Bolt 1: Specify that extensions to existing messages must use TLV #754
Conversation
The spec already prepared a hook to add additional information to existing messages (additional bytes at the end of a message must be ignored). Since we're using TLV in many places, it makes sense to use that optional additional space at the end of each message to allow an optional tlv stream. This requires making a few previously optional fields mandatory: - channel_reestablish commitment points: it makes sense to always include those regardless of whether `option_dataloss_protect` or `option_static_remotekey` are set. - option_upfront_shutdown_script: if you're not using one, just set the length to 0. That field is moved to a TLV record because luckily, the resulting bytes are the same. This provides more flexibility to later remove the requirement of making this field mandatory. No need to change the `channel_update`'s `htlc_maximum_msat` because the `message_flags` encode its presence/absence. It can still be either included or omitted without causing issues to the extension stream.
|
Here are more details on why moving Previously we used 2 bytes for the length. Fortunately a TLV for which the data part has less than 252 bytes also uses 2 bytes for tag+length, which matches the previous encoding. Since valid scripts are always less than 252 bytes, that means they result in the exact same encoding. Since TLV streams are ordered, having It's also more future-proof: we won't expect all nodes to use |
There was a problem hiding this comment.
Very clever work around ;)
I've implemented this for lnd at: lightningnetwork/lnd#3966. It was pretty straight forward as expected, no major surprises. Once that lands we'll also be ready for the TLV revolution 😈
01-messaging.md
Outdated
| - upon receiving a message of _odd_, unknown type: | ||
| - MUST ignore the received message. | ||
| - upon receiving a message of _even_, unknown type: | ||
| - MUST fail the channels. |
There was a problem hiding this comment.
I think must fail the channels is too strong here (applies to this entire section as well). It's an issue generally elsewhere in the spec, but you just inconvenience yourself by closing channels if you get a funny looking message. An alternative would be "close the transport connection", or "ignore the message".
There was a problem hiding this comment.
It's true, we could simply close the connection on such cases, simply halting progress to notify the remote peer that something is wrong. I think the spec is a bit too hardcore on closing channels on some occasions, maybe it's a good idea to start making it more lenient.
| message. The base `init` message (without extensions) for these examples is | ||
| `0x001000000000` (all features turned off). | ||
|
|
||
| The following `init` messages are valid: |
There was a problem hiding this comment.
That init message (along with the error) message as is, can't really be extended :/
It includes a variable sized byte slice that can occupy the entire message. If we really need to extend it in the future, we can create another init message.
There was a problem hiding this comment.
What do you mean? Since that variable size byte slice starts with a u16 that explicitly sets its length, I believe it can be extended. For the specific case of init, it is even already extended with a TLV stream since we added the networks TLV. Can you clarify if I misunderstood?
There was a problem hiding this comment.
Ah do you mean that the existing message may fill the 65535 bytes of the message? In that case definitely, it will hit the message size limit and fail. Do you think we should mention that the extension can only be done within the bounds of the message length limit?
There was a problem hiding this comment.
Yeah I mean the feature vectors can fill the entire message. Adding a mention/note of this sounds good to me. In the typical case this shouldn't happen, but implementations should be ready for it.
There was a problem hiding this comment.
Great, I'll add that.
There was a problem hiding this comment.
Added in a58cece.
Did you really implement that many hidden features in lnd that you're afraid of filling up the init? 😆
We don't need to be that strict and unforgiving. Let's give implementation the choice to simply close the connection.
Add a note that when a message payload already fills all the available bytes, it's not possible to add an extension.
|
Ack! |
|
Merging as agreed during yesterday's meeting: http://www.erisian.com.au/meetbot/lightning-dev/2020/lightning-dev.2020-03-30-19.06.log.html |
The spec already prepared a hook to add additional information to existing
messages (additional bytes at the end of a message must be ignored).
Since we're using TLV in many places, it makes sense to use that optional
additional space at the end of each message to allow an optional tlv stream.
This requires making a few previously optional fields mandatory:
regardless of whether
option_dataloss_protectoroption_static_remotekeyare set.That field is moved to a TLV record because luckily, the resulting bytes are the same.
This provides more flexibility to later remove the requirement of making this field mandatory.
No need to change the
channel_update'shtlc_maximum_msatbecausethe
message_flagsencode its presence/absence.It can still be either included or omitted without causing issues to the extension stream.
NB: this is a continuation of #714, which was merged too soon then reverted.