-
Notifications
You must be signed in to change notification settings - Fork 491
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Clarify channel_reestablish
requirements
#1049
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -1445,10 +1445,10 @@ A node: | |
- if `next_commitment_number` is not 1 greater than the | ||
commitment number of the last `commitment_signed` message the receiving | ||
node has sent: | ||
- SHOULD send an `error` and fail the channel. | ||
- SHOULD send an `error`. | ||
- if it has not sent `commitment_signed`, AND `next_commitment_number` | ||
is not equal to 1: | ||
- SHOULD send an `error` and fail the channel. | ||
- SHOULD send an `error`. | ||
- if `next_revocation_number` is equal to the commitment number of | ||
the last `revoke_and_ack` the receiving node sent, AND the receiving node | ||
hasn't already received a `closing_signed`: | ||
|
@@ -1460,10 +1460,10 @@ A node: | |
- otherwise: | ||
- if `next_revocation_number` is not equal to 1 greater than the | ||
commitment number of the last `revoke_and_ack` the receiving node has sent: | ||
- SHOULD send an `error` and fail the channel. | ||
- SHOULD send an `error`. | ||
- if it has not sent `revoke_and_ack`, AND `next_revocation_number` | ||
is not equal to 0: | ||
- SHOULD send an `error` and fail the channel. | ||
- SHOULD send an `error`. | ||
|
||
A receiving node: | ||
- if `option_static_remotekey` applies to the commitment transaction: | ||
|
@@ -1472,9 +1472,10 @@ A node: | |
`next_revocation_number` minus 1: | ||
- MUST NOT broadcast its commitment transaction. | ||
- SHOULD send an `error` to request the peer to fail the channel. | ||
- if `your_last_per_commitment_secret` does not match the expected values: | ||
- SHOULD send an `error` and fail the channel (the sending node is lying). | ||
- otherwise: | ||
- if `your_last_per_commitment_secret` does not match the expected values: | ||
- SHOULD send an `error` and fail the channel. | ||
- SHOULD send an `error`. | ||
- otherwise, if it supports `option_data_loss_protect`: | ||
- if `next_revocation_number` is greater than expected above, AND | ||
`your_last_per_commitment_secret` is correct for that | ||
|
@@ -1483,9 +1484,10 @@ A node: | |
- SHOULD send an `error` to request the peer to fail the channel. | ||
- SHOULD store `my_current_per_commitment_point` to retrieve funds | ||
should the sending node broadcast its commitment transaction on-chain. | ||
- otherwise (`your_last_per_commitment_secret` or `my_current_per_commitment_point` | ||
do not match the expected values): | ||
- SHOULD send an `error` and fail the channel. | ||
- if `your_last_per_commitment_secret` does not match the expected values: | ||
- SHOULD send an `error` and fail the channel (the sending node is lying). | ||
- otherwise: | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. I think this extra clause is out of place? Or is it meant to be a final There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It is currently under the "otherwise, if it supports
But this is wrong, because that otherwise also includes the case where both nodes are correctly up-to-date, so we shouldn't tell peers to send an error in that case... More generally, I'm thinking that I should instead more heavily rework the requirements to be almost pseudo-code, based on what eclair currently does. This way it should be obvious to transform it to code in any language, and we'd be sure we have exactly the same behavior. I'll try that approach in a separate PR (it won't be trivial to review!). |
||
- SHOULD send an `error`. | ||
|
||
A node: | ||
- MUST NOT assume that previously-transmitted messages were lost, | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I started with the smallest changes possible, but I find it weird that we have those requirements in the
A node
section and not in theA receiving node
section, they only make sense once you've received the remotechannel_reestablish
, don't they? Should I move those in thereceiving node
section below?There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah this also tripped me up as well when re-reading this section recently (had been a looong time since I had to dive into this section). I recall that during the past spec meeting in Oakland, @rustyrussell had a sort of mini session near the end explaining how to properly write out these types of requirements to minimize ambiguity....don't think any one took notes though