watchtower: anchor channel support#4782
Conversation
cfromknecht
force-pushed
the
anchor-wtserver
branch
from
c731379 to
fb4abac
Compare
Roasbeef
left a comment
Roasbeef
left a comment
There was a problem hiding this comment.
First pass, need to revisit the codebase as a whole before the second pass as it's been a while since I've reviewed code in this area. At a high level though, I think the duplicate client route in the short-term makes the set of changes quite easy to follow, and it can eventually be generalized to a specific channel for each possibly future channel type.
There was a problem hiding this comment.
Alternatively, this could be abstracted to use something similar to the session filter higher level function: the link calls something like TowerClient(chanType) and has that return the proper tower client. Once we also add more commitment types, this'll allow the link to be less cluttered by this selection logic.
There was a problem hiding this comment.
i was also thinking of another approach, where the peer selects the appropriate tower client to give to the link. since the two clients share the same interface, the link can be completely unaware as to which is the underlying. main benefit would be less code changes in the link and no function invocation overhead
There was a problem hiding this comment.
what is the reason we need it to be separate?
There was a problem hiding this comment.
Currently each "client" has a full pipeline that is capable of processing backups for a specific channel type, each maintains its own set tower candidates/state machines/session queues/etc. The option was either to multiplex inside the client, but that seemed pretty invasive and more risky given that the full flow operates pretty reliably today. We decided to go with the approach of just spinning up two separate clients so that each is fully isolated and we know their wont be any unexpected bugs introduced there.
Down the road, the goal would be to add another layer of multiplexing between the links and the "clients", which facilitates sending channel updates to the correct pipelines. For now since we only have two, it is easier just to expose the multiplexing in the link/peer. However, as we start to add more channel types, e.g. anchor-zero-fee-htlc, anchor-taproot, etc, we plan on circling back so that lnd just sees one unified megaclient that handles everything under the hood.
Adds the optional/required feature bit pair for negotiating sessions for anchor channels under features bits 2+3.
cfromknecht
force-pushed
the
anchor-wtserver
branch
from
fb4abac to
c7a30f6
Compare
cfromknecht
force-pushed
the
anchor-wtserver
branch
from
c82ed78 to
014f914
Compare
cfromknecht
force-pushed
the
anchor-wtserver
branch
from
014f914 to
f3c8311
Compare
Roasbeef
left a comment
Roasbeef
left a comment
There was a problem hiding this comment.
Changes looking really solid now! Main thing I want to do before merge is update my own client to get a feel for if we're missing anything UX wise on the CLI with the new set of commands.
LGTM ☄️
halseth
left a comment
halseth
left a comment
There was a problem hiding this comment.
Looks very good! Just a few questions really, otherwise this LGTM 💯
| // transactions. | ||
| if t.chanType.HasAnchors() { | ||
| weightEstimate.AddWitnessInput( | ||
| input.ToLocalPenaltyWitnessSize, |
There was a problem hiding this comment.
Hm, yeah this is something I must keep in mind when changing weight estimate constants: #4775
There was a problem hiding this comment.
yeah, definitely a little subtle that some of these are now fixed params in the wt protocol. will double check that #4775 doesn't touch any of the required constants for anchors
|
|
||
| chanType := lnChan.State().ChanType | ||
|
|
||
| // Select the appropriate tower client based on the channel type. It's |
| subCfgValue := extractReflectValue(subCfg) | ||
|
|
||
| if towerClient != nil { | ||
| if towerClient != nil && anchorTowerClient != nil { |
There was a problem hiding this comment.
why &&? Because none or both are active?
There was a problem hiding this comment.
yeah, currently it's only possible to activate both. we could do them separately if we think that's better
| /* | ||
| The client type from which to retrieve the active offering policy. | ||
| */ | ||
| PolicyType policy_type = 1; |
There was a problem hiding this comment.
could instead return a list of all active policies?
There was a problem hiding this comment.
the only way you can distinguish them atm would be to parse the blob-type feature bits, which seems less user friendly imo
3 participants
This PR adds watchtower client support for anchor channels. Previously, no backup
was attempted for anchor channels meaning that, under certain breach scenarios, they
are more vulnerable then the legacy channels. This PR resolves this lingering gap in the
security features lnd offers for the two channel types, making the security of anchor
channels equal or better than the legacy channel type across the relevant dimensions.
This gives us the confidence to make anchor channels the default channel type in 0.12
since it offers a universal improvement to our users regardless of their node configuration.
Summary of changes:
blob.FlagAnchorChannelbit communicated during session negotiationwtwire.AnchorCommitfeature bits for determining client/server feature supportAnchorTowerClientfor anchor channels to use to back up their states. thisallows us to reuse most of the existing tower logic without needing to add a greater degree of
multiplexing internally
TowerClientandAnchorTowerClientvia rpcTODO:
Builds on #4781