Trampoline test refactor #4095
Trampoline test refactor #4095
Conversation
|
👋 I see @tankyleo was un-assigned. |
![graphite-app[bot]](https://avatars.githubusercontent.com/in/158384?s=60&v=4){kind=small}
This simplifies the code and makes it more straightforward to test unblinded trampoline receives where we need to compute the trampoline session_priv when manually creating the inner onion. (The trampoline onion needs to be manually created because LDK does not natively support sending to unblinded trampolines, just receiving.)
No need to construct unused blinded hop data or hardcode session privs/prng seeds.
a-mpch
force-pushed
the
2025-08-trampoline-test-refactor
branch
2 times, most recently
from
b426301 to
1abdff1
Compare
| &payment_hash, | ||
| onion_error | ||
| ); | ||
| let secondary_shared_secret = trampoline_shared_secret.or(*phantom_shared_secret); |
There was a problem hiding this comment.
There appears to be a type mismatch in this line. trampoline_shared_secret is an Option<[u8; 32]> while phantom_shared_secret is a reference &Option<[u8; 32]>.
The .or() method expects both options to be of the same type. Consider using .or_else(|| *phantom_shared_secret) instead to properly handle the different option types.
| let secondary_shared_secret = trampoline_shared_secret.or(*phantom_shared_secret); | |
| let secondary_shared_secret = trampoline_shared_secret.or_else(|| *phantom_shared_secret); |
Spotted by Diamond
Is this helpful? React 👍 or 👎 to let us know.
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #4095 +/- ##
==========================================
+ Coverage 88.61% 88.65% +0.03%
==========================================
Files 176 180 +4
Lines 132120 135288 +3168
Branches 132120 135288 +3168
==========================================
+ Hits 117083 119934 +2851
- Misses 12367 12586 +219
- Partials 2670 2768 +98
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
lightning/src/ln/onion_payment.rs
Outdated
| }, .. | ||
| } => | ||
| (payment_data, keysend_preimage, custom_tlvs, sender_intended_htlc_amt_msat, | ||
| cltv_expiry_height, payment_metadata, None, false, keysend_preimage.is_none(), None), | ||
| cltv_expiry_height, payment_metadata, None, false, keysend_preimage.is_none(), None, None), |
There was a problem hiding this comment.
I think we should also be returning the trampoline ss here? Looks like if we adapted test_trampoline_unblinded_receive to cover both the success and the failure case, it would catch this
There was a problem hiding this comment.
yes, just tested. Added a commit
a-mpch
force-pushed
the
2025-08-trampoline-test-refactor
branch
from
1abdff1 to
a0f4c41
Compare
|
Thanks @valentinewallace, all comments had been addressed. Re-ordered commits and added one for |
| &payment_hash, | ||
| onion_error | ||
| ); | ||
| let secondary_shared_secret = trampoline_shared_secret.or(*phantom_shared_secret); |
There was a problem hiding this comment.
I think in the case of trampoline + phantom we may need a third layer of onion wrapping for the error packet... not convinced we need to worry about this though. Are you able to edit the trampoline issue to document this case for follow-up?
There was a problem hiding this comment.
I can't edit the issue
There was a problem hiding this comment.
If we don't support T+P, it may be better to error rather than prioritize T?
There was a problem hiding this comment.
Error how? We need to fail backwards, I think? Added this to the tracking issue.
There was a problem hiding this comment.
Hm, failing to fail isn't quite possible. There could be a log here perhaps if we unexpectedly get T+P?
There was a problem hiding this comment.
A comment or log seems like a good idea to me. Log would be conditional which would add some logic so slightly prefer a comment
There was a problem hiding this comment.
amended changes with a comment!
|
🔔 1st Reminder Hey @tankyleo! This PR has been waiting for your review. |
a-mpch
force-pushed
the
2025-08-trampoline-test-refactor
branch
from
a0f4c41 to
cf9ba95
Compare
|
@valentinewallace added the removal of the unused to the commit 80c6ad5 Also there are some flaky test that are failing also in other PRs. I think they are not related to this PR if CI is not happy. |
|
🔔 2nd Reminder Hey @tankyleo! This PR has been waiting for your review. |
|
🔔 3rd Reminder Hey @tankyleo! This PR has been waiting for your review. |
|
🔔 4th Reminder Hey @tankyleo! This PR has been waiting for your review. |
|
🔔 5th Reminder Hey @tankyleo! This PR has been waiting for your review. |
|
🔔 1st Reminder Hey @joostjager! This PR has been waiting for your review. |
| &payment_hash, | ||
| onion_error | ||
| ); | ||
| let secondary_shared_secret = trampoline_shared_secret.or(*phantom_shared_secret); |
There was a problem hiding this comment.
If we don't support T+P, it may be better to error rather than prioritize T?
| } | ||
|
|
||
| #[test] | ||
| fn test_trampoline_forward_payload_encoded_as_receive() { |
There was a problem hiding this comment.
Squashing this commit with the previous, would it make for a nicer diff?
There was a problem hiding this comment.
Hmm, can you check out how it looks like squashed in the GH UI? It kind of looks like it mixes the tests in with each other. Not convinced it's more readable, definitely not gonna block on it though ofc. I agree it's a bit unfortunate how these test diffs aren't the easiest to review...
There was a problem hiding this comment.
Good point about GH UI. And indeed, it doesn't look good at all.
| &payment_hash, | ||
| onion_error | ||
| ); | ||
| let secondary_shared_secret = trampoline_shared_secret.or(*phantom_shared_secret); |
There was a problem hiding this comment.
Hm, failing to fail isn't quite possible. There could be a log here perhaps if we unexpectedly get T+P?
| (5, custom_tlvs, optional_vec), | ||
| (7, requires_blinded_error, (default_value, false)), | ||
| (9, payment_context, option), | ||
| (11, trampoline_shared_secret, option), |
There was a problem hiding this comment.
Instead of adding a new field, could it also work by repurposing phantom_shared_secret as secondary_shared_secret and have it contain either the T or P secret?
There was a problem hiding this comment.
I like a separate field because then we leave the door open to support failing backwards properly (by wrapping the error onion three times) for P+T payments in the future
When handling HTLC failures in trampoline routing, error packets were not being properly encrypted with the trampoline shared secret. This caused error messages to be unreadable by the original sender when failures occurred within trampoline hops. The fix prioritizes trampoline_shared_secret over phantom_shared_secret when both are available, ensuring error packets can be properly decrypted by trampoline senders.
Previously, this test purported to test for a successful and a failing payment to a single-hop blinded path containing one trampoline node. However, to induce the failure the test was manually reconstructing the trampoline onion in a complicated way that encoded the final onion payload as a receive, when for its purposes it would be simplier for the recipient to just fail the payment backwards. In order to not regress in test coverage, the failure method the test was previously using is re-added in the next commit as a dedicated test.
This re-adds test coverage for a case that was removed in the previous commit.
Previously this commit, test only check for succesfully claimed case. Now tests that successfully fail the HTLC and sender can read the error.
a-mpch
force-pushed
the
2025-08-trampoline-test-refactor
branch
from
cf9ba95 to
fcc2651
Compare
This PR is on top of @valentinewallace branch that simplifies how trampoline testing is done. These changes surfaced a bug on how we were building the errors when the receiver is also a Trampoline inside the route. Specifically the first on the route as we aren't routing yet.
The final commit fixes this bug adding trampoline shared secret so we double obfuscate errors in these cases.