PRIu64,
sent_fee, received_fee,

16
closingd/closing_wire.csv

@ -1,19 +1,3 @@
# Shouldn't happen
closing_bad_command,0x8000
# Also shouldn't happen
closing_gossip_failed,0x8001
closing_internal_error,0x8003
# These are due to peer.
closing_peer_write_failed,0x8010
closing_peer_read_failed,0x8011
closing_peer_bad_message,0x8012
closing_peer_bad_message,,len,u16
closing_peer_bad_message,,msg,len*u8
closing_negotiation_error,0x8013
closing_negotiation_error,,len,u16
closing_negotiation_error,,msg,len*u8
#include <common/cryptomsg.h>
#include <common/htlc_wire.h>
# Begin! (passes peer fd, gossipd-client fd)

Can't render this file because it has a wrong number of fields in line 2.

4
common/peer_failed.c

@ -11,7 +11,7 @@
/* We only support one channel per peer anyway */
void peer_failed(int peer_fd, struct crypto_state *cs,
const struct channel_id *channel_id,
u16 error_code, const char *fmt, ...)
const char *fmt, ...)
{
va_list ap;
const char *errmsg;
@ -39,5 +39,5 @@ void peer_failed(int peer_fd, struct crypto_state *cs,
io_fd_block(peer_fd, false);
sync_crypto_write(cs, peer_fd, take(msg));
status_failed(error_code, "%s", errmsg);
status_failed(STATUS_FAIL_PEER_BAD, "%s", errmsg);
}

7
common/peer_failed.h

@ -11,11 +11,10 @@ struct channel_id;
* @peer_fd: file descriptor for peer.
* @cs: the peer's current crypto state.
* @channel_id: channel with error, or NULL for all.
* @error_code: error code as per status_failed
* @fmt: format as per status_failed
* @fmt: format as per status_failed(STATUS_FAIL_PEER_BAD,
*/
void peer_failed(int peer_fd, struct crypto_state *cs,
const struct channel_id *channel_id,
u16 error_code, const char *fmt, ...)
PRINTF_FMT(5,6) NORETURN;
const char *fmt, ...)
PRINTF_FMT(4,5) NORETURN;
#endif /* LIGHTNING_COMMON_PEER_FAILED_H */

14
common/status.c

@ -9,6 +9,7 @@
#include <common/daemon_conn.h>
#include <common/status.h>
#include <common/utils.h>
#include <errno.h>
#include <stdarg.h>
#include <wire/wire.h>
#include <wire/wire_sync.h>
@ -88,7 +89,7 @@ void status_trace(const char *fmt, ...)
trc = tal_tmpctx(NULL);
}
void status_failed(u16 code, const char *fmt, ...)
void status_failed(enum status_fail code, const char *fmt, ...)
{
va_list ap;
char *str;
@ -107,3 +108,14 @@ void status_failed(u16 code, const char *fmt, ...)
exit(0x80 | (code & 0xFF));
}
void master_badmsg(u32 type_expected, const u8 *msg)
{
if (!msg)
status_failed(STATUS_FAIL_MASTER_IO,
"failed reading msg %u: %s",
type_expected, strerror(errno));
status_failed(STATUS_FAIL_MASTER_IO,
"Error parsing %u: %s",
type_expected, tal_hex(trc, msg));
}

32
common/status.h

@ -20,11 +20,41 @@ extern const void *trc;
/* Failure codes always have high bit set. */
#define STATUS_FAIL 0x8000
/* These are always followed by an ASCII string. */
enum status_fail {
/*
* These errors shouldn't happen:
*/
/* Master daemon sent unknown/malformed command, or fd failed */
STATUS_FAIL_MASTER_IO = STATUS_FAIL,
/* Hsmd sent unknown/malformed command, or fd failed */
STATUS_FAIL_HSM_IO,
/* Gossipd sent unknown/malformed command, or fd failed */
STATUS_FAIL_GOSSIP_IO,
/* Other internal error. */
STATUS_FAIL_INTERNAL_ERROR,
/*
* These errors happen when the other peer misbehaves:
*/
/* I/O failure (probably they closed the socket) */
STATUS_FAIL_PEER_IO,
/* Peer did something else wrong */
STATUS_FAIL_PEER_BAD
};
/* Send a message (frees the message). */
void status_send_sync(const u8 *msg);
/* Send a printf-style debugging trace. */
void status_trace(const char *fmt, ...) PRINTF_FMT(1,2);
/* Send a failure status code with printf-style msg, and exit. */
void status_failed(u16 code, const char *fmt, ...) PRINTF_FMT(2,3) NORETURN;
void status_failed(enum status_fail, const char *fmt, ...) PRINTF_FMT(2,3) NORETURN;
/* Helper for master failures: sends STATUS_FAIL_MASTER_IO.
* msg NULL == read failure. */
void master_badmsg(u32 type_expected, const u8 *msg);
#endif /* LIGHTNING_COMMON_STATUS_H */

48
gossipd/gossip.c

@ -417,8 +417,8 @@ static struct io_plan *new_peer(struct io_conn *conn, struct daemon *daemon,
{
struct peer *peer = setup_new_peer(daemon, msg);
if (!peer)
status_failed(WIRE_GOSSIPSTATUS_BAD_NEW_PEER_REQUEST,
"%s", tal_hex(trc, msg));
status_failed(STATUS_FAIL_MASTER_IO,
"bad gossipctl_new_peer: %s", tal_hex(trc, msg));
return io_recv_fd(conn, &peer->fd, new_peer_got_fd, peer);
}
@ -439,8 +439,7 @@ static struct io_plan *release_peer(struct io_conn *conn, struct daemon *daemon,
struct peer *peer;
if (!fromwire_gossipctl_release_peer(msg, NULL, &unique_id))
status_failed(WIRE_GOSSIPSTATUS_BAD_RELEASE_REQUEST,
"%s", tal_hex(trc, msg));
master_badmsg(WIRE_GOSSIPCTL_RELEASE_PEER, msg);
peer = find_peer(daemon, unique_id);
if (!peer || !peer->local) {
@ -466,8 +465,7 @@ static struct io_plan *fail_peer(struct io_conn *conn, struct daemon *daemon,
struct peer *peer;
if (!fromwire_gossipctl_fail_peer(msg, NULL, &unique_id))
status_failed(WIRE_GOSSIPSTATUS_BAD_FAIL_REQUEST,
"%s", tal_hex(trc, msg));
master_badmsg(WIRE_GOSSIPCTL_FAIL_PEER, msg);
/* This may not find the peer, if we fail beforehand. */
peer = find_peer(daemon, unique_id);
@ -502,8 +500,7 @@ static struct io_plan *new_peer_fd(struct io_conn *conn, struct daemon *daemon,
if (!fromwire_gossipctl_get_peer_gossipfd(msg, NULL,
&unique_id, &sync))
status_failed(WIRE_GOSSIPSTATUS_BAD_FAIL_REQUEST,
"%s", tal_hex(trc, msg));
master_badmsg(WIRE_GOSSIPCTL_GET_PEER_GOSSIPFD, msg);
peer = setup_new_remote_peer(daemon, unique_id, sync);
@ -621,17 +618,17 @@ static struct io_plan *ping_req(struct io_conn *conn, struct daemon *daemon,
u8 *ping;
if (!fromwire_gossip_ping(msg, NULL, &unique_id, &num_pong_bytes, &len))
status_failed(WIRE_GOSSIPSTATUS_BAD_REQUEST,
"%s", tal_hex(trc, msg));
master_badmsg(WIRE_GOSSIP_PING, msg);
/* FIXME: This is racy, but this op only for testing anywat. */
peer = find_peer(daemon, unique_id);
if (!peer)
status_failed(WIRE_GOSSIPSTATUS_BAD_REQUEST,
"Unknown peer %"PRIu64, unique_id);
status_failed(STATUS_FAIL_MASTER_IO,
"gossip_ping: unknown peer %"PRIu64, unique_id);
ping = make_ping(peer, num_pong_bytes, len);
if (tal_len(ping) > 65535)
status_failed(WIRE_GOSSIPSTATUS_BAD_REQUEST, "Oversize ping");
status_failed(STATUS_FAIL_MASTER_IO, "Oversize ping");
msg_enqueue(&peer->peer_out, take(ping));
status_trace("sending ping expecting %sresponse",
@ -661,8 +658,7 @@ static struct io_plan *gossip_init(struct daemon_conn *master,
if (!fromwire_gossipctl_init(msg, NULL, &daemon->broadcast_interval,
&chain_hash)) {
status_failed(WIRE_GOSSIPSTATUS_INIT_FAILED,
"Unable to parse init message");
master_badmsg(WIRE_GOSSIPCTL_INIT, msg);
}
daemon->rstate = new_routing_state(daemon, &chain_hash);
return daemon_conn_read_next(master->conn, master);
@ -676,8 +672,7 @@ static struct io_plan *resolve_channel_req(struct io_conn *conn,
struct pubkey *keys;
if (!fromwire_gossip_resolve_channel_request(msg, NULL, &scid))
status_failed(WIRE_GOSSIPSTATUS_BAD_REQUEST,
"Unable to parse resolver request");
master_badmsg(WIRE_GOSSIP_RESOLVE_CHANNEL_REQUEST, msg);
nc = get_connection_by_scid(daemon->rstate, &scid, 0);
if (!nc) {
@ -701,12 +696,12 @@ static struct io_plan *resolve_channel_req(struct io_conn *conn,
static void handle_forwarded_msg(struct io_conn *conn, struct daemon *daemon, const u8 *msg)
{
u8 *payload;
if (!fromwire_gossip_forwarded_msg(msg, msg, NULL, &payload)) {
status_trace("Malformed forwarded message: %s", tal_hex(trc, msg));
return;
}
if (!fromwire_gossip_forwarded_msg(msg, msg, NULL, &payload))
master_badmsg(WIRE_GOSSIP_FORWARDED_MSG, msg);
handle_gossip_msg(daemon->rstate, payload);
}
static struct io_plan *recv_req(struct io_conn *conn, struct daemon_conn *master)
{
struct daemon *daemon = container_of(master, struct daemon, master);
@ -755,20 +750,15 @@ static struct io_plan *recv_req(struct io_conn *conn, struct daemon_conn *master
case WIRE_GOSSIP_GETCHANNELS_REPLY:
case WIRE_GOSSIP_PING_REPLY:
case WIRE_GOSSIP_RESOLVE_CHANNEL_REPLY:
case WIRE_GOSSIPSTATUS_INIT_FAILED:
case WIRE_GOSSIPSTATUS_BAD_NEW_PEER_REQUEST:
case WIRE_GOSSIPSTATUS_BAD_RELEASE_REQUEST:
case WIRE_GOSSIPSTATUS_BAD_FAIL_REQUEST:
case WIRE_GOSSIPSTATUS_BAD_REQUEST:
case WIRE_GOSSIPSTATUS_FDPASS_FAILED:
case WIRE_GOSSIPSTATUS_PEER_BAD_MSG:
case WIRE_GOSSIPSTATUS_PEER_FAILED:
case WIRE_GOSSIPSTATUS_PEER_NONGOSSIP:
break;
}
/* Control shouldn't give bad requests. */
status_failed(WIRE_GOSSIPSTATUS_BAD_REQUEST, "%i", t);
/* Master shouldn't give bad requests. */
status_failed(STATUS_FAIL_MASTER_IO, "%i: %s",
t, tal_hex(trc, master->msg_in));
}
#ifndef TESTING

8
gossipd/gossip_wire.csv

@ -1,11 +1,3 @@
# These are fatal.
gossipstatus_init_failed,0x8000
gossipstatus_bad_new_peer_request,0x8001
gossipstatus_bad_release_request,0x8002
gossipstatus_bad_fail_request,0x8003
gossipstatus_bad_request,0x8004
gossipstatus_fdpass_failed,0x8005
# Peers can give a bad message, we close their fd, but no harm done.
gossipstatus_peer_bad_msg,1000
gossipstatus_peer_bad_msg,,unique_id,8

Can't render this file because it has a wrong number of fields in line 2.

94
handshaked/handshake.c

@ -335,7 +335,8 @@ static void act_one_initiator(struct handshake *h, int fd,
*/
if (!secp256k1_ecdh(secp256k1_ctx, h->ss.data,
&their_id->pubkey, h->e.priv.secret.data))
status_failed(WIRE_INITR_ACT1_BAD_ECDH_FOR_SS, "%s", "");
status_failed(STATUS_FAIL_PEER_BAD,
"WIRE_INITR_ACT1_BAD_ECDH_FOR_SS: %s", "");
status_trace("# ss=0x%s", tal_hexstr(trc, h->ss.data, sizeof(h->ss.data)));
/* BOLT #8:
@ -378,8 +379,9 @@ static void act_one_initiator(struct handshake *h, int fd,
SECP256K1_EC_COMPRESSED);
status_trace("output: 0x%s", tal_hexstr(trc, &act1, ACT_ONE_SIZE));
if (!write_all(fd, &act1, ACT_ONE_SIZE))
status_failed(WIRE_INITR_ACT1_WRITE_FAILED,
"%s", strerror(errno));
status_failed(STATUS_FAIL_PEER_IO,
"WIRE_INITR_ACT1_WRITE_FAILED: %s",
strerror(errno));
}
static void act_one_responder(struct handshake *h, int fd, struct pubkey *re)
@ -399,8 +401,9 @@ static void act_one_responder(struct handshake *h, int fd, struct pubkey *re)
* `m`
*/
if (!read_all(fd, &act1, ACT_ONE_SIZE))
status_failed(WIRE_RESPR_ACT1_READ_FAILED,
"%s", strerror(errno));
status_failed(STATUS_FAIL_PEER_IO,
"WIRE_RESPR_ACT1_READ_FAILED: %s",
strerror(errno));
status_trace("input: 0x%s", tal_hexstr(trc, &act1, ACT_ONE_SIZE));
/* BOLT #8:
@ -409,7 +412,8 @@ static void act_one_responder(struct handshake *h, int fd, struct pubkey *re)
* MUST abort the connection attempt.
*/
if (act1.v != 0)
status_failed(WIRE_RESPR_ACT1_BAD_VERSION, "%u", act1.v);
status_failed(STATUS_FAIL_PEER_BAD,
"WIRE_RESPR_ACT1_BAD_VERSION: %u", act1.v);
/* BOLT #8:
* * The raw bytes of the remote party's ephemeral public key
@ -419,7 +423,8 @@ static void act_one_responder(struct handshake *h, int fd, struct pubkey *re)
*/
if (secp256k1_ec_pubkey_parse(secp256k1_ctx, &re->pubkey,
act1.pubkey, sizeof(act1.pubkey)) != 1)
status_failed(WIRE_RESPR_ACT1_BAD_PUBKEY, "%s",
status_failed(STATUS_FAIL_PEER_BAD,
"WIRE_RESPR_ACT1_BAD_PUBKEY: %s",
tal_hexstr(trc, &act1.pubkey,
sizeof(act1.pubkey)));
status_trace("# re=0x%s", type_to_string(trc, struct pubkey, re));
@ -439,8 +444,8 @@ static void act_one_responder(struct handshake *h, int fd, struct pubkey *re)
* key and the initiator's ephemeral public key.
*/
if (!hsm_do_ecdh(&h->ss, re))
status_failed(WIRE_RESPR_ACT1_BAD_HSM_ECDH,
"re=%s",
status_failed(STATUS_FAIL_PEER_BAD,
"WIRE_RESPR_ACT1_BAD_HSM_ECDH: re=%s",
type_to_string(trc, struct pubkey, re));
status_trace("# ss=0x%s", tal_hexstr(trc, &h->ss, sizeof(h->ss)));
@ -466,7 +471,8 @@ static void act_one_responder(struct handshake *h, int fd, struct pubkey *re)
*/
if (!decrypt(&h->temp_k, 0, &h->h, sizeof(h->h),
act1.tag, sizeof(act1.tag), NULL, 0))
status_failed(WIRE_RESPR_ACT1_BAD_TAG, "re=%s ss=%s tag=%s",
status_failed(STATUS_FAIL_PEER_BAD,
"WIRE_RESPR_ACT1_BAD_TAG: re=%s ss=%s tag=%s",
type_to_string(trc, struct pubkey, re),
tal_hexstr(trc, &h->ss, sizeof(h->ss)),
tal_hexstr(trc, act1.tag, sizeof(act1.tag)));
@ -545,7 +551,8 @@ static void act_two_responder(struct handshake *h, int fd,
*/
if (!secp256k1_ecdh(secp256k1_ctx, h->ss.data, &re->pubkey,
h->e.priv.secret.data))
status_failed(WIRE_RESPR_ACT2_BAD_ECDH_FOR_SS, "re=%s e.priv=%s",
status_failed(STATUS_FAIL_PEER_BAD,
"WIRE_RESPR_ACT2_BAD_ECDH_FOR_SS: re=%s e.priv=%s",
type_to_string(trc, struct pubkey, re),
tal_hexstr(trc, &h->e.priv, sizeof(h->e.priv)));
status_trace("# ss=0x%s", tal_hexstr(trc, &h->ss, sizeof(h->ss)));
@ -590,8 +597,9 @@ static void act_two_responder(struct handshake *h, int fd,
SECP256K1_EC_COMPRESSED);
status_trace("output: 0x%s", tal_hexstr(trc, &act2, ACT_TWO_SIZE));
if (!write_all(fd, &act2, ACT_TWO_SIZE))
status_failed(WIRE_RESPR_ACT2_WRITE_FAILED,
"%s", strerror(errno));
status_failed(STATUS_FAIL_PEER_IO,
"WIRE_RESPR_ACT2_WRITE_FAILED: %s",
strerror(errno));
}
static void act_two_initiator(struct handshake *h, int fd, struct pubkey *re)
@ -611,8 +619,9 @@ static void act_two_initiator(struct handshake *h, int fd, struct pubkey *re)
* `m`
*/
if (!read_all(fd, &act2, ACT_TWO_SIZE))
status_failed(WIRE_INITR_ACT2_READ_FAILED,
"%s", strerror(errno));
status_failed(STATUS_FAIL_PEER_IO,
"WIRE_INITR_ACT2_READ_FAILED: %s",
strerror(errno));
status_trace("input: 0x%s", tal_hexstr(trc, &act2, ACT_TWO_SIZE));
/* BOLT #8:
@ -621,7 +630,8 @@ static void act_two_initiator(struct handshake *h, int fd, struct pubkey *re)
* MUST abort the connection attempt.
*/
if (act2.v != 0)
status_failed(WIRE_INITR_ACT2_BAD_VERSION, "%u", act2.v);
status_failed(STATUS_FAIL_PEER_BAD,
"WIRE_INITR_ACT2_BAD_VERSION: %u", act2.v);
/* BOLT #8:
*
@ -632,7 +642,8 @@ static void act_two_initiator(struct handshake *h, int fd, struct pubkey *re)
*/
if (secp256k1_ec_pubkey_parse(secp256k1_ctx, &re->pubkey,
act2.pubkey, sizeof(act2.pubkey)) != 1)
status_failed(WIRE_INITR_ACT2_BAD_PUBKEY, "%s",
status_failed(STATUS_FAIL_PEER_BAD,
"WIRE_INITR_ACT2_BAD_PUBKEY: %s",
tal_hexstr(trc, &act2.pubkey,
sizeof(act2.pubkey)));
status_trace("# re=0x%s", type_to_string(trc, struct pubkey, re));
@ -650,7 +661,8 @@ static void act_two_initiator(struct handshake *h, int fd, struct pubkey *re)
*/
if (!secp256k1_ecdh(secp256k1_ctx, h->ss.data, &re->pubkey,
h->e.priv.secret.data))
status_failed(WIRE_INITR_ACT2_BAD_ECDH_FOR_SS, "re=%s e.priv=%s",
status_failed(STATUS_FAIL_PEER_BAD,
"WIRE_INITR_ACT2_BAD_ECDH_FOR_SS: re=%s e.priv=%s",
type_to_string(trc, struct pubkey, re),
tal_hexstr(trc, &h->e.priv, sizeof(h->e.priv)));
status_trace("# ss=0x%s", tal_hexstr(trc, &h->ss, sizeof(h->ss)));
@ -674,7 +686,8 @@ static void act_two_initiator(struct handshake *h, int fd, struct pubkey *re)
*/
if (!decrypt(&h->temp_k, 0, &h->h, sizeof(h->h),
act2.tag, sizeof(act2.tag), NULL, 0))
status_failed(WIRE_INITR_ACT2_BAD_TAG, "c=%s",
status_failed(STATUS_FAIL_PEER_BAD,
"WIRE_INITR_ACT2_BAD_TAG: c=%s",
tal_hexstr(trc, act2.tag, sizeof(act2.tag)));
/* BOLT #8:
@ -754,8 +767,8 @@ static void act_three_initiator(struct handshake *h, int fd,
*
*/
if (!hsm_do_ecdh(&h->ss, re))
status_failed(WIRE_INITR_ACT3_BAD_HSM_ECDH,
"re=%s",
status_failed(STATUS_FAIL_PEER_BAD,
"WIRE_INITR_ACT3_BAD_HSM_ECDH: re=%s",
type_to_string(trc, struct pubkey, re));
status_trace("# ss=0x%s", tal_hexstr(trc, &h->ss, sizeof(h->ss)));
@ -789,8 +802,9 @@ static void act_three_initiator(struct handshake *h, int fd,
status_trace("output: 0x%s", tal_hexstr(trc, &act3, ACT_THREE_SIZE));
if (!write_all(fd, &act3, ACT_THREE_SIZE))
status_failed(WIRE_INITR_ACT3_WRITE_FAILED,
"%s", strerror(errno));
status_failed(STATUS_FAIL_PEER_IO,
"WIRE_INITR_ACT3_WRITE_FAILED: %s",
strerror(errno));
}
static void act_three_responder(struct handshake *h, int fd,
@ -808,8 +822,9 @@ static void act_three_responder(struct handshake *h, int fd,
* * Read _exactly_ `66-bytes` from the network buffer.
*/
if (!read_all(fd, &act3, ACT_THREE_SIZE))
status_failed(WIRE_RESPR_ACT3_READ_FAILED,
"%s", strerror(errno));
status_failed(STATUS_FAIL_PEER_IO,
"WIRE_RESPR_ACT3_READ_FAILED: %s",
strerror(errno));
status_trace("input: 0x%s", tal_hexstr(trc, &act3, ACT_THREE_SIZE));
/* BOLT #8:
@ -823,7 +838,8 @@ static void act_three_responder(struct handshake *h, int fd,
* abort the connection attempt.
*/
if (act3.v != 0)
status_failed(WIRE_RESPR_ACT3_BAD_VERSION, "%u", act3.v);
status_failed(STATUS_FAIL_PEER_BAD,
"WIRE_RESPR_ACT3_BAD_VERSION: %u", act3.v);
/* BOLT #8:
*
@ -834,15 +850,16 @@ static void act_three_responder(struct handshake *h, int fd,
if (!decrypt(&h->temp_k, 1, &h->h, sizeof(h->h),
act3.ciphertext, sizeof(act3.ciphertext),
der, sizeof(der)))
status_failed(WIRE_RESPR_ACT3_BAD_CIPHERTEXT,
"ciphertext=%s",
status_failed(STATUS_FAIL_PEER_BAD,
"WIRE_RESPR_ACT3_BAD_CIPHERTEXT: ciphertext=%s",
tal_hexstr(trc, act3.ciphertext,
sizeof(act3.ciphertext)));
status_trace("# rs=0x%s", tal_hexstr(trc, der, sizeof(der)));
if (secp256k1_ec_pubkey_parse(secp256k1_ctx, &their_id->pubkey,
der, sizeof(der)) != 1)
status_failed(WIRE_RESPR_ACT3_BAD_PUBKEY, "%s",
status_failed(STATUS_FAIL_PEER_BAD,
"WIRE_RESPR_ACT3_BAD_PUBKEY: %s",
tal_hexstr(trc, &der, sizeof(der)));
/* BOLT #8:
@ -860,7 +877,8 @@ static void act_three_responder(struct handshake *h, int fd,
*/
if (!secp256k1_ecdh(secp256k1_ctx, h->ss.data, &their_id->pubkey,
h->e.priv.secret.data))
status_failed(WIRE_RESPR_ACT3_BAD_ECDH_FOR_SS, "rs=%s e.priv=%s",
status_failed(STATUS_FAIL_PEER_BAD,
"WIRE_RESPR_ACT3_BAD_ECDH_FOR_SS: rs=%s e.priv=%s",
type_to_string(trc, struct pubkey, their_id),
tal_hexstr(trc, &h->e.priv, sizeof(h->e.priv)));
status_trace("# ss=0x%s", tal_hexstr(trc, &h->ss, sizeof(h->ss)));
@ -881,7 +899,8 @@ static void act_three_responder(struct handshake *h, int fd,
*/
if (!decrypt(&h->temp_k, 0, &h->h, sizeof(h->h),
act3.tag, sizeof(act3.tag), NULL, 0))
status_failed(WIRE_RESPR_ACT3_BAD_TAG, "temp_k3=%s h=%s t=%s",
status_failed(STATUS_FAIL_PEER_BAD,
"WIRE_RESPR_ACT3_BAD_TAG: temp_k3=%s h=%s t=%s",
tal_hexstr(trc, &h->temp_k, sizeof(h->temp_k)),
tal_hexstr(trc, &h->h, sizeof(h->h)),
tal_hexstr(trc, act3.tag, sizeof(act3.tag)));
@ -976,7 +995,8 @@ static void exchange_init(int fd, struct crypto_state *cs,
localfeatures = tal_free(localfeatures);
if (!sync_crypto_write(cs, fd, msg))
status_failed(WIRE_INITMSG_WRITE_FAILED, "%s", strerror(errno));
status_failed(STATUS_FAIL_PEER_IO,
"PEER_WRITE_FAILED: %s", strerror(errno));
/* BOLT #1:
*
@ -985,10 +1005,11 @@ static void exchange_init(int fd, struct crypto_state *cs,
*/
msg = sync_crypto_read(NULL, cs, fd);
if (!msg)
status_failed(WIRE_INITMSG_READ_FAILED, "%s", strerror(errno));
status_failed(STATUS_FAIL_PEER_IO,
"INITMSG_READ_FAILED: %s", strerror(errno));
if (!fromwire_init(msg, msg, NULL, gfeatures, lfeatures))
status_failed(WIRE_INITMSG_READ_FAILED, "bad init: %s",
status_failed(STATUS_FAIL_PEER_BAD, "bad init: %s",
tal_hex(msg, msg));
}
@ -1015,8 +1036,6 @@ int main(int argc, char *argv[])
hsm_setup(hsmfd);
msg = wire_sync_read(NULL, REQ_FD);
if (!msg)
status_failed(WIRE_HANDSHAKE_BAD_COMMAND, "%s", strerror(errno));
if (fromwire_handshake_responder(msg, NULL, &my_id)) {
responder(clientfd, &my_id, &their_id, &ck, &sk, &rk);
@ -1045,8 +1064,7 @@ int main(int argc, char *argv[])
gfeatures,
lfeatures));
} else
status_failed(WIRE_HANDSHAKE_BAD_COMMAND, "%i",
fromwire_peektype(msg));
master_badmsg(WIRE_HANDSHAKE_INITIATOR, msg);
/* Hand back the fd. */
fdpass_send(REQ_FD, clientfd);

25
handshaked/handshake_wire.csv

@ -1,29 +1,4 @@
#include <common/cryptomsg.h>
handshake_bad_command,0x8000
initr_act1_bad_ecdh_for_ss,0x8011
initr_act1_write_failed,0x8012
initr_act2_read_failed,0x8013
initr_act2_bad_version,0x8014
initr_act2_bad_pubkey,0x8015
initr_act2_bad_ecdh_for_ss,0x8016
initr_act2_bad_tag,0x8017
initr_act3_bad_hsm_ecdh,0x8018
initr_act3_write_failed,0x8019
respr_act1_read_failed,0x801A
respr_act1_bad_version,0x801B
respr_act1_bad_pubkey,0x801C
respr_act1_bad_hsm_ecdh,0x801D
respr_act1_bad_tag,0x801E
respr_act2_bad_ecdh_for_ss,0x801F
respr_act2_write_failed,0x8020
respr_act3_read_failed,0x8021
respr_act3_bad_version,0x8022
respr_act3_bad_ciphertext,0x8023
respr_act3_bad_pubkey,0x8024
respr_act3_bad_ecdh_for_ss,0x8025
respr_act3_bad_tag,0x8026
initmsg_write_failed,0x8030
initmsg_read_failed,0x8031
# FIXME: This is probably too finegrained.
initr_act_one,1001

Can't render this file because it has a wrong number of fields in line 2.

53
hsmd/hsm.c

@ -297,12 +297,12 @@ static void populate_secretstuff(void)
/* Hence child 0, then child 0 again to get extkey to derive from. */
if (bip32_key_from_parent(&master_extkey, 0, BIP32_FLAG_KEY_PRIVATE,
&child_extkey) != WALLY_OK)
status_failed(WIRE_HSMSTATUS_KEY_FAILED,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"Can't derive child bip32 key");
if (bip32_key_from_parent(&child_extkey, 0, BIP32_FLAG_KEY_PRIVATE,
&secretstuff.bip32) != WALLY_OK)
status_failed(WIRE_HSMSTATUS_KEY_FAILED,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"Can't derive private bip32 key");
}
@ -311,17 +311,17 @@ static void bitcoin_pubkey(struct pubkey *pubkey, u32 index)
struct ext_key ext;
if (index >= BIP32_INITIAL_HARDENED_CHILD)
status_failed(WIRE_HSMSTATUS_KEY_FAILED,
status_failed(STATUS_FAIL_MASTER_IO,
"Index %u too great", index);
if (bip32_key_from_parent(&secretstuff.bip32, index,
BIP32_FLAG_KEY_PUBLIC, &ext) != WALLY_OK)
status_failed(WIRE_HSMSTATUS_KEY_FAILED,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"BIP32 of %u failed", index);
if (!secp256k1_ec_pubkey_parse(secp256k1_ctx, &pubkey->pubkey,
ext.pub_key, sizeof(ext.pub_key)))
status_failed(WIRE_HSMSTATUS_KEY_FAILED,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"Parse of BIP32 child %u pubkey failed", index);
}
@ -332,19 +332,19 @@ static void bitcoin_keypair(struct privkey *privkey,
struct ext_key ext;
if (index >= BIP32_INITIAL_HARDENED_CHILD)
status_failed(WIRE_HSMSTATUS_KEY_FAILED,
status_failed(STATUS_FAIL_MASTER_IO,
"Index %u too great", index);
if (bip32_key_from_parent(&secretstuff.bip32, index,
BIP32_FLAG_KEY_PRIVATE, &ext) != WALLY_OK)
status_failed(WIRE_HSMSTATUS_KEY_FAILED,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"BIP32 of %u failed", index);
/* libwally says: The private key with prefix byte 0 */
memcpy(privkey->secret.data, ext.priv_key+1, 32);
if (!secp256k1_ec_pubkey_create(secp256k1_ctx, &pubkey->pubkey,
privkey->secret.data))
status_failed(WIRE_HSMSTATUS_KEY_FAILED,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"BIP32 pubkey %u create failed", index);
}
@ -352,29 +352,29 @@ static void create_new_hsm(struct daemon_conn *master)
{
int fd = open("hsm_secret", O_CREAT|O_EXCL|O_WRONLY, 0400);
if (fd < 0)
status_failed(WIRE_HSMSTATUS_INIT_FAILED,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"creating: %s", strerror(errno));
randombytes_buf(&secretstuff.hsm_secret, sizeof(secretstuff.hsm_secret));
if (!write_all(fd, &secretstuff.hsm_secret, sizeof(secretstuff.hsm_secret))) {
unlink_noerr("hsm_secret");
status_failed(WIRE_HSMSTATUS_INIT_FAILED,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"writing: %s", strerror(errno));
}
if (fsync(fd) != 0) {
unlink_noerr("hsm_secret");
status_failed(WIRE_HSMSTATUS_INIT_FAILED,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"fsync: %s", strerror(errno));
}
if (close(fd) != 0) {
unlink_noerr("hsm_secret");
status_failed(WIRE_HSMSTATUS_INIT_FAILED,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"closing: %s", strerror(errno));
}
fd = open(".", O_RDONLY);
if (fsync(fd) != 0) {
unlink_noerr("hsm_secret");
status_failed(WIRE_HSMSTATUS_INIT_FAILED,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"fsyncdir: %s", strerror(errno));
}
close(fd);
@ -386,10 +386,10 @@ static void load_hsm(struct daemon_conn *master)
{
int fd = open("hsm_secret", O_RDONLY);
if (fd < 0)
status_failed(WIRE_HSMSTATUS_INIT_FAILED,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"opening: %s", strerror(errno));
if (!read_all(fd, &secretstuff.hsm_secret, sizeof(secretstuff.hsm_secret)))
status_failed(WIRE_HSMSTATUS_INIT_FAILED,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"reading: %s", strerror(errno));
close(fd);
@ -401,8 +401,8 @@ static void init_hsm(struct daemon_conn *master, const u8 *msg)
bool new;
if (!fromwire_hsmctl_init(msg, NULL, &new))
status_failed(WIRE_HSMSTATUS_BAD_REQUEST, "hsmctl_init: %s",
tal_hex(msg, msg));
master_badmsg(WIRE_HSMCTL_INIT, msg);
if (new)
create_new_hsm(master);
else
@ -417,10 +417,10 @@ static void pass_hsmfd_ecdh(struct daemon_conn *master, const u8 *msg)
u64 id;
if (!fromwire_hsmctl_hsmfd_ecdh(msg, NULL, &id))
status_failed(WIRE_HSMSTATUS_BAD_REQUEST, "bad HSMFD_ECDH");
master_badmsg(WIRE_HSMCTL_HSMFD_ECDH, msg);
if (socketpair(AF_UNIX, SOCK_STREAM, 0, fds) != 0)
status_failed(WIRE_HSMSTATUS_FD_FAILED,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"creating fds: %s", strerror(errno));
new_client(master, id, handle_ecdh, fds[0]);
@ -436,10 +436,10 @@ static void pass_hsmfd_channeld(struct daemon_conn *master, const u8 *msg)
u64 id;
if (!fromwire_hsmctl_hsmfd_channeld(msg, NULL, &id))
status_failed(WIRE_HSMSTATUS_BAD_REQUEST, "bad HSMFD_CHANNELD");
master_badmsg(WIRE_HSMCTL_HSMFD_CHANNELD, msg);
if (socketpair(AF_UNIX, SOCK_STREAM, 0, fds) != 0)
status_failed(WIRE_HSMSTATUS_FD_FAILED,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"creating fds: %s", strerror(errno));
new_client(master, id, handle_channeld, fds[0]);
@ -470,7 +470,7 @@ static void sign_funding_tx(struct daemon_conn *master, const u8 *msg)
&satoshi_out, &change_out,
&change_keyindex, &local_pubkey,
&remote_pubkey, &inputs))
status_failed(WIRE_HSMSTATUS_BAD_REQUEST, "Bad SIGN_FUNDING");
master_badmsg(WIRE_HSMCTL_SIGN_FUNDING, msg);
utxomap = to_utxoptr_arr(tmpctx, inputs);
@ -630,18 +630,13 @@ static struct io_plan *control_received_req(struct io_conn *conn,
case WIRE_HSMCTL_HSMFD_CHANNELD_REPLY:
case WIRE_HSMCTL_SIGN_FUNDING_REPLY:
case WIRE_HSMCTL_SIGN_WITHDRAWAL_REPLY:
case WIRE_HSMSTATUS_INIT_FAILED:
case WIRE_HSMSTATUS_WRITEMSG_FAILED:
case WIRE_HSMSTATUS_BAD_REQUEST:
case WIRE_HSMSTATUS_FD_FAILED:
case WIRE_HSMSTATUS_KEY_FAILED:
case WIRE_HSMSTATUS_CLIENT_BAD_REQUEST:
case WIRE_HSMCTL_NODE_ANNOUNCEMENT_SIG_REPLY:
break;
}
/* Control shouldn't give bad requests. */
status_failed(WIRE_HSMSTATUS_BAD_REQUEST, "%i", t);
/* Master shouldn't give bad requests. */
status_failed(STATUS_FAIL_MASTER_IO, "%i", t);
}
#ifndef TESTING

7
hsmd/hsm_wire.csv

@ -1,10 +1,3 @@
# These are fatal.
hsmstatus_init_failed,0x8000
hsmstatus_writemsg_failed,0x8001
hsmstatus_bad_request,0x8002
hsmstatus_fd_failed,0x8003
hsmstatus_key_failed,0x8004
# Clients should not give a bad request but not the HSM's decision to crash.
hsmstatus_client_bad_request,1000
hsmstatus_client_bad_request,,unique_id,8

Can't render this file because it has a wrong number of fields in line 2.

10
lightningd/gossip_control.c

@ -92,14 +92,6 @@ static int gossip_msg(struct subd *gossip, const u8 *msg, const int *fds)
enum gossip_wire_type t = fromwire_peektype(msg);
switch (t) {
/* subd already logs fatal errors. */
case WIRE_GOSSIPSTATUS_INIT_FAILED:
case WIRE_GOSSIPSTATUS_BAD_NEW_PEER_REQUEST:
case WIRE_GOSSIPSTATUS_BAD_REQUEST:
case WIRE_GOSSIPSTATUS_FDPASS_FAILED:
case WIRE_GOSSIPSTATUS_BAD_RELEASE_REQUEST:
case WIRE_GOSSIPSTATUS_BAD_FAIL_REQUEST:
break;
/* These are messages we send, not them. */
case WIRE_GOSSIPCTL_INIT:
case WIRE_GOSSIPCTL_NEW_PEER:
@ -146,7 +138,7 @@ void gossip_init(struct lightningd *ld)
u8 *init;
ld->gossip = new_subd(ld, ld, "lightning_gossipd", NULL,
gossip_wire_type_name,
gossip_msg, gossip_finished, NULL);
gossip_msg, NULL, gossip_finished, NULL);
if (!ld->gossip)
err(1, "Could not subdaemon gossip");

2
lightningd/new_connection.c

@ -223,7 +223,7 @@ static struct io_plan *hsm_then_handshake(struct io_conn *conn,
handshaked = new_subd(ld, ld,
"lightning_handshaked", NULL,
handshake_wire_type_name,
NULL, NULL,
NULL, NULL, NULL,
take(&hsmfd), take(&connfd), NULL);
if (!handshaked) {
log_unusual(ld->log, "Could not subdaemon handshake: %s",

94
lightningd/peer_control.c

@ -219,6 +219,12 @@ void peer_fail_transient(struct peer *peer, const char *fmt, ...)
}
}
/* When daemon reports a STATUS_FAIL_PEER_BAD, it goes here. */
static void bad_peer(struct subd *subd, const char *msg)
{
peer_fail_permanent_str(subd->peer, msg);
}
void peer_set_condition(struct peer *peer, enum peer_state old_state,
enum peer_state state)
{
@ -1177,12 +1183,6 @@ static int onchain_msg(struct subd *sd, const u8 *msg, const int *fds)
enum onchain_wire_type t = fromwire_peektype(msg);
switch (t) {
/* We let peer_onchain_finished handle these. */
case WIRE_ONCHAIN_BAD_COMMAND:
case WIRE_ONCHAIN_INTERNAL_ERROR:
case WIRE_ONCHAIN_CRYPTO_FAILED:
break;
case WIRE_ONCHAIN_INIT_REPLY:
return handle_onchain_init_reply(sd->peer, msg);
@ -1235,7 +1235,7 @@ static enum watch_result funding_spent(struct peer *peer,
"lightning_onchaind", peer,
onchain_wire_type_name,
onchain_msg,
peer_onchain_finished,
NULL, peer_onchain_finished,
NULL, NULL);
if (!peer->owner) {
@ -1598,52 +1598,6 @@ static int peer_got_shutdown(struct peer *peer, const u8 *msg)
return 0;
}
static int channeld_got_bad_message(struct peer *peer, const u8 *msg)
{
u8 *err;
/* Don't try to fail this (again!) when owner dies. */
peer->owner = NULL;
if (!fromwire_channel_peer_bad_message(peer, NULL, NULL, &err))
peer_fail_permanent_str(peer,
"Internal error after bad message");
else
peer_fail_permanent(peer, take(err));
/* Kill daemon (though it's dying anyway) */
return -1;
}
static int closingd_got_bad_message(struct peer *peer, const u8 *msg)
{
u8 *err;
/* Don't try to fail this (again!) when owner dies. */
peer->owner = NULL;
if (!fromwire_closing_peer_bad_message(peer, NULL, NULL, &err))
peer_fail_permanent_str(peer,
"Internal error after bad message");
else
peer_fail_permanent(peer, take(err));
/* Kill daemon (though it's dying anyway) */
return -1;
}
static int closingd_got_negotiation_error(struct peer *peer, const u8 *msg)
{
u8 *err;
if (!fromwire_closing_negotiation_error(peer, NULL, NULL, &err))
peer_internal_error(peer, "Bad closing_negotiation %s",
tal_hex(peer, msg));
else
peer_internal_error(peer, "%s", err);
/* Kill daemon (though it's dying anyway) */
return -1;
}
void peer_last_tx(struct peer *peer, struct bitcoin_tx *tx,
const secp256k1_ecdsa_signature *sig)
{
@ -1739,20 +1693,6 @@ static int closing_msg(struct subd *sd, const u8 *msg, const int *fds)
enum closing_wire_type t = fromwire_peektype(msg);
switch (t) {
/* We let peer_owner_finished handle these as transient errors. */
case WIRE_CLOSING_BAD_COMMAND:
case WIRE_CLOSING_GOSSIP_FAILED:
case WIRE_CLOSING_INTERNAL_ERROR:
case WIRE_CLOSING_PEER_READ_FAILED:
case WIRE_CLOSING_PEER_WRITE_FAILED:
return -1;
/* These are permanent errors. */
case WIRE_CLOSING_PEER_BAD_MESSAGE:
return closingd_got_bad_message(sd->peer, msg);
case WIRE_CLOSING_NEGOTIATION_ERROR:
return closingd_got_negotiation_error(sd->peer, msg);
case WIRE_CLOSING_RECEIVED_SIGNATURE:
return peer_received_closing_signature(sd->peer, msg);
@ -1794,6 +1734,7 @@ static void peer_start_closingd(struct peer *peer,
"lightning_closingd", peer,
closing_wire_type_name,
closing_msg,
bad_peer,
peer_owner_finished,
take(&peer_fd),
take(&gossip_fd), NULL);
@ -1898,20 +1839,6 @@ static int channel_msg(struct subd *sd, const u8 *msg, const int *fds)
case WIRE_CHANNEL_SHUTDOWN_COMPLETE:
return peer_start_closingd_after_shutdown(sd->peer, msg, fds);
/* We let peer_owner_finished handle these as transient errors. */
case WIRE_CHANNEL_BAD_COMMAND:
case WIRE_CHANNEL_HSM_FAILED:
case WIRE_CHANNEL_CRYPTO_FAILED:
case WIRE_CHANNEL_GOSSIP_BAD_MESSAGE:
case WIRE_CHANNEL_INTERNAL_ERROR:
case WIRE_CHANNEL_PEER_WRITE_FAILED:
case WIRE_CHANNEL_PEER_READ_FAILED:
return -1;
/* This is a permanent error. */
case WIRE_CHANNEL_PEER_BAD_MESSAGE:
return channeld_got_bad_message(sd->peer, msg);
/* And we never get these from channeld. */
case WIRE_CHANNEL_INIT:
case WIRE_CHANNEL_FUNDING_LOCKED:
@ -1981,6 +1908,7 @@ static bool peer_start_channeld(struct peer *peer,
"lightning_channeld", peer,
channel_wire_type_name,
channel_msg,
bad_peer,
peer_owner_finished,
take(&peer_fd),
take(&gossip_fd),
@ -2330,7 +2258,7 @@ void peer_fundee_open(struct peer *peer, const u8 *from_peer,
peer_set_condition(peer, GOSSIPD, OPENINGD);
peer->owner = new_subd(ld, ld, "lightning_openingd", peer,
opening_wire_type_name,
NULL, peer_owner_finished,
NULL, bad_peer, peer_owner_finished,
take(&peer_fd), take(&gossip_fd),
NULL);
if (!peer->owner) {
@ -2414,7 +2342,7 @@ static bool gossip_peer_released(struct subd *gossip,
opening = new_subd(fc->peer->ld, ld,
"lightning_openingd", fc->peer,
opening_wire_type_name,
NULL, peer_owner_finished,
NULL, bad_peer, peer_owner_finished,
take(&fds[0]), take(&fds[1]), NULL);
if (!opening) {
peer_fail_transient(fc->peer, "Failed to subdaemon opening: %s",

121
lightningd/subd.c

@ -2,6 +2,7 @@
#include <ccan/io/io.h>
#include <ccan/mem/mem.h>
#include <ccan/noerr/noerr.h>
#include <ccan/str/str.h>
#include <ccan/take/take.h>
#include <ccan/tal/path/path.h>
#include <ccan/tal/str/str.h>
@ -295,16 +296,82 @@ static struct io_plan *sd_collect_fds(struct io_conn *conn, struct subd *sd,
return read_fds(conn, sd);
}
/* Don't trust, verify. Returns NULL if contains weird stuff. */
static const char *string_from_msg(const u8 *msg, int *str_len)
{
size_t len = tal_count(msg) - sizeof(be16), i;
for (i = 0; i < len; i++) {
if (!cisprint((char)msg[sizeof(be16) + i])) {
*str_len = 0;
return NULL;
}
}
*str_len = len;
return (const char *)(msg + sizeof(be16));
}
static void subdaemon_malformed_msg(struct subd *sd, const u8 *msg)
{
log_broken(sd->log, "%i: malformed string '%.s'",
fromwire_peektype(msg),
tal_hexstr(msg,
msg + sizeof(be16),
tal_count(msg) - sizeof(be16)));
}
/* Returns true if logged, false if malformed. */
static bool log_status_fail(struct subd *sd,
enum status_fail type, const char *str, int str_len)
{
const char *name;
/* No 'default:' here so gcc gives warning if a new type added */
switch (type) {
case STATUS_FAIL_MASTER_IO:
name = "STATUS_FAIL_MASTER_IO";
goto log_str_broken;
case STATUS_FAIL_HSM_IO:
name = "STATUS_FAIL_HSM_IO";
goto log_str_broken;
case STATUS_FAIL_GOSSIP_IO:
name = "STATUS_FAIL_GOSSIP_IO";
goto log_str_broken;
case STATUS_FAIL_INTERNAL_ERROR:
name = "STATUS_FAIL_INTERNAL_ERROR";
goto log_str_broken;
/*
* These errors happen when the other peer misbehaves:
*/
case STATUS_FAIL_PEER_IO:
name = "STATUS_FAIL_PEER_IO";
goto log_str_peer;
case STATUS_FAIL_PEER_BAD:
name = "STATUS_FAIL_PEER_BAD";
goto log_str_peer;
}
return false;
/* Peers misbehaving is expected. */
log_str_peer:
log_info(sd->log, "%s: %.*s", name, str_len, str);
return true;
/* Shouldn't happen. */
log_str_broken:
log_broken(sd->log, "%s: %.*s", name, str_len, str);
return true;
}
static struct io_plan *sd_msg_read(struct io_conn *conn, struct subd *sd)
{
int type = fromwire_peektype(sd->msg_in);
const char *str;
int str_len;
const tal_t *tmpctx;
struct subd_req *sr;
if (type == -1) {
log_unusual(sd->log, "ERROR: Invalid msg output");
subdaemon_malformed_msg(sd, sd->msg_in);
return io_close(conn);
}
@ -322,19 +389,37 @@ static struct io_plan *sd_msg_read(struct io_conn *conn, struct subd *sd)
tmpctx = tal_tmpctx(sd);
tal_steal(tmpctx, sd->msg_in);
/* If it's a string. */
str_len = tal_count(sd->msg_in) - sizeof(be16);
str = (const char *)sd->msg_in + sizeof(be16);
if (type == STATUS_TRACE)
if (type == STATUS_TRACE) {
int str_len;
const char *str = string_from_msg(sd->msg_in, &str_len);
if (!str) {
subdaemon_malformed_msg(sd, sd->msg_in);
return io_close(conn);
}
log_debug(sd->log, "TRACE: %.*s", str_len, str);
else {
if (type & STATUS_FAIL)
log_unusual(sd->log, "FAILURE %s: %.*s",
sd->msgname(type), str_len, str);
else
log_info(sd->log, "UPDATE %s", sd->msgname(type));
goto next;
} else if (type & STATUS_FAIL) {
int str_len;
const char *str = string_from_msg(sd->msg_in, &str_len);
if (!str) {
subdaemon_malformed_msg(sd, sd->msg_in);
return io_close(conn);
}
if (!log_status_fail(sd, type, str, str_len)) {
subdaemon_malformed_msg(sd, sd->msg_in);
return io_close(conn);
}
/* If they care, tell them about invalid peer behavior */
if (sd->peerbadcb && type == STATUS_FAIL_PEER_BAD) {
const char *errmsg = tal_fmt(sd, "%.*s", str_len, str);
sd->peerbadcb(sd, errmsg);
}
return io_close(conn);
}
log_info(sd->log, "UPDATE %s", sd->msgname(type));
if (sd->msgcb) {
int i = sd->msgcb(sd, sd->msg_in, sd->fds_in);
if (i < 0)
@ -348,7 +433,8 @@ static struct io_plan *sd_msg_read(struct io_conn *conn, struct subd *sd)
return sd_collect_fds(conn, sd, i);
}
}
}
next:
sd->msg_in = NULL;
sd->fds_in = tal_free(sd->fds_in);
tal_free(tmpctx);
@ -410,8 +496,8 @@ struct subd *new_subd(const tal_t *ctx,
const char *name,
struct peer *peer,
const char *(*msgname)(int msgtype),
int (*msgcb)(struct subd *, const u8 *,
const int *fds),
int (*msgcb)(struct subd *, const u8 *, const int *fds),
void (*peerbadcb)(struct subd *, const char *),
void (*finished)(struct subd *, int),
...)
{
@ -434,6 +520,7 @@ struct subd *new_subd(const tal_t *ctx,
sd->finished = finished;
sd->msgname = msgname;
sd->msgcb = msgcb;
sd->peerbadcb = peerbadcb;
sd->fds_in = NULL;
msg_queue_init(&sd->outq, sd);
tal_add_destructor(sd, destroy_subd);

5
lightningd/subd.h

@ -36,6 +36,9 @@ struct subd {
const char *(*msgname)(int msgtype);
void (*finished)(struct subd *sd, int status);
/* Callback when the peer misbehaves. */
void (*peerbadcb)(struct subd *, const char *what);
/* Buffer for input. */
u8 *msg_in;
@ -58,6 +61,7 @@ struct subd {
* @peer: peer to associate (if any).
* @msgname: function to get name from messages
* @msgcb: function to call when non-fatal message received (or NULL)
* @peerbadcb: function to call for STATUS_FAIL_PEER_BAD (or NULL for none)
* @finished: function to call when it's finished (with exit status).
* @...: NULL-terminated list of pointers to fds to hand as fd 3, 4...
* (can be take, if so, set to -1)
@ -72,6 +76,7 @@ struct subd *new_subd(const tal_t *ctx,
struct peer *peer,
const char *(*msgname)(int msgtype),
int (*msgcb)(struct subd *, const u8 *, const int *fds),
void (*peerbadcb)(struct subd *, const char *),
void (*finished)(struct subd *, int), ...);
/**

47
onchaind/onchain.c

@ -389,7 +389,7 @@ static void unwatch_tx(const struct bitcoin_tx *tx)
static void handle_their_htlc_fulfill(struct tracked_output *out,
const struct bitcoin_tx *tx)
{
status_failed(WIRE_ONCHAIN_INTERNAL_ERROR, "FIXME: %s", __func__);
status_failed(STATUS_FAIL_INTERNAL_ERROR, "FIXME: %s", __func__);
}
/* An output has been spent: see if it resolves something we care about. */
@ -434,13 +434,13 @@ static void output_spent(struct tracked_output **outs,
case FUNDING_OUTPUT:
/* Master should be restarting us, as this implies
* that our old tx was unspent. */
status_failed(WIRE_ONCHAIN_INTERNAL_ERROR,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"Funding output spent again!");
/* Um, we don't track these! */
case OUTPUT_TO_THEM:
case DELAYED_OUTPUT_TO_THEM:
status_failed(WIRE_ONCHAIN_INTERNAL_ERROR,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"Tracked spend of %s/%s?",
tx_type_name(outs[i]->tx_type),
output_type_name(outs[i]->output_type));
@ -486,7 +486,7 @@ static void tx_new_depth(struct tracked_output **outs,
static void handle_preimage(struct tracked_output **outs,
const struct preimage *preimage)
{
status_failed(WIRE_ONCHAIN_INTERNAL_ERROR, "FIXME: %s", __func__);
status_failed(STATUS_FAIL_INTERNAL_ERROR, "FIXME: %s", __func__);
}
/* BOLT #5:
@ -517,8 +517,7 @@ static void wait_for_resolved(struct tracked_output **outs)
else if (fromwire_onchain_known_preimage(msg, NULL, &preimage))
handle_preimage(outs, &preimage);
else
status_failed(WIRE_ONCHAIN_BAD_COMMAND,
"Bad message %s", tal_hex(msg, msg));
master_badmsg(-1, msg);
tal_free(msg);
}
}
@ -562,7 +561,7 @@ static u8 **derive_htlc_scripts(const struct htlc_stub *htlcs, enum side side,
struct abs_locktime ltime;
if (!blocks_to_abs_locktime(htlcs[i].cltv_expiry,
&ltime))
status_failed(WIRE_ONCHAIN_INTERNAL_ERROR,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"Could not convert cltv_expiry %u to locktime",
htlcs[i].cltv_expiry);
htlc_scripts[i] = htlc_received_wscript(htlc_scripts,
@ -696,7 +695,7 @@ static void resolve_our_htlc_ourcommit(struct tracked_output *out,
tal_free(wscript);
return;
}
status_failed(WIRE_ONCHAIN_INTERNAL_ERROR,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"Could not find feerate for signature on HTLC timeout"
" between %u and %u",
feerate_range->min, feerate_range->max);
@ -825,7 +824,7 @@ static void handle_our_unilateral(const struct bitcoin_tx *tx,
/* Figure out what delayed to-us output looks like */
if (!per_commit_point(shaseed, &local_per_commitment_point, commit_num))
status_failed(WIRE_ONCHAIN_CRYPTO_FAILED,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"Deriving local_per_commit_point for %"PRIu64,
commit_num);
@ -835,7 +834,7 @@ static void handle_our_unilateral(const struct bitcoin_tx *tx,
local_delayed_payment_basepoint,
remote_revocation_basepoint,
&keyset))
status_failed(WIRE_ONCHAIN_CRYPTO_FAILED,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"Deriving keyset for %"PRIu64, commit_num);
status_trace("Deconstructing unilateral tx: %"PRIu64
@ -858,7 +857,7 @@ static void handle_our_unilateral(const struct bitcoin_tx *tx,
local_delayed_payment_basepoint,
&local_per_commitment_point,
&local_delayedprivkey))
status_failed(WIRE_ONCHAIN_CRYPTO_FAILED,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"Deriving local_delayeprivkey for %"PRIu64,
commit_num);
@ -866,7 +865,7 @@ static void handle_our_unilateral(const struct bitcoin_tx *tx,
local_payment_basepoint,
&local_per_commitment_point,
&local_payment_privkey))
status_failed(WIRE_ONCHAIN_CRYPTO_FAILED,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"Deriving local_delayeprivkey for %"PRIu64,
commit_num);
@ -959,9 +958,10 @@ static void handle_our_unilateral(const struct bitcoin_tx *tx,
continue;
}
/* FIXME: limp along when this happens! */
j = match_htlc_output(tx, i, htlc_scripts);
if (j == -1)
status_failed(WIRE_ONCHAIN_INTERNAL_ERROR,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"Could not find resolution for output %zu",
i);
@ -1008,7 +1008,7 @@ static void handle_their_cheat(const struct bitcoin_tx *tx,
const struct htlc_stub *htlcs,
struct tracked_output **outs)
{
status_failed(WIRE_ONCHAIN_INTERNAL_ERROR,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"FIXME: Implement penalty transaction");
}
@ -1076,7 +1076,7 @@ static void handle_their_unilateral(const struct bitcoin_tx *tx,
remote_delayed_payment_basepoint,
local_revocation_basepoint,
&keyset))
status_failed(WIRE_ONCHAIN_CRYPTO_FAILED,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"Deriving keyset for %"PRIu64, commit_num);
status_trace("Deconstructing unilateral tx: %"PRIu64
@ -1099,7 +1099,7 @@ static void handle_their_unilateral(const struct bitcoin_tx *tx,
local_payment_basepoint,
remote_per_commitment_point,
&local_payment_privkey))
status_failed(WIRE_ONCHAIN_CRYPTO_FAILED,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"Deriving local_delayeprivkey for %"PRIu64,
commit_num);
@ -1173,7 +1173,7 @@ static void handle_their_unilateral(const struct bitcoin_tx *tx,
j = match_htlc_output(tx, i, htlc_scripts);
if (j == -1)
status_failed(WIRE_ONCHAIN_INTERNAL_ERROR,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"Could not find resolution for output %zu",
i);
if (htlcs[j].owner == LOCAL) {
@ -1274,8 +1274,7 @@ int main(int argc, char *argv[])
&tx_blockheight,
&remote_htlc_sigs,
&num_htlcs)) {
status_failed(WIRE_ONCHAIN_BAD_COMMAND,
"Bad init message %s", tal_hex(ctx, msg));
master_badmsg(WIRE_ONCHAIN_INIT, msg);
}
derive_basepoints(&seed, NULL, &basepoints, &secrets, &shaseed);
bitcoin_txid(tx, &txid);
@ -1283,15 +1282,13 @@ int main(int argc, char *argv[])
/* FIXME: Filter as we go, don't load them all into mem! */
htlcs = tal_arr(ctx, struct htlc_stub, num_htlcs);
if (!htlcs)
status_failed(WIRE_ONCHAIN_BAD_COMMAND,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"Can't allocate %"PRIu64" htlcs", num_htlcs);
for (u64 i = 0; i < num_htlcs; i++) {
msg = wire_sync_read(ctx, REQ_FD);
if (!msg || !fromwire_onchain_htlc(msg, NULL, &htlcs[i]))
status_failed(WIRE_ONCHAIN_BAD_COMMAND,
"Can't read %"PRIu64"/%"PRIu64" htlc",
i, num_htlcs);
if (!fromwire_onchain_htlc(msg, NULL, &htlcs[i]))
master_badmsg(WIRE_ONCHAIN_HTLC, msg);
}
outs = tal_arr(ctx, struct tracked_output *, 0);
@ -1407,7 +1404,7 @@ int main(int argc, char *argv[])
local_dust_limit_satoshi,
htlcs, outs);
} else
status_failed(WIRE_ONCHAIN_INTERNAL_ERROR,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"Unknown commitment index %"PRIu64
" for tx %s",
commit_num,

5
onchaind/onchain_wire.csv

@ -1,8 +1,3 @@
# Shouldn't happen
onchain_bad_command,0x8000
onchain_internal_error,0x8003
onchain_crypto_failed,0x8004
#include <common/htlc_wire.h>
# Begin! Here's the onchain tx which spends funding tx, followed by all HTLCs.
onchain_init,1

Can't render this file because it has a wrong number of fields in line 2.

93
openingd/opening.c

@ -75,8 +75,7 @@ static void check_config_bounds(struct state *state,
* unreasonably large.
*/
if (remoteconf->to_self_delay > state->max_to_self_delay)
peer_failed(PEER_FD, &state->cs, NULL,
WIRE_OPENING_PEER_BAD_CONFIG,
peer_failed(PEER_FD, &state->cs, &state->channel_id,
"to_self_delay %u larger than %u",
remoteconf->to_self_delay, state->max_to_self_delay);
@ -93,8 +92,7 @@ static void check_config_bounds(struct state *state,
/* Overflow check before capacity calc. */
if (remoteconf->channel_reserve_satoshis > state->funding_satoshis)
peer_failed(PEER_FD, &state->cs, NULL,
WIRE_OPENING_PEER_BAD_CONFIG,
peer_failed(PEER_FD, &state->cs, &state->channel_id,
"Invalid channel_reserve_satoshis %"PRIu64
" for funding_satoshis %"PRIu64,
remoteconf->channel_reserve_satoshis,
@ -111,8 +109,7 @@ static void check_config_bounds(struct state *state,
capacity_msat = remoteconf->max_htlc_value_in_flight_msat;
if (remoteconf->htlc_minimum_msat * (u64)1000 > capacity_msat)
peer_failed(PEER_FD, &state->cs, NULL,
WIRE_OPENING_PEER_BAD_CONFIG,
peer_failed(PEER_FD, &state->cs, &state->channel_id,
"Invalid htlc_minimum_msat %"PRIu64
" for funding_satoshis %"PRIu64
" capacity_msat %"PRIu64,
@ -121,8 +118,7 @@ static void check_config_bounds(struct state *state,
capacity_msat);
if (capacity_msat < state->min_effective_htlc_capacity_msat)
peer_failed(PEER_FD, &state->cs, NULL,
WIRE_OPENING_PEER_BAD_CONFIG,
peer_failed(PEER_FD, &state->cs, &state->channel_id,
"Channel capacity with funding %"PRIu64" msat,"
" reserves %"PRIu64"/%"PRIu64" msat,"
" max_htlc_value_in_flight_msat %"PRIu64
@ -136,8 +132,7 @@ static void check_config_bounds(struct state *state,
/* We don't worry about how many HTLCs they accept, as long as > 0! */
if (remoteconf->max_accepted_htlcs == 0)
peer_failed(PEER_FD, &state->cs, NULL,
WIRE_OPENING_PEER_BAD_CONFIG,
peer_failed(PEER_FD, &state->cs, &state->channel_id,
"max_accepted_htlcs %u invalid",
remoteconf->max_accepted_htlcs);
@ -147,8 +142,7 @@ static void check_config_bounds(struct state *state,
* than 483.
*/
if (remoteconf->max_accepted_htlcs > 483)
peer_failed(PEER_FD, &state->cs, NULL,
WIRE_OPENING_PEER_BAD_CONFIG,
peer_failed(PEER_FD, &state->cs, &state->channel_id,
"max_accepted_htlcs %u too large",
remoteconf->max_accepted_htlcs);
}
@ -188,14 +182,12 @@ static u8 *read_next_peer_msg(struct state *state, const tal_t *ctx)
}
if (pong && !sync_crypto_write(&state->cs, PEER_FD,
take(pong)))
peer_failed(PEER_FD, &state->cs, NULL,
WIRE_OPENING_PEER_WRITE_FAILED,
status_failed(STATUS_FAIL_PEER_IO,
"Sending pong");
} else if (is_gossip_msg(msg)) {
/* We relay gossip to gossipd, but don't relay from */
if (!wire_sync_write(GOSSIP_FD, take(msg)))
peer_failed(PEER_FD, &state->cs, NULL,
WIRE_OPENING_PEER_WRITE_FAILED,
status_failed(STATUS_FAIL_PEER_IO,
"Relaying gossip message");
} else {
return msg;
@ -232,7 +224,7 @@ static u8 *funder_channel(struct state *state,
*
* The sender MUST set `funding_satoshis` to less than 2^24 satoshi. */
if (state->funding_satoshis >= 1 << 24)
status_failed(WIRE_OPENING_BAD_PARAM,
status_failed(STATUS_FAIL_MASTER_IO,
"funding_satoshis must be < 2^24, not %"PRIu64,
state->funding_satoshis);
@ -242,7 +234,7 @@ static u8 *funder_channel(struct state *state,
* `funding_satoshis`.
*/
if (state->push_msat > 1000 * state->funding_satoshis)
status_failed(WIRE_OPENING_BAD_PARAM,
status_failed(STATUS_FAIL_MASTER_IO,
"push-msat must be < %"PRIu64,
1000 * state->funding_satoshis);
@ -264,16 +256,15 @@ static u8 *funder_channel(struct state *state,
&state->next_per_commit[LOCAL],
channel_flags);
if (!sync_crypto_write(&state->cs, PEER_FD, msg))
status_failed(WIRE_OPENING_PEER_WRITE_FAILED,
status_failed(STATUS_FAIL_PEER_IO,
"Writing open_channel: %s", strerror(errno));
state->remoteconf = tal(state, struct channel_config);
msg = read_next_peer_msg(state, state);
if (!msg)
peer_failed(PEER_FD, &state->cs, &state->channel_id,
WIRE_OPENING_PEER_READ_FAILED,
"Reading accept_channel");
status_failed(STATUS_FAIL_PEER_IO,
"Reading accept_channel: %s", strerror(errno));
/* BOLT #2:
*
@ -298,7 +289,6 @@ static u8 *funder_channel(struct state *state,
&theirs.delayed_payment,
&state->next_per_commit[REMOTE]))
peer_failed(PEER_FD, &state->cs, &state->channel_id,
WIRE_OPENING_PEER_READ_FAILED,
"Parsing accept_channel %s", tal_hex(msg, msg));
/* BOLT #2:
@ -307,7 +297,6 @@ static u8 *funder_channel(struct state *state,
* `temporary_channel_id` in the `open_channel` message. */
if (!structeq(&id_in, &state->channel_id))
peer_failed(PEER_FD, &state->cs, &id_in,
WIRE_OPENING_PEER_READ_FAILED,
"accept_channel ids don't match: sent %s got %s",
type_to_string(msg, struct channel_id, &id_in),
type_to_string(msg, struct channel_id,
@ -323,7 +312,6 @@ static u8 *funder_channel(struct state *state,
*/
if (minimum_depth > max_minimum_depth)
peer_failed(PEER_FD, &state->cs, &state->channel_id,
WIRE_OPENING_BAD_PARAM,
"minimum_depth %u larger than %u",
minimum_depth, max_minimum_depth);
check_config_bounds(state, state->remoteconf);
@ -331,7 +319,7 @@ static u8 *funder_channel(struct state *state,
/* Now, ask create funding transaction to pay those two addresses. */
if (change_satoshis) {
if (!bip32_pubkey(bip32_base, &changekey, change_keyindex))
status_failed(WIRE_OPENING_BAD_PARAM,
status_failed(STATUS_FAIL_MASTER_IO,
"Bad change key %u", change_keyindex);
}
@ -359,7 +347,6 @@ static u8 *funder_channel(struct state *state,
LOCAL);
if (!state->channel)
peer_failed(PEER_FD, &state->cs, &state->channel_id,
WIRE_OPENING_BAD_PARAM,
"could not create channel with given config");
/* BOLT #2:
@ -386,9 +373,8 @@ static u8 *funder_channel(struct state *state,
state->funding_txout,
&sig);
if (!sync_crypto_write(&state->cs, PEER_FD, msg))
peer_failed(PEER_FD, &state->cs, &state->channel_id,
WIRE_OPENING_PEER_WRITE_FAILED,
"Writing funding_created");
status_failed(STATUS_FAIL_PEER_IO,
"Writing funding_created: %s", strerror(errno));
/* BOLT #2:
*
@ -400,15 +386,12 @@ static u8 *funder_channel(struct state *state,
*/
msg = read_next_peer_msg(state, state);
if (!msg)
peer_failed(PEER_FD, &state->cs, &state->channel_id,
WIRE_OPENING_PEER_READ_FAILED,
"Reading funding_signed");
status_failed(STATUS_FAIL_PEER_IO,
"Writing funding_signed: %s", strerror(errno));
if (!fromwire_funding_signed(msg, NULL, &id_in, &sig))
peer_failed(PEER_FD, &state->cs, &state->channel_id,
WIRE_OPENING_PEER_READ_FAILED,
"Parsing funding_signed (%s)",
wire_type_name(fromwire_peektype(msg)));
"Parsing funding_signed: %s", tal_hex(msg, msg));
/* BOLT #2:
*
@ -423,7 +406,6 @@ static u8 *funder_channel(struct state *state,
if (!structeq(&id_in, &state->channel_id))
peer_failed(PEER_FD, &state->cs, &id_in,
WIRE_OPENING_PEER_READ_FAILED,
"funding_signed ids don't match: expceted %s got %s",
type_to_string(msg, struct channel_id,
&state->channel_id),
@ -438,7 +420,6 @@ static u8 *funder_channel(struct state *state,
if (!check_tx_sig(tx, 0, NULL, wscript, &their_funding_pubkey, &sig)) {
peer_failed(PEER_FD, &state->cs, &state->channel_id,
WIRE_OPENING_PEER_READ_FAILED,
"Bad signature %s on tx %s using key %s",
type_to_string(trc, secp256k1_ecdsa_signature,
&sig),
@ -511,8 +492,7 @@ static u8 *fundee_channel(struct state *state,
&state->next_per_commit[REMOTE],
&channel_flags))
peer_failed(PEER_FD, &state->cs, NULL,
WIRE_OPENING_PEER_BAD_INITIAL_MESSAGE,
"Parsing open_channel %s",
"Bad open_channel %s",
tal_hex(peer_msg, peer_msg));
/* BOLT #2:
@ -523,7 +503,6 @@ static u8 *fundee_channel(struct state *state,
*/
if (!structeq(&chain_hash, &state->chainparams->genesis_blockhash)) {
peer_failed(PEER_FD, &state->cs, &state->channel_id,
WIRE_OPENING_PEER_BAD_INITIAL_MESSAGE,
"Unknown chain-hash %s",
type_to_string(peer_msg, struct sha256_double,
&chain_hash));
@ -535,7 +514,6 @@ static u8 *fundee_channel(struct state *state,
* is greater than or equal to 2^24 */
if (state->funding_satoshis >= 1 << 24)
peer_failed(PEER_FD, &state->cs, &state->channel_id,
WIRE_OPENING_PEER_BAD_FUNDING,
"funding_satoshis %"PRIu64" too large",
state->funding_satoshis);
@ -546,7 +524,6 @@ static u8 *fundee_channel(struct state *state,
*/
if (state->push_msat > state->funding_satoshis * 1000)
peer_failed(PEER_FD, &state->cs, &state->channel_id,
WIRE_OPENING_PEER_BAD_FUNDING,
"push_msat %"PRIu64
" too large for funding_satoshis %"PRIu64,
state->push_msat, state->funding_satoshis);
@ -558,13 +535,11 @@ static u8 *fundee_channel(struct state *state,
*/
if (state->feerate_per_kw < min_feerate)
peer_failed(PEER_FD, &state->cs, &state->channel_id,
WIRE_OPENING_PEER_BAD_FUNDING,
"feerate_per_kw %u below minimum %u",
state->feerate_per_kw, min_feerate);
if (state->feerate_per_kw > max_feerate)
peer_failed(PEER_FD, &state->cs, &state->channel_id,
WIRE_OPENING_PEER_BAD_FUNDING,
"feerate_per_kw %u above maximum %u",
state->feerate_per_kw, max_feerate);
@ -588,22 +563,19 @@ static u8 *fundee_channel(struct state *state,
&state->next_per_commit[LOCAL]);
if (!sync_crypto_write(&state->cs, PEER_FD, take(msg)))
peer_failed(PEER_FD, &state->cs, &state->channel_id,
WIRE_OPENING_PEER_WRITE_FAILED,
"Writing accept_channel");
status_failed(STATUS_FAIL_PEER_IO,
"Writing accept_channel: %s", strerror(errno));
msg = read_next_peer_msg(state, state);
if (!msg)
peer_failed(PEER_FD, &state->cs, &state->channel_id,
WIRE_OPENING_PEER_READ_FAILED,
"Reading funding_created");
status_failed(STATUS_FAIL_PEER_IO,
"Reading funding_created: %s", strerror(errno));
if (!fromwire_funding_created(msg, NULL, &id_in,
&state->funding_txid.sha,
&state->funding_txout,
&theirsig))
peer_failed(PEER_FD, &state->cs, &state->channel_id,
WIRE_OPENING_PEER_READ_FAILED,
"Parsing funding_created");
/* BOLT #2:
@ -612,7 +584,6 @@ static u8 *fundee_channel(struct state *state,
* `temporary_channel_id` in the `open_channel` message. */
if (!structeq(&id_in, &state->channel_id))
peer_failed(PEER_FD, &state->cs, &id_in,
WIRE_OPENING_PEER_READ_FAILED,
"funding_created ids don't match: sent %s got %s",
type_to_string(msg, struct channel_id,
&state->channel_id),
@ -632,7 +603,6 @@ static u8 *fundee_channel(struct state *state,
REMOTE);
if (!state->channel)
peer_failed(PEER_FD, &state->cs, &state->channel_id,
WIRE_OPENING_BAD_PARAM,
"could not create channel with given config");
/* BOLT #2:
@ -645,7 +615,6 @@ static u8 *fundee_channel(struct state *state,
if (!check_tx_sig(tx, 0, NULL, wscript, &their_funding_pubkey,
&theirsig)) {
peer_failed(PEER_FD, &state->cs, &state->channel_id,
WIRE_OPENING_PEER_READ_FAILED,
"Bad signature %s on tx %s using key %s",
type_to_string(trc, secp256k1_ecdsa_signature,
&theirsig),
@ -733,9 +702,6 @@ int main(int argc, char *argv[])
status_setup_sync(REQ_FD);
msg = wire_sync_read(state, REQ_FD);
if (!msg)
status_failed(WIRE_OPENING_BAD_COMMAND, "%s", strerror(errno));
if (!fromwire_opening_init(msg, NULL,
&network_index,
&state->localconf,
@ -743,7 +709,8 @@ int main(int argc, char *argv[])
&state->min_effective_htlc_capacity_msat,
&state->cs,
&seed))
status_failed(WIRE_OPENING_BAD_COMMAND, "%s", strerror(errno));
master_badmsg(WIRE_OPENING_INIT, msg);
tal_free(msg);
state->chainparams = chainparams_by_index(network_index);
@ -752,13 +719,13 @@ int main(int argc, char *argv[])
if (!derive_basepoints(&seed, &our_funding_pubkey,
&our_points, &state->our_secrets,
&state->shaseed))
status_failed(WIRE_OPENING_KEY_DERIVATION_FAILED,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"Secret derivation failed, secret = %s",
type_to_string(trc, struct privkey, &seed));
if (!per_commit_point(&state->shaseed, &state->next_per_commit[LOCAL],
0))
status_failed(WIRE_OPENING_KEY_DERIVATION_FAILED,
status_failed(STATUS_FAIL_INTERNAL_ERROR,
"First per_commitment_point derivation failed,"
" secret = %s",
type_to_string(trc, struct privkey, &seed));
@ -782,6 +749,10 @@ int main(int argc, char *argv[])
msg = fundee_channel(state, &our_funding_pubkey, &our_points,
minimum_depth, min_feerate, max_feerate,
peer_msg);
else
status_failed(STATUS_FAIL_MASTER_IO,
"neither funder nor fundee: %s",
tal_hex(msg, msg));
/* Write message and hand back the fd. */
wire_sync_write(REQ_FD, msg);

13
openingd/opening_wire.csv

@ -1,16 +1,3 @@
# These shouldn't happen
opening_bad_command,0x8000
opening_key_derivation_failed,0x8001
opening_bad_param,0x8002
opening_hsm_failed,0x8003
# These are due to peer.
opening_peer_write_failed,0x8010
opening_peer_read_failed,0x8011
opening_peer_bad_funding,0x8012
opening_peer_bad_config,0x8013
opening_peer_bad_initial_message,0x8014
#include <common/cryptomsg.h>
#include <common/channel_config.h>
opening_init,0

Can't render this file because it has a wrong number of fields in line 2.
Loading…
Cancel
Save