-
Notifications
You must be signed in to change notification settings - Fork 492
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
BOLT#02: clarify coop close requirements #970
Conversation
02-peer-protocol.md
Outdated
- MUST NOT send a `shutdown`. | ||
- MUST NOT send an `update_add_htlc` after a `shutdown`. | ||
- if no HTLCs remain in either commitment transaction: | ||
- if neither side has a dangling commitment and neither commitment contains any HTLCs (including dust HTLCs): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think "dangling" is super well-defined here, and I'm not convinced we want to make that change anyway.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Allowing closing_signed while a dangling commitment exists can only happen in this transition:
---fail--> (last htlc getting cancelled)
---sig--->
<--rev----
<--sig----
The previous wording said "either" which means it wasn't accounting for the possibility of the 3rd. Also the wording in the receiver section of commit_sig says MUST reply with revoke_and_ack
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmm, I'd argue there is still "an HTLC in (one of the) counterparty commitment transactions" at that point - it just so happens there are two counterparty commitment transactions until you get the RAA. Still, in either case, this should use more concrete language IMO.
02-peer-protocol.md
Outdated
@@ -580,10 +580,10 @@ shutdown starts, the question of how to behave if it wasn't is avoided: | |||
the sender always sends a `commitment_signed` first. | |||
|
|||
As shutdown implies a desire to terminate, it implies that no new | |||
HTLCs will be added or accepted. Once any HTLCs are cleared, the peer | |||
HTLCs will be added or accepted. Once any HTLCs are cleared, there are no dangling commitments and all updates are included on both commitment transactions, the peer |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Instead of using the word "dangling" can we specify what we mean clearly - something about commitments for which no revoke_and_ack
has been sent?
Also, nit: please wrap lines at 80 chars, or so.
02-peer-protocol.md
Outdated
@@ -602,7 +602,7 @@ The `shutdown` response requirement implies that the node sends `commitment_sign | |||
|
|||
### Closing Negotiation: `closing_signed` | |||
|
|||
Once shutdown is complete and the channel is empty of HTLCs, the final | |||
Once shutdown is complete, the channel is empty of HTLCs, there are no dangling commitments and all updates are included on both commitments, the final |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Once shutdown is complete, the channel is empty of HTLCs, there are no dangling commitments and all updates are included on both commitments, the final | |
Once shutdown is complete, the channel is empty of HTLCs, there are no dangling | |
commitments and all updates are included on both commitments, the final |
The same comment of Matt here, be more specific it is good here because we avoid inconsistency for future updates or ambiguity.
02-peer-protocol.md
Outdated
may immediately begin closing negotiation, so we ban further updates | ||
to the commitment transaction (in particular, `update_fee` would be | ||
possible otherwise). | ||
possible otherwise). However, while there are HTLCs on the commitment transaction, the initiator may find it desirable to increase the feerate as there may be pending HTLCs on the commitment which could timeout. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
possible otherwise). However, while there are HTLCs on the commitment transaction, the initiator may find it desirable to increase the feerate as there may be pending HTLCs on the commitment which could timeout. | |
possible otherwise). However, while there are HTLCs on the commitment | |
transaction, the initiator may find it desirable to increase | |
the feerate as there may be pending HTLCs on the commitment which could timeout. |
The current wording of this PR allows:
So B can continually send |
02-peer-protocol.md
Outdated
@@ -544,10 +544,10 @@ A sending node: | |||
- if it hasn't sent a `funding_created` (if it is a funder) or a `funding_signed` (if it is a fundee): | |||
- MUST NOT send a `shutdown` | |||
- MAY send a `shutdown` before a `funding_locked`, i.e. before the funding transaction has reached `minimum_depth`. | |||
- if there are updates pending on the receiving node's commitment transaction: | |||
- if there are uncommitted updates pending on the receiving node's commitment transaction: |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@vincenzopalazzo started looking at this in our code and I kinda realized....why do we have this requirement at all? Like, who really cares what's pending when a shutdown goes out? after shutdown goes out you shouldn't add anything new, and certainly sending a shutdown out while an update_add is pending is kinda dumb (the peer should reject at that point), but its not like it should break anything, only pre-closing_signed is a real concern here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I assume a part of the reason for this is so that the receiving end can enforce the "no new update_adds" requirement when receiving commitment_signed
and not later? Does anyone do this (maybe c-lightning @rustyrussell ?)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OK, this was good chatting, and I'm sorry if this came out of my head after the meeting, but I just drafted the lnprototest PR rustyrussell/lnprototest#37 after the meeting and I was able to make some consideration after writing the code.
So, my idea that I shared with @TheBlueMatt is why we care about what we don't receive, and we can be more precise in the fact of what we must not receive.
This will make the spec also less ambiguous, for instance, some things like that
- if there are uncommitted updates pending on the receiving node's commitment transaction: | |
- if `add_htlc` message is received from the received after shutdown, the sender must fail the htlc |
P.S: this make also the lnprototest integration test easy with a single assert MustNodeReceive('add_htlc')
:)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The only reason to have a "black list" is that during the time this black list can blow up?
Spec comment: need to define what a "dangling" commitment is explicitly (and also if we want to use that term or something else). We can add a section here if we like the wording: https://github.com/lightning/bolts/blob/master/00-introduction.md#glossary-and-terminology-guide |
I've changed the wording so "no dangling commitments" is now roughly "no commitments for which a revocation is owed" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, just some format changes
may immediately begin closing negotiation, so we ban further updates | ||
to the commitment transaction (in particular, `update_fee` would be | ||
possible otherwise). | ||
HTLCs will be added or accepted. Once any HTLCs are cleared, there are no commitments |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
HTLCs will be added or accepted. Once any HTLCs are cleared, there are no commitments | |
HTLCs will be added or accepted. Once any HTLCs are cleared, there are no commitments |
02-peer-protocol.md
Outdated
- if neither side has a commitment for which a revocation is owed and neither | ||
commitment contains any HTLCs (including dust HTLCs): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
- if neither side has a commitment for which a revocation is owed and neither | |
commitment contains any HTLCs (including dust HTLCs): | |
- if neither side has a commitment for which a revocation is owed and neither | |
commitment contains any HTLCs (including dust HTLCs): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks mostly good to me, this is more clear now and I think this is the behavior we want.
This commit ensures closing_signed can only begin if there are no dangling commitments. It also clarifies update_fee requirements if it is sent after shutdown.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ACK baae0e9
This closes #964, correct? |
Closes #964