Add an async resolution option to ChainAccess::get_utxo

For those operating in an async environment, requiring
`ChainAccess::get_utxo` return information about the requested UTXO
synchronously is incredibly painful. Requesting information about a
random UTXO is likely to go over the network, and likely to be a
rather slow request.

Thus, here, we change the return type of `get_utxo` to have both a
synchronous and asynchronous form. The asynchronous form requires
the user construct a `AccessFuture` which they `clone` and pass
back to us. Internally, an `AccessFuture` has an `Arc` to the
`channel_announcement` message which we need to process. When the
user completes their lookup, they call `resolve` on their
`AccessFuture` which we pull the `channel_announcement` from and
then apply to the network graph.

Author: TheBlueMatt

fuzz/src/router.rs

@@ -15,7 +15,7 @@ use lightning::chain::transaction::OutPoint;
 use lightning::ln::channelmanager::{self, ChannelDetails, ChannelCounterparty};
 use lightning::ln::msgs;
 use lightning::routing::gossip::{NetworkGraph, RoutingFees};
-use lightning::routing::gossip_checking::{ChainAccess, ChainAccessError};
+use lightning::routing::gossip_checking::{AccessFuture, ChainAccess, ChainAccessError, ChainAccessResult};
 use lightning::routing::router::{find_route, PaymentParameters, RouteHint, RouteHintHop, RouteParameters};
 use lightning::routing::scoring::FixedPenaltyScorer;
 use lightning::util::config::UserConfig;
@@ -81,17 +81,36 @@ impl InputData {
 	}
 }
 
-struct FuzzChainSource {
+struct FuzzChainSource<'a, 'b, Out: test_logger::Output> {
 	input: Arc<InputData>,
+	net_graph: &'a NetworkGraph<&'b test_logger::TestLogger<Out>>,
 }
-impl ChainAccess for FuzzChainSource {
-	fn get_utxo(&self, _genesis_hash: &BlockHash, _short_channel_id: u64) -> Result<TxOut, ChainAccessError> {
-		match self.input.get_slice(2) {
-			Some(&[0, _]) => Err(ChainAccessError::UnknownChain),
-			Some(&[1, _]) => Err(ChainAccessError::UnknownTx),
-			Some(&[_, x]) => Ok(TxOut { value: 0, script_pubkey: Builder::new().push_int(x as i64).into_script().to_v0_p2wsh() }),
-			None => Err(ChainAccessError::UnknownTx),
-			_ => unreachable!(),
+impl<Out: test_logger::Output> ChainAccess for FuzzChainSource<'_, '_, Out> {
+	fn get_utxo(&self, _genesis_hash: &BlockHash, _short_channel_id: u64) -> ChainAccessResult {
+		let input_slice = self.input.get_slice(2);
+		if input_slice.is_none() { return ChainAccessResult::Sync(Err(ChainAccessError::UnknownTx)); }
+		let input_slice = input_slice.unwrap();
+		let txo_res = TxOut {
+			value: if input_slice[0] % 2 == 0 { 1_000_000 } else { 1_000 },
+			script_pubkey: Builder::new().push_int(input_slice[1] as i64).into_script().to_v0_p2wsh(),
+		};
+		match input_slice {
+			&[0, _] => ChainAccessResult::Sync(Err(ChainAccessError::UnknownChain)),
+			&[1, _] => ChainAccessResult::Sync(Err(ChainAccessError::UnknownTx)),
+			&[2, _] => {
+				let future = AccessFuture::new();
+				future.resolve(self.net_graph, Ok(txo_res));
+				ChainAccessResult::Async(future.clone())
+			},
+			&[3, _] => {
+				let future = AccessFuture::new();
+				future.resolve(self.net_graph, Err(ChainAccessError::UnknownTx));
+				ChainAccessResult::Async(future.clone())
+			},
+			&[4, _] => {
+				ChainAccessResult::Async(AccessFuture::new()) // the future will never resolve
+			},
+			&[..] => ChainAccessResult::Sync(Ok(txo_res)),
 		}
 	}
 }
@@ -162,6 +181,10 @@ pub fn do_test<Out: test_logger::Output>(data: &[u8], out: Out) {
 
 	let our_pubkey = get_pubkey!();
 	let net_graph = NetworkGraph::new(genesis_block(Network::Bitcoin).header.block_hash(), &logger);
+	let chain_source = FuzzChainSource {
+		input: Arc::clone(&input),
+		net_graph: &net_graph,
+	};
 
 	let mut node_pks = HashSet::new();
 	let mut scid = 42;
@@ -182,13 +205,14 @@ pub fn do_test<Out: test_logger::Output>(data: &[u8], out: Out) {
 				let msg = decode_msg_with_len16!(msgs::UnsignedChannelAnnouncement, 32+8+33*4);
 				node_pks.insert(msg.node_id_1);
 				node_pks.insert(msg.node_id_2);
-				let _ = net_graph.update_channel_from_unsigned_announcement::<&FuzzChainSource>(&msg, &None);
+				let _ = net_graph.update_channel_from_unsigned_announcement::
+					<&FuzzChainSource<'_, '_, Out>>(&msg, &None);
 			},
 			2 => {
 				let msg = decode_msg_with_len16!(msgs::UnsignedChannelAnnouncement, 32+8+33*4);
 				node_pks.insert(msg.node_id_1);
 				node_pks.insert(msg.node_id_2);
-				let _ = net_graph.update_channel_from_unsigned_announcement(&msg, &Some(&FuzzChainSource { input: Arc::clone(&input) }));
+				let _ = net_graph.update_channel_from_unsigned_announcement(&msg, &Some(&chain_source));
 			},
 			3 => {
 				let _ = net_graph.update_channel_unsigned(&decode_msg!(msgs::UnsignedChannelUpdate, 72));

lightning/src/routing/gossip.rs

@@ -150,6 +150,8 @@ pub struct NetworkGraph<L: Deref> where L::Target: Logger {
 	/// resync them from gossip. Each `NodeId` is mapped to the time (in seconds) it was removed so
 	/// that once some time passes, we can potentially resync it from gossip again.
 	removed_nodes: Mutex<HashMap<NodeId, Option<u64>>>,
+	/// Announcement messages which are awaiting an on-chain lookup to be processed.
+	pub(super) pending_checks: gossip_checking::PendingChecks,
 }
 
 /// A read-only view of [`NetworkGraph`].
@@ -1180,6 +1182,7 @@ impl<L: Deref> ReadableArgs<L> for NetworkGraph<L> where L::Target: Logger {
 			last_rapid_gossip_sync_timestamp: Mutex::new(last_rapid_gossip_sync_timestamp),
 			removed_nodes: Mutex::new(HashMap::new()),
 			removed_channels: Mutex::new(HashMap::new()),
+			pending_checks: gossip_checking::PendingChecks::new(),
 		})
 	}
 }
@@ -1219,6 +1222,7 @@ impl<L: Deref> NetworkGraph<L> where L::Target: Logger {
 			last_rapid_gossip_sync_timestamp: Mutex::new(None),
 			removed_channels: Mutex::new(HashMap::new()),
 			removed_nodes: Mutex::new(HashMap::new()),
+			pending_checks: gossip_checking::PendingChecks::new(),
 		}
 	}
 
@@ -1477,7 +1481,8 @@ impl<L: Deref> NetworkGraph<L> where L::Target: Logger {
 			}
 		}
 
-		let utxo_value = gossip_checking::check_channel_announcement(chain_access, msg)?;
+		let utxo_value = self.pending_checks.check_channel_announcement(
+			chain_access, msg, full_msg)?;
 
 		#[allow(unused_mut, unused_assignments)]
 		let mut announcement_received_time = 0;

lightning/src/routing/gossip_checking.rs

@@ -18,10 +18,14 @@ use bitcoin::hashes::hex::ToHex;
 
 use crate::ln::chan_utils::make_funding_redeemscript;
 use crate::ln::msgs::{self, LightningError, ErrorAction};
+use crate::routing::gossip::{NetworkGraph, NodeId};
+use crate::util::logger::{Level, Logger};
 use crate::util::ser::Writeable;
 
 use crate::prelude::*;
 
+use alloc::sync::{Arc, Weak};
+use crate::sync::Mutex;
 use core::ops::Deref;
 
 /// An error when accessing the chain via [`ChainAccess`].
@@ -34,26 +38,118 @@ pub enum ChainAccessError {
 	UnknownTx,
 }
 
+/// The result of a [`ChainAccess::get_utxo`] call. A call may resolve either synchronously,
+/// returning the `Sync` variant, or asynchronously, returning an [`AccessFuture`] in the `Async`
+/// variant.
+pub enum ChainAccessResult {
+	/// A result which was resolved synchronously. It either includes a [`TxOut`] for the output
+	/// requested or a [`ChainAccessError`].
+	Sync(Result<TxOut, ChainAccessError>),
+	/// A result which will be resolved asynchronously. It includes an [`AccessFuture`], a `clone`
+	/// of which you must keep locally and call [`AccessFuture::resolve`] on once the lookup
+	/// completes.
+	///
+	/// Note that in order to avoid runaway memory usage, the number of parallel checks is limited,
+	/// but only fairly loosely. Because a pending checks block all message processing, leaving
+	/// checks pending for an extended time may cause DoS of other functions. It is recommended you
+	/// keep a tight timeout on lookups, on the order of a few seconds.
+	Async(AccessFuture),
+}
+
 /// The `ChainAccess` trait defines behavior for accessing on-chain UTXOs.
 pub trait ChainAccess {
 	/// Returns the transaction output of a funding transaction encoded by [`short_channel_id`].
 	/// Returns an error if `genesis_hash` is for a different chain or if such a transaction output
 	/// is unknown.
 	///
 	/// [`short_channel_id`]: https://github.com/lightning/bolts/blob/master/07-routing-gossip.md#definition-of-short_channel_id
-	fn get_utxo(&self, genesis_hash: &BlockHash, short_channel_id: u64) -> Result<TxOut, ChainAccessError>;
+	fn get_utxo(&self, genesis_hash: &BlockHash, short_channel_id: u64) -> ChainAccessResult;
+}
+
+enum ChannelAnnouncement {
+	Full(msgs::ChannelAnnouncement),
+	Unsigned(msgs::UnsignedChannelAnnouncement),
+}
+
+struct AccessMessages {
+	complete: Option<Result<TxOut, ChainAccessError>>,
+	channel_announce: Option<ChannelAnnouncement>,
+}
+
+/// Represents a future resolution of a [`ChainAccess::get_utxo`] query resolving async.
+///
+/// See [`ChainAccessResult::Async`] and [`AccessFuture::resolve`] for more info.
+#[derive(Clone)]
+pub struct AccessFuture {
+	state: Arc<Mutex<AccessMessages>>,
+}
+
+/// A trivial implementation of [`ChainAccess`] which is used to call back into the network graph
+/// once we have a concrete resolution of a request.
+struct AccessResolver(Result<TxOut, ChainAccessError>);
+impl ChainAccess for AccessResolver {
+	fn get_utxo(&self, _genesis_hash: &BlockHash, _short_channel_id: u64) -> ChainAccessResult {
+		ChainAccessResult::Sync(self.0.clone())
+	}
+}
+
+impl AccessFuture {
+	/// Builds a new future for later resolution.
+	pub fn new() -> Self {
+		Self { state: Arc::new(Mutex::new(AccessMessages {
+			complete: None,
+			channel_announce: None,
+		}))}
+	}
+
+	/// Resolves this future against the given `graph` and with the given `result`.
+	pub fn resolve<L: Deref>(&self, graph: &NetworkGraph<L>, result: Result<TxOut, ChainAccessError>)
+	where L::Target: Logger {
+		let announcement = {
+			let mut async_messages = self.state.lock().unwrap();
+
+			if async_messages.channel_announce.is_none() {
+				// We raced returning to `check_channel_announcement` which hasn't updated
+				// `channel_announce` yet. That's okay, we can set the `complete` field which it will
+				// check once it gets control again.
+				async_messages.complete = Some(result);
+				return;
+			}
+
+			async_messages.channel_announce.take().unwrap()
+		};
+
+		// Now that we've updated our internal state, pass the pending messages back through the
+		// network graph with a different `ChainAccess` which will resolve immediately.
+		// Note that we ignore errors as we don't disconnect peers anyway, so there's nothing to do
+		// with them.
+		let resolver = AccessResolver(result);
+		match announcement {
+			ChannelAnnouncement::Full(signed_msg) => {
+				let _ = graph.update_channel_from_announcement(&signed_msg, &Some(&resolver));
+			},
+			ChannelAnnouncement::Unsigned(msg) => {
+				let _ = graph.update_channel_from_unsigned_announcement(&msg, &Some(&resolver));
+			},
+		}
+	}
+}
+
+/// A set of messages which are pending UTXO lookups for processing.
+pub(super) struct PendingChecks {
 }
 
-pub(crate) fn check_channel_announcement<A: Deref>(
-	chain_access: &Option<A>, msg: &msgs::UnsignedChannelAnnouncement
-) -> Result<Option<u64>, msgs::LightningError> where A::Target: ChainAccess {
-	match chain_access {
-		&None => {
-			// Tentatively accept, potentially exposing us to DoS attacks
-			Ok(None)
-		},
-		&Some(ref chain_access) => {
-			match chain_access.get_utxo(&msg.chain_hash, msg.short_channel_id) {
+impl PendingChecks {
+	pub(super) fn new() -> Self {
+		PendingChecks {}
+	}
+
+	pub(super) fn check_channel_announcement<A: Deref>(&self,
+		chain_access: &Option<A>, msg: &msgs::UnsignedChannelAnnouncement,
+		full_msg: Option<&msgs::ChannelAnnouncement>
+	) -> Result<Option<u64>, msgs::LightningError> where A::Target: ChainAccess {
+		let handle_result = |res| {
+			match res {
 				Ok(TxOut { value, script_pubkey }) => {
 					let expected_script =
 						make_funding_redeemscript(&msg.bitcoin_key_1, &msg.bitcoin_key_2).to_v0_p2wsh();
@@ -80,6 +176,34 @@ pub(crate) fn check_channel_announcement<A: Deref>(
 					})
 				},
 			}
+		};
+
+		match chain_access {
+			&None => {
+				// Tentatively accept, potentially exposing us to DoS attacks
+				Ok(None)
+			},
+			&Some(ref chain_access) => {
+				match chain_access.get_utxo(&msg.chain_hash, msg.short_channel_id) {
+					ChainAccessResult::Sync(res) => handle_result(res),
+					ChainAccessResult::Async(future) => {
+						let mut async_messages = future.state.lock().unwrap();
+						if let Some(res) = async_messages.complete.take() {
+							// In the unlikely event the future resolved before we managed to get it,
+							// handle the result in-line.
+							handle_result(res)
+						} else {
+							async_messages.channel_announce = Some(
+								if let Some(msg) = full_msg { ChannelAnnouncement::Full(msg.clone()) }
+								else { ChannelAnnouncement::Unsigned(msg.clone()) });
+							Err(LightningError {
+								err: "Channel being checked async".to_owned(),
+								action: ErrorAction::IgnoreAndLog(Level::Gossip),
+							})
+						}
+					},
+				}
+			}
 		}
 	}
 }

lightning/src/util/test_utils.rs

@@ -23,7 +23,7 @@ use crate::ln::{msgs, wire};
 use crate::ln::msgs::LightningError;
 use crate::ln::script::ShutdownScript;
 use crate::routing::gossip::NetworkGraph;
-use crate::routing::gossip_checking::{ChainAccess, ChainAccessError};
+use crate::routing::gossip_checking::{ChainAccess, ChainAccessError, ChainAccessResult};
 use crate::routing::router::{find_route, InFlightHtlcs, Route, RouteHop, RouteParameters, Router, ScorerAccountingForInFlightHtlcs};
 use crate::routing::scoring::FixedPenaltyScorer;
 use crate::util::config::UserConfig;
@@ -856,12 +856,12 @@ impl TestChainSource {
 }
 
 impl ChainAccess for TestChainSource {
-	fn get_utxo(&self, genesis_hash: &BlockHash, _short_channel_id: u64) -> Result<TxOut, ChainAccessError> {
+	fn get_utxo(&self, genesis_hash: &BlockHash, _short_channel_id: u64) -> ChainAccessResult {
 		if self.genesis_hash != *genesis_hash {
-			return Err(ChainAccessError::UnknownChain);
+			return ChainAccessResult::Sync(Err(ChainAccessError::UnknownChain));
 		}
 
-		self.utxo_ret.lock().unwrap().clone()
+		ChainAccessResult::Sync(self.utxo_ret.lock().unwrap().clone())
 	}
 }