Introduce graph sync crate

[arik-so]

Its use is for fast-forwarding through gossip data downloaded from a server.

Currently still in draft status, pending better code organization and tests.

[TheBlueMatt]

Cool. I assume you're still working on compression for the objects?

[arik-so]

Yes, I'm trying to build an encoder that is distinct from gzip, and just RLE, preferably with Huffman on top.

[codecov-commenter]

Codecov Report

Merging #1155 (de7139d) into main (0c6974b) will increase coverage by 0.03%.
The diff coverage is 87.53%.

@@            Coverage Diff             @@
##             main    #1155      +/-   ##
==========================================
+ Coverage   90.93%   90.96%   +0.03%     
==========================================
  Files          77       80       +3     
  Lines       42394    42978     +584     
  Branches    42394    42978     +584     
==========================================
+ Hits        38552    39096     +544     
- Misses       3842     3882      +40     

Impacted Files	Coverage Δ
lightning/src/lib.rs	100.00% <ø> (ø)
lightning/src/util/ser.rs	91.28% <ø> (ø)
lightning-rapid-gossip-sync/src/error.rs	62.50% <62.50%> (ø)
lightning/src/routing/network_graph.rs	90.98% <82.14%> (+0.94%)	⬆️
lightning-rapid-gossip-sync/src/processing.rs	89.90% <89.90%> (ø)
lightning-rapid-gossip-sync/src/lib.rs	90.32% <90.32%> (ø)
lightning/src/ln/msgs.rs	86.81% <100.00%> (ø)
lightning/src/ln/functional_tests.rs	97.11% <0.00%> (ø)
lightning-invoice/src/lib.rs	88.98% <0.00%> (+1.58%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 0c6974b...de7139d. Read the comment docs.

[TheBlueMatt]

Left some initial thoughts. Is the server-side somewhere that you want review on or do you just want high-level stuff here first?

[TheBlueMatt]

Lets add a logger parameter and re-use our logging stuff?

[arik-so]

This doesn't even need a print, I had just used it for debugging, so I removed it instead.

[TheBlueMatt]

Lets just drop the chain_source, we dont have signatures so its not like we can validate anything.

[arik-so]

Done

[TheBlueMatt]

Hmmmm, I think we need to use the update's real timestamp as otherwise we may get an update from an HTLC failure or otherwise and reject it cause the timestamp is "old".

[arik-so]

I will get back to this one in a separate commit.

[arik-so]

Isn't the timestamp only tangentially related to the time of the actual update? I thought nodes had some logic to update the timestamp of a particular update when gossiping anyway – or is the timestamp part of the signed data when a signature is present?

[arik-so]

Additionally, if the timestamp inaccuracy has implications on HTLC handling, wouldn't that mean that gossip data is slightly more than just a DDoS risk vector?

[jkczyz]

Is there some significance in the spacing difference in the columns for 8 and 4?

[arik-so]

no, my IDE just decided to add it. I'll remove.

[jkczyz]

This may need to be atomic with the earlier read. What would happen in the following scenario?

• Form an UnsignedChannelUpdate from incremental update using the read-locked NetworkGraph above.
• Apply ChannelUpdate from failed payment
• Apply earlier formed UnsignedChannelUpdate

Seems the incremental update would override one we just received from a failed payment.

[arik-so]

It shouldn't be a problem, because all the rapid sync updates are backdated a week, so any "true" update from direct gossip should result in this update being discarded.

[TheBlueMatt]

I'm not really a fan of this approach of generating a synthetic update and then feeding it in, at least not if the update has some fields set to bogus values, it seems like quite the layer violation for the lightning-graph-sync crate to have code that relies on certain very specific behavior in the NetworkGraph (that it ignores certain fields). I'd much prefer to have a method on the NetworkGraph that says "add channel with minimal field set of X" and use that.

[jkczyz]

I'd much prefer to have a method on the NetworkGraph that says "add channel with minimal field set of X" and use that.

Isn't that a bit of a layer violation, too? Taking a concept from a higher layer (i.e., the incremental update) and defining it in a lower layer?

[TheBlueMatt]

Hmm, doesn't feel like one? Its not crazy for NetworkGraph to have a method that just says "manually add a new channel to the network graph, with these parameters". Its not really specific to this kind of sync mechanism, and could be used for several different sync mechanisms.

[jkczyz]

True. I had been thinking more about gossip as the layer.

[TheBlueMatt]

Right, we kinda have to layers, the gossip message handler, and the underlying NetworkGraph. I agree it'd be strange to put it in the gossip message handler, but we can put some of these update methods on the NetworkGraph itself.

[arik-so]

I'll think about possible approaches to this in the new few commits.

[arik-so]

I think I would like to continue using synthetic channel updates considering their fields are either entirely specified, or inferred from the directional info, but point definitely taken wrt the announcements. I tried an approach in the latest commit, let me know what you think.

[TheBlueMatt]

In whatever release we include this in, we'll need to fix the network graph data timeout logic to somehow not run until after graph sync completes on startup. I'm not sure how to do this, but it has to be in the same release as this (but can be a separate PR). Maybe open an issue to track it?

[TheBlueMatt]

We're gonna get this from the update file itself, right?

[arik-so]

Yeah, I was actually debating as to whether to include the timestamp in the update data. I'll modify the serialization accordingly.

[arik-so]

Will update and reinitialize the server to have received timestamp fields tonight, and then regenerate test vectors.

[jkczyz]

Has this been addressed?

[TheBlueMatt]

No.

[arik-so]

Hopefully is now, though I wanna refrain from pushing until my fuzz test's working.

[jkczyz]

I'd much prefer to have a method on the NetworkGraph that says "add channel with minimal field set of X" and use that.

Isn't that a bit of a layer violation, too? Taking a concept from a higher layer (i.e., the incremental update) and defining it in a lower layer?

[jkczyz]

Could you make a constant and document why backdating is used?

[arik-so]

done

[TheBlueMatt]

Lets just call this add_channel or something? This name is much more specific than it need be.

[arik-so]

I came up with a different name, but add_channel is definitely not clear given the context of when this function should be called.

[TheBlueMatt]

Why is this cloned?

[arik-so]

decloned

[TheBlueMatt]

Can you DRY this with the below function?

[arik-so]

done, I think

[TheBlueMatt]

Can we sort by SCID and just include a variable-length-int difference from the previous one? That should cut the size down a lot, no?

[arik-so]

done, see #1155 (comment)

[TheBlueMatt]

We should probably do something to de-duplicate node_ids, no? Like maybe just do a list of node_ids to start and then put the index in that list here instead of the full node_id?

[arik-so]

done, passing index using BigSize. I also explored sorting the pubkeys, but the differences are too big to be useful.

[TheBlueMatt]

Same here, maybe sort them and put a difference instead of the full one?

[arik-so]

done, using BigSize

[TheBlueMatt]

Maybe set a flag value instead? ie MAX_UINT64 means "no htlc-max", and the server-side can cap it down to 21 million BTC without loss.

[arik-so]

I'm not sure this saves space, because if there is no HTLC maximum, sending a u8 takes up less space than a u64.

[arik-so]

we could do something interesting with BigSize?

[arik-so]

The sizes are equivalent when the number of present HTLCs == 7 * absent HTLCs. If there are more present HTLCs than absent ones, using the u64::MAX-flag saves space, and otherwise, using the u8-prefix saves space. We could add a global u8 flag at the beginning specifying which encoding is used in this transmission, and set it depending on the relation of the set/unset HTLC maxima.

[TheBlueMatt]

My point was based on the assumption that the vast majority of full updates would have a htlc max, but, more importantly, see #1155 (comment)

[arik-so]

Based on testing, it does indeed appear that the 7:1 ratio of set/updated HTLC maxima vs removed HTLC maxima is preserved, so for now we'll just always use u64::MAX

[jkczyz]

FWIW, wherever you have an Option and need to return an error for None you can simplify with ok_or_else and ?, e.g.:

			let channel = read_only_network_graph
				.channels()
				.get(&short_channel_id)
				.ok_or_else(|| LightningError {
					err: "Couldn't find channel for update".to_owned(),
					action: ErrorAction::IgnoreError,
				})?;

[jkczyz]

Seeing a build warning here from usage of parentheses.

[arik-so]

I did fix it, but I'm low key annoyed by this. I find with = and ==, parentheses really improve legibility.

[jkczyz]

Feel free to sqaush and rebase on main along with removing commented code, etc.

[jkczyz]

nit: move channel to previous line and reduce indent on other lines.

[jkczyz]

Remove or complete TODO?

[TheBlueMatt]

Oof, yea, that's a tough one, too - in the current design the server has to send every SCID of channels in the current graph in each update or users will just have channels that get more and more out of date and then eventually remove them. I think the only realistic solution is to track where each update came from and only time it out based on that info, sadly, with some ability for users to "convert" a graph from "server-sync" to "p2p-sync"

[TheBlueMatt]

I'm not sure that needs to be solved here, but we absolutely cannot ship this PR as-is without that followup, so would be nice to see it at least in a draft PR IMO.

[arik-so]

Yes, I'll try to have one up with the fuzzing for this one shortly.

[TheBlueMatt]

I think we can remove this TODO now?

[jkczyz]

Has this been addressed?

[jkczyz]

Not sure I understand why this is needed.

[arik-so]

oh good point, addressed

[jkczyz]

Was this addressed in an un-pushed commit?

[jkczyz]

If we have performance concerns with the BTreeMap, one possibility would be to traverse the (sorted) channel updates in parallel with the tree rather than performing look-ups for each update. That would be quite an involved change though.

[jkczyz]

Repeating previous lost comment: move channel up one line and reduce ident of following lines.

[arik-so]

rustfmt seems to strongly disagree with that FYI

[jkczyz]

lol... rustfmt may disagree with itself given it did the opposite a few lines up

[jkczyz]

rustfmt at it again lol

[arik-so]

oh ffs, this is gonna keep happening

[arik-so]

Sure, no problem.

[jkczyz]

I'm happy with this now. Could you squash?

[arik-so]

Certainly!

[TheBlueMatt]

nit: Please restrict git commit messages to 80-90 chars long. The title should be one line of max 80-90 chars. I generally keep mine even shorter but others let it go a bit longer.

[jkczyz]

nit: Please restrict git commit messages to 80-90 chars long. The title should be one line of max 80-90 chars. I generally keep mine even shorter but others let it go a bit longer.

Same. I use 50 characters and vim looks angry if I go over.

[TheBlueMatt]

Some minor comments here and there on tests, and a few doc comments, but after this I'm good to go here.

[TheBlueMatt]

Need to settle on the name before we land this. Maybe we just link to the server repo (which we should migrate to lightningdevkit org IMO)

[arik-so]

I expect there are going to be multiple iterations here. My proposal is lightning-rapid-gossip-sync or lightning-rapid-gossip-sync-client, though I think client is somewhat implied given what repository it's in.

[TheBlueMatt]

We should link to the server repo (which I think we should go ahead and move into the lightningdevkit org)

[arik-so]

good point

[TheBlueMatt]

nit: Lets move to generation time? That way we have a bit more determinism for the timestamps in the requests (ie we could fix them to be round numbers). Not a big deal either way, though, as they're already fixed.

[arik-so]

Different data sets generated at the same time can have different latest seen timestamps. I think keeping it as is does not unnecessarily expand the attack surface, so I'd rather keep it.

[TheBlueMatt]

We only have one reference now, right? In general does this section need rewritten to talk about things from a snapshotting perspective?

[TheBlueMatt]

This section needs a "as of date X with network graph of size Y"

[TheBlueMatt]

Lets not wholesale #[ignore] but rather only ignore failures to find the specific file (and then reuse the --cfg=require_route_graph_test configure flag we use to force the test to fail in CI if the file is missing).

[TheBlueMatt]

nit: Why not just always panic with the error message and then include the io error in the message?

[TheBlueMatt]

Do we want to allow for basic extensibility by just not checking for the end and letting there be excess stuff we ignore?

[arik-so]

Not in this version, no. I think for now it's safer to make sure the entire response can be parsed correctly end to end.

[TheBlueMatt]

Lets not assert that the print encoding is a specific format here (and in the other tests in this file). Asserting that it includes certain pubkeys seems fine, but not a specific character length or that pubkeys are printed with a : afterwards.

[TheBlueMatt]

rapid gossip seems like a fine name but lets make sure we're consistent everywhere in what we call this.

[TheBlueMatt]

nit: I dont think we (directly) need secp-recovery?

[TheBlueMatt]

minus a week, right?

[TheBlueMatt]

an change?

[TheBlueMatt]

Its really confusing to just say "latest timestamp" here - we mean the time we saw the latest update, not the timestamp in the update, which is what I'd expect this to refer to.

[TheBlueMatt]

no idea what you mean? Clients have to store the full graph, not just one variable?

[TheBlueMatt]

s/increasing the likelihood payments will are/forcing all payments to be/

[TheBlueMatt]

s/a modicum of//

[TheBlueMatt]

This paragrpah seems to be missing a lot of context to me, and I think we can just drop it and the next one, we don't need that much detail in the crate docs - just add the word "differential" in the second paragraph and I think we're good.

[TheBlueMatt]

Here and in processing.rs - we need to return the timestamp number that the user needs to store so they can use that to query for the next version.

[TheBlueMatt]

There needs to be docs for how to use this, too - right now its just a bag of functions that says "pass in a file or something you get from a server, but you have to query the server with some number that's not exposed to you". We should define a URI scheme (I'd suggest, like, https://graphsync.lightningdevkit.org/v1/$LAST_SYNC_TIMESTAMP.bin) and exact semantics for how to query.

[arik-so]

There are docs in the server.

[TheBlueMatt]

Then the client needs to directly link to the server. Also, if we intend to run a public server that anyone can use, we should have docs in the client that tells people how to use it - just having a "how to run your own server" guide doesn't help clients who shouldn't ever need to look at the server code (if they dont want to) :)

[arik-so]

Well, the client does link to the server, which does have comments in the readme showing the request paths. I'm happy to copy the request paths section here, but given that every server instance is gonna use a different API prefix, not to mention domain, I don't know what else to say here.

[TheBlueMatt]

I think, given its only about 5 LoC, it'd be nice to have a full ``` comment here describing how you can sync the graph from graphsync.lightningdevkit.org. Given this is actually really simple to use, we should show people reading the docs here just how simple it is to use :).

[arik-so]

Once we have the example service up, sure. Should we just say that that's gonna be an example URL in the future?

[TheBlueMatt]

I'd hope we can get an example service up pretty quick - we should be able to get one up in a matter of minutes, no? Lets just commit to doing it :)

[arik-so]

No, I can't commit to responding to all the server comments within minutes; some are a bit painful to address.

[TheBlueMatt]

lol nah, I meant we could take the server as-is and run it within five minutes to get an example Service up, and improving it a bit over time is just gravy :)

[TheBlueMatt]

Why is the return value in a single-element tuple?

[jkczyz]

Document return type here, too.

[TheBlueMatt]

I assume this should be 0 the first time? We should say that.

[TheBlueMatt]

Can we say something about reading from disk?

[TheBlueMatt]

LGTM! A few rather trivial notes which can just be addressed when squashing IMO.

[TheBlueMatt]

Not worth doing it here, but as a followup we should look into some kind of mutator accessor for the network graph, then we'd avoid the double-lookup here.

[TheBlueMatt]

LGTM. I'm ready for squash, @jkczyz ?