routerrpc: add validation to MPP params

[NishantBansal2003]

Change Description

Fixes: #8916
Adds validation to ensure that MPP parameters are compatible with the payment amount before attempting the payment. This prevents payments from entering a path finding loop that would eventually timeout.

Steps to Test

Added itest to validate that a payment with multipath parameters exceeding the allowed maximum amount fails with the expected error.

Pull Request Checklist

Testing

• Your PR passes all CI checks.
• Tests covering the positive and negative (error paths) are included.
• Bug fixes contain tests triggering the bug to prevent regressions.

Code Style and Documentation

• The change is not insubstantial. Typo fixes are not accepted to fight bot spam.
• The change obeys the Code Documentation and Commenting guidelines, and lines wrap at 80.
• Commits follow the Ideal Git Commit Structure.
• Any new logging statements use an appropriate subsystem and logging level.
• Any new lncli commands have appropriate tags in the comments for the rpc in the proto file.
• There is a change description in the release notes, or [skip ci] in the commit message for small changes.

📝 Please see our Contribution Guidelines for further guidance.

[coderabbitai]

Important

Review skipped

Auto reviews are limited to specific labels.

🏷️ Labels to auto review (1)

• llm-review

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai plan to trigger planning for file edits and PR creation.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[yyforyongyu]

Thanks for the PR! Left a few comments re the format and test.

[yyforyongyu]

why do we need to set MaxShardSizeMsat here?

[NishantBansal2003]

To validate that when the mpp params permit sending the full payment amount, the payment is successfully settled. I'll add a comment in the test to make this clear.

[ziggie1984]

Instead of just adding here the MaxShardSizeMsat please create a separate test which tests exactly the validation. This separates the test cases nicely and can be build integrating your test above testValidateMPPParams. First trying a lower shard amount and then increasing it and succeeding.

[yyforyongyu]

the format is not quite right, see https://github.com/lightningnetwork/lnd/blob/master/docs/code_formatting_rules.md#wrapping-long-function-definitions

[yyforyongyu]

Also check this in testSendToRouteMultiPath?

[yyforyongyu]

LGTM🌹

[ziggie1984]

Thanks for the fix, left some comments.

[ziggie1984]

Nit: New line above

[ziggie1984]

Instead of just adding here the MaxShardSizeMsat please create a separate test which tests exactly the validation. This separates the test cases nicely and can be build integrating your test above testValidateMPPParams. First trying a lower shard amount and then increasing it and succeeding.

[yyforyongyu]

this check should be moved to where we assign payIntent.MaxParts at L863 so we can exit early.

[NishantBansal2003]

Let's put it at L873, since the MPP will only be used when MaxShardSizeMsat > 0. So, if MaxShardSizeMsat is not being set, then there is no issue with the value of MaxParts?

[yyforyongyu]

think we should check payIntent.MaxShardAmt for clarity.

[yyforyongyu]

For a simple test like this, I'd say we use ht.CreateSimpleNetwork instead as we are not testing the routing behavior here.

[yyforyongyu]

The comment needs to be updated.

[yyforyongyu]

I think we can instead create a single invoice for the whole test case as we know only the last send payment will succeed.

[yyforyongyu]

Can use ht.AssertInvoiceSettled instead.

[ziggie1984]

I think we should just add a unit-test instead of adding a itest.

Moreover let's remove the minRequired parts check yy has a valid point.

[ziggie1984]

it's MPP/AMP

[ziggie1984]

Personally I think a itest for this change might be a bit overkill, can we not just test the extractIntentFromSendRequest via a unit-test in router_backend_test.go ?

[ziggie1984]

Nice, left some comments.

[ziggie1984]

Nit: Why not keep the naming here from the above code ?

maxShardAmt, maxParts ?

[ziggie1984]

Missing godoc, would be great if you could properly test the whole extract func. otherwise create a comment which specifies that you are in specific only testing the shard multipart payment logic.

[NishantBansal2003]

I have added tests for the entire extract function.

[ziggie1984]

I think this iis not necessary anymore with the go compiler option loopvar

[ziggie1984]

add t.Parallel() to speed up testing.

[yyforyongyu]

Nice test!

[MPins]

Well done 👍

Left some comments that might help make the test a bit cleaner.

[MPins]

nit: this struct doesn't need to be exported, so it can start with a lowercase letter.

[MPins]

nit: Setting MaxTotalTimelock is not needed.

[MPins]

nit: Setting MaxTotalTimelock is not needed.

[MPins]

nit: Setting MaxTotalTimelock is not needed.

[MPins]

nit: Setting MaxTotalTimelock is not needed.

[MPins]

Looking closer, I found some missing tests and suggest a few naming changes to make it clearer what each test is actually doing.

Besides the suggested additions I made, we could also add a test for the case where the invoice has an amount specified and the payer is not allowed to override it. However, to test that properly, we would need a non-expired invoice. I don't think it's strictly necessary, though.

[MPins]

nit: I would change the name of the test to "Invalid last hop pubkey length".

[MPins]

nit: Setting OutgoingChanId is not needed.

[MPins]

nit: I would change the name of the test to "Dest custom records with type below minimum range"

[MPins]

nit: I would change the name of the test to "Custom record entry with TLV type below minimum range"

[MPins]

nit: I would change the name of the test to "Invalid payment request length"

[MPins]

nit: I would change the name of the test to "Invalid payment hash length"

[MPins]

You can add the test below to increase the code coverage:

		{
			name: "total time lock exceeds max allowed",
			backend: &RouterBackend{
				MaxTotalTimelock: 1000,
			},
			sendReq: &SendPaymentRequest{
				CltvLimit: 1001,
			},
			valid: false,
			expectedErrorMsg: "total time lock of 1001 exceeds "+
			"max allowed 1000",
		},

[MPins]

You can add the test below to increase the code coverage:

		{
			name: "Fee limit cannot be negative",
			backend: &RouterBackend{},
			sendReq: &SendPaymentRequest{
				FeeLimitSat:  -1,
			},
			valid: false,
			expectedErrorMsg: "amount cannot be negative",
		},

[NishantBansal2003]

we could also add a test for the case where the invoice has an amount specified and the payer is not allowed to override it. However, to test that properly, we would need a non-expired invoice.

Yes, we require a non-expired invoice, which is why I was unable to add a test for it. Perhaps, in such cases, "itest" would suffice?

[MPins]

LGTM

[MPins]

suffice
Maybe creating an iTest is too much just to cover this use case.

[ziggie1984]

you can use: make unit-cover case=TestExtractIntentFromSendRequest and check the result coverage file for extractIntentFromSendRequest function to check if everything is covered using: go tool cover -html=coverage.txt, thats a pretty nice check on your tests.

[NishantBansal2003]

you can use: make unit-cover case=TestExtractIntentFromSendRequest and check the result coverage file for extractIntentFromSendRequest function to check if everything is covered using: go tool cover -html=coverage.txt, thats a pretty nice check on your tests.

Thanks, this helped! I have also updated the tests for the latest changes.

[lightninglabs-deploy]

@ziggie1984: review reminder