📅 Original date posted:2015-09-02
📝 Original message:
Anthony Towns <aj at erisian.com.au> writes:
> On 1 September 2015 at 17:32, Rusty Russell <rusty at rustcorp.com.au> wrote:
>
>> Looking at that git tree (I've done some work since then)...
>
> Oh, github hasn't been updated since Aug 20? That's forever ago!
>
>
>> Ah, you
>> can't send a command while processing an existing command. Seems a
>> logical simplification.
>>
>
> I'm thinking of CMD_CLOSE like "Ctrl-C"; why wouldn't you want it to work
> anytime?
Yes, I think you do. And the other side can CMD_CLOSE during an HTLC
negotiation (for example), so this should be allowed.
I will update it to allow CMD_CLOSE at any time (except when already
closing).
>> >> This makes the constraints clearer, eg. you can't DECLINE_HTLC anything
>> >> but an ADD_HTLC.
>> > Your states currently allow declining those though:
>> Not at all (or if it does, it's a bug).
>
> Right, it's a bug as of 52cda01 then :)
Weird, my tester should have found that (every tested-for input must be
given).
Ah, yes, it did, once I enhanced the tester to actually track htlcs.
And I've fixed it :)
(Those should be going to STATE_WAIT_FOR_UPDATE_ACCEPT).
>> The simplest (and safest) system is always to error and close when they
>> break protocol. There's some game theory involved in whether you should
>> wait or not, but in the end, they're broken and there's not much you can
>> do.
>>
>
> Well, you can ignore some errors -- time sync problems might resolve
> themselves, eg. And the "error" might be because of an error on your side
> (your admin ran the wrong date command, there's a bug in your code), that
> might well be fixable. I guess what I'm thinking is that closing a channel
> is a real cost; if they're not actively cheating -- by not completing an
> HTLC update once they agree to it eg -- I'd probably rather it stay open
> (in degraded mode perhaps) than automatically close.
We could add such things later, but it's really hard to know in advance
what bugs will lose money and which can be ignored.
>> I also wonder if
>> > A: TIMEDOUT_HTLC -> B: DECLINE (err_time_sync_lost)
>> > might be useful.
>> I don't think it's useful, though if you disagree on time you might get
>> an error packet. (What else can you do?)
>>
>
> How is "an error packet" different to a decline packet or a channel close?
It carries an ascii message giving you a clue :)
> Perhaps we should add a current time field to UPDATE_ADD_HTLC so you can
>> defuse clock sync problems earlier?
>>
>
> Or maybe time sync is part of the p2p protocol? I guess channel
> counterparties are always peers?
Yes, that makes sense.
>> Sorry, I was assuming that one or both implementations were buggy. I
>> meant
>> > to make that explicit. You're talking with strangers on the network, so
>> > you can't assume their software is bug free, right?
>> That applies to any scheme you come up with, though. Propose something
>> simpler, and I'll gladly rewrite.
>
> I'll have another look when I can see current code :)
NW, just running the now-glacial state tester. I'm sure there's only 1
bug left!
Cheers,
Rusty.
Rusty Russell [ARCHIVE] /
npub1zw…hkhpx
2023-06-09 12:44:19
in reply to nevent1q…69rg
Author Public Key
npub1zw7cc8z78v6s3grujfvcv3ckpvg6kr0w7nz9yzvwyglyg0qu5sjsqhkhpxPublished at
2023-06-09 12:44:19Event JSON
{
"id": "a818499876ed291610509981bce9f42344ee1cb5670870d9bab500ff16b379db",
"pubkey": "13bd8c1c5e3b3508a07c92598647160b11ab0deef4c452098e223e443c1ca425",
"created_at": 1686314659,
"kind": 1,
"tags": [
[
"e",
"7cb446ab5c4fbaa2742daa23601e2632ee497d75e0b39629952a69f13b297936",
"",
"root"
],
[
"e",
"aeaa5b4a67ae1fd356d543032f49ae144a650de5f307e618b7db26b708977479",
"",
"reply"
],
[
"p",
"f0feda6ad58ea9f486e469f87b3b9996494363a26982b864667c5d8acb0542ab"
]
],
"content": "📅 Original date posted:2015-09-02\n📝 Original message:\nAnthony Towns \u003caj at erisian.com.au\u003e writes:\n\u003e On 1 September 2015 at 17:32, Rusty Russell \u003crusty at rustcorp.com.au\u003e wrote:\n\u003e\n\u003e\u003e Looking at that git tree (I've done some work since then)...\n\u003e\n\u003e Oh, github hasn't been updated since Aug 20? That's forever ago!\n\u003e\n\u003e\n\u003e\u003e Ah, you\n\u003e\u003e can't send a command while processing an existing command. Seems a\n\u003e\u003e logical simplification.\n\u003e\u003e\n\u003e\n\u003e I'm thinking of CMD_CLOSE like \"Ctrl-C\"; why wouldn't you want it to work\n\u003e anytime?\n\nYes, I think you do. And the other side can CMD_CLOSE during an HTLC\nnegotiation (for example), so this should be allowed.\n\nI will update it to allow CMD_CLOSE at any time (except when already\nclosing).\n\n\u003e\u003e \u003e\u003e This makes the constraints clearer, eg. you can't DECLINE_HTLC anything\n\u003e\u003e \u003e\u003e but an ADD_HTLC.\n\u003e\u003e \u003e Your states currently allow declining those though:\n\u003e\u003e Not at all (or if it does, it's a bug).\n\u003e\n\u003e Right, it's a bug as of 52cda01 then :)\n\nWeird, my tester should have found that (every tested-for input must be\ngiven).\n\nAh, yes, it did, once I enhanced the tester to actually track htlcs.\nAnd I've fixed it :)\n\n(Those should be going to STATE_WAIT_FOR_UPDATE_ACCEPT).\n\n\u003e\u003e The simplest (and safest) system is always to error and close when they\n\u003e\u003e break protocol. There's some game theory involved in whether you should\n\u003e\u003e wait or not, but in the end, they're broken and there's not much you can\n\u003e\u003e do.\n\u003e\u003e\n\u003e\n\u003e Well, you can ignore some errors -- time sync problems might resolve\n\u003e themselves, eg. And the \"error\" might be because of an error on your side\n\u003e (your admin ran the wrong date command, there's a bug in your code), that\n\u003e might well be fixable. I guess what I'm thinking is that closing a channel\n\u003e is a real cost; if they're not actively cheating -- by not completing an\n\u003e HTLC update once they agree to it eg -- I'd probably rather it stay open\n\u003e (in degraded mode perhaps) than automatically close.\n\nWe could add such things later, but it's really hard to know in advance\nwhat bugs will lose money and which can be ignored.\n\n\u003e\u003e I also wonder if\n\u003e\u003e \u003e A: TIMEDOUT_HTLC -\u003e B: DECLINE (err_time_sync_lost)\n\u003e\u003e \u003e might be useful.\n\u003e\u003e I don't think it's useful, though if you disagree on time you might get\n\u003e\u003e an error packet. (What else can you do?)\n\u003e\u003e\n\u003e\n\u003e How is \"an error packet\" different to a decline packet or a channel close?\n\nIt carries an ascii message giving you a clue :)\n\n\u003e Perhaps we should add a current time field to UPDATE_ADD_HTLC so you can\n\u003e\u003e defuse clock sync problems earlier?\n\u003e\u003e\n\u003e\n\u003e Or maybe time sync is part of the p2p protocol? I guess channel\n\u003e counterparties are always peers?\n\nYes, that makes sense.\n\n\u003e\u003e Sorry, I was assuming that one or both implementations were buggy. I\n\u003e\u003e meant\n\u003e\u003e \u003e to make that explicit. You're talking with strangers on the network, so\n\u003e\u003e \u003e you can't assume their software is bug free, right?\n\u003e\u003e That applies to any scheme you come up with, though. Propose something\n\u003e\u003e simpler, and I'll gladly rewrite.\n\u003e \n\u003e I'll have another look when I can see current code :)\n\nNW, just running the now-glacial state tester. I'm sure there's only 1\nbug left!\n\nCheers,\nRusty.",
"sig": "2cd8575c7ac36d7c9dd1d133fb14f83774749dd1dd8a3215955a0f9390d25abdb854cdc69d7f2876bd6bd598ea867ce2de495a7604999f4a8a1ab4726f70118a"
}