Restrict data_loss_protect to init context #726
Conversation
Sender should be able to route through a node advertising unknown init feature flags as these ones may not interfer at all with package processing.
|
It feels useful to me to have Imagine you want to only connect to nodes that offer Honestly I'd put everything in node announcement, that ensures peers can find you easily; the only exception of |
|
Right, but the point is that we're mixing uses here - node_announce includes flags which restrict when you can route through a node as well as when you can connect. In data_loss_protect we already have an example of something which clearly requires one and not the other. We could redefine node_context, of course, but I don't see very much wrong with probing. Its not like you should be opening channels to random nodes you find in the route graph (without additional restrictions) anyway. |
|
Let's say we introduce some Probing isn't great but would work, I'm fine to let dlp as it is, I just want to document this issue to avoid missing in it in the future when we'll need to fix it. At that time we can extend DNS records, split node context into sub-domains, extend node_announcement, ... |
Same, if it can be used for preferential peer selection of channel creation, then it should be in the node announcement.
Only if the bit is set to required. On the routing level, nodes should be looking at individual channels rather than solely the node announcement. It's also the case that you don't actually need a node's ann in order to route through it, and you may have all the channel details but not the node announcement. |
This highlights an alternative way to solve this: make node_announcement features mirror init features in that they are the things that a node wants their peers to have, but dont set routing-related things in it. This would imply removing eg var_onion_optin from node_announcement context features. |
Onion decoding as is, is a node-level task independent of channels. Therefore it should continue to reside in node anns. In the end, the feature bit unification helped to create a series of more explicit name spaces for features, but certain special cases like TLV in the onion payload still apply. |
What do you mean by this ? We have to decide ether if node semantic is connect-to or route-through. Right now it's both. |
|
A further question came up for us - if a node announces a channel_announcement with unknown required feature bits in it, but we're directly connected to them, what the hell should we do with that? Clearly if they're requiring something to route through them that we dont understand, we shouldn't keep our channel with them, but we're not guaranteed to even get such a notice if the channel isn't public. It seems init and channel and node context kinda all need to be merged to resolve this :(. |
|
The discussion helped me understand better the underlying concern (which I had missed initially). IIUC your point is that I agree with @Roasbeef here: I see It does make the feature bits analysis more complicated. I think a reasonable way of doing it would be to look at the Do you think that makes sense? I think you're raising an interesting issue, and it's worth spending some time on clarifying that area of the spec. |
That's tricky...I think that should be resolved by adding feature bits to I think it will be easier to answer that question when we study an actual feature example; a concrete use-case will likely teach us useful lessons. |
Hmm, I dont think we need to be that restrictive. As long as the peers have a good way of negotiating when they're both ready for a feature, they can update it, of course we'd need to build such a negotiation... Still, I think we've detected enough issues with flat features at this point that we should discuss in the meeting. The "easy" answer is to leave it mostly as is, and just add guidance to the spec discussing these issues and note that there should only very rarely ever be a case where you want to add a feature bit which is not in every context. |
I don't think the issues are about flat features (i.e., the fact that feature bits don't collide), we just found issues with the "just stuff the same bits in all places" part, which might cause some issues when interpreting them 😉 |
|
To a large extent the issue is that we *don’t* stuff the same bits everywhere anymore. Merging everything into one giant features set would solve most of the issues. In any case I suppose we should discuss in two weeks some today is a ‘murican holiday.
… On Jan 20, 2020, at 13:28, Christian Decker ***@***.***> wrote:
Still, I think we've detected enough issues with flat features at this point that we should discuss in the meeting. The "easy" answer is to leave it mostly as is, and just add guidance to the spec discussing these issues and note that there should only very rarely ever be a case where you want to add a feature bit which is not in every context.
I don't think the issues are about flat features (i.e., the fact that feature bits don't collide), we just found issues with the "just stuff the same bits in all places" part, which might cause some issues when interpreting them 😉
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub, or unsubscribe.
|
|
OK, we should use the same (currently unused) notation as we do for channel announcements: in this case, "N-" meaning "always advertize it in node_announcement as odd, even if it's normally even". That means it doesn't prevent routing, but you still notify others you support it. If they connect, they'll see it as even in the init msg, and if they don't understand it they'll fail at that stage as designed. |
|
This issue has been discussed during the 2020/01/20 spec meeting In particular it was mentioned that we should differentiate between signaling
The distinction mentioned by @rustyrussell above allows us to specify whether Closing this as per spec meeting. |
|
Hmm, based on your summary it seems there is quite some misunderstanding at the heart of the issue here. This certainly wasn’t intended as a comment in data_loss_protect, it was only used as an example to demonstrate the lack of flexibility the current system allows, specifically as it relates to unknown features. Let me restate the issue and maybe we can all get on the same page before discussing it further: As came in both in the discussion you described and in Laolu’s comments on #723, unknown features in node_announcements may have several different meanings: both “I cannot connect to this peer” and “I cannot route through/to this peer “. #723 clarified that they are currently both to keep it consistent with the TLV/MPP features appearing in both, but Laolu’s comment post-merge indicate he thought it was only “connect to” (and channel_announcement features were for routing). Indeed, it seems to me it’s somewhat critical that we have the ability to signal “no connection, but routing is fine” given the conversation. In any case, the section on what to do with such bits very clearly needs a lot more depth (as well as reasoning so that future new bits Do The Right Thing). We could, for example, specify that node_announcements should contain a superset of what you’ll include in channel_announcements (and init would be a superset and the latest version of that) on the basis that if you can’t route through it, you shouldn’t connect to it (which confuses me why @rustyrussell commented above that we would ever announce something in the node_announcement as odd if its even in the channel announcements that node will want to generate). This would not imply any restrictions on invoice features as receiving is different than routing, and you may want to connect/route through a node that you cannot send to. However, of course, this poses an issue for spontaneous payments (or any payment without an invoice) given that you’ll need a way to signal features that would appear in an invoice without polluting the namespace in channel/node/init announcements. |
The way I understood the conclusion of the spec meeting is that Related to the current PR, we had a NACK for the specific case of removing However we agreed that some work was needed to clarify the overall issue of "feature bits to route through vs feature bits to connect", and that a new PR should be opened for that (introducing |
Somehow I totally missed that this was a PR not an issue. So my bad on that one... In any case, the points I made are still valid, and I don't think |
A sender should be able to route through a node even if it doesn't understand init features flag advertised by latter one. For e.g, for a Alice -> Bob -> Dave payment path, Alice should be able to route through Dave even if she doesn't support data_loss_protect as this a connection-only feature.
Right now it's not an issue because everyone implements data_loss_protect (and we may let the feature flag as it is given that's a legacy, pre-flat feature one) but should be aware about this issue if we devise further gentleman policy features a la data_loss_protect, than current contexts don't catch faithfully this class of features. Currently, a node new feature will be seen as unknown by non-upgraded nodes without being able to dissociate between connection-only and packet-processing. Though it lets unsolved how you'll learn about peer supporting without trying to connect first..