From ae1288d8cc3840b84f9e28ec0be2316c94cfb010 Mon Sep 17 00:00:00 2001 From: Valentine Wallace Date: Thu, 11 Jan 2024 20:11:14 -0500 Subject: [PATCH 1/7] Add failed_within_blinded_path to onion util internal struct. Will be used to ensure correctness when we store previously failed blinded paths to avoid retrying over them. --- lightning/src/ln/onion_utils.rs | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/lightning/src/ln/onion_utils.rs b/lightning/src/ln/onion_utils.rs index 99e3e965a9a..be984858b01 100644 --- a/lightning/src/ln/onion_utils.rs +++ b/lightning/src/ln/onion_utils.rs @@ -463,6 +463,7 @@ pub(super) fn process_onion_failure( network_update: Option, short_channel_id: Option, payment_failed_permanently: bool, + failed_within_blinded_path: bool, } let mut res: Option = None; let mut htlc_msat = *first_hop_htlc_msat; @@ -488,7 +489,8 @@ pub(super) fn process_onion_failure( error_code_ret = Some(BADONION | PERM | 24); // invalid_onion_blinding error_packet_ret = Some(vec![0; 32]); res = Some(FailureLearnings { - network_update: None, short_channel_id: None, payment_failed_permanently: false + network_update: None, short_channel_id: None, payment_failed_permanently: false, + failed_within_blinded_path: true, }); return }, @@ -520,7 +522,8 @@ pub(super) fn process_onion_failure( } res = Some(FailureLearnings { - network_update: None, short_channel_id: None, payment_failed_permanently: false + network_update: None, short_channel_id: None, payment_failed_permanently: false, + failed_within_blinded_path: true, }); return } @@ -550,7 +553,8 @@ pub(super) fn process_onion_failure( }); let short_channel_id = Some(route_hop.short_channel_id); res = Some(FailureLearnings { - network_update, short_channel_id, payment_failed_permanently: is_from_final_node + network_update, short_channel_id, payment_failed_permanently: is_from_final_node, + failed_within_blinded_path: false }); return } @@ -706,7 +710,8 @@ pub(super) fn process_onion_failure( res = Some(FailureLearnings { network_update, short_channel_id, - payment_failed_permanently: error_code & PERM == PERM && is_from_final_node + payment_failed_permanently: error_code & PERM == PERM && is_from_final_node, + failed_within_blinded_path: false }); let (description, title) = errors::get_onion_error_description(error_code); @@ -717,7 +722,7 @@ pub(super) fn process_onion_failure( } }).expect("Route that we sent via spontaneously grew invalid keys in the middle of it?"); if let Some(FailureLearnings { - network_update, short_channel_id, payment_failed_permanently + network_update, short_channel_id, payment_failed_permanently, failed_within_blinded_path }) = res { DecodedOnionFailure { network_update, short_channel_id, payment_failed_permanently, From 75a1c47b192b693c08645d6a6697ad6d37839220 Mon Sep 17 00:00:00 2001 From: Valentine Wallace Date: Fri, 12 Jan 2024 11:35:08 -0500 Subject: [PATCH 2/7] Add failed_within_blinded_path to DecodedOnionFailure. Will be used to ensure correctness when we store previously failed blinded paths to avoid retrying over them. --- lightning/src/ln/onion_utils.rs | 5 ++++- lightning/src/ln/outbound_payment.rs | 9 +++++---- 2 files changed, 9 insertions(+), 5 deletions(-) diff --git a/lightning/src/ln/onion_utils.rs b/lightning/src/ln/onion_utils.rs index be984858b01..ea6563d445d 100644 --- a/lightning/src/ln/onion_utils.rs +++ b/lightning/src/ln/onion_utils.rs @@ -429,6 +429,7 @@ pub(crate) struct DecodedOnionFailure { pub(crate) network_update: Option, pub(crate) short_channel_id: Option, pub(crate) payment_failed_permanently: bool, + pub(crate) failed_within_blinded_path: bool, #[cfg(test)] pub(crate) onion_error_code: Option, #[cfg(test)] @@ -725,7 +726,7 @@ pub(super) fn process_onion_failure( network_update, short_channel_id, payment_failed_permanently, failed_within_blinded_path }) = res { DecodedOnionFailure { - network_update, short_channel_id, payment_failed_permanently, + network_update, short_channel_id, payment_failed_permanently, failed_within_blinded_path, #[cfg(test)] onion_error_code: error_code_ret, #[cfg(test)] @@ -736,6 +737,7 @@ pub(super) fn process_onion_failure( // payment not retryable only when garbage is from the final node DecodedOnionFailure { network_update: None, short_channel_id: None, payment_failed_permanently: is_from_final_node, + failed_within_blinded_path: false, #[cfg(test)] onion_error_code: None, #[cfg(test)] @@ -883,6 +885,7 @@ impl HTLCFailReason { network_update: None, payment_failed_permanently: false, short_channel_id: Some(path.hops[0].short_channel_id), + failed_within_blinded_path: false, #[cfg(test)] onion_error_code: Some(*failure_code), #[cfg(test)] diff --git a/lightning/src/ln/outbound_payment.rs b/lightning/src/ln/outbound_payment.rs index e1748dca7f2..e4158a89ada 100644 --- a/lightning/src/ln/outbound_payment.rs +++ b/lightning/src/ln/outbound_payment.rs @@ -243,7 +243,7 @@ impl PendingOutboundPayment { if insert_res { if let PendingOutboundPayment::Retryable { ref mut pending_amt_msat, ref mut pending_fee_msat, - ref mut remaining_max_total_routing_fee_msat, .. + ref mut remaining_max_total_routing_fee_msat, .. } = self { *pending_amt_msat += path.final_value_msat(); let path_fee_msat = path.fee_msat(); @@ -1604,11 +1604,12 @@ impl OutboundPayments { #[cfg(test)] let DecodedOnionFailure { network_update, short_channel_id, payment_failed_permanently, onion_error_code, - onion_error_data + onion_error_data, failed_within_blinded_path } = onion_error.decode_onion_failure(secp_ctx, logger, &source); #[cfg(not(test))] - let DecodedOnionFailure { network_update, short_channel_id, payment_failed_permanently } = - onion_error.decode_onion_failure(secp_ctx, logger, &source); + let DecodedOnionFailure { + network_update, short_channel_id, payment_failed_permanently, failed_within_blinded_path + } = onion_error.decode_onion_failure(secp_ctx, logger, &source); let payment_is_probe = payment_is_probe(payment_hash, &payment_id, probing_cookie_secret); let mut session_priv_bytes = [0; 32]; From 5c5d6914255c91f983833e2a929fa5b69fe2b26a Mon Sep 17 00:00:00 2001 From: Valentine Wallace Date: Tue, 9 Jan 2024 11:28:38 -0500 Subject: [PATCH 3/7] Persist previously failed blinded paths in RouteParameters. Useful so we don't retry over these paths. --- lightning/src/routing/router.rs | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/lightning/src/routing/router.rs b/lightning/src/routing/router.rs index f79da5ee9ec..44933d67467 100644 --- a/lightning/src/routing/router.rs +++ b/lightning/src/routing/router.rs @@ -711,6 +711,11 @@ pub struct PaymentParameters { /// payment to fail. Future attempts for the same payment shouldn't be relayed through any of /// these SCIDs. pub previously_failed_channels: Vec, + + /// A list of indices corresponding to blinded paths in [`Payee::Blinded::route_hints`] which this + /// payment was previously attempted over and which caused the payment to fail. Future attempts + /// for the same payment shouldn't be relayed through any of these blinded paths. + pub previously_failed_blinded_path_idxs: Vec, } impl Writeable for PaymentParameters { @@ -732,6 +737,7 @@ impl Writeable for PaymentParameters { (7, self.previously_failed_channels, required_vec), (8, *blinded_hints, optional_vec), (9, self.payee.final_cltv_expiry_delta(), option), + (11, self.previously_failed_blinded_path_idxs, required_vec), }); Ok(()) } @@ -750,6 +756,7 @@ impl ReadableArgs for PaymentParameters { (7, previously_failed_channels, optional_vec), (8, blinded_route_hints, optional_vec), (9, final_cltv_expiry_delta, (default_value, default_final_cltv_expiry_delta)), + (11, previously_failed_blinded_path_idxs, optional_vec), }); let blinded_route_hints = blinded_route_hints.unwrap_or(vec![]); let payee = if blinded_route_hints.len() != 0 { @@ -773,6 +780,7 @@ impl ReadableArgs for PaymentParameters { max_channel_saturation_power_of_half: _init_tlv_based_struct_field!(max_channel_saturation_power_of_half, (default_value, unused)), expiry_time, previously_failed_channels: previously_failed_channels.unwrap_or(Vec::new()), + previously_failed_blinded_path_idxs: previously_failed_blinded_path_idxs.unwrap_or(Vec::new()), }) } } @@ -791,6 +799,7 @@ impl PaymentParameters { max_path_count: DEFAULT_MAX_PATH_COUNT, max_channel_saturation_power_of_half: DEFAULT_MAX_CHANNEL_SATURATION_POW_HALF, previously_failed_channels: Vec::new(), + previously_failed_blinded_path_idxs: Vec::new(), } } @@ -829,6 +838,7 @@ impl PaymentParameters { max_path_count: DEFAULT_MAX_PATH_COUNT, max_channel_saturation_power_of_half: DEFAULT_MAX_CHANNEL_SATURATION_POW_HALF, previously_failed_channels: Vec::new(), + previously_failed_blinded_path_idxs: Vec::new(), } } From 23ef2535d0af945061e5bdd279f1cac2d93b3269 Mon Sep 17 00:00:00 2001 From: Valentine Wallace Date: Tue, 9 Jan 2024 11:32:38 -0500 Subject: [PATCH 4/7] Store previously failed blinded paths on outbound payment failure. Useful so we don't retry over these paths. --- lightning/src/ln/outbound_payment.rs | 13 ++++++++++++- lightning/src/routing/router.rs | 13 +++++++++++++ 2 files changed, 25 insertions(+), 1 deletion(-) diff --git a/lightning/src/ln/outbound_payment.rs b/lightning/src/ln/outbound_payment.rs index e4158a89ada..47193bea3f1 100644 --- a/lightning/src/ln/outbound_payment.rs +++ b/lightning/src/ln/outbound_payment.rs @@ -19,7 +19,7 @@ use crate::ln::{PaymentHash, PaymentPreimage, PaymentSecret}; use crate::ln::channelmanager::{ChannelDetails, EventCompletionAction, HTLCSource, PaymentId}; use crate::ln::onion_utils::{DecodedOnionFailure, HTLCFailReason}; use crate::offers::invoice::Bolt12Invoice; -use crate::routing::router::{InFlightHtlcs, Path, PaymentParameters, Route, RouteParameters, Router}; +use crate::routing::router::{BlindedTail, InFlightHtlcs, Path, PaymentParameters, Route, RouteParameters, Router}; use crate::util::errors::APIError; use crate::util::logger::Logger; use crate::util::time::Time; @@ -129,6 +129,11 @@ impl PendingOutboundPayment { params.previously_failed_channels.push(scid); } } + pub fn insert_previously_failed_blinded_path(&mut self, blinded_tail: &BlindedTail) { + if let PendingOutboundPayment::Retryable { payment_params: Some(params), .. } = self { + params.insert_previously_failed_blinded_path(blinded_tail); + } + } fn is_awaiting_invoice(&self) -> bool { match self { PendingOutboundPayment::AwaitingInvoice { .. } => true, @@ -1648,6 +1653,12 @@ impl OutboundPayments { // next-hop is needlessly blaming us! payment.get_mut().insert_previously_failed_scid(scid); } + if failed_within_blinded_path { + debug_assert!(short_channel_id.is_none()); + if let Some(bt) = &path.blinded_tail { + payment.get_mut().insert_previously_failed_blinded_path(&bt); + } else { debug_assert!(false); } + } if payment_is_probe || !is_retryable_now || payment_failed_permanently { let reason = if payment_failed_permanently { diff --git a/lightning/src/routing/router.rs b/lightning/src/routing/router.rs index 44933d67467..284bf62f36e 100644 --- a/lightning/src/routing/router.rs +++ b/lightning/src/routing/router.rs @@ -914,6 +914,19 @@ impl PaymentParameters { pub fn with_max_channel_saturation_power_of_half(self, max_channel_saturation_power_of_half: u8) -> Self { Self { max_channel_saturation_power_of_half, ..self } } + + pub(crate) fn insert_previously_failed_blinded_path(&mut self, failed_blinded_tail: &BlindedTail) { + let mut found_blinded_tail = false; + for (idx, (_, path)) in self.payee.blinded_route_hints().iter().enumerate() { + if failed_blinded_tail.hops == path.blinded_hops && + failed_blinded_tail.blinding_point == path.blinding_point + { + self.previously_failed_blinded_path_idxs.push(idx as u64); + found_blinded_tail = true; + } + } + debug_assert!(found_blinded_tail); + } } /// The recipient of a payment, differing based on whether they've hidden their identity with route From 32ab7a9e4d1200caf5b2e5c9f48c12861dc35fcb Mon Sep 17 00:00:00 2001 From: Valentine Wallace Date: Tue, 9 Jan 2024 11:52:37 -0500 Subject: [PATCH 5/7] Avoid building routes over previously failed blinded payment paths. --- lightning/src/routing/router.rs | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/lightning/src/routing/router.rs b/lightning/src/routing/router.rs index 284bf62f36e..c72e5cd9ae7 100644 --- a/lightning/src/routing/router.rs +++ b/lightning/src/routing/router.rs @@ -1383,6 +1383,15 @@ impl<'a> CandidateRouteHop<'a> { _ => None, } } + fn blinded_hint_idx(&self) -> Option { + match self { + Self::Blinded(BlindedPathCandidate { hint_idx, .. }) | + Self::OneHopBlinded(OneHopBlindedPathCandidate { hint_idx, .. }) => { + Some(*hint_idx) + }, + _ => None, + } + } /// Returns the source node id of current hop. /// /// Source node id refers to the node forwarding the HTLC through this hop. @@ -2134,8 +2143,15 @@ where L::Target: Logger { (amount_to_transfer_over_msat < $next_hops_path_htlc_minimum_msat && recommended_value_msat >= $next_hops_path_htlc_minimum_msat)); - let payment_failed_on_this_channel = scid_opt.map_or(false, - |scid| payment_params.previously_failed_channels.contains(&scid)); + let payment_failed_on_this_channel = match scid_opt { + Some(scid) => payment_params.previously_failed_channels.contains(&scid), + None => match $candidate.blinded_hint_idx() { + Some(idx) => { + payment_params.previously_failed_blinded_path_idxs.contains(&(idx as u64)) + }, + None => false, + }, + }; let (should_log_candidate, first_hop_details) = match $candidate { CandidateRouteHop::FirstHop(hop) => (true, Some(hop.details)), From 8fcfaeb8d5348b739d861655942e8a4fc4764c55 Mon Sep 17 00:00:00 2001 From: Valentine Wallace Date: Tue, 9 Jan 2024 11:53:51 -0500 Subject: [PATCH 6/7] Test util: separate out code to construct a blinded path. --- lightning/src/ln/blinded_payment_tests.rs | 20 ++++++++++++++------ 1 file changed, 14 insertions(+), 6 deletions(-) diff --git a/lightning/src/ln/blinded_payment_tests.rs b/lightning/src/ln/blinded_payment_tests.rs index 9b580d1fa75..22fe1b1a357 100644 --- a/lightning/src/ln/blinded_payment_tests.rs +++ b/lightning/src/ln/blinded_payment_tests.rs @@ -21,15 +21,16 @@ use crate::ln::msgs::ChannelMessageHandler; use crate::ln::onion_utils; use crate::ln::onion_utils::INVALID_ONION_BLINDING; use crate::ln::outbound_payment::Retry; +use crate::offers::invoice::BlindedPayInfo; use crate::prelude::*; use crate::routing::router::{Payee, PaymentParameters, RouteParameters}; use crate::util::config::UserConfig; use crate::util::test_utils; -pub fn get_blinded_route_parameters( - amt_msat: u64, payment_secret: PaymentSecret, node_ids: Vec, +fn blinded_payment_path( + payment_secret: PaymentSecret, node_ids: Vec, channel_upds: &[&msgs::UnsignedChannelUpdate], keys_manager: &test_utils::TestKeysInterface -) -> RouteParameters { +) -> (BlindedPayInfo, BlindedPath) { let mut intermediate_nodes = Vec::new(); for (node_id, chan_upd) in node_ids.iter().zip(channel_upds) { intermediate_nodes.push(ForwardNode { @@ -58,13 +59,20 @@ pub fn get_blinded_route_parameters( }, }; let mut secp_ctx = Secp256k1::new(); - let blinded_path = BlindedPath::new_for_payment( + BlindedPath::new_for_payment( &intermediate_nodes[..], *node_ids.last().unwrap(), payee_tlvs, channel_upds.last().unwrap().htlc_maximum_msat, keys_manager, &secp_ctx - ).unwrap(); + ).unwrap() +} +pub fn get_blinded_route_parameters( + amt_msat: u64, payment_secret: PaymentSecret, node_ids: Vec, + channel_upds: &[&msgs::UnsignedChannelUpdate], keys_manager: &test_utils::TestKeysInterface +) -> RouteParameters { RouteParameters::from_payment_params_and_value( - PaymentParameters::blinded(vec![blinded_path]), amt_msat + PaymentParameters::blinded(vec![ + blinded_payment_path(payment_secret, node_ids, channel_upds, keys_manager) + ]), amt_msat ) } From 5c87f40f6b3b8e20a9c704071e4494d5609df049 Mon Sep 17 00:00:00 2001 From: Valentine Wallace Date: Tue, 9 Jan 2024 11:58:13 -0500 Subject: [PATCH 7/7] Test that we won't retry over previously failed blinded paths. --- lightning/src/ln/blinded_payment_tests.rs | 107 +++++++++++++++++++++- 1 file changed, 106 insertions(+), 1 deletion(-) diff --git a/lightning/src/ln/blinded_payment_tests.rs b/lightning/src/ln/blinded_payment_tests.rs index 22fe1b1a357..69b0e74a02c 100644 --- a/lightning/src/ln/blinded_payment_tests.rs +++ b/lightning/src/ln/blinded_payment_tests.rs @@ -10,7 +10,7 @@ use bitcoin::secp256k1::{PublicKey, Secp256k1, SecretKey}; use crate::blinded_path::BlindedPath; use crate::blinded_path::payment::{ForwardNode, ForwardTlvs, PaymentConstraints, PaymentRelay, ReceiveTlvs}; -use crate::events::{HTLCDestination, MessageSendEvent, MessageSendEventsProvider}; +use crate::events::{Event, HTLCDestination, MessageSendEvent, MessageSendEventsProvider, PaymentFailureReason}; use crate::ln::PaymentSecret; use crate::ln::channelmanager; use crate::ln::channelmanager::{PaymentId, RecipientOnionFields}; @@ -708,3 +708,108 @@ fn do_multi_hop_receiver_fail(check: ReceiveCheckFail) { expect_payment_failed_conditions(&nodes[0], payment_hash, false, PaymentFailedConditions::new().expected_htlc_error_data(INVALID_ONION_BLINDING, &[0; 32])); } + +#[test] +fn blinded_path_retries() { + let chanmon_cfgs = create_chanmon_cfgs(4); + // Make one blinded path's fees slightly higher so they are tried in a deterministic order. + let mut higher_fee_chan_cfg = test_default_channel_config(); + higher_fee_chan_cfg.channel_config.forwarding_fee_base_msat += 1; + let node_cfgs = create_node_cfgs(4, &chanmon_cfgs); + let node_chanmgrs = create_node_chanmgrs(4, &node_cfgs, &[None, None, Some(higher_fee_chan_cfg), None]); + let mut nodes = create_network(4, &node_cfgs, &node_chanmgrs); + + // Create this network topology so nodes[0] has a blinded route hint to retry over. + // n1 + // / \ + // n0 n3 + // \ / + // n2 + create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 1_000_000, 0); + create_announced_chan_between_nodes_with_value(&nodes, 0, 2, 1_000_000, 0); + let chan_1_3 = create_announced_chan_between_nodes_with_value(&nodes, 1, 3, 1_000_000, 0); + let chan_2_3 = create_announced_chan_between_nodes_with_value(&nodes, 2, 3, 1_000_000, 0); + + let amt_msat = 5000; + let (_, payment_hash, payment_secret) = get_payment_preimage_hash(&nodes[3], Some(amt_msat), None); + let route_params = { + let pay_params = PaymentParameters::blinded( + vec![ + blinded_payment_path(payment_secret, + vec![nodes[1].node.get_our_node_id(), nodes[3].node.get_our_node_id()], &[&chan_1_3.0.contents], + &chanmon_cfgs[3].keys_manager + ), + blinded_payment_path(payment_secret, + vec![nodes[2].node.get_our_node_id(), nodes[3].node.get_our_node_id()], &[&chan_2_3.0.contents], + &chanmon_cfgs[3].keys_manager + ), + ] + ) + .with_bolt12_features(channelmanager::provided_bolt12_invoice_features(&UserConfig::default())) + .unwrap(); + RouteParameters::from_payment_params_and_value(pay_params, amt_msat) + }; + + nodes[0].node.send_payment(payment_hash, RecipientOnionFields::spontaneous_empty(), PaymentId(payment_hash.0), route_params.clone(), Retry::Attempts(2)).unwrap(); + check_added_monitors(&nodes[0], 1); + pass_along_route(&nodes[0], &[&[&nodes[1], &nodes[3]]], amt_msat, payment_hash, payment_secret); + + macro_rules! fail_payment_back { + ($intro_node: expr) => { + nodes[3].node.fail_htlc_backwards(&payment_hash); + expect_pending_htlcs_forwardable_conditions( + nodes[3].node.get_and_clear_pending_events(), &[HTLCDestination::FailedPayment { payment_hash }] + ); + nodes[3].node.process_pending_htlc_forwards(); + check_added_monitors!(nodes[3], 1); + + let updates = get_htlc_update_msgs!(nodes[3], $intro_node.node.get_our_node_id()); + assert_eq!(updates.update_fail_malformed_htlcs.len(), 1); + let update_malformed = &updates.update_fail_malformed_htlcs[0]; + assert_eq!(update_malformed.sha256_of_onion, [0; 32]); + assert_eq!(update_malformed.failure_code, INVALID_ONION_BLINDING); + $intro_node.node.handle_update_fail_malformed_htlc(&nodes[3].node.get_our_node_id(), update_malformed); + do_commitment_signed_dance(&$intro_node, &nodes[3], &updates.commitment_signed, true, false); + + let updates = get_htlc_update_msgs!($intro_node, nodes[0].node.get_our_node_id()); + assert_eq!(updates.update_fail_htlcs.len(), 1); + nodes[0].node.handle_update_fail_htlc(&$intro_node.node.get_our_node_id(), &updates.update_fail_htlcs[0]); + do_commitment_signed_dance(&nodes[0], &$intro_node, &updates.commitment_signed, false, false); + + let mut events = nodes[0].node.get_and_clear_pending_events(); + assert_eq!(events.len(), 2); + match events[0] { + Event::PaymentPathFailed { payment_hash: ev_payment_hash, payment_failed_permanently, .. } => { + assert_eq!(payment_hash, ev_payment_hash); + assert_eq!(payment_failed_permanently, false); + }, + _ => panic!("Unexpected event"), + } + match events[1] { + Event::PendingHTLCsForwardable { .. } => {}, + _ => panic!("Unexpected event"), + } + nodes[0].node.process_pending_htlc_forwards(); + } + } + + fail_payment_back!(nodes[1]); + + // Pass the retry along. + check_added_monitors!(nodes[0], 1); + let mut msg_events = nodes[0].node.get_and_clear_pending_msg_events(); + assert_eq!(msg_events.len(), 1); + pass_along_path(&nodes[0], &[&nodes[2], &nodes[3]], amt_msat, payment_hash, Some(payment_secret), msg_events.pop().unwrap(), true, None); + + fail_payment_back!(nodes[2]); + let evs = nodes[0].node.get_and_clear_pending_events(); + assert_eq!(evs.len(), 1); + match evs[0] { + Event::PaymentFailed { payment_hash: ev_payment_hash, reason, .. } => { + assert_eq!(ev_payment_hash, payment_hash); + // We have 1 retry attempt remaining, but we're out of blinded paths to try. + assert_eq!(reason, Some(PaymentFailureReason::RouteNotFound)); + }, + _ => panic!() + } +}