Add ability to broadcast our own node_announcement

[TheBlueMatt]

This is a somewhat-obvious oversight in the capabilities of
rust-lightning, though not a particularly interesting one until we
start relying on node_features (eg for variable-length-onions and
Base AMP).

Sadly its not fully automated as we don't really want to store the
list of available addresses from the user. However, with a simple
call to ChannelManager::broadcast_node_announcement and a sensible
peer_handler, the announcement is made.

[TheBlueMatt]

Based on #434 cause Im too lazy to properly rebase it.

[ariard]

Just to fix few comments otherwise looks good.

[arik-so]

we may wanna provide an interface for external signers later

[TheBlueMatt]

Right. For now the external signing support hasn't even attempted to think about moving the node_id private key out, given its used in a ton of places. Eventually it'll need to be (well, probably after splitting it up more), but for now it is what it is.

[arik-so]

how does this actually enforce that the underlying NetAddress objects behave are what's expected?

[TheBlueMatt]

Because the public API only allows you to add one address per type (replacing the previous one if there is one already).

[arik-so]

see the set_address methods now. Also, hadn't realized NetAddress wasn't a standard library.

[jkczyz]

@arik-so FWIW, there is SocketAddrV4 and SocketAddrV6.

https://doc.rust-lang.org/std/net/index.html

[arik-so]

if Rust had a way of distributing match arms across multiple files, this would be the place

[TheBlueMatt]

I'm not sure what you mean here?

[arik-so]

I was referring to the fact that we're adding yet another match arm to a match that's hundreds of lines long.

[arik-so]

what's the rationale for moving last_update into an Option as part of this diff? Also, there should be a comment somewhere saying it's a timestamp.

And also, this will break 18 years from now 😛

[TheBlueMatt]

As otherwise we'll reject a 0 value (as we only accept anything newer than the previous value). Also note that it is not a timestamp, the spec only recommends that you use a timestamp. See-also #493. I added a comment noting that None implies we've not heard any updates yet.

[TheBlueMatt]

Addressed Jeff's feedback and added a commit which resolves #493.

[valentinewallace]

Nice, very key feature!

[valentinewallace]

Why would a Peer not have their_features set?

[TheBlueMatt]

Before we've received their Init message (which will be the first message we receive, or we'll disconnect them), it should be None.

[valentinewallace]

reasoning for AcqRel?

[TheBlueMatt]

AcqRel is a good default - it ensures we always have the latest value here, without acting as a lock (as SeqCst does). If we're not relying on any other data to be consistent, but want consistency ourselves, AcqRel it is. Note that, on x86, AcqRel compiles down to nothing, whereas SeqCst is relatively expensive.

[valentinewallace]

Since this is our node announcement, we'll never have any excess address data, right? this is just for remote peer NodeAnnouncements that may randomly have excess address data? is this a common problem...?

[TheBlueMatt]

That is correct. And, indeed, it is not a common thing. We have to have it as otherwise the signatures of things we relay will fail, but, in general, we anticipate almost never having anything in there, or if we do, a very small thing.

[valentinewallace]

Confused about this loop -- we don't broadcast a NodeAnnouncement in this function, so what's the point of updating last_node_announcement_serial?

[TheBlueMatt]

The compare_exchange updates it - the goal here is to update the value iff the block timestamp is >= the current latest value. I updated the comment to note that. Rust does have a method for this, but sadly its nightly-only (and it should compile down to something similar, just maybe with more optimal/effecient Orderings.

[valentinewallace]

Ah, so the purpose is to have a "fresh" timestamp for the next time we do broadcast a node announcement

[codecov]

Codecov Report

Merging #435 into master will increase coverage by 0.35%.
The diff coverage is 69.23%.

@@            Coverage Diff             @@
##           master     #435      +/-   ##
==========================================
+ Coverage   89.75%   90.11%   +0.35%     
==========================================
  Files          34       34              
  Lines       18991    19054      +63     
==========================================
+ Hits        17046    17170     +124     
+ Misses       1945     1884      -61     

Impacted Files	Coverage Δ
lightning/src/ln/peer_handler.rs	48.70% <0.00%> (-1.39%)	⬇️
lightning/src/ln/channelmanager.rs	85.78% <0.00%> (+0.11%)	⬆️
lightning/src/ln/functional_tests.rs	96.42% <0.00%> (+0.12%)	⬆️
lightning/src/util/ser_macros.rs	97.27% <0.00%> (+0.68%)	⬆️
lightning/src/ln/onion_utils.rs	94.97% <0.00%> (+1.09%)	⬆️
lightning/src/ln/router.rs	91.08% <0.00%> (+2.28%)	⬆️
lightning/src/ln/msgs.rs	88.10% <0.00%> (+4.53%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update d850e12...78c48f7. Read the comment docs.

[valentinewallace]

just to be sure -- spec says the signature should be over the double hash, and this seems to be a single hash?

[TheBlueMatt]

Right, bitcoin_hashes types are confusing. That tiny little d that easy to miss means double :).

[valentinewallace]

Ah, it is easy to miss.. 😅

[valentinewallace]

Hm, in theory could this cause a user migrating error?

[TheBlueMatt]

Yea, we currently do no version checking for serialized types and break things all the time. We'll need to fix this come 0.1, but for now, no reason to slow down to build compatibility with 0.0.X.

[valentinewallace]

👍

[jkczyz]

Looks good modulo some minor comments mostly around magic numbers. I had to dig through the BOLTs to discern their meaning. Using constants would prevent posterity from needing to do the same thing.

[jkczyz]

It wasn't readily apparent to me that that the + 1 was for the address type. Could you make a constant for this using ::std::mem::size_of::<u8>?

[TheBlueMatt]

Its explicit in the docs for MAX_LEN - there is a 1-byte type. I don't think mem::size_of makes that any clearer.

[jkczyz]

I only suggested to use mem::size_of when defining a constant. Fine to use a literal as well.

The point of defining a constant for 1 is to make its meaning explicit. Same goes for ::std::u16::MAX.

[TheBlueMatt]

Right, but the 1 is explicit in the documentation for the len() method as well as the MAX_LEN docs, if we want to change the definition of that stuff we can, but any future users will see pretty clearly whats up. Using u16::MAX is fine, and I agreed it wasn't clear, so a comment was added indicating that its a message length.

[jkczyz]

Use a constant for 500 since it is used in two places.

[TheBlueMatt]

Its also written in the docs, so a comment confusingly indicates you may be able to change it freely (which you are not). The new comment I added to describe this const check a bit more explicitly calls it out as our public contract, is that fine?

[jkczyz]

I'm assuming you meant "a constant confusingly indicates you may be able to change it freely".

Isn't the point of a constant that it can't change? Saying that if a number is used in documentation we can't make it a constant seems rather silly. Just reference the constant in the documentation then. The actual value 500 seems rather unimportant in this case.

[TheBlueMatt]

I tend to presume that if I see a constant I can change it, and the code will change appropriately. Same goes for a user who sees a constant referenced in documentation - it may change in a future version and code should handle it. That isn't the case here, so having the number appear three times across ten lines of code where one is in documentation seems like a better approach to me.

[TheBlueMatt]

Go travis fuzz checks, which caught a bug that would have been introduced here where we deduped addresses we read ending up writing only a subset of what we read which fails the strictness checks we need to apply on announcement messages.

[jkczyz]

I only suggested to use mem::size_of when defining a constant. Fine to use a literal as well.

The point of defining a constant for 1 is to make its meaning explicit. Same goes for ::std::u16::MAX.

[jkczyz]

I'm not gonna hold this up with the last few comments, but I just want to state there's a good rationale for them. :) They may seem trivial, but I make sure to fully understand code that I review. And if there is something that is not obvious, I assume it may not be obvious to others reading the code. Thus, I try to make suggestions that will save other readers time.

[valentinewallace]

Great, nice progress on 0.0.11! 🏄‍♀️

[valentinewallace]

Hm, this isn't an actual spec rule, though, is it (mod the issue that this PR addresses)? >500 does seem extreme and I don't have an issue with enforcing it, just not sure the exact purpose of enforcing it...

[TheBlueMatt]

IIRC (and if it doesn't it should) if we went to serialize it we'd generate something >64KB, panicing trying to send a message that overflows the max message size.

[valentinewallace]

Good target for whomever addresses #529