multi+server.go: add initial permissions for some peers

[Crypt-iQ]

This patch adds initial access permissions in the server for some peers:

• If the peer has ever had a channel with us that has confirmed on-chain, they'll be given protected access.
• If it has a pending-open channel, it'll be given temporary status.
• Otherwise, it'll get restricted status.

In the future, we can tune this criteria. Some of the discovery ban code has also been moved to server.go so that it is somewhat unified.

[coderabbitai]

Important

Review skipped

Auto reviews are limited to specific labels.

🏷️ Labels to auto review (1)

• llm-review

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[bhandras]

First shallow pass done, great work! Concept ACK! 🎉 Going to spend some more time with the details. I think in the mean time feel free to reply to my comments with your thoughts/ideas.

[bhandras]

I suggest refining the return value of this function to make it more general and readable. Rather than categorizing peers as permanent or temporary, we could simply return a single map (map[string]ChanCount) containing the open, pending, and closed channel counts for each peer, where ChanCount is:

struct ChanCount {
   open int
   pending int
   closed int
}

If you agree, could you please also add a basic unit test for this function?

[Crypt-iQ]

I agree that the maps can be merged but I don't think we should track either open or closed counts, there's no point in the current punishment mechanism

[bhandras]

Alternatively, shouldAccept could receive the pubkey and return false if it's nil so we don't need two separate rejection blocks.

[Crypt-iQ]

Think this is fine as-is, would rather the server not have to take public key pointers

[bhandras]

Why use an alternative mutex if we already that expect the server mutex is locked?

[Crypt-iQ]

I'll change the comment, it's meant to convey that if the server mutex is going to be locked, this mutex cannot be locked before the server mutex

[bhandras]

Thanks, now clearer.

[bhandras]

Ideally the ban logic could be separated into its own type altogether and so we could add extensive test coverage through unit tests.

[Crypt-iQ]

Can you elaborate? Do you mean like a new struct/pkg?

[bhandras]

If possible would be nice to decouple the peer banning logic from the server to its own type (struct) so we can cover it with tests separately.

[bhandras]

iiuc we could end up demoting more than one peer at the same time.

[Crypt-iQ]

How so?

[bhandras]

IIUC when we decrement s.numRestricted when we disconnect and then remove the peer. But the banScoreMtx is lifted in between so it could be that if we reach the ceiling then concurrent calls to this function would still see the same counts. Doesn't seem to be an issue to me, more just a remark.

[bhandras]

I don't think we really need the peerScores map either, we can just have a function returning the status based on channel state counts.

[Crypt-iQ]

prefer to keep as-is for now in case we actually start scoring

[bhandras]

nit: should we add the status to the error?

[Crypt-iQ]

It's unreachable code, only added for completeness

[bhandras]

Looks pretty good! Could you please add an itest covering the added functionality?

[bhandras]

Thanks, now clearer.

[bhandras]

nit: consider renaming to HasOpenOrClosedChan for better readability. Also please add godocs to these exported fields.

[bhandras]

I assume we also want to skip non-buckets, so:

// If there's a value, it's not a bucket so ignore it.
if v != nil {
	return nil
}

[Crypt-iQ]

I'll add it. only buckets are stored here though and anybody who is messing with this database structure needs to know what they're doing already and should not be adding key-values here as it would mess up other things

[bhandras]

nit: Similarly maybe best to rename to PendingOpenCount for clarity.

[bhandras]

Given that we iterate over the openChannelBucket which is keyed by the peer pubkey, the peerCounts map should not have any count for nodeStr. Also the two cases of the below if are exactly the same.

[Crypt-iQ]

Ah that's right. I wrote the if-else the other way without cases and thought it was confusing for the reader. I'll change this to just insert

[bhandras]

nit: expected comes first.

[bhandras]

nit: I think it'd be better to explicitly return peerStatusRestricted here and above.

[Crypt-iQ]

imo doesn't matter, we're returning an error

[Crypt-iQ]

on second thought, we're dealing with access control so I'll explicitly return

[bhandras]

If possible would be nice to decouple the peer banning logic from the server to its own type (struct) so we can cover it with tests separately.

[bhandras]

IIUC when we decrement s.numRestricted when we disconnect and then remove the peer. But the banScoreMtx is lifted in between so it could be that if we reach the ceiling then concurrent calls to this function would still see the same counts. Doesn't seem to be an issue to me, more just a remark.

[Crypt-iQ]

I tested the code in a different way and found that the demotion logic for NotifyFundingTimeout only notifies if we are the recipient of a pending channel rather than the initiator. I think this is fine since we have initiated this and the channel potentially could become active as the spec uses a SHOULD for fundee forgetting requirements rather than a MUST.