lightningnetwork / lnd / 18197857992

package htlcswitch

import (

        "bytes"

        "context"

        "errors"

        "fmt"

        "math/rand"

        "sync"

        "sync/atomic"

        "time"

        "github.com/btcsuite/btcd/btcec/v2/ecdsa"

        "github.com/btcsuite/btcd/btcutil"

        "github.com/btcsuite/btcd/wire"

        "github.com/lightningnetwork/lnd/chainntnfs"

        "github.com/lightningnetwork/lnd/channeldb"

        "github.com/lightningnetwork/lnd/clock"

        "github.com/lightningnetwork/lnd/contractcourt"

        "github.com/lightningnetwork/lnd/fn/v2"

        "github.com/lightningnetwork/lnd/graph/db/models"

        "github.com/lightningnetwork/lnd/htlcswitch/hop"

        "github.com/lightningnetwork/lnd/kvdb"

        "github.com/lightningnetwork/lnd/lntypes"

        "github.com/lightningnetwork/lnd/lnutils"

        "github.com/lightningnetwork/lnd/lnwallet"

        "github.com/lightningnetwork/lnd/lnwallet/chainfee"

        "github.com/lightningnetwork/lnd/lnwire"

        "github.com/lightningnetwork/lnd/ticker"

)

const (

        // DefaultFwdEventInterval is the duration between attempts to flush

        // pending forwarding events to disk.

        DefaultFwdEventInterval = 15 * time.Second

        // DefaultLogInterval is the duration between attempts to log statistics

        // about forwarding events.

        DefaultLogInterval = 10 * time.Second

        // DefaultAckInterval is the duration between attempts to ack any settle

        // fails in a forwarding package.

        DefaultAckInterval = 15 * time.Second

        // DefaultMailboxDeliveryTimeout is the duration after which Adds will

        // be cancelled if they could not get added to an outgoing commitment.

        DefaultMailboxDeliveryTimeout = time.Minute

)

var (

        // ErrChannelLinkNotFound is used when channel link hasn't been found.

        ErrChannelLinkNotFound = errors.New("channel link not found")

        // ErrDuplicateAdd signals that the ADD htlc was already forwarded

        // through the switch and is locked into another commitment txn.

        ErrDuplicateAdd = errors.New("duplicate add HTLC detected")

        // ErrUnknownErrorDecryptor signals that we were unable to locate the

        // error decryptor for this payment. This is likely due to restarting

        // the daemon.

        ErrUnknownErrorDecryptor = errors.New("unknown error decryptor")

        // ErrSwitchExiting signaled when the switch has received a shutdown

        // request.

        ErrSwitchExiting = errors.New("htlcswitch shutting down")

        // ErrNoLinksFound is an error returned when we attempt to retrieve the

        // active links in the switch for a specific destination.

        ErrNoLinksFound = errors.New("no channel links found")

        // ErrUnreadableFailureMessage is returned when the failure message

        // cannot be decrypted.

        ErrUnreadableFailureMessage = errors.New("unreadable failure message")

        // ErrLocalAddFailed signals that the ADD htlc for a local payment

        // failed to be processed.

        ErrLocalAddFailed = errors.New("local add HTLC failed")

        // errFeeExposureExceeded is only surfaced to callers of SendHTLC and

        // signals that sending the HTLC would exceed the outgoing link's fee

        // exposure threshold.

        errFeeExposureExceeded = errors.New("fee exposure exceeded")

        // DefaultMaxFeeExposure is the default threshold after which we'll

        // fail payments if they increase our fee exposure. This is currently

        // set to 500m msats.

        DefaultMaxFeeExposure = lnwire.MilliSatoshi(500_000_000)

)

// plexPacket encapsulates switch packet and adds error channel to receive

// error from request handler.

type plexPacket struct {

        pkt *htlcPacket

        err chan error

}

// ChanClose represents a request which close a particular channel specified by

// its id.

type ChanClose struct {

        // CloseType is a variable which signals the type of channel closure the

        // peer should execute.

        CloseType contractcourt.ChannelCloseType

        // ChanPoint represent the id of the channel which should be closed.

        ChanPoint *wire.OutPoint

        // TargetFeePerKw is the ideal fee that was specified by the caller.

        // This value is only utilized if the closure type is CloseRegular.

        // This will be the starting offered fee when the fee negotiation

        // process for the cooperative closure transaction kicks off.

        TargetFeePerKw chainfee.SatPerKWeight

        // MaxFee is the highest fee the caller is willing to pay.

        //

        // NOTE: This field is only respected if the caller is the initiator of

        // the channel.

        MaxFee chainfee.SatPerKWeight

        // DeliveryScript is an optional delivery script to pay funds out to.

        DeliveryScript lnwire.DeliveryAddress

        // Updates is used by request creator to receive the notifications about

        // execution of the close channel request.

        Updates chan interface{}

        // Err is used by request creator to receive request execution error.

        Err chan error

        // Ctx is a context linked to the lifetime of the caller.

        Ctx context.Context //nolint:containedctx

}

// Config defines the configuration for the service. ALL elements within the

// configuration MUST be non-nil for the service to carry out its duties.

type Config struct {

        // FwdingLog is an interface that will be used by the switch to log

        // forwarding events. A forwarding event happens each time a payment

        // circuit is successfully completed. So when we forward an HTLC, and a

        // settle is eventually received.

        FwdingLog ForwardingLog

        // LocalChannelClose kicks-off the workflow to execute a cooperative or

        // forced unilateral closure of the channel initiated by a local

        // subsystem.

        LocalChannelClose func(pubKey []byte, request *ChanClose)

        // DB is the database backend that will be used to back the switch's

        // persistent circuit map.

        DB kvdb.Backend

        // FetchAllOpenChannels is a function that fetches all currently open

        // channels from the channel database.

        FetchAllOpenChannels func() ([]*channeldb.OpenChannel, error)

        // FetchAllChannels is a function that fetches all pending open, open,

        // and waiting close channels from the database.

        FetchAllChannels func() ([]*channeldb.OpenChannel, error)

        // FetchClosedChannels is a function that fetches all closed channels

        // from the channel database.

        FetchClosedChannels func(

                pendingOnly bool) ([]*channeldb.ChannelCloseSummary, error)

        // SwitchPackager provides access to the forwarding packages of all

        // active channels. This gives the switch the ability to read arbitrary

        // forwarding packages, and ack settles and fails contained within them.

        SwitchPackager channeldb.FwdOperator

        // ExtractErrorEncrypter is an interface allowing switch to reextract

        // error encrypters stored in the circuit map on restarts, since they

        // are not stored directly within the database.

        ExtractErrorEncrypter hop.ErrorEncrypterExtracter

        // FetchLastChannelUpdate retrieves the latest routing policy for a

        // target channel. This channel will typically be the outgoing channel

        // specified when we receive an incoming HTLC.  This will be used to

        // provide payment senders our latest policy when sending encrypted

        // error messages.

        FetchLastChannelUpdate func(lnwire.ShortChannelID) (

                *lnwire.ChannelUpdate1, error)

        // Notifier is an instance of a chain notifier that we'll use to signal

        // the switch when a new block has arrived.

        Notifier chainntnfs.ChainNotifier

        // HtlcNotifier is an instance of a htlcNotifier which we will pipe htlc

        // events through.

        HtlcNotifier htlcNotifier

        // FwdEventTicker is a signal that instructs the htlcswitch to flush any

        // pending forwarding events.

        FwdEventTicker ticker.Ticker

        // LogEventTicker is a signal instructing the htlcswitch to log

        // aggregate stats about it's forwarding during the last interval.

        LogEventTicker ticker.Ticker

        // AckEventTicker is a signal instructing the htlcswitch to ack any settle

        // fails in forwarding packages.

        AckEventTicker ticker.Ticker

        // AllowCircularRoute is true if the user has configured their node to

        // allow forwards that arrive and depart our node over the same channel.

        AllowCircularRoute bool

        // RejectHTLC is a flag that instructs the htlcswitch to reject any

        // HTLCs that are not from the source hop.

        RejectHTLC bool

        // Clock is a time source for the switch.

        Clock clock.Clock

        // MailboxDeliveryTimeout is the interval after which Adds will be

        // cancelled if they have not been yet been delivered to a link. The

        // computed deadline will expiry this long after the Adds are added to

        // a mailbox via AddPacket.

        MailboxDeliveryTimeout time.Duration

        // MaxFeeExposure is the threshold in milli-satoshis after which we'll

        // fail incoming or outgoing payments for a particular channel.

        MaxFeeExposure lnwire.MilliSatoshi

        // SignAliasUpdate is used when sending FailureMessages backwards for

        // option_scid_alias channels. This avoids a potential privacy leak by

        // replacing the public, confirmed SCID with the alias in the

        // ChannelUpdate.

        SignAliasUpdate func(u *lnwire.ChannelUpdate1) (*ecdsa.Signature,

                error)

        // IsAlias returns whether or not a given SCID is an alias.

        IsAlias func(scid lnwire.ShortChannelID) bool

}

// Switch is the central messaging bus for all incoming/outgoing HTLCs.

// Connected peers with active channels are treated as named interfaces which

// refer to active channels as links. A link is the switch's message

// communication point with the goroutine that manages an active channel. New

// links are registered each time a channel is created, and unregistered once

// the channel is closed. The switch manages the hand-off process for multi-hop

// HTLCs, forwarding HTLCs initiated from within the daemon, and finally

// notifies users local-systems concerning their outstanding payment requests.

type Switch struct {

        started  int32 // To be used atomically.

        shutdown int32 // To be used atomically.

        // bestHeight is the best known height of the main chain. The links will

        // be used this information to govern decisions based on HTLC timeouts.

        // This will be retrieved by the registered links atomically.

        bestHeight uint32

        wg   sync.WaitGroup

        quit chan struct{}

        // cfg is a copy of the configuration struct that the htlc switch

        // service was initialized with.

        cfg *Config

        // networkResults stores the results of payments initiated by the user.

        // The store is used to later look up the payments and notify the

        // user of the result when they are complete. Each payment attempt

        // should be given a unique integer ID when it is created, otherwise

        // results might be overwritten.

        networkResults *networkResultStore

        // circuits is storage for payment circuits which are used to

        // forward the settle/fail htlc updates back to the add htlc initiator.

        circuits CircuitMap

        // mailOrchestrator manages the lifecycle of mailboxes used throughout

        // the switch, and facilitates delayed delivery of packets to links that

        // later come online.

        mailOrchestrator *mailOrchestrator

        // indexMtx is a read/write mutex that protects the set of indexes

        // below.

        indexMtx sync.RWMutex

        // pendingLinkIndex holds links that have not had their final, live

        // short_chan_id assigned.

        pendingLinkIndex map[lnwire.ChannelID]ChannelLink

        // links is a map of channel id and channel link which manages

        // this channel.

        linkIndex map[lnwire.ChannelID]ChannelLink

        // forwardingIndex is an index which is consulted by the switch when it

        // needs to locate the next hop to forward an incoming/outgoing HTLC

        // update to/from.

        //

        // TODO(roasbeef): eventually add a NetworkHop mapping before the

        // ChannelLink

        forwardingIndex map[lnwire.ShortChannelID]ChannelLink

        // interfaceIndex maps the compressed public key of a peer to all the

        // channels that the switch maintains with that peer.

        interfaceIndex map[[33]byte]map[lnwire.ChannelID]ChannelLink

        // linkStopIndex stores the currently stopping ChannelLinks,

        // represented by their ChannelID. The key is the link's ChannelID and

        // the value is a chan that is closed when the link has fully stopped.

        // This map is only added to if RemoveLink is called and is not added

        // to when the Switch is shutting down and calls Stop() on each link.

        //

        // MUST be used with the indexMtx.

        linkStopIndex map[lnwire.ChannelID]chan struct{}

        // htlcPlex is the channel which all connected links use to coordinate

        // the setup/teardown of Sphinx (onion routing) payment circuits.

        // Active links forward any add/settle messages over this channel each

        // state transition, sending new adds/settles which are fully locked

        // in.

        htlcPlex chan *plexPacket

        // chanCloseRequests is used to transfer the channel close request to

        // the channel close handler.

        chanCloseRequests chan *ChanClose

        // resolutionMsgs is the channel that all external contract resolution

        // messages will be sent over.

        resolutionMsgs chan *resolutionMsg

        // pendingFwdingEvents is the set of forwarding events which have been

        // collected during the current interval, but hasn't yet been written

        // to the forwarding log.

        fwdEventMtx         sync.Mutex

        pendingFwdingEvents []channeldb.ForwardingEvent

        // blockEpochStream is an active block epoch event stream backed by an

        // active ChainNotifier instance. This will be used to retrieve the

        // latest height of the chain.

        blockEpochStream *chainntnfs.BlockEpochEvent

        // pendingSettleFails is the set of settle/fail entries that we need to

        // ack in the forwarding package of the outgoing link. This was added to

        // make pipelining settles more efficient.

        pendingSettleFails []channeldb.SettleFailRef

        // resMsgStore is used to store the set of ResolutionMsg that come from

        // contractcourt. This is used so the Switch can properly forward them,

        // even on restarts.

        resMsgStore *resolutionStore

        // aliasToReal is a map used for option-scid-alias feature-bit links.

        // The alias SCID is the key and the real, confirmed SCID is the value.

        // If the channel is unconfirmed, there will not be a mapping for it.

        // Since channels can have multiple aliases, this map is essentially a

        // N->1 mapping for a channel. This MUST be accessed with the indexMtx.

        aliasToReal map[lnwire.ShortChannelID]lnwire.ShortChannelID

        // baseIndex is a map used for option-scid-alias feature-bit links.

        // The value is the SCID of the link's ShortChannelID. This value may

        // be an alias for zero-conf channels or a confirmed SCID for

        // non-zero-conf channels with the option-scid-alias feature-bit. The

        // key includes the value itself and also any other aliases. This MUST

        // be accessed with the indexMtx.

        baseIndex map[lnwire.ShortChannelID]lnwire.ShortChannelID

}

// New creates the new instance of htlc switch.

}

// resolutionMsg is a struct that wraps an existing ResolutionMsg with a done

// channel. We'll use this channel to synchronize delivery of the message with

// the caller.

type resolutionMsg struct {

        contractcourt.ResolutionMsg

        errChan chan error

}

// ProcessContractResolution is called by active contract resolvers once a

// contract they are watching over has been fully resolved. The message carries

// an external signal that *would* have been sent if the outgoing channel

// didn't need to go to the chain in order to fulfill a contract. We'll process

// this message just as if it came from an active outgoing channel.

        case s.resolutionMsgs <- &resolutionMsg{

                ResolutionMsg: msg,

                errChan:       errChan,

        }

        }

}

// HasAttemptResult reads the network result store to fetch the specified

// attempt. Returns true if the attempt result exists.

}

// GetAttemptResult returns the result of the HTLC attempt with the given

// attemptID. The paymentHash should be set to the payment's overall hash, or

// in case of AMP payments the payment's unique identifier.

//

// The method returns a channel where the HTLC attempt result will be sent when

// available, or an error is encountered during forwarding. When a result is

// received on the channel, the HTLC is guaranteed to no longer be in flight.

// The switch shutting down is signaled by closing the channel. If the

// attemptID is unknown, ErrPaymentIDNotFound will be returned.

func (s *Switch) GetAttemptResult(attemptID uint64, paymentHash lntypes.Hash,

        }

                }

        }()

}

// CleanStore calls the underlying result store, telling it is safe to delete

// all entries except the ones in the keepPids map. This should be called

// preiodically to let the switch clean up payment results that we have

// handled.

// SendHTLC is used by other subsystems which aren't belong to htlc switch

// package in order to send the htlc update. The attemptID used MUST be unique

// for this HTLC, and MUST be used only once, otherwise the switch might reject

// it.

func (s *Switch) SendHTLC(firstHop lnwire.ShortChannelID, attemptID uint64,

        // Evaluate whether this HTLC would bypass our fee exposure. If it

        // does, don't send it out and instead return an error.

        // Drop duplicate packet if it has already been seen.

        }

        // Give the packet to the link's mailbox so that HTLC's are properly

        // canceled back if the mailbox timeout elapses.

}

// UpdateForwardingPolicies sends a message to the switch to update the

// forwarding policies for the set of target channels, keyed in chanPolicies.

//

// NOTE: This function is synchronous and will block until either the

// forwarding policies for all links have been updated, or the switch shuts

// down.

func (s *Switch) UpdateForwardingPolicies(

                }

        }

}

// IsForwardedHTLC checks for a given channel and htlc index if it is related

// to an opened circuit that represents a forwarded payment.

func (s *Switch) IsForwardedHTLC(chanID lnwire.ShortChannelID,

// ForwardPackets adds a list of packets to the switch for processing. Fails

// and settles are added on a first past, simultaneously constructing circuits

// for any adds. After persisting the circuits, another pass of the adds is

// given to forward them through the router. The sending link's quit channel is

// used to prevent deadlocks when the switch stops a link in the midst of

// forwarding.

func (s *Switch) ForwardPackets(linkQuit <-chan struct{},

        // Setup a barrier to prevent the background tasks from processing

        // responses until this function returns to the user.

        }

        // Make a first pass over the packets, forwarding any settles or fails.

        // As adds are found, we create a circuit and append it to our set of

        // circuits to be written to disk.

                }

        }

        // If this batch did not contain any circuits to commit, we can return

        // early.

        // Write any circuits that we found to disk.

        // Split the htlc packets by comparing an in-order seek to the head of

        // the added, dropped, or failed circuits.

        //

        // NOTE: This assumes each list is guaranteed to be a subsequence of the

        // circuits, and that the union of the sets results in the original set

        // of circuits.

                }

        }

        // Now, forward any packets for circuits that were successfully added to

        // the switch's circuit map.

        }

        // Lastly, for any packets that failed, this implies that they were

        // left in a half added state, which can happen when recovering from

        // failures.

        }

}

// logFwdErrs logs any errors received on `fwdChan`.

                }

        }

}

// routeAsync sends a packet through the htlc switch, using the provided err

// chan to propagate errors back to the caller. The link's quit channel is

// provided so that the send can be canceled if either the link or the switch

// receive a shutdown requuest. This method does not wait for a response from

// the htlcForwarder before returning.

func (s *Switch) routeAsync(packet *htlcPacket, errChan chan error,

        }

}

// getLocalLink handles the addition of a htlc for a send that originates from

// our node. It returns the link that the htlc should be forwarded outwards on,

// and a link error if the htlc cannot be forwarded.

func (s *Switch) getLocalLink(pkt *htlcPacket, htlc *lnwire.UpdateAddHTLC) (

                // The base SCID was found, so we'll use that to fetch the

                // link.

        }

        // We finished looking up the indexes, so we can unlock the mutex before

        // performing the link operations which might also acquire the lock

        // in case e.g. failAliasUpdate is called.

        // Ensure that the htlc satisfies the outgoing channel policy.

}

// handleLocalResponse processes a Settle or Fail responding to a

// locally-initiated payment. This is handled asynchronously to avoid blocking

// the main event loop within the switch, as these operations can require

// multiple db transactions. The guarantees of the circuit map are stringent

// enough such that we are able to tolerate reordering of these operations

// without side effects. The primary operations handled are:

//  1. Save the payment result to the pending payment store.

//  2. Notify subscribers about the payment result.

//  3. Ack settle/fail references, to avoid resending this response internally

//  4. Teardown the closing circuit in the circuit map