You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1127 lines
39 KiB
1127 lines
39 KiB
#include <ccan/build_assert/build_assert.h>
|
|
#include <state.h>
|
|
|
|
static inline bool high_priority(enum state state)
|
|
{
|
|
return (state & 1) == (STATE_NORMAL_HIGHPRIO & 1);
|
|
}
|
|
|
|
#define prio(state, name) \
|
|
(high_priority(state) ? name##_HIGHPRIO : name##_LOWPRIO)
|
|
|
|
#define toggle_prio(state, name) \
|
|
(!high_priority(state) ? name##_HIGHPRIO : name##_LOWPRIO)
|
|
|
|
#define add_effect(e, field, val) \
|
|
do { \
|
|
struct state_effect *_e = tal(ctx, struct state_effect); \
|
|
_e->etype = STATE_EFFECT_##field; \
|
|
_e->u.field = (val); \
|
|
_e->next = (*e); \
|
|
(*e) = _e; \
|
|
} while(0)
|
|
|
|
/* STATE_CLOSE* can be treated as a bitset offset from STATE_CLOSED */
|
|
#define BITS_TO_STATE(bits) (STATE_CLOSED + (bits))
|
|
#define STATE_TO_BITS(state) ((state) - STATE_CLOSED)
|
|
|
|
static struct state_effect *next_state(const tal_t *ctx,
|
|
struct state_effect *effect,
|
|
const enum state state)
|
|
{
|
|
add_effect(&effect, new_state, state);
|
|
return effect;
|
|
}
|
|
|
|
struct state_effect *state(const tal_t *ctx,
|
|
const enum state state,
|
|
const struct peer *peer,
|
|
const enum state_input input,
|
|
const union input *idata)
|
|
{
|
|
struct state_effect *effect = NULL;
|
|
Pkt *decline;
|
|
struct bitcoin_tx *tx;
|
|
Pkt *err;
|
|
struct htlc_watch *htlcs;
|
|
struct htlc_progress *htlcprog;
|
|
|
|
switch (state) {
|
|
/*
|
|
* Initial channel opening states.
|
|
*/
|
|
case STATE_INIT:
|
|
if (input_is(input, CMD_OPEN_WITH_ANCHOR)) {
|
|
add_effect(&effect, send_pkt,
|
|
pkt_open(ctx, peer,
|
|
OPEN_CHANNEL__ANCHOR_OFFER__WILL_CREATE_ANCHOR));
|
|
return next_state(ctx, effect,
|
|
STATE_OPEN_WAIT_FOR_OPEN_WITHANCHOR);
|
|
} else if (input_is(input, CMD_OPEN_WITHOUT_ANCHOR)) {
|
|
add_effect(&effect, send_pkt,
|
|
pkt_open(ctx, peer,
|
|
OPEN_CHANNEL__ANCHOR_OFFER__WONT_CREATE_ANCHOR));
|
|
return next_state(ctx, effect,
|
|
STATE_OPEN_WAIT_FOR_OPEN_NOANCHOR);
|
|
}
|
|
break;
|
|
case STATE_OPEN_WAIT_FOR_OPEN_NOANCHOR:
|
|
if (input_is(input, PKT_OPEN)) {
|
|
err = accept_pkt_open(ctx, peer, idata->pkt, &effect);
|
|
if (err) {
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
goto err_close_nocleanup;
|
|
}
|
|
return next_state(ctx, effect, STATE_OPEN_WAIT_FOR_ANCHOR);
|
|
} else if (input_is(input, CMD_CLOSE)) {
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
goto instant_close;
|
|
} else if (input_is_pkt(input)) {
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
goto unexpected_pkt_nocleanup;
|
|
}
|
|
break;
|
|
case STATE_OPEN_WAIT_FOR_OPEN_WITHANCHOR:
|
|
if (input_is(input, PKT_OPEN)) {
|
|
err = accept_pkt_open(ctx, peer, idata->pkt, &effect);
|
|
if (err) {
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
goto err_close_nocleanup;
|
|
}
|
|
add_effect(&effect, send_pkt, pkt_anchor(ctx, peer));
|
|
return next_state(ctx, effect,
|
|
STATE_OPEN_WAIT_FOR_COMMIT_SIG);
|
|
} else if (input_is(input, CMD_CLOSE)) {
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
goto instant_close;
|
|
} else if (input_is_pkt(input)) {
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
goto unexpected_pkt_nocleanup;
|
|
}
|
|
break;
|
|
case STATE_OPEN_WAIT_FOR_ANCHOR:
|
|
if (input_is(input, PKT_OPEN_ANCHOR)) {
|
|
err = accept_pkt_anchor(ctx, peer, idata->pkt, &effect);
|
|
if (err) {
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
goto err_close_nocleanup;
|
|
}
|
|
add_effect(&effect, send_pkt,
|
|
pkt_open_commit_sig(ctx, peer));
|
|
add_effect(&effect, watch,
|
|
bitcoin_watch_anchor(ctx, peer,
|
|
BITCOIN_ANCHOR_DEPTHOK,
|
|
BITCOIN_ANCHOR_TIMEOUT,
|
|
BITCOIN_ANCHOR_UNSPENT,
|
|
BITCOIN_ANCHOR_THEIRSPEND,
|
|
BITCOIN_ANCHOR_OTHERSPEND));
|
|
|
|
return next_state(ctx, effect,
|
|
STATE_OPEN_WAITING_THEIRANCHOR);
|
|
} else if (input_is(input, CMD_CLOSE)) {
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
goto instant_close;
|
|
} else if (input_is_pkt(input)) {
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
goto unexpected_pkt_nocleanup;
|
|
}
|
|
break;
|
|
case STATE_OPEN_WAIT_FOR_COMMIT_SIG:
|
|
if (input_is(input, PKT_OPEN_COMMIT_SIG)) {
|
|
err = accept_pkt_open_commit_sig(ctx, peer, idata->pkt,
|
|
&effect);
|
|
if (err) {
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
goto err_start_unilateral_close;
|
|
}
|
|
add_effect(&effect, broadcast_tx,
|
|
bitcoin_anchor(ctx, peer));
|
|
add_effect(&effect, watch,
|
|
bitcoin_watch_anchor(ctx, peer,
|
|
BITCOIN_ANCHOR_DEPTHOK,
|
|
INPUT_NONE,
|
|
BITCOIN_ANCHOR_UNSPENT,
|
|
BITCOIN_ANCHOR_THEIRSPEND,
|
|
BITCOIN_ANCHOR_OTHERSPEND));
|
|
return next_state(ctx, effect, STATE_OPEN_WAITING_OURANCHOR);
|
|
} else if (input_is(input, CMD_CLOSE)) {
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
goto instant_close;
|
|
} else if (input_is_pkt(input)) {
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
goto unexpected_pkt_nocleanup;
|
|
}
|
|
break;
|
|
case STATE_OPEN_WAITING_OURANCHOR:
|
|
if (input_is(input, PKT_OPEN_COMPLETE)) {
|
|
return next_state(ctx, effect,
|
|
STATE_OPEN_WAITING_OURANCHOR_THEYCOMPLETED);
|
|
}
|
|
/* Fall thru */
|
|
case STATE_OPEN_WAITING_OURANCHOR_THEYCOMPLETED:
|
|
if (input_is(input, BITCOIN_ANCHOR_DEPTHOK)) {
|
|
add_effect(&effect, send_pkt,
|
|
pkt_open_complete(ctx, peer));
|
|
if (state == STATE_OPEN_WAITING_OURANCHOR_THEYCOMPLETED) {
|
|
add_effect(&effect, cmd_success, CMD_OPEN_WITH_ANCHOR);
|
|
return next_state(ctx, effect, STATE_NORMAL_HIGHPRIO);
|
|
}
|
|
return next_state(ctx, effect,
|
|
STATE_OPEN_WAIT_FOR_COMPLETE_OURANCHOR);
|
|
} else if (input_is(input, BITCOIN_ANCHOR_UNSPENT)) {
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
goto anchor_unspent;
|
|
} else if (input_is(input, BITCOIN_ANCHOR_THEIRSPEND)) {
|
|
/* We no longer care about anchor depth. */
|
|
add_effect(&effect, unwatch,
|
|
bitcoin_unwatch_anchor_depth(ctx, peer,
|
|
BITCOIN_ANCHOR_DEPTHOK,
|
|
INPUT_NONE));
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
goto them_unilateral;
|
|
} else if (input_is(input, BITCOIN_ANCHOR_OTHERSPEND)) {
|
|
/* This should be impossible. */
|
|
return next_state(ctx, effect, STATE_ERR_INFORMATION_LEAK);
|
|
} else if (input_is(input, CMD_CLOSE)) {
|
|
/* We no longer care about anchor depth. */
|
|
add_effect(&effect, unwatch,
|
|
bitcoin_unwatch_anchor_depth(ctx, peer,
|
|
BITCOIN_ANCHOR_DEPTHOK,
|
|
INPUT_NONE));
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
goto start_closing;
|
|
} else if (input_is(input, PKT_CLOSE)) {
|
|
/* We no longer care about anchor depth. */
|
|
add_effect(&effect, unwatch,
|
|
bitcoin_unwatch_anchor_depth(ctx, peer,
|
|
BITCOIN_ANCHOR_DEPTHOK,
|
|
INPUT_NONE));
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
goto accept_closing;
|
|
} else if (input_is_pkt(input)) {
|
|
/* We no longer care about anchor depth. */
|
|
add_effect(&effect, unwatch,
|
|
bitcoin_unwatch_anchor_depth(ctx, peer,
|
|
BITCOIN_ANCHOR_DEPTHOK,
|
|
INPUT_NONE));
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
goto unexpected_pkt_nocleanup;
|
|
}
|
|
break;
|
|
case STATE_OPEN_WAITING_THEIRANCHOR:
|
|
if (input_is(input, PKT_OPEN_COMPLETE)) {
|
|
return next_state(ctx, effect,
|
|
STATE_OPEN_WAITING_THEIRANCHOR_THEYCOMPLETED);
|
|
}
|
|
/* Fall thru */
|
|
case STATE_OPEN_WAITING_THEIRANCHOR_THEYCOMPLETED:
|
|
if (input_is(input, BITCOIN_ANCHOR_TIMEOUT)) {
|
|
/* Anchor didn't reach blockchain in reasonable time. */
|
|
add_effect(&effect, send_pkt,
|
|
pkt_err(ctx, "Anchor timed out"));
|
|
return next_state(ctx, effect, STATE_ERR_ANCHOR_TIMEOUT);
|
|
} else if (input_is(input, BITCOIN_ANCHOR_DEPTHOK)) {
|
|
add_effect(&effect, send_pkt,
|
|
pkt_open_complete(ctx, peer));
|
|
if (state == STATE_OPEN_WAITING_THEIRANCHOR_THEYCOMPLETED) {
|
|
add_effect(&effect, cmd_success,
|
|
CMD_OPEN_WITHOUT_ANCHOR);
|
|
return next_state(ctx, effect,
|
|
STATE_NORMAL_LOWPRIO);
|
|
}
|
|
return next_state(ctx, effect, STATE_OPEN_WAIT_FOR_COMPLETE_THEIRANCHOR);
|
|
} else if (input_is(input, BITCOIN_ANCHOR_UNSPENT)) {
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
goto anchor_unspent;
|
|
} else if (input_is(input, BITCOIN_ANCHOR_OTHERSPEND)) {
|
|
/* This should be impossible. */
|
|
return next_state(ctx, effect, STATE_ERR_INFORMATION_LEAK);
|
|
} else if (input_is(input, BITCOIN_ANCHOR_THEIRSPEND)) {
|
|
/* We no longer care about anchor depth. */
|
|
add_effect(&effect, unwatch,
|
|
bitcoin_unwatch_anchor_depth(ctx, peer,
|
|
BITCOIN_ANCHOR_DEPTHOK,
|
|
BITCOIN_ANCHOR_TIMEOUT));
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
goto them_unilateral;
|
|
} else if (input_is(input, CMD_CLOSE)) {
|
|
/* We no longer care about anchor depth. */
|
|
add_effect(&effect, unwatch,
|
|
bitcoin_unwatch_anchor_depth(ctx, peer,
|
|
BITCOIN_ANCHOR_DEPTHOK,
|
|
BITCOIN_ANCHOR_TIMEOUT));
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
goto start_closing;
|
|
} else if (input_is(input, PKT_CLOSE)) {
|
|
/* We no longer care about anchor depth. */
|
|
add_effect(&effect, unwatch,
|
|
bitcoin_unwatch_anchor_depth(ctx, peer,
|
|
BITCOIN_ANCHOR_DEPTHOK,
|
|
BITCOIN_ANCHOR_TIMEOUT));
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
goto accept_closing;
|
|
} else if (input_is_pkt(input)) {
|
|
/* We no longer care about anchor depth. */
|
|
add_effect(&effect, unwatch,
|
|
bitcoin_unwatch_anchor_depth(ctx, peer,
|
|
BITCOIN_ANCHOR_DEPTHOK,
|
|
BITCOIN_ANCHOR_TIMEOUT));
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
goto unexpected_pkt;
|
|
}
|
|
break;
|
|
case STATE_OPEN_WAIT_FOR_COMPLETE_OURANCHOR:
|
|
case STATE_OPEN_WAIT_FOR_COMPLETE_THEIRANCHOR:
|
|
if (input_is(input, PKT_OPEN_COMPLETE)) {
|
|
/* Ready for business! Anchorer goes first. */
|
|
if (state == STATE_OPEN_WAIT_FOR_COMPLETE_OURANCHOR) {
|
|
add_effect(&effect, cmd_success, CMD_OPEN_WITH_ANCHOR);
|
|
return next_state(ctx, effect, STATE_NORMAL_HIGHPRIO);
|
|
} else {
|
|
add_effect(&effect, cmd_success, CMD_OPEN_WITHOUT_ANCHOR);
|
|
return next_state(ctx, effect, STATE_NORMAL_LOWPRIO);
|
|
}
|
|
} else if (input_is(input, BITCOIN_ANCHOR_UNSPENT)) {
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
goto anchor_unspent;
|
|
/* Nobody should be able to spend anchor, except via the
|
|
* commit txs. */
|
|
} else if (input_is(input, BITCOIN_ANCHOR_OTHERSPEND)) {
|
|
return next_state(ctx, effect, STATE_ERR_INFORMATION_LEAK);
|
|
} else if (input_is(input, BITCOIN_ANCHOR_THEIRSPEND)) {
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
goto them_unilateral;
|
|
} else if (input_is(input, CMD_CLOSE)) {
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
goto start_closing;
|
|
} else if (input_is(input, PKT_CLOSE)) {
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
goto accept_closing;
|
|
} else if (input_is_pkt(input)) {
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
goto unexpected_pkt;
|
|
}
|
|
break;
|
|
|
|
/*
|
|
* Channel normal operating states.
|
|
*/
|
|
case STATE_NORMAL_LOWPRIO:
|
|
case STATE_NORMAL_HIGHPRIO:
|
|
if (input_is(input, CMD_SEND_HTLC_UPDATE)) {
|
|
/* We are to send an HTLC update. */
|
|
add_effect(&effect, send_pkt,
|
|
pkt_htlc_update(ctx, peer,
|
|
idata->htlc_prog));
|
|
add_effect(&effect, htlc_in_progress, idata->htlc_prog);
|
|
return next_state(ctx, effect,
|
|
prio(state, STATE_WAIT_FOR_HTLC_ACCEPT));
|
|
} else if (input_is(input, CMD_SEND_HTLC_FULFILL)) {
|
|
/* We are to send an HTLC fulfill. */
|
|
/* This gives us the r value (FIXME: type!) */
|
|
add_effect(&effect, r_value,
|
|
r_value_from_cmd(ctx, peer, idata->htlc));
|
|
add_effect(&effect, send_pkt,
|
|
pkt_htlc_fulfill(ctx, peer,
|
|
idata->htlc_prog));
|
|
add_effect(&effect, htlc_in_progress, idata->htlc_prog);
|
|
return next_state(ctx, effect,
|
|
prio(state, STATE_WAIT_FOR_UPDATE_ACCEPT));
|
|
} else if (input_is(input, CMD_SEND_HTLC_TIMEDOUT)) {
|
|
/* We are to send an HTLC timedout. */
|
|
add_effect(&effect, send_pkt,
|
|
pkt_htlc_timedout(ctx, peer,
|
|
idata->htlc_prog));
|
|
add_effect(&effect, htlc_in_progress, idata->htlc_prog);
|
|
return next_state(ctx, effect,
|
|
prio(state, STATE_WAIT_FOR_UPDATE_ACCEPT));
|
|
} else if (input_is(input, CMD_SEND_HTLC_ROUTEFAIL)) {
|
|
/* We are to send an HTLC routefail. */
|
|
add_effect(&effect, send_pkt,
|
|
pkt_htlc_routefail(ctx, peer,
|
|
idata->htlc_prog));
|
|
add_effect(&effect, htlc_in_progress, idata->htlc_prog);
|
|
return next_state(ctx, effect,
|
|
prio(state, STATE_WAIT_FOR_UPDATE_ACCEPT));
|
|
} else if (input_is(input, CMD_CLOSE)) {
|
|
goto start_closing;
|
|
} else if (input_is(input, PKT_UPDATE_ADD_HTLC)) {
|
|
goto accept_htlc_update;
|
|
} else if (input_is(input, PKT_UPDATE_FULFILL_HTLC)) {
|
|
goto accept_htlc_fulfill;
|
|
} else if (input_is(input, PKT_UPDATE_TIMEDOUT_HTLC)) {
|
|
goto accept_htlc_timedout;
|
|
} else if (input_is(input, PKT_UPDATE_ROUTEFAIL_HTLC)) {
|
|
goto accept_htlc_routefail;
|
|
} else if (input_is(input, BITCOIN_ANCHOR_THEIRSPEND)) {
|
|
goto them_unilateral;
|
|
} else if (input_is(input, BITCOIN_ANCHOR_OTHERSPEND)) {
|
|
goto old_commit_spotted;
|
|
} else if (input_is(input, BITCOIN_ANCHOR_UNSPENT)) {
|
|
goto anchor_unspent;
|
|
} else if (input_is(input, PKT_CLOSE)) {
|
|
goto accept_closing;
|
|
} else if (input_is_pkt(input)) {
|
|
goto unexpected_pkt;
|
|
}
|
|
break;
|
|
case STATE_WAIT_FOR_HTLC_ACCEPT_LOWPRIO:
|
|
case STATE_WAIT_FOR_HTLC_ACCEPT_HIGHPRIO:
|
|
/* HTLCs can also evoke a refusal. */
|
|
if (input_is(input, PKT_UPDATE_DECLINE_HTLC)) {
|
|
add_effect(&effect, cmd_fail, idata->pkt);
|
|
add_effect(&effect, htlc_abandon, true);
|
|
/* No update means no priority change. */
|
|
return next_state(ctx, effect,
|
|
prio(state, STATE_NORMAL));
|
|
/* They can't close with an HTLC, so only possible here */
|
|
} else if (input_is(input, PKT_CLOSE)) {
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
add_effect(&effect, htlc_abandon, true);
|
|
goto accept_closing;
|
|
}
|
|
/* Fall thru */
|
|
case STATE_WAIT_FOR_UPDATE_ACCEPT_LOWPRIO:
|
|
case STATE_WAIT_FOR_UPDATE_ACCEPT_HIGHPRIO:
|
|
if (input_is(input, PKT_UPDATE_ADD_HTLC)) {
|
|
/* If we're high priority, ignore their packet */
|
|
if (high_priority(state))
|
|
return effect;
|
|
|
|
/* Otherwise, process their request first: defer ours */
|
|
add_effect(&effect, cmd_requeue, CMD_SEND_UPDATE_ANY);
|
|
add_effect(&effect, htlc_abandon, true);
|
|
goto accept_htlc_update;
|
|
} else if (input_is(input, PKT_UPDATE_FULFILL_HTLC)) {
|
|
/* If we're high priority, ignore their packet */
|
|
if (high_priority(state))
|
|
return effect;
|
|
|
|
/* Otherwise, process their request first: defer ours */
|
|
add_effect(&effect, cmd_requeue, CMD_SEND_UPDATE_ANY);
|
|
add_effect(&effect, htlc_abandon, true);
|
|
goto accept_htlc_fulfill;
|
|
} else if (input_is(input, PKT_UPDATE_TIMEDOUT_HTLC)) {
|
|
/* If we're high priority, ignore their packet */
|
|
if (high_priority(state))
|
|
return effect;
|
|
|
|
/* Otherwise, process their request first: defer ours */
|
|
add_effect(&effect, cmd_requeue, CMD_SEND_UPDATE_ANY);
|
|
add_effect(&effect, htlc_abandon, true);
|
|
goto accept_htlc_timedout;
|
|
} else if (input_is(input, PKT_UPDATE_ROUTEFAIL_HTLC)) {
|
|
/* If we're high priority, ignore their packet */
|
|
if (high_priority(state))
|
|
return effect;
|
|
|
|
/* Otherwise, process their request first: defer ours */
|
|
add_effect(&effect, cmd_requeue, CMD_SEND_UPDATE_ANY);
|
|
add_effect(&effect, htlc_abandon, true);
|
|
goto accept_htlc_routefail;
|
|
} else if (input_is(input, PKT_UPDATE_ACCEPT)) {
|
|
struct signature *sig;
|
|
err = accept_pkt_update_accept(ctx, peer, idata->pkt,
|
|
&sig, &effect);
|
|
if (err) {
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
add_effect(&effect, htlc_abandon, true);
|
|
goto err_start_unilateral_close;
|
|
}
|
|
add_effect(&effect, update_theirsig, sig);
|
|
add_effect(&effect, send_pkt,
|
|
pkt_update_signature(ctx, peer));
|
|
/* HTLC is signed (though old tx not revoked yet!) */
|
|
add_effect(&effect, htlc_fulfill, true);
|
|
return next_state(ctx, effect,
|
|
prio(state, STATE_WAIT_FOR_UPDATE_COMPLETE));
|
|
} else if (input_is(input, BITCOIN_ANCHOR_UNSPENT)) {
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
add_effect(&effect, htlc_abandon, true);
|
|
goto anchor_unspent;
|
|
} else if (input_is(input, BITCOIN_ANCHOR_THEIRSPEND)) {
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
add_effect(&effect, htlc_abandon, true);
|
|
goto them_unilateral;
|
|
} else if (input_is(input, BITCOIN_ANCHOR_OTHERSPEND)) {
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
add_effect(&effect, htlc_abandon, true);
|
|
goto old_commit_spotted;
|
|
} else if (input_is(input, CMD_CLOSE)) {
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
add_effect(&effect, htlc_abandon, true);
|
|
goto start_closing;
|
|
} else if (input_is_pkt(input)) {
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
add_effect(&effect, htlc_abandon, true);
|
|
goto unexpected_pkt;
|
|
}
|
|
break;
|
|
case STATE_WAIT_FOR_UPDATE_COMPLETE_LOWPRIO:
|
|
case STATE_WAIT_FOR_UPDATE_COMPLETE_HIGHPRIO:
|
|
if (input_is(input, PKT_UPDATE_COMPLETE)) {
|
|
err = accept_pkt_update_complete(ctx, peer, idata->pkt,
|
|
&effect);
|
|
if (err) {
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
goto err_start_unilateral_close;
|
|
}
|
|
add_effect(&effect, cmd_success, CMD_SEND_UPDATE_ANY);
|
|
return next_state(ctx, effect,
|
|
toggle_prio(state, STATE_NORMAL));
|
|
} else if (input_is(input, BITCOIN_ANCHOR_UNSPENT)) {
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
goto anchor_unspent;
|
|
} else if (input_is(input, BITCOIN_ANCHOR_THEIRSPEND)) {
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
goto them_unilateral;
|
|
} else if (input_is(input, BITCOIN_ANCHOR_OTHERSPEND)) {
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
goto old_commit_spotted;
|
|
} else if (input_is(input, PKT_CLOSE)) {
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
goto accept_closing;
|
|
} else if (input_is(input, CMD_CLOSE)) {
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
goto start_closing;
|
|
} else if (input_is_pkt(input)) {
|
|
add_effect(&effect, cmd_fail, NULL);
|
|
goto unexpected_pkt;
|
|
}
|
|
break;
|
|
case STATE_WAIT_FOR_UPDATE_SIG_LOWPRIO:
|
|
case STATE_WAIT_FOR_UPDATE_SIG_HIGHPRIO:
|
|
if (input_is(input, PKT_UPDATE_SIGNATURE)) {
|
|
struct signature *sig;
|
|
err = accept_pkt_update_signature(ctx, peer, idata->pkt,
|
|
&sig, &effect);
|
|
if (err) {
|
|
add_effect(&effect, htlc_abandon, true);
|
|
goto err_start_unilateral_close;
|
|
}
|
|
add_effect(&effect, update_theirsig, sig);
|
|
add_effect(&effect, send_pkt,
|
|
pkt_update_complete(ctx, peer));
|
|
add_effect(&effect, htlc_fulfill, true);
|
|
/* Toggle between high and low priority states. */
|
|
return next_state(ctx, effect,
|
|
toggle_prio(state, STATE_NORMAL));
|
|
} else if (input_is(input, CMD_SEND_UPDATE_ANY)) {
|
|
add_effect(&effect, cmd_defer, input);
|
|
return effect;
|
|
} else if (input_is(input, BITCOIN_ANCHOR_UNSPENT)) {
|
|
add_effect(&effect, htlc_abandon, true);
|
|
goto anchor_unspent;
|
|
} else if (input_is(input, BITCOIN_ANCHOR_THEIRSPEND)) {
|
|
add_effect(&effect, htlc_abandon, true);
|
|
goto them_unilateral;
|
|
} else if (input_is(input, BITCOIN_ANCHOR_OTHERSPEND)) {
|
|
add_effect(&effect, htlc_abandon, true);
|
|
goto old_commit_spotted;
|
|
} else if (input_is(input, CMD_CLOSE)) {
|
|
add_effect(&effect, htlc_abandon, true);
|
|
goto start_closing;
|
|
} else if (input_is(input, PKT_CLOSE)) {
|
|
add_effect(&effect, htlc_abandon, true);
|
|
goto accept_closing;
|
|
} else if (input_is_pkt(input)) {
|
|
add_effect(&effect, htlc_abandon, true);
|
|
goto unexpected_pkt;
|
|
}
|
|
break;
|
|
|
|
case STATE_WAIT_FOR_CLOSE_COMPLETE:
|
|
if (input_is(input, PKT_CLOSE_COMPLETE)) {
|
|
err = accept_pkt_close_complete(ctx, peer, idata->pkt,
|
|
&effect);
|
|
if (err)
|
|
goto err_start_unilateral_close_already_closing;
|
|
add_effect(&effect, cmd_close_done, true);
|
|
add_effect(&effect, send_pkt,
|
|
pkt_close_ack(ctx, peer));
|
|
add_effect(&effect, broadcast_tx,
|
|
bitcoin_close(ctx, peer));
|
|
add_effect(&effect, stop_commands, true);
|
|
add_effect(&effect, stop_packets, true);
|
|
return next_state(ctx, effect, STATE_CLOSE_WAIT_CLOSE);
|
|
} else if (input_is(input, PKT_CLOSE)) {
|
|
/* We can use the sig just like CLOSE_COMPLETE */
|
|
err = accept_pkt_simultaneous_close(ctx, peer,
|
|
idata->pkt,
|
|
&effect);
|
|
if (err)
|
|
goto err_start_unilateral_close_already_closing;
|
|
add_effect(&effect, cmd_close_done, true);
|
|
add_effect(&effect, send_pkt,
|
|
pkt_close_ack(ctx, peer));
|
|
add_effect(&effect, broadcast_tx,
|
|
bitcoin_close(ctx, peer));
|
|
add_effect(&effect, stop_commands, true);
|
|
add_effect(&effect, stop_packets, true);
|
|
return next_state(ctx, effect, STATE_CLOSE_WAIT_CLOSE);
|
|
} else if (input_is(input, PKT_ERROR)) {
|
|
add_effect(&effect, in_error,
|
|
tal_steal(ctx, idata->pkt));
|
|
goto start_unilateral_close_already_closing;
|
|
} else if (input_is_pkt(input)) {
|
|
/* We ignore all other packets while closing. */
|
|
return next_state(ctx, effect, STATE_WAIT_FOR_CLOSE_COMPLETE);
|
|
} else if (input_is(input, INPUT_CLOSE_COMPLETE_TIMEOUT)) {
|
|
/* They didn't respond in time. Unilateral close. */
|
|
err = pkt_err(ctx, "Close timed out");
|
|
goto err_start_unilateral_close_already_closing;
|
|
}
|
|
add_effect(&effect, cmd_close_done, false);
|
|
add_effect(&effect, stop_commands, true);
|
|
goto fail_during_close;
|
|
|
|
case STATE_WAIT_FOR_CLOSE_ACK:
|
|
if (input_is(input, PKT_CLOSE_ACK)) {
|
|
err = accept_pkt_close_ack(ctx, peer, idata->pkt,
|
|
&effect);
|
|
if (err)
|
|
add_effect(&effect, send_pkt, err);
|
|
add_effect(&effect, stop_packets, true);
|
|
/* Just wait for close to happen now. */
|
|
return next_state(ctx, effect, STATE_CLOSE_WAIT_CLOSE);
|
|
} else if (input_is_pkt(input)) {
|
|
if (input_is(input, PKT_ERROR)) {
|
|
add_effect(&effect, in_error,
|
|
tal_steal(ctx, idata->pkt));
|
|
} else {
|
|
add_effect(&effect, send_pkt,
|
|
unexpected_pkt(ctx, input));
|
|
}
|
|
add_effect(&effect, stop_packets, true);
|
|
/* Just wait for close to happen now. */
|
|
return next_state(ctx, effect, STATE_CLOSE_WAIT_CLOSE);
|
|
} else if (input_is(input, BITCOIN_CLOSE_DONE)) {
|
|
/* They didn't ack, but we're closed, so stop. */
|
|
add_effect(&effect, stop_packets, true);
|
|
return next_state(ctx, effect, STATE_CLOSED);
|
|
}
|
|
goto fail_during_close;
|
|
|
|
/* Close states are regular: handle as a group. */
|
|
case STATE_CLOSE_WAIT_HTLCS:
|
|
case STATE_CLOSE_WAIT_STEAL:
|
|
case STATE_CLOSE_WAIT_SPENDTHEM:
|
|
case STATE_CLOSE_WAIT_SPENDTHEM_WITH_HTLCS:
|
|
case STATE_CLOSE_WAIT_STEAL_SPENDTHEM:
|
|
case STATE_CLOSE_WAIT_STEAL_SPENDTHEM_WITH_HTLCS:
|
|
case STATE_CLOSE_WAIT_CLOSE:
|
|
case STATE_CLOSE_WAIT_STEAL_CLOSE:
|
|
case STATE_CLOSE_WAIT_SPENDTHEM_CLOSE:
|
|
case STATE_CLOSE_WAIT_SPENDTHEM_CLOSE_WITH_HTLCS:
|
|
case STATE_CLOSE_WAIT_STEAL_SPENDTHEM_CLOSE:
|
|
case STATE_CLOSE_WAIT_STEAL_SPENDTHEM_CLOSE_WITH_HTLCS:
|
|
case STATE_CLOSE_WAIT_STEAL_OURCOMMIT:
|
|
case STATE_CLOSE_WAIT_STEAL_OURCOMMIT_WITH_HTLCS:
|
|
case STATE_CLOSE_WAIT_SPENDTHEM_OURCOMMIT:
|
|
case STATE_CLOSE_WAIT_SPENDTHEM_OURCOMMIT_WITH_HTLCS:
|
|
case STATE_CLOSE_WAIT_STEAL_SPENDTHEM_OURCOMMIT:
|
|
case STATE_CLOSE_WAIT_STEAL_SPENDTHEM_OURCOMMIT_WITH_HTLCS:
|
|
case STATE_CLOSE_WAIT_CLOSE_OURCOMMIT:
|
|
case STATE_CLOSE_WAIT_STEAL_CLOSE_OURCOMMIT:
|
|
case STATE_CLOSE_WAIT_SPENDTHEM_CLOSE_OURCOMMIT:
|
|
case STATE_CLOSE_WAIT_SPENDTHEM_CLOSE_OURCOMMIT_WITH_HTLCS:
|
|
case STATE_CLOSE_WAIT_STEAL_SPENDTHEM_CLOSE_OURCOMMIT:
|
|
case STATE_CLOSE_WAIT_STEAL_SPENDTHEM_CLOSE_OURCOMMIT_WITH_HTLCS:
|
|
case STATE_CLOSE_WAIT_STEAL_SPENDOURS:
|
|
case STATE_CLOSE_WAIT_STEAL_SPENDOURS_WITH_HTLCS:
|
|
case STATE_CLOSE_WAIT_SPENDTHEM_SPENDOURS:
|
|
case STATE_CLOSE_WAIT_SPENDTHEM_SPENDOURS_WITH_HTLCS:
|
|
case STATE_CLOSE_WAIT_STEAL_SPENDTHEM_SPENDOURS:
|
|
case STATE_CLOSE_WAIT_STEAL_SPENDTHEM_SPENDOURS_WITH_HTLCS:
|
|
case STATE_CLOSE_WAIT_CLOSE_SPENDOURS:
|
|
case STATE_CLOSE_WAIT_STEAL_CLOSE_SPENDOURS:
|
|
case STATE_CLOSE_WAIT_SPENDTHEM_CLOSE_SPENDOURS:
|
|
case STATE_CLOSE_WAIT_SPENDTHEM_CLOSE_SPENDOURS_WITH_HTLCS:
|
|
case STATE_CLOSE_WAIT_STEAL_SPENDTHEM_CLOSE_SPENDOURS:
|
|
case STATE_CLOSE_WAIT_STEAL_SPENDTHEM_CLOSE_SPENDOURS_WITH_HTLCS:
|
|
case STATE_CLOSE_WAIT_OURCOMMIT:
|
|
case STATE_CLOSE_WAIT_OURCOMMIT_WITH_HTLCS:
|
|
case STATE_CLOSE_WAIT_SPENDOURS:
|
|
case STATE_CLOSE_WAIT_SPENDOURS_WITH_HTLCS: {
|
|
unsigned int bits;
|
|
enum state_input closed;
|
|
|
|
bits = STATE_TO_BITS(state);
|
|
|
|
/* Once we see a steal or spend completely buried, we
|
|
* close unless we're still waiting for htlcs*/
|
|
if (bits & STATE_CLOSE_HTLCS_BIT)
|
|
closed = STATE_CLOSE_WAIT_HTLCS;
|
|
else
|
|
closed = STATE_CLOSED;
|
|
|
|
if ((bits & STATE_CLOSE_STEAL_BIT)
|
|
&& input_is(input, BITCOIN_STEAL_DONE)) {
|
|
/* One a steal is complete, we don't care about htlcs
|
|
* (we stole them all) */
|
|
if (bits & STATE_CLOSE_HTLCS_BIT)
|
|
add_effect(&effect, unwatch_htlc,
|
|
htlc_unwatch_all(ctx, peer));
|
|
return next_state(ctx, effect, STATE_CLOSED);
|
|
}
|
|
|
|
if ((bits & STATE_CLOSE_SPENDTHEM_BIT)
|
|
&& input_is(input, BITCOIN_SPEND_THEIRS_DONE)) {
|
|
BUILD_ASSERT(!(STATE_TO_BITS(STATE_CLOSE_WAIT_HTLCS)
|
|
& STATE_CLOSE_SPENDTHEM_BIT));
|
|
return next_state(ctx, effect, closed);
|
|
}
|
|
|
|
if ((bits & STATE_CLOSE_CLOSE_BIT)
|
|
&& input_is(input, BITCOIN_CLOSE_DONE)) {
|
|
BUILD_ASSERT(!(STATE_TO_BITS(STATE_CLOSE_WAIT_HTLCS)
|
|
& STATE_CLOSE_CLOSE_BIT));
|
|
return next_state(ctx, effect, closed);
|
|
}
|
|
|
|
if ((bits & STATE_CLOSE_OURCOMMIT_BIT)
|
|
&& input_is(input, BITCOIN_ANCHOR_OURCOMMIT_DELAYPASSED)) {
|
|
BUILD_ASSERT(!(STATE_TO_BITS(STATE_CLOSE_WAIT_HTLCS)
|
|
& STATE_CLOSE_OURCOMMIT_BIT));
|
|
tx = bitcoin_spend_ours(ctx, peer);
|
|
/* Now we need to wait for our commit to be done. */
|
|
add_effect(&effect, broadcast_tx, tx);
|
|
add_effect(&effect, watch,
|
|
bitcoin_watch(ctx, tx,
|
|
BITCOIN_SPEND_OURS_DONE));
|
|
bits &= ~STATE_CLOSE_OURCOMMIT_BIT;
|
|
bits |= STATE_CLOSE_SPENDOURS_BIT;
|
|
return next_state(ctx, effect, BITS_TO_STATE(bits));
|
|
}
|
|
|
|
if ((bits & STATE_CLOSE_SPENDOURS_BIT)
|
|
&& input_is(input, BITCOIN_SPEND_OURS_DONE)) {
|
|
BUILD_ASSERT(!(STATE_TO_BITS(STATE_CLOSE_WAIT_HTLCS)
|
|
& STATE_CLOSE_SPENDOURS_BIT));
|
|
return next_state(ctx, effect, closed);
|
|
}
|
|
|
|
/* If we have htlcs, we can get other inputs... */
|
|
if (bits & STATE_CLOSE_HTLCS_BIT) {
|
|
if (input_is(input, INPUT_NO_MORE_HTLCS)) {
|
|
/* Clear bit, might lead to STATE_CLOSED. */
|
|
BUILD_ASSERT((BITS_TO_STATE(STATE_TO_BITS(STATE_CLOSE_WAIT_HTLCS) & ~STATE_CLOSE_HTLCS_BIT)) == STATE_CLOSED);
|
|
bits &= ~STATE_CLOSE_HTLCS_BIT;
|
|
return next_state(ctx, effect, BITS_TO_STATE(bits));
|
|
} else if (input_is(input, BITCOIN_HTLC_TOTHEM_SPENT)) {
|
|
/* They revealed R value. */
|
|
add_effect(&effect, r_value,
|
|
bitcoin_r_value(ctx, idata->htlc));
|
|
/* We don't care any more. */
|
|
add_effect(&effect, unwatch_htlc,
|
|
htlc_unwatch(ctx, idata->htlc,
|
|
INPUT_NO_MORE_HTLCS));
|
|
return effect;
|
|
} else if (input_is(input, BITCOIN_HTLC_TOTHEM_TIMEOUT)){
|
|
tx = bitcoin_htlc_timeout(ctx,
|
|
peer,
|
|
idata->htlc);
|
|
/* HTLC timed out, spend it back to us. */
|
|
add_effect(&effect, broadcast_tx, tx);
|
|
/* Don't unwatch yet; they could yet
|
|
* try to spend, revealing rvalue. */
|
|
|
|
/* We're done when that gets buried. */
|
|
add_effect(&effect, watch_htlc_spend,
|
|
htlc_spend_watch(ctx,
|
|
tx,
|
|
idata->cmd,
|
|
BITCOIN_HTLC_RETURN_SPEND_DONE));
|
|
return effect;
|
|
} else if (input_is(input, INPUT_RVALUE)) {
|
|
tx = bitcoin_htlc_spend(ctx, peer,
|
|
idata->htlc);
|
|
|
|
/* This gives us the r value. */
|
|
add_effect(&effect, r_value,
|
|
r_value_from_cmd(ctx, peer,
|
|
idata->htlc));
|
|
/* Spend it... */
|
|
add_effect(&effect, broadcast_tx, tx);
|
|
/* We're done when it gets buried. */
|
|
add_effect(&effect, watch_htlc_spend,
|
|
htlc_spend_watch(ctx,
|
|
tx,
|
|
idata->cmd,
|
|
BITCOIN_HTLC_FULFILL_SPEND_DONE));
|
|
/* Don't care about this one any more. */
|
|
add_effect(&effect, unwatch_htlc,
|
|
htlc_unwatch(ctx, idata->htlc,
|
|
INPUT_NO_MORE_HTLCS));
|
|
return effect;
|
|
} else if (input_is(input, BITCOIN_HTLC_FULFILL_SPEND_DONE)) {
|
|
/* Stop watching spend, send
|
|
* INPUT_NO_MORE_HTLCS when done. */
|
|
add_effect(&effect, unwatch_htlc_spend,
|
|
htlc_spend_unwatch(ctx,
|
|
idata->htlc,
|
|
INPUT_NO_MORE_HTLCS));
|
|
return effect;
|
|
} else if (input_is(input, BITCOIN_HTLC_RETURN_SPEND_DONE)) {
|
|
/* Stop watching spend, send
|
|
* INPUT_NO_MORE_HTLCS when done. */
|
|
add_effect(&effect, unwatch_htlc_spend,
|
|
htlc_spend_unwatch(ctx,
|
|
idata->htlc,
|
|
INPUT_NO_MORE_HTLCS));
|
|
|
|
/* Don't need to watch the HTLC output any more,
|
|
* either. */
|
|
add_effect(&effect, unwatch_htlc,
|
|
htlc_unwatch(ctx, idata->htlc,
|
|
INPUT_NO_MORE_HTLCS));
|
|
return effect;
|
|
} else if (input_is(input, BITCOIN_HTLC_TOUS_TIMEOUT)) {
|
|
/* They can spend, we no longer care
|
|
* about this HTLC. */
|
|
add_effect(&effect, unwatch_htlc,
|
|
htlc_unwatch(ctx, idata->htlc,
|
|
INPUT_NO_MORE_HTLCS));
|
|
return effect;
|
|
}
|
|
}
|
|
|
|
/* If we're just waiting for HTLCs, anything else is an error */
|
|
if (state == STATE_CLOSE_WAIT_HTLCS)
|
|
break;
|
|
|
|
/*
|
|
* Now, other side can always spring a commit transaction on us
|
|
* (even if they already have, due to tx malleability).
|
|
*/
|
|
if (input_is(input, BITCOIN_ANCHOR_THEIRSPEND)) {
|
|
tx = bitcoin_spend_theirs(ctx, peer, idata->btc);
|
|
add_effect(&effect, broadcast_tx, tx);
|
|
add_effect(&effect, watch,
|
|
bitcoin_watch(ctx, tx,
|
|
BITCOIN_SPEND_THEIRS_DONE));
|
|
/* HTLC watches. */
|
|
htlcs = htlc_outputs_their_commit(ctx, peer,
|
|
idata->btc,
|
|
BITCOIN_HTLC_TOUS_TIMEOUT,
|
|
BITCOIN_HTLC_TOTHEM_SPENT,
|
|
BITCOIN_HTLC_TOTHEM_TIMEOUT);
|
|
if (htlcs) {
|
|
add_effect(&effect, watch_htlcs, htlcs);
|
|
bits |= STATE_CLOSE_HTLCS_BIT;
|
|
}
|
|
bits |= STATE_CLOSE_SPENDTHEM_BIT;
|
|
return next_state(ctx, effect, BITS_TO_STATE(bits));
|
|
/* This can happen multiple times: need to steal ALL */
|
|
} else if (input_is(input, BITCOIN_ANCHOR_OTHERSPEND)) {
|
|
tx = bitcoin_steal(ctx, peer, idata->btc);
|
|
if (!tx)
|
|
return next_state(ctx, effect,
|
|
STATE_ERR_INFORMATION_LEAK);
|
|
add_effect(&effect, broadcast_tx, tx);
|
|
add_effect(&effect, watch,
|
|
bitcoin_watch(ctx, tx,
|
|
BITCOIN_STEAL_DONE));
|
|
bits |= STATE_CLOSE_STEAL_BIT;
|
|
return next_state(ctx, effect, BITS_TO_STATE(bits));
|
|
} else if (input_is(input, BITCOIN_ANCHOR_UNSPENT))
|
|
goto anchor_unspent;
|
|
|
|
break;
|
|
}
|
|
|
|
/* Should never happen. */
|
|
case STATE_ERR_INTERNAL:
|
|
case STATE_ERR_INFORMATION_LEAK:
|
|
case STATE_ERR_ANCHOR_TIMEOUT:
|
|
case STATE_ERR_ANCHOR_LOST:
|
|
case STATE_CLOSED:
|
|
case STATE_MAX:
|
|
case STATE_UNUSED_CLOSE_WAIT_STEAL_WITH_HTLCS:
|
|
case STATE_UNUSED_CLOSE_WAIT_CLOSE_WITH_HTLCS:
|
|
case STATE_UNUSED_CLOSE_WAIT_STEAL_CLOSE_WITH_HTLCS:
|
|
case STATE_UNUSED_CLOSE_WAIT_CLOSE_OURCOMMIT_WITH_HTLCS:
|
|
case STATE_UNUSED_CLOSE_WAIT_STEAL_CLOSE_OURCOMMIT_WITH_HTLCS:
|
|
case STATE_UNUSED_CLOSE_WAIT_CLOSE_SPENDOURS_WITH_HTLCS:
|
|
case STATE_UNUSED_CLOSE_WAIT_STEAL_CLOSE_SPENDOURS_WITH_HTLCS:
|
|
return next_state(ctx, effect, STATE_ERR_INTERNAL);
|
|
}
|
|
|
|
/* State machine should handle all possible states. */
|
|
return next_state(ctx, effect, STATE_ERR_INTERNAL);
|
|
|
|
unexpected_pkt:
|
|
/*
|
|
* We got a weird packet, so we need to close unilaterally.
|
|
*/
|
|
/* Don't reply to an error with an error. */
|
|
if (input_is(input, PKT_ERROR)) {
|
|
add_effect(&effect, in_error, tal_steal(ctx, idata->pkt));
|
|
goto start_unilateral_close;
|
|
}
|
|
err = unexpected_pkt(ctx, input);
|
|
goto err_start_unilateral_close;
|
|
|
|
unexpected_pkt_nocleanup:
|
|
/*
|
|
* Unexpected packet, but nothing sent to chain yet, so no cleanup.
|
|
*/
|
|
err = unexpected_pkt(ctx, input);
|
|
goto err_close_nocleanup;
|
|
|
|
anchor_unspent:
|
|
/*
|
|
* Bitcoind tells us anchor got double-spent. If we double-spent it
|
|
* then we're malfunctioning. If they double-spent it, then they
|
|
* managed to cheat us: post_to_reddit();
|
|
*/
|
|
return next_state(ctx, effect, STATE_ERR_ANCHOR_LOST);
|
|
|
|
err_close_nocleanup:
|
|
/*
|
|
* Something went wrong, but we haven't sent anything to the blockchain
|
|
* so there's nothing to clean up.
|
|
*/
|
|
add_effect(&effect, send_pkt, err);
|
|
add_effect(&effect, stop_packets, true);
|
|
add_effect(&effect, stop_commands, true);
|
|
return next_state(ctx, effect, STATE_CLOSED);
|
|
|
|
err_start_unilateral_close:
|
|
/*
|
|
* They timed out, or were broken; we are going to close unilaterally.
|
|
*/
|
|
add_effect(&effect, send_pkt, err);
|
|
|
|
start_unilateral_close:
|
|
/*
|
|
* Close unilaterally.
|
|
*/
|
|
/* No more inputs, no more commands. */
|
|
add_effect(&effect, stop_packets, true);
|
|
add_effect(&effect, stop_commands, true);
|
|
tx = bitcoin_commit(ctx, peer);
|
|
add_effect(&effect, broadcast_tx, tx);
|
|
add_effect(&effect, watch,
|
|
bitcoin_watch_delayed(ctx, tx,
|
|
BITCOIN_ANCHOR_OURCOMMIT_DELAYPASSED));
|
|
|
|
/* HTLC watches. */
|
|
htlcs = htlc_outputs_our_commit(ctx, peer, tx,
|
|
BITCOIN_HTLC_TOUS_TIMEOUT,
|
|
BITCOIN_HTLC_TOTHEM_SPENT,
|
|
BITCOIN_HTLC_TOTHEM_TIMEOUT);
|
|
if (htlcs) {
|
|
add_effect(&effect, watch_htlcs, htlcs);
|
|
return next_state(ctx, effect,
|
|
STATE_CLOSE_WAIT_OURCOMMIT_WITH_HTLCS);
|
|
}
|
|
return next_state(ctx, effect, STATE_CLOSE_WAIT_OURCOMMIT);
|
|
|
|
err_start_unilateral_close_already_closing:
|
|
/*
|
|
* They timed out, or were broken; we are going to close unilaterally.
|
|
*/
|
|
add_effect(&effect, send_pkt, err);
|
|
|
|
start_unilateral_close_already_closing:
|
|
add_effect(&effect, cmd_close_done, false);
|
|
|
|
/*
|
|
* Close unilaterally.
|
|
*/
|
|
/* No more inputs, no more commands. */
|
|
add_effect(&effect, stop_packets, true);
|
|
add_effect(&effect, stop_commands, true);
|
|
tx = bitcoin_commit(ctx, peer);
|
|
add_effect(&effect, broadcast_tx, tx);
|
|
add_effect(&effect, watch,
|
|
bitcoin_watch_delayed(ctx, tx,
|
|
BITCOIN_ANCHOR_OURCOMMIT_DELAYPASSED));
|
|
|
|
/* We agreed to close: shouldn't have any HTLCs */
|
|
if (committed_to_htlcs(peer))
|
|
return next_state(ctx, effect, STATE_ERR_INTERNAL);
|
|
|
|
return next_state(ctx, effect, STATE_CLOSE_WAIT_CLOSE_OURCOMMIT);
|
|
|
|
them_unilateral:
|
|
assert(input == BITCOIN_ANCHOR_THEIRSPEND);
|
|
|
|
/*
|
|
* Bitcoind tells us they did unilateral close.
|
|
*/
|
|
add_effect(&effect, send_pkt, pkt_err(ctx, "Commit tx noticed"));
|
|
|
|
/* No more inputs, no more commands. */
|
|
add_effect(&effect, stop_packets, true);
|
|
add_effect(&effect, stop_commands, true);
|
|
tx = bitcoin_spend_theirs(ctx, peer, idata->btc);
|
|
add_effect(&effect, broadcast_tx, tx);
|
|
add_effect(&effect, watch,
|
|
bitcoin_watch(ctx, tx,
|
|
BITCOIN_SPEND_THEIRS_DONE));
|
|
|
|
/* HTLC watches (based on what they broadcast, which *may* be out
|
|
* of step with our current state by +/- 1 htlc. */
|
|
htlcs = htlc_outputs_their_commit(ctx, peer, idata->btc,
|
|
BITCOIN_HTLC_TOUS_TIMEOUT,
|
|
BITCOIN_HTLC_TOTHEM_SPENT,
|
|
BITCOIN_HTLC_TOTHEM_TIMEOUT);
|
|
if (htlcs) {
|
|
add_effect(&effect, watch_htlcs, htlcs);
|
|
return next_state(ctx, effect, STATE_CLOSE_WAIT_SPENDTHEM_WITH_HTLCS);
|
|
}
|
|
return next_state(ctx, effect, STATE_CLOSE_WAIT_SPENDTHEM);
|
|
|
|
accept_htlc_update:
|
|
err = accept_pkt_htlc_update(ctx, peer, idata->pkt, &decline, &htlcprog,
|
|
&effect);
|
|
if (err)
|
|
goto err_start_unilateral_close;
|
|
if (decline) {
|
|
add_effect(&effect, send_pkt, decline);
|
|
/* No update means no priority change. */
|
|
return next_state(ctx, effect, prio(state, STATE_NORMAL));
|
|
}
|
|
add_effect(&effect, htlc_in_progress, htlcprog);
|
|
add_effect(&effect, send_pkt, pkt_update_accept(ctx, peer));
|
|
return next_state(ctx, effect, prio(state, STATE_WAIT_FOR_UPDATE_SIG));
|
|
|
|
accept_htlc_routefail:
|
|
err = accept_pkt_htlc_routefail(ctx, peer, idata->pkt, &htlcprog,
|
|
&effect);
|
|
if (err)
|
|
goto err_start_unilateral_close;
|
|
add_effect(&effect, htlc_in_progress, htlcprog);
|
|
add_effect(&effect, send_pkt, pkt_update_accept(ctx, peer));
|
|
return next_state(ctx, effect, prio(state, STATE_WAIT_FOR_UPDATE_SIG));
|
|
|
|
accept_htlc_timedout:
|
|
err = accept_pkt_htlc_timedout(ctx, peer, idata->pkt, &htlcprog,
|
|
&effect);
|
|
if (err)
|
|
goto err_start_unilateral_close;
|
|
add_effect(&effect, htlc_in_progress, htlcprog);
|
|
add_effect(&effect, send_pkt, pkt_update_accept(ctx, peer));
|
|
return next_state(ctx, effect, prio(state, STATE_WAIT_FOR_UPDATE_SIG));
|
|
|
|
accept_htlc_fulfill:
|
|
err = accept_pkt_htlc_fulfill(ctx, peer, idata->pkt, &htlcprog,
|
|
&effect);
|
|
if (err)
|
|
goto err_start_unilateral_close;
|
|
add_effect(&effect, htlc_in_progress, htlcprog);
|
|
add_effect(&effect, send_pkt, pkt_update_accept(ctx, peer));
|
|
add_effect(&effect, r_value, r_value_from_pkt(ctx, idata->pkt));
|
|
return next_state(ctx, effect, prio(state, STATE_WAIT_FOR_UPDATE_SIG));
|
|
|
|
start_closing:
|
|
/*
|
|
* Start a mutual close.
|
|
*/
|
|
/* Protocol doesn't (currently?) allow closing with HTLCs. */
|
|
if (committed_to_htlcs(peer)) {
|
|
add_effect(&effect, cmd_close_done, false);
|
|
err = pkt_err(ctx, "Close forced due to HTLCs");
|
|
goto err_start_unilateral_close;
|
|
}
|
|
add_effect(&effect, close_timeout, INPUT_CLOSE_COMPLETE_TIMEOUT);
|
|
|
|
add_effect(&effect, watch,
|
|
bitcoin_watch_close(ctx, peer, BITCOIN_CLOSE_DONE));
|
|
|
|
/* As soon as we send packet, they could close. */
|
|
add_effect(&effect, send_pkt, pkt_close(ctx, peer));
|
|
return next_state(ctx, effect, STATE_WAIT_FOR_CLOSE_COMPLETE);
|
|
|
|
accept_closing:
|
|
err = accept_pkt_close(ctx, peer, idata->pkt, &effect);
|
|
if (err)
|
|
goto err_start_unilateral_close;
|
|
/* As soon as we send packet, they could close. */
|
|
add_effect(&effect, watch,
|
|
bitcoin_watch_close(ctx, peer, BITCOIN_CLOSE_DONE));
|
|
add_effect(&effect, send_pkt, pkt_close_complete(ctx, peer));
|
|
/* No more commands, we're already closing. */
|
|
add_effect(&effect, stop_commands, true);
|
|
return next_state(ctx, effect, STATE_WAIT_FOR_CLOSE_ACK);
|
|
|
|
instant_close:
|
|
/*
|
|
* Closing, but we haven't sent anything to the blockchain so
|
|
* there's nothing to clean up.
|
|
*/
|
|
add_effect(&effect, cmd_close_done, true);
|
|
/* FIXME: Should we tell other side we're going? */
|
|
add_effect(&effect, stop_packets, true);
|
|
add_effect(&effect, stop_commands, true);
|
|
|
|
/* We can't have any HTLCs, since we haven't started. */
|
|
if (committed_to_htlcs(peer))
|
|
return next_state(ctx, effect, STATE_ERR_INTERNAL);
|
|
return next_state(ctx, effect, STATE_CLOSED);
|
|
|
|
fail_during_close:
|
|
/*
|
|
* We've broadcast close tx; if anything goes wrong, we just close
|
|
* connection and wait.
|
|
*/
|
|
add_effect(&effect, stop_packets, true);
|
|
|
|
/* Once close tx is deep enough, we consider it done. */
|
|
if (input_is(input, BITCOIN_CLOSE_DONE)) {
|
|
return next_state(ctx, effect, STATE_CLOSED);
|
|
} else if (input_is(input, BITCOIN_ANCHOR_THEIRSPEND)) {
|
|
/* A reorganization could make this happen. */
|
|
tx = bitcoin_spend_theirs(ctx, peer, idata->btc);
|
|
add_effect(&effect, broadcast_tx, tx);
|
|
add_effect(&effect, watch,
|
|
bitcoin_watch(ctx, tx,
|
|
BITCOIN_SPEND_THEIRS_DONE));
|
|
htlcs = htlc_outputs_their_commit(ctx, peer, idata->btc,
|
|
BITCOIN_HTLC_TOUS_TIMEOUT,
|
|
BITCOIN_HTLC_TOTHEM_SPENT,
|
|
BITCOIN_HTLC_TOTHEM_TIMEOUT);
|
|
/* Expect either close or spendthem to complete */
|
|
if (htlcs) {
|
|
/* FIXME: Make sure caller uses INPUT_RVAL
|
|
* if they were in the middle of FULFILL! */
|
|
add_effect(&effect, watch_htlcs, htlcs);
|
|
return next_state(ctx, effect, STATE_CLOSE_WAIT_SPENDTHEM_CLOSE_WITH_HTLCS);
|
|
}
|
|
return next_state(ctx, effect, STATE_CLOSE_WAIT_SPENDTHEM_CLOSE);
|
|
} else if (input_is(input, BITCOIN_ANCHOR_OTHERSPEND)) {
|
|
tx = bitcoin_steal(ctx, peer, idata->btc);
|
|
if (!tx)
|
|
return next_state(ctx, effect,
|
|
STATE_ERR_INFORMATION_LEAK);
|
|
add_effect(&effect, broadcast_tx, tx);
|
|
add_effect(&effect, watch,
|
|
bitcoin_watch(ctx, tx, BITCOIN_STEAL_DONE));
|
|
/* Expect either close or steal to complete */
|
|
return next_state(ctx, effect, STATE_CLOSE_WAIT_STEAL_CLOSE);
|
|
} else if (input_is(input, BITCOIN_ANCHOR_UNSPENT)) {
|
|
return next_state(ctx, effect, STATE_ERR_ANCHOR_LOST);
|
|
}
|
|
return next_state(ctx, effect, STATE_ERR_INTERNAL);
|
|
|
|
old_commit_spotted:
|
|
/*
|
|
* bitcoind reported a broadcast of the not-latest commit tx.
|
|
*/
|
|
add_effect(&effect, send_pkt, pkt_err(ctx, "Otherspend noticed"));
|
|
|
|
/* No more packets, no more commands. */
|
|
add_effect(&effect, stop_packets, true);
|
|
add_effect(&effect, stop_commands, true);
|
|
|
|
/* If we can't find it, we're lost. */
|
|
tx = bitcoin_steal(ctx, peer, idata->btc);
|
|
if (!tx)
|
|
return next_state(ctx, effect, STATE_ERR_INFORMATION_LEAK);
|
|
add_effect(&effect, broadcast_tx, tx);
|
|
add_effect(&effect, watch,
|
|
bitcoin_watch(ctx, tx, BITCOIN_STEAL_DONE));
|
|
return next_state(ctx, effect, STATE_CLOSE_WAIT_STEAL);
|
|
}
|
|
|