We stopped automatically retransmitting locally-generated add/removes
after a reconnect, but this breaks the "pay" interface as it stands.
The correct solution to this is to make the pay interface idempotent:
you can trigger it as many times as you want and it will only succeed
once.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This makes more sense eventually: we may know the network addresses of
many peers, not just those we're connecting to. So keep a mapping, and
update it when we successfully connect outwards.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We add a "dev-restart" command which causes the daemon to close fds
and exec itself. Then we do it after every command, with the caveat
that we always send a commit before newhtlc, because if not committed,
that is forgotten. Fulfillhtlc and failhtlc get resent, since they're
idempotent.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This avoids us having to query it when we create anchor transaction, and
lets us always use dynamic fee information.
The config options for max and min are now percentages, rather than absolute.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Thus a node MUST estimate the deadline for successful redemption for
each HTLC it offers. A node MUST NOT offer a HTLC after this
deadline, and MUST fail the connection if an HTLC which it offered is
in either node's current commitment transaction past this deadline.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Note that the base fee is in millisatoshi, the proportional fee is
in microsatoshi per satoshi. ie. 1,000,000 means charge 1 satoshi for
every satoshi carried.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We're about to change the code so that if it can't route, it will fail
the HTLC. The current low-level tests will hate this, so have a dev switch
to turn that off.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
The protocol still supports both, but we now only support blocks.
It's hard to do risk management with timeouts in seconds, given block
variance. This is also signficantly simpler, as HTLC timeouts are
always fired in response to blocks, not wall-clock times.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
A new 'accept-payment' command tells the node to fulfill HTLCs using
the R value if the amount is correct. It's not wired in yet.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
While useful for testing, it doesn't make sense to have an explicit commit
command; we should commit whenever there are outstanding changes.
We have a 10ms timer to allow limited batching, however.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
Currently this mean --bitcoin-poll; we're going to change the other time
options to block heights anyway.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This allows us to track precise transaction depth ourselves,
particularly in the case of branching.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
We need to control the *inputs* to the anchor tx, to make sure they
pay to witness scripts (thus the anchor is immalleable). The easiest
way to do this is to hand out P2SH addresses for the user, and have
them pay into those. Then they hand us that tx and we use it to
create the anchor.
This is not a long-term solution!
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
And divide fees as specified there.
We still use fixed values rather than floating, and we don't send or
handle update_fee messages.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
bitcoind has a limit of 16 requests at once, by default, so our simplest
solution is to serialize them.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
For better or worse, the ccan/timer structure is completely minimal,
and designed to be wrapped inside a container structure.
Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>