Update channel_reestablish for splicing

[jkczyz]

The splicing spec extends the channel_reestablish message with two more TLVs indicating which funding txid the sender has sent/received either explicitly via splice_locked or implicitly via channel_ready. This allows peers to detect if a splice_locked was lost during disconnection and must be retransmitted.

To this end, the spec updates the channel_reestablish logic to support splicing.

[ldk-reviews-bot]

👋 Thanks for assigning @TheBlueMatt as a reviewer!
I'll wait for their review and will help manage the review process.
Once they submit their review, I'll check if a second reviewer would be helpful.

[ldk-reviews-bot]

🔔 1st Reminder

Hey @wpaulino! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

[jkczyz]

@wpaulino Ready for review now.

[codecov]

Codecov Report

Attention: Patch coverage is 60.06826% with 117 lines in your changes missing coverage. Please review.

Project coverage is 89.51%. Comparing base (82519a2) to head (8004c6f).
Report is 24 commits behind head on main.

Files with missing lines	Patch %	Lines
lightning/src/ln/channel.rs	45.49%	106 Missing and 9 partials ⚠️
lightning/src/ln/channelmanager.rs	92.00%	0 Missing and 2 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #3886      +/-   ##
==========================================
+ Coverage   88.83%   89.51%   +0.68%     
==========================================
  Files         166      166              
  Lines      119259   128842    +9583     
  Branches   119259   128842    +9583     
==========================================
+ Hits       105943   115339    +9396     
- Misses      10988    11101     +113     
- Partials     2328     2402      +74     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[ldk-reviews-bot]

🔔 2nd Reminder

Hey @wpaulino! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

[ldk-reviews-bot]

🔔 3rd Reminder

Hey @wpaulino! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

[ldk-reviews-bot]

🔔 4th Reminder

Hey @wpaulino! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

[ldk-reviews-bot]

🔔 5th Reminder

Hey @wpaulino! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

[ldk-reviews-bot]

🔔 6th Reminder

Hey @wpaulino! This PR has been waiting for your review.
Please take a look when you have a chance. If you're unable to review, please let us know so we can find another reviewer.

[jkczyz]

Rebased.

[wpaulino]

We may need to double check our incoming channel_ready handling to make sure we can handle receiving one long after channel_ready was already exchanged due to the new logic surrounding your_last_funding_locked_txid.

[wpaulino]

Since the TLVs are optional, I don't think we really need to check this and can always set them

[jkczyz]

Hmm.. if the implementation supports splicing but didn't set the feature bit, won't they understand the TLV?

[wpaulino]

Yes. This method is only for an outgoing channel_reestablish so they'll just ignore the TLV if they don't support splicing.

[jkczyz]

Ah, I was overloading "supporting" here. What I meant was that the other implementation supported splicing in the sense they have code written. But for whatever reason they chose not to set the feature bit in their init message. In that sense, they might not ignore the TLV?

I guess in our implementation here we don't really do any checks around this but should always do the right thing (i.e., never send splice_locked) since in the above scenario as we'd never have any FundingScope where is_splice is true.

Though, it doesn't seem like we check their feature bits when handling any splice-related messages. Do we care if they tell us they don't support splicing but send us those messages anyway? At very least it seems we should check if they support splicing before attempting to initiate a splice.

[wpaulino]

Do we care if they tell us they don't support splicing but send us those messages anyway?

I don't think so, them sending the message implies they should support it?

At very least it seems we should check if they support splicing before attempting to initiate a splice.

Yeah we should always check they support a feature before we attempt to use it. The channel_reestablish TLVs are a bit different as they're not a feature on their own, and are odd so they can be ignored if not supported.

[TheBlueMatt]

They also have a perfectly valid meaning outside of a splicing context. I agree, I see no reason to not just always send them (even without the cfg).

[jkczyz]

Alright, dropped the part needing init features.

[ldk-reviews-bot]

👋 The first review has been submitted!

Do you think this PR is ready for a second reviewer? If so, click here to assign a second reviewer.

[jkczyz]

We may need to double check our incoming channel_ready handling to make sure we can handle receiving one long after channel_ready was already exchanged due to the new logic surrounding your_last_funding_locked_txid.

ACK. Also need to address https://github.com/lightningdevkit/rust-lightning/pull/3736/files#r2133028859.

[jkczyz]

Hmm.. if the implementation supports splicing but didn't set the feature bit, won't they understand the TLV?

[jkczyz]

Also need to address https://github.com/lightningdevkit/rust-lightning/pull/3736/files#r2133028859.

Latest push adds some commits to address this.

[jkczyz]

We may need to double check our incoming channel_ready handling to make sure we can handle receiving one long after channel_ready was already exchanged due to the new logic surrounding your_last_funding_locked_txid.

Looks like we have some logic below. I think the catch-all case still holds? We should only receive a channel_ready if we didn't set your_last_funding_locked_txid.

rust-lightning/lightning/src/ln/channel.rs

Lines 6491 to 6519 in 42085b9

	// If we reconnected before sending our `channel_ready` they may still resend theirs.
	ChannelState::ChannelReady(_) => check_reconnection = true,
	_ => return Err(ChannelError::close("Peer sent a channel_ready at a strange time".to_owned())),
	}
	if check_reconnection {
	// They probably disconnected/reconnected and re-sent the channel_ready, which is
	// required, or they're sending a fresh SCID alias.
	let expected_point =
	if self.context.cur_counterparty_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 1 {
	// If they haven't ever sent an updated point, the point they send should match
	// the current one.
	self.context.counterparty_cur_commitment_point
	} else if self.context.cur_counterparty_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 2 {
	// If we've advanced the commitment number once, the second commitment point is
	// at `counterparty_prev_commitment_point`, which is not yet revoked.
	debug_assert!(self.context.counterparty_prev_commitment_point.is_some());
	self.context.counterparty_prev_commitment_point
	} else {
	// If they have sent updated points, channel_ready is always supposed to match
	// their "first" point, which we re-derive here.
	Some(PublicKey::from_secret_key(&self.context.secp_ctx, &SecretKey::from_slice(
	&self.context.commitment_secrets.get_secret(INITIAL_COMMITMENT_NUMBER - 1).expect("We should have all prev secrets available")
	).expect("We already advanced, so previous secret keys should have been validated already")))
	};
	if expected_point != Some(msg.next_per_commitment_point) {
	return Err(ChannelError::close("Peer sent a reconnect channel_ready with a different point".to_owned()));
	}
	return Ok(None);
	}

[wpaulino]

Why not set the flag above?

[jkczyz]

There are other error conditions, which could prevent us from assigning interactive_tx_signing_session to Some.

[wpaulino]

Debug/trace instead?

[jkczyz]

This is maintaining the existing logging level. Should we reduce it?

[wpaulino]

Let's also rename the method to be v2 specific

[jkczyz]

Added a commit renaming this and another similarly named method to make them consistent.

[wpaulino]

Should be a ProcessingError instead

[jkczyz]

Should we do the same in funding_tx_constructed? It was already using HolderForceClosed.

[wpaulino]

A comment here would be nice

[jkczyz]

Added the spec requirements. Let me know if there is something more specific to our implementation that we should say. I can't quite recall the exact reason behind this.

[wpaulino]

Isn't it enough to just check pending_splice.sent_funding_txid?

[jkczyz]

IIUC, we may have already promoted the splice.

[wpaulino]

So this is handling the case where we sent channel_ready on txid A, they processed it, but now we have a channel_ready for txid B that we need to send? Basically the following case in splicing but for channel_ready:

let splice_locked = msg
	// A receiving node:
	//   - if `your_last_funding_locked` is set and it does not match the most recent
	//     `splice_locked` it has sent:
	//     - MUST retransmit `splice_locked`.
	.your_last_funding_locked_txid
	.and_then(|last_funding_txid| {
		sent_splice_txid.filter(|sent_splice_txid| last_funding_txid != *sent_splice_txid)
	})

I don't think this is possible in LDK today, we seem to close the channel once the funding becomes unconfirmed after having sent channel_ready (see do_best_block_updated). I guess it can happen once we support dual funding RBF? One RBF confirms to one node, but another confirms to the other, and now we need to recover via this mechanism.

[jkczyz]

Yeah, I think you're right. Though your_last_funding_locked_txid is the one they said we sent them in channel_ready. So for dual funding RBF it would need to be a re-org? i.e., we initially sent channel_ready for your_last_funding_locked_txid but while disconnected there was a re-org and another RBF candidate confirmed.

[TheBlueMatt]

Didn't get all the way through but a few comments.

[TheBlueMatt]

They also have a perfectly valid meaning outside of a splicing context. I agree, I see no reason to not just always send them (even without the cfg).

[TheBlueMatt]

Honestly I'm not sure what the harm is in duplicatively sending channel_ready/splice_locked? We could cut down on a lot of the code here if we just always sent it, and it seems like that should be fine, does the spec allow for it/require clients ignore extra retransmissions?

[jkczyz]

Immediately after that part of the spec, it states:

  - otherwise:
    - MUST NOT retransmit `channel_ready`, but MAY send `channel_ready` with
      a different `short_channel_id` `alias` field.
  - upon reconnection:
    - MUST ignore any redundant `channel_ready` it receives.

So it seems we may be able to just always re-transmit channel_ready. I don't see anything explicit about splice_locked. FWIW, I broached the subject about cleaning up the language in the spec recently: https://github.com/lightning/bolts/pull/1160/files#r2167803850

[TheBlueMatt]

We haven't "negtotiated" splicing unless we also set the bit, which is controlled by our config, so we need to check that.

[jkczyz]

Will we want a config option? Or should we always send init with the feature bit set?

[TheBlueMatt]

Oh, I guess maybe not? Might be worth just calling provided_init_features(config) and checking if its set cause we may decide something else later.

[jkczyz]

Right, though seems like we should also check their_features given this would otherwise affect channel_ready behavior when they don't support splicing but we do.

[TheBlueMatt]

Gah, so now we have a commitment number for which we only have a commitment tx on one funding context but not the others? Bleh.

[jkczyz]

Hmmm... @wpaulino and I were walking through this the other day, but I can't recall exactly why self.holder_commitment_point.transaction_number() would have advanced here.

[TheBlueMatt]

It feels wrong? Like, we should get a new commitment_signed for the new funding at the same index as the current commitment_signed we have for the existing funding, but its also possible the spec wants a new index, that just sucks.

[jkczyz]

So the original requirements are:

The sending node:
  - MUST set `next_commitment_number` to the commitment number of the
  next `commitment_signed` it expects to receive.

Which in our code we had represented as:

INITIAL_COMMITMENT_NUMBER - self.holder_commitment_point.transaction_number()

IIUC, we are subtracting from INITIAL_COMMITMENT_NUMBER because transaction_number is initialized by INITIAL_COMMITMENT_NUMBER (counting down) but next_commitment_number is suppose to count up from 0, according to the spec:

`next_commitment_number`: A commitment number is a 48-bit
incrementing counter for each commitment transaction; counters
are independent for each peer in the channel and start at 0.
They're only explicitly relayed to the other node in the case of
re-establishment, otherwise they are implicit.

Then the splicing spec added the last two lines of the following:

  - if it has sent `commitment_signed` for an interactive transaction construction but
    it has not received `tx_signatures`:
    - MUST set `next_funding_txid` to the txid of that interactive transaction.
    - if it has not received `commitment_signed` for that interactive transaction:
      - MUST set `next_commitment_number` to the commitment number of the `commitment_signed` it sent.

So I think the intention of adding 1 here was to get the previous commitment number (i.e., the one for thecommitment_signed we had sent)... are we assuming was it advanced then? This is where I'm a little foggy. But if that's suppose to be the intention, shouldn't we subtract given next_commitment_number is suppose to be counting up?

[jkczyz]

Need to dig into the spec for a couple comments still. Wanted to respond to everything else in the meanwhile.

[jkczyz]

Will we want a config option? Or should we always send init with the feature bit set?

[jkczyz]

There are other error conditions, which could prevent us from assigning interactive_tx_signing_session to Some.

[jkczyz]

This is maintaining the existing logging level. Should we reduce it?

[jkczyz]

Should we do the same in funding_tx_constructed? It was already using HolderForceClosed.

[jkczyz]

Hmmm... @wpaulino and I were walking through this the other day, but I can't recall exactly why self.holder_commitment_point.transaction_number() would have advanced here.

[jkczyz]

Added the spec requirements. Let me know if there is something more specific to our implementation that we should say. I can't quite recall the exact reason behind this.

[jkczyz]

IIUC, we may have already promoted the splice.

[jkczyz]

Alright, dropped the part needing init features.

[jkczyz]

Added a commit renaming this and another similarly named method to make them consistent.