Serialize Trampoline payloads in outbound onions.

[arik-so]

This PR alters the outbound onion payload to optionally accommodate a Trampoline packet.

Additionally, we add the Trampoline support feature flag.

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 74.75728% with 26 lines in your changes are missing coverage. Please review.

Project coverage is 90.05%. Comparing base (2c9dbb9) to head (f15c538).
Report is 33 commits behind head on main.

Files	Patch %	Lines
lightning/src/ln/msgs.rs	77.00%	18 Missing and 5 partials ⚠️
lightning/src/ln/features.rs	0.00%	3 Missing ⚠️

❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2756      +/-   ##
==========================================
+ Coverage   89.18%   90.05%   +0.86%     
==========================================
  Files         117      117              
  Lines       95541    99616    +4075     
  Branches    95541    99616    +4075     
==========================================
+ Hits        85205    89705    +4500     
+ Misses       7840     7676     -164     
+ Partials     2496     2235     -261     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[shaavan]

The first draft of the trampoline support looks good.

Referring to Spec PR requirements:

1. Correctly implements the trampoline_packet field to allow receiving of trampoline onion packets
2. Ensure the same construction of trampoline_packets as the OnionPacket.

I have a few questions I would love to discuss. Looking forward to your insights.

[shaavan]

I couldn't find any description of the trampoline feature bit in BOLT#9. Why was the feature bit selected to be 57?

[arik-so]

See here: https://github.com/lightning/bolts/blob/086a8af2943a721b99e818c2c6d880efc5376688/09-features.md

[shaavan]

Thanks a lot for the reference!

[shaavan]

Also, I couldn't wrap my head around using the number 12 here. Can you direct me to the reasoning behind it?
Thanks!

[arik-so]

See here: https://github.com/lightning/bolts/blob/086a8af2943a721b99e818c2c6d880efc5376688/04-onion-routing.md#tlv_payload-format

[arik-so]

Note that this might still change depending on if it should play nicely with blinded paths, I believe? cc: @t-bast

[t-bast]

Yes, all the numbers in the current spec PR are obsolete, they are from many years ago and some of the TLV tags have already been allocated to other features. I was waiting for another implementation to seriously look at Trampoline before re-working the numbers. For now, I think you should use placeholder numbers here (large ones to avoid clashes), that will be replaced by the final numbers once we are ready for cross-compat tests!

[arik-so]

@t-bast, do you encode the hop_data length using a TLV inside the inner onion? Given that version, pubkey, and hmac are all constant length, it could in principle be optional, but would preclude the addition of other variable-length fields.

[arik-so]

I ran the Eclair unit tests and determined that you do not. Should LDK drop the length serialization, too, or should it be added in Eclair?

[arik-so]

For the time being, I dropped the length serialization to achieve full parity with Eclair.

[arik-so]

Note that this PR is still in draft while I figure out some changes pertaining to the inner onion length.

[shaavan]

First pass.
So far, the PR looks good.
Thanks for the awesome work!!

Writing down my thoughts here and discussing some questions I have:

[shaavan]

Out of curiosity, I was able to find a reference for why keysend why keyed by 5482373484 in blip-0003, but I was able to find no such reference for 66100, for the trampoline. Is it an arbitrary choice for now, or is there some reasoning behind it?

[arik-so]

That's what Eclair currently uses https://github.com/ACINQ/eclair/blob/9c4aad0688ba25bc108aeeb5c8b212ff7628caea/eclair-core/src/main/scala/fr/acinq/eclair/wire/protocol/PaymentOnion.scala#L531

[shaavan]

Thanks a lot for the reference!

I think it will be a good idea to write a comment about it, explaining the reasoning behind it and the necessary caution one should keep.
Eclair's comment seems like a pretty solid one to take a reference from.

// Types below aren't specified - use cautiously when deploying (be careful with backwards-compatibility).

[shaavan]

As per BOLT#9, the Trampoline is correctly introduced as a VariableLengthOnionPacket

The trampoline_onion_packet has a variable size to allow...

The struct looks good and is correctly implemented. And, I think it can use a little nudge on the documentation side so that its purpose is explained in more detail and it can be easily distinguishable on a documentation level from struct OnionPacket.

[valentinewallace]

Can we consolidate this with onion_message::packet::Packet?

[arik-so]

sure!

[arik-so]

I will be closing this PR within the next couple days in favor of a more flexible implementation that does not rely on nesting onions.

[coderabbitai]

Walkthrough

The update introduces Trampoline routing to the Lightning Network's implementation, enhancing the protocol's scalability and privacy. Specifically, it adds a new feature flag for Trampoline routing, incorporates a trampoline_packet field to certain message variants, adjusts encoding logic accordingly, and ensures the new field is considered during payload construction, albeit initially set to None.

Changes

Files	Change Summary
.../ln/features.rs	Introduce a new feature flag for Trampoline routing, adding support for Trampoline routing and requiring it.
.../ln/msgs.rs	Add trampoline_packet field to BlindedForward and Receive; modify encoding logic and update tests.
.../ln/onion_utils.rs	Add trampoline_packet field with None value to build_onion_payloads function.

Related issues

• Issue Database: github
  • Issue Key: Trampoline #2299
    • This PR addresses the objectives related to supporting sending and receiving HTLCs with trampoline onion packets, wire communication enhancements, routing for trampoline payments, interaction improvements, and bindings support as outlined in the issue.

🐇✨
In the world of code and lightning fast,
A leap through hoops, from first to last.
Trampoline routing, a new path we cast,
With packets that hop, the future's vast.
🚀🌌

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

Share

• X
• Mastodon
• Reddit
• LinkedIn

---

Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>.
  • Generate unit-tests for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit tests for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai generate interesting stats about this repository and render them as a table.
  • @coderabbitai show all the console.log statements in this repository.
  • @coderabbitai read src/utils.ts and generate unit tests.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (invoked as PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger a review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai help to get help.

Additionally, you can add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.

CodeRabbit Configration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• The JSON schema for the configuration file is available here.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/coderabbit-overrides.v2.json

CodeRabbit Discord Community

Join our Discord Community to get help, request features, and share feedback.

[coderabbitai]

Review Status

Actionable comments generated: 2

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between 51d9ee3 and c7e1ee2.

Files selected for processing (3)

• lightning/src/ln/features.rs (2 hunks)
• lightning/src/ln/msgs.rs (9 hunks)
• lightning/src/ln/onion_utils.rs (1 hunks)

Additional comments: 4

lightning/src/ln/features.rs (2)

• 425-427: The addition of the Trampoline feature flag is correctly implemented following the pattern established for other features. This change introduces support for Trampoline routing, aligning with the PR's objectives.
• 168-175: > 📝 NOTE

This review was outside the diff hunks and was mapped to the diff hunk with the greatest overlap. Original lines [1-427]

The implementation and handling of feature flags, including the new Trampoline routing feature, follow the established patterns and conventions within the file. It's crucial to maintain consistency across the feature flag system to ensure interoperability and correct behavior in different contexts.

lightning/src/ln/msgs.rs (2)

• 4156-4188: The encoding for the final onion hop data with a trampoline packet is implemented correctly. The test checks that the trampoline packet is encoded as expected and matches the expected eclair trampoline packet format.
• 4195-4215: The test encoding_final_onion_hop_data_with_eclair_trampoline_packet correctly verifies the encoding of a trampoline packet with a specific public key, hop data, and HMAC. The expected eclair trampoline packet is matched against the encoded trampoline packet to ensure correctness.

[TheBlueMatt]

tabs, not spaces, and in a few other places :)

[arik-so]

I'm also unhappy with my rebase, so I'll address it as part of resolving commit reordering conflicts.

[TheBlueMatt]

These are required to be in order, do we require the custom_tlvs always be < 66k?

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between 7c94636 and 8e01dc5.

Files selected for processing (3)

• lightning/src/ln/features.rs (2 hunks)
• lightning/src/ln/msgs.rs (9 hunks)
• lightning/src/ln/onion_utils.rs (1 hunks)

Files skipped from review as they are similar to previous changes (3)

• lightning/src/ln/features.rs
• lightning/src/ln/msgs.rs
• lightning/src/ln/onion_utils.rs

[TheBlueMatt]

Any desire to clean this up so we can land it?

[TheBlueMatt]

We need to refuse to allow custom TLVs of 66100 in RecipientOnionFields::with_custom_tlvs (and we probably need some kind of centralized place to list all the onion TLVs we understand so we can refuse users setting them and not have to update them in 10 places.

[coderabbitai]

Review Status

Actionable comments generated: 0

Configuration used: CodeRabbit UI

Commits

Files that changed from the base of the PR and between d70124c and 65688f9.

Files selected for processing (3)

• lightning/src/ln/features.rs (2 hunks)
• lightning/src/ln/msgs.rs (9 hunks)
• lightning/src/ln/onion_utils.rs (1 hunks)

Files skipped from review as they are similar to previous changes (3)

• lightning/src/ln/features.rs
• lightning/src/ln/msgs.rs
• lightning/src/ln/onion_utils.rs

[TheBlueMatt]

Huh? Why is this an onion message packet?

[TheBlueMatt]

IMO let's go ahead and get the next PR open to evaluate whether its right to reuse this struct for trampoline packets, then come back here. Luckily this PR is super small so we could even just inline it in a PR that uses the serialization.

[arik-so]

CC: @vladimirfomene: #2906 constructs variable-length onion packets and is awaiting a concept ACK besides @valentinewallace's, whereupon I'd like to undraft it. If that approach seems sensible to you, we would refactor oniion_message::packet to have a more generically applicable location and name.

[vladimirfomene]

Like Matt, I'm also wondering what is the reason for using the onion message packet.

[valentinewallace]

Commit history doesn't make a ton of sense to me :( seems like there should be 1 commit for the feature bit, 1 for the payload variant and maybe another separate one for the tests?

[TheBlueMatt]

I'm confused by this, presumably we don't store the PaymentSecret here, but should always have a total_mst? Or, why is this here?

[arik-so]

It's part of the spec. The last hop of the outer onion, where the Trampoline portion of the route is entered, contains a payment secret which is distinct from the "real" payment secret, which, in turn, is stored in the final hop of the inner onion. It's also part of the test vectors: https://github.com/lightning/bolts/blob/0c636259b41cb4c9e5cf7d8cfa84eb6e0397a30f/bolt04/trampoline-payment-onion-test.json#L45

@t-bast, do you figure it'd be worthwhile expanding a bit in the spec on how the roles of the fields in the outer onion are altered in a Trampoline context? As well as any arithmetic considerations for routing fees for a path whose length isn't known a priori?

[TheBlueMatt]

Ah, okay, interesting. Maybe lts name this field something different to differentiate from payments? Like, multipath_trampoline_data?

[arik-so]

No objection from me personally, though for our users' sake, it might be prudent to maintain fidelity to the spec terminology.

[TheBlueMatt]

In general we've avoided trying to match the spec exactly if we think it would make our code more readable. I'd strongly prefer to stick with that here.

[t-bast]

All of those fields work exactly the same as for normal payments, as the behavior of an intermediate trampoline node,
when processing HTLCs that contain a trampoline onion is to:

• first act as if it were a payment recipient, aggregating incoming payment parts
• then forward the "received" payment to a relayer component instead of treating it to a payment to us

Rusty also had a question about the payment_secret in the outer onion, as that part is a bit subtle: lightning/bolts#836 (comment).

In eclair we use the following trait hierarchy: https://github.com/ACINQ/eclair/blob/c8184b3e43a603454d672aed61b2ae461a80e1a8/eclair-core/src/main/scala/fr/acinq/eclair/wire/protocol/PaymentOnion.scala#L197. Once decrypted, we combine the outer and inner onion information received by an intermediate trampoline node as NodeRelayPayload, to show that this data is used for relay.

@t-bast, do you figure it'd be worthwhile expanding a bit in the lightning/bolts#836 on how the roles of the fields in the outer onion are altered in a Trampoline context?

I thought that was already detailed well enough in the requirements section of the specification, if there is a specific point you'd like to be more detailed can you put a comment on the spec?

As well as any arithmetic considerations for routing fees for a path whose length isn't known a priori?

That's something I described in the "trampoline fees" section of this spec PR: lightning/bolts#829
Let me know directly on that PR if the section is unclear or if you disagree with some of it. In eclair we previously used a very basic trial-and-error approach (start with a low fee, increase it on errors), and recently moved to a different model where the sender always uses 4% for the trampoline fees, and the trampoline node tries to deal with that (and could in the future do it at a loss in some payments as long as other payments compensate that loss).

[valentinewallace]

Seems legit. Did we need to add a comment around the allow(unused) thing? Otherwise, I don't see any reason to hold this up.

[valentinewallace]

I'm fine with moving the onion_message::Packet into a different module later. Let's land her!

[valentinewallace]

nit: s/ThirteenHundred/SixFifty, I guess

[arik-so]

Addressed in #2906.