From ddfca825be2aab2838f85b15ad121ff6fcbba3fe Mon Sep 17 00:00:00 2001 From: Christian Decker Date: Mon, 25 Aug 2025 16:06:39 +0200 Subject: [PATCH 1/4] sproxy+plugin: Be very verbose about the HSM requests and responses --- libs/gl-plugin/src/node/mod.rs | 2 ++ libs/gl-signerproxy/src/hsmproxy.rs | 15 ++++++++++----- 2 files changed, 12 insertions(+), 5 deletions(-) diff --git a/libs/gl-plugin/src/node/mod.rs b/libs/gl-plugin/src/node/mod.rs index a38320a25..0f2155350 100644 --- a/libs/gl-plugin/src/node/mod.rs +++ b/libs/gl-plugin/src/node/mod.rs @@ -369,6 +369,7 @@ impl Node for PluginNodeServer { req.request.signer_state.len() ); + eprintln!("WIRE: plugin -> signer: {:?}", req); if let Err(e) = tx.send(Ok(req.request)).await { warn!("Error streaming request {:?} to hsm_id={}", e, hsm_id); break; @@ -393,6 +394,7 @@ impl Node for PluginNodeServer { log::warn!("The above error was returned instead of a response."); return Ok(Response::new(pb::Empty::default())); } + eprintln!("WIRE: signer -> plugin: {:?}", req); // Create a state from the key-value-version tuples. Need to // convert here, since `pb` is duplicated in the two different diff --git a/libs/gl-signerproxy/src/hsmproxy.rs b/libs/gl-signerproxy/src/hsmproxy.rs index 3413964d0..e77a311f2 100644 --- a/libs/gl-signerproxy/src/hsmproxy.rs +++ b/libs/gl-signerproxy/src/hsmproxy.rs @@ -70,12 +70,12 @@ async fn process_requests( if let Ok(msg) = conn.read().await { match msg.msgtype() { 9 => { - debug!("Got a message from node: {:?}", &msg.body); + eprintln!("Got a message from node: {:?}", &msg.body); // This requests a new client fd with a given context, // handle it locally, and defer the creation of the client // fd on the server side until we need it. let ctx = HsmRequestContext::from_client_hsmfd_msg(&msg)?; - debug!("Got a request for a new client fd. Context: {:?}", ctx); + eprintln!("Got a request for a new client fd. Context: {:?}", ctx); let (local, remote) = UnixStream::pair()?; let local = NodeConnection { @@ -103,15 +103,20 @@ async fn process_requests( signer_state: Vec::new(), }); let start_time = tokio::time::Instant::now(); - debug!("Got a message from node: {:?}", &req); + eprintln!( + "WIRE: lightningd -> hsmd: Got a message from node: {:?}", + &req + ); + eprintln!("WIRE: hsmd -> plugin: Forwarding: {:?}", &req); let res = server.request(req).await?.into_inner(); let msg = Message::from_raw(res.raw); let delta = start_time.elapsed(); - debug!( - "Got respone from hsmd: {:?} after {}ms", + eprintln!( + "WIRE: plugin -> hsmd: Got respone from hsmd: {:?} after {}ms", &msg, delta.as_millis() ); + eprintln!("WIRE: hsmd -> lightningd: {:?}", &msg); conn.write(msg).await? } } From 3d0d1ca4427d70836de838189c965d4e67ac691e Mon Sep 17 00:00:00 2001 From: Christian Decker Date: Wed, 3 Sep 2025 11:25:42 +0200 Subject: [PATCH 2/4] examples: Fix a deprecation warning --- examples/rust/snippets/getting_started.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/rust/snippets/getting_started.rs b/examples/rust/snippets/getting_started.rs index b16ccdc8b..0b37f51d9 100644 --- a/examples/rust/snippets/getting_started.rs +++ b/examples/rust/snippets/getting_started.rs @@ -45,7 +45,7 @@ async fn create_seed() -> Vec { let m = Mnemonic::generate_in_with(&mut rng, Language::English, 24).unwrap(); //Show seed phrase to user - let _phrase = m.word_iter().fold("".to_string(), |c, n| c + " " + n); + let _phrase = m.words().fold("".to_string(), |c, n| c + " " + n); const EMPTY_PASSPHRASE: &str = ""; let seed = &m.to_seed(EMPTY_PASSPHRASE)[0..32]; // Only need the first 32 bytes From dc63b7610c4d868594495989e602a89fcb0c476f Mon Sep 17 00:00:00 2001 From: Christian Decker Date: Wed, 3 Sep 2025 11:26:13 +0200 Subject: [PATCH 3/4] subd: Make the node and signerproxy less noisy --- libs/gl-plugin/src/node/mod.rs | 15 +++++++-------- libs/gl-signerproxy/src/hsmproxy.rs | 2 +- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/libs/gl-plugin/src/node/mod.rs b/libs/gl-plugin/src/node/mod.rs index 0f2155350..6de3ce7fc 100644 --- a/libs/gl-plugin/src/node/mod.rs +++ b/libs/gl-plugin/src/node/mod.rs @@ -32,6 +32,8 @@ static LIMITER: OnceCell> = OnceCell::const_new(); static RPC_CLIENT: OnceCell>> = OnceCell::const_new(); +static RPC_POLL_INTERVAL: Duration = Duration::from_millis(500); + pub async fn get_rpc>(path: P) -> Arc> { RPC_CLIENT @@ -42,12 +44,9 @@ pub async fn get_rpc>(path: P) -> Arc> { debug!("Connected to lightning-rpc."); return Arc::new(Mutex::new(client)); } - Err(e) => { - debug!( - "Failed to connect to lightning-rpc: {:?}. Retrying in 50m...", - e - ); - tokio::time::sleep(Duration::from_millis(50)).await; + Err(_) => { + debug!("Failed to connect to lightning-rpc. Retrying in {RPC_POLL_INTERVAL:?}..."); + tokio::time::sleep(RPC_POLL_INTERVAL).await; continue; } } @@ -369,7 +368,7 @@ impl Node for PluginNodeServer { req.request.signer_state.len() ); - eprintln!("WIRE: plugin -> signer: {:?}", req); + eprintln!("WIRE: plugin -> signer: {:?}", req); if let Err(e) = tx.send(Ok(req.request)).await { warn!("Error streaming request {:?} to hsm_id={}", e, hsm_id); break; @@ -394,7 +393,7 @@ impl Node for PluginNodeServer { log::warn!("The above error was returned instead of a response."); return Ok(Response::new(pb::Empty::default())); } - eprintln!("WIRE: signer -> plugin: {:?}", req); + eprintln!("WIRE: signer -> plugin: {:?}", req); // Create a state from the key-value-version tuples. Need to // convert here, since `pb` is duplicated in the two different diff --git a/libs/gl-signerproxy/src/hsmproxy.rs b/libs/gl-signerproxy/src/hsmproxy.rs index e77a311f2..c1b385759 100644 --- a/libs/gl-signerproxy/src/hsmproxy.rs +++ b/libs/gl-signerproxy/src/hsmproxy.rs @@ -4,7 +4,7 @@ use crate::pb::{hsm_client::HsmClient, Empty, HsmRequest, HsmRequestContext}; use crate::wire::{DaemonConnection, Message}; use anyhow::{anyhow, Context}; use anyhow::{Error, Result}; -use log::{debug, error, info, warn}; +use log::{error, info, warn}; use std::convert::TryFrom; use std::env; use std::os::unix::io::{AsRawFd, FromRawFd}; From 309f8baf49835386c64437035d95eb0e5fd1b716 Mon Sep 17 00:00:00 2001 From: Christian Decker Date: Wed, 3 Sep 2025 11:26:40 +0200 Subject: [PATCH 4/4] signer: Do not override the TLS SNI domain name if we're using a domain --- libs/gl-client/src/signer/mod.rs | 27 +++++++++++++++++---------- 1 file changed, 17 insertions(+), 10 deletions(-) diff --git a/libs/gl-client/src/signer/mod.rs b/libs/gl-client/src/signer/mod.rs index 2142ac3c4..8533db573 100644 --- a/libs/gl-client/src/signer/mod.rs +++ b/libs/gl-client/src/signer/mod.rs @@ -386,9 +386,16 @@ impl Signer { /// requests from it. The requests are then verified and processed /// using the `Hsmd`. pub async fn run_once(&self, node_uri: Uri) -> Result<(), Error> { - debug!("Connecting to node at {}", node_uri); + info!("Connecting to node at {}", node_uri); + + let tls_config = if node_uri.host().unwrap_or_default().contains("blckstrm") { + self.tls.inner.clone() + } else { + self.tls.inner.clone().domain_name("localhost") + }; + let c = Endpoint::from_shared(node_uri.to_string())? - .tls_config(self.tls.inner.clone().domain_name("localhost"))? + .tls_config(tls_config)? .tcp_keepalive(Some(crate::TCP_KEEPALIVE)) .http2_keep_alive_interval(crate::TCP_KEEPALIVE) .keep_alive_timeout(crate::TCP_KEEPALIVE_TIMEOUT) @@ -725,7 +732,7 @@ impl Signer { &self, scheduler_uri: String, ) -> Result> { - debug!("Connecting to scheduler at {scheduler_uri}"); + info!("Connecting to scheduler at {scheduler_uri}"); let channel = Endpoint::from_shared(scheduler_uri.clone())? .tls_config(self.tls.inner.clone())? @@ -740,7 +747,7 @@ impl Signer { // If it fails due to connection error, sleep and retry. Re-throw all other errors. loop { #[allow(deprecated)] - let maybe_upgrade_res = scheduler + let res = scheduler .maybe_upgrade(UpgradeRequest { initmsg: self.init.clone(), signer_version: self.version().to_owned(), @@ -752,19 +759,19 @@ impl Signer { }) .await; - if let Err(err_status) = maybe_upgrade_res { - match err_status.code() { + match res { + Err(e) => match e.code() { Code::Unavailable => { debug!("Cannot connect to scheduler, sleeping and retrying"); sleep(Duration::from_secs(3)).await; continue; } - _ => { - return Err(Error::Upgrade(err_status))?; - } + _ => Err(Error::Upgrade(e))?, + }, + Ok(r) => { + debug!("Server reports version {}", r.into_inner().old_version) } } - break; } Ok(scheduler)