projects / rust-lightning / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw (from parent 2: 1d6c09a)
Merge pull request #310 from ariard/2019-02-clarify-send-htlc-policy
authorMatt Corallo <649246+TheBlueMatt@users.noreply.github.com>
Fri, 2 Aug 2019 19:30:41 +0000 (19:30 +0000)
committerGitHub <noreply@github.com>
Fri, 2 Aug 2019 19:30:41 +0000 (19:30 +0000)
Clarify policy applied in send htlc error msgs

65 files changed:
.gitignore patch | blob | history
.travis.yml patch | blob | history
Cargo.toml patch | blob | history
README.md patch | blob | history
fuzz/Cargo.toml patch | blob | history
fuzz/fuzz_targets/chanmon_deser_target.rs patch | blob | history
fuzz/fuzz_targets/chanmon_fail_consistency.rs patch | blob | history
fuzz/fuzz_targets/full_stack_target.rs patch | blob | history
fuzz/fuzz_targets/msg_targets/msg_accept_channel_target.rs patch | blob | history
fuzz/fuzz_targets/msg_targets/msg_announcement_signatures_target.rs patch | blob | history
fuzz/fuzz_targets/msg_targets/msg_channel_announcement_target.rs patch | blob | history
fuzz/fuzz_targets/msg_targets/msg_channel_reestablish_target.rs patch | blob | history
fuzz/fuzz_targets/msg_targets/msg_channel_update_target.rs patch | blob | history
fuzz/fuzz_targets/msg_targets/msg_closing_signed_target.rs patch | blob | history
fuzz/fuzz_targets/msg_targets/msg_commitment_signed_target.rs patch | blob | history
fuzz/fuzz_targets/msg_targets/msg_decoded_onion_error_packet_target.rs patch | blob | history
fuzz/fuzz_targets/msg_targets/msg_error_message_target.rs patch | blob | history
fuzz/fuzz_targets/msg_targets/msg_funding_created_target.rs patch | blob | history
fuzz/fuzz_targets/msg_targets/msg_funding_locked_target.rs patch | blob | history
fuzz/fuzz_targets/msg_targets/msg_funding_signed_target.rs patch | blob | history
fuzz/fuzz_targets/msg_targets/msg_init_target.rs patch | blob | history
fuzz/fuzz_targets/msg_targets/msg_node_announcement_target.rs patch | blob | history
fuzz/fuzz_targets/msg_targets/msg_onion_hop_data_target.rs patch | blob | history
fuzz/fuzz_targets/msg_targets/msg_open_channel_target.rs patch | blob | history
fuzz/fuzz_targets/msg_targets/msg_ping_target.rs patch | blob | history
fuzz/fuzz_targets/msg_targets/msg_pong_target.rs patch | blob | history
fuzz/fuzz_targets/msg_targets/msg_revoke_and_ack_target.rs patch | blob | history
fuzz/fuzz_targets/msg_targets/msg_shutdown_target.rs patch | blob | history
fuzz/fuzz_targets/msg_targets/msg_target_template.txt patch | blob | history
fuzz/fuzz_targets/msg_targets/msg_update_add_htlc_target.rs patch | blob | history
fuzz/fuzz_targets/msg_targets/msg_update_fail_htlc_target.rs patch | blob | history
fuzz/fuzz_targets/msg_targets/msg_update_fail_malformed_htlc_target.rs patch | blob | history
fuzz/fuzz_targets/msg_targets/msg_update_fee_target.rs patch | blob | history
fuzz/fuzz_targets/msg_targets/msg_update_fulfill_htlc_target.rs patch | blob | history
fuzz/fuzz_targets/peer_crypt_target.rs patch | blob | history
fuzz/fuzz_targets/router_target.rs patch | blob | history
fuzz/src/util/rust_crypto_nonstd_arch.c [deleted symlink] patch | blob | history
net-tokio/Cargo.toml [new file with mode: 0644] patch | blob
net-tokio/src/lib.rs [new file with mode: 0644] patch | blob
src/chain/chaininterface.rs patch | blob | history
src/chain/keysinterface.rs patch | blob | history
src/chain/transaction.rs patch | blob | history
src/lib.rs patch | blob | history
src/ln/chan_utils.rs patch | blob | history
src/ln/chanmon_update_fail_tests.rs patch | blob | history
src/ln/channel.rs patch | blob | history
src/ln/channelmanager.rs patch | blob | history
src/ln/channelmonitor.rs patch | blob | history
src/ln/functional_test_utils.rs patch | blob | history
src/ln/functional_tests.rs patch | blob | history
src/ln/msgs.rs patch | blob | history
src/ln/onion_utils.rs patch | blob | history
src/ln/peer_channel_encryptor.rs patch | blob | history
src/ln/peer_handler.rs patch | blob | history
src/ln/router.rs patch | blob | history
src/util/config.rs patch | blob | history
src/util/events.rs patch | blob | history
src/util/internal_traits.rs [deleted file] patch | blob | history
src/util/logger.rs patch | blob | history
src/util/macro_logger.rs patch | blob | history
src/util/mod.rs patch | blob | history
src/util/rng.rs [deleted file] patch | blob | history
src/util/ser.rs patch | blob | history
src/util/test_utils.rs patch | blob | history
src/util/transaction_utils.rs patch | blob | history

diff --git a/.gitignore b/.gitignore
index c2c882ddf49b8dd4032826867eed5bc28cbffddb..c795d9b53373103e2a75b2acfdcb1c27facb24e7 100644 (file)
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,6 @@
 /target/
+/net-tokio/target/
 **/*.rs.bk
 Cargo.lock
-/target/
-**/*.rs.bk
-.idea
\ No newline at end of file
+.idea
+
diff --git a/.travis.yml b/.travis.yml
index efdff130b0df85d87b7f7b34e4964aa76a8db100..ef0aa839cf51195cb0304a482a9df86b74b4f008 100644 (file)
--- a/.travis.yml
+++ b/.travis.yml
@@ -3,14 +3,30 @@ rust:
   - stable
   - beta
   - 1.22.0
-  - 1.29.2
+  - 1.34.2
 cache: cargo
 
 before_install:
   - sudo apt-get -qq update
-  - sudo apt-get install -y binutils-dev libunwind8-dev
+  - sudo apt-get install -y binutils-dev libunwind8-dev libcurl4-openssl-dev libelf-dev libdw-dev cmake gcc binutils-dev libiberty-dev
 
 script:
-  - cargo build --verbose
-  - cargo test --verbose
-  - if [ "$(rustup show | grep default | grep 1.29.2)" != "" ]; then cd fuzz && cargo test --verbose && ./travis-fuzz.sh; fi
+  - RUSTFLAGS="-C link-dead-code" cargo build --verbose
+  - rm -f target/debug/lightning-* # Make sure we drop old test binaries
+  - RUSTFLAGS="-C link-dead-code" cargo test --verbose
+  - if [ "$(rustup show | grep default | grep 1.34.2)" != "" ]; then cd fuzz && cargo test --verbose && ./travis-fuzz.sh; fi
+  - if [ "$(rustup show | grep default | grep stable)" != "" ]; then cd net-tokio && cargo build --verbose && cd ..; fi
+  - if [ "$(rustup show | grep default | grep stable)" != "" ]; then
+      wget https://github.com/SimonKagstrom/kcov/archive/master.tar.gz &&
+      tar xzf master.tar.gz &&
+      cd kcov-master &&
+      mkdir build &&
+      cd build &&
+      cmake .. &&
+      make &&
+      make install DESTDIR=../../kcov-build &&
+      cd ../.. &&
+      rm -rf kcov-master &&
+      for file in target/debug/lightning-*; do [ -x "${file}" ] || continue; mkdir -p "target/cov/$(basename $file)"; ./kcov-build/usr/local/bin/kcov --exclude-pattern=/.cargo,/usr/lib --verify "target/cov/$(basename $file)" "$file"; done &&
+      bash <(curl -s https://codecov.io/bash) &&
+      echo "Uploaded code coverage"; fi
diff --git a/Cargo.toml b/Cargo.toml
index caf8b35b3332462e25bee36fdbeff44b455a9a38..c0e7083d12a29b2bfc4507192a1d1edfdfe41bb0 100644 (file)
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -1,6 +1,6 @@
 [package]
 name = "lightning"
-version = "0.0.8"
+version = "0.0.9"
 authors = ["Matt Corallo"]
 license = "Apache-2.0"
 repository = "https://github.com/rust-bitcoin/rust-lightning/"
@@ -22,17 +22,17 @@ max_level_info = []
 max_level_debug = []
 
 [dependencies]
-bitcoin = "0.16"
+bitcoin = "0.18"
 bitcoin_hashes = "0.3"
-rand = "0.4"
 secp256k1 = "0.12"
 
 [dev-dependencies.bitcoin]
-version = "0.16"
+version = "0.18"
 features = ["bitcoinconsensus"]
 
 [dev-dependencies]
 hex = "0.3"
+rand = "0.4"
 
 [profile.dev]
 opt-level = 1
diff --git a/README.md b/README.md
index 5b84449249050102d6a01f99163921f3179a3c86..460571f0070943da516720d588b386aa48d37b31 100644 (file)
--- a/README.md
+++ b/README.md
@@ -1,6 +1,11 @@
+[![Safety Dance](https://img.shields.io/badge/unsafe-forbidden-success.svg)](https://github.com/rust-secure-code/safety-dance/)
+
 Rust-Lightning, not Rusty's Lightning!
+=====
+
+Documentation can be found at [docs.rs](https://docs.rs/lightning/)
 
-Currently somewhere near 15% towards usable, published to see if there is any
+Currently somewhere near 40% towards usable, published to see if there is any
 real interest from folks in using a lightning rust library.
 
 The goal is to provide a full-featured but also incredibly flexible lightning
diff --git a/fuzz/Cargo.toml b/fuzz/Cargo.toml
index 21f3bac22ce693c1cbce0f5a1fa30323db28c667..edf24ffb11964c1274d4d334cb440b20a0f853d8 100644 (file)
--- a/fuzz/Cargo.toml
+++ b/fuzz/Cargo.toml
@@ -18,8 +18,8 @@ libfuzzer_fuzz = ["libfuzzer-sys"]
 [dependencies]
 afl = { version = "0.4", optional = true }
 lightning = { path = "..", features = ["fuzztarget"] }
-bitcoin = { version = "0.16", features = ["fuzztarget"] }
-bitcoin_hashes = { version = "0.2", features=["fuzztarget"] }
+bitcoin = { version = "0.18", features = ["fuzztarget"] }
+bitcoin_hashes = { version = "0.3", features=["fuzztarget"] }
 hex = "0.3"
 honggfuzz = { version = "0.5", optional = true }
 secp256k1 = { version = "0.12", features=["fuzztarget"] }
diff --git a/fuzz/fuzz_targets/chanmon_deser_target.rs b/fuzz/fuzz_targets/chanmon_deser_target.rs
index fb8f0bf6f120f49d6225168b18f4a9aaf55b340e..f741832580173d3f1529be676c223491e1b46fb2 100644 (file)
--- a/fuzz/fuzz_targets/chanmon_deser_target.rs
+++ b/fuzz/fuzz_targets/chanmon_deser_target.rs
@@ -2,12 +2,12 @@
 // To modify it, modify msg_target_template.txt and run gen_target.sh instead.
 
 extern crate bitcoin;
+extern crate bitcoin_hashes;
 extern crate lightning;
 
-use bitcoin::util::hash::Sha256dHash;
+use bitcoin_hashes::sha256d::Hash as Sha256dHash;
 
 use lightning::ln::channelmonitor;
-use lightning::util::reset_rng_state;
 use lightning::util::ser::{ReadableArgs, Writer};
 
 mod utils;
@@ -29,7 +29,6 @@ impl Writer for VecWriter {
 
 #[inline]
 pub fn do_test(data: &[u8]) {
-       reset_rng_state();
        let logger = Arc::new(test_logger::TestLogger::new("".to_owned()));
        if let Ok((latest_block_hash, monitor)) = <(Sha256dHash, channelmonitor::ChannelMonitor)>::read(&mut Cursor::new(data), logger.clone()) {
                let mut w = VecWriter(Vec::new());
diff --git a/fuzz/fuzz_targets/chanmon_fail_consistency.rs b/fuzz/fuzz_targets/chanmon_fail_consistency.rs
index f457a30913b870e4005628697f2f665519108670..3610b1ca6208d1ef289d47c0c28ed4ec9e6ec606 100644 (file)
--- a/fuzz/fuzz_targets/chanmon_fail_consistency.rs
+++ b/fuzz/fuzz_targets/chanmon_fail_consistency.rs
@@ -27,21 +27,22 @@ use bitcoin::network::constants::Network;
 use bitcoin_hashes::Hash as TraitImport;
 use bitcoin_hashes::hash160::Hash as Hash160;
 use bitcoin_hashes::sha256::Hash as Sha256;
+use bitcoin_hashes::sha256d::Hash as Sha256d;
 
 use lightning::chain::chaininterface;
 use lightning::chain::transaction::OutPoint;
 use lightning::chain::chaininterface::{BroadcasterInterface,ConfirmationTarget,ChainListener,FeeEstimator,ChainWatchInterfaceUtil};
 use lightning::chain::keysinterface::{ChannelKeys, KeysInterface};
 use lightning::ln::channelmonitor;
-use lightning::ln::channelmonitor::{ChannelMonitorUpdateErr, HTLCUpdate};
-use lightning::ln::channelmanager::{ChannelManager, PaymentHash, PaymentPreimage};
+use lightning::ln::channelmonitor::{ChannelMonitor, ChannelMonitorUpdateErr, HTLCUpdate};
+use lightning::ln::channelmanager::{ChannelManager, PaymentHash, PaymentPreimage, ChannelManagerReadArgs};
 use lightning::ln::router::{Route, RouteHop};
-use lightning::ln::msgs::{CommitmentUpdate, ChannelMessageHandler, ErrorAction, HandleError, UpdateAddHTLC};
-use lightning::util::{reset_rng_state, fill_bytes, events};
+use lightning::ln::msgs::{CommitmentUpdate, ChannelMessageHandler, ErrorAction, HandleError, UpdateAddHTLC, LocalFeatures};
+use lightning::util::events;
 use lightning::util::logger::Logger;
 use lightning::util::config::UserConfig;
 use lightning::util::events::{EventsProvider, MessageSendEventsProvider};
-use lightning::util::ser::{Readable, Writeable};
+use lightning::util::ser::{Readable, ReadableArgs, Writeable, Writer};
 
 mod utils;
 use utils::test_logger;
@@ -49,7 +50,11 @@ use utils::test_logger;
 use secp256k1::key::{PublicKey,SecretKey};
 use secp256k1::Secp256k1;
 
+use std::mem;
+use std::cmp::Ordering;
+use std::collections::{HashSet, hash_map, HashMap};
 use std::sync::{Arc,Mutex};
+use std::sync::atomic;
 use std::io::Cursor;
 
 struct FuzzEstimator {}
@@ -64,22 +69,63 @@ impl BroadcasterInterface for TestBroadcaster {
        fn broadcast_transaction(&self, _tx: &Transaction) { }
 }
 
+pub struct VecWriter(pub Vec<u8>);
+impl Writer for VecWriter {
+       fn write_all(&mut self, buf: &[u8]) -> Result<(), ::std::io::Error> {
+               self.0.extend_from_slice(buf);
+               Ok(())
+       }
+       fn size_hint(&mut self, size: usize) {
+               self.0.reserve_exact(size);
+       }
+}
+
+static mut IN_RESTORE: bool = false;
 pub struct TestChannelMonitor {
        pub simple_monitor: Arc<channelmonitor::SimpleManyChannelMonitor<OutPoint>>,
        pub update_ret: Mutex<Result<(), channelmonitor::ChannelMonitorUpdateErr>>,
+       pub latest_good_update: Mutex<HashMap<OutPoint, Vec<u8>>>,
+       pub latest_update_good: Mutex<HashMap<OutPoint, bool>>,
+       pub latest_updates_good_at_last_ser: Mutex<HashMap<OutPoint, bool>>,
+       pub should_update_manager: atomic::AtomicBool,
 }
 impl TestChannelMonitor {
-       pub fn new(chain_monitor: Arc<chaininterface::ChainWatchInterface>, broadcaster: Arc<chaininterface::BroadcasterInterface>, logger: Arc<Logger>) -> Self {
+       pub fn new(chain_monitor: Arc<chaininterface::ChainWatchInterface>, broadcaster: Arc<chaininterface::BroadcasterInterface>, logger: Arc<Logger>, feeest: Arc<chaininterface::FeeEstimator>) -> Self {
                Self {
-                       simple_monitor: channelmonitor::SimpleManyChannelMonitor::new(chain_monitor, broadcaster, logger),
+                       simple_monitor: channelmonitor::SimpleManyChannelMonitor::new(chain_monitor, broadcaster, logger, feeest),
                        update_ret: Mutex::new(Ok(())),
+                       latest_good_update: Mutex::new(HashMap::new()),
+                       latest_update_good: Mutex::new(HashMap::new()),
+                       latest_updates_good_at_last_ser: Mutex::new(HashMap::new()),
+                       should_update_manager: atomic::AtomicBool::new(false),
                }
        }
 }
 impl channelmonitor::ManyChannelMonitor for TestChannelMonitor {
        fn add_update_monitor(&self, funding_txo: OutPoint, monitor: channelmonitor::ChannelMonitor) -> Result<(), channelmonitor::ChannelMonitorUpdateErr> {
+               let ret = self.update_ret.lock().unwrap().clone();
+               if let Ok(()) = ret {
+                       let mut ser = VecWriter(Vec::new());
+                       monitor.write_for_disk(&mut ser).unwrap();
+                       self.latest_good_update.lock().unwrap().insert(funding_txo, ser.0);
+                       match self.latest_update_good.lock().unwrap().entry(funding_txo) {
+                               hash_map::Entry::Vacant(mut e) => { e.insert(true); },
+                               hash_map::Entry::Occupied(mut e) => {
+                                       if !e.get() && unsafe { IN_RESTORE } {
+                                               // Technically we can't consider an update to be "good" unless we're doing
+                                               // it in response to a test_restore_channel_monitor as the channel may
+                                               // still be waiting on such a call, so only set us to good if we're in the
+                                               // middle of a restore call.
+                                               e.insert(true);
+                                       }
+                               },
+                       }
+                       self.should_update_manager.store(true, atomic::Ordering::Relaxed);
+               } else {
+                       self.latest_update_good.lock().unwrap().insert(funding_txo, false);
+               }
                assert!(self.simple_monitor.add_update_monitor(funding_txo, monitor).is_ok());
-               self.update_ret.lock().unwrap().clone()
+               ret
        }
 
        fn fetch_pending_htlc_updated(&self) -> Vec<HTLCUpdate> {
@@ -89,6 +135,8 @@ impl channelmonitor::ManyChannelMonitor for TestChannelMonitor {
 
 struct KeyProvider {
        node_id: u8,
+       session_id: atomic::AtomicU8,
+       channel_id: atomic::AtomicU8,
 }
 impl KeysInterface for KeyProvider {
        fn get_node_secret(&self) -> SecretKey {
@@ -119,22 +167,18 @@ impl KeysInterface for KeyProvider {
        }
 
        fn get_session_key(&self) -> SecretKey {
-               let mut session_key = [0; 32];
-               fill_bytes(&mut session_key);
-               SecretKey::from_slice(&session_key).unwrap()
+               let id = self.session_id.fetch_add(1, atomic::Ordering::Relaxed);
+               SecretKey::from_slice(&[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, id, 10, self.node_id]).unwrap()
        }
 
        fn get_channel_id(&self) -> [u8; 32] {
-               let mut channel_id = [0; 32];
-               fill_bytes(&mut channel_id);
-               channel_id
+               let id = self.channel_id.fetch_add(1, atomic::Ordering::Relaxed);
+               [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, id, 11, self.node_id]
        }
 }
 
 #[inline]
 pub fn do_test(data: &[u8]) {
-       reset_rng_state();
-
        let fee_est = Arc::new(FuzzEstimator{});
        let broadcast = Arc::new(TestBroadcaster{});
 
@@ -142,18 +186,67 @@ pub fn do_test(data: &[u8]) {
                ($node_id: expr) => { {
                        let logger: Arc<Logger> = Arc::new(test_logger::TestLogger::new($node_id.to_string()));
                        let watch = Arc::new(ChainWatchInterfaceUtil::new(Network::Bitcoin, Arc::clone(&logger)));
-                       let monitor = Arc::new(TestChannelMonitor::new(watch.clone(), broadcast.clone(), logger.clone()));
+                       let monitor = Arc::new(TestChannelMonitor::new(watch.clone(), broadcast.clone(), logger.clone(), fee_est.clone()));
 
-                       let keys_manager = Arc::new(KeyProvider { node_id: $node_id });
+                       let keys_manager = Arc::new(KeyProvider { node_id: $node_id, session_id: atomic::AtomicU8::new(0), channel_id: atomic::AtomicU8::new(0) });
                        let mut config = UserConfig::new();
                        config.channel_options.fee_proportional_millionths = 0;
                        config.channel_options.announced_channel = true;
-                       config.channel_limits.min_dust_limit_satoshis = 0;
+                       config.peer_channel_config_limits.min_dust_limit_satoshis = 0;
                        (ChannelManager::new(Network::Bitcoin, fee_est.clone(), monitor.clone(), watch.clone(), broadcast.clone(), Arc::clone(&logger), keys_manager.clone(), config).unwrap(),
                        monitor)
                } }
        }
 
+       macro_rules! reload_node {
+               ($ser: expr, $node_id: expr, $old_monitors: expr) => { {
+                       let logger: Arc<Logger> = Arc::new(test_logger::TestLogger::new($node_id.to_string()));
+                       let watch = Arc::new(ChainWatchInterfaceUtil::new(Network::Bitcoin, Arc::clone(&logger)));
+                       let monitor = Arc::new(TestChannelMonitor::new(watch.clone(), broadcast.clone(), logger.clone(), fee_est.clone()));
+
+                       let keys_manager = Arc::new(KeyProvider { node_id: $node_id, session_id: atomic::AtomicU8::new(0), channel_id: atomic::AtomicU8::new(0) });
+                       let mut config = UserConfig::new();
+                       config.channel_options.fee_proportional_millionths = 0;
+                       config.channel_options.announced_channel = true;
+                       config.peer_channel_config_limits.min_dust_limit_satoshis = 0;
+
+                       let mut monitors = HashMap::new();
+                       let mut old_monitors = $old_monitors.latest_good_update.lock().unwrap();
+                       for (outpoint, monitor_ser) in old_monitors.drain() {
+                               monitors.insert(outpoint, <(Sha256d, ChannelMonitor)>::read(&mut Cursor::new(&monitor_ser), Arc::clone(&logger)).expect("Failed to read monitor").1);
+                               monitor.latest_good_update.lock().unwrap().insert(outpoint, monitor_ser);
+                       }
+                       let mut monitor_refs = HashMap::new();
+                       for (outpoint, monitor) in monitors.iter() {
+                               monitor_refs.insert(*outpoint, monitor);
+                       }
+
+                       let read_args = ChannelManagerReadArgs {
+                               keys_manager,
+                               fee_estimator: fee_est.clone(),
+                               monitor: monitor.clone(),
+                               chain_monitor: watch,
+                               tx_broadcaster: broadcast.clone(),
+                               logger,
+                               default_config: config,
+                               channel_monitors: &monitor_refs,
+                       };
+
+                       let res = (<(Sha256d, ChannelManager)>::read(&mut Cursor::new(&$ser.0), read_args).expect("Failed to read manager").1, monitor);
+                       for (_, was_good) in $old_monitors.latest_updates_good_at_last_ser.lock().unwrap().iter() {
+                               if !was_good {
+                                       // If the last time we updated a monitor we didn't successfully update (and we
+                                       // have sense updated our serialized copy of the ChannelManager) we may
+                                       // force-close the channel on our counterparty cause we know we're missing
+                                       // something. Thus, we just return here since we can't continue to test.
+                                       return;
+                               }
+                       }
+                       res
+               } }
+       }
+
+
        let mut channel_txn = Vec::new();
        macro_rules! make_channel {
                ($source: expr, $dest: expr, $chan_id: expr) => { {
@@ -166,7 +259,7 @@ pub fn do_test(data: &[u8]) {
                                } else { panic!("Wrong event type"); }
                        };
 
-                       $dest.handle_open_channel(&$source.get_our_node_id(), &open_channel).unwrap();
+                       $dest.handle_open_channel(&$source.get_our_node_id(), LocalFeatures::new(), &open_channel).unwrap();
                        let accept_channel = {
                                let events = $dest.get_and_clear_pending_msg_events();
                                assert_eq!(events.len(), 1);
@@ -175,7 +268,7 @@ pub fn do_test(data: &[u8]) {
                                } else { panic!("Wrong event type"); }
                        };
 
-                       $source.handle_accept_channel(&$dest.get_our_node_id(), &accept_channel).unwrap();
+                       $source.handle_accept_channel(&$dest.get_our_node_id(), LocalFeatures::new(), &accept_channel).unwrap();
                        {
                                let events = $source.get_and_clear_pending_events();
                                assert_eq!(events.len(), 1);
@@ -263,11 +356,11 @@ pub fn do_test(data: &[u8]) {
 
        // 3 nodes is enough to hit all the possible cases, notably unknown-source-unknown-dest
        // forwarding.
-       let (node_a, monitor_a) = make_node!(0);
-       let (node_b, monitor_b) = make_node!(1);
-       let (node_c, monitor_c) = make_node!(2);
+       let (mut node_a, mut monitor_a) = make_node!(0);
+       let (mut node_b, mut monitor_b) = make_node!(1);
+       let (mut node_c, mut monitor_c) = make_node!(2);
 
-       let nodes = [node_a, node_b, node_c];
+       let mut nodes = [node_a, node_b, node_c];
 
        make_channel!(nodes[0], nodes[1], 0);
        make_channel!(nodes[1], nodes[2], 1);
@@ -285,8 +378,15 @@ pub fn do_test(data: &[u8]) {
 
        let mut chan_a_disconnected = false;
        let mut chan_b_disconnected = false;
-       let mut chan_a_reconnecting = false;
-       let mut chan_b_reconnecting = false;
+       let mut ba_events = Vec::new();
+       let mut bc_events = Vec::new();
+
+       let mut node_a_ser = VecWriter(Vec::new());
+       nodes[0].write(&mut node_a_ser).unwrap();
+       let mut node_b_ser = VecWriter(Vec::new());
+       nodes[1].write(&mut node_b_ser).unwrap();
+       let mut node_c_ser = VecWriter(Vec::new());
+       nodes[2].write(&mut node_c_ser).unwrap();
 
        macro_rules! test_err {
                ($res: expr) => {
@@ -362,13 +462,18 @@ pub fn do_test(data: &[u8]) {
 
                macro_rules! process_msg_events {
                        ($node: expr, $corrupt_forward: expr) => { {
-                               for event in nodes[$node].get_and_clear_pending_msg_events() {
+                               let events = if $node == 1 {
+                                       let mut new_events = Vec::new();
+                                       mem::swap(&mut new_events, &mut ba_events);
+                                       new_events.extend_from_slice(&bc_events[..]);
+                                       bc_events.clear();
+                                       new_events
+                               } else { Vec::new() };
+                               for event in events.iter().chain(nodes[$node].get_and_clear_pending_msg_events().iter()) {
                                        match event {
                                                events::MessageSendEvent::UpdateHTLCs { ref node_id, updates: CommitmentUpdate { ref update_add_htlcs, ref update_fail_htlcs, ref update_fulfill_htlcs, ref update_fail_malformed_htlcs, ref update_fee, ref commitment_signed } } => {
-                                                       for (idx, dest) in nodes.iter().enumerate() {
-                                                               if dest.get_our_node_id() == *node_id &&
-                                                                               (($node != 0 && idx != 0) || !chan_a_disconnected) &&
-                                                                               (($node != 2 && idx != 2) || !chan_b_disconnected) {
+                                                       for dest in nodes.iter() {
+                                                               if dest.get_our_node_id() == *node_id {
                                                                        assert!(update_fee.is_none());
                                                                        for update_add in update_add_htlcs {
                                                                                if !$corrupt_forward {
@@ -398,25 +503,16 @@ pub fn do_test(data: &[u8]) {
                                                        }
                                                },
                                                events::MessageSendEvent::SendRevokeAndACK { ref node_id, ref msg } => {
-                                                       for (idx, dest) in nodes.iter().enumerate() {
-                                                               if dest.get_our_node_id() == *node_id &&
-                                                                               (($node != 0 && idx != 0) || !chan_a_disconnected) &&
-                                                                               (($node != 2 && idx != 2) || !chan_b_disconnected) {
+                                                       for dest in nodes.iter() {
+                                                               if dest.get_our_node_id() == *node_id {
                                                                        test_err!(dest.handle_revoke_and_ack(&nodes[$node].get_our_node_id(), msg));
                                                                }
                                                        }
                                                },
                                                events::MessageSendEvent::SendChannelReestablish { ref node_id, ref msg } => {
-                                                       for (idx, dest) in nodes.iter().enumerate() {
+                                                       for dest in nodes.iter() {
                                                                if dest.get_our_node_id() == *node_id {
                                                                        test_err!(dest.handle_channel_reestablish(&nodes[$node].get_our_node_id(), msg));
-                                                                       if $node == 0 || idx == 0 {
-                                                                               chan_a_reconnecting = false;
-                                                                               chan_a_disconnected = false;
-                                                                       } else {
-                                                                               chan_b_reconnecting = false;
-                                                                               chan_b_disconnected = false;
-                                                                       }
                                                                }
                                                        }
                                                },
@@ -433,15 +529,88 @@ pub fn do_test(data: &[u8]) {
                        } }
                }
 
+               macro_rules! drain_msg_events_on_disconnect {
+                       ($counterparty_id: expr) => { {
+                               if $counterparty_id == 0 {
+                                       for event in nodes[0].get_and_clear_pending_msg_events() {
+                                               match event {
+                                                       events::MessageSendEvent::UpdateHTLCs { .. } => {},
+                                                       events::MessageSendEvent::SendRevokeAndACK { .. } => {},
+                                                       events::MessageSendEvent::SendChannelReestablish { .. } => {},
+                                                       events::MessageSendEvent::SendFundingLocked { .. } => {},
+                                                       events::MessageSendEvent::PaymentFailureNetworkUpdate { .. } => {},
+                                                       _ => panic!("Unhandled message event"),
+                                               }
+                                       }
+                                       ba_events.clear();
+                               } else {
+                                       for event in nodes[2].get_and_clear_pending_msg_events() {
+                                               match event {
+                                                       events::MessageSendEvent::UpdateHTLCs { .. } => {},
+                                                       events::MessageSendEvent::SendRevokeAndACK { .. } => {},
+                                                       events::MessageSendEvent::SendChannelReestablish { .. } => {},
+                                                       events::MessageSendEvent::SendFundingLocked { .. } => {},
+                                                       events::MessageSendEvent::PaymentFailureNetworkUpdate { .. } => {},
+                                                       _ => panic!("Unhandled message event"),
+                                               }
+                                       }
+                                       bc_events.clear();
+                               }
+                               let mut events = nodes[1].get_and_clear_pending_msg_events();
+                               let drop_node_id = if $counterparty_id == 0 { nodes[0].get_our_node_id() } else { nodes[2].get_our_node_id() };
+                               let msg_sink = if $counterparty_id == 0 { &mut bc_events } else { &mut ba_events };
+                               for event in events.drain(..) {
+                                       let push = match event {
+                                               events::MessageSendEvent::UpdateHTLCs { ref node_id, .. } => {
+                                                       if *node_id != drop_node_id { true } else { false }
+                                               },
+                                               events::MessageSendEvent::SendRevokeAndACK { ref node_id, .. } => {
+                                                       if *node_id != drop_node_id { true } else { false }
+                                               },
+                                               events::MessageSendEvent::SendChannelReestablish { ref node_id, .. } => {
+                                                       if *node_id != drop_node_id { true } else { false }
+                                               },
+                                               events::MessageSendEvent::SendFundingLocked { .. } => false,
+                                               events::MessageSendEvent::PaymentFailureNetworkUpdate { .. } => false,
+                                               _ => panic!("Unhandled message event"),
+                                       };
+                                       if push { msg_sink.push(event); }
+                               }
+                       } }
+               }
+
                macro_rules! process_events {
                        ($node: expr, $fail: expr) => { {
-                               for event in nodes[$node].get_and_clear_pending_events() {
+                               // In case we get 256 payments we may have a hash collision, resulting in the
+                               // second claim/fail call not finding the duplicate-hash HTLC, so we have to
+                               // deduplicate the calls here.
+                               let mut claim_set = HashSet::new();
+                               let mut events = nodes[$node].get_and_clear_pending_events();
+                               // Sort events so that PendingHTLCsForwardable get processed last. This avoids a
+                               // case where we first process a PendingHTLCsForwardable, then claim/fail on a
+                               // PaymentReceived, claiming/failing two HTLCs, but leaving a just-generated
+                               // PaymentReceived event for the second HTLC in our pending_events (and breaking
+                               // our claim_set deduplication).
+                               events.sort_by(|a, b| {
+                                       if let events::Event::PaymentReceived { .. } = a {
+                                               if let events::Event::PendingHTLCsForwardable { .. } = b {
+                                                       Ordering::Less
+                                               } else { Ordering::Equal }
+                                       } else if let events::Event::PendingHTLCsForwardable { .. } = a {
+                                               if let events::Event::PaymentReceived { .. } = b {
+                                                       Ordering::Greater
+                                               } else { Ordering::Equal }
+                                       } else { Ordering::Equal }
+                               });
+                               for event in events.drain(..) {
                                        match event {
                                                events::Event::PaymentReceived { payment_hash, .. } => {
-                                                       if $fail {
-                                                               assert!(nodes[$node].fail_htlc_backwards(&payment_hash));
-                                                       } else {
-                                                               assert!(nodes[$node].claim_funds(PaymentPreimage(payment_hash.0)));
+                                                       if claim_set.insert(payment_hash.0) {
+                                                               if $fail {
+                                                                       assert!(nodes[$node].fail_htlc_backwards(&payment_hash));
+                                                               } else {
+                                                                       assert!(nodes[$node].claim_funds(PaymentPreimage(payment_hash.0)));
+                                                               }
                                                        }
                                                },
                                                events::Event::PaymentSent { .. } => {},
@@ -462,9 +631,9 @@ pub fn do_test(data: &[u8]) {
                        0x03 => *monitor_a.update_ret.lock().unwrap() = Ok(()),
                        0x04 => *monitor_b.update_ret.lock().unwrap() = Ok(()),
                        0x05 => *monitor_c.update_ret.lock().unwrap() = Ok(()),
-                       0x06 => nodes[0].test_restore_channel_monitor(),
-                       0x07 => nodes[1].test_restore_channel_monitor(),
-                       0x08 => nodes[2].test_restore_channel_monitor(),
+                       0x06 => { unsafe { IN_RESTORE = true }; nodes[0].test_restore_channel_monitor(); unsafe { IN_RESTORE = false }; },
+                       0x07 => { unsafe { IN_RESTORE = true }; nodes[1].test_restore_channel_monitor(); unsafe { IN_RESTORE = false }; },
+                       0x08 => { unsafe { IN_RESTORE = true }; nodes[2].test_restore_channel_monitor(); unsafe { IN_RESTORE = false }; },
                        0x09 => send_payment!(nodes[0], (&nodes[1], chan_a)),
                        0x0a => send_payment!(nodes[1], (&nodes[0], chan_a)),
                        0x0b => send_payment!(nodes[1], (&nodes[2], chan_b)),
@@ -476,6 +645,7 @@ pub fn do_test(data: &[u8]) {
                                        nodes[0].peer_disconnected(&nodes[1].get_our_node_id(), false);
                                        nodes[1].peer_disconnected(&nodes[0].get_our_node_id(), false);
                                        chan_a_disconnected = true;
+                                       drain_msg_events_on_disconnect!(0);
                                }
                        },
                        0x10 => {
@@ -483,20 +653,21 @@ pub fn do_test(data: &[u8]) {
                                        nodes[1].peer_disconnected(&nodes[2].get_our_node_id(), false);
                                        nodes[2].peer_disconnected(&nodes[1].get_our_node_id(), false);
                                        chan_b_disconnected = true;
+                                       drain_msg_events_on_disconnect!(2);
                                }
                        },
                        0x11 => {
-                               if chan_a_disconnected && !chan_a_reconnecting {
+                               if chan_a_disconnected {
                                        nodes[0].peer_connected(&nodes[1].get_our_node_id());
                                        nodes[1].peer_connected(&nodes[0].get_our_node_id());
-                                       chan_a_reconnecting = true;
+                                       chan_a_disconnected = false;
                                }
                        },
                        0x12 => {
-                               if chan_b_disconnected && !chan_b_reconnecting {
+                               if chan_b_disconnected {
                                        nodes[1].peer_connected(&nodes[2].get_our_node_id());
                                        nodes[2].peer_connected(&nodes[1].get_our_node_id());
-                                       chan_b_reconnecting = true;
+                                       chan_b_disconnected = false;
                                }
                        },
                        0x13 => process_msg_events!(0, true),
@@ -511,8 +682,67 @@ pub fn do_test(data: &[u8]) {
                        0x1c => process_msg_events!(2, false),
                        0x1d => process_events!(2, true),
                        0x1e => process_events!(2, false),
+                       0x1f => {
+                               if !chan_a_disconnected {
+                                       nodes[1].peer_disconnected(&nodes[0].get_our_node_id(), false);
+                                       chan_a_disconnected = true;
+                                       drain_msg_events_on_disconnect!(0);
+                               }
+                               let (new_node_a, new_monitor_a) = reload_node!(node_a_ser, 0, monitor_a);
+                               node_a = Arc::new(new_node_a);
+                               nodes[0] = node_a.clone();
+                               monitor_a = new_monitor_a;
+                       },
+                       0x20 => {
+                               if !chan_a_disconnected {
+                                       nodes[0].peer_disconnected(&nodes[1].get_our_node_id(), false);
+                                       chan_a_disconnected = true;
+                                       nodes[0].get_and_clear_pending_msg_events();
+                                       ba_events.clear();
+                               }
+                               if !chan_b_disconnected {
+                                       nodes[2].peer_disconnected(&nodes[1].get_our_node_id(), false);
+                                       chan_b_disconnected = true;
+                                       nodes[2].get_and_clear_pending_msg_events();
+                                       bc_events.clear();
+                               }
+                               let (new_node_b, new_monitor_b) = reload_node!(node_b_ser, 1, monitor_b);
+                               node_b = Arc::new(new_node_b);
+                               nodes[1] = node_b.clone();
+                               monitor_b = new_monitor_b;
+                       },
+                       0x21 => {
+                               if !chan_b_disconnected {
+                                       nodes[1].peer_disconnected(&nodes[2].get_our_node_id(), false);
+                                       chan_b_disconnected = true;
+                                       drain_msg_events_on_disconnect!(2);
+                               }
+                               let (new_node_c, new_monitor_c) = reload_node!(node_c_ser, 2, monitor_c);
+                               node_c = Arc::new(new_node_c);
+                               nodes[2] = node_c.clone();
+                               monitor_c = new_monitor_c;
+                       },
                        _ => test_return!(),
                }
+
+               if monitor_a.should_update_manager.load(atomic::Ordering::Relaxed) {
+                       node_a_ser.0.clear();
+                       nodes[0].write(&mut node_a_ser).unwrap();
+                       monitor_a.should_update_manager.store(false, atomic::Ordering::Relaxed);
+                       *monitor_a.latest_updates_good_at_last_ser.lock().unwrap() = monitor_a.latest_update_good.lock().unwrap().clone();
+               }
+               if monitor_b.should_update_manager.load(atomic::Ordering::Relaxed) {
+                       node_b_ser.0.clear();
+                       nodes[1].write(&mut node_b_ser).unwrap();
+                       monitor_b.should_update_manager.store(false, atomic::Ordering::Relaxed);
+                       *monitor_b.latest_updates_good_at_last_ser.lock().unwrap() = monitor_b.latest_update_good.lock().unwrap().clone();
+               }
+               if monitor_c.should_update_manager.load(atomic::Ordering::Relaxed) {
+                       node_c_ser.0.clear();
+                       nodes[2].write(&mut node_c_ser).unwrap();
+                       monitor_c.should_update_manager.store(false, atomic::Ordering::Relaxed);
+                       *monitor_c.latest_updates_good_at_last_ser.lock().unwrap() = monitor_c.latest_update_good.lock().unwrap().clone();
+               }
        }
 }
 
diff --git a/fuzz/fuzz_targets/full_stack_target.rs b/fuzz/fuzz_targets/full_stack_target.rs
index f0d21937750cde5bce0515a9980eca2510ecb1a9..6145d003b199f5007c1b563266b30dd0da2f9c1d 100644 (file)
--- a/fuzz/fuzz_targets/full_stack_target.rs
+++ b/fuzz/fuzz_targets/full_stack_target.rs
@@ -18,12 +18,13 @@ use bitcoin::blockdata::script::{Builder, Script};
 use bitcoin::blockdata::opcodes;
 use bitcoin::consensus::encode::deserialize;
 use bitcoin::network::constants::Network;
-use bitcoin::util::hash::{BitcoinHash, Sha256dHash};
+use bitcoin::util::hash::BitcoinHash;
 
 use bitcoin_hashes::Hash as TraitImport;
 use bitcoin_hashes::HashEngine as TraitImportEngine;
 use bitcoin_hashes::sha256::Hash as Sha256;
 use bitcoin_hashes::hash160::Hash as Hash160;
+use bitcoin_hashes::sha256d::Hash as Sha256dHash;
 
 use lightning::chain::chaininterface::{BroadcasterInterface,ConfirmationTarget,ChainListener,FeeEstimator,ChainWatchInterfaceUtil};
 use lightning::chain::transaction::OutPoint;
@@ -33,7 +34,6 @@ use lightning::ln::channelmanager::{ChannelManager, PaymentHash, PaymentPreimage
 use lightning::ln::peer_handler::{MessageHandler,PeerManager,SocketDescriptor};
 use lightning::ln::router::Router;
 use lightning::util::events::{EventsProvider,Event};
-use lightning::util::{reset_rng_state, fill_bytes};
 use lightning::util::logger::Logger;
 use lightning::util::config::UserConfig;
 
@@ -49,7 +49,7 @@ use std::collections::{HashMap, hash_map};
 use std::cmp;
 use std::hash::Hash;
 use std::sync::Arc;
-use std::sync::atomic::{AtomicUsize,Ordering};
+use std::sync::atomic::{AtomicU64,AtomicUsize,Ordering};
 
 #[inline]
 pub fn slice_to_be16(v: &[u8]) -> u16 {
@@ -124,9 +124,8 @@ struct Peer<'a> {
        peers_connected: &'a RefCell<[bool; 256]>,
 }
 impl<'a> SocketDescriptor for Peer<'a> {
-       fn send_data(&mut self, data: &Vec<u8>, write_offset: usize, _resume_read: bool) -> usize {
-               assert!(write_offset < data.len());
-               data.len() - write_offset
+       fn send_data(&mut self, data: &[u8], _resume_read: bool) -> usize {
+               data.len()
        }
        fn disconnect_socket(&mut self) {
                assert!(self.peers_connected.borrow()[self.id as usize]);
@@ -208,8 +207,8 @@ impl<'a> MoneyLossDetector<'a> {
                if self.height > 0 && (self.max_height < 6 || self.height >= self.max_height - 6) {
                        self.height -= 1;
                        let header = BlockHeader { version: 0x20000000, prev_blockhash: self.header_hashes[self.height], merkle_root: Default::default(), time: 42, bits: 42, nonce: 42 };
-                       self.manager.block_disconnected(&header);
-                       self.monitor.block_disconnected(&header);
+                       self.manager.block_disconnected(&header, self.height as u32);
+                       self.monitor.block_disconnected(&header, self.height as u32);
                        let removal_height = self.height;
                        self.txids_confirmed.retain(|_, height| {
                                removal_height != *height
@@ -236,6 +235,7 @@ impl<'a> Drop for MoneyLossDetector<'a> {
 
 struct KeyProvider {
        node_secret: SecretKey,
+       counter: AtomicU64,
 }
 impl KeysInterface for KeyProvider {
        fn get_node_secret(&self) -> SecretKey {
@@ -255,61 +255,42 @@ impl KeysInterface for KeyProvider {
        }
 
        fn get_channel_keys(&self, inbound: bool) -> ChannelKeys {
+               let ctr = self.counter.fetch_add(1, Ordering::Relaxed) as u8;
                if inbound {
                        ChannelKeys {
-                               funding_key:               SecretKey::from_slice(&[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0]).unwrap(),
-                               revocation_base_key:       SecretKey::from_slice(&[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, 0]).unwrap(),
-                               payment_base_key:          SecretKey::from_slice(&[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 0]).unwrap(),
-                               delayed_payment_base_key:  SecretKey::from_slice(&[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 4, 0]).unwrap(),
-                               htlc_base_key:             SecretKey::from_slice(&[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 5, 0]).unwrap(),
-                               commitment_seed: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],
+                               funding_key:               SecretKey::from_slice(&[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, ctr]).unwrap(),
+                               revocation_base_key:       SecretKey::from_slice(&[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 2, ctr]).unwrap(),
+                               payment_base_key:          SecretKey::from_slice(&[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, ctr]).unwrap(),
+                               delayed_payment_base_key:  SecretKey::from_slice(&[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 4, ctr]).unwrap(),
+                               htlc_base_key:             SecretKey::from_slice(&[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 5, ctr]).unwrap(),
+                               commitment_seed: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 6, ctr],
                        }
                } else {
                        ChannelKeys {
-                               funding_key:               SecretKey::from_slice(&[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(),
-                               revocation_base_key:       SecretKey::from_slice(&[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(),
-                               payment_base_key:          SecretKey::from_slice(&[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(),
-                               delayed_payment_base_key:  SecretKey::from_slice(&[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(),
-                               htlc_base_key:             SecretKey::from_slice(&[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0]).unwrap(),
-                               commitment_seed: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0],
+                               funding_key:               SecretKey::from_slice(&[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 7, ctr]).unwrap(),
+                               revocation_base_key:       SecretKey::from_slice(&[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 8, ctr]).unwrap(),
+                               payment_base_key:          SecretKey::from_slice(&[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 9, ctr]).unwrap(),
+                               delayed_payment_base_key:  SecretKey::from_slice(&[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 10, ctr]).unwrap(),
+                               htlc_base_key:             SecretKey::from_slice(&[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 11, ctr]).unwrap(),
+                               commitment_seed: [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 12, ctr],
                        }
                }
        }
 
        fn get_session_key(&self) -> SecretKey {
-               let mut session_key = [0; 32];
-               fill_bytes(&mut session_key);
-               SecretKey::from_slice(&session_key).unwrap()
+               let ctr = self.counter.fetch_add(1, Ordering::Relaxed) as u8;
+               SecretKey::from_slice(&[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 13, ctr]).unwrap()
        }
 
        fn get_channel_id(&self) -> [u8; 32] {
-               let mut channel_id = [0; 32];
-               fill_bytes(&mut channel_id);
-               for i in 0..4 {
-                       // byteswap the u64s in channel_id to make it distinct from get_session_key (and match
-                       // old code that wrote out different endianness).
-                       let mut t;
-                       t = channel_id[i*8 + 0];
-                       channel_id[i*8 + 0] = channel_id[i*8 + 7];
-                       channel_id[i*8 + 7] = t;
-                       t = channel_id[i*8 + 1];
-                       channel_id[i*8 + 1] = channel_id[i*8 + 6];
-                       channel_id[i*8 + 6] = t;
-                       t = channel_id[i*8 + 2];
-                       channel_id[i*8 + 2] = channel_id[i*8 + 5];
-                       channel_id[i*8 + 5] = t;
-                       t = channel_id[i*8 + 3];
-                       channel_id[i*8 + 3] = channel_id[i*8 + 4];
-                       channel_id[i*8 + 4] = t;
-               }
-               channel_id
+               let ctr = self.counter.fetch_add(1, Ordering::Relaxed);
+               [0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0,
+               (ctr >> 8*7) as u8, (ctr >> 8*6) as u8, (ctr >> 8*5) as u8, (ctr >> 8*4) as u8, (ctr >> 8*3) as u8, (ctr >> 8*2) as u8, (ctr >> 8*1) as u8, 14, (ctr >> 8*0) as u8]
        }
 }
 
 #[inline]
 pub fn do_test(data: &[u8], logger: &Arc<Logger>) {
-       reset_rng_state();
-
        let input = Arc::new(InputData {
                data: data.to_vec(),
                read_pos: AtomicUsize::new(0),
@@ -343,13 +324,13 @@ pub fn do_test(data: &[u8], logger: &Arc<Logger>) {
 
        let watch = Arc::new(ChainWatchInterfaceUtil::new(Network::Bitcoin, Arc::clone(&logger)));
        let broadcast = Arc::new(TestBroadcaster{});
-       let monitor = channelmonitor::SimpleManyChannelMonitor::new(watch.clone(), broadcast.clone(), Arc::clone(&logger));
+       let monitor = channelmonitor::SimpleManyChannelMonitor::new(watch.clone(), broadcast.clone(), Arc::clone(&logger), fee_est.clone());
 
-       let keys_manager = Arc::new(KeyProvider { node_secret: our_network_key.clone() });
+       let keys_manager = Arc::new(KeyProvider { node_secret: our_network_key.clone(), counter: AtomicU64::new(0) });
        let mut config = UserConfig::new();
        config.channel_options.fee_proportional_millionths =  slice_to_be32(get_slice!(4));
        config.channel_options.announced_channel = get_slice!(1)[0] != 0;
-       config.channel_limits.min_dust_limit_satoshis = 0;
+       config.peer_channel_config_limits.min_dust_limit_satoshis = 0;
        let channelmanager = ChannelManager::new(Network::Bitcoin, fee_est.clone(), monitor.clone(), watch.clone(), broadcast.clone(), Arc::clone(&logger), keys_manager.clone(), config).unwrap();
        let router = Arc::new(Router::new(PublicKey::from_secret_key(&Secp256k1::signing_only(), &keys_manager.get_node_secret()), watch.clone(), Arc::clone(&logger)));
 
@@ -357,7 +338,7 @@ pub fn do_test(data: &[u8], logger: &Arc<Logger>) {
        let mut loss_detector = MoneyLossDetector::new(&peers, channelmanager.clone(), monitor.clone(), PeerManager::new(MessageHandler {
                chan_handler: channelmanager.clone(),
                route_handler: router.clone(),
-       }, our_network_key, Arc::clone(&logger)));
+       }, our_network_key, &[0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 15, 0], Arc::clone(&logger)));
 
        let mut should_forward = false;
        let mut payments_received: Vec<PaymentHash> = Vec::new();
@@ -615,6 +596,12 @@ mod tests {
                // What each byte represents is broken down below, and then everything is concatenated into
                // one large test at the end (you want %s/ -.*//g %s/\n\| \|\t\|\///g).
 
+               // Following BOLT 8, lightning message on the wire are: 2-byte encrypted message length + 
+               // 16-byte MAC of the encrypted message length + encrypted Lightning message + 16-byte MAC
+               // of the Lightning message
+               // I.e 2nd inbound read, len 18 : 0006 (encrypted message length) + 03000000000000000000000000000000 (MAC of the encrypted message length)
+               // Len 22 : 0010 00000000 (encrypted lightning message) + 03000000000000000000000000000000 (MAC of the Lightning message)
+
                // 0000000000000000000000000000000000000000000000000000000000000000 - our network key
                // 00000000 - fee_proportional_millionths
                // 01 - announce_channels_publicly
@@ -627,7 +614,7 @@ mod tests {
                // 030012 - inbound read from peer id 0 of len 18
                // 0006 03000000000000000000000000000000 - message header indicating message length 6
                // 030016 - inbound read from peer id 0 of len 22
-               // 0010 00000000 03000000000000000000000000000000 - init message with no features (type 16)
+               // 0010 00000000 03000000000000000000000000000000 - init message with no features (type 16) and mac
                //
                // 030012 - inbound read from peer id 0 of len 18
                // 0141 03000000000000000000000000000000 - message header indicating message length 321
@@ -636,7 +623,7 @@ mod tests {
                // 030053 - inbound read from peer id 0 of len 83
                // 030000000000000000000000000000000000000000000000000000000000000005 030000000000000000000000000000000000000000000000000000000000000000 01 03000000000000000000000000000000 - rest of open_channel and mac
                //
-               // 00fd00fd00fd - Three feerate requests (all returning min feerate, which our open_channel also uses)
+               // 00fd00fd00fd - Three feerate requests (all returning min feerate, which our open_channel also uses) (gonna be ingested by FuzzEstimator)
                // - client should now respond with accept_channel (CHECK 1: type 33 to peer 03000000)
                //
                // 030012 - inbound read from peer id 0 of len 18
@@ -678,12 +665,12 @@ mod tests {
                // 0010 00000000 01000000000000000000000000000000 - init message with no features (type 16)
                //
                // 05 01 030200000000000000000000000000000000000000000000000000000000000000 00c350 0003e8 - create outbound channel to peer 1 for 50k sat
-               // 00fd00fd00fd - Three feerate requests (all returning min feerate)
+               // 00fd00fd00fd - Three feerate requests (all returning min feerate) (gonna be ingested by FuzzEstimator)
                //
                // 030112 - inbound read from peer id 1 of len 18
                // 0110 01000000000000000000000000000000 - message header indicating message length 272
                // 0301ff - inbound read from peer id 1 of len 255
-               // 0021 0200000000000000020000000000000002000000000000000200000000000000 000000000000001a 00000000004c4b40 00000000000003e8 00000000000003e8 00000002 03f0 0005 030000000000000000000000000000000000000000000000000000000000000100 030000000000000000000000000000000000000000000000000000000000000200 030000000000000000000000000000000000000000000000000000000000000300 030000000000000000000000000000000000000000000000000000000000000400 030000000000000000000000000000000000000000000000000000000000000500 03000000000000000000000000000000 - beginning of accept_channel
+               // 0021 0000000000000000000000000000000000000000000000000000000000000e02 000000000000001a 00000000004c4b40 00000000000003e8 00000000000003e8 00000002 03f0 0005 030000000000000000000000000000000000000000000000000000000000000100 030000000000000000000000000000000000000000000000000000000000000200 030000000000000000000000000000000000000000000000000000000000000300 030000000000000000000000000000000000000000000000000000000000000400 030000000000000000000000000000000000000000000000000000000000000500 03000000000000000000000000000000 - beginning of accept_channel
                // 030121 - inbound read from peer id 1 of len 33
                // 0000000000000000000000000000000000 01000000000000000000000000000000 - rest of accept_channel and mac
                //
@@ -692,7 +679,7 @@ mod tests {
                // 030112 - inbound read from peer id 1 of len 18
                // 0062 01000000000000000000000000000000 - message header indicating message length 98
                // 030172 - inbound read from peer id 1 of len 114
-               // 0023 3f00000000000000000000000000000000000000000000000000000000000000f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100 01000000000000000000000000000000 - funding_signed message and mac
+               // 0023 3900000000000000000000000000000000000000000000000000000000000000 f0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100 01000000000000000000000000000000 - funding_signed message and mac
                //
                // 0b - broadcast funding transaction
                // - by now client should have sent a funding_locked (CHECK 4: SendFundingLocked to 03020000 for chan 3f000000)
@@ -700,7 +687,7 @@ mod tests {
                // 030112 - inbound read from peer id 1 of len 18
                // 0043 01000000000000000000000000000000 - message header indicating message length 67
                // 030153 - inbound read from peer id 1 of len 83
-               // 0024 3f00000000000000000000000000000000000000000000000000000000000000 030100000000000000000000000000000000000000000000000000000000000000 01000000000000000000000000000000 - funding_locked and mac
+               // 0024 3900000000000000000000000000000000000000000000000000000000000000 030100000000000000000000000000000000000000000000000000000000000000 01000000000000000000000000000000 - funding_locked and mac
                //
                // 030012 - inbound read from peer id 0 of len 18
                // 05ac 03000000000000000000000000000000 - message header indicating message length 1452
@@ -717,7 +704,7 @@ mod tests {
                // 0300c1 - inbound read from peer id 0 of len 193
                // ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff ef00000000000000000000000000000000000000000000000000000000000000 03000000000000000000000000000000 - end of update_add_htlc from 0 to 1 via client and mac
                //
-               // 00fd - A feerate request (returning min feerate, which our open_channel also uses)
+               // 00fd - A feerate request (returning min feerate, which our open_channel also uses) (gonna be ingested by FuzzEstimator)
                //
                // 030012 - inbound read from peer id 0 of len 18
                // 0064 03000000000000000000000000000000 - message header indicating message length 100
@@ -737,28 +724,28 @@ mod tests {
                // 030112 - inbound read from peer id 1 of len 18
                // 0064 01000000000000000000000000000000 - message header indicating message length 100
                // 030174 - inbound read from peer id 1 of len 116
-               // 0084 3f00000000000000000000000000000000000000000000000000000000000000 f7000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100 0000 01000000000000000000000000000000 - commitment_signed and mac
+               // 0084 3900000000000000000000000000000000000000000000000000000000000000 f1000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100 0000 01000000000000000000000000000000 - commitment_signed and mac
                //
                // 030112 - inbound read from peer id 1 of len 18
                // 0063 01000000000000000000000000000000 - message header indicating message length 99
                // 030173 - inbound read from peer id 1 of len 115
-               // 0085 3f00000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000 030200000000000000000000000000000000000000000000000000000000000000 01000000000000000000000000000000 - revoke_and_ack and mac
+               // 0085 3900000000000000000000000000000000000000000000000000000000000000 0000000000000000000000000000000000000000000000000000000000000000 030200000000000000000000000000000000000000000000000000000000000000 01000000000000000000000000000000 - revoke_and_ack and mac
                //
                // 030112 - inbound read from peer id 1 of len 18
                // 004a 01000000000000000000000000000000 - message header indicating message length 74
                // 03015a - inbound read from peer id 1 of len 90
-               // 0082 3f00000000000000000000000000000000000000000000000000000000000000 0000000000000000 ff00888888888888888888888888888888888888888888888888888888888888 01000000000000000000000000000000 - update_fulfill_htlc and mac
+               // 0082 3900000000000000000000000000000000000000000000000000000000000000 0000000000000000 ff00888888888888888888888888888888888888888888888888888888888888 01000000000000000000000000000000 - update_fulfill_htlc and mac
                // - client should immediately claim the pending HTLC from peer 0 (CHECK 8: SendFulfillHTLCs for node 03000000 with preimage ff00888888 for channel 3d000000)
                //
                // 030112 - inbound read from peer id 1 of len 18
                // 0064 01000000000000000000000000000000 - message header indicating message length 100
                // 030174 - inbound read from peer id 1 of len 116
-               // 0084 3f00000000000000000000000000000000000000000000000000000000000000 fb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100 0000 01000000000000000000000000000000 - commitment_signed and mac
+               // 0084 3900000000000000000000000000000000000000000000000000000000000000 fd000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100 0000 01000000000000000000000000000000 - commitment_signed and mac
                //
                // 030112 - inbound read from peer id 1 of len 18
                // 0063 01000000000000000000000000000000 - message header indicating message length 99
                // 030173 - inbound read from peer id 1 of len 115
-               // 0085 3f00000000000000000000000000000000000000000000000000000000000000 0100000000000000000000000000000000000000000000000000000000000000 030300000000000000000000000000000000000000000000000000000000000000 01000000000000000000000000000000 - revoke_and_ack and mac
+               // 0085 3900000000000000000000000000000000000000000000000000000000000000 0100000000000000000000000000000000000000000000000000000000000000 030300000000000000000000000000000000000000000000000000000000000000 01000000000000000000000000000000 - revoke_and_ack and mac
                //
                // - before responding to the commitment_signed generated above, send a new HTLC
                // 030012 - inbound read from peer id 0 of len 18
@@ -776,7 +763,7 @@ mod tests {
                // 0300c1 - inbound read from peer id 0 of len 193
                // ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff ef00000000000000000000000000000000000000000000000000000000000000 03000000000000000000000000000000 - end of update_add_htlc from 0 to 1 via client and mac
                //
-               // 00fd - A feerate request (returning min feerate, which our open_channel also uses)
+               // 00fd - A feerate request (returning min feerate, which our open_channel also uses) (gonna be ingested by FuzzEstimator)
                //
                // - now respond to the update_fulfill_htlc+commitment_signed messages the client sent to peer 0
                // 030012 - inbound read from peer id 0 of len 18
@@ -802,27 +789,27 @@ mod tests {
                // 030112 - inbound read from peer id 1 of len 18
                // 0064 01000000000000000000000000000000 - message header indicating message length 100
                // 030174 - inbound read from peer id 1 of len 116
-               // 0084 3f00000000000000000000000000000000000000000000000000000000000000 fa000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100 0000 01000000000000000000000000000000 - commitment_signed and mac
+               // 0084 3900000000000000000000000000000000000000000000000000000000000000 fc000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100 0000 01000000000000000000000000000000 - commitment_signed and mac
                //
                // 030112 - inbound read from peer id 1 of len 18
                // 0063 01000000000000000000000000000000 - message header indicating message length 99
                // 030173 - inbound read from peer id 1 of len 115
-               // 0085 3f00000000000000000000000000000000000000000000000000000000000000 0200000000000000000000000000000000000000000000000000000000000000 030400000000000000000000000000000000000000000000000000000000000000 01000000000000000000000000000000 - revoke_and_ack and mac
+               // 0085 3900000000000000000000000000000000000000000000000000000000000000 0200000000000000000000000000000000000000000000000000000000000000 030400000000000000000000000000000000000000000000000000000000000000 01000000000000000000000000000000 - revoke_and_ack and mac
                //
                // 030112 - inbound read from peer id 1 of len 18
                // 002c 01000000000000000000000000000000 - message header indicating message length 44
                // 03013c - inbound read from peer id 1 of len 60
-               // 0083 3f00000000000000000000000000000000000000000000000000000000000000 0000000000000001 0000 01000000000000000000000000000000 - update_fail_htlc and mac
+               // 0083 3900000000000000000000000000000000000000000000000000000000000000 0000000000000001 0000 01000000000000000000000000000000 - update_fail_htlc and mac
                //
                // 030112 - inbound read from peer id 1 of len 18
                // 0064 01000000000000000000000000000000 - message header indicating message length 100
                // 030174 - inbound read from peer id 1 of len 116
-               // 0084 3f00000000000000000000000000000000000000000000000000000000000000 fd000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100 0000 01000000000000000000000000000000 - commitment_signed and mac
+               // 0084 3900000000000000000000000000000000000000000000000000000000000000 fb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100 0000 01000000000000000000000000000000 - commitment_signed and mac
                //
                // 030112 - inbound read from peer id 1 of len 18
                // 0063 01000000000000000000000000000000 - message header indicating message length 99
                // 030173 - inbound read from peer id 1 of len 115
-               // 0085 3f00000000000000000000000000000000000000000000000000000000000000 0300000000000000000000000000000000000000000000000000000000000000 030500000000000000000000000000000000000000000000000000000000000000 01000000000000000000000000000000 - revoke_and_ack and mac
+               // 0085 3900000000000000000000000000000000000000000000000000000000000000 0300000000000000000000000000000000000000000000000000000000000000 030500000000000000000000000000000000000000000000000000000000000000 01000000000000000000000000000000 - revoke_and_ack and mac
                //
                // 07 - process the now-pending HTLC forward
                // - client now sends id 0 update_fail_htlc and commitment_signed (CHECK 9)
@@ -854,7 +841,7 @@ mod tests {
                // 0300c1 - inbound read from peer id 0 of len 193
                // ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff ef00000000000000000000000000000000000000000000000000000000000000 03000000000000000000000000000000 - end of update_add_htlc from 0 to 1 via client and mac
                //
-               // 00fd - A feerate request (returning min feerate, which our open_channel also uses)
+               // 00fd - A feerate request (returning min feerate, which our open_channel also uses) (gonna be ingested by FuzzEstimator)
                //
                // 030012 - inbound read from peer id 0 of len 18
                // 00a4 03000000000000000000000000000000 - message header indicating message length 164
@@ -871,27 +858,33 @@ mod tests {
                // - client now sends id 1 update_add_htlc and commitment_signed (CHECK 7 duplicate)
                //
                // 0c007d - connect a block with one transaction of len 125
-               // 02000000013f00000000000000000000000000000000000000000000000000000000000000000000000000000080020001000000000000220020e2000000000000000000000000000000000000000000000000000000000000006cc10000000000001600142e0000000000000000000000000000000000000005000020 - the funding transaction
-               // 00fd - A feerate request (returning min feerate, which our open_channel also uses)
+               // 0200000001390000000000000000000000000000000000000000000000000000000000000000000000000000008002000100000000000022002090000000000000000000000000000000000000000000000000000000000000006cc10000000000001600145c0000000000000000000000000000000000000005000020 - the commitment transaction for channel 3f00000000000000000000000000000000000000000000000000000000000000
+               // 00fd - A feerate request (returning min feerate, which our open_channel also uses) (gonna be ingested by FuzzEstimator)
+               // 00fd - A feerate request (returning min feerate, which our open_channel also uses) (gonna be ingested by FuzzEstimator)
                // 0c005e - connect a block with one transaction of len 94
-               // 0200000001fb00000000000000000000000000000000000000000000000000000000000000000000000000000000014f00000000000000220020f60000000000000000000000000000000000000000000000000000000000000000000000 - the funding transaction
+               // 0200000001fd00000000000000000000000000000000000000000000000000000000000000000000000000000000014f00000000000000220020f60000000000000000000000000000000000000000000000000000000000000000000000 - the funding transaction
+               // 0c0000 - connect a block with no transactions
+               // 0c0000 - connect a block with no transactions
+               // 0c0000 - connect a block with no transactions
+               // 0c0000 - connect a block with no transactions
+               // 0c0000 - connect a block with no transactions
                //
                // 07 - process the now-pending HTLC forward
                // - client now fails the HTLC backwards as it was unable to extract the payment preimage (CHECK 9 duplicate and CHECK 10)
 
                let logger = Arc::new(TrackingLogger { lines: Mutex::new(HashMap::new()) });
-               super::do_test(&::hex::decode("00000000000000000000000000000000000000000000000000000000000000000000000001000300000000000000000000000000000000000000000000000000000000000000000300320003000000000000000000000000000000000000000000000000000000000000000003000000000000000000000000000000030012000603000000000000000000000000000000030016001000000000030000000000000000000000000000000300120141030000000000000000000000000000000300fe00207500000000000000000000000000000000000000000000000000000000000000ff4f00f805273c1b203bb5ebf8436bfde57b3be8c2f5e95d9491dbb181909679000000000000c35000000000000000000000000000000222ffffffffffffffff00000000000002220000000000000000000000fd000601e3030000000000000000000000000000000000000000000000000000000000000001030000000000000000000000000000000000000000000000000000000000000002030000000000000000000000000000000000000000000000000000000000000003030000000000000000000000000000000000000000000000000000000000000004030053030000000000000000000000000000000000000000000000000000000000000005030000000000000000000000000000000000000000000000000000000000000000010300000000000000000000000000000000fd00fd00fd0300120084030000000000000000000000000000000300940022ff4f00f805273c1b203bb5ebf8436bfde57b3be8c2f5e95d9491dbb1819096793d0000000000000000000000000000000000000000000000000000000000000000005c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001030000000000000000000000000000000c005e020000000100000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0150c3000000000000220020ae00000000000000000000000000000000000000000000000000000000000000000000000c00000c00000c00000c00000c00000c00000c00000c00000c00000c00000c00000c000003001200430300000000000000000000000000000003005300243d000000000000000000000000000000000000000000000000000000000000000301000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000001030132000300000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000003014200030200000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000300000000000000000000000000000003011200060100000000000000000000000000000003011600100000000001000000000000000000000000000000050103020000000000000000000000000000000000000000000000000000000000000000c3500003e800fd00fd00fd0301120110010000000000000000000000000000000301ff00210200000000000000020000000000000002000000000000000200000000000000000000000000001a00000000004c4b4000000000000003e800000000000003e80000000203f00005030000000000000000000000000000000000000000000000000000000000000100030000000000000000000000000000000000000000000000000000000000000200030000000000000000000000000000000000000000000000000000000000000300030000000000000000000000000000000000000000000000000000000000000400030000000000000000000000000000000000000000000000000000000000000500030000000000000000000000000000000301210000000000000000000000000000000000010000000000000000000000000000000a03011200620100000000000000000000000000000003017200233f00000000000000000000000000000000000000000000000000000000000000f6000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100010000000000000000000000000000000b03011200430100000000000000000000000000000003015300243f000000000000000000000000000000000000000000000000000000000000000301000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000003001205ac030000000000000000000000000000000300ff00803d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003e80ff0000000000000000000000000000000000000000000000000000000000000000000121000300000000000000000000000000000000000000000000000000000000000005550000000e000001000000000000000003e8000000010000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0300ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0300ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0300ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0300ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0300c1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffef000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000fd03001200640300000000000000000000000000000003007400843d000000000000000000000000000000000000000000000000000000000000004d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000300000000000000000000000000000003001200630300000000000000000000000000000003007300853d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030200000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000703011200640100000000000000000000000000000003017400843f00000000000000000000000000000000000000000000000000000000000000f700000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000100000000000000000000000000000003011200630100000000000000000000000000000003017300853f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003020000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000030112004a0100000000000000000000000000000003015a00823f000000000000000000000000000000000000000000000000000000000000000000000000000000ff008888888888888888888888888888888888888888888888888888888888880100000000000000000000000000000003011200640100000000000000000000000000000003017400843f00000000000000000000000000000000000000000000000000000000000000fb00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000100000000000000000000000000000003011200630100000000000000000000000000000003017300853f0000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000303000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000003001205ac030000000000000000000000000000000300ff00803d0000000000000000000000000000000000000000000000000000000000000000000000000000010000000000003e80ff0000000000000000000000000000000000000000000000000000000000000000000121000300000000000000000000000000000000000000000000000000000000000005550000000e000001000000000000000003e8000000010000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0300ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0300ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0300ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0300ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0300c1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffef000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000fd03001200630300000000000000000000000000000003007300853d0000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000303000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000003001200640300000000000000000000000000000003007400843d00000000000000000000000000000000000000000000000000000000000000be00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000300000000000000000000000000000003001200630300000000000000000000000000000003007300853d000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000030400000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000703011200640100000000000000000000000000000003017400843f00000000000000000000000000000000000000000000000000000000000000fa00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000100000000000000000000000000000003011200630100000000000000000000000000000003017300853f00000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000003040000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000030112002c0100000000000000000000000000000003013c00833f00000000000000000000000000000000000000000000000000000000000000000000000000000100000100000000000000000000000000000003011200640100000000000000000000000000000003017400843f00000000000000000000000000000000000000000000000000000000000000fd00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000100000000000000000000000000000003011200630100000000000000000000000000000003017300853f000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000030500000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000703001200630300000000000000000000000000000003007300853d0000000000000000000000000000000000000000000000000000000000000003000000000000000000000000000000000000000000000000000000000000000305000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000003001200640300000000000000000000000000000003007400843d000000000000000000000000000000000000000000000000000000000000004f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000300000000000000000000000000000003001205ac030000000000000000000000000000000300ff00803d00000000000000000000000000000000000000000000000000000000000000000000000000000200000000000b0838ff0000000000000000000000000000000000000000000000000000000000000000000121000300000000000000000000000000000000000000000000000000000000000005550000000e0000010000000000000003e800000000010000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0300ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0300ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0300ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0300ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0300c1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffef000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000fd03001200a4030000000000000000000000000000000300b400843d00000000000000000000000000000000000000000000000000000000000000070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001c8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007f000000000000000300000000000000000000000000000003001200630300000000000000000000000000000003007300853d00000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000003060000000000000000000000000000000000000000000000000000000000000003000000000000000000000000000000070c007d02000000013f00000000000000000000000000000000000000000000000000000000000000000000000000000080020001000000000000220020e2000000000000000000000000000000000000000000000000000000000000006cc10000000000001600142e000000000000000000000000000000000000000500002000fd0c005e0200000001fb00000000000000000000000000000000000000000000000000000000000000000000000000000000014f00000000000000220020f6000000000000000000000000000000000000000000000000000000000000000000000007").unwrap(), &(Arc::clone(&logger) as Arc<Logger>));
+               super::do_test(&::hex::decode("00000000000000000000000000000000000000000000000000000000000000000000000001000300000000000000000000000000000000000000000000000000000000000000000300320003000000000000000000000000000000000000000000000000000000000000000003000000000000000000000000000000030012000603000000000000000000000000000000030016001000000000030000000000000000000000000000000300120141030000000000000000000000000000000300fe00207500000000000000000000000000000000000000000000000000000000000000ff4f00f805273c1b203bb5ebf8436bfde57b3be8c2f5e95d9491dbb181909679000000000000c35000000000000000000000000000000222ffffffffffffffff00000000000002220000000000000000000000fd000601e3030000000000000000000000000000000000000000000000000000000000000001030000000000000000000000000000000000000000000000000000000000000002030000000000000000000000000000000000000000000000000000000000000003030000000000000000000000000000000000000000000000000000000000000004030053030000000000000000000000000000000000000000000000000000000000000005030000000000000000000000000000000000000000000000000000000000000000010300000000000000000000000000000000fd00fd00fd0300120084030000000000000000000000000000000300940022ff4f00f805273c1b203bb5ebf8436bfde57b3be8c2f5e95d9491dbb1819096793d0000000000000000000000000000000000000000000000000000000000000000005c000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001030000000000000000000000000000000c005e020000000100000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0150c3000000000000220020ae00000000000000000000000000000000000000000000000000000000000000000000000c00000c00000c00000c00000c00000c00000c00000c00000c00000c00000c00000c000003001200430300000000000000000000000000000003005300243d000000000000000000000000000000000000000000000000000000000000000301000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000001030132000300000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000003014200030200000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000300000000000000000000000000000003011200060100000000000000000000000000000003011600100000000001000000000000000000000000000000050103020000000000000000000000000000000000000000000000000000000000000000c3500003e800fd00fd00fd0301120110010000000000000000000000000000000301ff00210000000000000000000000000000000000000000000000000000000000000e02000000000000001a00000000004c4b4000000000000003e800000000000003e80000000203f00005030000000000000000000000000000000000000000000000000000000000000100030000000000000000000000000000000000000000000000000000000000000200030000000000000000000000000000000000000000000000000000000000000300030000000000000000000000000000000000000000000000000000000000000400030000000000000000000000000000000000000000000000000000000000000500030000000000000000000000000000000301210000000000000000000000000000000000010000000000000000000000000000000a03011200620100000000000000000000000000000003017200233900000000000000000000000000000000000000000000000000000000000000f0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100010000000000000000000000000000000b030112004301000000000000000000000000000000030153002439000000000000000000000000000000000000000000000000000000000000000301000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000003001205ac030000000000000000000000000000000300ff00803d0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003e80ff0000000000000000000000000000000000000000000000000000000000000000000121000300000000000000000000000000000000000000000000000000000000000005550000000e000001000000000000000003e8000000010000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0300ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0300ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0300ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0300ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0300c1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffef000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000fd03001200640300000000000000000000000000000003007400843d000000000000000000000000000000000000000000000000000000000000004d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000300000000000000000000000000000003001200630300000000000000000000000000000003007300853d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000030200000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000703011200640100000000000000000000000000000003017400843900000000000000000000000000000000000000000000000000000000000000f100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000100000000000000000000000000000003011200630100000000000000000000000000000003017300853900000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000003020000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000030112004a0100000000000000000000000000000003015a008239000000000000000000000000000000000000000000000000000000000000000000000000000000ff008888888888888888888888888888888888888888888888888888888888880100000000000000000000000000000003011200640100000000000000000000000000000003017400843900000000000000000000000000000000000000000000000000000000000000fd0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000010000000000000000000000000000000301120063010000000000000000000000000000000301730085390000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000303000000000000000000000000000000000000000000000000000000000000000100000000000000000000000000000003001205ac030000000000000000000000000000000300ff00803d0000000000000000000000000000000000000000000000000000000000000000000000000000010000000000003e80ff0000000000000000000000000000000000000000000000000000000000000000000121000300000000000000000000000000000000000000000000000000000000000005550000000e000001000000000000000003e8000000010000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0300ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0300ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0300ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0300ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0300c1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffef000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000fd03001200630300000000000000000000000000000003007300853d0000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000303000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000003001200640300000000000000000000000000000003007400843d00000000000000000000000000000000000000000000000000000000000000be00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000300000000000000000000000000000003001200630300000000000000000000000000000003007300853d000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000030400000000000000000000000000000000000000000000000000000000000000030000000000000000000000000000000703011200640100000000000000000000000000000003017400843900000000000000000000000000000000000000000000000000000000000000fc00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000100000000000000000000000000000003011200630100000000000000000000000000000003017300853900000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000003040000000000000000000000000000000000000000000000000000000000000001000000000000000000000000000000030112002c0100000000000000000000000000000003013c00833900000000000000000000000000000000000000000000000000000000000000000000000000000100000100000000000000000000000000000003011200640100000000000000000000000000000003017400843900000000000000000000000000000000000000000000000000000000000000fb000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000001000000000000000000000000000000030112006301000000000000000000000000000000030173008539000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000030500000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000703001200630300000000000000000000000000000003007300853d0000000000000000000000000000000000000000000000000000000000000003000000000000000000000000000000000000000000000000000000000000000305000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000003001200640300000000000000000000000000000003007400843d000000000000000000000000000000000000000000000000000000000000004f00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000300000000000000000000000000000003001205ac030000000000000000000000000000000300ff00803d00000000000000000000000000000000000000000000000000000000000000000000000000000200000000000b0838ff0000000000000000000000000000000000000000000000000000000000000000000121000300000000000000000000000000000000000000000000000000000000000005550000000e0000010000000000000003e800000000010000000000000000000000000a00000000000000000000000000000000000000000000000000000000000000ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0300ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0300ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0300ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0300ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff0300c1ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffef000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000fd03001200a4030000000000000000000000000000000300b400843d00000000000000000000000000000000000000000000000000000000000000070000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010001c8000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007f000000000000000300000000000000000000000000000003001200630300000000000000000000000000000003007300853d00000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000003060000000000000000000000000000000000000000000000000000000000000003000000000000000000000000000000070c007d0200000001390000000000000000000000000000000000000000000000000000000000000000000000000000008002000100000000000022002090000000000000000000000000000000000000000000000000000000000000006cc10000000000001600145c000000000000000000000000000000000000000500002000fd00fd0c005e0200000001fd00000000000000000000000000000000000000000000000000000000000000000000000000000000014f00000000000000220020f600000000000000000000000000000000000000000000000000000000000000000000000c00000c00000c00000c00000c000007").unwrap(), &(Arc::clone(&logger) as Arc<Logger>));
 
                let log_entries = logger.lines.lock().unwrap();
                assert_eq!(log_entries.get(&("lightning::ln::peer_handler".to_string(), "Handling SendAcceptChannel event in peer_handler for node 030000000000000000000000000000000000000000000000000000000000000000 for channel ff4f00f805273c1b203bb5ebf8436bfde57b3be8c2f5e95d9491dbb181909679".to_string())), Some(&1)); // 1
                assert_eq!(log_entries.get(&("lightning::ln::peer_handler".to_string(), "Handling SendFundingSigned event in peer_handler for node 030000000000000000000000000000000000000000000000000000000000000000 for channel 3d00000000000000000000000000000000000000000000000000000000000000".to_string())), Some(&1)); // 2
                assert_eq!(log_entries.get(&("lightning::ln::peer_handler".to_string(), "Handling SendFundingLocked event in peer_handler for node 030000000000000000000000000000000000000000000000000000000000000000 for channel 3d00000000000000000000000000000000000000000000000000000000000000".to_string())), Some(&1)); // 3
-               assert_eq!(log_entries.get(&("lightning::ln::peer_handler".to_string(), "Handling SendFundingLocked event in peer_handler for node 030200000000000000000000000000000000000000000000000000000000000000 for channel 3f00000000000000000000000000000000000000000000000000000000000000".to_string())), Some(&1)); // 4
+               assert_eq!(log_entries.get(&("lightning::ln::peer_handler".to_string(), "Handling SendFundingLocked event in peer_handler for node 030200000000000000000000000000000000000000000000000000000000000000 for channel 3900000000000000000000000000000000000000000000000000000000000000".to_string())), Some(&1)); // 4
                assert_eq!(log_entries.get(&("lightning::ln::peer_handler".to_string(), "Handling SendRevokeAndACK event in peer_handler for node 030000000000000000000000000000000000000000000000000000000000000000 for channel 3d00000000000000000000000000000000000000000000000000000000000000".to_string())), Some(&4)); // 5
                assert_eq!(log_entries.get(&("lightning::ln::peer_handler".to_string(), "Handling UpdateHTLCs event in peer_handler for node 030000000000000000000000000000000000000000000000000000000000000000 with 0 adds, 0 fulfills, 0 fails for channel 3d00000000000000000000000000000000000000000000000000000000000000".to_string())), Some(&3)); // 6
-               assert_eq!(log_entries.get(&("lightning::ln::peer_handler".to_string(), "Handling UpdateHTLCs event in peer_handler for node 030200000000000000000000000000000000000000000000000000000000000000 with 1 adds, 0 fulfills, 0 fails for channel 3f00000000000000000000000000000000000000000000000000000000000000".to_string())), Some(&3)); // 7
+               assert_eq!(log_entries.get(&("lightning::ln::peer_handler".to_string(), "Handling UpdateHTLCs event in peer_handler for node 030200000000000000000000000000000000000000000000000000000000000000 with 1 adds, 0 fulfills, 0 fails for channel 3900000000000000000000000000000000000000000000000000000000000000".to_string())), Some(&3)); // 7
                assert_eq!(log_entries.get(&("lightning::ln::peer_handler".to_string(), "Handling UpdateHTLCs event in peer_handler for node 030000000000000000000000000000000000000000000000000000000000000000 with 0 adds, 1 fulfills, 0 fails for channel 3d00000000000000000000000000000000000000000000000000000000000000".to_string())), Some(&1)); // 8
                assert_eq!(log_entries.get(&("lightning::ln::peer_handler".to_string(), "Handling UpdateHTLCs event in peer_handler for node 030000000000000000000000000000000000000000000000000000000000000000 with 0 adds, 0 fulfills, 1 fails for channel 3d00000000000000000000000000000000000000000000000000000000000000".to_string())), Some(&2)); // 9
-               assert_eq!(log_entries.get(&("lightning::ln::channelmonitor".to_string(), "Input spending remote commitment tx (00000000000000000000000000000000000000000000000000000000000000fb:0) in 0000000000000000000000000000000000000000000000000000000000000042 resolves outbound HTLC with payment hash ff00000000000000000000000000000000000000000000000000000000000000 with timeout".to_string())), Some(&1)); // 10
+               assert_eq!(log_entries.get(&("lightning::ln::channelmonitor".to_string(), "Input spending remote commitment tx (00000000000000000000000000000000000000000000000000000000000000fd:0) in 0000000000000000000000000000000000000000000000000000000000000044 resolves outbound HTLC with payment hash ff00000000000000000000000000000000000000000000000000000000000000 with timeout".to_string())), Some(&1)); // 10
        }
 }
diff --git a/fuzz/fuzz_targets/msg_targets/msg_accept_channel_target.rs b/fuzz/fuzz_targets/msg_targets/msg_accept_channel_target.rs
index bd058b1ed867ad20872d5e355bd32f6078026ef9..0f18d023293f6a5e313f93872181a8aea08f2da4 100644 (file)
--- a/fuzz/fuzz_targets/msg_targets/msg_accept_channel_target.rs
+++ b/fuzz/fuzz_targets/msg_targets/msg_accept_channel_target.rs
@@ -4,14 +4,12 @@
 extern crate lightning;
 
 use lightning::ln::msgs;
-use lightning::util::reset_rng_state;
 
 mod utils;
 use utils::VecWriter;
 
 #[inline]
 pub fn do_test(data: &[u8]) {
-       reset_rng_state();
        test_msg!(msgs::AcceptChannel, data);
 }
 
diff --git a/fuzz/fuzz_targets/msg_targets/msg_announcement_signatures_target.rs b/fuzz/fuzz_targets/msg_targets/msg_announcement_signatures_target.rs
index 233a4a77a5a828e3f96d62752c7d0e555eb44c08..226028ea034dee3a46acabd2c42020a930ec8674 100644 (file)
--- a/fuzz/fuzz_targets/msg_targets/msg_announcement_signatures_target.rs
+++ b/fuzz/fuzz_targets/msg_targets/msg_announcement_signatures_target.rs
@@ -4,14 +4,12 @@
 extern crate lightning;
 
 use lightning::ln::msgs;
-use lightning::util::reset_rng_state;
 
 mod utils;
 use utils::VecWriter;
 
 #[inline]
 pub fn do_test(data: &[u8]) {
-       reset_rng_state();
        test_msg!(msgs::AnnouncementSignatures, data);
 }
 
diff --git a/fuzz/fuzz_targets/msg_targets/msg_channel_announcement_target.rs b/fuzz/fuzz_targets/msg_targets/msg_channel_announcement_target.rs
index fbaca76dba0feb7c002e1e9a06d03e60752c27b2..0bdc10e85880d73e0c915cf69fd509d53fbb3cb5 100644 (file)
--- a/fuzz/fuzz_targets/msg_targets/msg_channel_announcement_target.rs
+++ b/fuzz/fuzz_targets/msg_targets/msg_channel_announcement_target.rs
@@ -4,14 +4,12 @@
 extern crate lightning;
 
 use lightning::ln::msgs;
-use lightning::util::reset_rng_state;
 
 mod utils;
 use utils::VecWriter;
 
 #[inline]
 pub fn do_test(data: &[u8]) {
-       reset_rng_state();
        test_msg_exact!(msgs::ChannelAnnouncement, data);
 }
 
diff --git a/fuzz/fuzz_targets/msg_targets/msg_channel_reestablish_target.rs b/fuzz/fuzz_targets/msg_targets/msg_channel_reestablish_target.rs
index debd89466cdb5d5d05a6c676b39e2f391e34b0bd..4af593759e6c4611cede4a5830e23ea9c85dd1c4 100644 (file)
--- a/fuzz/fuzz_targets/msg_targets/msg_channel_reestablish_target.rs
+++ b/fuzz/fuzz_targets/msg_targets/msg_channel_reestablish_target.rs
@@ -4,14 +4,12 @@
 extern crate lightning;
 
 use lightning::ln::msgs;
-use lightning::util::reset_rng_state;
 
 mod utils;
 use utils::VecWriter;
 
 #[inline]
 pub fn do_test(data: &[u8]) {
-       reset_rng_state();
        test_msg!(msgs::ChannelReestablish, data);
 }
 
diff --git a/fuzz/fuzz_targets/msg_targets/msg_channel_update_target.rs b/fuzz/fuzz_targets/msg_targets/msg_channel_update_target.rs
index 4f38e2f4861311a19fa915d3241d5ccb86862a9c..724dca412d5c0435a85839346022b6e2e4b81e0f 100644 (file)
--- a/fuzz/fuzz_targets/msg_targets/msg_channel_update_target.rs
+++ b/fuzz/fuzz_targets/msg_targets/msg_channel_update_target.rs
@@ -4,14 +4,12 @@
 extern crate lightning;
 
 use lightning::ln::msgs;
-use lightning::util::reset_rng_state;
 
 mod utils;
 use utils::VecWriter;
 
 #[inline]
 pub fn do_test(data: &[u8]) {
-       reset_rng_state();
        test_msg_exact!(msgs::ChannelUpdate, data);
 }
 
diff --git a/fuzz/fuzz_targets/msg_targets/msg_closing_signed_target.rs b/fuzz/fuzz_targets/msg_targets/msg_closing_signed_target.rs
index 7d63131e7e39dfc402773fc7885210ce2c463335..faeeae3eb9870bb0165cb8795c83407e462101d1 100644 (file)
--- a/fuzz/fuzz_targets/msg_targets/msg_closing_signed_target.rs
+++ b/fuzz/fuzz_targets/msg_targets/msg_closing_signed_target.rs
@@ -4,14 +4,12 @@
 extern crate lightning;
 
 use lightning::ln::msgs;
-use lightning::util::reset_rng_state;
 
 mod utils;
 use utils::VecWriter;
 
 #[inline]
 pub fn do_test(data: &[u8]) {
-       reset_rng_state();
        test_msg!(msgs::ClosingSigned, data);
 }
 
diff --git a/fuzz/fuzz_targets/msg_targets/msg_commitment_signed_target.rs b/fuzz/fuzz_targets/msg_targets/msg_commitment_signed_target.rs
index 93e72bd75ce7d49b536f7be83bd60f4561e44406..97c4b3088765de6985461cdce03745142a264c58 100644 (file)
--- a/fuzz/fuzz_targets/msg_targets/msg_commitment_signed_target.rs
+++ b/fuzz/fuzz_targets/msg_targets/msg_commitment_signed_target.rs
@@ -4,14 +4,12 @@
 extern crate lightning;
 
 use lightning::ln::msgs;
-use lightning::util::reset_rng_state;
 
 mod utils;
 use utils::VecWriter;
 
 #[inline]
 pub fn do_test(data: &[u8]) {
-       reset_rng_state();
        test_msg!(msgs::CommitmentSigned, data);
 }
 
diff --git a/fuzz/fuzz_targets/msg_targets/msg_decoded_onion_error_packet_target.rs b/fuzz/fuzz_targets/msg_targets/msg_decoded_onion_error_packet_target.rs
index 4b97b17efd59bb606531619b69a7cd2b12986062..9b190b086bde0289144de026d0b7a0983ad373c9 100644 (file)
--- a/fuzz/fuzz_targets/msg_targets/msg_decoded_onion_error_packet_target.rs
+++ b/fuzz/fuzz_targets/msg_targets/msg_decoded_onion_error_packet_target.rs
@@ -4,14 +4,12 @@
 extern crate lightning;
 
 use lightning::ln::msgs;
-use lightning::util::reset_rng_state;
 
 mod utils;
 use utils::VecWriter;
 
 #[inline]
 pub fn do_test(data: &[u8]) {
-       reset_rng_state();
        test_msg!(msgs::DecodedOnionErrorPacket, data);
 }
 
diff --git a/fuzz/fuzz_targets/msg_targets/msg_error_message_target.rs b/fuzz/fuzz_targets/msg_targets/msg_error_message_target.rs
index 5ccbd26468017a644c3388e6712ff60c7eef5e7f..d749dc91fa9c3029e2d4f0c773312a9809b6d4ce 100644 (file)
--- a/fuzz/fuzz_targets/msg_targets/msg_error_message_target.rs
+++ b/fuzz/fuzz_targets/msg_targets/msg_error_message_target.rs
@@ -4,14 +4,12 @@
 extern crate lightning;
 
 use lightning::ln::msgs;
-use lightning::util::reset_rng_state;
 
 mod utils;
 use utils::VecWriter;
 
 #[inline]
 pub fn do_test(data: &[u8]) {
-       reset_rng_state();
        test_msg_hole!(msgs::ErrorMessage, data, 32, 2);
 }
 
diff --git a/fuzz/fuzz_targets/msg_targets/msg_funding_created_target.rs b/fuzz/fuzz_targets/msg_targets/msg_funding_created_target.rs
index 57713196ced38bf5f6cf0f5644435798a73d833d..45b257bb0239c0ff60d7019681ce0a5669621cc9 100644 (file)
--- a/fuzz/fuzz_targets/msg_targets/msg_funding_created_target.rs
+++ b/fuzz/fuzz_targets/msg_targets/msg_funding_created_target.rs
@@ -4,14 +4,12 @@
 extern crate lightning;
 
 use lightning::ln::msgs;
-use lightning::util::reset_rng_state;
 
 mod utils;
 use utils::VecWriter;
 
 #[inline]
 pub fn do_test(data: &[u8]) {
-       reset_rng_state();
        test_msg!(msgs::FundingCreated, data);
 }
 
diff --git a/fuzz/fuzz_targets/msg_targets/msg_funding_locked_target.rs b/fuzz/fuzz_targets/msg_targets/msg_funding_locked_target.rs
index b1ad5b3a089c73e911b31cc8bcd9e5fb8dec225d..cd1e897419cd182dbfbc68655f795c0e79d9d727 100644 (file)
--- a/fuzz/fuzz_targets/msg_targets/msg_funding_locked_target.rs
+++ b/fuzz/fuzz_targets/msg_targets/msg_funding_locked_target.rs
@@ -4,14 +4,12 @@
 extern crate lightning;
 
 use lightning::ln::msgs;
-use lightning::util::reset_rng_state;
 
 mod utils;
 use utils::VecWriter;
 
 #[inline]
 pub fn do_test(data: &[u8]) {
-       reset_rng_state();
        test_msg!(msgs::FundingLocked, data);
 }
 
diff --git a/fuzz/fuzz_targets/msg_targets/msg_funding_signed_target.rs b/fuzz/fuzz_targets/msg_targets/msg_funding_signed_target.rs
index a3b33dc643565f46b8996bf4038da754fe88fde7..5992d69024872786dae4e1556a00bf9ddc342218 100644 (file)
--- a/fuzz/fuzz_targets/msg_targets/msg_funding_signed_target.rs
+++ b/fuzz/fuzz_targets/msg_targets/msg_funding_signed_target.rs
@@ -4,14 +4,12 @@
 extern crate lightning;
 
 use lightning::ln::msgs;
-use lightning::util::reset_rng_state;
 
 mod utils;
 use utils::VecWriter;
 
 #[inline]
 pub fn do_test(data: &[u8]) {
-       reset_rng_state();
        test_msg!(msgs::FundingSigned, data);
 }
 
diff --git a/fuzz/fuzz_targets/msg_targets/msg_init_target.rs b/fuzz/fuzz_targets/msg_targets/msg_init_target.rs
index f7eb0671fb43b28788643fc72457627d2de0a9fb..cdca84821c97c2db081238a154385735655ea352 100644 (file)
--- a/fuzz/fuzz_targets/msg_targets/msg_init_target.rs
+++ b/fuzz/fuzz_targets/msg_targets/msg_init_target.rs
@@ -4,14 +4,12 @@
 extern crate lightning;
 
 use lightning::ln::msgs;
-use lightning::util::reset_rng_state;
 
 mod utils;
 use utils::VecWriter;
 
 #[inline]
 pub fn do_test(data: &[u8]) {
-       reset_rng_state();
        test_msg!(msgs::Init, data);
 }
 
diff --git a/fuzz/fuzz_targets/msg_targets/msg_node_announcement_target.rs b/fuzz/fuzz_targets/msg_targets/msg_node_announcement_target.rs
index a847d0dad67a6a13b7667fe03fbda203b16f86a8..f0a7a4c0dc2ae6c8a7732b329963389093035667 100644 (file)
--- a/fuzz/fuzz_targets/msg_targets/msg_node_announcement_target.rs
+++ b/fuzz/fuzz_targets/msg_targets/msg_node_announcement_target.rs
@@ -4,14 +4,12 @@
 extern crate lightning;
 
 use lightning::ln::msgs;
-use lightning::util::reset_rng_state;
 
 mod utils;
 use utils::VecWriter;
 
 #[inline]
 pub fn do_test(data: &[u8]) {
-       reset_rng_state();
        test_msg_exact!(msgs::NodeAnnouncement, data);
 }
 
diff --git a/fuzz/fuzz_targets/msg_targets/msg_onion_hop_data_target.rs b/fuzz/fuzz_targets/msg_targets/msg_onion_hop_data_target.rs
index 5588429185fa599f4376f8ea30fe19d5ee43beda..058c050c5be4b0e2aa6e45df2eb2ea259f27c116 100644 (file)
--- a/fuzz/fuzz_targets/msg_targets/msg_onion_hop_data_target.rs
+++ b/fuzz/fuzz_targets/msg_targets/msg_onion_hop_data_target.rs
@@ -4,14 +4,12 @@
 extern crate lightning;
 
 use lightning::ln::msgs;
-use lightning::util::reset_rng_state;
 
 mod utils;
 use utils::VecWriter;
 
 #[inline]
 pub fn do_test(data: &[u8]) {
-       reset_rng_state();
        test_msg_hole!(msgs::OnionHopData, data, 1+8+8+4, 12);
 }
 
diff --git a/fuzz/fuzz_targets/msg_targets/msg_open_channel_target.rs b/fuzz/fuzz_targets/msg_targets/msg_open_channel_target.rs
index 36f6519a4dd05e4128d5b62d16a0e126771e8b92..aa13e96dd4f91c487d36d22af632186c33f9f40b 100644 (file)
--- a/fuzz/fuzz_targets/msg_targets/msg_open_channel_target.rs
+++ b/fuzz/fuzz_targets/msg_targets/msg_open_channel_target.rs
@@ -4,14 +4,12 @@
 extern crate lightning;
 
 use lightning::ln::msgs;
-use lightning::util::reset_rng_state;
 
 mod utils;
 use utils::VecWriter;
 
 #[inline]
 pub fn do_test(data: &[u8]) {
-       reset_rng_state();
        test_msg!(msgs::OpenChannel, data);
 }
 
diff --git a/fuzz/fuzz_targets/msg_targets/msg_ping_target.rs b/fuzz/fuzz_targets/msg_targets/msg_ping_target.rs
index c470e1bbf4626d9235b7e1a15c2b527dcf583821..d2ea913354ec5458def0a91274e0a4a3560cb991 100644 (file)
--- a/fuzz/fuzz_targets/msg_targets/msg_ping_target.rs
+++ b/fuzz/fuzz_targets/msg_targets/msg_ping_target.rs
@@ -4,14 +4,12 @@
 extern crate lightning;
 
 use lightning::ln::msgs;
-use lightning::util::reset_rng_state;
 
 mod utils;
 use utils::VecWriter;
 
 #[inline]
 pub fn do_test(data: &[u8]) {
-       reset_rng_state();
        test_msg_simple!(msgs::Ping, data);
 }
 
diff --git a/fuzz/fuzz_targets/msg_targets/msg_pong_target.rs b/fuzz/fuzz_targets/msg_targets/msg_pong_target.rs
index ef1e4ada8f3568ee55d18483aee7fc2be2fcfd41..18120e2d182500a7020d72c3a5726865d1fba1e6 100644 (file)
--- a/fuzz/fuzz_targets/msg_targets/msg_pong_target.rs
+++ b/fuzz/fuzz_targets/msg_targets/msg_pong_target.rs
@@ -4,14 +4,12 @@
 extern crate lightning;
 
 use lightning::ln::msgs;
-use lightning::util::reset_rng_state;
 
 mod utils;
 use utils::VecWriter;
 
 #[inline]
 pub fn do_test(data: &[u8]) {
-       reset_rng_state();
        test_msg_simple!(msgs::Pong, data);
 }
 
diff --git a/fuzz/fuzz_targets/msg_targets/msg_revoke_and_ack_target.rs b/fuzz/fuzz_targets/msg_targets/msg_revoke_and_ack_target.rs
index 1e38a5d045a60140bb3e61b1c2485f8103afb81b..d82268d93c3ae1fa6627db12f73fe95a8930a5c3 100644 (file)
--- a/fuzz/fuzz_targets/msg_targets/msg_revoke_and_ack_target.rs
+++ b/fuzz/fuzz_targets/msg_targets/msg_revoke_and_ack_target.rs
@@ -4,14 +4,12 @@
 extern crate lightning;
 
 use lightning::ln::msgs;
-use lightning::util::reset_rng_state;
 
 mod utils;
 use utils::VecWriter;
 
 #[inline]
 pub fn do_test(data: &[u8]) {
-       reset_rng_state();
        test_msg!(msgs::RevokeAndACK, data);
 }
 
diff --git a/fuzz/fuzz_targets/msg_targets/msg_shutdown_target.rs b/fuzz/fuzz_targets/msg_targets/msg_shutdown_target.rs
index d64efcc9f176df15e80593d2f681be1cf9b7807a..34d4d2003f6b6e14912df53d3355aa5e36d03160 100644 (file)
--- a/fuzz/fuzz_targets/msg_targets/msg_shutdown_target.rs
+++ b/fuzz/fuzz_targets/msg_targets/msg_shutdown_target.rs
@@ -4,14 +4,12 @@
 extern crate lightning;
 
 use lightning::ln::msgs;
-use lightning::util::reset_rng_state;
 
 mod utils;
 use utils::VecWriter;
 
 #[inline]
 pub fn do_test(data: &[u8]) {
-       reset_rng_state();
        test_msg!(msgs::Shutdown, data);
 }
 
diff --git a/fuzz/fuzz_targets/msg_targets/msg_target_template.txt b/fuzz/fuzz_targets/msg_targets/msg_target_template.txt
index 50e43373899bd17cc558a2c5a16b6942baa9b76d..2704bcdff9cfbbc1852322216a22c87fb836364b 100644 (file)
--- a/fuzz/fuzz_targets/msg_targets/msg_target_template.txt
+++ b/fuzz/fuzz_targets/msg_targets/msg_target_template.txt
@@ -4,14 +4,12 @@
 extern crate lightning;
 
 use lightning::ln::msgs;
-use lightning::util::reset_rng_state;
 
 mod utils;
 use utils::VecWriter;
 
 #[inline]
 pub fn do_test(data: &[u8]) {
-       reset_rng_state();
        TEST_MSG!(msgs::MSG_TARGET, dataEXTRA_ARGS);
 }
 
diff --git a/fuzz/fuzz_targets/msg_targets/msg_update_add_htlc_target.rs b/fuzz/fuzz_targets/msg_targets/msg_update_add_htlc_target.rs
index 45bc9d1b9832d4f92bfb317795afad97366b1fa5..e64a5c29ff98af1f99d55bcbfd113bab8485aecf 100644 (file)
--- a/fuzz/fuzz_targets/msg_targets/msg_update_add_htlc_target.rs
+++ b/fuzz/fuzz_targets/msg_targets/msg_update_add_htlc_target.rs
@@ -4,14 +4,12 @@
 extern crate lightning;
 
 use lightning::ln::msgs;
-use lightning::util::reset_rng_state;
 
 mod utils;
 use utils::VecWriter;
 
 #[inline]
 pub fn do_test(data: &[u8]) {
-       reset_rng_state();
        test_msg_hole!(msgs::UpdateAddHTLC, data, 85, 33);
 }
 
diff --git a/fuzz/fuzz_targets/msg_targets/msg_update_fail_htlc_target.rs b/fuzz/fuzz_targets/msg_targets/msg_update_fail_htlc_target.rs
index 8432a57daadd69fa65bcbc380803c72b1c2c2b6b..fedce568e55138fd92ce7ffda176a21eda970ef5 100644 (file)
--- a/fuzz/fuzz_targets/msg_targets/msg_update_fail_htlc_target.rs
+++ b/fuzz/fuzz_targets/msg_targets/msg_update_fail_htlc_target.rs
@@ -4,14 +4,12 @@
 extern crate lightning;
 
 use lightning::ln::msgs;
-use lightning::util::reset_rng_state;
 
 mod utils;
 use utils::VecWriter;
 
 #[inline]
 pub fn do_test(data: &[u8]) {
-       reset_rng_state();
        test_msg!(msgs::UpdateFailHTLC, data);
 }
 
diff --git a/fuzz/fuzz_targets/msg_targets/msg_update_fail_malformed_htlc_target.rs b/fuzz/fuzz_targets/msg_targets/msg_update_fail_malformed_htlc_target.rs
index ad129e00243d7a6da2049d78b829d858df85f465..377378fcc476f3cfe20bae7e79cfdfb36e085bac 100644 (file)
--- a/fuzz/fuzz_targets/msg_targets/msg_update_fail_malformed_htlc_target.rs
+++ b/fuzz/fuzz_targets/msg_targets/msg_update_fail_malformed_htlc_target.rs
@@ -4,14 +4,12 @@
 extern crate lightning;
 
 use lightning::ln::msgs;
-use lightning::util::reset_rng_state;
 
 mod utils;
 use utils::VecWriter;
 
 #[inline]
 pub fn do_test(data: &[u8]) {
-       reset_rng_state();
        test_msg!(msgs::UpdateFailMalformedHTLC, data);
 }
 
diff --git a/fuzz/fuzz_targets/msg_targets/msg_update_fee_target.rs b/fuzz/fuzz_targets/msg_targets/msg_update_fee_target.rs
index f345711cd8a6f901108140646893d7db0597cfc2..56b9ac4241771e314ad871e0f9e2280ddf0ad584 100644 (file)
--- a/fuzz/fuzz_targets/msg_targets/msg_update_fee_target.rs
+++ b/fuzz/fuzz_targets/msg_targets/msg_update_fee_target.rs
@@ -4,14 +4,12 @@
 extern crate lightning;
 
 use lightning::ln::msgs;
-use lightning::util::reset_rng_state;
 
 mod utils;
 use utils::VecWriter;
 
 #[inline]
 pub fn do_test(data: &[u8]) {
-       reset_rng_state();
        test_msg!(msgs::UpdateFee, data);
 }
 
diff --git a/fuzz/fuzz_targets/msg_targets/msg_update_fulfill_htlc_target.rs b/fuzz/fuzz_targets/msg_targets/msg_update_fulfill_htlc_target.rs
index 380b02a47068d5095a9c3185f78bf2df34d9ea13..f0c936d1e330e5a89d8c0dca5e0395a04e2d7aa2 100644 (file)
--- a/fuzz/fuzz_targets/msg_targets/msg_update_fulfill_htlc_target.rs
+++ b/fuzz/fuzz_targets/msg_targets/msg_update_fulfill_htlc_target.rs
@@ -4,14 +4,12 @@
 extern crate lightning;
 
 use lightning::ln::msgs;
-use lightning::util::reset_rng_state;
 
 mod utils;
 use utils::VecWriter;
 
 #[inline]
 pub fn do_test(data: &[u8]) {
-       reset_rng_state();
        test_msg!(msgs::UpdateFulfillHTLC, data);
 }
 
diff --git a/fuzz/fuzz_targets/peer_crypt_target.rs b/fuzz/fuzz_targets/peer_crypt_target.rs
index ed1e9588144c7ca68787cef1216b88a2fe364433..0b82303f83b34eb81bad6d5f43f43ebde0452c68 100644 (file)
--- a/fuzz/fuzz_targets/peer_crypt_target.rs
+++ b/fuzz/fuzz_targets/peer_crypt_target.rs
@@ -2,7 +2,6 @@ extern crate lightning;
 extern crate secp256k1;
 
 use lightning::ln::peer_channel_encryptor::PeerChannelEncryptor;
-use lightning::util::reset_rng_state;
 
 use secp256k1::key::{PublicKey,SecretKey};
 
@@ -14,8 +13,6 @@ fn slice_to_be16(v: &[u8]) -> u16 {
 
 #[inline]
 pub fn do_test(data: &[u8]) {
-       reset_rng_state();
-
        let mut read_pos = 0;
        macro_rules! get_slice {
                ($len: expr) => {
@@ -34,13 +31,17 @@ pub fn do_test(data: &[u8]) {
                Ok(key) => key,
                Err(_) => return,
        };
+       let ephemeral_key = match SecretKey::from_slice(get_slice!(32)) {
+               Ok(key) => key,
+               Err(_) => return,
+       };
 
        let mut crypter = if get_slice!(1)[0] != 0 {
                let their_pubkey = match PublicKey::from_slice(get_slice!(33)) {
                        Ok(key) => key,
                        Err(_) => return,
                };
-               let mut crypter = PeerChannelEncryptor::new_outbound(their_pubkey);
+               let mut crypter = PeerChannelEncryptor::new_outbound(their_pubkey, ephemeral_key);
                crypter.get_act_one();
                match crypter.process_act_two(get_slice!(50), &our_network_key) {
                        Ok(_) => {},
@@ -50,7 +51,7 @@ pub fn do_test(data: &[u8]) {
                crypter
        } else {
                let mut crypter = PeerChannelEncryptor::new_inbound(&our_network_key);
-               match crypter.process_act_one_with_key(get_slice!(50), &our_network_key) {
+               match crypter.process_act_one_with_keys(get_slice!(50), &our_network_key, ephemeral_key) {
                        Ok(_) => {},
                        Err(_) => return,
                }
diff --git a/fuzz/fuzz_targets/router_target.rs b/fuzz/fuzz_targets/router_target.rs
index 3a40d39855e63b9ce0bf627f0b65c1afe2ad0081..25bf38274abe93b474a1f27b590d5262ca9209e7 100644 (file)
--- a/fuzz/fuzz_targets/router_target.rs
+++ b/fuzz/fuzz_targets/router_target.rs
@@ -1,8 +1,9 @@
 extern crate bitcoin;
+extern crate bitcoin_hashes;
 extern crate lightning;
 extern crate secp256k1;
 
-use bitcoin::util::hash::Sha256dHash;
+use bitcoin_hashes::sha256d::Hash as Sha256dHash;
 use bitcoin::blockdata::script::{Script, Builder};
 
 use lightning::chain::chaininterface::{ChainError,ChainWatchInterface, ChainListener};
@@ -10,7 +11,6 @@ use lightning::ln::channelmanager::ChannelDetails;
 use lightning::ln::msgs;
 use lightning::ln::msgs::{RoutingMessageHandler};
 use lightning::ln::router::{Router, RouteHint};
-use lightning::util::reset_rng_state;
 use lightning::util::logger::Logger;
 use lightning::util::ser::Readable;
 
@@ -95,8 +95,6 @@ impl ChainWatchInterface for DummyChainWatcher {
 
 #[inline]
 pub fn do_test(data: &[u8]) {
-       reset_rng_state();
-
        let input = Arc::new(InputData {
                data: data.to_vec(),
                read_pos: AtomicUsize::new(0),
@@ -204,6 +202,9 @@ pub fn do_test(data: &[u8]) {
                                                                remote_network_id: get_pubkey!(),
                                                                channel_value_satoshis: slice_to_be64(get_slice!(8)),
                                                                user_id: 0,
+                                                               inbound_capacity_msat: 0,
+                                                               is_live: true,
+                                                               outbound_capacity_msat: 0,
                                                        });
                                                }
                                                Some(&first_hops_vec[..])
diff --git a/fuzz/src/util/rust_crypto_nonstd_arch.c b/fuzz/src/util/rust_crypto_nonstd_arch.c
deleted file mode 120000 (symlink)
index 321d648..0000000
--- a/fuzz/src/util/rust_crypto_nonstd_arch.c
+++ /dev/null
@@ -1 +0,0 @@
-../../../src/util/rust_crypto_nonstd_arch.c
\ No newline at end of file
diff --git a/net-tokio/Cargo.toml b/net-tokio/Cargo.toml
new file mode 100644 (file)
index 0000000..4bb4b15
--- /dev/null
+++ b/net-tokio/Cargo.toml
@@ -0,0 +1,19 @@
+[package]
+name = "lightning-net-tokio"
+version = "0.0.1"
+authors = ["Matt Corallo"]
+license = "Apache-2.0"
+description = """
+Implementation of the rust-lightning network stack using Tokio.
+For Rust-Lightning clients which wish to make direct connections to Lightning P2P nodes, this is a simple alternative to implementing the nerequired network stack, especially for those already using Tokio.
+"""
+
+[dependencies]
+bitcoin = "0.18"
+bitcoin_hashes = "0.3"
+lightning = { version = "0.0.9", path = "../" }
+secp256k1 = "0.12"
+tokio-codec = "0.1"
+futures = "0.1"
+tokio = "0.1"
+bytes = "0.4"
diff --git a/net-tokio/src/lib.rs b/net-tokio/src/lib.rs
new file mode 100644 (file)
index 0000000..0bc36b2
--- /dev/null
+++ b/net-tokio/src/lib.rs
@@ -0,0 +1,270 @@
+extern crate bytes;
+extern crate tokio;
+extern crate tokio_codec;
+extern crate futures;
+extern crate lightning;
+extern crate secp256k1;
+
+use bytes::BufMut;
+
+use futures::future;
+use futures::future::Future;
+use futures::{AsyncSink, Stream, Sink};
+use futures::sync::mpsc;
+
+use secp256k1::key::PublicKey;
+
+use tokio::timer::Delay;
+use tokio::net::TcpStream;
+
+use lightning::ln::peer_handler;
+use lightning::ln::peer_handler::SocketDescriptor as LnSocketTrait;
+
+use std::mem;
+use std::net::SocketAddr;
+use std::sync::{Arc, Mutex};
+use std::sync::atomic::{AtomicU64, Ordering};
+use std::time::{Duration, Instant};
+use std::vec::Vec;
+use std::hash::Hash;
+
+static ID_COUNTER: AtomicU64 = AtomicU64::new(0);
+
+/// A connection to a remote peer. Can be constructed either as a remote connection using
+/// Connection::setup_outbound o
+pub struct Connection {
+       writer: Option<mpsc::Sender<bytes::Bytes>>,
+       event_notify: mpsc::Sender<()>,
+       pending_read: Vec<u8>,
+       read_blocker: Option<futures::sync::oneshot::Sender<Result<(), ()>>>,
+       read_paused: bool,
+       need_disconnect: bool,
+       id: u64,
+}
+impl Connection {
+       fn schedule_read(peer_manager: Arc<peer_handler::PeerManager<SocketDescriptor>>, us: Arc<Mutex<Self>>, reader: futures::stream::SplitStream<tokio_codec::Framed<TcpStream, tokio_codec::BytesCodec>>) {
+               let us_ref = us.clone();
+               let us_close_ref = us.clone();
+               let peer_manager_ref = peer_manager.clone();
+               tokio::spawn(reader.for_each(move |b| {
+                       let pending_read = b.to_vec();
+                       {
+                               let mut lock = us_ref.lock().unwrap();
+                               assert!(lock.pending_read.is_empty());
+                               if lock.read_paused {
+                                       lock.pending_read = pending_read;
+                                       let (sender, blocker) = futures::sync::oneshot::channel();
+                                       lock.read_blocker = Some(sender);
+                                       return future::Either::A(blocker.then(|_| { Ok(()) }));
+                               }
+                       }
+                       //TODO: There's a race where we don't meet the requirements of disconnect_socket if its
+                       //called right here, after we release the us_ref lock in the scope above, but before we
+                       //call read_event!
+                       match peer_manager.read_event(&mut SocketDescriptor::new(us_ref.clone(), peer_manager.clone()), pending_read) {
+                               Ok(pause_read) => {
+                                       if pause_read {
+                                               let mut lock = us_ref.lock().unwrap();
+                                               lock.read_paused = true;
+                                       }
+                               },
+                               Err(e) => {
+                                       us_ref.lock().unwrap().need_disconnect = false;
+                                       return future::Either::B(future::result(Err(std::io::Error::new(std::io::ErrorKind::InvalidData, e))));
+                               }
+                       }
+
+                       if let Err(e) = us_ref.lock().unwrap().event_notify.try_send(()) {
+                               // Ignore full errors as we just need them to poll after this point, so if the user
+                               // hasn't received the last send yet, it doesn't matter.
+                               assert!(e.is_full());
+                       }
+
+                       future::Either::B(future::result(Ok(())))
+               }).then(move |_| {
+                       if us_close_ref.lock().unwrap().need_disconnect {
+                               peer_manager_ref.disconnect_event(&SocketDescriptor::new(us_close_ref, peer_manager_ref.clone()));
+                               println!("Peer disconnected!");
+                       } else {
+                               println!("We disconnected peer!");
+                       }
+                       Ok(())
+               }));
+       }
+
+       fn new(event_notify: mpsc::Sender<()>, stream: TcpStream) -> (futures::stream::SplitStream<tokio_codec::Framed<TcpStream, tokio_codec::BytesCodec>>, Arc<Mutex<Self>>) {
+               let (writer, reader) = tokio_codec::Framed::new(stream, tokio_codec::BytesCodec::new()).split();
+               let (send_sink, send_stream) = mpsc::channel(3);
+               tokio::spawn(writer.send_all(send_stream.map_err(|_| -> std::io::Error {
+                       unreachable!();
+               })).then(|_| {
+                       future::result(Ok(()))
+               }));
+               let us = Arc::new(Mutex::new(Self { writer: Some(send_sink), event_notify, pending_read: Vec::new(), read_blocker: None, read_paused: false, need_disconnect: true, id: ID_COUNTER.fetch_add(1, Ordering::AcqRel) }));
+
+               (reader, us)
+       }
+
+       /// Process incoming messages and feed outgoing messages on the provided socket generated by
+       /// accepting an incoming connection (by scheduling futures with tokio::spawn).
+       ///
+       /// You should poll the Receive end of event_notify and call get_and_clear_pending_events() on
+       /// ChannelManager and ChannelMonitor objects.
+       pub fn setup_inbound(peer_manager: Arc<peer_handler::PeerManager<SocketDescriptor>>, event_notify: mpsc::Sender<()>, stream: TcpStream) {
+               let (reader, us) = Self::new(event_notify, stream);
+
+               if let Ok(_) = peer_manager.new_inbound_connection(SocketDescriptor::new(us.clone(), peer_manager.clone())) {
+                       Self::schedule_read(peer_manager, us, reader);
+               }
+       }
+
+       /// Process incoming messages and feed outgoing messages on the provided socket generated by
+       /// making an outbound connection which is expected to be accepted by a peer with the given
+       /// public key (by scheduling futures with tokio::spawn).
+       ///
+       /// You should poll the Receive end of event_notify and call get_and_clear_pending_events() on
+       /// ChannelManager and ChannelMonitor objects.
+       pub fn setup_outbound(peer_manager: Arc<peer_handler::PeerManager<SocketDescriptor>>, event_notify: mpsc::Sender<()>, their_node_id: PublicKey, stream: TcpStream) {
+               let (reader, us) = Self::new(event_notify, stream);
+
+               if let Ok(initial_send) = peer_manager.new_outbound_connection(their_node_id, SocketDescriptor::new(us.clone(), peer_manager.clone())) {
+                       if SocketDescriptor::new(us.clone(), peer_manager.clone()).send_data(&initial_send, true) == initial_send.len() {
+                               Self::schedule_read(peer_manager, us, reader);
+                       } else {
+                               println!("Failed to write first full message to socket!");
+                       }
+               }
+       }
+
+       /// Process incoming messages and feed outgoing messages on a new connection made to the given
+       /// socket address which is expected to be accepted by a peer with the given public key (by
+       /// scheduling futures with tokio::spawn).
+       ///
+       /// You should poll the Receive end of event_notify and call get_and_clear_pending_events() on
+       /// ChannelManager and ChannelMonitor objects.
+       pub fn connect_outbound(peer_manager: Arc<peer_handler::PeerManager<SocketDescriptor>>, event_notify: mpsc::Sender<()>, their_node_id: PublicKey, addr: SocketAddr) {
+               let connect_timeout = Delay::new(Instant::now() + Duration::from_secs(10)).then(|_| {
+                       future::err(std::io::Error::new(std::io::ErrorKind::TimedOut, "timeout reached"))
+               });
+               tokio::spawn(TcpStream::connect(&addr).select(connect_timeout)
+                       .and_then(move |stream| {
+                               Connection::setup_outbound(peer_manager, event_notify, their_node_id, stream.0);
+                               future::ok(())
+                       }).or_else(|_| {
+                               //TODO: return errors somehow
+                               future::ok(())
+                       }));
+       }
+}
+
+#[derive(Clone)]
+pub struct SocketDescriptor {
+       conn: Arc<Mutex<Connection>>,
+       id: u64,
+       peer_manager: Arc<peer_handler::PeerManager<SocketDescriptor>>,
+}
+impl SocketDescriptor {
+       fn new(conn: Arc<Mutex<Connection>>, peer_manager: Arc<peer_handler::PeerManager<SocketDescriptor>>) -> Self {
+               let id = conn.lock().unwrap().id;
+               Self { conn, id, peer_manager }
+       }
+}
+impl peer_handler::SocketDescriptor for SocketDescriptor {
+       fn send_data(&mut self, data: &[u8], resume_read: bool) -> usize {
+               macro_rules! schedule_read {
+                       ($us_ref: expr) => {
+                               tokio::spawn(future::lazy(move || -> Result<(), ()> {
+                                       let mut read_data = Vec::new();
+                                       {
+                                               let mut us = $us_ref.conn.lock().unwrap();
+                                               mem::swap(&mut read_data, &mut us.pending_read);
+                                       }
+                                       if !read_data.is_empty() {
+                                               let mut us_clone = $us_ref.clone();
+                                               match $us_ref.peer_manager.read_event(&mut us_clone, read_data) {
+                                                       Ok(pause_read) => {
+                                                               if pause_read { return Ok(()); }
+                                                       },
+                                                       Err(_) => {
+                                                               //TODO: Not actually sure how to do this
+                                                               return Ok(());
+                                                       }
+                                               }
+                                       }
+                                       let mut us = $us_ref.conn.lock().unwrap();
+                                       if let Some(sender) = us.read_blocker.take() {
+                                               sender.send(Ok(())).unwrap();
+                                       }
+                                       us.read_paused = false;
+                                       if let Err(e) = us.event_notify.try_send(()) {
+                                               // Ignore full errors as we just need them to poll after this point, so if the user
+                                               // hasn't received the last send yet, it doesn't matter.
+                                               assert!(e.is_full());
+                                       }
+                                       Ok(())
+                               }));
+                       }
+               }
+
+               let mut us = self.conn.lock().unwrap();
+               if resume_read {
+                       let us_ref = self.clone();
+                       schedule_read!(us_ref);
+               }
+               if data.is_empty() { return 0; }
+               if us.writer.is_none() {
+                       us.read_paused = true;
+                       return 0;
+               }
+
+               let mut bytes = bytes::BytesMut::with_capacity(data.len());
+               bytes.put(data);
+               let write_res = us.writer.as_mut().unwrap().start_send(bytes.freeze());
+               match write_res {
+                       Ok(res) => {
+                               match res {
+                                       AsyncSink::Ready => {
+                                               data.len()
+                                       },
+                                       AsyncSink::NotReady(_) => {
+                                               us.read_paused = true;
+                                               let us_ref = self.clone();
+                                               tokio::spawn(us.writer.take().unwrap().flush().then(move |writer_res| -> Result<(), ()> {
+                                                       if let Ok(writer) = writer_res {
+                                                               {
+                                                                       let mut us = us_ref.conn.lock().unwrap();
+                                                                       us.writer = Some(writer);
+                                                               }
+                                                               schedule_read!(us_ref);
+                                                       } // we'll fire the disconnect event on the socket reader end
+                                                       Ok(())
+                                               }));
+                                               0
+                                       }
+                               }
+                       },
+                       Err(_) => {
+                               // We'll fire the disconnected event on the socket reader end
+                               0
+                       },
+               }
+       }
+
+       fn disconnect_socket(&mut self) {
+               let mut us = self.conn.lock().unwrap();
+               us.need_disconnect = true;
+               us.read_paused = true;
+       }
+}
+impl Eq for SocketDescriptor {}
+impl PartialEq for SocketDescriptor {
+       fn eq(&self, o: &Self) -> bool {
+               self.id == o.id
+       }
+}
+impl Hash for SocketDescriptor {
+       fn hash<H: std::hash::Hasher>(&self, state: &mut H) {
+               self.id.hash(state);
+       }
+}
+
diff --git a/src/chain/chaininterface.rs b/src/chain/chaininterface.rs
index ef09cbbaaa0f79eb89942860608a315772ef88f3..c0330fb2963ea868d753c16dd633d5cbbd8890c9 100644 (file)
--- a/src/chain/chaininterface.rs
+++ b/src/chain/chaininterface.rs
@@ -8,7 +8,8 @@ use bitcoin::blockdata::block::{Block, BlockHeader};
 use bitcoin::blockdata::transaction::Transaction;
 use bitcoin::blockdata::script::Script;
 use bitcoin::blockdata::constants::genesis_block;
-use bitcoin::util::hash::{BitcoinHash, Sha256dHash};
+use bitcoin::util::hash::BitcoinHash;
+use bitcoin_hashes::sha256d::Hash as Sha256dHash;
 use bitcoin::network::constants::Network;
 
 use util::logger::Logger;
@@ -77,7 +78,8 @@ pub trait ChainListener: Sync + Send {
        fn block_connected(&self, header: &BlockHeader, height: u32, txn_matched: &[&Transaction], indexes_of_txn_matched: &[u32]);
        /// Notifies a listener that a block was disconnected.
        /// Unlike block_connected, this *must* never be called twice for the same disconnect event.
-       fn block_disconnected(&self, header: &BlockHeader);
+       /// Height must be the one of the block which was disconnected (not new height of the best chain)
+       fn block_disconnected(&self, header: &BlockHeader, disconnected_height: u32);
 }
 
 /// An enum that represents the speed at which we want a transaction to confirm used for feerate
@@ -278,11 +280,11 @@ impl ChainWatchInterfaceUtil {
        }
 
        /// Notify listeners that a block was disconnected.
-       pub fn block_disconnected(&self, header: &BlockHeader) {
+       pub fn block_disconnected(&self, header: &BlockHeader, disconnected_height: u32) {
                let listeners = self.listeners.lock().unwrap().clone();
                for listener in listeners.iter() {
                        match listener.upgrade() {
-                               Some(arc) => arc.block_disconnected(header),
+                               Some(arc) => arc.block_disconnected(&header, disconnected_height),
                                None => ()
                        }
                }
diff --git a/src/chain/keysinterface.rs b/src/chain/keysinterface.rs
index 9369d3c35063486a405a202c18c3b0426f93b5ac..73d320b0f69a6e123deb20d1f6261960d57d2680 100644 (file)
--- a/src/chain/keysinterface.rs
+++ b/src/chain/keysinterface.rs
@@ -9,6 +9,7 @@ use bitcoin::network::constants::Network;
 use bitcoin::util::bip32::{ExtendedPrivKey, ExtendedPubKey, ChildNumber};
 
 use bitcoin_hashes::{Hash, HashEngine};
+use bitcoin_hashes::sha256::HashEngine as Sha256State;
 use bitcoin_hashes::sha256::Hash as Sha256;
 use bitcoin_hashes::hash160::Hash as Hash160;
 
@@ -16,11 +17,9 @@ use secp256k1::key::{SecretKey, PublicKey};
 use secp256k1::Secp256k1;
 use secp256k1;
 
-use util::logger::Logger;
-use util::rng;
 use util::byte_utils;
+use util::logger::Logger;
 
-use std::time::{SystemTime, UNIX_EPOCH};
 use std::sync::Arc;
 use std::sync::atomic::{AtomicUsize, Ordering};
 
@@ -131,33 +130,57 @@ pub struct KeysManager {
        channel_id_master_key: ExtendedPrivKey,
        channel_id_child_index: AtomicUsize,
 
+       unique_start: Sha256State,
        logger: Arc<Logger>,
 }
 
 impl KeysManager {
        /// Constructs a KeysManager from a 32-byte seed. If the seed is in some way biased (eg your
-       /// RNG is busted) this may panic.
-       pub fn new(seed: &[u8; 32], network: Network, logger: Arc<Logger>) -> KeysManager {
+       /// RNG is busted) this may panic (but more importantly, you will possibly lose funds).
+       /// starting_time isn't strictly required to actually be a time, but it must absolutely,
+       /// without a doubt, be unique to this instance. ie if you start multiple times with the same
+       /// seed, starting_time must be unique to each run. Thus, the easiest way to achieve this is to
+       /// simply use the current time (with very high precision).
+       ///
+       /// The seed MUST be backed up safely prior to use so that the keys can be re-created, however,
+       /// obviously, starting_time should be unique every time you reload the library - it is only
+       /// used to generate new ephemeral key data (which will be stored by the individual channel if
+       /// necessary).
+       ///
+       /// Note that the seed is required to recover certain on-chain funds independent of
+       /// ChannelMonitor data, though a current copy of ChannelMonitor data is also required for any
+       /// channel, and some on-chain during-closing funds.
+       ///
+       /// Note that until the 0.1 release there is no guarantee of backward compatibility between
+       /// versions. Once the library is more fully supported, the docs will be updated to include a
+       /// detailed description of the guarantee.
+       pub fn new(seed: &[u8; 32], network: Network, logger: Arc<Logger>, starting_time_secs: u64, starting_time_nanos: u32) -> KeysManager {
                let secp_ctx = Secp256k1::signing_only();
                match ExtendedPrivKey::new_master(network.clone(), seed) {
                        Ok(master_key) => {
-                               let node_secret = master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx(0)).expect("Your RNG is busted").secret_key;
-                               let destination_script = match master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx(1)) {
+                               let node_secret = master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx(0).unwrap()).expect("Your RNG is busted").private_key.key;
+                               let destination_script = match master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx(1).unwrap()) {
                                        Ok(destination_key) => {
-                                               let pubkey_hash160 = Hash160::hash(&ExtendedPubKey::from_private(&secp_ctx, &destination_key).public_key.serialize()[..]);
+                                               let pubkey_hash160 = Hash160::hash(&ExtendedPubKey::from_private(&secp_ctx, &destination_key).public_key.key.serialize()[..]);
                                                Builder::new().push_opcode(opcodes::all::OP_PUSHBYTES_0)
                                                              .push_slice(&pubkey_hash160.into_inner())
                                                              .into_script()
                                        },
                                        Err(_) => panic!("Your RNG is busted"),
                                };
-                               let shutdown_pubkey = match master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx(2)) {
-                                       Ok(shutdown_key) => ExtendedPubKey::from_private(&secp_ctx, &shutdown_key).public_key,
+                               let shutdown_pubkey = match master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx(2).unwrap()) {
+                                       Ok(shutdown_key) => ExtendedPubKey::from_private(&secp_ctx, &shutdown_key).public_key.key,
                                        Err(_) => panic!("Your RNG is busted"),
                                };
-                               let channel_master_key = master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx(3)).expect("Your RNG is busted");
-                               let session_master_key = master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx(4)).expect("Your RNG is busted");
-                               let channel_id_master_key = master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx(5)).expect("Your RNG is busted");
+                               let channel_master_key = master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx(3).unwrap()).expect("Your RNG is busted");
+                               let session_master_key = master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx(4).unwrap()).expect("Your RNG is busted");
+                               let channel_id_master_key = master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx(5).unwrap()).expect("Your RNG is busted");
+
+                               let mut unique_start = Sha256::engine();
+                               unique_start.input(&byte_utils::be64_to_array(starting_time_secs));
+                               unique_start.input(&byte_utils::be32_to_array(starting_time_nanos));
+                               unique_start.input(seed);
+
                                KeysManager {
                                        secp_ctx,
                                        node_secret,
@@ -170,6 +193,7 @@ impl KeysManager {
                                        channel_id_master_key,
                                        channel_id_child_index: AtomicUsize::new(0),
 
+                                       unique_start,
                                        logger,
                                }
                        },
@@ -193,24 +217,15 @@ impl KeysInterface for KeysManager {
 
        fn get_channel_keys(&self, _inbound: bool) -> ChannelKeys {
                // We only seriously intend to rely on the channel_master_key for true secure
-               // entropy, everything else just ensures uniqueness. We generally don't expect
-               // all clients to have non-broken RNGs here, so we also include the current
-               // time as a fallback to get uniqueness.
-               let mut sha = Sha256::engine();
-
-               let mut seed = [0u8; 32];
-               rng::fill_bytes(&mut seed[..]);
-               sha.input(&seed);
-
-               let now = SystemTime::now().duration_since(UNIX_EPOCH).expect("Time went backwards");
-               sha.input(&byte_utils::be32_to_array(now.subsec_nanos()));
-               sha.input(&byte_utils::be64_to_array(now.as_secs()));
+               // entropy, everything else just ensures uniqueness. We rely on the unique_start (ie
+               // starting_time provided in the constructor) to be unique.
+               let mut sha = self.unique_start.clone();
 
                let child_ix = self.channel_child_index.fetch_add(1, Ordering::AcqRel);
-               let child_privkey = self.channel_master_key.ckd_priv(&self.secp_ctx, ChildNumber::from_hardened_idx(child_ix as u32)).expect("Your RNG is busted");
-               sha.input(&child_privkey.secret_key[..]);
+               let child_privkey = self.channel_master_key.ckd_priv(&self.secp_ctx, ChildNumber::from_hardened_idx(child_ix as u32).expect("key space exhausted")).expect("Your RNG is busted");
+               sha.input(&child_privkey.private_key.key[..]);
 
-               seed = Sha256::from_engine(sha).into_inner();
+               let seed = Sha256::from_engine(sha).into_inner();
 
                let commitment_seed = {
                        let mut sha = Sha256::engine();
@@ -244,28 +259,20 @@ impl KeysInterface for KeysManager {
        }
 
        fn get_session_key(&self) -> SecretKey {
-               let mut sha = Sha256::engine();
-
-               let now = SystemTime::now().duration_since(UNIX_EPOCH).expect("Time went backwards");
-               sha.input(&byte_utils::be32_to_array(now.subsec_nanos()));
-               sha.input(&byte_utils::be64_to_array(now.as_secs()));
+               let mut sha = self.unique_start.clone();
 
                let child_ix = self.session_child_index.fetch_add(1, Ordering::AcqRel);
-               let child_privkey = self.session_master_key.ckd_priv(&self.secp_ctx, ChildNumber::from_hardened_idx(child_ix as u32)).expect("Your RNG is busted");
-               sha.input(&child_privkey.secret_key[..]);
+               let child_privkey = self.session_master_key.ckd_priv(&self.secp_ctx, ChildNumber::from_hardened_idx(child_ix as u32).expect("key space exhausted")).expect("Your RNG is busted");
+               sha.input(&child_privkey.private_key.key[..]);
                SecretKey::from_slice(&Sha256::from_engine(sha).into_inner()).expect("Your RNG is busted")
        }
 
        fn get_channel_id(&self) -> [u8; 32] {
-               let mut sha = Sha256::engine();
-
-               let now = SystemTime::now().duration_since(UNIX_EPOCH).expect("Time went backwards");
-               sha.input(&byte_utils::be32_to_array(now.subsec_nanos()));
-               sha.input(&byte_utils::be64_to_array(now.as_secs()));
+               let mut sha = self.unique_start.clone();
 
                let child_ix = self.channel_id_child_index.fetch_add(1, Ordering::AcqRel);
-               let child_privkey = self.channel_id_master_key.ckd_priv(&self.secp_ctx, ChildNumber::from_hardened_idx(child_ix as u32)).expect("Your RNG is busted");
-               sha.input(&child_privkey.secret_key[..]);
+               let child_privkey = self.channel_id_master_key.ckd_priv(&self.secp_ctx, ChildNumber::from_hardened_idx(child_ix as u32).expect("key space exhausted")).expect("Your RNG is busted");
+               sha.input(&child_privkey.private_key.key[..]);
 
                (Sha256::from_engine(sha).into_inner())
        }
diff --git a/src/chain/transaction.rs b/src/chain/transaction.rs
index a9b314dd08e4eec7ddb7a5bd6f94d43816191217..ce43984ebd48b270f0f32da2266da2ac940e2a6b 100644 (file)
--- a/src/chain/transaction.rs
+++ b/src/chain/transaction.rs
@@ -1,6 +1,6 @@
 //! Contains simple structs describing parts of transactions on the chain.
 
-use bitcoin::util::hash::Sha256dHash;
+use bitcoin_hashes::sha256d::Hash as Sha256dHash;
 use bitcoin::blockdata::transaction::OutPoint as BitcoinOutPoint;
 
 /// A reference to a transaction output.
diff --git a/src/lib.rs b/src/lib.rs
index 52ec664023621954d162ba8f603a7cc4a21491cd..c6e4708a8ebadb933e794889d1378e6b34f24fdf 100644 (file)
--- a/src/lib.rs
+++ b/src/lib.rs
@@ -10,11 +10,12 @@
 //! instead of having a rather-separate lightning appendage to a wallet.
 
 #![cfg_attr(not(feature = "fuzztarget"), deny(missing_docs))]
+#![forbid(unsafe_code)]
 
 extern crate bitcoin;
 extern crate bitcoin_hashes;
-extern crate rand;
 extern crate secp256k1;
+#[cfg(test)] extern crate rand;
 #[cfg(test)] extern crate hex;
 
 #[macro_use]
diff --git a/src/ln/chan_utils.rs b/src/ln/chan_utils.rs
index e7945a508b426351e3633ed900225b566a6b5271..eab80a54e797cd9489e2fe25c59dc76f15375c48 100644 (file)
--- a/src/ln/chan_utils.rs
+++ b/src/ln/chan_utils.rs
@@ -1,12 +1,12 @@
 use bitcoin::blockdata::script::{Script,Builder};
 use bitcoin::blockdata::opcodes;
 use bitcoin::blockdata::transaction::{TxIn,TxOut,OutPoint,Transaction};
-use bitcoin::util::hash::{Sha256dHash};
 
 use bitcoin_hashes::{Hash, HashEngine};
 use bitcoin_hashes::sha256::Hash as Sha256;
 use bitcoin_hashes::ripemd160::Hash as Ripemd160;
 use bitcoin_hashes::hash160::Hash as Hash160;
+use bitcoin_hashes::sha256d::Hash as Sha256dHash;
 
 use ln::channelmanager::PaymentHash;
 
diff --git a/src/ln/chanmon_update_fail_tests.rs b/src/ln/chanmon_update_fail_tests.rs
index 69e056217f719b933aac1221b7d73d540a0ce53d..137d983465e339e43c7401562db38ee0f9eff932 100644 (file)
--- a/src/ln/chanmon_update_fail_tests.rs
+++ b/src/ln/chanmon_update_fail_tests.rs
@@ -6,22 +6,20 @@
 use ln::channelmanager::{RAACommitmentOrder, PaymentPreimage, PaymentHash};
 use ln::channelmonitor::ChannelMonitorUpdateErr;
 use ln::msgs;
-use ln::msgs::ChannelMessageHandler;
+use ln::msgs::{ChannelMessageHandler, LocalFeatures, RoutingMessageHandler};
 use util::events::{Event, EventsProvider, MessageSendEvent, MessageSendEventsProvider};
 use util::errors::APIError;
 
 use bitcoin_hashes::sha256::Hash as Sha256;
 use bitcoin_hashes::Hash;
 
-use std::time::Instant;
-
 use ln::functional_test_utils::*;
 
 #[test]
 fn test_simple_monitor_permanent_update_fail() {
        // Test that we handle a simple permanent monitor update failure
-       let mut nodes = create_network(2);
-       create_announced_chan_between_nodes(&nodes, 0, 1);
+       let mut nodes = create_network(2, &[None, None]);
+       create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
 
        let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &Vec::new(), 1000000, TEST_FINAL_CLTV).unwrap();
        let (_, payment_hash_1) = get_payment_preimage_hash!(nodes[0]);
@@ -50,8 +48,8 @@ fn test_simple_monitor_permanent_update_fail() {
 fn do_test_simple_monitor_temporary_update_fail(disconnect: bool) {
        // Test that we can recover from a simple temporary monitor update failure optionally with
        // a disconnect in between
-       let mut nodes = create_network(2);
-       create_announced_chan_between_nodes(&nodes, 0, 1);
+       let mut nodes = create_network(2, &[None, None]);
+       create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
 
        let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &Vec::new(), 1000000, TEST_FINAL_CLTV).unwrap();
        let (payment_preimage_1, payment_hash_1) = get_payment_preimage_hash!(nodes[0]);
@@ -149,8 +147,8 @@ fn do_test_monitor_temporary_update_fail(disconnect_count: usize) {
        // * We then walk through more message exchanges to get the original update_add_htlc
        //   through, swapping message ordering based on disconnect_count & 8 and optionally
        //   disconnect/reconnecting based on disconnect_count.
-       let mut nodes = create_network(2);
-       create_announced_chan_between_nodes(&nodes, 0, 1);
+       let mut nodes = create_network(2, &[None, None]);
+       create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
 
        let (payment_preimage_1, _) = route_payment(&nodes[0], &[&nodes[1]], 1000000);
 
@@ -475,8 +473,8 @@ fn test_monitor_temporary_update_fail_c() {
 #[test]
 fn test_monitor_update_fail_cs() {
        // Tests handling of a monitor update failure when processing an incoming commitment_signed
-       let mut nodes = create_network(2);
-       create_announced_chan_between_nodes(&nodes, 0, 1);
+       let mut nodes = create_network(2, &[None, None]);
+       create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
 
        let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &Vec::new(), 1000000, TEST_FINAL_CLTV).unwrap();
        let (payment_preimage, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
@@ -554,8 +552,8 @@ fn test_monitor_update_fail_no_rebroadcast() {
        // Tests handling of a monitor update failure when no message rebroadcasting on
        // test_restore_channel_monitor() is required. Backported from
        // chanmon_fail_consistency fuzz tests.
-       let mut nodes = create_network(2);
-       create_announced_chan_between_nodes(&nodes, 0, 1);
+       let mut nodes = create_network(2, &[None, None]);
+       create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
 
        let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &Vec::new(), 1000000, TEST_FINAL_CLTV).unwrap();
        let (payment_preimage_1, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
@@ -596,8 +594,8 @@ fn test_monitor_update_fail_no_rebroadcast() {
 fn test_monitor_update_raa_while_paused() {
        // Tests handling of an RAA while monitor updating has already been marked failed.
        // Backported from chanmon_fail_consistency fuzz tests as this used to be broken.
-       let mut nodes = create_network(2);
-       create_announced_chan_between_nodes(&nodes, 0, 1);
+       let mut nodes = create_network(2, &[None, None]);
+       create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
 
        send_payment(&nodes[0], &[&nodes[1]], 5000000);
 
@@ -663,9 +661,9 @@ fn test_monitor_update_raa_while_paused() {
 
 fn do_test_monitor_update_fail_raa(test_ignore_second_cs: bool) {
        // Tests handling of a monitor update failure when processing an incoming RAA
-       let mut nodes = create_network(3);
-       create_announced_chan_between_nodes(&nodes, 0, 1);
-       let chan_2 = create_announced_chan_between_nodes(&nodes, 1, 2);
+       let mut nodes = create_network(3, &[None, None, None]);
+       create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
+       let chan_2 = create_announced_chan_between_nodes(&nodes, 1, 2, LocalFeatures::new(), LocalFeatures::new());
 
        // Rebalance a bit so that we can send backwards from 2 to 1.
        send_payment(&nodes[0], &[&nodes[1], &nodes[2]], 5000000);
@@ -916,9 +914,9 @@ fn test_monitor_update_fail_reestablish() {
        // Simple test for message retransmission after monitor update failure on
        // channel_reestablish generating a monitor update (which comes from freeing holding cell
        // HTLCs).
-       let mut nodes = create_network(3);
-       create_announced_chan_between_nodes(&nodes, 0, 1);
-       create_announced_chan_between_nodes(&nodes, 1, 2);
+       let mut nodes = create_network(3, &[None, None, None]);
+       create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
+       create_announced_chan_between_nodes(&nodes, 1, 2, LocalFeatures::new(), LocalFeatures::new());
 
        let (our_payment_preimage, _) = route_payment(&nodes[0], &[&nodes[1], &nodes[2]], 1000000);
 
@@ -994,8 +992,8 @@ fn raa_no_response_awaiting_raa_state() {
        // due to a previous monitor update failure, we still set AwaitingRemoteRevoke on the channel
        // in question (assuming it intends to respond with a CS after monitor updating is restored).
        // Backported from chanmon_fail_consistency fuzz tests as this used to be broken.
-       let mut nodes = create_network(2);
-       create_announced_chan_between_nodes(&nodes, 0, 1);
+       let mut nodes = create_network(2, &[None, None]);
+       create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
 
        let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &Vec::new(), 1000000, TEST_FINAL_CLTV).unwrap();
        let (payment_preimage_1, payment_hash_1) = get_payment_preimage_hash!(nodes[0]);
@@ -1107,8 +1105,8 @@ fn claim_while_disconnected_monitor_update_fail() {
        // Backported from chanmon_fail_consistency fuzz tests as an unmerged version of the handling
        // code introduced a regression in this test (specifically, this caught a removal of the
        // channel_reestablish handling ensuring the order was sensical given the messages used).
-       let mut nodes = create_network(2);
-       create_announced_chan_between_nodes(&nodes, 0, 1);
+       let mut nodes = create_network(2, &[None, None]);
+       create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
 
        // Forward a payment for B to claim
        let (payment_preimage_1, _) = route_payment(&nodes[0], &[&nodes[1]], 1000000);
@@ -1222,8 +1220,8 @@ fn monitor_failed_no_reestablish_response() {
        // response to a commitment_signed.
        // Backported from chanmon_fail_consistency fuzz tests as it caught a long-standing
        // debug_assert!() failure in channel_reestablish handling.
-       let mut nodes = create_network(2);
-       create_announced_chan_between_nodes(&nodes, 0, 1);
+       let mut nodes = create_network(2, &[None, None]);
+       create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
 
        // Route the payment and deliver the initial commitment_signed (with a monitor update failure
        // on receipt).
@@ -1288,8 +1286,8 @@ fn first_message_on_recv_ordering() {
        // have no pending response but will want to send a RAA/CS (with the updates for the second
        // payment applied).
        // Backported from chanmon_fail_consistency fuzz tests as it caught a bug here.
-       let mut nodes = create_network(2);
-       create_announced_chan_between_nodes(&nodes, 0, 1);
+       let mut nodes = create_network(2, &[None, None]);
+       create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
 
        // Route the first payment outbound, holding the last RAA for B until we are set up so that we
        // can deliver it and fail the monitor update.
@@ -1373,9 +1371,9 @@ fn test_monitor_update_fail_claim() {
        // update to claim the payment. We then send a payment C->B->A, making the forward of this
        // payment from B to A fail due to the paused channel. Finally, we restore the channel monitor
        // updating and claim the payment on B.
-       let mut nodes = create_network(3);
-       let chan_1 = create_announced_chan_between_nodes(&nodes, 0, 1);
-       create_announced_chan_between_nodes(&nodes, 1, 2);
+       let mut nodes = create_network(3, &[None, None, None]);
+       let chan_1 = create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
+       create_announced_chan_between_nodes(&nodes, 1, 2, LocalFeatures::new(), LocalFeatures::new());
 
        // Rebalance a bit so that we can send backwards from 3 to 2.
        send_payment(&nodes[0], &[&nodes[1], &nodes[2]], 5000000);
@@ -1443,9 +1441,9 @@ fn test_monitor_update_on_pending_forwards() {
        // We do this with a simple 3-node network, sending a payment from A to C and one from C to A.
        // The payment from A to C will be failed by C and pending a back-fail to A, while the payment
        // from C to A will be pending a forward to A.
-       let mut nodes = create_network(3);
-       create_announced_chan_between_nodes(&nodes, 0, 1);
-       create_announced_chan_between_nodes(&nodes, 1, 2);
+       let mut nodes = create_network(3, &[None, None, None]);
+       create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
+       create_announced_chan_between_nodes(&nodes, 1, 2, LocalFeatures::new(), LocalFeatures::new());
 
        // Rebalance a bit so that we can send backwards from 3 to 1.
        send_payment(&nodes[0], &[&nodes[1], &nodes[2]], 5000000);
@@ -1495,7 +1493,6 @@ fn test_monitor_update_on_pending_forwards() {
                Event::PendingHTLCsForwardable { .. } => { },
                _ => panic!("Unexpected event"),
        };
-       nodes[0].node.channel_state.lock().unwrap().next_forward = Instant::now();
        nodes[0].node.process_pending_htlc_forwards();
        expect_payment_received!(nodes[0], payment_hash_2, 1000000);
 
@@ -1508,8 +1505,8 @@ fn monitor_update_claim_fail_no_response() {
        // to channel being AwaitingRAA).
        // Backported from chanmon_fail_consistency fuzz tests as an unmerged version of the handling
        // code was broken.
-       let mut nodes = create_network(2);
-       create_announced_chan_between_nodes(&nodes, 0, 1);
+       let mut nodes = create_network(2, &[None, None]);
+       create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
 
        // Forward a payment for B to claim
        let (payment_preimage_1, _) = route_payment(&nodes[0], &[&nodes[1]], 1000000);
@@ -1556,3 +1553,132 @@ fn monitor_update_claim_fail_no_response() {
 
        claim_payment(&nodes[0], &[&nodes[1]], payment_preimage_2);
 }
+
+// Note that restore_between_fails with !fail_on_generate is useless
+// Also note that !fail_on_generate && !fail_on_signed is useless
+// Finally, note that !fail_on_signed is not possible with fail_on_generate && !restore_between_fails
+// confirm_a_first and restore_b_before_conf are wholly unrelated to earlier bools and
+// restore_b_before_conf has no meaning if !confirm_a_first
+fn do_during_funding_monitor_fail(fail_on_generate: bool, restore_between_fails: bool, fail_on_signed: bool, confirm_a_first: bool, restore_b_before_conf: bool) {
+       // Test that if the monitor update generated by funding_transaction_generated fails we continue
+       // the channel setup happily after the update is restored.
+       let mut nodes = create_network(2, &[None, None]);
+
+       nodes[0].node.create_channel(nodes[1].node.get_our_node_id(), 100000, 10001, 43).unwrap();
+       nodes[1].node.handle_open_channel(&nodes[0].node.get_our_node_id(), LocalFeatures::new(), &get_event_msg!(nodes[0], MessageSendEvent::SendOpenChannel, nodes[1].node.get_our_node_id())).unwrap();
+       nodes[0].node.handle_accept_channel(&nodes[1].node.get_our_node_id(), LocalFeatures::new(), &get_event_msg!(nodes[1], MessageSendEvent::SendAcceptChannel, nodes[0].node.get_our_node_id())).unwrap();
+
+       let (temporary_channel_id, funding_tx, funding_output) = create_funding_transaction(&nodes[0], 100000, 43);
+
+       if fail_on_generate {
+               *nodes[0].chan_monitor.update_ret.lock().unwrap() = Err(ChannelMonitorUpdateErr::TemporaryFailure);
+       }
+       nodes[0].node.funding_transaction_generated(&temporary_channel_id, funding_output);
+       check_added_monitors!(nodes[0], 1);
+
+       *nodes[1].chan_monitor.update_ret.lock().unwrap() = Err(ChannelMonitorUpdateErr::TemporaryFailure);
+       nodes[1].node.handle_funding_created(&nodes[0].node.get_our_node_id(), &get_event_msg!(nodes[0], MessageSendEvent::SendFundingCreated, nodes[1].node.get_our_node_id())).unwrap();
+       check_added_monitors!(nodes[1], 1);
+
+       if restore_between_fails {
+               assert!(fail_on_generate);
+               *nodes[0].chan_monitor.update_ret.lock().unwrap() = Ok(());
+               nodes[0].node.test_restore_channel_monitor();
+               check_added_monitors!(nodes[0], 1);
+               assert!(nodes[0].node.get_and_clear_pending_events().is_empty());
+               assert!(nodes[0].node.get_and_clear_pending_msg_events().is_empty());
+       }
+
+       if fail_on_signed {
+               *nodes[0].chan_monitor.update_ret.lock().unwrap() = Err(ChannelMonitorUpdateErr::TemporaryFailure);
+       } else {
+               assert!(restore_between_fails || !fail_on_generate); // We can't switch to good now (there's no monitor update)
+               assert!(fail_on_generate); // Somebody has to fail
+       }
+       let funding_signed_res = nodes[0].node.handle_funding_signed(&nodes[1].node.get_our_node_id(), &get_event_msg!(nodes[1], MessageSendEvent::SendFundingSigned, nodes[0].node.get_our_node_id()));
+       if fail_on_signed || !restore_between_fails {
+               if let msgs::HandleError { err, action: Some(msgs::ErrorAction::IgnoreError) } = funding_signed_res.unwrap_err() {
+                       if fail_on_generate && !restore_between_fails {
+                               assert_eq!(err, "Previous monitor update failure prevented funding_signed from allowing funding broadcast");
+                               check_added_monitors!(nodes[0], 0);
+                       } else {
+                               assert_eq!(err, "Failed to update ChannelMonitor");
+                               check_added_monitors!(nodes[0], 1);
+                       }
+               } else { panic!(); }
+
+               assert!(nodes[0].node.get_and_clear_pending_events().is_empty());
+               *nodes[0].chan_monitor.update_ret.lock().unwrap() = Ok(());
+               nodes[0].node.test_restore_channel_monitor();
+       } else {
+               funding_signed_res.unwrap();
+       }
+
+       check_added_monitors!(nodes[0], 1);
+
+       let events = nodes[0].node.get_and_clear_pending_events();
+       assert_eq!(events.len(), 1);
+       match events[0] {
+               Event::FundingBroadcastSafe { ref funding_txo, user_channel_id } => {
+                       assert_eq!(user_channel_id, 43);
+                       assert_eq!(*funding_txo, funding_output);
+               },
+               _ => panic!("Unexpected event"),
+       };
+
+       if confirm_a_first {
+               confirm_transaction(&nodes[0].chain_monitor, &funding_tx, funding_tx.version);
+               nodes[1].node.handle_funding_locked(&nodes[0].node.get_our_node_id(), &get_event_msg!(nodes[0], MessageSendEvent::SendFundingLocked, nodes[1].node.get_our_node_id())).unwrap();
+       } else {
+               assert!(!restore_b_before_conf);
+               confirm_transaction(&nodes[1].chain_monitor, &funding_tx, funding_tx.version);
+               assert!(nodes[1].node.get_and_clear_pending_msg_events().is_empty());
+       }
+
+       // Make sure nodes[1] isn't stupid enough to re-send the FundingLocked on reconnect
+       nodes[0].node.peer_disconnected(&nodes[1].node.get_our_node_id(), false);
+       nodes[1].node.peer_disconnected(&nodes[0].node.get_our_node_id(), false);
+       reconnect_nodes(&nodes[0], &nodes[1], (false, confirm_a_first), (0, 0), (0, 0), (0, 0), (0, 0), (false, false));
+       assert!(nodes[0].node.get_and_clear_pending_msg_events().is_empty());
+       assert!(nodes[1].node.get_and_clear_pending_msg_events().is_empty());
+
+       if !restore_b_before_conf {
+               confirm_transaction(&nodes[1].chain_monitor, &funding_tx, funding_tx.version);
+               assert!(nodes[1].node.get_and_clear_pending_msg_events().is_empty());
+               assert!(nodes[1].node.get_and_clear_pending_events().is_empty());
+       }
+
+       *nodes[1].chan_monitor.update_ret.lock().unwrap() = Ok(());
+       nodes[1].node.test_restore_channel_monitor();
+       check_added_monitors!(nodes[1], 1);
+
+       let (channel_id, (announcement, as_update, bs_update)) = if !confirm_a_first {
+               nodes[0].node.handle_funding_locked(&nodes[1].node.get_our_node_id(), &get_event_msg!(nodes[1], MessageSendEvent::SendFundingLocked, nodes[0].node.get_our_node_id())).unwrap();
+
+               confirm_transaction(&nodes[0].chain_monitor, &funding_tx, funding_tx.version);
+               let (funding_locked, channel_id) = create_chan_between_nodes_with_value_confirm_second(&nodes[1], &nodes[0]);
+               (channel_id, create_chan_between_nodes_with_value_b(&nodes[0], &nodes[1], &funding_locked))
+       } else {
+               if restore_b_before_conf {
+                       confirm_transaction(&nodes[1].chain_monitor, &funding_tx, funding_tx.version);
+               }
+               let (funding_locked, channel_id) = create_chan_between_nodes_with_value_confirm_second(&nodes[0], &nodes[1]);
+               (channel_id, create_chan_between_nodes_with_value_b(&nodes[1], &nodes[0], &funding_locked))
+       };
+       for node in nodes.iter() {
+               assert!(node.router.handle_channel_announcement(&announcement).unwrap());
+               node.router.handle_channel_update(&as_update).unwrap();
+               node.router.handle_channel_update(&bs_update).unwrap();
+       }
+
+       send_payment(&nodes[0], &[&nodes[1]], 8000000);
+       close_channel(&nodes[0], &nodes[1], &channel_id, funding_tx, true);
+}
+
+#[test]
+fn during_funding_monitor_fail() {
+       do_during_funding_monitor_fail(false, false, true, true, true);
+       do_during_funding_monitor_fail(true, false, true, false, false);
+       do_during_funding_monitor_fail(true, true, true, true, false);
+       do_during_funding_monitor_fail(true, true, false, false, false);
+}
diff --git a/src/ln/channel.rs b/src/ln/channel.rs
index 07fb3474a5321419db09ca222fd1f10dea6d23df..9dfa4c459714e600f7a9387f7acc91c28b36b70c 100644 (file)
--- a/src/ln/channel.rs
+++ b/src/ln/channel.rs
@@ -2,22 +2,23 @@ use bitcoin::blockdata::block::BlockHeader;
 use bitcoin::blockdata::script::{Script,Builder};
 use bitcoin::blockdata::transaction::{TxIn, TxOut, Transaction, SigHashType};
 use bitcoin::blockdata::opcodes;
-use bitcoin::util::hash::{BitcoinHash, Sha256dHash};
+use bitcoin::util::hash::BitcoinHash;
 use bitcoin::util::bip143;
 use bitcoin::consensus::encode::{self, Encodable, Decodable};
 
 use bitcoin_hashes::{Hash, HashEngine};
 use bitcoin_hashes::sha256::Hash as Sha256;
 use bitcoin_hashes::hash160::Hash as Hash160;
+use bitcoin_hashes::sha256d::Hash as Sha256dHash;
 
 use secp256k1::key::{PublicKey,SecretKey};
 use secp256k1::{Secp256k1,Signature};
 use secp256k1;
 
 use ln::msgs;
-use ln::msgs::{DecodeError, OptionalField};
+use ln::msgs::{DecodeError, OptionalField, LocalFeatures};
 use ln::channelmonitor::ChannelMonitor;
-use ln::channelmanager::{PendingHTLCStatus, HTLCSource, HTLCFailReason, HTLCFailureMsg, PendingForwardHTLCInfo, RAACommitmentOrder, PaymentPreimage, PaymentHash};
+use ln::channelmanager::{PendingHTLCStatus, HTLCSource, HTLCFailReason, HTLCFailureMsg, PendingForwardHTLCInfo, RAACommitmentOrder, PaymentPreimage, PaymentHash, BREAKDOWN_TIMEOUT, MAX_LOCAL_BREAKDOWN_TIMEOUT};
 use ln::chan_utils::{TxCreationKeys,HTLCOutputInCommitment,HTLC_SUCCESS_TX_WEIGHT,HTLC_TIMEOUT_TX_WEIGHT};
 use ln::chan_utils;
 use chain::chaininterface::{FeeEstimator,ConfirmationTarget};
@@ -32,7 +33,6 @@ use util::config::{UserConfig,ChannelConfig};
 use std;
 use std::default::Default;
 use std::{cmp,mem};
-use std::time::Instant;
 use std::sync::{Arc};
 
 #[cfg(test)]
@@ -106,19 +106,19 @@ enum OutboundHTLCState {
        Committed,
        /// Remote removed this (outbound) HTLC. We're waiting on their commitment_signed to finalize
        /// the change (though they'll need to revoke before we fail the payment).
-       RemoteRemoved,
+       RemoteRemoved(Option<HTLCFailReason>),
        /// Remote removed this and sent a commitment_signed (implying we've revoke_and_ack'ed it), but
        /// the remote side hasn't yet revoked their previous state, which we need them to do before we
        /// can do any backwards failing. Implies AwaitingRemoteRevoke.
        /// We also have not yet removed this HTLC in a commitment_signed message, and are waiting on a
        /// remote revoke_and_ack on a previous state before we can do so.
-       AwaitingRemoteRevokeToRemove,
+       AwaitingRemoteRevokeToRemove(Option<HTLCFailReason>),
        /// Remote removed this and sent a commitment_signed (implying we've revoke_and_ack'ed it), but
        /// the remote side hasn't yet revoked their previous state, which we need them to do before we
        /// can do any backwards failing. Implies AwaitingRemoteRevoke.
        /// We have removed this HTLC in our latest commitment_signed and are now just waiting on a
        /// revoke_and_ack to drop completely.
-       AwaitingRemovedRemoteRevoke,
+       AwaitingRemovedRemoteRevoke(Option<HTLCFailReason>),
 }
 
 struct OutboundHTLCOutput {
@@ -128,20 +128,17 @@ struct OutboundHTLCOutput {
        payment_hash: PaymentHash,
        state: OutboundHTLCState,
        source: HTLCSource,
-       /// If we're in a removed state, set if they failed, otherwise None
-       fail_reason: Option<HTLCFailReason>,
 }
 
 /// See AwaitingRemoteRevoke ChannelState for more info
 enum HTLCUpdateAwaitingACK {
-       AddHTLC {
+       AddHTLC { // TODO: Time out if we're getting close to cltv_expiry
                // always outbound
                amount_msat: u64,
                cltv_expiry: u32,
                payment_hash: PaymentHash,
                source: HTLCSource,
                onion_routing_packet: msgs::OnionPacket,
-               time_created: Instant, //TODO: Some kind of timeout thing-a-majig
        },
        ClaimHTLC {
                payment_preimage: PaymentPreimage,
@@ -184,9 +181,9 @@ enum ChannelState {
        /// "disconnected" and no updates are allowed until after we've done a channel_reestablish
        /// dance.
        PeerDisconnected = (1 << 7),
-       /// Flag which is set on ChannelFunded and FundingSent indicating the user has told us they
-       /// failed to update our ChannelMonitor somewhere and we should pause sending any outbound
-       /// messages until they've managed to do so.
+       /// Flag which is set on ChannelFunded, FundingCreated, and FundingSent indicating the user has
+       /// told us they failed to update our ChannelMonitor somewhere and we should pause sending any
+       /// outbound messages until they've managed to do so.
        MonitorUpdateFailed = (1 << 8),
        /// Flag which implies that we have sent a commitment_signed but are awaiting the responding
        /// revoke_and_ack message. During this time period, we can't generate new commitment_signed
@@ -238,19 +235,22 @@ pub(super) struct Channel {
        cur_local_commitment_transaction_number: u64,
        cur_remote_commitment_transaction_number: u64,
        value_to_self_msat: u64, // Excluding all pending_htlcs, excluding fees
-       /// Upon receipt of a channel_reestablish we have to figure out whether to send a
-       /// revoke_and_ack first or a commitment update first. Generally, we prefer to send
-       /// revoke_and_ack first, but if we had a pending commitment update of our own waiting on a
-       /// remote revoke when we received the latest commitment update from the remote we have to make
-       /// sure that commitment update gets resent first.
-       received_commitment_while_awaiting_raa: bool,
        pending_inbound_htlcs: Vec<InboundHTLCOutput>,
        pending_outbound_htlcs: Vec<OutboundHTLCOutput>,
        holding_cell_htlc_updates: Vec<HTLCUpdateAwaitingACK>,
 
+       /// When resending CS/RAA messages on channel monitor restoration or on reconnect, we always
+       /// need to ensure we resend them in the order we originally generated them. Note that because
+       /// there can only ever be one in-flight CS and/or one in-flight RAA at any time, it is
+       /// sufficient to simply set this to the opposite of any message we are generating as we
+       /// generate it. ie when we generate a CS, we set this to RAAFirst as, if there is a pending
+       /// in-flight RAA to resend, it will have been the first thing we generated, and thus we should
+       /// send it first.
+       resend_order: RAACommitmentOrder,
+
+       monitor_pending_funding_locked: bool,
        monitor_pending_revoke_and_ack: bool,
        monitor_pending_commitment_signed: bool,
-       monitor_pending_order: Option<RAACommitmentOrder>,
        monitor_pending_forwards: Vec<(PendingForwardHTLCInfo, u64)>,
        monitor_pending_failures: Vec<(HTLCSource, PaymentHash, HTLCFailReason)>,
 
@@ -318,7 +318,7 @@ pub(super) struct Channel {
        their_htlc_minimum_msat: u64,
        our_htlc_minimum_msat: u64,
        their_to_self_delay: u16,
-       //implied by BREAKDOWN_TIMEOUT: our_to_self_delay: u16,
+       our_to_self_delay: u16,
        #[cfg(test)]
        pub their_max_accepted_htlcs: u16,
        #[cfg(not(test))]
@@ -348,14 +348,6 @@ pub const OUR_MAX_HTLCS: u16 = 50; //TODO
 /// on ice until the funding transaction gets more confirmations, but the LN protocol doesn't
 /// really allow for this, so instead we're stuck closing it out at that point.
 const UNCONF_THRESHOLD: u32 = 6;
-/// The amount of time we require our counterparty wait to claim their money (ie time between when
-/// we, or our watchtower, must check for them having broadcast a theft transaction).
-#[cfg(not(test))]
-const BREAKDOWN_TIMEOUT: u16 = 6 * 24 * 7; //TODO?
-#[cfg(test)]
-pub const BREAKDOWN_TIMEOUT: u16 = 6 * 24 * 7; //TODO?
-/// The amount of time we're willing to wait to claim money back to us
-const MAX_LOCAL_BREAKDOWN_TIMEOUT: u16 = 6 * 24 * 14;
 /// Exposing these two constants for use in test in ChannelMonitor
 pub const COMMITMENT_TX_BASE_WEIGHT: u64 = 724;
 pub const COMMITMENT_TX_WEIGHT_PER_HTLC: u64 = 172;
@@ -411,13 +403,6 @@ impl Channel {
                1000 // TODO
        }
 
-       fn derive_minimum_depth(_channel_value_satoshis_msat: u64, _value_to_self_msat: u64) -> u32 {
-               // Note that in order to comply with BOLT 7 announcement_signatures requirements this must
-               // be at least 6.
-               const CONF_TARGET: u32 = 12; //TODO: Should be much higher
-               CONF_TARGET
-       }
-
        // Constructors:
        pub fn new_outbound(fee_estimator: &FeeEstimator, keys_provider: &Arc<KeysInterface>, their_node_id: PublicKey, channel_value_satoshis: u64, push_msat: u64, user_id: u64, logger: Arc<Logger>, config: &UserConfig) -> Result<Channel, APIError> {
                let chan_keys = keys_provider.get_channel_keys(false);
@@ -429,6 +414,9 @@ impl Channel {
                if push_msat > channel_value_satoshis * 1000 {
                        return Err(APIError::APIMisuseError{err: "push value > channel value"});
                }
+               if config.own_channel_config.our_to_self_delay < BREAKDOWN_TIMEOUT {
+                       return Err(APIError::APIMisuseError{err: "Configured with an unreasonable our_to_self_delay putting user funds at risks"});
+               }
 
 
                let background_feerate = fee_estimator.get_est_sat_per_1000_weight(ConfirmationTarget::Background);
@@ -440,7 +428,7 @@ impl Channel {
 
                let secp_ctx = Secp256k1::new();
                let channel_monitor = ChannelMonitor::new(&chan_keys.revocation_base_key, &chan_keys.delayed_payment_base_key,
-                                                         &chan_keys.htlc_base_key, &chan_keys.payment_base_key, &keys_provider.get_shutdown_pubkey(), BREAKDOWN_TIMEOUT,
+                                                         &chan_keys.htlc_base_key, &chan_keys.payment_base_key, &keys_provider.get_shutdown_pubkey(), config.own_channel_config.our_to_self_delay,
                                                          keys_provider.get_destination_script(), logger.clone());
 
                Ok(Channel {
@@ -458,7 +446,6 @@ impl Channel {
                        cur_local_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
                        cur_remote_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
                        value_to_self_msat: channel_value_satoshis * 1000 - push_msat,
-                       received_commitment_while_awaiting_raa: false,
 
                        pending_inbound_htlcs: Vec::new(),
                        pending_outbound_htlcs: Vec::new(),
@@ -469,9 +456,11 @@ impl Channel {
                        next_remote_htlc_id: 0,
                        channel_update_count: 1,
 
+                       resend_order: RAACommitmentOrder::CommitmentFirst,
+
+                       monitor_pending_funding_locked: false,
                        monitor_pending_revoke_and_ack: false,
                        monitor_pending_commitment_signed: false,
-                       monitor_pending_order: None,
                        monitor_pending_forwards: Vec::new(),
                        monitor_pending_failures: Vec::new(),
 
@@ -497,6 +486,7 @@ impl Channel {
                        their_htlc_minimum_msat: 0,
                        our_htlc_minimum_msat: Channel::derive_our_htlc_minimum_msat(feerate),
                        their_to_self_delay: 0,
+                       our_to_self_delay: config.own_channel_config.our_to_self_delay,
                        their_max_accepted_htlcs: 0,
                        minimum_depth: 0, // Filled in in accept_channel
 
@@ -530,10 +520,14 @@ impl Channel {
 
        /// Creates a new channel from a remote sides' request for one.
        /// Assumes chain_hash has already been checked and corresponds with what we expect!
-       pub fn new_from_req(fee_estimator: &FeeEstimator, keys_provider: &Arc<KeysInterface>, their_node_id: PublicKey, msg: &msgs::OpenChannel, user_id: u64, logger: Arc<Logger>, config: &UserConfig) -> Result<Channel, ChannelError> {
+       pub fn new_from_req(fee_estimator: &FeeEstimator, keys_provider: &Arc<KeysInterface>, their_node_id: PublicKey, their_local_features: LocalFeatures, msg: &msgs::OpenChannel, user_id: u64, logger: Arc<Logger>, config: &UserConfig) -> Result<Channel, ChannelError> {
                let chan_keys = keys_provider.get_channel_keys(true);
                let mut local_config = (*config).channel_options.clone();
 
+               if config.own_channel_config.our_to_self_delay < BREAKDOWN_TIMEOUT {
+                       return Err(ChannelError::Close("Configured with an unreasonable our_to_self_delay putting user funds at risks"));
+               }
+
                // Check sanity of message fields:
                if msg.funding_satoshis >= MAX_FUNDING_SATOSHIS {
                        return Err(ChannelError::Close("funding value > 2^24"));
@@ -555,7 +549,7 @@ impl Channel {
                }
                Channel::check_remote_fee(fee_estimator, msg.feerate_per_kw)?;
 
-               if msg.to_self_delay > MAX_LOCAL_BREAKDOWN_TIMEOUT {
+               if msg.to_self_delay > config.peer_channel_config_limits.their_to_self_delay || msg.to_self_delay > MAX_LOCAL_BREAKDOWN_TIMEOUT {
                        return Err(ChannelError::Close("They wanted our payments to be delayed by a needlessly long period"));
                }
                if msg.max_accepted_htlcs < 1 {
@@ -566,32 +560,32 @@ impl Channel {
                }
 
                // Now check against optional parameters as set by config...
-               if msg.funding_satoshis < config.channel_limits.min_funding_satoshis {
+               if msg.funding_satoshis < config.peer_channel_config_limits.min_funding_satoshis {
                        return Err(ChannelError::Close("funding satoshis is less than the user specified limit"));
                }
-               if msg.htlc_minimum_msat > config.channel_limits.max_htlc_minimum_msat {
+               if msg.htlc_minimum_msat > config.peer_channel_config_limits.max_htlc_minimum_msat {
                        return Err(ChannelError::Close("htlc minimum msat is higher than the user specified limit"));
                }
-               if msg.max_htlc_value_in_flight_msat < config.channel_limits.min_max_htlc_value_in_flight_msat {
+               if msg.max_htlc_value_in_flight_msat < config.peer_channel_config_limits.min_max_htlc_value_in_flight_msat {
                        return Err(ChannelError::Close("max htlc value in flight msat is less than the user specified limit"));
                }
-               if msg.channel_reserve_satoshis > config.channel_limits.max_channel_reserve_satoshis {
+               if msg.channel_reserve_satoshis > config.peer_channel_config_limits.max_channel_reserve_satoshis {
                        return Err(ChannelError::Close("channel reserve satoshis is higher than the user specified limit"));
                }
-               if msg.max_accepted_htlcs < config.channel_limits.min_max_accepted_htlcs {
+               if msg.max_accepted_htlcs < config.peer_channel_config_limits.min_max_accepted_htlcs {
                        return Err(ChannelError::Close("max accepted htlcs is less than the user specified limit"));
                }
-               if msg.dust_limit_satoshis < config.channel_limits.min_dust_limit_satoshis {
+               if msg.dust_limit_satoshis < config.peer_channel_config_limits.min_dust_limit_satoshis {
                        return Err(ChannelError::Close("dust limit satoshis is less than the user specified limit"));
                }
-               if msg.dust_limit_satoshis > config.channel_limits.max_dust_limit_satoshis {
+               if msg.dust_limit_satoshis > config.peer_channel_config_limits.max_dust_limit_satoshis {
                        return Err(ChannelError::Close("dust limit satoshis is greater than the user specified limit"));
                }
 
                // Convert things into internal flags and prep our state:
 
                let their_announce = if (msg.channel_flags & 1) == 1 { true } else { false };
-               if config.channel_limits.force_announced_channel_preference {
+               if config.peer_channel_config_limits.force_announced_channel_preference {
                        if local_config.announced_channel != their_announce {
                                return Err(ChannelError::Close("Peer tried to open channel but their announcement preference is different from ours"));
                        }
@@ -628,11 +622,32 @@ impl Channel {
 
                let secp_ctx = Secp256k1::new();
                let mut channel_monitor = ChannelMonitor::new(&chan_keys.revocation_base_key, &chan_keys.delayed_payment_base_key,
-                                                             &chan_keys.htlc_base_key, &chan_keys.payment_base_key, &keys_provider.get_shutdown_pubkey(), BREAKDOWN_TIMEOUT,
+                                                             &chan_keys.htlc_base_key, &chan_keys.payment_base_key, &keys_provider.get_shutdown_pubkey(), config.own_channel_config.our_to_self_delay,
                                                              keys_provider.get_destination_script(), logger.clone());
                channel_monitor.set_their_base_keys(&msg.htlc_basepoint, &msg.delayed_payment_basepoint);
                channel_monitor.set_their_to_self_delay(msg.to_self_delay);
 
+               let their_shutdown_scriptpubkey = if their_local_features.supports_upfront_shutdown_script() {
+                       match &msg.shutdown_scriptpubkey {
+                               &OptionalField::Present(ref script) => {
+                                       // Peer is signaling upfront_shutdown and has provided a non-accepted scriptpubkey format. We enforce it while receiving shutdown msg
+                                       if script.is_p2pkh() || script.is_p2sh() || script.is_v0_p2wsh() || script.is_v0_p2wpkh() {
+                                               Some(script.clone())
+                                       // Peer is signaling upfront_shutdown and has opt-out with a 0-length script. We don't enforce anything
+                                       } else if script.len() == 0 {
+                                               None
+                                       // Peer is signaling upfront_shutdown and has provided a non-accepted scriptpubkey format. Fail the channel
+                                       } else {
+                                               return Err(ChannelError::Close("Peer is signaling upfront_shutdown but has provided a non-accepted scriptpubkey format"));
+                                       }
+                               },
+                               // Peer is signaling upfront shutdown but don't opt-out with correct mechanism (a.k.a 0-length script). Peer looks buggy, we fail the channel
+                               &OptionalField::Absent => {
+                                       return Err(ChannelError::Close("Peer is signaling upfront_shutdown but we don't get any script. Use 0-length script to opt-out"));
+                               }
+                       }
+               } else { None };
+
                let mut chan = Channel {
                        user_id: user_id,
                        config: local_config,
@@ -647,7 +662,6 @@ impl Channel {
                        cur_local_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
                        cur_remote_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
                        value_to_self_msat: msg.push_msat,
-                       received_commitment_while_awaiting_raa: false,
 
                        pending_inbound_htlcs: Vec::new(),
                        pending_outbound_htlcs: Vec::new(),
@@ -658,9 +672,11 @@ impl Channel {
                        next_remote_htlc_id: 0,
                        channel_update_count: 1,
 
+                       resend_order: RAACommitmentOrder::CommitmentFirst,
+
+                       monitor_pending_funding_locked: false,
                        monitor_pending_revoke_and_ack: false,
                        monitor_pending_commitment_signed: false,
-                       monitor_pending_order: None,
                        monitor_pending_forwards: Vec::new(),
                        monitor_pending_failures: Vec::new(),
 
@@ -687,8 +703,9 @@ impl Channel {
                        their_htlc_minimum_msat: msg.htlc_minimum_msat,
                        our_htlc_minimum_msat: Channel::derive_our_htlc_minimum_msat(msg.feerate_per_kw as u64),
                        their_to_self_delay: msg.to_self_delay,
+                       our_to_self_delay: config.own_channel_config.our_to_self_delay,
                        their_max_accepted_htlcs: msg.max_accepted_htlcs,
-                       minimum_depth: Channel::derive_minimum_depth(msg.funding_satoshis*1000, msg.push_msat),
+                       minimum_depth: config.own_channel_config.minimum_depth,
 
                        their_funding_pubkey: Some(msg.funding_pubkey),
                        their_revocation_basepoint: Some(msg.revocation_basepoint),
@@ -700,7 +717,7 @@ impl Channel {
                        their_prev_commitment_point: None,
                        their_node_id: their_node_id,
 
-                       their_shutdown_scriptpubkey: None,
+                       their_shutdown_scriptpubkey,
 
                        channel_monitor: channel_monitor,
 
@@ -858,9 +875,9 @@ impl Channel {
                        let (include, state_name) = match htlc.state {
                                OutboundHTLCState::LocalAnnounced(_) => (generated_by_local, "LocalAnnounced"),
                                OutboundHTLCState::Committed => (true, "Committed"),
-                               OutboundHTLCState::RemoteRemoved => (generated_by_local, "RemoteRemoved"),
-                               OutboundHTLCState::AwaitingRemoteRevokeToRemove => (generated_by_local, "AwaitingRemoteRevokeToRemove"),
-                               OutboundHTLCState::AwaitingRemovedRemoteRevoke => (false, "AwaitingRemovedRemoteRevoke"),
+                               OutboundHTLCState::RemoteRemoved(_) => (generated_by_local, "RemoteRemoved"),
+                               OutboundHTLCState::AwaitingRemoteRevokeToRemove(_) => (generated_by_local, "AwaitingRemoteRevokeToRemove"),
+                               OutboundHTLCState::AwaitingRemovedRemoteRevoke(_) => (false, "AwaitingRemovedRemoteRevoke"),
                        };
 
                        if include {
@@ -869,13 +886,11 @@ impl Channel {
                        } else {
                                log_trace!(self, "   ...not including outbound HTLC {} (hash {}) with value {} due to state ({})", htlc.htlc_id, log_bytes!(htlc.payment_hash.0), htlc.amount_msat, state_name);
                                match htlc.state {
-                                       OutboundHTLCState::AwaitingRemoteRevokeToRemove|OutboundHTLCState::AwaitingRemovedRemoteRevoke => {
-                                               if htlc.fail_reason.is_none() {
-                                                       value_to_self_msat_offset -= htlc.amount_msat as i64;
-                                               }
+                                       OutboundHTLCState::AwaitingRemoteRevokeToRemove(None)|OutboundHTLCState::AwaitingRemovedRemoteRevoke(None) => {
+                                               value_to_self_msat_offset -= htlc.amount_msat as i64;
                                        },
-                                       OutboundHTLCState::RemoteRemoved => {
-                                               if !generated_by_local && htlc.fail_reason.is_none() {
+                                       OutboundHTLCState::RemoteRemoved(None) => {
+                                               if !generated_by_local {
                                                        value_to_self_msat_offset -= htlc.amount_msat as i64;
                                                }
                                        },
@@ -884,16 +899,19 @@ impl Channel {
                        }
                }
 
-
                let value_to_self_msat: i64 = (self.value_to_self_msat - local_htlc_total_msat) as i64 + value_to_self_msat_offset;
-               let value_to_remote_msat: i64 = (self.channel_value_satoshis * 1000 - self.value_to_self_msat - remote_htlc_total_msat) as i64 - value_to_self_msat_offset;
+               assert!(value_to_self_msat >= 0);
+               // Note that in case they have several just-awaiting-last-RAA fulfills in-progress (ie
+               // AwaitingRemoteRevokeToRemove or AwaitingRemovedRemoteRevoke) we may have allowed them to
+               // "violate" their reserve value by couting those against it. Thus, we have to convert
+               // everything to i64 before subtracting as otherwise we can overflow.
+               let value_to_remote_msat: i64 = (self.channel_value_satoshis * 1000) as i64 - (self.value_to_self_msat as i64) - (remote_htlc_total_msat as i64) - value_to_self_msat_offset;
+               assert!(value_to_remote_msat >= 0);
 
                #[cfg(debug_assertions)]
                {
                        // Make sure that the to_self/to_remote is always either past the appropriate
                        // channel_reserve *or* it is making progress towards it.
-                       // TODO: This should happen after fee calculation, but we don't handle that correctly
-                       // yet!
                        let mut max_commitment_tx_output = if generated_by_local {
                                self.max_commitment_tx_output_local.lock().unwrap()
                        } else {
@@ -916,15 +934,17 @@ impl Channel {
                let value_to_b = if local { value_to_remote } else { value_to_self };
 
                if value_to_a >= (dust_limit_satoshis as i64) {
+                       log_trace!(self, "   ...including {} output with value {}", if local { "to_local" } else { "to_remote" }, value_to_a);
                        txouts.push((TxOut {
                                script_pubkey: chan_utils::get_revokeable_redeemscript(&keys.revocation_key,
-                                                                                      if local { self.their_to_self_delay } else { BREAKDOWN_TIMEOUT },
+                                                                                      if local { self.their_to_self_delay } else { self.our_to_self_delay },
                                                                                       &keys.a_delayed_payment_key).to_v0_p2wsh(),
                                value: value_to_a as u64
                        }, None));
                }
 
                if value_to_b >= (dust_limit_satoshis as i64) {
+                       log_trace!(self, "   ...including {} output with value {}", if local { "to_remote" } else { "to_local" }, value_to_b);
                        txouts.push((TxOut {
                                script_pubkey: Builder::new().push_opcode(opcodes::all::OP_PUSHBYTES_0)
                                                             .push_slice(&Hash160::hash(&keys.b_payment_key.serialize())[..])
@@ -933,7 +953,19 @@ impl Channel {
                        }, None));
                }
 
-               transaction_utils::sort_outputs(&mut txouts);
+               transaction_utils::sort_outputs(&mut txouts, |a, b| {
+                       if let &Some(ref a_htlc) = a {
+                               if let &Some(ref b_htlc) = b {
+                                       a_htlc.0.cltv_expiry.cmp(&b_htlc.0.cltv_expiry)
+                                               // Note that due to hash collisions, we have to have a fallback comparison
+                                               // here for fuzztarget mode (otherwise at least chanmon_fail_consistency
+                                               // may fail)!
+                                               .then(a_htlc.0.payment_hash.0.cmp(&b_htlc.0.payment_hash.0))
+                               // For non-HTLC outputs, if they're copying our SPK we don't really care if we
+                               // close the channel due to mismatches - they're doing something dumb:
+                               } else { cmp::Ordering::Equal }
+                       } else { cmp::Ordering::Equal }
+               });
 
                let mut outputs: Vec<TxOut> = Vec::with_capacity(txouts.len());
                let mut htlcs_included: Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)> = Vec::with_capacity(txouts.len() + included_dust_htlcs.len());
@@ -1009,7 +1041,7 @@ impl Channel {
                        }, ()));
                }
 
-               transaction_utils::sort_outputs(&mut txouts);
+               transaction_utils::sort_outputs(&mut txouts, |_, _| { cmp::Ordering::Equal }); // Ordering doesnt matter if they used our pubkey...
 
                let mut outputs: Vec<TxOut> = Vec::new();
                for out in txouts.drain(..) {
@@ -1104,7 +1136,7 @@ impl Channel {
        /// @local is used only to convert relevant internal structures which refer to remote vs local
        /// to decide value of outputs and direction of HTLCs.
        fn build_htlc_transaction(&self, prev_hash: &Sha256dHash, htlc: &HTLCOutputInCommitment, local: bool, keys: &TxCreationKeys, feerate_per_kw: u64) -> Transaction {
-               chan_utils::build_htlc_transaction(prev_hash, feerate_per_kw, if local { self.their_to_self_delay } else { BREAKDOWN_TIMEOUT }, htlc, &keys.a_delayed_payment_key, &keys.revocation_key)
+               chan_utils::build_htlc_transaction(prev_hash, feerate_per_kw, if local { self.their_to_self_delay } else { self.our_to_self_delay }, htlc, &keys.a_delayed_payment_key, &keys.revocation_key)
        }
 
        fn create_htlc_tx_signature(&self, tx: &Transaction, htlc: &HTLCOutputInCommitment, keys: &TxCreationKeys) -> Result<(Script, Signature, bool), ChannelError> {
@@ -1332,7 +1364,7 @@ impl Channel {
 
        // Message handlers:
 
-       pub fn accept_channel(&mut self, msg: &msgs::AcceptChannel, config: &UserConfig) -> Result<(), ChannelError> {
+       pub fn accept_channel(&mut self, msg: &msgs::AcceptChannel, config: &UserConfig, their_local_features: LocalFeatures) -> Result<(), ChannelError> {
                // Check sanity of message fields:
                if !self.channel_outbound {
                        return Err(ChannelError::Close("Got an accept_channel message from an inbound peer"));
@@ -1358,7 +1390,7 @@ impl Channel {
                if msg.htlc_minimum_msat >= (self.channel_value_satoshis - msg.channel_reserve_satoshis) * 1000 {
                        return Err(ChannelError::Close("Minimum htlc value is full channel value"));
                }
-               if msg.to_self_delay > MAX_LOCAL_BREAKDOWN_TIMEOUT {
+               if msg.to_self_delay > config.peer_channel_config_limits.their_to_self_delay || msg.to_self_delay > MAX_LOCAL_BREAKDOWN_TIMEOUT {
                        return Err(ChannelError::Close("They wanted our payments to be delayed by a needlessly long period"));
                }
                if msg.max_accepted_htlcs < 1 {
@@ -1369,28 +1401,49 @@ impl Channel {
                }
 
                // Now check against optional parameters as set by config...
-               if msg.htlc_minimum_msat > config.channel_limits.max_htlc_minimum_msat {
+               if msg.htlc_minimum_msat > config.peer_channel_config_limits.max_htlc_minimum_msat {
                        return Err(ChannelError::Close("htlc minimum msat is higher than the user specified limit"));
                }
-               if msg.max_htlc_value_in_flight_msat < config.channel_limits.min_max_htlc_value_in_flight_msat {
+               if msg.max_htlc_value_in_flight_msat < config.peer_channel_config_limits.min_max_htlc_value_in_flight_msat {
                        return Err(ChannelError::Close("max htlc value in flight msat is less than the user specified limit"));
                }
-               if msg.channel_reserve_satoshis > config.channel_limits.max_channel_reserve_satoshis {
+               if msg.channel_reserve_satoshis > config.peer_channel_config_limits.max_channel_reserve_satoshis {
                        return Err(ChannelError::Close("channel reserve satoshis is higher than the user specified limit"));
                }
-               if msg.max_accepted_htlcs < config.channel_limits.min_max_accepted_htlcs {
+               if msg.max_accepted_htlcs < config.peer_channel_config_limits.min_max_accepted_htlcs {
                        return Err(ChannelError::Close("max accepted htlcs is less than the user specified limit"));
                }
-               if msg.dust_limit_satoshis < config.channel_limits.min_dust_limit_satoshis {
+               if msg.dust_limit_satoshis < config.peer_channel_config_limits.min_dust_limit_satoshis {
                        return Err(ChannelError::Close("dust limit satoshis is less than the user specified limit"));
                }
-               if msg.dust_limit_satoshis > config.channel_limits.max_dust_limit_satoshis {
+               if msg.dust_limit_satoshis > config.peer_channel_config_limits.max_dust_limit_satoshis {
                        return Err(ChannelError::Close("dust limit satoshis is greater than the user specified limit"));
                }
-               if msg.minimum_depth > config.channel_limits.max_minimum_depth {
+               if msg.minimum_depth > config.peer_channel_config_limits.max_minimum_depth {
                        return Err(ChannelError::Close("We consider the minimum depth to be unreasonably large"));
                }
 
+               let their_shutdown_scriptpubkey = if their_local_features.supports_upfront_shutdown_script() {
+                       match &msg.shutdown_scriptpubkey {
+                               &OptionalField::Present(ref script) => {
+                                       // Peer is signaling upfront_shutdown and has provided a non-accepted scriptpubkey format. We enforce it while receiving shutdown msg
+                                       if script.is_p2pkh() || script.is_p2sh() || script.is_v0_p2wsh() || script.is_v0_p2wpkh() {
+                                               Some(script.clone())
+                                       // Peer is signaling upfront_shutdown and has opt-out with a 0-length script. We don't enforce anything
+                                       } else if script.len() == 0 {
+                                               None
+                                       // Peer is signaling upfront_shutdown and has provided a non-accepted scriptpubkey format. Fail the channel
+                                       } else {
+                                               return Err(ChannelError::Close("Peer is signaling upfront_shutdown but has provided a non-accepted scriptpubkey format"));
+                                       }
+                               },
+                               // Peer is signaling upfront shutdown but don't opt-out with correct mechanism (a.k.a 0-length script). Peer looks buggy, we fail the channel
+                               &OptionalField::Absent => {
+                                       return Err(ChannelError::Close("Peer is signaling upfront_shutdown but we don't get any script. Use 0-length script to opt-out"));
+                               }
+                       }
+               } else { None };
+
                self.channel_monitor.set_their_base_keys(&msg.htlc_basepoint, &msg.delayed_payment_basepoint);
 
                self.their_dust_limit_satoshis = msg.dust_limit_satoshis;
@@ -1406,6 +1459,7 @@ impl Channel {
                self.their_delayed_payment_basepoint = Some(msg.delayed_payment_basepoint);
                self.their_htlc_basepoint = Some(msg.htlc_basepoint);
                self.their_cur_commitment_point = Some(msg.first_per_commitment_point);
+               self.their_shutdown_scriptpubkey = their_shutdown_scriptpubkey;
 
                let obscure_factor = self.get_commitment_transaction_number_obscure_factor();
                self.channel_monitor.set_commitment_obscure_factor(obscure_factor);
@@ -1487,7 +1541,7 @@ impl Channel {
                if !self.channel_outbound {
                        return Err(ChannelError::Close("Received funding_signed for an inbound channel?"));
                }
-               if self.channel_state != ChannelState::FundingCreated as u32 {
+               if self.channel_state & !(ChannelState::MonitorUpdateFailed as u32) != ChannelState::FundingCreated as u32 {
                        return Err(ChannelError::Close("Received funding_signed in strange state!"));
                }
                if self.channel_monitor.get_min_seen_secret() != (1 << 48) ||
@@ -1508,10 +1562,14 @@ impl Channel {
                self.sign_commitment_transaction(&mut local_initial_commitment_tx, &msg.signature);
                self.channel_monitor.provide_latest_local_commitment_tx_info(local_initial_commitment_tx.clone(), local_keys, self.feerate_per_kw, Vec::new());
                self.last_local_commitment_txn = vec![local_initial_commitment_tx];
-               self.channel_state = ChannelState::FundingSent as u32;
+               self.channel_state = ChannelState::FundingSent as u32 | (self.channel_state & (ChannelState::MonitorUpdateFailed as u32));
                self.cur_local_commitment_transaction_number -= 1;
 
-               Ok(self.channel_monitor.clone())
+               if self.channel_state & (ChannelState::MonitorUpdateFailed as u32) == 0 {
+                       Ok(self.channel_monitor.clone())
+               } else {
+                       Err(ChannelError::Ignore("Previous monitor update failure prevented funding_signed from allowing funding broadcast"))
+               }
        }
 
        pub fn funding_locked(&mut self, msg: &msgs::FundingLocked) -> Result<(), ChannelError> {
@@ -1526,10 +1584,13 @@ impl Channel {
                } else if non_shutdown_state == (ChannelState::FundingSent as u32 | ChannelState::OurFundingLocked as u32) {
                        self.channel_state = ChannelState::ChannelFunded as u32 | (self.channel_state & MULTI_STATE_FLAGS);
                        self.channel_update_count += 1;
-               } else if self.channel_state & (ChannelState::ChannelFunded as u32) != 0 &&
-                               // Note that funding_signed/funding_created will have decremented both by 1!
-                               self.cur_local_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 1 &&
-                               self.cur_remote_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 1 {
+               } else if (self.channel_state & (ChannelState::ChannelFunded as u32) != 0 &&
+                                // Note that funding_signed/funding_created will have decremented both by 1!
+                                self.cur_local_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 1 &&
+                                self.cur_remote_commitment_transaction_number == INITIAL_COMMITMENT_NUMBER - 1) ||
+                               // If we reconnected before sending our funding locked they may still resend theirs:
+                               (self.channel_state & (ChannelState::FundingSent as u32 | ChannelState::TheirFundingLocked as u32) ==
+                                                     (ChannelState::FundingSent as u32 | ChannelState::TheirFundingLocked as u32)) {
                        if self.their_cur_commitment_point != Some(msg.next_per_commitment_point) {
                                return Err(ChannelError::Close("Peer sent a reconnect funding_locked with a different point"));
                        }
@@ -1572,6 +1633,16 @@ impl Channel {
                (htlc_outbound_count as u32, htlc_outbound_value_msat)
        }
 
+       /// Get the available (ie not including pending HTLCs) inbound and outbound balance in msat.
+       /// Doesn't bother handling the
+       /// if-we-removed-it-already-but-haven't-fully-resolved-they-can-still-send-an-inbound-HTLC
+       /// corner case properly.
+       pub fn get_inbound_outbound_available_balance_msat(&self) -> (u64, u64) {
+               // Note that we have to handle overflow due to the above case.
+               (cmp::min(self.channel_value_satoshis as i64 * 1000 - self.value_to_self_msat as i64 - self.get_inbound_pending_htlc_stats().1 as i64, 0) as u64,
+               cmp::min(self.value_to_self_msat as i64 - self.get_outbound_pending_htlc_stats().1 as i64, 0) as u64)
+       }
+
        pub fn update_add_htlc(&mut self, msg: &msgs::UpdateAddHTLC, pending_forward_state: PendingHTLCStatus) -> Result<(), ChannelError> {
                if (self.channel_state & (ChannelState::ChannelFunded as u32 | ChannelState::RemoteShutdownSent as u32)) != (ChannelState::ChannelFunded as u32) {
                        return Err(ChannelError::Close("Got add HTLC message when channel was not in an operational state"));
@@ -1597,7 +1668,24 @@ impl Channel {
                // Check our_channel_reserve_satoshis (we're getting paid, so they have to at least meet
                // the reserve_satoshis we told them to always have as direct payment so that they lose
                // something if we punish them for broadcasting an old state).
-               if htlc_inbound_value_msat + msg.amount_msat + self.value_to_self_msat > (self.channel_value_satoshis - Channel::get_our_channel_reserve_satoshis(self.channel_value_satoshis)) * 1000 {
+               // Note that we don't really care about having a small/no to_remote output in our local
+               // commitment transactions, as the purpose of the channel reserve is to ensure we can
+               // punish *them* if they misbehave, so we discount any outbound HTLCs which will not be
+               // present in the next commitment transaction we send them (at least for fulfilled ones,
+               // failed ones won't modify value_to_self).
+               // Note that we will send HTLCs which another instance of rust-lightning would think
+               // violate the reserve value if we do not do this (as we forget inbound HTLCs from the
+               // Channel state once they will not be present in the next received commitment
+               // transaction).
+               let mut removed_outbound_total_msat = 0;
+               for ref htlc in self.pending_outbound_htlcs.iter() {
+                       if let OutboundHTLCState::AwaitingRemoteRevokeToRemove(None) = htlc.state {
+                               removed_outbound_total_msat += htlc.amount_msat;
+                       } else if let OutboundHTLCState::AwaitingRemovedRemoteRevoke(None) = htlc.state {
+                               removed_outbound_total_msat += htlc.amount_msat;
+                       }
+               }
+               if htlc_inbound_value_msat + msg.amount_msat + self.value_to_self_msat > (self.channel_value_satoshis - Channel::get_our_channel_reserve_satoshis(self.channel_value_satoshis)) * 1000 + removed_outbound_total_msat {
                        return Err(ChannelError::Close("Remote HTLC add would put them over their reserve value"));
                }
                if self.next_remote_htlc_id != msg.htlc_id {
@@ -1643,10 +1731,9 @@ impl Channel {
                                        OutboundHTLCState::LocalAnnounced(_) =>
                                                return Err(ChannelError::Close("Remote tried to fulfill/fail HTLC before it had been committed")),
                                        OutboundHTLCState::Committed => {
-                                               htlc.state = OutboundHTLCState::RemoteRemoved;
-                                               htlc.fail_reason = fail_reason;
+                                               htlc.state = OutboundHTLCState::RemoteRemoved(fail_reason);
                                        },
-                                       OutboundHTLCState::AwaitingRemoteRevokeToRemove | OutboundHTLCState::AwaitingRemovedRemoteRevoke | OutboundHTLCState::RemoteRemoved =>
+                                       OutboundHTLCState::AwaitingRemoteRevokeToRemove(_) | OutboundHTLCState::AwaitingRemovedRemoteRevoke(_) | OutboundHTLCState::RemoteRemoved(_) =>
                                                return Err(ChannelError::Close("Remote tried to fulfill/fail HTLC that they'd already fulfilled/failed")),
                                }
                                return Ok(&htlc.source);
@@ -1781,12 +1868,6 @@ impl Channel {
                        }
                }
 
-               if self.channel_state & (ChannelState::MonitorUpdateFailed as u32) == 0 {
-                       // This is a response to our post-monitor-failed unfreeze messages, so we can clear the
-                       // monitor_pending_order requirement as we won't re-send the monitor_pending messages.
-                       self.monitor_pending_order = None;
-               }
-
                self.channel_monitor.provide_latest_local_commitment_tx_info(local_commitment_tx.0, local_keys, self.feerate_per_kw, htlcs_and_sigs);
 
                for htlc in self.pending_inbound_htlcs.iter_mut() {
@@ -1799,22 +1880,23 @@ impl Channel {
                        }
                }
                for htlc in self.pending_outbound_htlcs.iter_mut() {
-                       if let OutboundHTLCState::RemoteRemoved = htlc.state {
-                               htlc.state = OutboundHTLCState::AwaitingRemoteRevokeToRemove;
+                       if let Some(fail_reason) = if let &mut OutboundHTLCState::RemoteRemoved(ref mut fail_reason) = &mut htlc.state {
+                               Some(fail_reason.take())
+                       } else { None } {
+                               htlc.state = OutboundHTLCState::AwaitingRemoteRevokeToRemove(fail_reason);
                                need_our_commitment = true;
                        }
                }
 
                self.cur_local_commitment_transaction_number -= 1;
                self.last_local_commitment_txn = new_local_commitment_txn;
-               self.received_commitment_while_awaiting_raa = (self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32)) != 0;
+               // Note that if we need_our_commitment & !AwaitingRemoteRevoke we'll call
+               // send_commitment_no_status_check() next which will reset this to RAAFirst.
+               self.resend_order = RAACommitmentOrder::CommitmentFirst;
 
                if (self.channel_state & ChannelState::MonitorUpdateFailed as u32) != 0 {
                        // In case we initially failed monitor updating without requiring a response, we need
                        // to make sure the RAA gets sent first.
-                       if !self.monitor_pending_commitment_signed {
-                               self.monitor_pending_order = Some(RAACommitmentOrder::RevokeAndACKFirst);
-                       }
                        self.monitor_pending_revoke_and_ack = true;
                        if need_our_commitment && (self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32)) == 0 {
                                // If we were going to send a commitment_signed after the RAA, go ahead and do all
@@ -1853,6 +1935,8 @@ impl Channel {
        fn free_holding_cell_htlcs(&mut self) -> Result<Option<(msgs::CommitmentUpdate, ChannelMonitor)>, ChannelError> {
                assert_eq!(self.channel_state & ChannelState::MonitorUpdateFailed as u32, 0);
                if self.holding_cell_htlc_updates.len() != 0 || self.holding_cell_update_fee.is_some() {
+                       log_trace!(self, "Freeing holding cell with {} HTLC updates{}", self.holding_cell_htlc_updates.len(), if self.holding_cell_update_fee.is_some() { " and a fee update" } else { "" });
+
                        let mut htlc_updates = Vec::new();
                        mem::swap(&mut htlc_updates, &mut self.holding_cell_htlc_updates);
                        let mut update_add_htlcs = Vec::with_capacity(htlc_updates.len());
@@ -1986,12 +2070,6 @@ impl Channel {
                self.their_prev_commitment_point = self.their_cur_commitment_point;
                self.their_cur_commitment_point = Some(msg.next_per_commitment_point);
                self.cur_remote_commitment_transaction_number -= 1;
-               self.received_commitment_while_awaiting_raa = false;
-               if self.channel_state & (ChannelState::MonitorUpdateFailed as u32) == 0 {
-                       // This is a response to our post-monitor-failed unfreeze messages, so we can clear the
-                       // monitor_pending_order requirement as we won't re-send the monitor_pending messages.
-                       self.monitor_pending_order = None;
-               }
 
                log_trace!(self, "Updating HTLCs on receipt of RAA...");
                let mut to_forward_infos = Vec::new();
@@ -2018,9 +2096,9 @@ impl Channel {
                                } else { true }
                        });
                        pending_outbound_htlcs.retain(|htlc| {
-                               if let OutboundHTLCState::AwaitingRemovedRemoteRevoke = htlc.state {
+                               if let &OutboundHTLCState::AwaitingRemovedRemoteRevoke(ref fail_reason) = &htlc.state {
                                        log_trace!(logger, " ...removing outbound AwaitingRemovedRemoteRevoke {}", log_bytes!(htlc.payment_hash.0));
-                                       if let Some(reason) = htlc.fail_reason.clone() { // We really want take() here, but, again, non-mut ref :(
+                                       if let Some(reason) = fail_reason.clone() { // We really want take() here, but, again, non-mut ref :(
                                                revoked_htlcs.push((htlc.source.clone(), htlc.payment_hash, reason));
                                        } else {
                                                // They fulfilled, so we sent them money
@@ -2071,9 +2149,12 @@ impl Channel {
                                if let OutboundHTLCState::LocalAnnounced(_) = htlc.state {
                                        log_trace!(logger, " ...promoting outbound LocalAnnounced {} to Committed", log_bytes!(htlc.payment_hash.0));
                                        htlc.state = OutboundHTLCState::Committed;
-                               } else if let OutboundHTLCState::AwaitingRemoteRevokeToRemove = htlc.state {
+                               }
+                               if let Some(fail_reason) = if let &mut OutboundHTLCState::AwaitingRemoteRevokeToRemove(ref mut fail_reason) = &mut htlc.state {
+                                       Some(fail_reason.take())
+                               } else { None } {
                                        log_trace!(logger, " ...promoting outbound AwaitingRemoteRevokeToRemove {} to AwaitingRemovedRemoteRevoke", log_bytes!(htlc.payment_hash.0));
-                                       htlc.state = OutboundHTLCState::AwaitingRemovedRemoteRevoke;
+                                       htlc.state = OutboundHTLCState::AwaitingRemovedRemoteRevoke(fail_reason);
                                        require_commitment = true;
                                }
                        }
@@ -2106,7 +2187,7 @@ impl Channel {
                                // When the monitor updating is restored we'll call get_last_commitment_update(),
                                // which does not update state, but we're definitely now awaiting a remote revoke
                                // before we can step forward any more, so set it here.
-                               self.channel_state |= ChannelState::AwaitingRemoteRevoke as u32;
+                               self.send_commitment_no_status_check()?;
                        }
                        self.monitor_pending_forwards.append(&mut to_forward_infos);
                        self.monitor_pending_failures.append(&mut revoked_htlcs);
@@ -2229,7 +2310,7 @@ impl Channel {
                self.next_remote_htlc_id -= inbound_drop_count;
 
                for htlc in self.pending_outbound_htlcs.iter_mut() {
-                       if let OutboundHTLCState::RemoteRemoved = htlc.state {
+                       if let OutboundHTLCState::RemoteRemoved(_) = htlc.state {
                                // They sent us an update to remove this but haven't yet sent the corresponding
                                // commitment_signed, we need to move it back to Committed and they can re-send
                                // the update upon reconnection.
@@ -2254,15 +2335,13 @@ impl Channel {
        /// Indicates that a ChannelMonitor update failed to be stored by the client and further
        /// updates are partially paused.
        /// This must be called immediately after the call which generated the ChannelMonitor update
-       /// which failed, with the order argument set to the type of call it represented (ie a
-       /// commitment update or a revoke_and_ack generation). The messages which were generated from
-       /// that original call must *not* have been sent to the remote end, and must instead have been
-       /// dropped. They will be regenerated when monitor_updating_restored is called.
-       pub fn monitor_update_failed(&mut self, order: RAACommitmentOrder, resend_raa: bool, resend_commitment: bool, mut pending_forwards: Vec<(PendingForwardHTLCInfo, u64)>, mut pending_fails: Vec<(HTLCSource, PaymentHash, HTLCFailReason)>) {
+       /// which failed. The messages which were generated from that call which generated the
+       /// monitor update failure must *not* have been sent to the remote end, and must instead
+       /// have been dropped. They will be regenerated when monitor_updating_restored is called.
+       pub fn monitor_update_failed(&mut self, resend_raa: bool, resend_commitment: bool, mut pending_forwards: Vec<(PendingForwardHTLCInfo, u64)>, mut pending_fails: Vec<(HTLCSource, PaymentHash, HTLCFailReason)>) {
                assert_eq!(self.channel_state & ChannelState::MonitorUpdateFailed as u32, 0);
                self.monitor_pending_revoke_and_ack = resend_raa;
                self.monitor_pending_commitment_signed = resend_commitment;
-               self.monitor_pending_order = Some(order);
                assert!(self.monitor_pending_forwards.is_empty());
                mem::swap(&mut pending_forwards, &mut self.monitor_pending_forwards);
                assert!(self.monitor_pending_failures.is_empty());
@@ -2273,20 +2352,38 @@ impl Channel {
        /// Indicates that the latest ChannelMonitor update has been committed by the client
        /// successfully and we should restore normal operation. Returns messages which should be sent
        /// to the remote side.
-       pub fn monitor_updating_restored(&mut self) -> (Option<msgs::RevokeAndACK>, Option<msgs::CommitmentUpdate>, RAACommitmentOrder, Vec<(PendingForwardHTLCInfo, u64)>, Vec<(HTLCSource, PaymentHash, HTLCFailReason)>) {
+       pub fn monitor_updating_restored(&mut self) -> (Option<msgs::RevokeAndACK>, Option<msgs::CommitmentUpdate>, RAACommitmentOrder, Vec<(PendingForwardHTLCInfo, u64)>, Vec<(HTLCSource, PaymentHash, HTLCFailReason)>, bool, Option<msgs::FundingLocked>) {
                assert_eq!(self.channel_state & ChannelState::MonitorUpdateFailed as u32, ChannelState::MonitorUpdateFailed as u32);
                self.channel_state &= !(ChannelState::MonitorUpdateFailed as u32);
 
+               let needs_broadcast_safe = self.channel_state & (ChannelState::FundingSent as u32) != 0 && self.channel_outbound;
+
+               // Because we will never generate a FundingBroadcastSafe event when we're in
+               // MonitorUpdateFailed, if we assume the user only broadcast the funding transaction when
+               // they received the FundingBroadcastSafe event, we can only ever hit
+               // monitor_pending_funding_locked when we're an inbound channel which failed to persist the
+               // monitor on funding_created, and we even got the funding transaction confirmed before the
+               // monitor was persisted.
+               let funding_locked = if self.monitor_pending_funding_locked {
+                       assert!(!self.channel_outbound, "Funding transaction broadcast without FundingBroadcastSafe!");
+                       self.monitor_pending_funding_locked = false;
+                       let next_per_commitment_secret = self.build_local_commitment_secret(self.cur_local_commitment_transaction_number);
+                       let next_per_commitment_point = PublicKey::from_secret_key(&self.secp_ctx, &next_per_commitment_secret);
+                       Some(msgs::FundingLocked {
+                               channel_id: self.channel_id(),
+                               next_per_commitment_point: next_per_commitment_point,
+                       })
+               } else { None };
+
                let mut forwards = Vec::new();
                mem::swap(&mut forwards, &mut self.monitor_pending_forwards);
                let mut failures = Vec::new();
                mem::swap(&mut failures, &mut self.monitor_pending_failures);
 
                if self.channel_state & (ChannelState::PeerDisconnected as u32) != 0 {
-                       // Leave monitor_pending_order so we can order our channel_reestablish responses
                        self.monitor_pending_revoke_and_ack = false;
                        self.monitor_pending_commitment_signed = false;
-                       return (None, None, RAACommitmentOrder::RevokeAndACKFirst, forwards, failures);
+                       return (None, None, RAACommitmentOrder::RevokeAndACKFirst, forwards, failures, needs_broadcast_safe, funding_locked);
                }
 
                let raa = if self.monitor_pending_revoke_and_ack {
@@ -2298,7 +2395,13 @@ impl Channel {
 
                self.monitor_pending_revoke_and_ack = false;
                self.monitor_pending_commitment_signed = false;
-               (raa, commitment_update, self.monitor_pending_order.clone().unwrap(), forwards, failures)
+               let order = self.resend_order.clone();
+               log_trace!(self, "Restored monitor updating resulting in {}{} commitment update and {} RAA, with {} first",
+                       if needs_broadcast_safe { "a funding broadcast safe, " } else { "" },
+                       if commitment_update.is_some() { "a" } else { "no" },
+                       if raa.is_some() { "an" } else { "no" },
+                       match order { RAACommitmentOrder::CommitmentFirst => "commitment", RAACommitmentOrder::RevokeAndACKFirst => "RAA"});
+               (raa, commitment_update, order, forwards, failures, needs_broadcast_safe, funding_locked)
        }
 
        pub fn update_fee(&mut self, fee_estimator: &FeeEstimator, msg: &msgs::UpdateFee) -> Result<(), ChannelError> {
@@ -2376,7 +2479,7 @@ impl Channel {
                                update_add_htlcs.len(), update_fulfill_htlcs.len(), update_fail_htlcs.len(), update_fail_malformed_htlcs.len());
                msgs::CommitmentUpdate {
                        update_add_htlcs, update_fulfill_htlcs, update_fail_htlcs, update_fail_malformed_htlcs,
-                       update_fee: None, //TODO: We need to support re-generating any update_fees in the last commitment_signed!
+                       update_fee: None,
                        commitment_signed: self.send_commitment_no_state_update().expect("It looks like we failed to re-generate a commitment_signed we had previously sent?").0,
                }
        }
@@ -2408,7 +2511,9 @@ impl Channel {
                } else { None };
 
                if self.channel_state & (ChannelState::FundingSent as u32) == ChannelState::FundingSent as u32 {
-                       if self.channel_state & ChannelState::OurFundingLocked as u32 == 0 {
+                       // If we're waiting on a monitor update, we shouldn't re-send any funding_locked's.
+                       if self.channel_state & (ChannelState::OurFundingLocked as u32) == 0 ||
+                                       self.channel_state & (ChannelState::MonitorUpdateFailed as u32) != 0 {
                                if msg.next_remote_commitment_number != 0 {
                                        return Err(ChannelError::Close("Peer claimed they saw a revoke_and_ack but we haven't sent funding_locked yet"));
                                }
@@ -2456,12 +2561,6 @@ impl Channel {
                        })
                } else { None };
 
-               let order = self.monitor_pending_order.clone().unwrap_or(if self.received_commitment_while_awaiting_raa {
-                               RAACommitmentOrder::CommitmentFirst
-                       } else {
-                               RAACommitmentOrder::RevokeAndACKFirst
-                       });
-
                if msg.next_local_commitment_number == our_next_remote_commitment_number {
                        if required_revoke.is_some() {
                                log_debug!(self, "Reconnected channel {} with only lost outbound RAA", log_bytes!(self.channel_id()));
@@ -2469,8 +2568,7 @@ impl Channel {
                                log_debug!(self, "Reconnected channel {} with no loss", log_bytes!(self.channel_id()));
                        }
 
-                       if (self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::MonitorUpdateFailed as u32)) == 0 &&
-                                       self.monitor_pending_order.is_none() { // monitor_pending_order indicates we're waiting on a response to a unfreeze
+                       if (self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::MonitorUpdateFailed as u32)) == 0 {
                                // We're up-to-date and not waiting on a remote revoke (if we are our
                                // channel_reestablish should result in them sending a revoke_and_ack), but we may
                                // have received some updates while we were disconnected. Free the holding cell
@@ -2478,11 +2576,11 @@ impl Channel {
                                match self.free_holding_cell_htlcs() {
                                        Err(ChannelError::Close(msg)) => return Err(ChannelError::Close(msg)),
                                        Err(ChannelError::Ignore(_)) => panic!("Got non-channel-failing result from free_holding_cell_htlcs"),
-                                       Ok(Some((commitment_update, channel_monitor))) => return Ok((resend_funding_locked, required_revoke, Some(commitment_update), Some(channel_monitor), order, shutdown_msg)),
-                                       Ok(None) => return Ok((resend_funding_locked, required_revoke, None, None, order, shutdown_msg)),
+                                       Ok(Some((commitment_update, channel_monitor))) => return Ok((resend_funding_locked, required_revoke, Some(commitment_update), Some(channel_monitor), self.resend_order.clone(), shutdown_msg)),
+                                       Ok(None) => return Ok((resend_funding_locked, required_revoke, None, None, self.resend_order.clone(), shutdown_msg)),
                                }
                        } else {
-                               return Ok((resend_funding_locked, required_revoke, None, None, order, shutdown_msg));
+                               return Ok((resend_funding_locked, required_revoke, None, None, self.resend_order.clone(), shutdown_msg));
                        }
                } else if msg.next_local_commitment_number == our_next_remote_commitment_number - 1 {
                        if required_revoke.is_some() {
@@ -2493,10 +2591,10 @@ impl Channel {
 
                        if self.channel_state & (ChannelState::MonitorUpdateFailed as u32) != 0 {
                                self.monitor_pending_commitment_signed = true;
-                               return Ok((resend_funding_locked, None, None, None, order, shutdown_msg));
+                               return Ok((resend_funding_locked, None, None, None, self.resend_order.clone(), shutdown_msg));
                        }
 
-                       return Ok((resend_funding_locked, required_revoke, Some(self.get_last_commitment_update()), None, order, shutdown_msg));
+                       return Ok((resend_funding_locked, required_revoke, Some(self.get_last_commitment_update()), None, self.resend_order.clone(), shutdown_msg));
                } else {
                        return Err(ChannelError::Close("Peer attempted to reestablish channel with a very old remote commitment transaction"));
                }
@@ -2764,7 +2862,6 @@ impl Channel {
                self.cur_remote_commitment_transaction_number + 2
        }
 
-       //TODO: Testing purpose only, should be changed in another way after #81
        #[cfg(test)]
        pub fn get_local_keys(&self) -> &ChannelKeys {
                &self.local_keys
@@ -2906,12 +3003,17 @@ impl Channel {
                                        //they can by sending two revoke_and_acks back-to-back, but not really). This appears to be
                                        //a protocol oversight, but I assume I'm just missing something.
                                        if need_commitment_update {
-                                               let next_per_commitment_secret = self.build_local_commitment_secret(self.cur_local_commitment_transaction_number);
-                                               let next_per_commitment_point = PublicKey::from_secret_key(&self.secp_ctx, &next_per_commitment_secret);
-                                               return Ok(Some(msgs::FundingLocked {
-                                                       channel_id: self.channel_id,
-                                                       next_per_commitment_point: next_per_commitment_point,
-                                               }));
+                                               if self.channel_state & (ChannelState::MonitorUpdateFailed as u32) == 0 {
+                                                       let next_per_commitment_secret = self.build_local_commitment_secret(self.cur_local_commitment_transaction_number);
+                                                       let next_per_commitment_point = PublicKey::from_secret_key(&self.secp_ctx, &next_per_commitment_secret);
+                                                       return Ok(Some(msgs::FundingLocked {
+                                                               channel_id: self.channel_id,
+                                                               next_per_commitment_point: next_per_commitment_point,
+                                                       }));
+                                               } else {
+                                                       self.monitor_pending_funding_locked = true;
+                                                       return Ok(None);
+                                               }
                                        }
                                }
                        }
@@ -3004,7 +3106,7 @@ impl Channel {
                        channel_reserve_satoshis: Channel::get_our_channel_reserve_satoshis(self.channel_value_satoshis),
                        htlc_minimum_msat: self.our_htlc_minimum_msat,
                        feerate_per_kw: fee_estimator.get_est_sat_per_1000_weight(ConfirmationTarget::Background) as u32,
-                       to_self_delay: BREAKDOWN_TIMEOUT,
+                       to_self_delay: self.our_to_self_delay,
                        max_accepted_htlcs: OUR_MAX_HTLCS,
                        funding_pubkey: PublicKey::from_secret_key(&self.secp_ctx, &self.local_keys.funding_key),
                        revocation_basepoint: PublicKey::from_secret_key(&self.secp_ctx, &self.local_keys.revocation_base_key),
@@ -3013,7 +3115,7 @@ impl Channel {
                        htlc_basepoint: PublicKey::from_secret_key(&self.secp_ctx, &self.local_keys.htlc_base_key),
                        first_per_commitment_point: PublicKey::from_secret_key(&self.secp_ctx, &local_commitment_secret),
                        channel_flags: if self.config.announced_channel {1} else {0},
-                       shutdown_scriptpubkey: OptionalField::Absent
+                       shutdown_scriptpubkey: OptionalField::Present(if self.config.commit_upfront_shutdown_pubkey { self.get_closing_scriptpubkey() } else { Builder::new().into_script() })
                }
        }
 
@@ -3037,7 +3139,7 @@ impl Channel {
                        channel_reserve_satoshis: Channel::get_our_channel_reserve_satoshis(self.channel_value_satoshis),
                        htlc_minimum_msat: self.our_htlc_minimum_msat,
                        minimum_depth: self.minimum_depth,
-                       to_self_delay: BREAKDOWN_TIMEOUT,
+                       to_self_delay: self.our_to_self_delay,
                        max_accepted_htlcs: OUR_MAX_HTLCS,
                        funding_pubkey: PublicKey::from_secret_key(&self.secp_ctx, &self.local_keys.funding_key),
                        revocation_basepoint: PublicKey::from_secret_key(&self.secp_ctx, &self.local_keys.revocation_base_key),
@@ -3045,7 +3147,7 @@ impl Channel {
                        delayed_payment_basepoint: PublicKey::from_secret_key(&self.secp_ctx, &self.local_keys.delayed_payment_base_key),
                        htlc_basepoint: PublicKey::from_secret_key(&self.secp_ctx, &self.local_keys.htlc_base_key),
                        first_per_commitment_point: PublicKey::from_secret_key(&self.secp_ctx, &local_commitment_secret),
-                       shutdown_scriptpubkey: OptionalField::Absent
+                       shutdown_scriptpubkey: OptionalField::Present(if self.config.commit_upfront_shutdown_pubkey { self.get_closing_scriptpubkey() } else { Builder::new().into_script() })
                }
        }
 
@@ -3142,7 +3244,7 @@ impl Channel {
                        excess_data: Vec::new(),
                };
 
-               let msghash = hash_to_message!(&Sha256dHash::from_data(&msg.encode()[..])[..]);
+               let msghash = hash_to_message!(&Sha256dHash::hash(&msg.encode()[..])[..]);
                let sig = self.secp_ctx.sign(&msghash, &self.local_keys.funding_key);
 
                Ok((msg, sig))
@@ -3234,7 +3336,6 @@ impl Channel {
                                cltv_expiry: cltv_expiry,
                                source,
                                onion_routing_packet: onion_routing_packet,
-                               time_created: Instant::now(),
                        });
                        return Ok(None);
                }
@@ -3246,7 +3347,6 @@ impl Channel {
                        cltv_expiry: cltv_expiry,
                        state: OutboundHTLCState::LocalAnnounced(Box::new(onion_routing_packet.clone())),
                        source,
-                       fail_reason: None,
                });
 
                let res = msgs::UpdateAddHTLC {
@@ -3311,10 +3411,13 @@ impl Channel {
                        }
                }
                for htlc in self.pending_outbound_htlcs.iter_mut() {
-                       if let OutboundHTLCState::AwaitingRemoteRevokeToRemove = htlc.state {
-                               htlc.state = OutboundHTLCState::AwaitingRemovedRemoteRevoke;
+                       if let Some(fail_reason) = if let &mut OutboundHTLCState::AwaitingRemoteRevokeToRemove(ref mut fail_reason) = &mut htlc.state {
+                               Some(fail_reason.take())
+                       } else { None } {
+                               htlc.state = OutboundHTLCState::AwaitingRemovedRemoteRevoke(fail_reason);
                        }
                }
+               self.resend_order = RAACommitmentOrder::RevokeAndACKFirst;
 
                let (res, remote_commitment_tx, htlcs) = match self.send_commitment_no_state_update() {
                        Ok((res, (remote_commitment_tx, mut htlcs))) => {
@@ -3525,8 +3628,6 @@ impl Writeable for Channel {
                self.cur_remote_commitment_transaction_number.write(writer)?;
                self.value_to_self_msat.write(writer)?;
 
-               self.received_commitment_while_awaiting_raa.write(writer)?;
-
                let mut dropped_inbound_htlcs = 0;
                for htlc in self.pending_inbound_htlcs.iter() {
                        if let InboundHTLCState::RemoteAnnounced(_) = htlc.state {
@@ -3578,7 +3679,6 @@ impl Writeable for Channel {
                        htlc.cltv_expiry.write(writer)?;
                        htlc.payment_hash.write(writer)?;
                        htlc.source.write(writer)?;
-                       write_option!(htlc.fail_reason);
                        match &htlc.state {
                                &OutboundHTLCState::LocalAnnounced(ref onion_packet) => {
                                        0u8.write(writer)?;
@@ -3587,14 +3687,17 @@ impl Writeable for Channel {
                                &OutboundHTLCState::Committed => {
                                        1u8.write(writer)?;
                                },
-                               &OutboundHTLCState::RemoteRemoved => {
+                               &OutboundHTLCState::RemoteRemoved(ref fail_reason) => {
                                        2u8.write(writer)?;
+                                       write_option!(*fail_reason);
                                },
-                               &OutboundHTLCState::AwaitingRemoteRevokeToRemove => {
+                               &OutboundHTLCState::AwaitingRemoteRevokeToRemove(ref fail_reason) => {
                                        3u8.write(writer)?;
+                                       write_option!(*fail_reason);
                                },
-                               &OutboundHTLCState::AwaitingRemovedRemoteRevoke => {
+                               &OutboundHTLCState::AwaitingRemovedRemoteRevoke(ref fail_reason) => {
                                        4u8.write(writer)?;
+                                       write_option!(*fail_reason);
                                },
                        }
                }
@@ -3602,14 +3705,13 @@ impl Writeable for Channel {
                (self.holding_cell_htlc_updates.len() as u64).write(writer)?;
                for update in self.holding_cell_htlc_updates.iter() {
                        match update {
-                               &HTLCUpdateAwaitingACK::AddHTLC { ref amount_msat, ref cltv_expiry, ref payment_hash, ref source, ref onion_routing_packet, time_created: _ } => {
+                               &HTLCUpdateAwaitingACK::AddHTLC { ref amount_msat, ref cltv_expiry, ref payment_hash, ref source, ref onion_routing_packet } => {
                                        0u8.write(writer)?;
                                        amount_msat.write(writer)?;
                                        cltv_expiry.write(writer)?;
                                        payment_hash.write(writer)?;
                                        source.write(writer)?;
                                        onion_routing_packet.write(writer)?;
-                                       // time_created is not serialized - we re-init the timeout upon deserialization
                                },
                                &HTLCUpdateAwaitingACK::ClaimHTLC { ref payment_preimage, ref htlc_id } => {
                                        1u8.write(writer)?;
@@ -3624,13 +3726,14 @@ impl Writeable for Channel {
                        }
                }
 
+               match self.resend_order {
+                       RAACommitmentOrder::CommitmentFirst => 0u8.write(writer)?,
+                       RAACommitmentOrder::RevokeAndACKFirst => 1u8.write(writer)?,
+               }
+
+               self.monitor_pending_funding_locked.write(writer)?;
                self.monitor_pending_revoke_and_ack.write(writer)?;
                self.monitor_pending_commitment_signed.write(writer)?;
-               match self.monitor_pending_order {
-                       None => 0u8.write(writer)?,
-                       Some(RAACommitmentOrder::CommitmentFirst) => 1u8.write(writer)?,
-                       Some(RAACommitmentOrder::RevokeAndACKFirst) => 2u8.write(writer)?,
-               }
 
                (self.monitor_pending_forwards.len() as u64).write(writer)?;
                for &(ref pending_forward, ref htlc_id) in self.monitor_pending_forwards.iter() {
@@ -3685,6 +3788,7 @@ impl Writeable for Channel {
                self.their_htlc_minimum_msat.write(writer)?;
                self.our_htlc_minimum_msat.write(writer)?;
                self.their_to_self_delay.write(writer)?;
+               self.our_to_self_delay.write(writer)?;
                self.their_max_accepted_htlcs.write(writer)?;
                self.minimum_depth.write(writer)?;
 
@@ -3728,8 +3832,6 @@ impl<R : ::std::io::Read> ReadableArgs<R, Arc<Logger>> for Channel {
                let cur_remote_commitment_transaction_number = Readable::read(reader)?;
                let value_to_self_msat = Readable::read(reader)?;
 
-               let received_commitment_while_awaiting_raa = Readable::read(reader)?;
-
                let pending_inbound_htlc_count: u64 = Readable::read(reader)?;
                let mut pending_inbound_htlcs = Vec::with_capacity(cmp::min(pending_inbound_htlc_count as usize, OUR_MAX_HTLCS as usize));
                for _ in 0..pending_inbound_htlc_count {
@@ -3757,13 +3859,12 @@ impl<R : ::std::io::Read> ReadableArgs<R, Arc<Logger>> for Channel {
                                cltv_expiry: Readable::read(reader)?,
                                payment_hash: Readable::read(reader)?,
                                source: Readable::read(reader)?,
-                               fail_reason: Readable::read(reader)?,
                                state: match <u8 as Readable<R>>::read(reader)? {
                                        0 => OutboundHTLCState::LocalAnnounced(Box::new(Readable::read(reader)?)),
                                        1 => OutboundHTLCState::Committed,
-                                       2 => OutboundHTLCState::RemoteRemoved,
-                                       3 => OutboundHTLCState::AwaitingRemoteRevokeToRemove,
-                                       4 => OutboundHTLCState::AwaitingRemovedRemoteRevoke,
+                                       2 => OutboundHTLCState::RemoteRemoved(Readable::read(reader)?),
+                                       3 => OutboundHTLCState::AwaitingRemoteRevokeToRemove(Readable::read(reader)?),
+                                       4 => OutboundHTLCState::AwaitingRemovedRemoteRevoke(Readable::read(reader)?),
                                        _ => return Err(DecodeError::InvalidValue),
                                },
                        });
@@ -3779,7 +3880,6 @@ impl<R : ::std::io::Read> ReadableArgs<R, Arc<Logger>> for Channel {
                                        payment_hash: Readable::read(reader)?,
                                        source: Readable::read(reader)?,
                                        onion_routing_packet: Readable::read(reader)?,
-                                       time_created: Instant::now(),
                                },
                                1 => HTLCUpdateAwaitingACK::ClaimHTLC {
                                        payment_preimage: Readable::read(reader)?,
@@ -3793,16 +3893,16 @@ impl<R : ::std::io::Read> ReadableArgs<R, Arc<Logger>> for Channel {
                        });
                }
 
-               let monitor_pending_revoke_and_ack = Readable::read(reader)?;
-               let monitor_pending_commitment_signed = Readable::read(reader)?;
-
-               let monitor_pending_order = match <u8 as Readable<R>>::read(reader)? {
-                       0 => None,
-                       1 => Some(RAACommitmentOrder::CommitmentFirst),
-                       2 => Some(RAACommitmentOrder::RevokeAndACKFirst),
+               let resend_order = match <u8 as Readable<R>>::read(reader)? {
+                       0 => RAACommitmentOrder::CommitmentFirst,
+                       1 => RAACommitmentOrder::RevokeAndACKFirst,
                        _ => return Err(DecodeError::InvalidValue),
                };
 
+               let monitor_pending_funding_locked = Readable::read(reader)?;
+               let monitor_pending_revoke_and_ack = Readable::read(reader)?;
+               let monitor_pending_commitment_signed = Readable::read(reader)?;
+
                let monitor_pending_forwards_count: u64 = Readable::read(reader)?;
                let mut monitor_pending_forwards = Vec::with_capacity(cmp::min(monitor_pending_forwards_count as usize, OUR_MAX_HTLCS as usize));
                for _ in 0..monitor_pending_forwards_count {
@@ -3851,6 +3951,7 @@ impl<R : ::std::io::Read> ReadableArgs<R, Arc<Logger>> for Channel {
                let their_htlc_minimum_msat = Readable::read(reader)?;
                let our_htlc_minimum_msat = Readable::read(reader)?;
                let their_to_self_delay = Readable::read(reader)?;
+               let our_to_self_delay = Readable::read(reader)?;
                let their_max_accepted_htlcs = Readable::read(reader)?;
                let minimum_depth = Readable::read(reader)?;
 
@@ -3889,14 +3990,15 @@ impl<R : ::std::io::Read> ReadableArgs<R, Arc<Logger>> for Channel {
                        cur_remote_commitment_transaction_number,
                        value_to_self_msat,
 
-                       received_commitment_while_awaiting_raa,
                        pending_inbound_htlcs,
                        pending_outbound_htlcs,
                        holding_cell_htlc_updates,
 
+                       resend_order,
+
+                       monitor_pending_funding_locked,
                        monitor_pending_revoke_and_ack,
                        monitor_pending_commitment_signed,
-                       monitor_pending_order,
                        monitor_pending_forwards,
                        monitor_pending_failures,
 
@@ -3928,6 +4030,7 @@ impl<R : ::std::io::Read> ReadableArgs<R, Arc<Logger>> for Channel {
                        their_htlc_minimum_msat,
                        our_htlc_minimum_msat,
                        their_to_self_delay,
+                       our_to_self_delay,
                        their_max_accepted_htlcs,
                        minimum_depth,
 
@@ -3952,12 +4055,12 @@ impl<R : ::std::io::Read> ReadableArgs<R, Arc<Logger>> for Channel {
 
 #[cfg(test)]
 mod tests {
-       use bitcoin::util::hash::{Sha256dHash, Hash160};
        use bitcoin::util::bip143;
        use bitcoin::consensus::encode::serialize;
        use bitcoin::blockdata::script::{Script, Builder};
        use bitcoin::blockdata::transaction::Transaction;
        use bitcoin::blockdata::opcodes;
+       use bitcoin_hashes::hex::FromHex;
        use hex;
        use ln::channelmanager::{HTLCSource, PaymentPreimage, PaymentHash};
        use ln::channel::{Channel,ChannelKeys,InboundHTLCOutput,OutboundHTLCOutput,InboundHTLCState,OutboundHTLCState,HTLCOutputInCommitment,TxCreationKeys};
@@ -3972,6 +4075,8 @@ mod tests {
        use secp256k1::{Secp256k1,Message,Signature};
        use secp256k1::key::{SecretKey,PublicKey};
        use bitcoin_hashes::sha256::Hash as Sha256;
+       use bitcoin_hashes::sha256d::Hash as Sha256dHash;
+       use bitcoin_hashes::hash160::Hash as Hash160;
        use bitcoin_hashes::Hash;
        use std::sync::Arc;
 
@@ -3998,7 +4103,7 @@ mod tests {
                fn get_destination_script(&self) -> Script {
                        let secp_ctx = Secp256k1::signing_only();
                        let channel_monitor_claim_key = SecretKey::from_slice(&hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap();
-                       let our_channel_monitor_claim_key_hash = Hash160::from_data(&PublicKey::from_secret_key(&secp_ctx, &channel_monitor_claim_key).serialize());
+                       let our_channel_monitor_claim_key_hash = Hash160::hash(&PublicKey::from_secret_key(&secp_ctx, &channel_monitor_claim_key).serialize());
                        Builder::new().push_opcode(opcodes::all::OP_PUSHBYTES_0).push_slice(&our_channel_monitor_claim_key_hash[..]).into_script()
                }
 
@@ -4156,7 +4261,6 @@ mod tests {
                                payment_hash: PaymentHash([0; 32]),
                                state: OutboundHTLCState::Committed,
                                source: HTLCSource::dummy(),
-                               fail_reason: None,
                        };
                        out.payment_hash.0 = Sha256::hash(&hex::decode("0202020202020202020202020202020202020202020202020202020202020202").unwrap()).into_inner();
                        out
@@ -4169,7 +4273,6 @@ mod tests {
                                payment_hash: PaymentHash([0; 32]),
                                state: OutboundHTLCState::Committed,
                                source: HTLCSource::dummy(),
-                               fail_reason: None,
                        };
                        out.payment_hash.0 = Sha256::hash(&hex::decode("0303030303030303030303030303030303030303030303030303030303030303").unwrap()).into_inner();
                        out
diff --git a/src/ln/channelmanager.rs b/src/ln/channelmanager.rs
index 23d5eb21f75269fed9270c8c33913db9453b0d3c..afabcd7cc6bb30a294dcf8326d721ac718952e2d 100644 (file)
--- a/src/ln/channelmanager.rs
+++ b/src/ln/channelmanager.rs
@@ -12,11 +12,12 @@ use bitcoin::blockdata::block::BlockHeader;
 use bitcoin::blockdata::transaction::Transaction;
 use bitcoin::blockdata::constants::genesis_block;
 use bitcoin::network::constants::Network;
-use bitcoin::util::hash::{BitcoinHash, Sha256dHash};
+use bitcoin::util::hash::BitcoinHash;
 
 use bitcoin_hashes::{Hash, HashEngine};
 use bitcoin_hashes::hmac::{Hmac, HmacEngine};
 use bitcoin_hashes::sha256::Hash as Sha256;
+use bitcoin_hashes::sha256d::Hash as Sha256dHash;
 use bitcoin_hashes::cmp::fixed_time_eq;
 
 use secp256k1::key::{SecretKey,PublicKey};
@@ -27,14 +28,15 @@ use secp256k1;
 use chain::chaininterface::{BroadcasterInterface,ChainListener,ChainWatchInterface,FeeEstimator};
 use chain::transaction::OutPoint;
 use ln::channel::{Channel, ChannelError};
-use ln::channelmonitor::{ChannelMonitor, ChannelMonitorUpdateErr, ManyChannelMonitor, CLTV_CLAIM_BUFFER, HTLC_FAIL_TIMEOUT_BLOCKS, HTLC_FAIL_ANTI_REORG_DELAY};
+use ln::channelmonitor::{ChannelMonitor, ChannelMonitorUpdateErr, ManyChannelMonitor, CLTV_CLAIM_BUFFER, LATENCY_GRACE_PERIOD_BLOCKS, ANTI_REORG_DELAY};
 use ln::router::Route;
 use ln::msgs;
+use ln::msgs::LocalFeatures;
 use ln::onion_utils;
 use ln::msgs::{ChannelMessageHandler, DecodeError, HandleError};
 use chain::keysinterface::KeysInterface;
 use util::config::UserConfig;
-use util::{byte_utils, events, rng};
+use util::{byte_utils, events};
 use util::ser::{Readable, ReadableArgs, Writeable, Writer};
 use util::chacha20::ChaCha20;
 use util::logger::Logger;
@@ -45,7 +47,7 @@ use std::collections::{HashMap, hash_map, HashSet};
 use std::io::Cursor;
 use std::sync::{Arc, Mutex, MutexGuard, RwLock};
 use std::sync::atomic::{AtomicUsize, Ordering};
-use std::time::{Instant,Duration};
+use std::time::Duration;
 
 // We hold various information about HTLC relay in the HTLC objects in Channel itself:
 //
@@ -212,11 +214,11 @@ impl MsgHandleErrInternal {
        }
 }
 
-/// We hold back HTLCs we intend to relay for a random interval in the range (this, 5*this). This
-/// provides some limited amount of privacy. Ideally this would range from somewhere like 1 second
-/// to 30 seconds, but people expect lightning to be, you know, kinda fast, sadly. We could
-/// probably increase this significantly.
-const MIN_HTLC_RELAY_HOLDING_CELL_MILLIS: u32 = 50;
+/// We hold back HTLCs we intend to relay for a random interval greater than this (see
+/// Event::PendingHTLCsForwardable for the API guidelines indicating how long should be waited).
+/// This provides some limited amount of privacy. Ideally this would range from somewhere like one
+/// second to 30 seconds, but people expect lightning to be, you know, kinda fast, sadly.
+const MIN_HTLC_RELAY_HOLDING_CELL_MILLIS: u64 = 100;
 
 pub(super) enum HTLCForwardInfo {
        AddHTLC {
@@ -246,7 +248,6 @@ pub(super) enum RAACommitmentOrder {
 pub(super) struct ChannelHolder {
        pub(super) by_id: HashMap<[u8; 32], Channel>,
        pub(super) short_to_id: HashMap<u64, [u8; 32]>,
-       pub(super) next_forward: Instant,
        /// short channel id -> forward infos. Key of 0 means payments received
        /// Note that while this is held in the same mutex as the channels themselves, no consistency
        /// guarantees are made about the existence of a channel with the short id here, nor the short
@@ -265,7 +266,6 @@ pub(super) struct ChannelHolder {
 pub(super) struct MutChannelHolder<'a> {
        pub(super) by_id: &'a mut HashMap<[u8; 32], Channel>,
        pub(super) short_to_id: &'a mut HashMap<u64, [u8; 32]>,
-       pub(super) next_forward: &'a mut Instant,
        pub(super) forward_htlcs: &'a mut HashMap<u64, Vec<HTLCForwardInfo>>,
        pub(super) claimable_htlcs: &'a mut HashMap<PaymentHash, Vec<(u64, HTLCPreviousHopData)>>,
        pub(super) pending_msg_events: &'a mut Vec<events::MessageSendEvent>,
@@ -275,7 +275,6 @@ impl ChannelHolder {
                MutChannelHolder {
                        by_id: &mut self.by_id,
                        short_to_id: &mut self.short_to_id,
-                       next_forward: &mut self.next_forward,
                        forward_htlcs: &mut self.forward_htlcs,
                        claimable_htlcs: &mut self.claimable_htlcs,
                        pending_msg_events: &mut self.pending_msg_events,
@@ -342,6 +341,12 @@ pub struct ChannelManager {
        logger: Arc<Logger>,
 }
 
+/// The amount of time we require our counterparty wait to claim their money (ie time between when
+/// we, or our watchtower, must check for them having broadcast a theft transaction).
+pub(crate) const BREAKDOWN_TIMEOUT: u16 = 6 * 24;
+/// The amount of time we're willing to wait to claim money back to us
+pub(crate) const MAX_LOCAL_BREAKDOWN_TIMEOUT: u16 = 6 * 24 * 7;
+
 /// The minimum number of blocks between an inbound HTLC's CLTV and the corresponding outbound
 /// HTLC's CLTV. This should always be a few blocks greater than channelmonitor::CLTV_CLAIM_BUFFER,
 /// ie the node we forwarded the payment on to should always have enough room to reliably time out
@@ -350,20 +355,21 @@ pub struct ChannelManager {
 const CLTV_EXPIRY_DELTA: u16 = 6 * 12; //TODO?
 pub(super) const CLTV_FAR_FAR_AWAY: u32 = 6 * 24 * 7; //TODO?
 
-// Check that our CLTV_EXPIRY is at least CLTV_CLAIM_BUFFER + 2*HTLC_FAIL_TIMEOUT_BLOCKS +
-// HTLC_FAIL_ANTI_REORG_DELAY, ie that if the next-hop peer fails the HTLC within
-// HTLC_FAIL_TIMEOUT_BLOCKS then we'll still have HTLC_FAIL_TIMEOUT_BLOCKS left to fail it
-// backwards ourselves before hitting the CLTV_CLAIM_BUFFER point and failing the channel
-// on-chain to time out the HTLC.
+// Check that our CLTV_EXPIRY is at least CLTV_CLAIM_BUFFER + ANTI_REORG_DELAY + LATENCY_GRACE_PERIOD_BLOCKS,
+// ie that if the next-hop peer fails the HTLC within
+// LATENCY_GRACE_PERIOD_BLOCKS then we'll still have CLTV_CLAIM_BUFFER left to timeout it onchain,
+// then waiting ANTI_REORG_DELAY to be reorg-safe on the outbound HLTC and
+// failing the corresponding htlc backward, and us now seeing the last block of ANTI_REORG_DELAY before
+// LATENCY_GRACE_PERIOD_BLOCKS.
 #[deny(const_err)]
 #[allow(dead_code)]
-const CHECK_CLTV_EXPIRY_SANITY: u32 = CLTV_EXPIRY_DELTA as u32 - 2*HTLC_FAIL_TIMEOUT_BLOCKS - CLTV_CLAIM_BUFFER - HTLC_FAIL_ANTI_REORG_DELAY;
+const CHECK_CLTV_EXPIRY_SANITY: u32 = CLTV_EXPIRY_DELTA as u32 - LATENCY_GRACE_PERIOD_BLOCKS - CLTV_CLAIM_BUFFER - ANTI_REORG_DELAY - LATENCY_GRACE_PERIOD_BLOCKS;
 
 // Check for ability of an attacker to make us fail on-chain by delaying inbound claim. See
 // ChannelMontior::would_broadcast_at_height for a description of why this is needed.
 #[deny(const_err)]
 #[allow(dead_code)]
-const CHECK_CLTV_EXPIRY_SANITY_2: u32 = CLTV_EXPIRY_DELTA as u32 - HTLC_FAIL_TIMEOUT_BLOCKS - 2*CLTV_CLAIM_BUFFER;
+const CHECK_CLTV_EXPIRY_SANITY_2: u32 = CLTV_EXPIRY_DELTA as u32 - LATENCY_GRACE_PERIOD_BLOCKS - 2*CLTV_CLAIM_BUFFER;
 
 macro_rules! secp_call {
        ( $res: expr, $err: expr ) => {
@@ -390,6 +396,20 @@ pub struct ChannelDetails {
        pub channel_value_satoshis: u64,
        /// The user_id passed in to create_channel, or 0 if the channel was inbound.
        pub user_id: u64,
+       /// The available outbound capacity for sending HTLCs to the remote peer. This does not include
+       /// any pending HTLCs which are not yet fully resolved (and, thus, who's balance is not
+       /// available for inclusion in new outbound HTLCs). This further does not include any pending
+       /// outgoing HTLCs which are awaiting some other resolution to be sent.
+       pub outbound_capacity_msat: u64,
+       /// The available inbound capacity for the remote peer to send HTLCs to us. This does not
+       /// include any pending HTLCs which are not yet fully resolved (and, thus, who's balance is not
+       /// available for inclusion in new inbound HTLCs).
+       /// Note that there are some corner cases not fully handled here, so the actual available
+       /// inbound capacity may be slightly higher than this.
+       pub inbound_capacity_msat: u64,
+       /// True if the channel is (a) confirmed and funding_locked messages have been exchanged, (b)
+       /// the peer is connected, and (c) no monitor update failure is pending resolution.
+       pub is_live: bool,
 }
 
 macro_rules! handle_error {
@@ -493,7 +513,7 @@ macro_rules! handle_monitor_err {
                                if !$resend_raa {
                                        debug_assert!($action_type == RAACommitmentOrder::CommitmentFirst || !$resend_commitment);
                                }
-                               $entry.get_mut().monitor_update_failed($action_type, $resend_raa, $resend_commitment, $failed_forwards, $failed_fails);
+                               $entry.get_mut().monitor_update_failed($resend_raa, $resend_commitment, $failed_forwards, $failed_fails);
                                Err(MsgHandleErrInternal::from_chan_no_close(ChannelError::Ignore("Failed to update ChannelMonitor"), *$entry.key()))
                        },
                }
@@ -548,7 +568,6 @@ impl ChannelManager {
                        channel_state: Mutex::new(ChannelHolder{
                                by_id: HashMap::new(),
                                short_to_id: HashMap::new(),
-                               next_forward: Instant::now(),
                                forward_htlcs: HashMap::new(),
                                claimable_htlcs: HashMap::new(),
                                pending_msg_events: Vec::new(),
@@ -612,12 +631,16 @@ impl ChannelManager {
                let channel_state = self.channel_state.lock().unwrap();
                let mut res = Vec::with_capacity(channel_state.by_id.len());
                for (channel_id, channel) in channel_state.by_id.iter() {
+                       let (inbound_capacity_msat, outbound_capacity_msat) = channel.get_inbound_outbound_available_balance_msat();
                        res.push(ChannelDetails {
                                channel_id: (*channel_id).clone(),
                                short_channel_id: channel.get_short_channel_id(),
                                remote_network_id: channel.get_their_node_id(),
                                channel_value_satoshis: channel.get_value_satoshis(),
+                               inbound_capacity_msat,
+                               outbound_capacity_msat,
                                user_id: channel.get_user_id(),
+                               is_live: channel.is_live(),
                        });
                }
                res
@@ -625,6 +648,9 @@ impl ChannelManager {
 
        /// Gets the list of usable channels, in random order. Useful as an argument to
        /// Router::get_route to ensure non-announced channels are used.
+       ///
+       /// These are guaranteed to have their is_live value set to true, see the documentation for
+       /// ChannelDetails::is_live for more info on exactly what the criteria are.
        pub fn list_usable_channels(&self) -> Vec<ChannelDetails> {
                let channel_state = self.channel_state.lock().unwrap();
                let mut res = Vec::with_capacity(channel_state.by_id.len());
@@ -633,12 +659,16 @@ impl ChannelManager {
                        // internal/external nomenclature, but that's ok cause that's probably what the user
                        // really wanted anyway.
                        if channel.is_live() {
+                               let (inbound_capacity_msat, outbound_capacity_msat) = channel.get_inbound_outbound_available_balance_msat();
                                res.push(ChannelDetails {
                                        channel_id: (*channel_id).clone(),
                                        short_channel_id: channel.get_short_channel_id(),
                                        remote_network_id: channel.get_their_node_id(),
                                        channel_value_satoshis: channel.get_value_satoshis(),
+                                       inbound_capacity_msat,
+                                       outbound_capacity_msat,
                                        user_id: channel.get_user_id(),
+                                       is_live: true,
                                });
                        }
                }
@@ -819,7 +849,7 @@ impl ChannelManager {
                let pending_forward_info = if next_hop_data.hmac == [0; 32] {
                                // OUR PAYMENT!
                                // final_expiry_too_soon
-                               if (msg.cltv_expiry as u64) < self.latest_block_height.load(Ordering::Acquire) as u64 + (CLTV_CLAIM_BUFFER + HTLC_FAIL_TIMEOUT_BLOCKS) as u64 {
+                               if (msg.cltv_expiry as u64) < self.latest_block_height.load(Ordering::Acquire) as u64 + (CLTV_CLAIM_BUFFER + LATENCY_GRACE_PERIOD_BLOCKS) as u64 {
                                        return_err!("The final CLTV expiry is too soon to handle", 17, &[0;0]);
                                }
                                // final_incorrect_htlc_amount
@@ -911,8 +941,8 @@ impl ChannelManager {
                                                break Some(("Forwarding node has tampered with the intended HTLC values or origin node has an obsolete cltv_expiry_delta", 0x1000 | 13, Some(self.get_channel_update(chan).unwrap())));
                                        }
                                        let cur_height = self.latest_block_height.load(Ordering::Acquire) as u32 + 1;
-                                       // We want to have at least HTLC_FAIL_TIMEOUT_BLOCKS to fail prior to going on chain CLAIM_BUFFER blocks before expiration
-                                       if msg.cltv_expiry <= cur_height + CLTV_CLAIM_BUFFER + HTLC_FAIL_TIMEOUT_BLOCKS as u32 { // expiry_too_soon
+                                       // We want to have at least LATENCY_GRACE_PERIOD_BLOCKS to fail prior to going on chain CLAIM_BUFFER blocks before expiration
+                                       if msg.cltv_expiry <= cur_height + CLTV_CLAIM_BUFFER + LATENCY_GRACE_PERIOD_BLOCKS as u32 { // expiry_too_soon
                                                break Some(("CLTV expiry is too close", 0x1000 | 14, Some(self.get_channel_update(chan).unwrap())));
                                        }
                                        if msg.cltv_expiry > cur_height + CLTV_FAR_FAR_AWAY as u32 { // expiry_too_far
@@ -964,7 +994,7 @@ impl ChannelManager {
                        excess_data: Vec::new(),
                };
 
-               let msg_hash = Sha256dHash::from_data(&unsigned.encode()[..]);
+               let msg_hash = Sha256dHash::hash(&unsigned.encode()[..]);
                let sig = self.secp_ctx.sign(&hash_to_message!(&msg_hash[..]), &self.our_network_key);
 
                Ok(msgs::ChannelUpdate {
@@ -1101,7 +1131,7 @@ impl ChannelManager {
        pub fn funding_transaction_generated(&self, temporary_channel_id: &[u8; 32], funding_txo: OutPoint) {
                let _ = self.total_consistency_lock.read().unwrap();
 
-               let (chan, msg, chan_monitor) = {
+               let (mut chan, msg, chan_monitor) = {
                        let (res, chan) = {
                                let mut channel_state = self.channel_state.lock().unwrap();
                                match channel_state.by_id.remove(temporary_channel_id) {
@@ -1132,8 +1162,30 @@ impl ChannelManager {
                };
                // Because we have exclusive ownership of the channel here we can release the channel_state
                // lock before add_update_monitor
-               if let Err(_e) = self.monitor.add_update_monitor(chan_monitor.get_funding_txo().unwrap(), chan_monitor) {
-                       unimplemented!();
+               if let Err(e) = self.monitor.add_update_monitor(chan_monitor.get_funding_txo().unwrap(), chan_monitor) {
+                       match e {
+                               ChannelMonitorUpdateErr::PermanentFailure => {
+                                       match handle_error!(self, Err(MsgHandleErrInternal::from_finish_shutdown("ChannelMonitor storage failure", *temporary_channel_id, chan.force_shutdown(), None))) {
+                                               Err(e) => {
+                                                       log_error!(self, "Failed to store ChannelMonitor update for funding tx generation");
+                                                       let mut channel_state = self.channel_state.lock().unwrap();
+                                                       channel_state.pending_msg_events.push(events::MessageSendEvent::HandleError {
+                                                               node_id: chan.get_their_node_id(),
+                                                               action: e.action,
+                                                       });
+                                                       return;
+                                               },
+                                               Ok(()) => unreachable!(),
+                                       }
+                               },
+                               ChannelMonitorUpdateErr::TemporaryFailure => {
+                                       // Its completely fine to continue with a FundingCreated until the monitor
+                                       // update is persisted, as long as we don't generate the FundingBroadcastSafe
+                                       // until the monitor has been safely persisted (as funding broadcast is not,
+                                       // in fact, safe).
+                                       chan.monitor_update_failed(false, false, Vec::new(), Vec::new());
+                               },
+                       }
                }
 
                let mut channel_state = self.channel_state.lock().unwrap();
@@ -1158,7 +1210,7 @@ impl ChannelManager {
                        Ok(res) => res,
                        Err(_) => return None, // Only in case of state precondition violations eg channel is closing
                };
-               let msghash = hash_to_message!(&Sha256dHash::from_data(&announcement.encode()[..])[..]);
+               let msghash = hash_to_message!(&Sha256dHash::hash(&announcement.encode()[..])[..]);
                let our_node_sig = self.secp_ctx.sign(&msghash, &self.our_network_key);
 
                Some(msgs::AnnouncementSignatures {
@@ -1183,10 +1235,6 @@ impl ChannelManager {
                        let mut channel_state_lock = self.channel_state.lock().unwrap();
                        let channel_state = channel_state_lock.borrow_parts();
 
-                       if cfg!(not(feature = "fuzztarget")) && Instant::now() < *channel_state.next_forward {
-                               return;
-                       }
-
                        for (short_chan_id, mut pending_forwards) in channel_state.forward_htlcs.drain() {
                                if short_chan_id != 0 {
                                        let forward_chan_id = match channel_state.short_to_id.get(&short_chan_id) {
@@ -1466,8 +1514,7 @@ impl ChannelManager {
 
                                let mut forward_event = None;
                                if channel_state_lock.forward_htlcs.is_empty() {
-                                       forward_event = Some(Instant::now() + Duration::from_millis(((rng::rand_f32() * 4.0 + 1.0) * MIN_HTLC_RELAY_HOLDING_CELL_MILLIS as f32) as u64));
-                                       channel_state_lock.next_forward = forward_event.unwrap();
+                                       forward_event = Some(Duration::from_millis(MIN_HTLC_RELAY_HOLDING_CELL_MILLIS));
                                }
                                match channel_state_lock.forward_htlcs.entry(short_channel_id) {
                                        hash_map::Entry::Occupied(mut entry) => {
@@ -1602,6 +1649,7 @@ impl ChannelManager {
                let mut close_results = Vec::new();
                let mut htlc_forwards = Vec::new();
                let mut htlc_failures = Vec::new();
+               let mut pending_events = Vec::new();
                let _ = self.total_consistency_lock.read().unwrap();
 
                {
@@ -1636,7 +1684,7 @@ impl ChannelManager {
                                                        ChannelMonitorUpdateErr::TemporaryFailure => true,
                                                }
                                        } else {
-                                               let (raa, commitment_update, order, pending_forwards, mut pending_failures) = channel.monitor_updating_restored();
+                                               let (raa, commitment_update, order, pending_forwards, mut pending_failures, needs_broadcast_safe, funding_locked) = channel.monitor_updating_restored();
                                                if !pending_forwards.is_empty() {
                                                        htlc_forwards.push((channel.get_short_channel_id().expect("We can't have pending forwards before funding confirmation"), pending_forwards));
                                                }
@@ -1668,12 +1716,33 @@ impl ChannelManager {
                                                                handle_cs!();
                                                        },
                                                }
+                                               if needs_broadcast_safe {
+                                                       pending_events.push(events::Event::FundingBroadcastSafe {
+                                                               funding_txo: channel.get_funding_txo().unwrap(),
+                                                               user_channel_id: channel.get_user_id(),
+                                                       });
+                                               }
+                                               if let Some(msg) = funding_locked {
+                                                       pending_msg_events.push(events::MessageSendEvent::SendFundingLocked {
+                                                               node_id: channel.get_their_node_id(),
+                                                               msg,
+                                                       });
+                                                       if let Some(announcement_sigs) = self.get_announcement_sigs(channel) {
+                                                               pending_msg_events.push(events::MessageSendEvent::SendAnnouncementSignatures {
+                                                                       node_id: channel.get_their_node_id(),
+                                                                       msg: announcement_sigs,
+                                                               });
+                                                       }
+                                                       short_to_id.insert(channel.get_short_channel_id().unwrap(), channel.channel_id());
+                                               }
                                                true
                                        }
                                } else { true }
                        });
                }
 
+               self.pending_events.lock().unwrap().append(&mut pending_events);
+
                for failure in htlc_failures.drain(..) {
                        self.fail_htlc_backwards_internal(self.channel_state.lock().unwrap(), failure.0, &failure.1, failure.2);
                }
@@ -1684,12 +1753,12 @@ impl ChannelManager {
                }
        }
 
-       fn internal_open_channel(&self, their_node_id: &PublicKey, msg: &msgs::OpenChannel) -> Result<(), MsgHandleErrInternal> {
+       fn internal_open_channel(&self, their_node_id: &PublicKey, their_local_features: LocalFeatures, msg: &msgs::OpenChannel) -> Result<(), MsgHandleErrInternal> {
                if msg.chain_hash != self.genesis_hash {
                        return Err(MsgHandleErrInternal::send_err_msg_no_close("Unknown genesis block hash", msg.temporary_channel_id.clone()));
                }
 
-               let channel = Channel::new_from_req(&*self.fee_estimator, &self.keys_manager, their_node_id.clone(), msg, 0, Arc::clone(&self.logger), &self.default_configuration)
+               let channel = Channel::new_from_req(&*self.fee_estimator, &self.keys_manager, their_node_id.clone(), their_local_features, msg, 0, Arc::clone(&self.logger), &self.default_configuration)
                        .map_err(|e| MsgHandleErrInternal::from_chan_no_close(e, msg.temporary_channel_id))?;
                let mut channel_state_lock = self.channel_state.lock().unwrap();
                let channel_state = channel_state_lock.borrow_parts();
@@ -1706,7 +1775,7 @@ impl ChannelManager {
                Ok(())
        }
 
-       fn internal_accept_channel(&self, their_node_id: &PublicKey, msg: &msgs::AcceptChannel) -> Result<(), MsgHandleErrInternal> {
+       fn internal_accept_channel(&self, their_node_id: &PublicKey, their_local_features: LocalFeatures, msg: &msgs::AcceptChannel) -> Result<(), MsgHandleErrInternal> {
                let (value, output_script, user_id) = {
                        let mut channel_lock = self.channel_state.lock().unwrap();
                        let channel_state = channel_lock.borrow_parts();
@@ -1716,7 +1785,7 @@ impl ChannelManager {
                                                //TODO: see issue #153, need a consistent behavior on obnoxious behavior from random node
                                                return Err(MsgHandleErrInternal::send_err_msg_no_close("Got a message for a channel from the wrong node!", msg.temporary_channel_id));
                                        }
-                                       try_chan_entry!(self, chan.get_mut().accept_channel(&msg, &self.default_configuration), channel_state, chan);
+                                       try_chan_entry!(self, chan.get_mut().accept_channel(&msg, &self.default_configuration, their_local_features), channel_state, chan);
                                        (chan.get().get_value_satoshis(), chan.get().get_funding_redeemscript().to_v0_p2wsh(), chan.get().get_user_id())
                                },
                                //TODO: same as above
@@ -1734,7 +1803,7 @@ impl ChannelManager {
        }
 
        fn internal_funding_created(&self, their_node_id: &PublicKey, msg: &msgs::FundingCreated) -> Result<(), MsgHandleErrInternal> {
-               let ((funding_msg, monitor_update), chan) = {
+               let ((funding_msg, monitor_update), mut chan) = {
                        let mut channel_lock = self.channel_state.lock().unwrap();
                        let channel_state = channel_lock.borrow_parts();
                        match channel_state.by_id.entry(msg.temporary_channel_id.clone()) {
@@ -1750,8 +1819,23 @@ impl ChannelManager {
                };
                // Because we have exclusive ownership of the channel here we can release the channel_state
                // lock before add_update_monitor
-               if let Err(_e) = self.monitor.add_update_monitor(monitor_update.get_funding_txo().unwrap(), monitor_update) {
-                       unimplemented!();
+               if let Err(e) = self.monitor.add_update_monitor(monitor_update.get_funding_txo().unwrap(), monitor_update) {
+                       match e {
+                               ChannelMonitorUpdateErr::PermanentFailure => {
+                                       // Note that we reply with the new channel_id in error messages if we gave up on the
+                                       // channel, not the temporary_channel_id. This is compatible with ourselves, but the
+                                       // spec is somewhat ambiguous here. Not a huge deal since we'll send error messages for
+                                       // any messages referencing a previously-closed channel anyway.
+                                       return Err(MsgHandleErrInternal::from_finish_shutdown("ChannelMonitor storage failure", funding_msg.channel_id, chan.force_shutdown(), None));
+                               },
+                               ChannelMonitorUpdateErr::TemporaryFailure => {
+                                       // There's no problem signing a counterparty's funding transaction if our monitor
+                                       // hasn't persisted to disk yet - we can't lose money on a transaction that we haven't
+                                       // accepted payment from yet. We do, however, need to wait to send our funding_locked
+                                       // until we have persisted our monitor.
+                                       chan.monitor_update_failed(false, false, Vec::new(), Vec::new());
+                               },
+                       }
                }
                let mut channel_state_lock = self.channel_state.lock().unwrap();
                let channel_state = channel_state_lock.borrow_parts();
@@ -1781,8 +1865,8 @@ impl ChannelManager {
                                                return Err(MsgHandleErrInternal::send_err_msg_no_close("Got a message for a channel from the wrong node!", msg.channel_id));
                                        }
                                        let chan_monitor = try_chan_entry!(self, chan.get_mut().funding_signed(&msg), channel_state, chan);
-                                       if let Err(_e) = self.monitor.add_update_monitor(chan_monitor.get_funding_txo().unwrap(), chan_monitor) {
-                                               unimplemented!();
+                                       if let Err(e) = self.monitor.add_update_monitor(chan_monitor.get_funding_txo().unwrap(), chan_monitor) {
+                                               return_monitor_err!(self, e, channel_state, chan, RAACommitmentOrder::RevokeAndACKFirst, false, false);
                                        }
                                        (chan.get().get_funding_txo().unwrap(), chan.get().get_user_id())
                                },
@@ -2076,8 +2160,7 @@ impl ChannelManager {
                        if !pending_forwards.is_empty() {
                                let mut channel_state = self.channel_state.lock().unwrap();
                                if channel_state.forward_htlcs.is_empty() {
-                                       forward_event = Some(Instant::now() + Duration::from_millis(((rng::rand_f32() * 4.0 + 1.0) * MIN_HTLC_RELAY_HOLDING_CELL_MILLIS as f32) as u64));
-                                       channel_state.next_forward = forward_event.unwrap();
+                                       forward_event = Some(Duration::from_millis(MIN_HTLC_RELAY_HOLDING_CELL_MILLIS))
                                }
                                for (forward_info, prev_htlc_id) in pending_forwards.drain(..) {
                                        match channel_state.forward_htlcs.entry(forward_info.short_channel_id) {
@@ -2182,7 +2265,7 @@ impl ChannelManager {
                                        try_chan_entry!(self, chan.get_mut().get_channel_announcement(our_node_id.clone(), self.genesis_hash.clone()), channel_state, chan);
 
                                let were_node_one = announcement.node_id_1 == our_node_id;
-                               let msghash = hash_to_message!(&Sha256dHash::from_data(&announcement.encode()[..])[..]);
+                               let msghash = hash_to_message!(&Sha256dHash::hash(&announcement.encode()[..])[..]);
                                if self.secp_ctx.verify(&msghash, &msg.node_signature, if were_node_one { &announcement.node_id_2 } else { &announcement.node_id_1 }).is_err() ||
                                                self.secp_ctx.verify(&msghash, &msg.bitcoin_signature, if were_node_one { &announcement.bitcoin_key_2 } else { &announcement.bitcoin_key_1 }).is_err() {
                                        try_chan_entry!(self, Err(ChannelError::Close("Bad announcement_signatures node_signature")), channel_state, chan);
@@ -2473,7 +2556,7 @@ impl ChainListener for ChannelManager {
        }
 
        /// We force-close the channel without letting our counterparty participate in the shutdown
-       fn block_disconnected(&self, header: &BlockHeader) {
+       fn block_disconnected(&self, header: &BlockHeader, _: u32) {
                let _ = self.total_consistency_lock.read().unwrap();
                let mut failed_channels = Vec::new();
                {
@@ -2508,14 +2591,14 @@ impl ChainListener for ChannelManager {
 
 impl ChannelMessageHandler for ChannelManager {
        //TODO: Handle errors and close channel (or so)
-       fn handle_open_channel(&self, their_node_id: &PublicKey, msg: &msgs::OpenChannel) -> Result<(), HandleError> {
+       fn handle_open_channel(&self, their_node_id: &PublicKey, their_local_features: LocalFeatures, msg: &msgs::OpenChannel) -> Result<(), HandleError> {
                let _ = self.total_consistency_lock.read().unwrap();
-               handle_error!(self, self.internal_open_channel(their_node_id, msg))
+               handle_error!(self, self.internal_open_channel(their_node_id, their_local_features, msg))
        }
 
-       fn handle_accept_channel(&self, their_node_id: &PublicKey, msg: &msgs::AcceptChannel) -> Result<(), HandleError> {
+       fn handle_accept_channel(&self, their_node_id: &PublicKey, their_local_features: LocalFeatures, msg: &msgs::AcceptChannel) -> Result<(), HandleError> {
                let _ = self.total_consistency_lock.read().unwrap();
-               handle_error!(self, self.internal_accept_channel(their_node_id, msg))
+               handle_error!(self, self.internal_accept_channel(their_node_id, their_local_features, msg))
        }
 
        fn handle_funding_created(&self, their_node_id: &PublicKey, msg: &msgs::FundingCreated) -> Result<(), HandleError> {
@@ -3086,7 +3169,6 @@ impl<'a, R : ::std::io::Read> ReadableArgs<R, ChannelManagerReadArgs<'a>> for (S
                        channel_state: Mutex::new(ChannelHolder {
                                by_id,
                                short_to_id,
-                               next_forward: Instant::now(),
                                forward_htlcs,
                                claimable_htlcs,
                                pending_msg_events: Vec::new(),
diff --git a/src/ln/channelmonitor.rs b/src/ln/channelmonitor.rs
index 3b5905e702bc55dd3789a600350dee35ec1c4376..2c0a058043d580889acf20f278bc3a9ef8b71219 100644 (file)
--- a/src/ln/channelmonitor.rs
+++ b/src/ln/channelmonitor.rs
@@ -17,12 +17,13 @@ use bitcoin::blockdata::transaction::OutPoint as BitcoinOutPoint;
 use bitcoin::blockdata::script::{Script, Builder};
 use bitcoin::blockdata::opcodes;
 use bitcoin::consensus::encode::{self, Decodable, Encodable};
-use bitcoin::util::hash::{BitcoinHash,Sha256dHash};
+use bitcoin::util::hash::BitcoinHash;
 use bitcoin::util::bip143;
 
 use bitcoin_hashes::Hash;
 use bitcoin_hashes::sha256::Hash as Sha256;
 use bitcoin_hashes::hash160::Hash as Hash160;
+use bitcoin_hashes::sha256d::Hash as Sha256dHash;
 
 use secp256k1::{Secp256k1,Signature};
 use secp256k1::key::{SecretKey,PublicKey};
@@ -33,7 +34,7 @@ use ln::chan_utils;
 use ln::chan_utils::HTLCOutputInCommitment;
 use ln::channelmanager::{HTLCSource, PaymentPreimage, PaymentHash};
 use ln::channel::{ACCEPTED_HTLC_SCRIPT_WEIGHT, OFFERED_HTLC_SCRIPT_WEIGHT};
-use chain::chaininterface::{ChainListener, ChainWatchInterface, BroadcasterInterface};
+use chain::chaininterface::{ChainListener, ChainWatchInterface, BroadcasterInterface, FeeEstimator, ConfirmationTarget};
 use chain::transaction::OutPoint;
 use chain::keysinterface::SpendableOutputDescriptor;
 use util::logger::Logger;
@@ -47,8 +48,8 @@ use std::{hash,cmp, mem};
 /// An error enum representing a failure to persist a channel monitor update.
 #[derive(Clone)]
 pub enum ChannelMonitorUpdateErr {
-       /// Used to indicate a temporary failure (eg connection to a watchtower failed, but is expected
-       /// to succeed at some point in the future).
+       /// Used to indicate a temporary failure (eg connection to a watchtower or remote backup of
+       /// our state failed, but is expected to succeed at some point in the future).
        ///
        /// Such a failure will "freeze" a channel, preventing us from revoking old states or
        /// submitting new commitment transactions to the remote party.
@@ -70,6 +71,10 @@ pub enum ChannelMonitorUpdateErr {
        /// Note that even if updates made after TemporaryFailure succeed you must still call
        /// test_restore_channel_monitor to ensure you have the latest monitor and re-enable normal
        /// channel operation.
+       ///
+       /// For deployments where a copy of ChannelMonitors and other local state are backed up in a
+       /// remote location (with local copies persisted immediately), it is anticipated that all
+       /// updates will return TemporaryFailure until the remote copies could be updated.
        TemporaryFailure,
        /// Used to indicate no further channel monitor updates will be allowed (eg we've moved on to a
        /// different watchtower and cannot update with all watchtowers that were previously informed
@@ -138,6 +143,7 @@ pub struct SimpleManyChannelMonitor<Key> {
        pending_events: Mutex<Vec<events::Event>>,
        pending_htlc_updated: Mutex<HashMap<PaymentHash, Vec<(HTLCSource, Option<PaymentPreimage>)>>>,
        logger: Arc<Logger>,
+       fee_estimator: Arc<FeeEstimator>
 }
 
 impl<Key : Send + cmp::Eq + hash::Hash> ChainListener for SimpleManyChannelMonitor<Key> {
@@ -148,7 +154,7 @@ impl<Key : Send + cmp::Eq + hash::Hash> ChainListener for SimpleManyChannelMonit
                {
                        let mut monitors = self.monitors.lock().unwrap();
                        for monitor in monitors.values_mut() {
-                               let (txn_outputs, spendable_outputs, mut htlc_updated) = monitor.block_connected(txn_matched, height, &block_hash, &*self.broadcaster);
+                               let (txn_outputs, spendable_outputs, mut htlc_updated) = monitor.block_connected(txn_matched, height, &block_hash, &*self.broadcaster, &*self.fee_estimator);
                                if spendable_outputs.len() > 0 {
                                        new_events.push(events::Event::SpendableOutputs {
                                                outputs: spendable_outputs,
@@ -172,10 +178,6 @@ impl<Key : Send + cmp::Eq + hash::Hash> ChainListener for SimpleManyChannelMonit
                                                // In case of reorg we may have htlc outputs solved in a different way so
                                                // we prefer to keep claims but don't store duplicate updates for a given
                                                // (payment_hash, HTLCSource) pair.
-                                               // TODO: Note that we currently don't really use this as ChannelManager
-                                               // will fail/claim backwards after the first block. We really should delay
-                                               // a few blocks before failing backwards (but can claim backwards
-                                               // immediately) as long as we have a few blocks of headroom.
                                                let mut existing_claim = false;
                                                e.get_mut().retain(|htlc_data| {
                                                        if htlc.0 == htlc_data.0 {
@@ -199,13 +201,19 @@ impl<Key : Send + cmp::Eq + hash::Hash> ChainListener for SimpleManyChannelMonit
                pending_events.append(&mut new_events);
        }
 
-       fn block_disconnected(&self, _: &BlockHeader) { }
+       fn block_disconnected(&self, header: &BlockHeader, disconnected_height: u32) {
+               let block_hash = header.bitcoin_hash();
+               let mut monitors = self.monitors.lock().unwrap();
+               for monitor in monitors.values_mut() {
+                       monitor.block_disconnected(disconnected_height, &block_hash);
+               }
+       }
 }
 
 impl<Key : Send + cmp::Eq + hash::Hash + 'static> SimpleManyChannelMonitor<Key> {
        /// Creates a new object which can be used to monitor several channels given the chain
        /// interface with which to register to receive notifications.
-       pub fn new(chain_monitor: Arc<ChainWatchInterface>, broadcaster: Arc<BroadcasterInterface>, logger: Arc<Logger>) -> Arc<SimpleManyChannelMonitor<Key>> {
+       pub fn new(chain_monitor: Arc<ChainWatchInterface>, broadcaster: Arc<BroadcasterInterface>, logger: Arc<Logger>, feeest: Arc<FeeEstimator>) -> Arc<SimpleManyChannelMonitor<Key>> {
                let res = Arc::new(SimpleManyChannelMonitor {
                        monitors: Mutex::new(HashMap::new()),
                        chain_monitor,
@@ -213,6 +221,7 @@ impl<Key : Send + cmp::Eq + hash::Hash + 'static> SimpleManyChannelMonitor<Key>
                        pending_events: Mutex::new(Vec::new()),
                        pending_htlc_updated: Mutex::new(HashMap::new()),
                        logger,
+                       fee_estimator: feeest,
                });
                let weak_res = Arc::downgrade(&res);
                res.chain_monitor.register_listener(weak_res);
@@ -294,13 +303,24 @@ const CLTV_SHARED_CLAIM_BUFFER: u32 = 12;
 pub(crate) const CLTV_CLAIM_BUFFER: u32 = 6;
 /// Number of blocks by which point we expect our counterparty to have seen new blocks on the
 /// network and done a full update_fail_htlc/commitment_signed dance (+ we've updated all our
-/// copies of ChannelMonitors, including watchtowers).
-pub(crate) const HTLC_FAIL_TIMEOUT_BLOCKS: u32 = 3;
-/// Number of blocks we wait on seeing a confirmed HTLC-Timeout or previous revoked commitment
-/// transaction before we fail corresponding inbound HTLCs. This prevents us from failing backwards
-/// and then getting a reorg resulting in us losing money.
-//TODO: We currently don't actually use this...we should
-pub(crate) const HTLC_FAIL_ANTI_REORG_DELAY: u32 = 6;
+/// copies of ChannelMonitors, including watchtowers). We could enforce the contract by failing
+/// at CLTV expiration height but giving a grace period to our peer may be profitable for us if he
+/// can provide an over-late preimage. Nevertheless, grace period has to be accounted in our
+/// CLTV_EXPIRY_DELTA to be secure. Following this policy we may decrease the rate of channel failures
+/// due to expiration but increase the cost of funds being locked longuer in case of failure.
+/// This delay also cover a low-power peer being slow to process blocks and so being behind us on
+/// accurate block height.
+/// In case of onchain failure to be pass backward we may see the last block of ANTI_REORG_DELAY
+/// with at worst this delay, so we are not only using this value as a mercy for them but also
+/// us as a safeguard to delay with enough time.
+pub(crate) const LATENCY_GRACE_PERIOD_BLOCKS: u32 = 3;
+/// Number of blocks we wait on seeing a HTLC output being solved before we fail corresponding inbound
+/// HTLCs. This prevents us from failing backwards and then getting a reorg resulting in us losing money.
+/// We use also this delay to be sure we can remove our in-flight claim txn from bump candidates buffer.
+/// It may cause spurrious generation of bumped claim txn but that's allright given the outpoint is already
+/// solved by a previous claim tx. What we want to avoid is reorg evicting our claim tx and us not
+/// keeping bumping another claim tx to solve the outpoint.
+pub(crate) const ANTI_REORG_DELAY: u32 = 6;
 
 #[derive(Clone, PartialEq)]
 enum Storage {
@@ -335,6 +355,58 @@ struct LocalSignedTx {
        htlc_outputs: Vec<(HTLCOutputInCommitment, Option<(Signature, Signature)>, Option<HTLCSource>)>,
 }
 
+#[derive(PartialEq)]
+enum InputDescriptors {
+       RevokedOfferedHTLC,
+       RevokedReceivedHTLC,
+       OfferedHTLC,
+       ReceivedHTLC,
+       RevokedOutput, // either a revoked to_local output on commitment tx, a revoked HTLC-Timeout output or a revoked HTLC-Success output
+}
+
+/// When ChannelMonitor discovers an onchain outpoint being a step of a channel and that it needs
+/// to generate a tx to push channel state forward, we cache outpoint-solving tx material to build
+/// a new bumped one in case of lenghty confirmation delay
+#[derive(Clone, PartialEq)]
+enum TxMaterial {
+       Revoked {
+               script: Script,
+               pubkey: Option<PublicKey>,
+               key: SecretKey,
+               is_htlc: bool,
+               amount: u64,
+       },
+       RemoteHTLC {
+               script: Script,
+               key: SecretKey,
+               preimage: Option<PaymentPreimage>,
+               amount: u64,
+       },
+       LocalHTLC {
+               script: Script,
+               sigs: (Signature, Signature),
+               preimage: Option<PaymentPreimage>,
+               amount: u64,
+       }
+}
+
+/// Upon discovering of some classes of onchain tx by ChannelMonitor, we may have to take actions on it
+/// once they mature to enough confirmations (ANTI_REORG_DELAY)
+#[derive(Clone, PartialEq)]
+enum OnchainEvent {
+       /// Outpoint under claim process by our own tx, once this one get enough confirmations, we remove it from
+       /// bump-txn candidate buffer.
+       Claim {
+               outpoint: BitcoinOutPoint,
+       },
+       /// HTLC output getting solved by a timeout, at maturation we pass upstream payment source information to solve
+       /// inbound HTLC in backward channel. Note, in case of preimage, we pass info to upstream without delay as we can
+       /// only win from it, so it's never an OnchainEvent
+       HTLCUpdate {
+               htlc_update: (HTLCSource, PaymentHash),
+       },
+}
+
 const SERIALIZATION_VERSION: u8 = 1;
 const MIN_SERIALIZATION_VERSION: u8 = 1;
 
@@ -385,6 +457,19 @@ pub struct ChannelMonitor {
 
        destination_script: Script,
 
+       // Used to track outpoint in the process of being claimed by our transactions. We need to scan all transactions
+       // for inputs spending this. If height timer (u32) is expired and claim tx hasn't reached enough confirmations
+       // before, use TxMaterial to regenerate a new claim tx with a satoshis-per-1000-weight-units higher than last
+       // one (u64), if timelock expiration (u32) is near, decrease height timer, the in-between bumps delay.
+       // Last field cached (u32) is height of outpoint confirmation, which is needed to flush this tracker
+       // in case of reorgs, given block timer are scaled on timer expiration we can't deduce from it original height.
+       our_claim_txn_waiting_first_conf: HashMap<BitcoinOutPoint, (u32, TxMaterial, u64, u32, u32)>,
+
+       // Used to track onchain events, i.e transactions parts of channels confirmed on chain, on which
+       // we have to take actions once they reach enough confs. Key is a block height timer, i.e we enforce
+       // actions when we receive a block with given height. Actions depend on OnchainEvent type.
+       onchain_events_waiting_threshold_conf: HashMap<u32, Vec<OnchainEvent>>,
+
        // We simply modify last_block_hash in Channel's block_connected so that serialization is
        // consistent but hopefully the users' copy handles block_connected in a consistent way.
        // (we do *not*, however, update them in insert_combine to ensure any local user copies keep
@@ -395,6 +480,41 @@ pub struct ChannelMonitor {
        logger: Arc<Logger>,
 }
 
+macro_rules! subtract_high_prio_fee {
+       ($self: ident, $fee_estimator: expr, $value: expr, $predicted_weight: expr, $spent_txid: expr, $used_feerate: expr) => {
+               {
+                       $used_feerate = $fee_estimator.get_est_sat_per_1000_weight(ConfirmationTarget::HighPriority);
+                       let mut fee = $used_feerate * $predicted_weight / 1000;
+                       if $value <= fee {
+                               $used_feerate = $fee_estimator.get_est_sat_per_1000_weight(ConfirmationTarget::Normal);
+                               fee = $used_feerate * $predicted_weight / 1000;
+                               if $value <= fee {
+                                       $used_feerate = $fee_estimator.get_est_sat_per_1000_weight(ConfirmationTarget::Background);
+                                       fee = $used_feerate * $predicted_weight / 1000;
+                                       if $value <= fee {
+                                               log_error!($self, "Failed to generate an on-chain punishment tx spending {} as even low priority fee ({} sat) was more than the entire claim balance ({} sat)",
+                                                       $spent_txid, fee, $value);
+                                               false
+                                       } else {
+                                               log_warn!($self, "Used low priority fee for on-chain punishment tx spending {} as high priority fee was more than the entire claim balance ({} sat)",
+                                                       $spent_txid, $value);
+                                               $value -= fee;
+                                               true
+                                       }
+                               } else {
+                                       log_warn!($self, "Used medium priority fee for on-chain punishment tx spending {} as high priority fee was more than the entire claim balance ({} sat)",
+                                               $spent_txid, $value);
+                                       $value -= fee;
+                                       true
+                               }
+                       } else {
+                               $value -= fee;
+                               true
+                       }
+               }
+       }
+}
+
 #[cfg(any(test, feature = "fuzztarget"))]
 /// Used only in testing and fuzztarget to check serialization roundtrips don't change the
 /// underlying object
@@ -414,7 +534,9 @@ impl PartialEq for ChannelMonitor {
                        self.current_remote_commitment_number != other.current_remote_commitment_number ||
                        self.current_local_signed_commitment_tx != other.current_local_signed_commitment_tx ||
                        self.payment_preimages != other.payment_preimages ||
-                       self.destination_script != other.destination_script
+                       self.destination_script != other.destination_script ||
+                       self.our_claim_txn_waiting_first_conf != other.our_claim_txn_waiting_first_conf ||
+                       self.onchain_events_waiting_threshold_conf != other.onchain_events_waiting_threshold_conf
                {
                        false
                } else {
@@ -464,12 +586,55 @@ impl ChannelMonitor {
                        payment_preimages: HashMap::new(),
                        destination_script: destination_script,
 
+                       our_claim_txn_waiting_first_conf: HashMap::new(),
+
+                       onchain_events_waiting_threshold_conf: HashMap::new(),
+
                        last_block_hash: Default::default(),
                        secp_ctx: Secp256k1::new(),
                        logger,
                }
        }
 
+       fn get_witnesses_weight(inputs: &[InputDescriptors]) -> u64 {
+               let mut tx_weight = 2; // count segwit flags
+               for inp in inputs {
+                       // We use expected weight (and not actual) as signatures and time lock delays may vary
+                       tx_weight +=  match inp {
+                               // number_of_witness_elements + sig_length + revocation_sig + pubkey_length + revocationpubkey + witness_script_length + witness_script
+                               &InputDescriptors::RevokedOfferedHTLC => {
+                                       1 + 1 + 73 + 1 + 33 + 1 + 133
+                               },
+                               // number_of_witness_elements + sig_length + revocation_sig + pubkey_length + revocationpubkey + witness_script_length + witness_script
+                               &InputDescriptors::RevokedReceivedHTLC => {
+                                       1 + 1 + 73 + 1 + 33 + 1 + 139
+                               },
+                               // number_of_witness_elements + sig_length + remotehtlc_sig  + preimage_length + preimage + witness_script_length + witness_script
+                               &InputDescriptors::OfferedHTLC => {
+                                       1 + 1 + 73 + 1 + 32 + 1 + 133
+                               },
+                               // number_of_witness_elements + sig_length + revocation_sig + pubkey_length + revocationpubkey + witness_script_length + witness_script
+                               &InputDescriptors::ReceivedHTLC => {
+                                       1 + 1 + 73 + 1 + 1 + 1 + 139
+                               },
+                               // number_of_witness_elements + sig_length + revocation_sig + true_length + op_true + witness_script_length + witness_script
+                               &InputDescriptors::RevokedOutput => {
+                                       1 + 1 + 73 + 1 + 1 + 1 + 77
+                               },
+                       };
+               }
+               tx_weight
+       }
+
+       fn get_height_timer(current_height: u32, timelock_expiration: u32) -> u32 {
+               if timelock_expiration <= current_height || timelock_expiration - current_height <= 3 {
+                       return current_height + 1
+               } else if timelock_expiration - current_height <= 15 {
+                       return current_height + 3
+               }
+               current_height + 15
+       }
+
        #[inline]
        fn place_secret(idx: u64) -> u8 {
                for i in 0..48 {
@@ -796,18 +961,8 @@ impl ChannelMonitor {
                                writer.write_all(&delayed_payment_base_key[..])?;
                                writer.write_all(&payment_base_key[..])?;
                                writer.write_all(&shutdown_pubkey.serialize())?;
-                               if let Some(ref prev_latest_per_commitment_point) = *prev_latest_per_commitment_point {
-                                       writer.write_all(&[1; 1])?;
-                                       writer.write_all(&prev_latest_per_commitment_point.serialize())?;
-                               } else {
-                                       writer.write_all(&[0; 1])?;
-                               }
-                               if let Some(ref latest_per_commitment_point) = *latest_per_commitment_point {
-                                       writer.write_all(&[1; 1])?;
-                                       writer.write_all(&latest_per_commitment_point.serialize())?;
-                               } else {
-                                       writer.write_all(&[0; 1])?;
-                               }
+                               prev_latest_per_commitment_point.write(writer)?;
+                               latest_per_commitment_point.write(writer)?;
                                match funding_info  {
                                        &Some((ref outpoint, ref script)) => {
                                                writer.write_all(&outpoint.txid[..])?;
@@ -818,8 +973,8 @@ impl ChannelMonitor {
                                                debug_assert!(false, "Try to serialize a useless Local monitor !");
                                        },
                                }
-                               write_option!(current_remote_commitment_txid);
-                               write_option!(prev_remote_commitment_txid);
+                               current_remote_commitment_txid.write(writer)?;
+                               prev_remote_commitment_txid.write(writer)?;
                        },
                        Storage::Watchtower { .. } => unimplemented!(),
                }
@@ -859,7 +1014,7 @@ impl ChannelMonitor {
                                writer.write_all(&byte_utils::be64_to_array($htlc_output.amount_msat))?;
                                writer.write_all(&byte_utils::be32_to_array($htlc_output.cltv_expiry))?;
                                writer.write_all(&$htlc_output.payment_hash.0[..])?;
-                               write_option!(&$htlc_output.transaction_output_index);
+                               $htlc_output.transaction_output_index.write(writer)?;
                        }
                }
 
@@ -951,6 +1106,63 @@ impl ChannelMonitor {
                self.last_block_hash.write(writer)?;
                self.destination_script.write(writer)?;
 
+               writer.write_all(&byte_utils::be64_to_array(self.our_claim_txn_waiting_first_conf.len() as u64))?;
+               for (ref outpoint, claim_tx_data) in self.our_claim_txn_waiting_first_conf.iter() {
+                       outpoint.write(writer)?;
+                       writer.write_all(&byte_utils::be32_to_array(claim_tx_data.0))?;
+                       match claim_tx_data.1 {
+                               TxMaterial::Revoked { ref script, ref pubkey, ref key, ref is_htlc, ref amount} => {
+                                       writer.write_all(&[0; 1])?;
+                                       script.write(writer)?;
+                                       pubkey.write(writer)?;
+                                       writer.write_all(&key[..])?;
+                                       if *is_htlc {
+                                               writer.write_all(&[0; 1])?;
+                                       } else {
+                                               writer.write_all(&[1; 1])?;
+                                       }
+                                       writer.write_all(&byte_utils::be64_to_array(*amount))?;
+                               },
+                               TxMaterial::RemoteHTLC { ref script, ref key, ref preimage, ref amount } => {
+                                       writer.write_all(&[1; 1])?;
+                                       script.write(writer)?;
+                                       key.write(writer)?;
+                                       preimage.write(writer)?;
+                                       writer.write_all(&byte_utils::be64_to_array(*amount))?;
+                               },
+                               TxMaterial::LocalHTLC { ref script, ref sigs, ref preimage, ref amount } => {
+                                       writer.write_all(&[2; 1])?;
+                                       script.write(writer)?;
+                                       sigs.0.write(writer)?;
+                                       sigs.1.write(writer)?;
+                                       preimage.write(writer)?;
+                                       writer.write_all(&byte_utils::be64_to_array(*amount))?;
+                               }
+                       }
+                       writer.write_all(&byte_utils::be64_to_array(claim_tx_data.2))?;
+                       writer.write_all(&byte_utils::be32_to_array(claim_tx_data.3))?;
+                       writer.write_all(&byte_utils::be32_to_array(claim_tx_data.4))?;
+               }
+
+               writer.write_all(&byte_utils::be64_to_array(self.onchain_events_waiting_threshold_conf.len() as u64))?;
+               for (ref target, ref events) in self.onchain_events_waiting_threshold_conf.iter() {
+                       writer.write_all(&byte_utils::be32_to_array(**target))?;
+                       writer.write_all(&byte_utils::be64_to_array(events.len() as u64))?;
+                       for ev in events.iter() {
+                               match *ev {
+                                       OnchainEvent::Claim { ref outpoint } => {
+                                               writer.write_all(&[0; 1])?;
+                                               outpoint.write(writer)?;
+                                       },
+                                       OnchainEvent::HTLCUpdate { ref htlc_update } => {
+                                               writer.write_all(&[1; 1])?;
+                                               htlc_update.0.write(writer)?;
+                                               htlc_update.1.write(writer)?;
+                                       }
+                               }
+                       }
+               }
+
                Ok(())
        }
 
@@ -1014,13 +1226,12 @@ impl ChannelMonitor {
        /// HTLC-Success/HTLC-Timeout transactions.
        /// Return updates for HTLC pending in the channel and failed automatically by the broadcast of
        /// revoked remote commitment tx
-       fn check_spend_remote_transaction(&mut self, tx: &Transaction, height: u32) -> (Vec<Transaction>, (Sha256dHash, Vec<TxOut>), Vec<SpendableOutputDescriptor>, Vec<(HTLCSource, Option<PaymentPreimage>, PaymentHash)>)  {
+       fn check_spend_remote_transaction(&mut self, tx: &Transaction, height: u32, fee_estimator: &FeeEstimator) -> (Vec<Transaction>, (Sha256dHash, Vec<TxOut>), Vec<SpendableOutputDescriptor>) {
                // Most secp and related errors trying to create keys means we have no hope of constructing
                // a spend transaction...so we return no transactions to broadcast
                let mut txn_to_broadcast = Vec::new();
                let mut watch_outputs = Vec::new();
                let mut spendable_outputs = Vec::new();
-               let mut htlc_updated = Vec::new();
 
                let commitment_txid = tx.txid(); //TODO: This is gonna be a performance bottleneck for watchtowers!
                let per_commitment_option = self.remote_claimable_outpoints.get(&commitment_txid);
@@ -1029,7 +1240,7 @@ impl ChannelMonitor {
                        ( $thing : expr ) => {
                                match $thing {
                                        Ok(a) => a,
-                                       Err(_) => return (txn_to_broadcast, (commitment_txid, watch_outputs), spendable_outputs, htlc_updated)
+                                       Err(_) => return (txn_to_broadcast, (commitment_txid, watch_outputs), spendable_outputs)
                                }
                        };
                }
@@ -1054,7 +1265,7 @@ impl ChannelMonitor {
                        };
                        let delayed_key = ignore_error!(chan_utils::derive_public_key(&self.secp_ctx, &PublicKey::from_secret_key(&self.secp_ctx, &per_commitment_key), &self.their_delayed_payment_base_key.unwrap()));
                        let a_htlc_key = match self.their_htlc_base_key {
-                               None => return (txn_to_broadcast, (commitment_txid, watch_outputs), spendable_outputs, htlc_updated),
+                               None => return (txn_to_broadcast, (commitment_txid, watch_outputs), spendable_outputs),
                                Some(their_htlc_base_key) => ignore_error!(chan_utils::derive_public_key(&self.secp_ctx, &PublicKey::from_secret_key(&self.secp_ctx, &per_commitment_key), &their_htlc_base_key)),
                        };
 
@@ -1069,9 +1280,9 @@ impl ChannelMonitor {
                        } else { None };
 
                        let mut total_value = 0;
-                       let mut values = Vec::new();
                        let mut inputs = Vec::new();
-                       let mut htlc_idxs = Vec::new();
+                       let mut inputs_info = Vec::new();
+                       let mut inputs_desc = Vec::new();
 
                        for (idx, outp) in tx.output.iter().enumerate() {
                                if outp.script_pubkey == revokeable_p2wsh {
@@ -1084,8 +1295,8 @@ impl ChannelMonitor {
                                                sequence: 0xfffffffd,
                                                witness: Vec::new(),
                                        });
-                                       htlc_idxs.push(None);
-                                       values.push(outp.value);
+                                       inputs_desc.push(InputDescriptors::RevokedOutput);
+                                       inputs_info.push((None, outp.value, self.our_to_self_delay as u32));
                                        total_value += outp.value;
                                } else if Some(&outp.script_pubkey) == local_payment_p2wpkh.as_ref() {
                                        spendable_outputs.push(SpendableOutputDescriptor::DynamicOutputP2WPKH {
@@ -1099,7 +1310,7 @@ impl ChannelMonitor {
                        macro_rules! sign_input {
                                ($sighash_parts: expr, $input: expr, $htlc_idx: expr, $amount: expr) => {
                                        {
-                                               let (sig, redeemscript) = match self.key_storage {
+                                               let (sig, redeemscript, revocation_key) = match self.key_storage {
                                                        Storage::Local { ref revocation_base_key, .. } => {
                                                                let redeemscript = if $htlc_idx.is_none() { revokeable_redeemscript.clone() } else {
                                                                        let htlc = &per_commitment_option.unwrap()[$htlc_idx.unwrap()].0;
@@ -1107,7 +1318,7 @@ impl ChannelMonitor {
                                                                };
                                                                let sighash = hash_to_message!(&$sighash_parts.sighash_all(&$input, &redeemscript, $amount)[..]);
                                                                let revocation_key = ignore_error!(chan_utils::derive_private_revocation_key(&self.secp_ctx, &per_commitment_key, &revocation_base_key));
-                                                               (self.secp_ctx.sign(&sighash, &revocation_key), redeemscript)
+                                                               (self.secp_ctx.sign(&sighash, &revocation_key), redeemscript, revocation_key)
                                                        },
                                                        Storage::Watchtower { .. } => {
                                                                unimplemented!();
@@ -1120,7 +1331,8 @@ impl ChannelMonitor {
                                                } else {
                                                        $input.witness.push(revocation_pubkey.serialize().to_vec());
                                                }
-                                               $input.witness.push(redeemscript.into_bytes());
+                                               $input.witness.push(redeemscript.clone().into_bytes());
+                                               (redeemscript, revocation_key)
                                        }
                                }
                        }
@@ -1134,7 +1346,7 @@ impl ChannelMonitor {
                                                if transaction_output_index as usize >= tx.output.len() ||
                                                                tx.output[transaction_output_index as usize].value != htlc.amount_msat / 1000 ||
                                                                tx.output[transaction_output_index as usize].script_pubkey != expected_script.to_v0_p2wsh() {
-                                                       return (txn_to_broadcast, (commitment_txid, watch_outputs), spendable_outputs, htlc_updated); // Corrupted per_commitment_data, fuck this user
+                                                       return (txn_to_broadcast, (commitment_txid, watch_outputs), spendable_outputs); // Corrupted per_commitment_data, fuck this user
                                                }
                                                let input = TxIn {
                                                        previous_output: BitcoinOutPoint {
@@ -1147,9 +1359,9 @@ impl ChannelMonitor {
                                                };
                                                if htlc.cltv_expiry > height + CLTV_SHARED_CLAIM_BUFFER {
                                                        inputs.push(input);
-                                                       htlc_idxs.push(Some(idx));
-                                                       values.push(tx.output[transaction_output_index as usize].value);
-                                                       total_value += htlc.amount_msat / 1000;
+                                                       inputs_desc.push(if htlc.offered { InputDescriptors::RevokedOfferedHTLC } else { InputDescriptors::RevokedReceivedHTLC });
+                                                       inputs_info.push((Some(idx), tx.output[transaction_output_index as usize].value, htlc.cltv_expiry));
+                                                       total_value += tx.output[transaction_output_index as usize].value;
                                                } else {
                                                        let mut single_htlc_tx = Transaction {
                                                                version: 2,
@@ -1157,12 +1369,22 @@ impl ChannelMonitor {
                                                                input: vec![input],
                                                                output: vec!(TxOut {
                                                                        script_pubkey: self.destination_script.clone(),
-                                                                       value: htlc.amount_msat / 1000, //TODO: - fee
+                                                                       value: htlc.amount_msat / 1000,
                                                                }),
                                                        };
-                                                       let sighash_parts = bip143::SighashComponents::new(&single_htlc_tx);
-                                                       sign_input!(sighash_parts, single_htlc_tx.input[0], Some(idx), htlc.amount_msat / 1000);
-                                                       txn_to_broadcast.push(single_htlc_tx);
+                                                       let predicted_weight = single_htlc_tx.get_weight() + Self::get_witnesses_weight(&[if htlc.offered { InputDescriptors::RevokedOfferedHTLC } else { InputDescriptors::RevokedReceivedHTLC }]);
+                                                       let height_timer = Self::get_height_timer(height, htlc.cltv_expiry);
+                                                       let mut used_feerate;
+                                                       if subtract_high_prio_fee!(self, fee_estimator, single_htlc_tx.output[0].value, predicted_weight, tx.txid(), used_feerate) {
+                                                               let sighash_parts = bip143::SighashComponents::new(&single_htlc_tx);
+                                                               let (redeemscript, revocation_key) = sign_input!(sighash_parts, single_htlc_tx.input[0], Some(idx), htlc.amount_msat / 1000);
+                                                               assert!(predicted_weight >= single_htlc_tx.get_weight());
+                                                               match self.our_claim_txn_waiting_first_conf.entry(single_htlc_tx.input[0].previous_output.clone()) {
+                                                                       hash_map::Entry::Occupied(_) => {},
+                                                                       hash_map::Entry::Vacant(entry) => { entry.insert((height_timer, TxMaterial::Revoked { script: redeemscript, pubkey: Some(revocation_pubkey), key: revocation_key, is_htlc: true, amount: htlc.amount_msat / 1000 }, used_feerate, htlc.cltv_expiry, height)); }
+                                                               }
+                                                               txn_to_broadcast.push(single_htlc_tx);
+                                                       }
                                                }
                                        }
                                }
@@ -1174,16 +1396,29 @@ impl ChannelMonitor {
                                watch_outputs.append(&mut tx.output.clone());
                                self.remote_commitment_txn_on_chain.insert(commitment_txid, (commitment_number, tx.output.iter().map(|output| { output.script_pubkey.clone() }).collect()));
 
-                               // TODO: We really should only fail backwards after our revocation claims have been
-                               // confirmed, but we also need to do more other tracking of in-flight pre-confirm
-                               // on-chain claims, so we can do that at the same time.
                                macro_rules! check_htlc_fails {
                                        ($txid: expr, $commitment_tx: expr) => {
-                                               if let Some(ref outpoints) = self.remote_claimable_outpoints.get(&$txid) {
+                                               if let Some(ref outpoints) = self.remote_claimable_outpoints.get($txid) {
                                                        for &(ref htlc, ref source_option) in outpoints.iter() {
                                                                if let &Some(ref source) = source_option {
-                                                                       log_trace!(self, "Failing HTLC with payment_hash {} from {} remote commitment tx due to broadcast of revoked remote commitment transaction", log_bytes!(htlc.payment_hash.0), $commitment_tx);
-                                                                       htlc_updated.push(((**source).clone(), None, htlc.payment_hash.clone()));
+                                                                       log_info!(self, "Failing HTLC with payment_hash {} from {} remote commitment tx due to broadcast of revoked remote commitment transaction, waiting for confirmation (at height {})", log_bytes!(htlc.payment_hash.0), $commitment_tx, height + ANTI_REORG_DELAY - 1);
+                                                                       match self.onchain_events_waiting_threshold_conf.entry(height + ANTI_REORG_DELAY - 1) {
+                                                                               hash_map::Entry::Occupied(mut entry) => {
+                                                                                       let e = entry.get_mut();
+                                                                                       e.retain(|ref event| {
+                                                                                               match **event {
+                                                                                                       OnchainEvent::HTLCUpdate { ref htlc_update } => {
+                                                                                                               return htlc_update.0 != **source
+                                                                                                       },
+                                                                                                       _ => return true
+                                                                                               }
+                                                                                       });
+                                                                                       e.push(OnchainEvent::HTLCUpdate { htlc_update: ((**source).clone(), htlc.payment_hash.clone())});
+                                                                               }
+                                                                               hash_map::Entry::Vacant(entry) => {
+                                                                                       entry.insert(vec![OnchainEvent::HTLCUpdate { htlc_update: ((**source).clone(), htlc.payment_hash.clone())}]);
+                                                                               }
+                                                                       }
                                                                }
                                                        }
                                                }
@@ -1199,11 +1434,11 @@ impl ChannelMonitor {
                                }
                                // No need to check local commitment txn, symmetric HTLCSource must be present as per-htlc data on remote commitment tx
                        }
-                       if inputs.is_empty() { return (txn_to_broadcast, (commitment_txid, watch_outputs), spendable_outputs, htlc_updated); } // Nothing to be done...probably a false positive/local tx
+                       if inputs.is_empty() { return (txn_to_broadcast, (commitment_txid, watch_outputs), spendable_outputs); } // Nothing to be done...probably a false positive/local tx
 
                        let outputs = vec!(TxOut {
                                script_pubkey: self.destination_script.clone(),
-                               value: total_value, //TODO: - fee
+                               value: total_value,
                        });
                        let mut spend_tx = Transaction {
                                version: 2,
@@ -1212,13 +1447,24 @@ impl ChannelMonitor {
                                output: outputs,
                        };
 
-                       let mut values_drain = values.drain(..);
+                       let predicted_weight = spend_tx.get_weight() + Self::get_witnesses_weight(&inputs_desc[..]);
+
+                       let mut used_feerate;
+                       if !subtract_high_prio_fee!(self, fee_estimator, spend_tx.output[0].value, predicted_weight, tx.txid(), used_feerate) {
+                               return (txn_to_broadcast, (commitment_txid, watch_outputs), spendable_outputs);
+                       }
+
                        let sighash_parts = bip143::SighashComponents::new(&spend_tx);
 
-                       for (input, htlc_idx) in spend_tx.input.iter_mut().zip(htlc_idxs.iter()) {
-                               let value = values_drain.next().unwrap();
-                               sign_input!(sighash_parts, input, htlc_idx, value);
+                       for (input, info) in spend_tx.input.iter_mut().zip(inputs_info.iter()) {
+                               let (redeemscript, revocation_key) = sign_input!(sighash_parts, input, info.0, info.1);
+                               let height_timer = Self::get_height_timer(height, info.2);
+                               match self.our_claim_txn_waiting_first_conf.entry(input.previous_output.clone()) {
+                                       hash_map::Entry::Occupied(_) => {},
+                                       hash_map::Entry::Vacant(entry) => { entry.insert((height_timer, TxMaterial::Revoked { script: redeemscript, pubkey: if info.0.is_some() { Some(revocation_pubkey) } else { None }, key: revocation_key, is_htlc: if info.0.is_some() { true } else { false }, amount: info.1 }, used_feerate, if !info.0.is_some() { height + info.2 } else { info.2 }, height)); }
+                               }
                        }
+                       assert!(predicted_weight >= spend_tx.get_weight());
 
                        spendable_outputs.push(SpendableOutputDescriptor::StaticOutput {
                                outpoint: BitcoinOutPoint { txid: spend_tx.txid(), vout: 0 },
@@ -1238,12 +1484,9 @@ impl ChannelMonitor {
 
                        log_trace!(self, "Got broadcast of non-revoked remote commitment transaction {}", commitment_txid);
 
-                       // TODO: We really should only fail backwards after our revocation claims have been
-                       // confirmed, but we also need to do more other tracking of in-flight pre-confirm
-                       // on-chain claims, so we can do that at the same time.
                        macro_rules! check_htlc_fails {
                                ($txid: expr, $commitment_tx: expr, $id: tt) => {
-                                       if let Some(ref latest_outpoints) = self.remote_claimable_outpoints.get(&$txid) {
+                                       if let Some(ref latest_outpoints) = self.remote_claimable_outpoints.get($txid) {
                                                $id: for &(ref htlc, ref source_option) in latest_outpoints.iter() {
                                                        if let &Some(ref source) = source_option {
                                                                // Check if the HTLC is present in the commitment transaction that was
@@ -1261,7 +1504,23 @@ impl ChannelMonitor {
                                                                        }
                                                                }
                                                                log_trace!(self, "Failing HTLC with payment_hash {} from {} remote commitment tx due to broadcast of remote commitment transaction", log_bytes!(htlc.payment_hash.0), $commitment_tx);
-                                                               htlc_updated.push(((**source).clone(), None, htlc.payment_hash.clone()));
+                                                               match self.onchain_events_waiting_threshold_conf.entry(height + ANTI_REORG_DELAY - 1) {
+                                                                       hash_map::Entry::Occupied(mut entry) => {
+                                                                               let e = entry.get_mut();
+                                                                               e.retain(|ref event| {
+                                                                                       match **event {
+                                                                                               OnchainEvent::HTLCUpdate { ref htlc_update } => {
+                                                                                                       return htlc_update.0 != **source
+                                                                                               },
+                                                                                               _ => return true
+                                                                                       }
+                                                                               });
+                                                                               e.push(OnchainEvent::HTLCUpdate { htlc_update: ((**source).clone(), htlc.payment_hash.clone())});
+                                                                       }
+                                                                       hash_map::Entry::Vacant(entry) => {
+                                                                               entry.insert(vec![OnchainEvent::HTLCUpdate { htlc_update: ((**source).clone(), htlc.payment_hash.clone())}]);
+                                                                       }
+                                                               }
                                                        }
                                                }
                                        }
@@ -1294,7 +1553,7 @@ impl ChannelMonitor {
                                                },
                                        };
                                        let a_htlc_key = match self.their_htlc_base_key {
-                                               None => return (txn_to_broadcast, (commitment_txid, watch_outputs), spendable_outputs, htlc_updated),
+                                               None => return (txn_to_broadcast, (commitment_txid, watch_outputs), spendable_outputs),
                                                Some(their_htlc_base_key) => ignore_error!(chan_utils::derive_public_key(&self.secp_ctx, revocation_point, &their_htlc_base_key)),
                                        };
 
@@ -1317,19 +1576,20 @@ impl ChannelMonitor {
                                        }
 
                                        let mut total_value = 0;
-                                       let mut values = Vec::new();
                                        let mut inputs = Vec::new();
+                                       let mut inputs_desc = Vec::new();
+                                       let mut inputs_info = Vec::new();
 
                                        macro_rules! sign_input {
                                                ($sighash_parts: expr, $input: expr, $amount: expr, $preimage: expr) => {
                                                        {
-                                                               let (sig, redeemscript) = match self.key_storage {
+                                                               let (sig, redeemscript, htlc_key) = match self.key_storage {
                                                                        Storage::Local { ref htlc_base_key, .. } => {
                                                                                let htlc = &per_commitment_option.unwrap()[$input.sequence as usize].0;
                                                                                let redeemscript = chan_utils::get_htlc_redeemscript_with_explicit_keys(htlc, &a_htlc_key, &b_htlc_key, &revocation_pubkey);
                                                                                let sighash = hash_to_message!(&$sighash_parts.sighash_all(&$input, &redeemscript, $amount)[..]);
                                                                                let htlc_key = ignore_error!(chan_utils::derive_private_key(&self.secp_ctx, revocation_point, &htlc_base_key));
-                                                                               (self.secp_ctx.sign(&sighash, &htlc_key), redeemscript)
+                                                                               (self.secp_ctx.sign(&sighash, &htlc_key), redeemscript, htlc_key)
                                                                        },
                                                                        Storage::Watchtower { .. } => {
                                                                                unimplemented!();
@@ -1338,7 +1598,8 @@ impl ChannelMonitor {
                                                                $input.witness.push(sig.serialize_der().to_vec());
                                                                $input.witness[0].push(SigHashType::All as u8);
                                                                $input.witness.push($preimage);
-                                                               $input.witness.push(redeemscript.into_bytes());
+                                                               $input.witness.push(redeemscript.clone().into_bytes());
+                                                               (redeemscript, htlc_key)
                                                        }
                                                }
                                        }
@@ -1349,7 +1610,7 @@ impl ChannelMonitor {
                                                        if transaction_output_index as usize >= tx.output.len() ||
                                                                        tx.output[transaction_output_index as usize].value != htlc.amount_msat / 1000 ||
                                                                        tx.output[transaction_output_index as usize].script_pubkey != expected_script.to_v0_p2wsh() {
-                                                               return (txn_to_broadcast, (commitment_txid, watch_outputs), spendable_outputs, htlc_updated); // Corrupted per_commitment_data, fuck this user
+                                                               return (txn_to_broadcast, (commitment_txid, watch_outputs), spendable_outputs); // Corrupted per_commitment_data, fuck this user
                                                        }
                                                        if let Some(payment_preimage) = self.payment_preimages.get(&htlc.payment_hash) {
                                                                let input = TxIn {
@@ -1363,8 +1624,9 @@ impl ChannelMonitor {
                                                                };
                                                                if htlc.cltv_expiry > height + CLTV_SHARED_CLAIM_BUFFER {
                                                                        inputs.push(input);
-                                                                       values.push((tx.output[transaction_output_index as usize].value, payment_preimage));
-                                                                       total_value += htlc.amount_msat / 1000;
+                                                                       inputs_desc.push(if htlc.offered { InputDescriptors::OfferedHTLC } else { InputDescriptors::ReceivedHTLC });
+                                                                       inputs_info.push((payment_preimage, tx.output[transaction_output_index as usize].value, htlc.cltv_expiry));
+                                                                       total_value += tx.output[transaction_output_index as usize].value;
                                                                } else {
                                                                        let mut single_htlc_tx = Transaction {
                                                                                version: 2,
@@ -1372,16 +1634,26 @@ impl ChannelMonitor {
                                                                                input: vec![input],
                                                                                output: vec!(TxOut {
                                                                                        script_pubkey: self.destination_script.clone(),
-                                                                                       value: htlc.amount_msat / 1000, //TODO: - fee
+                                                                                       value: htlc.amount_msat / 1000,
                                                                                }),
                                                                        };
-                                                                       let sighash_parts = bip143::SighashComponents::new(&single_htlc_tx);
-                                                                       sign_input!(sighash_parts, single_htlc_tx.input[0], htlc.amount_msat / 1000, payment_preimage.0.to_vec());
-                                                                       spendable_outputs.push(SpendableOutputDescriptor::StaticOutput {
-                                                                               outpoint: BitcoinOutPoint { txid: single_htlc_tx.txid(), vout: 0 },
-                                                                               output: single_htlc_tx.output[0].clone(),
-                                                                       });
-                                                                       txn_to_broadcast.push(single_htlc_tx);
+                                                                       let predicted_weight = single_htlc_tx.get_weight() + Self::get_witnesses_weight(&[if htlc.offered { InputDescriptors::OfferedHTLC } else { InputDescriptors::ReceivedHTLC }]);
+                                                                       let height_timer = Self::get_height_timer(height, htlc.cltv_expiry);
+                                                                       let mut used_feerate;
+                                                                       if subtract_high_prio_fee!(self, fee_estimator, single_htlc_tx.output[0].value, predicted_weight, tx.txid(), used_feerate) {
+                                                                               let sighash_parts = bip143::SighashComponents::new(&single_htlc_tx);
+                                                                               let (redeemscript, htlc_key) = sign_input!(sighash_parts, single_htlc_tx.input[0], htlc.amount_msat / 1000, payment_preimage.0.to_vec());
+                                                                               assert!(predicted_weight >= single_htlc_tx.get_weight());
+                                                                               spendable_outputs.push(SpendableOutputDescriptor::StaticOutput {
+                                                                                       outpoint: BitcoinOutPoint { txid: single_htlc_tx.txid(), vout: 0 },
+                                                                                       output: single_htlc_tx.output[0].clone(),
+                                                                               });
+                                                                               match self.our_claim_txn_waiting_first_conf.entry(single_htlc_tx.input[0].previous_output.clone()) {
+                                                                                       hash_map::Entry::Occupied(_) => {},
+                                                                                       hash_map::Entry::Vacant(entry) => { entry.insert((height_timer, TxMaterial::RemoteHTLC { script: redeemscript, key: htlc_key, preimage: Some(*payment_preimage), amount: htlc.amount_msat / 1000 }, used_feerate, htlc.cltv_expiry, height)); }
+                                                                               }
+                                                                               txn_to_broadcast.push(single_htlc_tx);
+                                                                       }
                                                                }
                                                        }
                                                        if !htlc.offered {
@@ -1405,18 +1677,29 @@ impl ChannelMonitor {
                                                                                value: htlc.amount_msat / 1000,
                                                                        }),
                                                                };
-                                                               let sighash_parts = bip143::SighashComponents::new(&timeout_tx);
-                                                               sign_input!(sighash_parts, timeout_tx.input[0], htlc.amount_msat / 1000, vec![0]);
+                                                               let predicted_weight = timeout_tx.get_weight() + Self::get_witnesses_weight(&[InputDescriptors::ReceivedHTLC]);
+                                                               let height_timer = Self::get_height_timer(height, htlc.cltv_expiry);
+                                                               let mut used_feerate;
+                                                               if subtract_high_prio_fee!(self, fee_estimator, timeout_tx.output[0].value, predicted_weight, tx.txid(), used_feerate) {
+                                                                       let sighash_parts = bip143::SighashComponents::new(&timeout_tx);
+                                                                       let (redeemscript, htlc_key) = sign_input!(sighash_parts, timeout_tx.input[0], htlc.amount_msat / 1000, vec![0]);
+                                                                       assert!(predicted_weight >= timeout_tx.get_weight());
+                                                                       //TODO: track SpendableOutputDescriptor
+                                                                       match self.our_claim_txn_waiting_first_conf.entry(timeout_tx.input[0].previous_output.clone()) {
+                                                                               hash_map::Entry::Occupied(_) => {},
+                                                                               hash_map::Entry::Vacant(entry) => { entry.insert((height_timer, TxMaterial::RemoteHTLC { script : redeemscript, key: htlc_key, preimage: None, amount: htlc.amount_msat / 1000 }, used_feerate, htlc.cltv_expiry, height)); }
+                                                                       }
+                                                               }
                                                                txn_to_broadcast.push(timeout_tx);
                                                        }
                                                }
                                        }
 
-                                       if inputs.is_empty() { return (txn_to_broadcast, (commitment_txid, watch_outputs), spendable_outputs, htlc_updated); } // Nothing to be done...probably a false positive/local tx
+                                       if inputs.is_empty() { return (txn_to_broadcast, (commitment_txid, watch_outputs), spendable_outputs); } // Nothing to be done...probably a false positive/local tx
 
                                        let outputs = vec!(TxOut {
                                                script_pubkey: self.destination_script.clone(),
-                                               value: total_value, //TODO: - fee
+                                               value: total_value
                                        });
                                        let mut spend_tx = Transaction {
                                                version: 2,
@@ -1425,14 +1708,24 @@ impl ChannelMonitor {
                                                output: outputs,
                                        };
 
-                                       let mut values_drain = values.drain(..);
-                                       let sighash_parts = bip143::SighashComponents::new(&spend_tx);
+                                       let mut predicted_weight = spend_tx.get_weight() + Self::get_witnesses_weight(&inputs_desc[..]);
 
-                                       for input in spend_tx.input.iter_mut() {
-                                               let value = values_drain.next().unwrap();
-                                               sign_input!(sighash_parts, input, value.0, (value.1).0.to_vec());
+                                       let mut used_feerate;
+                                       if !subtract_high_prio_fee!(self, fee_estimator, spend_tx.output[0].value, predicted_weight, tx.txid(), used_feerate) {
+                                               return (txn_to_broadcast, (commitment_txid, watch_outputs), spendable_outputs);
                                        }
 
+                                       let sighash_parts = bip143::SighashComponents::new(&spend_tx);
+
+                                       for (input, info) in spend_tx.input.iter_mut().zip(inputs_info.iter()) {
+                                               let (redeemscript, htlc_key) = sign_input!(sighash_parts, input, info.1, (info.0).0.to_vec());
+                                               let height_timer = Self::get_height_timer(height, info.2);
+                                               match self.our_claim_txn_waiting_first_conf.entry(input.previous_output.clone()) {
+                                                       hash_map::Entry::Occupied(_) => {},
+                                                       hash_map::Entry::Vacant(entry) => { entry.insert((height_timer, TxMaterial::RemoteHTLC { script: redeemscript, key: htlc_key, preimage: Some(*(info.0)), amount: info.1}, used_feerate, info.2, height)); }
+                                               }
+                                       }
+                                       assert!(predicted_weight >= spend_tx.get_weight());
                                        spendable_outputs.push(SpendableOutputDescriptor::StaticOutput {
                                                outpoint: BitcoinOutPoint { txid: spend_tx.txid(), vout: 0 },
                                                output: spend_tx.output[0].clone(),
@@ -1442,11 +1735,11 @@ impl ChannelMonitor {
                        }
                }
 
-               (txn_to_broadcast, (commitment_txid, watch_outputs), spendable_outputs, htlc_updated)
+               (txn_to_broadcast, (commitment_txid, watch_outputs), spendable_outputs)
        }
 
        /// Attempts to claim a remote HTLC-Success/HTLC-Timeout's outputs using the revocation key
-       fn check_spend_remote_htlc(&self, tx: &Transaction, commitment_number: u64) -> (Option<Transaction>, Option<SpendableOutputDescriptor>) {
+       fn check_spend_remote_htlc(&mut self, tx: &Transaction, commitment_number: u64, height: u32, fee_estimator: &FeeEstimator) -> (Option<Transaction>, Option<SpendableOutputDescriptor>) {
                if tx.input.len() != 1 || tx.output.len() != 1 {
                        return (None, None)
                }
@@ -1475,7 +1768,7 @@ impl ChannelMonitor {
                        None => return (None, None),
                        Some(their_delayed_payment_base_key) => ignore_error!(chan_utils::derive_public_key(&self.secp_ctx, &per_commitment_point, &their_delayed_payment_base_key)),
                };
-               let redeemscript = chan_utils::get_revokeable_redeemscript(&revocation_pubkey, self.their_to_self_delay.unwrap(), &delayed_key);
+               let redeemscript = chan_utils::get_revokeable_redeemscript(&revocation_pubkey, self.our_to_self_delay, &delayed_key);
                let revokeable_p2wsh = redeemscript.to_v0_p2wsh();
                let htlc_txid = tx.txid(); //TODO: This is gonna be a performance bottleneck for watchtowers!
 
@@ -1498,7 +1791,7 @@ impl ChannelMonitor {
                if !inputs.is_empty() {
                        let outputs = vec!(TxOut {
                                script_pubkey: self.destination_script.clone(),
-                               value: amount, //TODO: - fee
+                               value: amount
                        });
 
                        let mut spend_tx = Transaction {
@@ -1507,14 +1800,19 @@ impl ChannelMonitor {
                                input: inputs,
                                output: outputs,
                        };
+                       let predicted_weight = spend_tx.get_weight() + Self::get_witnesses_weight(&[InputDescriptors::RevokedOutput]);
+                       let mut used_feerate;
+                       if !subtract_high_prio_fee!(self, fee_estimator, spend_tx.output[0].value, predicted_weight, tx.txid(), used_feerate) {
+                               return (None, None);
+                       }
 
                        let sighash_parts = bip143::SighashComponents::new(&spend_tx);
 
-                       let sig = match self.key_storage {
+                       let (sig, revocation_key) = match self.key_storage {
                                Storage::Local { ref revocation_base_key, .. } => {
                                        let sighash = hash_to_message!(&sighash_parts.sighash_all(&spend_tx.input[0], &redeemscript, amount)[..]);
                                        let revocation_key = ignore_error!(chan_utils::derive_private_revocation_key(&self.secp_ctx, &per_commitment_key, &revocation_base_key));
-                                       self.secp_ctx.sign(&sighash, &revocation_key)
+                                       (self.secp_ctx.sign(&sighash, &revocation_key), revocation_key)
                                }
                                Storage::Watchtower { .. } => {
                                        unimplemented!();
@@ -1523,18 +1821,25 @@ impl ChannelMonitor {
                        spend_tx.input[0].witness.push(sig.serialize_der().to_vec());
                        spend_tx.input[0].witness[0].push(SigHashType::All as u8);
                        spend_tx.input[0].witness.push(vec!(1));
-                       spend_tx.input[0].witness.push(redeemscript.into_bytes());
+                       spend_tx.input[0].witness.push(redeemscript.clone().into_bytes());
 
+                       assert!(predicted_weight >= spend_tx.get_weight());
                        let outpoint = BitcoinOutPoint { txid: spend_tx.txid(), vout: 0 };
                        let output = spend_tx.output[0].clone();
+                       let height_timer = Self::get_height_timer(height, self.their_to_self_delay.unwrap() as u32); // We can safely unwrap given we are past channel opening
+                       match self.our_claim_txn_waiting_first_conf.entry(spend_tx.input[0].previous_output.clone()) {
+                               hash_map::Entry::Occupied(_) => {},
+                               hash_map::Entry::Vacant(entry) => { entry.insert((height_timer, TxMaterial::Revoked { script: redeemscript, pubkey: None, key: revocation_key, is_htlc: false, amount: tx.output[0].value }, used_feerate, height + self.our_to_self_delay as u32, height)); }
+                       }
                        (Some(spend_tx), Some(SpendableOutputDescriptor::StaticOutput { outpoint, output }))
                } else { (None, None) }
        }
 
-       fn broadcast_by_local_state(&self, local_tx: &LocalSignedTx, per_commitment_point: &Option<PublicKey>, delayed_payment_base_key: &Option<SecretKey>) -> (Vec<Transaction>, Vec<SpendableOutputDescriptor>, Vec<TxOut>) {
+       fn broadcast_by_local_state(&self, local_tx: &LocalSignedTx, per_commitment_point: &Option<PublicKey>, delayed_payment_base_key: &Option<SecretKey>, height: u32) -> (Vec<Transaction>, Vec<SpendableOutputDescriptor>, Vec<TxOut>, Vec<(BitcoinOutPoint, (u32, TxMaterial, u64, u32, u32))>) {
                let mut res = Vec::with_capacity(local_tx.htlc_outputs.len());
                let mut spendable_outputs = Vec::with_capacity(local_tx.htlc_outputs.len());
                let mut watch_outputs = Vec::with_capacity(local_tx.htlc_outputs.len());
+               let mut pending_claims = Vec::with_capacity(local_tx.htlc_outputs.len());
 
                macro_rules! add_dynamic_output {
                        ($father_tx: expr, $vout: expr) => {
@@ -1579,9 +1884,12 @@ impl ChannelMonitor {
                                                htlc_timeout_tx.input[0].witness[2].push(SigHashType::All as u8);
 
                                                htlc_timeout_tx.input[0].witness.push(Vec::new());
-                                               htlc_timeout_tx.input[0].witness.push(chan_utils::get_htlc_redeemscript_with_explicit_keys(htlc, &local_tx.a_htlc_key, &local_tx.b_htlc_key, &local_tx.revocation_key).into_bytes());
+                                               let htlc_script = chan_utils::get_htlc_redeemscript_with_explicit_keys(htlc, &local_tx.a_htlc_key, &local_tx.b_htlc_key, &local_tx.revocation_key);
+                                               htlc_timeout_tx.input[0].witness.push(htlc_script.clone().into_bytes());
 
                                                add_dynamic_output!(htlc_timeout_tx, 0);
+                                               let height_timer = Self::get_height_timer(height, htlc.cltv_expiry);
+                                               pending_claims.push((htlc_timeout_tx.input[0].previous_output.clone(), (height_timer, TxMaterial::LocalHTLC { script: htlc_script, sigs: (*their_sig, *our_sig), preimage: None, amount: htlc.amount_msat / 1000}, 0, htlc.cltv_expiry, height)));
                                                res.push(htlc_timeout_tx);
                                        } else {
                                                if let Some(payment_preimage) = self.payment_preimages.get(&htlc.payment_hash) {
@@ -1596,9 +1904,12 @@ impl ChannelMonitor {
                                                        htlc_success_tx.input[0].witness[2].push(SigHashType::All as u8);
 
                                                        htlc_success_tx.input[0].witness.push(payment_preimage.0.to_vec());
-                                                       htlc_success_tx.input[0].witness.push(chan_utils::get_htlc_redeemscript_with_explicit_keys(htlc, &local_tx.a_htlc_key, &local_tx.b_htlc_key, &local_tx.revocation_key).into_bytes());
+                                                       let htlc_script = chan_utils::get_htlc_redeemscript_with_explicit_keys(htlc, &local_tx.a_htlc_key, &local_tx.b_htlc_key, &local_tx.revocation_key);
+                                                       htlc_success_tx.input[0].witness.push(htlc_script.clone().into_bytes());
 
                                                        add_dynamic_output!(htlc_success_tx, 0);
+                                                       let height_timer = Self::get_height_timer(height, htlc.cltv_expiry);
+                                                       pending_claims.push((htlc_success_tx.input[0].previous_output.clone(), (height_timer, TxMaterial::LocalHTLC { script: htlc_script, sigs: (*their_sig, *our_sig), preimage: Some(*payment_preimage), amount: htlc.amount_msat / 1000}, 0, htlc.cltv_expiry, height)));
                                                        res.push(htlc_success_tx);
                                                }
                                        }
@@ -1607,48 +1918,109 @@ impl ChannelMonitor {
                        }
                }
 
-               (res, spendable_outputs, watch_outputs)
+               (res, spendable_outputs, watch_outputs, pending_claims)
        }
 
        /// Attempts to claim any claimable HTLCs in a commitment transaction which was not (yet)
        /// revoked using data in local_claimable_outpoints.
        /// Should not be used if check_spend_revoked_transaction succeeds.
-       fn check_spend_local_transaction(&self, tx: &Transaction, _height: u32) -> (Vec<Transaction>, Vec<SpendableOutputDescriptor>, (Sha256dHash, Vec<TxOut>)) {
+       fn check_spend_local_transaction(&mut self, tx: &Transaction, height: u32) -> (Vec<Transaction>, Vec<SpendableOutputDescriptor>, (Sha256dHash, Vec<TxOut>)) {
                let commitment_txid = tx.txid();
-               // TODO: If we find a match here we need to fail back HTLCs that weren't included in the
-               // broadcast commitment transaction, either because they didn't meet dust or because they
-               // weren't yet included in our commitment transaction(s).
+               let mut local_txn = Vec::new();
+               let mut spendable_outputs = Vec::new();
+               let mut watch_outputs = Vec::new();
+
+               macro_rules! wait_threshold_conf {
+                       ($height: expr, $source: expr, $commitment_tx: expr, $payment_hash: expr) => {
+                               log_trace!(self, "Failing HTLC with payment_hash {} from {} local commitment tx due to broadcast of transaction, waiting confirmation (at height{})", log_bytes!($payment_hash.0), $commitment_tx, height + ANTI_REORG_DELAY - 1);
+                               match self.onchain_events_waiting_threshold_conf.entry($height + ANTI_REORG_DELAY - 1) {
+                                       hash_map::Entry::Occupied(mut entry) => {
+                                               let e = entry.get_mut();
+                                               e.retain(|ref event| {
+                                                       match **event {
+                                                               OnchainEvent::HTLCUpdate { ref htlc_update } => {
+                                                                       return htlc_update.0 != $source
+                                                               },
+                                                               _ => return true
+                                                       }
+                                               });
+                                               e.push(OnchainEvent::HTLCUpdate { htlc_update: ($source, $payment_hash)});
+                                       }
+                                       hash_map::Entry::Vacant(entry) => {
+                                               entry.insert(vec![OnchainEvent::HTLCUpdate { htlc_update: ($source, $payment_hash)}]);
+                                       }
+                               }
+                       }
+               }
+
+               macro_rules! append_onchain_update {
+                       ($updates: expr) => {
+                               local_txn.append(&mut $updates.0);
+                               spendable_outputs.append(&mut $updates.1);
+                               watch_outputs.append(&mut $updates.2);
+                               for claim in $updates.3 {
+                                       match self.our_claim_txn_waiting_first_conf.entry(claim.0) {
+                                               hash_map::Entry::Occupied(_) => {},
+                                               hash_map::Entry::Vacant(entry) => { entry.insert(claim.1); }
+                                       }
+                               }
+                       }
+               }
+
+               // HTLCs set may differ between last and previous local commitment txn, in case of one them hitting chain, ensure we cancel all HTLCs backward
+               let mut is_local_tx = false;
+
                if let &Some(ref local_tx) = &self.current_local_signed_commitment_tx {
                        if local_tx.txid == commitment_txid {
+                               is_local_tx = true;
                                log_trace!(self, "Got latest local commitment tx broadcast, searching for available HTLCs to claim");
                                match self.key_storage {
                                        Storage::Local { ref delayed_payment_base_key, ref latest_per_commitment_point, .. } => {
-                                               let (local_txn, spendable_outputs, watch_outputs) = self.broadcast_by_local_state(local_tx, latest_per_commitment_point, &Some(*delayed_payment_base_key));
-                                               return (local_txn, spendable_outputs, (commitment_txid, watch_outputs));
+                                               append_onchain_update!(self.broadcast_by_local_state(local_tx, latest_per_commitment_point, &Some(*delayed_payment_base_key), height));
                                        },
                                        Storage::Watchtower { .. } => {
-                                               let (local_txn, spendable_outputs, watch_outputs) = self.broadcast_by_local_state(local_tx, &None, &None);
-                                               return (local_txn, spendable_outputs, (commitment_txid, watch_outputs));
+                                               append_onchain_update!(self.broadcast_by_local_state(local_tx, &None, &None, height));
                                        }
                                }
                        }
                }
                if let &Some(ref local_tx) = &self.prev_local_signed_commitment_tx {
                        if local_tx.txid == commitment_txid {
+                               is_local_tx = true;
                                log_trace!(self, "Got previous local commitment tx broadcast, searching for available HTLCs to claim");
                                match self.key_storage {
                                        Storage::Local { ref delayed_payment_base_key, ref prev_latest_per_commitment_point, .. } => {
-                                               let (local_txn, spendable_outputs, watch_outputs) = self.broadcast_by_local_state(local_tx, prev_latest_per_commitment_point, &Some(*delayed_payment_base_key));
-                                               return (local_txn, spendable_outputs, (commitment_txid, watch_outputs));
+                                               append_onchain_update!(self.broadcast_by_local_state(local_tx, prev_latest_per_commitment_point, &Some(*delayed_payment_base_key), height));
                                        },
                                        Storage::Watchtower { .. } => {
-                                               let (local_txn, spendable_outputs, watch_outputs) = self.broadcast_by_local_state(local_tx, &None, &None);
-                                               return (local_txn, spendable_outputs, (commitment_txid, watch_outputs));
+                                               append_onchain_update!(self.broadcast_by_local_state(local_tx, &None, &None, height));
+                                       }
+                               }
+                       }
+               }
+
+               macro_rules! fail_dust_htlcs_after_threshold_conf {
+                       ($local_tx: expr) => {
+                               for &(ref htlc, _, ref source) in &$local_tx.htlc_outputs {
+                                       if htlc.transaction_output_index.is_none() {
+                                               if let &Some(ref source) = source {
+                                                       wait_threshold_conf!(height, source.clone(), "lastest", htlc.payment_hash.clone());
+                                               }
                                        }
                                }
                        }
                }
-               (Vec::new(), Vec::new(), (commitment_txid, Vec::new()))
+
+               if is_local_tx {
+                       if let &Some(ref local_tx) = &self.current_local_signed_commitment_tx {
+                               fail_dust_htlcs_after_threshold_conf!(local_tx);
+                       }
+                       if let &Some(ref local_tx) = &self.prev_local_signed_commitment_tx {
+                               fail_dust_htlcs_after_threshold_conf!(local_tx);
+                       }
+               }
+
+               (local_txn, spendable_outputs, (commitment_txid, watch_outputs))
        }
 
        /// Generate a spendable output event when closing_transaction get registered onchain.
@@ -1683,7 +2055,9 @@ impl ChannelMonitor {
                        let mut res = vec![local_tx.tx.clone()];
                        match self.key_storage {
                                Storage::Local { ref delayed_payment_base_key, ref prev_latest_per_commitment_point, .. } => {
-                                       res.append(&mut self.broadcast_by_local_state(local_tx, prev_latest_per_commitment_point, &Some(*delayed_payment_base_key)).0);
+                                       res.append(&mut self.broadcast_by_local_state(local_tx, prev_latest_per_commitment_point, &Some(*delayed_payment_base_key), 0).0);
+                                       // We throw away the generated waiting_first_conf data as we aren't (yet) confirmed and we don't actually know what the caller wants to do.
+                                       // The data will be re-generated and tracked in check_spend_local_transaction if we get a confirmation.
                                },
                                _ => panic!("Can only broadcast by local channelmonitor"),
                        };
@@ -1693,7 +2067,7 @@ impl ChannelMonitor {
                }
        }
 
-       fn block_connected(&mut self, txn_matched: &[&Transaction], height: u32, block_hash: &Sha256dHash, broadcaster: &BroadcasterInterface)-> (Vec<(Sha256dHash, Vec<TxOut>)>, Vec<SpendableOutputDescriptor>, Vec<(HTLCSource, Option<PaymentPreimage>, PaymentHash)>) {
+       fn block_connected(&mut self, txn_matched: &[&Transaction], height: u32, block_hash: &Sha256dHash, broadcaster: &BroadcasterInterface, fee_estimator: &FeeEstimator)-> (Vec<(Sha256dHash, Vec<TxOut>)>, Vec<SpendableOutputDescriptor>, Vec<(HTLCSource, Option<PaymentPreimage>, PaymentHash)>) {
                let mut watch_outputs = Vec::new();
                let mut spendable_outputs = Vec::new();
                let mut htlc_updated = Vec::new();
@@ -1714,7 +2088,7 @@ impl ChannelMonitor {
                                        }
                                };
                                if funding_txo.is_none() || (prevout.txid == funding_txo.as_ref().unwrap().0.txid && prevout.vout == funding_txo.as_ref().unwrap().0.index as u32) {
-                                       let (remote_txn, new_outputs, mut spendable_output, mut updated) = self.check_spend_remote_transaction(tx, height);
+                                       let (remote_txn, new_outputs, mut spendable_output) = self.check_spend_remote_transaction(tx, height, fee_estimator);
                                        txn = remote_txn;
                                        spendable_outputs.append(&mut spendable_output);
                                        if !new_outputs.1.is_empty() {
@@ -1733,12 +2107,9 @@ impl ChannelMonitor {
                                                        spendable_outputs.push(spendable_output);
                                                }
                                        }
-                                       if updated.len() > 0 {
-                                               htlc_updated.append(&mut updated);
-                                       }
                                } else {
                                        if let Some(&(commitment_number, _)) = self.remote_commitment_txn_on_chain.get(&prevout.txid) {
-                                               let (tx, spendable_output) = self.check_spend_remote_htlc(tx, commitment_number);
+                                               let (tx, spendable_output) = self.check_spend_remote_htlc(tx, commitment_number, height, fee_estimator);
                                                if let Some(tx) = tx {
                                                        txn.push(tx);
                                                }
@@ -1754,18 +2125,41 @@ impl ChannelMonitor {
                        // While all commitment/HTLC-Success/HTLC-Timeout transactions have one input, HTLCs
                        // can also be resolved in a few other ways which can have more than one output. Thus,
                        // we call is_resolving_htlc_output here outside of the tx.input.len() == 1 check.
-                       let mut updated = self.is_resolving_htlc_output(tx);
+                       let mut updated = self.is_resolving_htlc_output(tx, height);
                        if updated.len() > 0 {
                                htlc_updated.append(&mut updated);
                        }
+                       for inp in &tx.input {
+                               if self.our_claim_txn_waiting_first_conf.contains_key(&inp.previous_output) {
+                                       match self.onchain_events_waiting_threshold_conf.entry(height + ANTI_REORG_DELAY - 1) {
+                                               hash_map::Entry::Occupied(mut entry) => {
+                                                       let e = entry.get_mut();
+                                                       e.retain(|ref event| {
+                                                               match **event {
+                                                                       OnchainEvent::Claim { outpoint } => {
+                                                                               return outpoint != inp.previous_output
+                                                                       },
+                                                                       _ => return true
+                                                               }
+                                                       });
+                                                       e.push(OnchainEvent::Claim { outpoint: inp.previous_output.clone()});
+                                               }
+                                               hash_map::Entry::Vacant(entry) => {
+                                                       entry.insert(vec![OnchainEvent::Claim { outpoint: inp.previous_output.clone()}]);
+                                               }
+                                       }
+                               }
+                       }
                }
+               let mut pending_claims = Vec::new();
                if let Some(ref cur_local_tx) = self.current_local_signed_commitment_tx {
                        if self.would_broadcast_at_height(height) {
                                broadcaster.broadcast_transaction(&cur_local_tx.tx);
                                match self.key_storage {
                                        Storage::Local { ref delayed_payment_base_key, ref latest_per_commitment_point, .. } => {
-                                               let (txs, mut spendable_output, new_outputs) = self.broadcast_by_local_state(&cur_local_tx, latest_per_commitment_point, &Some(*delayed_payment_base_key));
+                                               let (txs, mut spendable_output, new_outputs, mut pending_txn) = self.broadcast_by_local_state(&cur_local_tx, latest_per_commitment_point, &Some(*delayed_payment_base_key), height);
                                                spendable_outputs.append(&mut spendable_output);
+                                               pending_claims.append(&mut pending_txn);
                                                if !new_outputs.is_empty() {
                                                        watch_outputs.push((cur_local_tx.txid.clone(), new_outputs));
                                                }
@@ -1774,8 +2168,9 @@ impl ChannelMonitor {
                                                }
                                        },
                                        Storage::Watchtower { .. } => {
-                                               let (txs, mut spendable_output, new_outputs) = self.broadcast_by_local_state(&cur_local_tx, &None, &None);
+                                               let (txs, mut spendable_output, new_outputs, mut pending_txn) = self.broadcast_by_local_state(&cur_local_tx, &None, &None, height);
                                                spendable_outputs.append(&mut spendable_output);
+                                               pending_claims.append(&mut pending_txn);
                                                if !new_outputs.is_empty() {
                                                        watch_outputs.push((cur_local_tx.txid.clone(), new_outputs));
                                                }
@@ -1786,10 +2181,40 @@ impl ChannelMonitor {
                                }
                        }
                }
+               for claim in pending_claims {
+                       match self.our_claim_txn_waiting_first_conf.entry(claim.0) {
+                               hash_map::Entry::Occupied(_) => {},
+                               hash_map::Entry::Vacant(entry) => { entry.insert(claim.1); }
+                       }
+               }
+               if let Some(events) = self.onchain_events_waiting_threshold_conf.remove(&height) {
+                       for ev in events {
+                               match ev {
+                                       OnchainEvent::Claim { outpoint } => {
+                                               self.our_claim_txn_waiting_first_conf.remove(&outpoint);
+                                       },
+                                       OnchainEvent::HTLCUpdate { htlc_update } => {
+                                               log_trace!(self, "HTLC {} failure update has got enough confirmations to be passed upstream", log_bytes!((htlc_update.1).0));
+                                               htlc_updated.push((htlc_update.0, None, htlc_update.1));
+                                       },
+                               }
+                       }
+               }
+               //TODO: iter on buffered TxMaterial in our_claim_txn_waiting_first_conf, if block timer is expired generate a bumped claim tx (RBF or CPFP accordingly)
                self.last_block_hash = block_hash.clone();
                (watch_outputs, spendable_outputs, htlc_updated)
        }
 
+       fn block_disconnected(&mut self, height: u32, block_hash: &Sha256dHash) {
+               if let Some(_) = self.onchain_events_waiting_threshold_conf.remove(&(height + ANTI_REORG_DELAY - 1)) {
+                       //We may discard:
+                       //- htlc update there as failure-trigger tx (revoked commitment tx, non-revoked commitment tx, HTLC-timeout tx) has been disconnected
+                       //- our claim tx on a commitment tx output
+               }
+               self.our_claim_txn_waiting_first_conf.retain(|_, ref mut v| if v.3 == height { false } else { true });
+               self.last_block_hash = block_hash.clone();
+       }
+
        pub(super) fn would_broadcast_at_height(&self, height: u32) -> bool {
                // We need to consider all HTLCs which are:
                //  * in any unrevoked remote commitment transaction, as they could broadcast said
@@ -1819,16 +2244,16 @@ impl ChannelMonitor {
                                        // from us until we've reached the point where we go on-chain with the
                                        // corresponding inbound HTLC, we must ensure that outbound HTLCs go on chain at
                                        // least CLTV_CLAIM_BUFFER blocks prior to the inbound HTLC.
-                                       //  aka outbound_cltv + HTLC_FAIL_TIMEOUT_BLOCKS == height - CLTV_CLAIM_BUFFER
+                                       //  aka outbound_cltv + LATENCY_GRACE_PERIOD_BLOCKS == height - CLTV_CLAIM_BUFFER
                                        //      inbound_cltv == height + CLTV_CLAIM_BUFFER
-                                       //      outbound_cltv + HTLC_FAIL_TIMEOUT_BLOCKS + CLTV_CLAIM_BUFFER <= inbound_cltv - CLTV_CLAIM_BUFFER
-                                       //      HTLC_FAIL_TIMEOUT_BLOCKS + 2*CLTV_CLAIM_BUFFER <= inbound_cltv - outbound_cltv
+                                       //      outbound_cltv + LATENCY_GRACE_PERIOD_BLOCKS + CLTV_CLAIM_BUFFER <= inbound_cltv - CLTV_CLAIM_BUFFER
+                                       //      LATENCY_GRACE_PERIOD_BLOCKS + 2*CLTV_CLAIM_BUFFER <= inbound_cltv - outbound_cltv
                                        //      CLTV_EXPIRY_DELTA <= inbound_cltv - outbound_cltv (by check in ChannelManager::decode_update_add_htlc_onion)
-                                       //      HTLC_FAIL_TIMEOUT_BLOCKS + 2*CLTV_CLAIM_BUFFER <= CLTV_EXPIRY_DELTA
+                                       //      LATENCY_GRACE_PERIOD_BLOCKS + 2*CLTV_CLAIM_BUFFER <= CLTV_EXPIRY_DELTA
                                        //  The final, above, condition is checked for statically in channelmanager
                                        //  with CHECK_CLTV_EXPIRY_SANITY_2.
                                        let htlc_outbound = $local_tx == htlc.offered;
-                                       if ( htlc_outbound && htlc.cltv_expiry + HTLC_FAIL_TIMEOUT_BLOCKS <= height) ||
+                                       if ( htlc_outbound && htlc.cltv_expiry + LATENCY_GRACE_PERIOD_BLOCKS <= height) ||
                                           (!htlc_outbound && htlc.cltv_expiry <= height + CLTV_CLAIM_BUFFER && self.payment_preimages.contains_key(&htlc.payment_hash)) {
                                                log_info!(self, "Force-closing channel due to {} HTLC timeout, HTLC expiry is {}", if htlc_outbound { "outbound" } else { "inbound "}, htlc.cltv_expiry);
                                                return true;
@@ -1859,7 +2284,7 @@ impl ChannelMonitor {
 
        /// Check if any transaction broadcasted is resolving HTLC output by a success or timeout on a local
        /// or remote commitment tx, if so send back the source, preimage if found and payment_hash of resolved HTLC
-       fn is_resolving_htlc_output(&mut self, tx: &Transaction) -> Vec<(HTLCSource, Option<PaymentPreimage>, PaymentHash)> {
+       fn is_resolving_htlc_output(&mut self, tx: &Transaction, height: u32) -> Vec<(HTLCSource, Option<PaymentPreimage>, PaymentHash)> {
                let mut htlc_updated = Vec::new();
 
                'outer_loop: for input in &tx.input {
@@ -1872,8 +2297,9 @@ impl ChannelMonitor {
                        macro_rules! log_claim {
                                ($tx_info: expr, $local_tx: expr, $htlc: expr, $source_avail: expr) => {
                                        // We found the output in question, but aren't failing it backwards
-                                       // as we have no corresponding source. This implies either it is an
-                                       // inbound HTLC or an outbound HTLC on a revoked transaction.
+                                       // as we have no corresponding source and no valid remote commitment txid
+                                       // to try a weak source binding with same-hash, same-value still-valid offered HTLC.
+                                       // This implies either it is an inbound HTLC or an outbound HTLC on a revoked transaction.
                                        let outbound_htlc = $local_tx == $htlc.offered;
                                        if ($local_tx && revocation_sig_claim) ||
                                                        (outbound_htlc && !$source_avail && (accepted_preimage_claim || offered_preimage_claim)) {
@@ -1890,6 +2316,22 @@ impl ChannelMonitor {
                                }
                        }
 
+                       macro_rules! check_htlc_valid_remote {
+                               ($remote_txid: expr, $htlc_output: expr) => {
+                                       if let &Some(txid) = $remote_txid {
+                                               for &(ref pending_htlc, ref pending_source) in self.remote_claimable_outpoints.get(&txid).unwrap() {
+                                                       if pending_htlc.payment_hash == $htlc_output.payment_hash && pending_htlc.amount_msat == $htlc_output.amount_msat {
+                                                               if let &Some(ref source) = pending_source {
+                                                                       log_claim!("revoked remote commitment tx", false, pending_htlc, true);
+                                                                       payment_data = Some(((**source).clone(), $htlc_output.payment_hash));
+                                                                       break;
+                                                               }
+                                                       }
+                                               }
+                                       }
+                               }
+                       }
+
                        macro_rules! scan_commitment {
                                ($htlcs: expr, $tx_info: expr, $local_tx: expr) => {
                                        for (ref htlc_output, source_option) in $htlcs {
@@ -1902,7 +2344,17 @@ impl ChannelMonitor {
                                                                // has timed out, or we screwed up. In any case, we should now
                                                                // resolve the source HTLC with the original sender.
                                                                payment_data = Some(((*source).clone(), htlc_output.payment_hash));
-                                                       } else {
+                                                       } else if !$local_tx {
+                                                               if let Storage::Local { ref current_remote_commitment_txid, .. } = self.key_storage {
+                                                                       check_htlc_valid_remote!(current_remote_commitment_txid, htlc_output);
+                                                               }
+                                                               if payment_data.is_none() {
+                                                                       if let Storage::Local { ref prev_remote_commitment_txid, .. } = self.key_storage {
+                                                                               check_htlc_valid_remote!(prev_remote_commitment_txid, htlc_output);
+                                                                       }
+                                                               }
+                                                       }
+                                                       if payment_data.is_none() {
                                                                log_claim!($tx_info, $local_tx, htlc_output, false);
                                                                continue 'outer_loop;
                                                        }
@@ -1939,7 +2391,24 @@ impl ChannelMonitor {
                                        payment_preimage.0.copy_from_slice(&input.witness[1]);
                                        htlc_updated.push((source, Some(payment_preimage), payment_hash));
                                } else {
-                                       htlc_updated.push((source, None, payment_hash));
+                                       log_info!(self, "Failing HTLC with payment_hash {} timeout by a spend tx, waiting for confirmation (at height{})", log_bytes!(payment_hash.0), height + ANTI_REORG_DELAY - 1);
+                                       match self.onchain_events_waiting_threshold_conf.entry(height + ANTI_REORG_DELAY - 1) {
+                                               hash_map::Entry::Occupied(mut entry) => {
+                                                       let e = entry.get_mut();
+                                                       e.retain(|ref event| {
+                                                               match **event {
+                                                                       OnchainEvent::HTLCUpdate { ref htlc_update } => {
+                                                                               return htlc_update.0 != source
+                                                                       },
+                                                                       _ => return true
+                                                               }
+                                                       });
+                                                       e.push(OnchainEvent::HTLCUpdate { htlc_update: (source, payment_hash)});
+                                               }
+                                               hash_map::Entry::Vacant(entry) => {
+                                                       entry.insert(vec![OnchainEvent::HTLCUpdate { htlc_update: (source, payment_hash)}]);
+                                               }
+                                       }
                                }
                        }
                }
@@ -2159,6 +2628,91 @@ impl<R: ::std::io::Read> ReadableArgs<R, Arc<Logger>> for (Sha256dHash, ChannelM
                let last_block_hash: Sha256dHash = Readable::read(reader)?;
                let destination_script = Readable::read(reader)?;
 
+               let our_claim_txn_waiting_first_conf_len: u64 = Readable::read(reader)?;
+               let mut our_claim_txn_waiting_first_conf = HashMap::with_capacity(cmp::min(our_claim_txn_waiting_first_conf_len as usize, MAX_ALLOC_SIZE / 128));
+               for _ in 0..our_claim_txn_waiting_first_conf_len {
+                       let outpoint = Readable::read(reader)?;
+                       let height_target = Readable::read(reader)?;
+                       let tx_material = match <u8 as Readable<R>>::read(reader)? {
+                               0 => {
+                                       let script = Readable::read(reader)?;
+                                       let pubkey = Readable::read(reader)?;
+                                       let key = Readable::read(reader)?;
+                                       let is_htlc = match <u8 as Readable<R>>::read(reader)? {
+                                               0 => true,
+                                               1 => false,
+                                               _ => return Err(DecodeError::InvalidValue),
+                                       };
+                                       let amount = Readable::read(reader)?;
+                                       TxMaterial::Revoked {
+                                               script,
+                                               pubkey,
+                                               key,
+                                               is_htlc,
+                                               amount
+                                       }
+                               },
+                               1 => {
+                                       let script = Readable::read(reader)?;
+                                       let key = Readable::read(reader)?;
+                                       let preimage = Readable::read(reader)?;
+                                       let amount = Readable::read(reader)?;
+                                       TxMaterial::RemoteHTLC {
+                                               script,
+                                               key,
+                                               preimage,
+                                               amount
+                                       }
+                               },
+                               2 => {
+                                       let script = Readable::read(reader)?;
+                                       let their_sig = Readable::read(reader)?;
+                                       let our_sig = Readable::read(reader)?;
+                                       let preimage = Readable::read(reader)?;
+                                       let amount = Readable::read(reader)?;
+                                       TxMaterial::LocalHTLC {
+                                               script,
+                                               sigs: (their_sig, our_sig),
+                                               preimage,
+                                               amount
+                                       }
+                               }
+                               _ => return Err(DecodeError::InvalidValue),
+                       };
+                       let last_fee = Readable::read(reader)?;
+                       let timelock_expiration = Readable::read(reader)?;
+                       let height = Readable::read(reader)?;
+                       our_claim_txn_waiting_first_conf.insert(outpoint, (height_target, tx_material, last_fee, timelock_expiration, height));
+               }
+
+               let waiting_threshold_conf_len: u64 = Readable::read(reader)?;
+               let mut onchain_events_waiting_threshold_conf = HashMap::with_capacity(cmp::min(waiting_threshold_conf_len as usize, MAX_ALLOC_SIZE / 128));
+               for _ in 0..waiting_threshold_conf_len {
+                       let height_target = Readable::read(reader)?;
+                       let events_len: u64 = Readable::read(reader)?;
+                       let mut events = Vec::with_capacity(cmp::min(events_len as usize, MAX_ALLOC_SIZE / 128));
+                       for _ in 0..events_len {
+                               let ev = match <u8 as Readable<R>>::read(reader)? {
+                                       0 => {
+                                               let outpoint = Readable::read(reader)?;
+                                               OnchainEvent::Claim {
+                                                       outpoint
+                                               }
+                                       },
+                                       1 => {
+                                               let htlc_source = Readable::read(reader)?;
+                                               let hash = Readable::read(reader)?;
+                                               OnchainEvent::HTLCUpdate {
+                                                       htlc_update: (htlc_source, hash)
+                                               }
+                                       },
+                                       _ => return Err(DecodeError::InvalidValue),
+                               };
+                               events.push(ev);
+                       }
+                       onchain_events_waiting_threshold_conf.insert(height_target, events);
+               }
+
                Ok((last_block_hash.clone(), ChannelMonitor {
                        commitment_transaction_number_obscure_factor,
 
@@ -2182,6 +2736,11 @@ impl<R: ::std::io::Read> ReadableArgs<R, Arc<Logger>> for (Sha256dHash, ChannelM
                        payment_preimages,
 
                        destination_script,
+
+                       our_claim_txn_waiting_first_conf,
+
+                       onchain_events_waiting_threshold_conf,
+
                        last_block_hash,
                        secp_ctx,
                        logger,
@@ -2192,13 +2751,19 @@ impl<R: ::std::io::Read> ReadableArgs<R, Arc<Logger>> for (Sha256dHash, ChannelM
 
 #[cfg(test)]
 mod tests {
-       use bitcoin::blockdata::script::Script;
-       use bitcoin::blockdata::transaction::Transaction;
+       use bitcoin::blockdata::script::{Script, Builder};
+       use bitcoin::blockdata::opcodes;
+       use bitcoin::blockdata::transaction::{Transaction, TxIn, TxOut, SigHashType};
+       use bitcoin::blockdata::transaction::OutPoint as BitcoinOutPoint;
+       use bitcoin::util::bip143;
        use bitcoin_hashes::Hash;
        use bitcoin_hashes::sha256::Hash as Sha256;
+       use bitcoin_hashes::sha256d::Hash as Sha256dHash;
+       use bitcoin_hashes::hex::FromHex;
        use hex;
        use ln::channelmanager::{PaymentPreimage, PaymentHash};
-       use ln::channelmonitor::ChannelMonitor;
+       use ln::channelmonitor::{ChannelMonitor, InputDescriptors};
+       use ln::chan_utils;
        use ln::chan_utils::{HTLCOutputInCommitment, TxCreationKeys};
        use util::test_utils::TestLogger;
        use secp256k1::key::{SecretKey,PublicKey};
@@ -2675,5 +3240,117 @@ mod tests {
                test_preimages_exist!(&preimages[0..5], monitor);
        }
 
+       #[test]
+       fn test_claim_txn_weight_computation() {
+               // We test Claim txn weight, knowing that we want expected weigth and
+               // not actual case to avoid sigs and time-lock delays hell variances.
+
+               let secp_ctx = Secp256k1::new();
+               let privkey = SecretKey::from_slice(&hex::decode("0101010101010101010101010101010101010101010101010101010101010101").unwrap()[..]).unwrap();
+               let pubkey = PublicKey::from_secret_key(&secp_ctx, &privkey);
+               let mut sum_actual_sigs: u64 = 0;
+
+               macro_rules! sign_input {
+                       ($sighash_parts: expr, $input: expr, $idx: expr, $amount: expr, $input_type: expr, $sum_actual_sigs: expr) => {
+                               let htlc = HTLCOutputInCommitment {
+                                       offered: if *$input_type == InputDescriptors::RevokedOfferedHTLC || *$input_type == InputDescriptors::OfferedHTLC { true } else { false },
+                                       amount_msat: 0,
+                                       cltv_expiry: 2 << 16,
+                                       payment_hash: PaymentHash([1; 32]),
+                                       transaction_output_index: Some($idx),
+                               };
+                               let redeem_script = if *$input_type == InputDescriptors::RevokedOutput { chan_utils::get_revokeable_redeemscript(&pubkey, 256, &pubkey) } else { chan_utils::get_htlc_redeemscript_with_explicit_keys(&htlc, &pubkey, &pubkey, &pubkey) };
+                               let sighash = hash_to_message!(&$sighash_parts.sighash_all(&$input, &redeem_script, $amount)[..]);
+                               let sig = secp_ctx.sign(&sighash, &privkey);
+                               $input.witness.push(sig.serialize_der().to_vec());
+                               $input.witness[0].push(SigHashType::All as u8);
+                               sum_actual_sigs += $input.witness[0].len() as u64;
+                               if *$input_type == InputDescriptors::RevokedOutput {
+                                       $input.witness.push(vec!(1));
+                               } else if *$input_type == InputDescriptors::RevokedOfferedHTLC || *$input_type == InputDescriptors::RevokedReceivedHTLC {
+                                       $input.witness.push(pubkey.clone().serialize().to_vec());
+                               } else if *$input_type == InputDescriptors::ReceivedHTLC {
+                                       $input.witness.push(vec![0]);
+                               } else {
+                                       $input.witness.push(PaymentPreimage([1; 32]).0.to_vec());
+                               }
+                               $input.witness.push(redeem_script.into_bytes());
+                               println!("witness[0] {}", $input.witness[0].len());
+                               println!("witness[1] {}", $input.witness[1].len());
+                               println!("witness[2] {}", $input.witness[2].len());
+                       }
+               }
+
+               let script_pubkey = Builder::new().push_opcode(opcodes::all::OP_RETURN).into_script();
+               let txid = Sha256dHash::from_hex("56944c5d3f98413ef45cf54545538103cc9f298e0575820ad3591376e2e0f65d").unwrap();
+
+               // Justice tx with 1 to_local, 2 revoked offered HTLCs, 1 revoked received HTLCs
+               let mut claim_tx = Transaction { version: 0, lock_time: 0, input: Vec::new(), output: Vec::new() };
+               for i in 0..4 {
+                       claim_tx.input.push(TxIn {
+                               previous_output: BitcoinOutPoint {
+                                       txid,
+                                       vout: i,
+                               },
+                               script_sig: Script::new(),
+                               sequence: 0xfffffffd,
+                               witness: Vec::new(),
+                       });
+               }
+               claim_tx.output.push(TxOut {
+                       script_pubkey: script_pubkey.clone(),
+                       value: 0,
+               });
+               let base_weight = claim_tx.get_weight();
+               let sighash_parts = bip143::SighashComponents::new(&claim_tx);
+               let inputs_des = vec![InputDescriptors::RevokedOutput, InputDescriptors::RevokedOfferedHTLC, InputDescriptors::RevokedOfferedHTLC, InputDescriptors::RevokedReceivedHTLC];
+               for (idx, inp) in claim_tx.input.iter_mut().zip(inputs_des.iter()).enumerate() {
+                       sign_input!(sighash_parts, inp.0, idx as u32, 0, inp.1, sum_actual_sigs);
+               }
+               assert_eq!(base_weight + ChannelMonitor::get_witnesses_weight(&inputs_des[..]),  claim_tx.get_weight() + /* max_length_sig */ (73 * inputs_des.len() as u64 - sum_actual_sigs));
+
+               // Claim tx with 1 offered HTLCs, 3 received HTLCs
+               claim_tx.input.clear();
+               sum_actual_sigs = 0;
+               for i in 0..4 {
+                       claim_tx.input.push(TxIn {
+                               previous_output: BitcoinOutPoint {
+                                       txid,
+                                       vout: i,
+                               },
+                               script_sig: Script::new(),
+                               sequence: 0xfffffffd,
+                               witness: Vec::new(),
+                       });
+               }
+               let base_weight = claim_tx.get_weight();
+               let sighash_parts = bip143::SighashComponents::new(&claim_tx);
+               let inputs_des = vec![InputDescriptors::OfferedHTLC, InputDescriptors::ReceivedHTLC, InputDescriptors::ReceivedHTLC, InputDescriptors::ReceivedHTLC];
+               for (idx, inp) in claim_tx.input.iter_mut().zip(inputs_des.iter()).enumerate() {
+                       sign_input!(sighash_parts, inp.0, idx as u32, 0, inp.1, sum_actual_sigs);
+               }
+               assert_eq!(base_weight + ChannelMonitor::get_witnesses_weight(&inputs_des[..]),  claim_tx.get_weight() + /* max_length_sig */ (73 * inputs_des.len() as u64 - sum_actual_sigs));
+
+               // Justice tx with 1 revoked HTLC-Success tx output
+               claim_tx.input.clear();
+               sum_actual_sigs = 0;
+               claim_tx.input.push(TxIn {
+                       previous_output: BitcoinOutPoint {
+                               txid,
+                               vout: 0,
+                       },
+                       script_sig: Script::new(),
+                       sequence: 0xfffffffd,
+                       witness: Vec::new(),
+               });
+               let base_weight = claim_tx.get_weight();
+               let sighash_parts = bip143::SighashComponents::new(&claim_tx);
+               let inputs_des = vec![InputDescriptors::RevokedOutput];
+               for (idx, inp) in claim_tx.input.iter_mut().zip(inputs_des.iter()).enumerate() {
+                       sign_input!(sighash_parts, inp.0, idx as u32, 0, inp.1, sum_actual_sigs);
+               }
+               assert_eq!(base_weight + ChannelMonitor::get_witnesses_weight(&inputs_des[..]), claim_tx.get_weight() + /* max_length_isg */ (73 * inputs_des.len() as u64 - sum_actual_sigs));
+       }
+
        // Further testing is done in the ChannelManager integration tests.
 }
diff --git a/src/ln/functional_test_utils.rs b/src/ln/functional_test_utils.rs
index 36a9098732f8604889a97b992827fda1834fa86a..fe32a1ef24bf9f5d239044e446eab284f1295bae 100644 (file)
--- a/src/ln/functional_test_utils.rs
+++ b/src/ln/functional_test_utils.rs
@@ -7,7 +7,7 @@ use chain::keysinterface::KeysInterface;
 use ln::channelmanager::{ChannelManager,RAACommitmentOrder, PaymentPreimage, PaymentHash};
 use ln::router::{Route, Router};
 use ln::msgs;
-use ln::msgs::{ChannelMessageHandler,RoutingMessageHandler};
+use ln::msgs::{ChannelMessageHandler,RoutingMessageHandler, LocalFeatures};
 use util::test_utils;
 use util::events::{Event, EventsProvider, MessageSendEvent, MessageSendEventsProvider};
 use util::errors::APIError;
@@ -20,6 +20,7 @@ use bitcoin::blockdata::transaction::{Transaction, TxOut};
 use bitcoin::network::constants::Network;
 
 use bitcoin_hashes::sha256::Hash as Sha256;
+use bitcoin_hashes::sha256d::Hash as Sha256d;
 use bitcoin_hashes::Hash;
 
 use secp256k1::Secp256k1;
@@ -32,7 +33,6 @@ use std::collections::HashMap;
 use std::default::Default;
 use std::rc::Rc;
 use std::sync::{Arc, Mutex};
-use std::time::Instant;
 use std::mem;
 
 pub const CHAN_CONFIRM_DEPTH: u32 = 100;
@@ -46,6 +46,16 @@ pub fn confirm_transaction(chain: &chaininterface::ChainWatchInterfaceUtil, tx:
        }
 }
 
+pub fn connect_blocks(chain: &chaininterface::ChainWatchInterfaceUtil, depth: u32, height: u32, parent: bool, prev_blockhash: Sha256d) -> Sha256d {
+       let mut header = BlockHeader { version: 0x2000000, prev_blockhash: if parent { prev_blockhash } else { Default::default() }, merkle_root: Default::default(), time: 42, bits: 42, nonce: 42 };
+       chain.block_connected_checked(&header, height + 1, &Vec::new(), &Vec::new());
+       for i in 2..depth + 1 {
+               header = BlockHeader { version: 0x20000000, prev_blockhash: header.bitcoin_hash(), merkle_root: Default::default(), time: 42, bits: 42, nonce: 42 };
+               chain.block_connected_checked(&header, height + i, &Vec::new(), &Vec::new());
+       }
+       header.bitcoin_hash()
+}
+
 pub struct Node {
        pub chain_monitor: Arc<chaininterface::ChainWatchInterfaceUtil>,
        pub tx_broadcaster: Arc<test_utils::TestBroadcaster>,
@@ -68,12 +78,12 @@ impl Drop for Node {
        }
 }
 
-pub fn create_chan_between_nodes(node_a: &Node, node_b: &Node) -> (msgs::ChannelAnnouncement, msgs::ChannelUpdate, msgs::ChannelUpdate, [u8; 32], Transaction) {
-       create_chan_between_nodes_with_value(node_a, node_b, 100000, 10001)
+pub fn create_chan_between_nodes(node_a: &Node, node_b: &Node, a_flags: LocalFeatures, b_flags: LocalFeatures) -> (msgs::ChannelAnnouncement, msgs::ChannelUpdate, msgs::ChannelUpdate, [u8; 32], Transaction) {
+       create_chan_between_nodes_with_value(node_a, node_b, 100000, 10001, a_flags, b_flags)
 }
 
-pub fn create_chan_between_nodes_with_value(node_a: &Node, node_b: &Node, channel_value: u64, push_msat: u64) -> (msgs::ChannelAnnouncement, msgs::ChannelUpdate, msgs::ChannelUpdate, [u8; 32], Transaction) {
-       let (funding_locked, channel_id, tx) = create_chan_between_nodes_with_value_a(node_a, node_b, channel_value, push_msat);
+pub fn create_chan_between_nodes_with_value(node_a: &Node, node_b: &Node, channel_value: u64, push_msat: u64, a_flags: LocalFeatures, b_flags: LocalFeatures) -> (msgs::ChannelAnnouncement, msgs::ChannelUpdate, msgs::ChannelUpdate, [u8; 32], Transaction) {
+       let (funding_locked, channel_id, tx) = create_chan_between_nodes_with_value_a(node_a, node_b, channel_value, push_msat, a_flags, b_flags);
        let (announcement, as_update, bs_update) = create_chan_between_nodes_with_value_b(node_a, node_b, &funding_locked);
        (announcement, as_update, bs_update, channel_id, tx)
 }
@@ -147,36 +157,40 @@ macro_rules! get_feerate {
        }
 }
 
+pub fn create_funding_transaction(node: &Node, expected_chan_value: u64, expected_user_chan_id: u64) -> ([u8; 32], Transaction, OutPoint) {
+       let chan_id = *node.network_chan_count.borrow();
 
-pub fn create_chan_between_nodes_with_value_init(node_a: &Node, node_b: &Node, channel_value: u64, push_msat: u64) -> Transaction {
-       node_a.node.create_channel(node_b.node.get_our_node_id(), channel_value, push_msat, 42).unwrap();
-       node_b.node.handle_open_channel(&node_a.node.get_our_node_id(), &get_event_msg!(node_a, MessageSendEvent::SendOpenChannel, node_b.node.get_our_node_id())).unwrap();
-       node_a.node.handle_accept_channel(&node_b.node.get_our_node_id(), &get_event_msg!(node_b, MessageSendEvent::SendAcceptChannel, node_a.node.get_our_node_id())).unwrap();
-
-       let chan_id = *node_a.network_chan_count.borrow();
-       let tx;
-       let funding_output;
-
-       let events_2 = node_a.node.get_and_clear_pending_events();
-       assert_eq!(events_2.len(), 1);
-       match events_2[0] {
+       let events = node.node.get_and_clear_pending_events();
+       assert_eq!(events.len(), 1);
+       match events[0] {
                Event::FundingGenerationReady { ref temporary_channel_id, ref channel_value_satoshis, ref output_script, user_channel_id } => {
-                       assert_eq!(*channel_value_satoshis, channel_value);
-                       assert_eq!(user_channel_id, 42);
+                       assert_eq!(*channel_value_satoshis, expected_chan_value);
+                       assert_eq!(user_channel_id, expected_user_chan_id);
 
-                       tx = Transaction { version: chan_id as u32, lock_time: 0, input: Vec::new(), output: vec![TxOut {
+                       let tx = Transaction { version: chan_id as u32, lock_time: 0, input: Vec::new(), output: vec![TxOut {
                                value: *channel_value_satoshis, script_pubkey: output_script.clone(),
                        }]};
-                       funding_output = OutPoint::new(tx.txid(), 0);
-
-                       node_a.node.funding_transaction_generated(&temporary_channel_id, funding_output);
-                       let mut added_monitors = node_a.chan_monitor.added_monitors.lock().unwrap();
-                       assert_eq!(added_monitors.len(), 1);
-                       assert_eq!(added_monitors[0].0, funding_output);
-                       added_monitors.clear();
+                       let funding_outpoint = OutPoint::new(tx.txid(), 0);
+                       (*temporary_channel_id, tx, funding_outpoint)
                },
                _ => panic!("Unexpected event"),
        }
+}
+
+pub fn create_chan_between_nodes_with_value_init(node_a: &Node, node_b: &Node, channel_value: u64, push_msat: u64, a_flags: LocalFeatures, b_flags: LocalFeatures) -> Transaction {
+       node_a.node.create_channel(node_b.node.get_our_node_id(), channel_value, push_msat, 42).unwrap();
+       node_b.node.handle_open_channel(&node_a.node.get_our_node_id(), a_flags, &get_event_msg!(node_a, MessageSendEvent::SendOpenChannel, node_b.node.get_our_node_id())).unwrap();
+       node_a.node.handle_accept_channel(&node_b.node.get_our_node_id(), b_flags, &get_event_msg!(node_b, MessageSendEvent::SendAcceptChannel, node_a.node.get_our_node_id())).unwrap();
+
+       let (temporary_channel_id, tx, funding_output) = create_funding_transaction(node_a, channel_value, 42);
+
+       {
+               node_a.node.funding_transaction_generated(&temporary_channel_id, funding_output);
+               let mut added_monitors = node_a.chan_monitor.added_monitors.lock().unwrap();
+               assert_eq!(added_monitors.len(), 1);
+               assert_eq!(added_monitors[0].0, funding_output);
+               added_monitors.clear();
+       }
 
        node_b.node.handle_funding_created(&node_a.node.get_our_node_id(), &get_event_msg!(node_a, MessageSendEvent::SendFundingCreated, node_b.node.get_our_node_id())).unwrap();
        {
@@ -207,33 +221,39 @@ pub fn create_chan_between_nodes_with_value_init(node_a: &Node, node_b: &Node, c
        tx
 }
 
-pub fn create_chan_between_nodes_with_value_confirm(node_a: &Node, node_b: &Node, tx: &Transaction) -> ((msgs::FundingLocked, msgs::AnnouncementSignatures), [u8; 32]) {
-       confirm_transaction(&node_b.chain_monitor, &tx, tx.version);
-       node_a.node.handle_funding_locked(&node_b.node.get_our_node_id(), &get_event_msg!(node_b, MessageSendEvent::SendFundingLocked, node_a.node.get_our_node_id())).unwrap();
+pub fn create_chan_between_nodes_with_value_confirm_first(node_recv: &Node, node_conf: &Node, tx: &Transaction) {
+       confirm_transaction(&node_conf.chain_monitor, &tx, tx.version);
+       node_recv.node.handle_funding_locked(&node_conf.node.get_our_node_id(), &get_event_msg!(node_conf, MessageSendEvent::SendFundingLocked, node_recv.node.get_our_node_id())).unwrap();
+}
 
+pub fn create_chan_between_nodes_with_value_confirm_second(node_recv: &Node, node_conf: &Node) -> ((msgs::FundingLocked, msgs::AnnouncementSignatures), [u8; 32]) {
        let channel_id;
-
-       confirm_transaction(&node_a.chain_monitor, &tx, tx.version);
-       let events_6 = node_a.node.get_and_clear_pending_msg_events();
+       let events_6 = node_conf.node.get_and_clear_pending_msg_events();
        assert_eq!(events_6.len(), 2);
        ((match events_6[0] {
                MessageSendEvent::SendFundingLocked { ref node_id, ref msg } => {
                        channel_id = msg.channel_id.clone();
-                       assert_eq!(*node_id, node_b.node.get_our_node_id());
+                       assert_eq!(*node_id, node_recv.node.get_our_node_id());
                        msg.clone()
                },
                _ => panic!("Unexpected event"),
        }, match events_6[1] {
                MessageSendEvent::SendAnnouncementSignatures { ref node_id, ref msg } => {
-                       assert_eq!(*node_id, node_b.node.get_our_node_id());
+                       assert_eq!(*node_id, node_recv.node.get_our_node_id());
                        msg.clone()
                },
                _ => panic!("Unexpected event"),
        }), channel_id)
 }
 
-pub fn create_chan_between_nodes_with_value_a(node_a: &Node, node_b: &Node, channel_value: u64, push_msat: u64) -> ((msgs::FundingLocked, msgs::AnnouncementSignatures), [u8; 32], Transaction) {
-       let tx = create_chan_between_nodes_with_value_init(node_a, node_b, channel_value, push_msat);
+pub fn create_chan_between_nodes_with_value_confirm(node_a: &Node, node_b: &Node, tx: &Transaction) -> ((msgs::FundingLocked, msgs::AnnouncementSignatures), [u8; 32]) {
+       create_chan_between_nodes_with_value_confirm_first(node_a, node_b, tx);
+       confirm_transaction(&node_a.chain_monitor, &tx, tx.version);
+       create_chan_between_nodes_with_value_confirm_second(node_b, node_a)
+}
+
+pub fn create_chan_between_nodes_with_value_a(node_a: &Node, node_b: &Node, channel_value: u64, push_msat: u64, a_flags: LocalFeatures, b_flags: LocalFeatures) -> ((msgs::FundingLocked, msgs::AnnouncementSignatures), [u8; 32], Transaction) {
+       let tx = create_chan_between_nodes_with_value_init(node_a, node_b, channel_value, push_msat, a_flags, b_flags);
        let (msgs, chan_id) = create_chan_between_nodes_with_value_confirm(node_a, node_b, &tx);
        (msgs, chan_id, tx)
 }
@@ -270,12 +290,12 @@ pub fn create_chan_between_nodes_with_value_b(node_a: &Node, node_b: &Node, as_f
        ((*announcement).clone(), (*as_update).clone(), (*bs_update).clone())
 }
 
-pub fn create_announced_chan_between_nodes(nodes: &Vec<Node>, a: usize, b: usize) -> (msgs::ChannelUpdate, msgs::ChannelUpdate, [u8; 32], Transaction) {
-       create_announced_chan_between_nodes_with_value(nodes, a, b, 100000, 10001)
+pub fn create_announced_chan_between_nodes(nodes: &Vec<Node>, a: usize, b: usize, a_flags: LocalFeatures, b_flags: LocalFeatures) -> (msgs::ChannelUpdate, msgs::ChannelUpdate, [u8; 32], Transaction) {
+       create_announced_chan_between_nodes_with_value(nodes, a, b, 100000, 10001, a_flags, b_flags)
 }
 
-pub fn create_announced_chan_between_nodes_with_value(nodes: &Vec<Node>, a: usize, b: usize, channel_value: u64, push_msat: u64) -> (msgs::ChannelUpdate, msgs::ChannelUpdate, [u8; 32], Transaction) {
-       let chan_announcement = create_chan_between_nodes_with_value(&nodes[a], &nodes[b], channel_value, push_msat);
+pub fn create_announced_chan_between_nodes_with_value(nodes: &Vec<Node>, a: usize, b: usize, channel_value: u64, push_msat: u64, a_flags: LocalFeatures, b_flags: LocalFeatures) -> (msgs::ChannelUpdate, msgs::ChannelUpdate, [u8; 32], Transaction) {
+       let chan_announcement = create_chan_between_nodes_with_value(&nodes[a], &nodes[b], channel_value, push_msat, a_flags, b_flags);
        for node in nodes {
                assert!(node.router.handle_channel_announcement(&chan_announcement.0).unwrap());
                node.router.handle_channel_update(&chan_announcement.1).unwrap();
@@ -536,12 +556,37 @@ macro_rules! expect_pending_htlcs_forwardable {
                        Event::PendingHTLCsForwardable { .. } => { },
                        _ => panic!("Unexpected event"),
                };
-               let node_ref: &Node = &$node;
-               node_ref.node.channel_state.lock().unwrap().next_forward = Instant::now();
                $node.node.process_pending_htlc_forwards();
        }}
 }
 
+macro_rules! expect_payment_received {
+       ($node: expr, $expected_payment_hash: expr, $expected_recv_value: expr) => {
+               let events = $node.node.get_and_clear_pending_events();
+               assert_eq!(events.len(), 1);
+               match events[0] {
+                       Event::PaymentReceived { ref payment_hash, amt } => {
+                               assert_eq!($expected_payment_hash, *payment_hash);
+                               assert_eq!($expected_recv_value, amt);
+                       },
+                       _ => panic!("Unexpected event"),
+               }
+       }
+}
+
+macro_rules! expect_payment_sent {
+       ($node: expr, $expected_payment_preimage: expr) => {
+               let events = $node.node.get_and_clear_pending_events();
+               assert_eq!(events.len(), 1);
+               match events[0] {
+                       Event::PaymentSent { ref payment_preimage } => {
+                               assert_eq!($expected_payment_preimage, *payment_preimage);
+                       },
+                       _ => panic!("Unexpected event"),
+               }
+       }
+}
+
 pub fn send_along_route_with_hash(origin_node: &Node, route: Route, expected_route: &[&Node], recv_value: u64, our_payment_hash: PaymentHash) {
        let mut payment_event = {
                origin_node.node.send_payment(route, our_payment_hash).unwrap();
@@ -664,14 +709,7 @@ pub fn claim_payment_along_route(origin_node: &Node, expected_route: &[&Node], s
 
        if !skip_last {
                last_update_fulfill_dance!(origin_node, expected_route.first().unwrap());
-               let events = origin_node.node.get_and_clear_pending_events();
-               assert_eq!(events.len(), 1);
-               match events[0] {
-                       Event::PaymentSent { payment_preimage } => {
-                               assert_eq!(payment_preimage, our_payment_preimage);
-                       },
-                       _ => panic!("Unexpected event"),
-               }
+               expect_payment_sent!(origin_node, our_payment_preimage);
        }
 }
 
@@ -785,7 +823,7 @@ pub fn fail_payment(origin_node: &Node, expected_route: &[&Node], our_payment_ha
        fail_payment_along_route(origin_node, expected_route, false, our_payment_hash);
 }
 
-pub fn create_network(node_count: usize) -> Vec<Node> {
+pub fn create_network(node_count: usize, node_config: &[Option<UserConfig>]) -> Vec<Node> {
        let mut nodes = Vec::new();
        let mut rng = thread_rng();
        let secp_ctx = Secp256k1::new();
@@ -801,11 +839,11 @@ pub fn create_network(node_count: usize) -> Vec<Node> {
                let mut seed = [0; 32];
                rng.fill_bytes(&mut seed);
                let keys_manager = Arc::new(test_utils::TestKeysInterface::new(&seed, Network::Testnet, Arc::clone(&logger)));
-               let chan_monitor = Arc::new(test_utils::TestChannelMonitor::new(chain_monitor.clone(), tx_broadcaster.clone(), logger.clone()));
-               let mut config = UserConfig::new();
-               config.channel_options.announced_channel = true;
-               config.channel_limits.force_announced_channel_preference = false;
-               let node = ChannelManager::new(Network::Testnet, feeest.clone(), chan_monitor.clone(), chain_monitor.clone(), tx_broadcaster.clone(), Arc::clone(&logger), keys_manager.clone(), config).unwrap();
+               let chan_monitor = Arc::new(test_utils::TestChannelMonitor::new(chain_monitor.clone(), tx_broadcaster.clone(), logger.clone(), feeest.clone()));
+               let mut default_config = UserConfig::new();
+               default_config.channel_options.announced_channel = true;
+               default_config.peer_channel_config_limits.force_announced_channel_preference = false;
+               let node = ChannelManager::new(Network::Testnet, feeest.clone(), chan_monitor.clone(), chain_monitor.clone(), tx_broadcaster.clone(), Arc::clone(&logger), keys_manager.clone(), if node_config[i].is_some() { node_config[i].clone().unwrap() } else { default_config }).unwrap();
                let router = Router::new(PublicKey::from_secret_key(&secp_ctx, &keys_manager.get_node_secret()), chain_monitor.clone(), Arc::clone(&logger));
                nodes.push(Node { chain_monitor, tx_broadcaster, chan_monitor, node, router, keys_manager, node_seed: seed,
                        network_payment_count: payment_count.clone(),
@@ -935,20 +973,6 @@ pub fn get_announce_close_broadcast_events(nodes: &Vec<Node>, a: usize, b: usize
        }
 }
 
-macro_rules! expect_payment_received {
-       ($node: expr, $expected_payment_hash: expr, $expected_recv_value: expr) => {
-               let events = $node.node.get_and_clear_pending_events();
-               assert_eq!(events.len(), 1);
-               match events[0] {
-                       Event::PaymentReceived { ref payment_hash, amt } => {
-                               assert_eq!($expected_payment_hash, *payment_hash);
-                               assert_eq!($expected_recv_value, amt);
-                       },
-                       _ => panic!("Unexpected event"),
-               }
-       }
-}
-
 macro_rules! get_channel_value_stat {
        ($node: expr, $channel_id: expr) => {{
                let chan_lock = $node.node.channel_state.lock().unwrap();
diff --git a/src/ln/functional_tests.rs b/src/ln/functional_tests.rs
index ff6169144d1464f7d469cf65a9a64cf6f36af71e..cb59aed83351287d2f5bd04fd8125710932cd4d5 100644 (file)
--- a/src/ln/functional_tests.rs
+++ b/src/ln/functional_tests.rs
@@ -4,29 +4,28 @@
 
 use chain::transaction::OutPoint;
 use chain::chaininterface::{ChainListener, ChainWatchInterface};
-use chain::keysinterface::{KeysInterface, SpendableOutputDescriptor};
-use chain::keysinterface;
-use ln::channel::{COMMITMENT_TX_BASE_WEIGHT, COMMITMENT_TX_WEIGHT_PER_HTLC, BREAKDOWN_TIMEOUT};
-use ln::channelmanager::{ChannelManager,ChannelManagerReadArgs,HTLCForwardInfo,RAACommitmentOrder, PaymentPreimage, PaymentHash};
-use ln::channelmonitor::{ChannelMonitor, CLTV_CLAIM_BUFFER, HTLC_FAIL_TIMEOUT_BLOCKS, ManyChannelMonitor};
-use ln::channel::{ACCEPTED_HTLC_SCRIPT_WEIGHT, OFFERED_HTLC_SCRIPT_WEIGHT};
+use chain::keysinterface::{KeysInterface, SpendableOutputDescriptor, KeysManager};
+use ln::channel::{COMMITMENT_TX_BASE_WEIGHT, COMMITMENT_TX_WEIGHT_PER_HTLC};
+use ln::channelmanager::{ChannelManager,ChannelManagerReadArgs,HTLCForwardInfo,RAACommitmentOrder, PaymentPreimage, PaymentHash, BREAKDOWN_TIMEOUT};
+use ln::channelmonitor::{ChannelMonitor, CLTV_CLAIM_BUFFER, LATENCY_GRACE_PERIOD_BLOCKS, ManyChannelMonitor, ANTI_REORG_DELAY};
+use ln::channel::{ACCEPTED_HTLC_SCRIPT_WEIGHT, OFFERED_HTLC_SCRIPT_WEIGHT, Channel, ChannelError};
 use ln::onion_utils;
 use ln::router::{Route, RouteHop};
 use ln::msgs;
-use ln::msgs::{ChannelMessageHandler,RoutingMessageHandler,HTLCFailChannelUpdate};
+use ln::msgs::{ChannelMessageHandler,RoutingMessageHandler,HTLCFailChannelUpdate, LocalFeatures, ErrorAction};
 use util::test_utils;
 use util::events::{Event, EventsProvider, MessageSendEvent, MessageSendEventsProvider};
 use util::errors::APIError;
 use util::ser::{Writeable, ReadableArgs};
 use util::config::UserConfig;
-use util::rng;
 
-use bitcoin::util::hash::{BitcoinHash, Sha256dHash};
+use bitcoin::util::hash::BitcoinHash;
+use bitcoin_hashes::sha256d::Hash as Sha256dHash;
 use bitcoin::util::bip143;
 use bitcoin::util::address::Address;
 use bitcoin::util::bip32::{ChildNumber, ExtendedPubKey, ExtendedPrivKey};
 use bitcoin::blockdata::block::{Block, BlockHeader};
-use bitcoin::blockdata::transaction::{Transaction, TxOut, TxIn, SigHashType};
+use bitcoin::blockdata::transaction::{Transaction, TxOut, TxIn, SigHashType, OutPoint as BitcoinOutPoint};
 use bitcoin::blockdata::script::{Builder, Script};
 use bitcoin::blockdata::opcodes;
 use bitcoin::blockdata::constants::genesis_block;
@@ -42,15 +41,16 @@ use std::collections::{BTreeSet, HashMap, HashSet};
 use std::default::Default;
 use std::sync::Arc;
 use std::sync::atomic::Ordering;
-use std::time::Instant;
 use std::mem;
 
+use rand::{thread_rng, Rng};
+
 use ln::functional_test_utils::*;
 
 #[test]
 fn test_async_inbound_update_fee() {
-       let mut nodes = create_network(2);
-       let chan = create_announced_chan_between_nodes(&nodes, 0, 1);
+       let mut nodes = create_network(2, &[None, None]);
+       let chan = create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
        let channel_id = chan.2;
 
        // balancing
@@ -159,8 +159,8 @@ fn test_async_inbound_update_fee() {
 fn test_update_fee_unordered_raa() {
        // Just the intro to the previous test followed by an out-of-order RAA (which caused a
        // crash in an earlier version of the update_fee patch)
-       let mut nodes = create_network(2);
-       let chan = create_announced_chan_between_nodes(&nodes, 0, 1);
+       let mut nodes = create_network(2, &[None, None]);
+       let chan = create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
        let channel_id = chan.2;
 
        // balancing
@@ -209,8 +209,8 @@ fn test_update_fee_unordered_raa() {
 
 #[test]
 fn test_multi_flight_update_fee() {
-       let nodes = create_network(2);
-       let chan = create_announced_chan_between_nodes(&nodes, 0, 1);
+       let nodes = create_network(2, &[None, None]);
+       let chan = create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
        let channel_id = chan.2;
 
        // A                                        B
@@ -313,8 +313,8 @@ fn test_multi_flight_update_fee() {
 
 #[test]
 fn test_update_fee_vanilla() {
-       let nodes = create_network(2);
-       let chan = create_announced_chan_between_nodes(&nodes, 0, 1);
+       let nodes = create_network(2, &[None, None]);
+       let chan = create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
        let channel_id = chan.2;
 
        let feerate = get_feerate!(nodes[0], channel_id);
@@ -351,9 +351,9 @@ fn test_update_fee_vanilla() {
 
 #[test]
 fn test_update_fee_that_funder_cannot_afford() {
-       let nodes = create_network(2);
+       let nodes = create_network(2, &[None, None]);
        let channel_value = 1888;
-       let chan = create_announced_chan_between_nodes_with_value(&nodes, 0, 1, channel_value, 700000);
+       let chan = create_announced_chan_between_nodes_with_value(&nodes, 0, 1, channel_value, 700000, LocalFeatures::new(), LocalFeatures::new());
        let channel_id = chan.2;
 
        let feerate = 260;
@@ -404,8 +404,8 @@ fn test_update_fee_that_funder_cannot_afford() {
 
 #[test]
 fn test_update_fee_with_fundee_update_add_htlc() {
-       let mut nodes = create_network(2);
-       let chan = create_announced_chan_between_nodes(&nodes, 0, 1);
+       let mut nodes = create_network(2, &[None, None]);
+       let chan = create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
        let channel_id = chan.2;
 
        // balancing
@@ -498,8 +498,8 @@ fn test_update_fee_with_fundee_update_add_htlc() {
 
 #[test]
 fn test_update_fee() {
-       let nodes = create_network(2);
-       let chan = create_announced_chan_between_nodes(&nodes, 0, 1);
+       let nodes = create_network(2, &[None, None]);
+       let chan = create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
        let channel_id = chan.2;
 
        // A                                        B
@@ -599,8 +599,8 @@ fn test_update_fee() {
 #[test]
 fn pre_funding_lock_shutdown_test() {
        // Test sending a shutdown prior to funding_locked after funding generation
-       let nodes = create_network(2);
-       let tx = create_chan_between_nodes_with_value_init(&nodes[0], &nodes[1], 8000000, 0);
+       let nodes = create_network(2, &[None, None]);
+       let tx = create_chan_between_nodes_with_value_init(&nodes[0], &nodes[1], 8000000, 0, LocalFeatures::new(), LocalFeatures::new());
        let header = BlockHeader { version: 0x20000000, prev_blockhash: Default::default(), merkle_root: Default::default(), time: 42, bits: 42, nonce: 42 };
        nodes[0].chain_monitor.block_connected_checked(&header, 1, &[&tx; 1], &[1; 1]);
        nodes[1].chain_monitor.block_connected_checked(&header, 1, &[&tx; 1], &[1; 1]);
@@ -625,9 +625,9 @@ fn pre_funding_lock_shutdown_test() {
 #[test]
 fn updates_shutdown_wait() {
        // Test sending a shutdown with outstanding updates pending
-       let mut nodes = create_network(3);
-       let chan_1 = create_announced_chan_between_nodes(&nodes, 0, 1);
-       let chan_2 = create_announced_chan_between_nodes(&nodes, 1, 2);
+       let mut nodes = create_network(3, &[None, None, None]);
+       let chan_1 = create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
+       let chan_2 = create_announced_chan_between_nodes(&nodes, 1, 2, LocalFeatures::new(), LocalFeatures::new());
        let route_1 = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], 100000, TEST_FINAL_CLTV).unwrap();
        let route_2 = nodes[1].router.get_route(&nodes[0].node.get_our_node_id(), None, &[], 100000, TEST_FINAL_CLTV).unwrap();
 
@@ -697,9 +697,9 @@ fn updates_shutdown_wait() {
 #[test]
 fn htlc_fail_async_shutdown() {
        // Test HTLCs fail if shutdown starts even if messages are delivered out-of-order
-       let mut nodes = create_network(3);
-       let chan_1 = create_announced_chan_between_nodes(&nodes, 0, 1);
-       let chan_2 = create_announced_chan_between_nodes(&nodes, 1, 2);
+       let mut nodes = create_network(3, &[None, None, None]);
+       let chan_1 = create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
+       let chan_2 = create_announced_chan_between_nodes(&nodes, 1, 2, LocalFeatures::new(), LocalFeatures::new());
 
        let route = nodes[0].router.get_route(&nodes[2].node.get_our_node_id(), None, &[], 100000, TEST_FINAL_CLTV).unwrap();
        let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
@@ -778,9 +778,9 @@ fn htlc_fail_async_shutdown() {
 fn do_test_shutdown_rebroadcast(recv_count: u8) {
        // Test that shutdown/closing_signed is re-sent on reconnect with a variable number of
        // messages delivered prior to disconnect
-       let nodes = create_network(3);
-       let chan_1 = create_announced_chan_between_nodes(&nodes, 0, 1);
-       let chan_2 = create_announced_chan_between_nodes(&nodes, 1, 2);
+       let nodes = create_network(3, &[None, None, None]);
+       let chan_1 = create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
+       let chan_2 = create_announced_chan_between_nodes(&nodes, 1, 2, LocalFeatures::new(), LocalFeatures::new());
 
        let (our_payment_preimage, _) = route_payment(&nodes[0], &[&nodes[1], &nodes[2]], 100000);
 
@@ -931,12 +931,12 @@ fn test_shutdown_rebroadcast() {
 fn fake_network_test() {
        // Simple test which builds a network of ChannelManagers, connects them to each other, and
        // tests that payments get routed and transactions broadcast in semi-reasonable ways.
-       let nodes = create_network(4);
+       let nodes = create_network(4, &[None, None, None, None]);
 
        // Create some initial channels
-       let chan_1 = create_announced_chan_between_nodes(&nodes, 0, 1);
-       let chan_2 = create_announced_chan_between_nodes(&nodes, 1, 2);
-       let chan_3 = create_announced_chan_between_nodes(&nodes, 2, 3);
+       let chan_1 = create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
+       let chan_2 = create_announced_chan_between_nodes(&nodes, 1, 2, LocalFeatures::new(), LocalFeatures::new());
+       let chan_3 = create_announced_chan_between_nodes(&nodes, 2, 3, LocalFeatures::new(), LocalFeatures::new());
 
        // Rebalance the network a bit by relaying one payment through all the channels...
        send_payment(&nodes[0], &vec!(&nodes[1], &nodes[2], &nodes[3])[..], 8000000);
@@ -954,7 +954,7 @@ fn fake_network_test() {
        fail_payment(&nodes[0], &vec!(&nodes[1], &nodes[2], &nodes[3])[..], payment_hash_1);
 
        // Add a new channel that skips 3
-       let chan_4 = create_announced_chan_between_nodes(&nodes, 1, 3);
+       let chan_4 = create_announced_chan_between_nodes(&nodes, 1, 3, LocalFeatures::new(), LocalFeatures::new());
 
        send_payment(&nodes[0], &vec!(&nodes[1], &nodes[3])[..], 1000000);
        send_payment(&nodes[2], &vec!(&nodes[3])[..], 1000000);
@@ -1016,7 +1016,7 @@ fn fake_network_test() {
        claim_payment(&nodes[1], &vec!(&nodes[2], &nodes[3], &nodes[1])[..], payment_preimage_1);
 
        // Add a duplicate new channel from 2 to 4
-       let chan_5 = create_announced_chan_between_nodes(&nodes, 1, 3);
+       let chan_5 = create_announced_chan_between_nodes(&nodes, 1, 3, LocalFeatures::new(), LocalFeatures::new());
 
        // Send some payments across both channels
        let payment_preimage_3 = route_payment(&nodes[0], &vec!(&nodes[1], &nodes[3])[..], 3000000).0;
@@ -1044,9 +1044,9 @@ fn holding_cell_htlc_counting() {
        // Tests that HTLCs in the holding cell count towards the pending HTLC limits on outbound HTLCs
        // to ensure we don't end up with HTLCs sitting around in our holding cell for several
        // commitment dance rounds.
-       let mut nodes = create_network(3);
-       create_announced_chan_between_nodes(&nodes, 0, 1);
-       let chan_2 = create_announced_chan_between_nodes(&nodes, 1, 2);
+       let mut nodes = create_network(3, &[None, None, None]);
+       create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
+       let chan_2 = create_announced_chan_between_nodes(&nodes, 1, 2, LocalFeatures::new(), LocalFeatures::new());
 
        let mut payments = Vec::new();
        for _ in 0..::ln::channel::OUR_MAX_HTLCS {
@@ -1169,14 +1169,14 @@ fn holding_cell_htlc_counting() {
 fn duplicate_htlc_test() {
        // Test that we accept duplicate payment_hash HTLCs across the network and that
        // claiming/failing them are all separate and don't affect each other
-       let mut nodes = create_network(6);
+       let mut nodes = create_network(6, &[None, None, None, None, None, None]);
 
        // Create some initial channels to route via 3 to 4/5 from 0/1/2
-       create_announced_chan_between_nodes(&nodes, 0, 3);
-       create_announced_chan_between_nodes(&nodes, 1, 3);
-       create_announced_chan_between_nodes(&nodes, 2, 3);
-       create_announced_chan_between_nodes(&nodes, 3, 4);
-       create_announced_chan_between_nodes(&nodes, 3, 5);
+       create_announced_chan_between_nodes(&nodes, 0, 3, LocalFeatures::new(), LocalFeatures::new());
+       create_announced_chan_between_nodes(&nodes, 1, 3, LocalFeatures::new(), LocalFeatures::new());
+       create_announced_chan_between_nodes(&nodes, 2, 3, LocalFeatures::new(), LocalFeatures::new());
+       create_announced_chan_between_nodes(&nodes, 3, 4, LocalFeatures::new(), LocalFeatures::new());
+       create_announced_chan_between_nodes(&nodes, 3, 5, LocalFeatures::new(), LocalFeatures::new());
 
        let (payment_preimage, payment_hash) = route_payment(&nodes[0], &vec!(&nodes[3], &nodes[4])[..], 1000000);
 
@@ -1192,13 +1192,12 @@ fn duplicate_htlc_test() {
 }
 
 fn do_channel_reserve_test(test_recv: bool) {
-       use util::rng;
        use std::sync::atomic::Ordering;
        use ln::msgs::HandleError;
 
-       let mut nodes = create_network(3);
-       let chan_1 = create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 1900, 1001);
-       let chan_2 = create_announced_chan_between_nodes_with_value(&nodes, 1, 2, 1900, 1001);
+       let mut nodes = create_network(3, &[None, None, None]);
+       let chan_1 = create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 1900, 1001, LocalFeatures::new(), LocalFeatures::new());
+       let chan_2 = create_announced_chan_between_nodes_with_value(&nodes, 1, 2, 1900, 1001, LocalFeatures::new(), LocalFeatures::new());
 
        let mut stat01 = get_channel_value_stat!(nodes[0], chan_1.2);
        let mut stat11 = get_channel_value_stat!(nodes[1], chan_1.2);
@@ -1309,7 +1308,8 @@ fn do_channel_reserve_test(test_recv: bool) {
                let secp_ctx = Secp256k1::new();
                let session_priv = SecretKey::from_slice(&{
                        let mut session_key = [0; 32];
-                       rng::fill_bytes(&mut session_key);
+                       let mut rng = thread_rng();
+                       rng.fill_bytes(&mut session_key);
                        session_key
                }).expect("RNG is bad!");
 
@@ -1449,17 +1449,164 @@ fn channel_reserve_test() {
        do_channel_reserve_test(true);
 }
 
+#[test]
+fn channel_reserve_in_flight_removes() {
+       // In cases where one side claims an HTLC, it thinks it has additional available funds that it
+       // can send to its counterparty, but due to update ordering, the other side may not yet have
+       // considered those HTLCs fully removed.
+       // This tests that we don't count HTLCs which will not be included in the next remote
+       // commitment transaction towards the reserve value (as it implies no commitment transaction
+       // will be generated which violates the remote reserve value).
+       // This was broken previously, and discovered by the chanmon_fail_consistency fuzz test.
+       // To test this we:
+       //  * route two HTLCs from A to B (note that, at a high level, this test is checking that, when
+       //    you consider the values of both of these HTLCs, B may not send an HTLC back to A, but if
+       //    you only consider the value of the first HTLC, it may not),
+       //  * start routing a third HTLC from A to B,
+       //  * claim the first two HTLCs (though B will generate an update_fulfill for one, and put
+       //    the other claim in its holding cell, as it immediately goes into AwaitingRAA),
+       //  * deliver the first fulfill from B
+       //  * deliver the update_add and an RAA from A, resulting in B freeing the second holding cell
+       //    claim,
+       //  * deliver A's response CS and RAA.
+       //    This results in A having the second HTLC in AwaitingRemovedRemoteRevoke, but B having
+       //    removed it fully. B now has the push_msat plus the first two HTLCs in value.
+       //  * Now B happily sends another HTLC, potentially violating its reserve value from A's point
+       //    of view (if A counts the AwaitingRemovedRemoteRevoke HTLC).
+       let mut nodes = create_network(2, &[None, None]);
+       let chan_1 = create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
+
+       let b_chan_values = get_channel_value_stat!(nodes[1], chan_1.2);
+       // Route the first two HTLCs.
+       let (payment_preimage_1, _) = route_payment(&nodes[0], &[&nodes[1]], b_chan_values.channel_reserve_msat - b_chan_values.value_to_self_msat - 10000);
+       let (payment_preimage_2, _) = route_payment(&nodes[0], &[&nodes[1]], 20000);
+
+       // Start routing the third HTLC (this is just used to get everyone in the right state).
+       let (payment_preimage_3, payment_hash_3) = get_payment_preimage_hash!(nodes[0]);
+       let send_1 = {
+               let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], 100000, TEST_FINAL_CLTV).unwrap();
+               nodes[0].node.send_payment(route, payment_hash_3).unwrap();
+               check_added_monitors!(nodes[0], 1);
+               let mut events = nodes[0].node.get_and_clear_pending_msg_events();
+               assert_eq!(events.len(), 1);
+               SendEvent::from_event(events.remove(0))
+       };
+
+       // Now claim both of the first two HTLCs on B's end, putting B in AwaitingRAA and generating an
+       // initial fulfill/CS.
+       assert!(nodes[1].node.claim_funds(payment_preimage_1));
+       check_added_monitors!(nodes[1], 1);
+       let bs_removes = get_htlc_update_msgs!(nodes[1], nodes[0].node.get_our_node_id());
+
+       // This claim goes in B's holding cell, allowing us to have a pending B->A RAA which does not
+       // remove the second HTLC when we send the HTLC back from B to A.
+       assert!(nodes[1].node.claim_funds(payment_preimage_2));
+       check_added_monitors!(nodes[1], 1);
+       assert!(nodes[1].node.get_and_clear_pending_msg_events().is_empty());
+
+       nodes[0].node.handle_update_fulfill_htlc(&nodes[1].node.get_our_node_id(), &bs_removes.update_fulfill_htlcs[0]).unwrap();
+       nodes[0].node.handle_commitment_signed(&nodes[1].node.get_our_node_id(), &bs_removes.commitment_signed).unwrap();
+       check_added_monitors!(nodes[0], 1);
+       let as_raa = get_event_msg!(nodes[0], MessageSendEvent::SendRevokeAndACK, nodes[1].node.get_our_node_id());
+       expect_payment_sent!(nodes[0], payment_preimage_1);
+
+       nodes[1].node.handle_update_add_htlc(&nodes[0].node.get_our_node_id(), &send_1.msgs[0]).unwrap();
+       nodes[1].node.handle_commitment_signed(&nodes[0].node.get_our_node_id(), &send_1.commitment_msg).unwrap();
+       check_added_monitors!(nodes[1], 1);
+       // B is already AwaitingRAA, so cant generate a CS here
+       let bs_raa = get_event_msg!(nodes[1], MessageSendEvent::SendRevokeAndACK, nodes[0].node.get_our_node_id());
+
+       nodes[1].node.handle_revoke_and_ack(&nodes[0].node.get_our_node_id(), &as_raa).unwrap();
+       check_added_monitors!(nodes[1], 1);
+       let bs_cs = get_htlc_update_msgs!(nodes[1], nodes[0].node.get_our_node_id());
+
+       nodes[0].node.handle_revoke_and_ack(&nodes[1].node.get_our_node_id(), &bs_raa).unwrap();
+       check_added_monitors!(nodes[0], 1);
+       let as_cs = get_htlc_update_msgs!(nodes[0], nodes[1].node.get_our_node_id());
+
+       nodes[1].node.handle_commitment_signed(&nodes[0].node.get_our_node_id(), &as_cs.commitment_signed).unwrap();
+       check_added_monitors!(nodes[1], 1);
+       let bs_raa = get_event_msg!(nodes[1], MessageSendEvent::SendRevokeAndACK, nodes[0].node.get_our_node_id());
+
+       // The second HTLCis removed, but as A is in AwaitingRAA it can't generate a CS here, so the
+       // RAA that B generated above doesn't fully resolve the second HTLC from A's point of view.
+       // However, the RAA A generates here *does* fully resolve the HTLC from B's point of view (as A
+       // can no longer broadcast a commitment transaction with it and B has the preimage so can go
+       // on-chain as necessary).
+       nodes[0].node.handle_update_fulfill_htlc(&nodes[1].node.get_our_node_id(), &bs_cs.update_fulfill_htlcs[0]).unwrap();
+       nodes[0].node.handle_commitment_signed(&nodes[1].node.get_our_node_id(), &bs_cs.commitment_signed).unwrap();
+       check_added_monitors!(nodes[0], 1);
+       let as_raa = get_event_msg!(nodes[0], MessageSendEvent::SendRevokeAndACK, nodes[1].node.get_our_node_id());
+       expect_payment_sent!(nodes[0], payment_preimage_2);
+
+       nodes[1].node.handle_revoke_and_ack(&nodes[0].node.get_our_node_id(), &as_raa).unwrap();
+       check_added_monitors!(nodes[1], 1);
+       assert!(nodes[1].node.get_and_clear_pending_msg_events().is_empty());
+
+       expect_pending_htlcs_forwardable!(nodes[1]);
+       expect_payment_received!(nodes[1], payment_hash_3, 100000);
+
+       // Note that as this RAA was generated before the delivery of the update_fulfill it shouldn't
+       // resolve the second HTLC from A's point of view.
+       nodes[0].node.handle_revoke_and_ack(&nodes[1].node.get_our_node_id(), &bs_raa).unwrap();
+       check_added_monitors!(nodes[0], 1);
+       let as_cs = get_htlc_update_msgs!(nodes[0], nodes[1].node.get_our_node_id());
+
+       // Now that B doesn't have the second RAA anymore, but A still does, send a payment from B back
+       // to A to ensure that A doesn't count the almost-removed HTLC in update_add processing.
+       let (payment_preimage_4, payment_hash_4) = get_payment_preimage_hash!(nodes[1]);
+       let send_2 = {
+               let route = nodes[1].router.get_route(&nodes[0].node.get_our_node_id(), None, &[], 10000, TEST_FINAL_CLTV).unwrap();
+               nodes[1].node.send_payment(route, payment_hash_4).unwrap();
+               check_added_monitors!(nodes[1], 1);
+               let mut events = nodes[1].node.get_and_clear_pending_msg_events();
+               assert_eq!(events.len(), 1);
+               SendEvent::from_event(events.remove(0))
+       };
+
+       nodes[0].node.handle_update_add_htlc(&nodes[1].node.get_our_node_id(), &send_2.msgs[0]).unwrap();
+       nodes[0].node.handle_commitment_signed(&nodes[1].node.get_our_node_id(), &send_2.commitment_msg).unwrap();
+       check_added_monitors!(nodes[0], 1);
+       let as_raa = get_event_msg!(nodes[0], MessageSendEvent::SendRevokeAndACK, nodes[1].node.get_our_node_id());
+
+       // Now just resolve all the outstanding messages/HTLCs for completeness...
+
+       nodes[1].node.handle_commitment_signed(&nodes[0].node.get_our_node_id(), &as_cs.commitment_signed).unwrap();
+       check_added_monitors!(nodes[1], 1);
+       let bs_raa = get_event_msg!(nodes[1], MessageSendEvent::SendRevokeAndACK, nodes[0].node.get_our_node_id());
+
+       nodes[1].node.handle_revoke_and_ack(&nodes[0].node.get_our_node_id(), &as_raa).unwrap();
+       check_added_monitors!(nodes[1], 1);
+
+       nodes[0].node.handle_revoke_and_ack(&nodes[1].node.get_our_node_id(), &bs_raa).unwrap();
+       check_added_monitors!(nodes[0], 1);
+       let as_cs = get_htlc_update_msgs!(nodes[0], nodes[1].node.get_our_node_id());
+
+       nodes[1].node.handle_commitment_signed(&nodes[0].node.get_our_node_id(), &as_cs.commitment_signed).unwrap();
+       check_added_monitors!(nodes[1], 1);
+       let bs_raa = get_event_msg!(nodes[1], MessageSendEvent::SendRevokeAndACK, nodes[0].node.get_our_node_id());
+
+       nodes[0].node.handle_revoke_and_ack(&nodes[1].node.get_our_node_id(), &bs_raa).unwrap();
+       check_added_monitors!(nodes[0], 1);
+
+       expect_pending_htlcs_forwardable!(nodes[0]);
+       expect_payment_received!(nodes[0], payment_hash_4, 10000);
+
+       claim_payment(&nodes[1], &[&nodes[0]], payment_preimage_4);
+       claim_payment(&nodes[0], &[&nodes[1]], payment_preimage_3);
+}
+
 #[test]
 fn channel_monitor_network_test() {
        // Simple test which builds a network of ChannelManagers, connects them to each other, and
        // tests that ChannelMonitor is able to recover from various states.
-       let nodes = create_network(5);
+       let nodes = create_network(5, &[None, None, None, None, None]);
 
        // Create some initial channels
-       let chan_1 = create_announced_chan_between_nodes(&nodes, 0, 1);
-       let chan_2 = create_announced_chan_between_nodes(&nodes, 1, 2);
-       let chan_3 = create_announced_chan_between_nodes(&nodes, 2, 3);
-       let chan_4 = create_announced_chan_between_nodes(&nodes, 3, 4);
+       let chan_1 = create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
+       let chan_2 = create_announced_chan_between_nodes(&nodes, 1, 2, LocalFeatures::new(), LocalFeatures::new());
+       let chan_3 = create_announced_chan_between_nodes(&nodes, 2, 3, LocalFeatures::new(), LocalFeatures::new());
+       let chan_4 = create_announced_chan_between_nodes(&nodes, 3, 4, LocalFeatures::new(), LocalFeatures::new());
 
        // Rebalance the network a bit by relaying one payment through all the channels...
        send_payment(&nodes[0], &vec!(&nodes[1], &nodes[2], &nodes[3], &nodes[4])[..], 8000000);
@@ -1547,7 +1694,7 @@ fn channel_monitor_network_test() {
        {
                let mut header = BlockHeader { version: 0x20000000, prev_blockhash: Default::default(), merkle_root: Default::default(), time: 42, bits: 42, nonce: 42 };
                nodes[3].chain_monitor.block_connected_checked(&header, 2, &Vec::new()[..], &[0; 0]);
-               for i in 3..TEST_FINAL_CLTV + 2 + HTLC_FAIL_TIMEOUT_BLOCKS + 1 {
+               for i in 3..TEST_FINAL_CLTV + 2 + LATENCY_GRACE_PERIOD_BLOCKS + 1 {
                        header = BlockHeader { version: 0x20000000, prev_blockhash: header.bitcoin_hash(), merkle_root: Default::default(), time: 42, bits: 42, nonce: 42 };
                        nodes[3].chain_monitor.block_connected_checked(&header, i, &Vec::new()[..], &[0; 0]);
                }
@@ -1580,9 +1727,17 @@ fn channel_monitor_network_test() {
 fn test_justice_tx() {
        // Test justice txn built on revoked HTLC-Success tx, against both sides
 
-       let nodes = create_network(2);
+       let mut alice_config = UserConfig::new();
+       alice_config.channel_options.announced_channel = true;
+       alice_config.peer_channel_config_limits.force_announced_channel_preference = false;
+       alice_config.own_channel_config.our_to_self_delay = 6 * 24 * 5;
+       let mut bob_config = UserConfig::new();
+       bob_config.channel_options.announced_channel = true;
+       bob_config.peer_channel_config_limits.force_announced_channel_preference = false;
+       bob_config.own_channel_config.our_to_self_delay = 6 * 24 * 3;
+       let nodes = create_network(2, &[Some(alice_config), Some(bob_config)]);
        // Create some new channels:
-       let chan_5 = create_announced_chan_between_nodes(&nodes, 0, 1);
+       let chan_5 = create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
 
        // A pending HTLC which will be revoked:
        let payment_preimage_3 = route_payment(&nodes[0], &vec!(&nodes[1])[..], 3000000).0;
@@ -1625,7 +1780,7 @@ fn test_justice_tx() {
 
        // We test justice_tx build by A on B's revoked HTLC-Success tx
        // Create some new channels:
-       let chan_6 = create_announced_chan_between_nodes(&nodes, 0, 1);
+       let chan_6 = create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
 
        // A pending HTLC which will be revoked:
        let payment_preimage_4 = route_payment(&nodes[0], &vec!(&nodes[1])[..], 3000000).0;
@@ -1666,8 +1821,8 @@ fn test_justice_tx() {
 fn revoked_output_claim() {
        // Simple test to ensure a node will claim a revoked output when a stale remote commitment
        // transaction is broadcast by its counterparty
-       let nodes = create_network(2);
-       let chan_1 = create_announced_chan_between_nodes(&nodes, 0, 1);
+       let nodes = create_network(2, &[None, None]);
+       let chan_1 = create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
        // node[0] is gonna to revoke an old state thus node[1] should be able to claim the revoked output
        let revoked_local_txn = nodes[0].node.channel_state.lock().unwrap().by_id.get(&chan_1.2).unwrap().last_local_commitment_txn.clone();
        assert_eq!(revoked_local_txn.len(), 1);
@@ -1695,10 +1850,10 @@ fn revoked_output_claim() {
 #[test]
 fn claim_htlc_outputs_shared_tx() {
        // Node revoked old state, htlcs haven't time out yet, claim them in shared justice tx
-       let nodes = create_network(2);
+       let nodes = create_network(2, &[None, None]);
 
        // Create some new channel:
-       let chan_1 = create_announced_chan_between_nodes(&nodes, 0, 1);
+       let chan_1 = create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
 
        // Rebalance the network to generate htlc in the two directions
        send_payment(&nodes[0], &vec!(&nodes[1])[..], 8000000);
@@ -1723,6 +1878,7 @@ fn claim_htlc_outputs_shared_tx() {
                let header = BlockHeader { version: 0x20000000, prev_blockhash: Default::default(), merkle_root: Default::default(), time: 42, bits: 42, nonce: 42 };
                nodes[0].chain_monitor.block_connected_with_filtering(&Block { header, txdata: vec![revoked_local_txn[0].clone()] }, 1);
                nodes[1].chain_monitor.block_connected_with_filtering(&Block { header, txdata: vec![revoked_local_txn[0].clone()] }, 1);
+               connect_blocks(&nodes[1].chain_monitor, ANTI_REORG_DELAY - 1, 1, true, header.bitcoin_hash());
 
                let events = nodes[1].node.get_and_clear_pending_events();
                assert_eq!(events.len(), 1);
@@ -1769,9 +1925,9 @@ fn claim_htlc_outputs_shared_tx() {
 #[test]
 fn claim_htlc_outputs_single_tx() {
        // Node revoked old state, htlcs have timed out, claim each of them in separated justice tx
-       let nodes = create_network(2);
+       let nodes = create_network(2, &[None, None]);
 
-       let chan_1 = create_announced_chan_between_nodes(&nodes, 0, 1);
+       let chan_1 = create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
 
        // Rebalance the network to generate htlc in the two directions
        send_payment(&nodes[0], &vec!(&nodes[1])[..], 8000000);
@@ -1790,6 +1946,7 @@ fn claim_htlc_outputs_single_tx() {
                let header = BlockHeader { version: 0x20000000, prev_blockhash: Default::default(), merkle_root: Default::default(), time: 42, bits: 42, nonce: 42 };
                nodes[0].chain_monitor.block_connected_with_filtering(&Block { header, txdata: vec![revoked_local_txn[0].clone()] }, 200);
                nodes[1].chain_monitor.block_connected_with_filtering(&Block { header, txdata: vec![revoked_local_txn[0].clone()] }, 200);
+               connect_blocks(&nodes[1].chain_monitor, ANTI_REORG_DELAY - 1, 200, true, header.bitcoin_hash());
 
                let events = nodes[1].node.get_and_clear_pending_events();
                assert_eq!(events.len(), 1);
@@ -1801,7 +1958,7 @@ fn claim_htlc_outputs_single_tx() {
                }
 
                let node_txn = nodes[1].tx_broadcaster.txn_broadcasted.lock().unwrap();
-               assert_eq!(node_txn.len(), 12); // ChannelManager : 2, ChannelMontitor: 8 (1 standard revoked output, 2 revocation htlc tx, 1 local commitment tx + 1 htlc timeout tx) * 2 (block-rescan)
+               assert_eq!(node_txn.len(), 22); // ChannelManager : 2, ChannelMontitor: 8 (1 standard revoked output, 2 revocation htlc tx, 1 local commitment tx + 1 htlc timeout tx) * 2 (block-rescan) + 5 * (1 local commitment tx + 1 htlc timeout tx)
 
                assert_eq!(node_txn[0], node_txn[7]);
                assert_eq!(node_txn[1], node_txn[8]);
@@ -1811,6 +1968,10 @@ fn claim_htlc_outputs_single_tx() {
                assert_eq!(node_txn[3], node_txn[5]); //local commitment tx + htlc timeout tx broadcasted by ChannelManger
                assert_eq!(node_txn[4], node_txn[6]);
 
+               for i in 12..22 {
+                       if i % 2 == 0 { assert_eq!(node_txn[3], node_txn[i]); } else { assert_eq!(node_txn[4], node_txn[i]); }
+               }
+
                assert_eq!(node_txn[0].input.len(), 1);
                assert_eq!(node_txn[1].input.len(), 1);
                assert_eq!(node_txn[2].input.len(), 1);
@@ -1861,11 +2022,11 @@ fn test_htlc_on_chain_success() {
        // the HTLC outputs via the preimage it learned (which, once confirmed should generate a
        // PaymentSent event).
 
-       let nodes = create_network(3);
+       let nodes = create_network(3, &[None, None, None]);
 
        // Create some initial channels
-       let chan_1 = create_announced_chan_between_nodes(&nodes, 0, 1);
-       let chan_2 = create_announced_chan_between_nodes(&nodes, 1, 2);
+       let chan_1 = create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
+       let chan_2 = create_announced_chan_between_nodes(&nodes, 1, 2, LocalFeatures::new(), LocalFeatures::new());
 
        // Rebalance the network a bit by relaying one payment through all the channels...
        send_payment(&nodes[0], &vec!(&nodes[1], &nodes[2])[..], 8000000);
@@ -2022,11 +2183,11 @@ fn test_htlc_on_chain_timeout() {
        //            \                                  \
        //         B's HTLC timeout tx               B's timeout tx
 
-       let nodes = create_network(3);
+       let nodes = create_network(3, &[None, None, None]);
 
        // Create some intial channels
-       let chan_1 = create_announced_chan_between_nodes(&nodes, 0, 1);
-       let chan_2 = create_announced_chan_between_nodes(&nodes, 1, 2);
+       let chan_1 = create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
+       let chan_2 = create_announced_chan_between_nodes(&nodes, 1, 2, LocalFeatures::new(), LocalFeatures::new());
 
        // Rebalance the network a bit by relaying one payment thorugh all the channels...
        send_payment(&nodes[0], &vec!(&nodes[1], &nodes[2])[..], 8000000);
@@ -2087,6 +2248,7 @@ fn test_htlc_on_chain_timeout() {
        }
 
        nodes[1].chain_monitor.block_connected_with_filtering(&Block { header, txdata: vec![timeout_tx]}, 1);
+       connect_blocks(&nodes[1].chain_monitor, ANTI_REORG_DELAY - 1, 1, true, header.bitcoin_hash());
        check_added_monitors!(nodes[1], 0);
        check_closed_broadcast!(nodes[1]);
 
@@ -2129,11 +2291,11 @@ fn test_simple_commitment_revoked_fail_backward() {
        // Test that in case of a revoked commitment tx, we detect the resolution of output by justice tx
        // and fail backward accordingly.
 
-       let nodes = create_network(3);
+       let nodes = create_network(3, &[None, None, None]);
 
        // Create some initial channels
-       create_announced_chan_between_nodes(&nodes, 0, 1);
-       let chan_2 = create_announced_chan_between_nodes(&nodes, 1, 2);
+       create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
+       let chan_2 = create_announced_chan_between_nodes(&nodes, 1, 2, LocalFeatures::new(), LocalFeatures::new());
 
        let (payment_preimage, _payment_hash) = route_payment(&nodes[0], &[&nodes[1], &nodes[2]], 3000000);
        // Get the will-be-revoked local txn from nodes[2]
@@ -2145,6 +2307,7 @@ fn test_simple_commitment_revoked_fail_backward() {
 
        let header = BlockHeader { version: 0x20000000, prev_blockhash: Default::default(), merkle_root: Default::default(), time: 42, bits: 42, nonce: 42};
        nodes[1].chain_monitor.block_connected_with_filtering(&Block { header, txdata: vec![revoked_local_txn[0].clone()] }, 1);
+       connect_blocks(&nodes[1].chain_monitor, ANTI_REORG_DELAY - 1, 1, true, header.bitcoin_hash());
        check_added_monitors!(nodes[1], 0);
        check_closed_broadcast!(nodes[1]);
 
@@ -2196,11 +2359,11 @@ fn do_test_commitment_revoked_fail_backward_exhaustive(deliver_bs_raa: bool, use
        // * Once they remove it, we will send a (the first) commitment_signed without the HTLC,
        //   and once they revoke the previous commitment transaction (allowing us to send a new
        //   commitment_signed) we will be free to fail/fulfill the HTLC backwards.
-       let mut nodes = create_network(3);
+       let mut nodes = create_network(3, &[None, None, None]);
 
        // Create some initial channels
-       create_announced_chan_between_nodes(&nodes, 0, 1);
-       let chan_2 = create_announced_chan_between_nodes(&nodes, 1, 2);
+       create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
+       let chan_2 = create_announced_chan_between_nodes(&nodes, 1, 2, LocalFeatures::new(), LocalFeatures::new());
 
        let (payment_preimage, _payment_hash) = route_payment(&nodes[0], &[&nodes[1], &nodes[2]], if no_to_remote { 10_000 } else { 3_000_000 });
        // Get the will-be-revoked local txn from nodes[2]
@@ -2297,6 +2460,7 @@ fn do_test_commitment_revoked_fail_backward_exhaustive(deliver_bs_raa: bool, use
 
        let header = BlockHeader { version: 0x20000000, prev_blockhash: Default::default(), merkle_root: Default::default(), time: 42, bits: 42, nonce: 42};
        nodes[1].chain_monitor.block_connected_with_filtering(&Block { header, txdata: vec![revoked_local_txn[0].clone()] }, 1);
+       connect_blocks(&nodes[1].chain_monitor, ANTI_REORG_DELAY - 1, 1, true, header.bitcoin_hash());
 
        let events = nodes[1].node.get_and_clear_pending_events();
        assert_eq!(events.len(), if deliver_bs_raa { 1 } else { 2 });
@@ -2312,7 +2476,6 @@ fn do_test_commitment_revoked_fail_backward_exhaustive(deliver_bs_raa: bool, use
                        _ => panic!("Unexpected event"),
                };
        }
-       nodes[1].node.channel_state.lock().unwrap().next_forward = Instant::now();
        nodes[1].node.process_pending_htlc_forwards();
        check_added_monitors!(nodes[1], 1);
 
@@ -2407,8 +2570,8 @@ fn test_commitment_revoked_fail_backward_exhaustive_b() {
 fn test_htlc_ignore_latest_remote_commitment() {
        // Test that HTLC transactions spending the latest remote commitment transaction are simply
        // ignored if we cannot claim them. This originally tickled an invalid unwrap().
-       let nodes = create_network(2);
-       create_announced_chan_between_nodes(&nodes, 0, 1);
+       let nodes = create_network(2, &[None, None]);
+       create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
 
        route_payment(&nodes[0], &[&nodes[1]], 10000000);
        nodes[0].node.force_close_channel(&nodes[0].node.list_channels()[0].channel_id);
@@ -2429,9 +2592,9 @@ fn test_htlc_ignore_latest_remote_commitment() {
 #[test]
 fn test_force_close_fail_back() {
        // Check which HTLCs are failed-backwards on channel force-closure
-       let mut nodes = create_network(3);
-       create_announced_chan_between_nodes(&nodes, 0, 1);
-       create_announced_chan_between_nodes(&nodes, 1, 2);
+       let mut nodes = create_network(3, &[None, None, None]);
+       create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
+       create_announced_chan_between_nodes(&nodes, 1, 2, LocalFeatures::new(), LocalFeatures::new());
 
        let route = nodes[0].router.get_route(&nodes[2].node.get_our_node_id(), None, &Vec::new(), 1000000, 42).unwrap();
 
@@ -2486,7 +2649,7 @@ fn test_force_close_fail_back() {
        // Now check that if we add the preimage to ChannelMonitor it broadcasts our HTLC-Success..
        {
                let mut monitors = nodes[2].chan_monitor.simple_monitor.monitors.lock().unwrap();
-               monitors.get_mut(&OutPoint::new(Sha256dHash::from(&payment_event.commitment_msg.channel_id[..]), 0)).unwrap()
+               monitors.get_mut(&OutPoint::new(Sha256dHash::from_slice(&payment_event.commitment_msg.channel_id[..]).unwrap(), 0)).unwrap()
                        .provide_payment_preimage(&our_payment_hash, &our_payment_preimage);
        }
        nodes[2].chain_monitor.block_connected_checked(&header, 1, &[&tx], &[1]);
@@ -2503,8 +2666,8 @@ fn test_force_close_fail_back() {
 #[test]
 fn test_unconf_chan() {
        // After creating a chan between nodes, we disconnect all blocks previously seen to force a channel close on nodes[0] side
-       let nodes = create_network(2);
-       create_announced_chan_between_nodes(&nodes, 0, 1);
+       let nodes = create_network(2, &[None, None]);
+       create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
 
        let channel_state = nodes[0].node.channel_state.lock().unwrap();
        assert_eq!(channel_state.by_id.len(), 1);
@@ -2518,8 +2681,10 @@ fn test_unconf_chan() {
                header = BlockHeader { version: 0x20000000, prev_blockhash: header.bitcoin_hash(), merkle_root: Default::default(), time: 42, bits: 42, nonce: 42 };
                headers.push(header.clone());
        }
+       let mut height = 99;
        while !headers.is_empty() {
-               nodes[0].node.block_disconnected(&headers.pop().unwrap());
+               nodes[0].node.block_disconnected(&headers.pop().unwrap(), height);
+               height -= 1;
        }
        check_closed_broadcast!(nodes[0]);
        let channel_state = nodes[0].node.channel_state.lock().unwrap();
@@ -2530,9 +2695,9 @@ fn test_unconf_chan() {
 #[test]
 fn test_simple_peer_disconnect() {
        // Test that we can reconnect when there are no lost messages
-       let nodes = create_network(3);
-       create_announced_chan_between_nodes(&nodes, 0, 1);
-       create_announced_chan_between_nodes(&nodes, 1, 2);
+       let nodes = create_network(3, &[None, None, None]);
+       create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
+       create_announced_chan_between_nodes(&nodes, 1, 2, LocalFeatures::new(), LocalFeatures::new());
 
        nodes[0].node.peer_disconnected(&nodes[1].node.get_our_node_id(), false);
        nodes[1].node.peer_disconnected(&nodes[0].node.get_our_node_id(), false);
@@ -2583,12 +2748,12 @@ fn test_simple_peer_disconnect() {
 
 fn do_test_drop_messages_peer_disconnect(messages_delivered: u8) {
        // Test that we can reconnect when in-flight HTLC updates get dropped
-       let mut nodes = create_network(2);
+       let mut nodes = create_network(2, &[None, None]);
        if messages_delivered == 0 {
-               create_chan_between_nodes_with_value_a(&nodes[0], &nodes[1], 100000, 10001);
+               create_chan_between_nodes_with_value_a(&nodes[0], &nodes[1], 100000, 10001, LocalFeatures::new(), LocalFeatures::new());
                // nodes[1] doesn't receive the funding_locked message (it'll be re-sent on reconnect)
        } else {
-               create_announced_chan_between_nodes(&nodes, 0, 1);
+               create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
        }
 
        let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), Some(&nodes[0].node.list_usable_channels()), &Vec::new(), 1000000, TEST_FINAL_CLTV).unwrap();
@@ -2665,7 +2830,6 @@ fn do_test_drop_messages_peer_disconnect(messages_delivered: u8) {
        nodes[1].node.peer_disconnected(&nodes[0].node.get_our_node_id(), false);
        reconnect_nodes(&nodes[0], &nodes[1], (false, false), (0, 0), (0, 0), (0, 0), (0, 0), (false, false));
 
-       nodes[1].node.channel_state.lock().unwrap().next_forward = Instant::now();
        nodes[1].node.process_pending_htlc_forwards();
 
        let events_2 = nodes[1].node.get_and_clear_pending_events();
@@ -2790,8 +2954,8 @@ fn test_drop_messages_peer_disconnect_b() {
 #[test]
 fn test_funding_peer_disconnect() {
        // Test that we can lock in our funding tx while disconnected
-       let nodes = create_network(2);
-       let tx = create_chan_between_nodes_with_value_init(&nodes[0], &nodes[1], 100000, 10001);
+       let nodes = create_network(2, &[None, None]);
+       let tx = create_chan_between_nodes_with_value_init(&nodes[0], &nodes[1], 100000, 10001, LocalFeatures::new(), LocalFeatures::new());
 
        nodes[0].node.peer_disconnected(&nodes[1].node.get_our_node_id(), false);
        nodes[1].node.peer_disconnected(&nodes[0].node.get_our_node_id(), false);
@@ -2841,8 +3005,8 @@ fn test_funding_peer_disconnect() {
 fn test_drop_messages_peer_disconnect_dual_htlc() {
        // Test that we can handle reconnecting when both sides of a channel have pending
        // commitment_updates when we disconnect.
-       let mut nodes = create_network(2);
-       create_announced_chan_between_nodes(&nodes, 0, 1);
+       let mut nodes = create_network(2, &[None, None]);
+       create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
 
        let (payment_preimage_1, _) = route_payment(&nodes[0], &[&nodes[1]], 1000000);
 
@@ -2980,9 +3144,9 @@ fn test_drop_messages_peer_disconnect_dual_htlc() {
 fn test_invalid_channel_announcement() {
        //Test BOLT 7 channel_announcement msg requirement for final node, gather data to build customed channel_announcement msgs
        let secp_ctx = Secp256k1::new();
-       let nodes = create_network(2);
+       let nodes = create_network(2, &[None, None]);
 
-       let chan_announcement = create_chan_between_nodes(&nodes[0], &nodes[1]);
+       let chan_announcement = create_chan_between_nodes(&nodes[0], &nodes[1], LocalFeatures::new(), LocalFeatures::new());
 
        let a_channel_lock = nodes[0].node.channel_state.lock().unwrap();
        let b_channel_lock = nodes[1].node.channel_state.lock().unwrap();
@@ -3018,7 +3182,7 @@ fn test_invalid_channel_announcement() {
 
        macro_rules! sign_msg {
                ($unsigned_msg: expr) => {
-                       let msghash = Message::from_slice(&Sha256dHash::from_data(&$unsigned_msg.encode()[..])[..]).unwrap();
+                       let msghash = Message::from_slice(&Sha256dHash::hash(&$unsigned_msg.encode()[..])[..]).unwrap();
                        let as_bitcoin_sig = secp_ctx.sign(&msghash, &as_chan.get_local_keys().funding_key);
                        let bs_bitcoin_sig = secp_ctx.sign(&msghash, &bs_chan.get_local_keys().funding_key);
                        let as_node_sig = secp_ctx.sign(&msghash, &nodes[0].keys_manager.get_node_secret());
@@ -3045,16 +3209,16 @@ fn test_invalid_channel_announcement() {
        assert!(nodes[0].router.handle_channel_announcement(&chan_announcement).is_err());
 
        let mut unsigned_msg = dummy_unsigned_msg!();
-       unsigned_msg.chain_hash = Sha256dHash::from_data(&[1,2,3,4,5,6,7,8,9]);
+       unsigned_msg.chain_hash = Sha256dHash::hash(&[1,2,3,4,5,6,7,8,9]);
        sign_msg!(unsigned_msg);
        assert!(nodes[0].router.handle_channel_announcement(&chan_announcement).is_err());
 }
 
 #[test]
 fn test_no_txn_manager_serialize_deserialize() {
-       let mut nodes = create_network(2);
+       let mut nodes = create_network(2, &[None, None]);
 
-       let tx = create_chan_between_nodes_with_value_init(&nodes[0], &nodes[1], 100000, 10001);
+       let tx = create_chan_between_nodes_with_value_init(&nodes[0], &nodes[1], 100000, 10001, LocalFeatures::new(), LocalFeatures::new());
 
        nodes[1].node.peer_disconnected(&nodes[0].node.get_our_node_id(), false);
 
@@ -3062,14 +3226,14 @@ fn test_no_txn_manager_serialize_deserialize() {
        let mut chan_0_monitor_serialized = test_utils::TestVecWriter(Vec::new());
        nodes[0].chan_monitor.simple_monitor.monitors.lock().unwrap().iter().next().unwrap().1.write_for_disk(&mut chan_0_monitor_serialized).unwrap();
 
-       nodes[0].chan_monitor = Arc::new(test_utils::TestChannelMonitor::new(nodes[0].chain_monitor.clone(), nodes[0].tx_broadcaster.clone(), Arc::new(test_utils::TestLogger::new())));
+       nodes[0].chan_monitor = Arc::new(test_utils::TestChannelMonitor::new(nodes[0].chain_monitor.clone(), nodes[0].tx_broadcaster.clone(), Arc::new(test_utils::TestLogger::new()), Arc::new(test_utils::TestFeeEstimator { sat_per_kw: 253 })));
        let mut chan_0_monitor_read = &chan_0_monitor_serialized.0[..];
        let (_, chan_0_monitor) = <(Sha256dHash, ChannelMonitor)>::read(&mut chan_0_monitor_read, Arc::new(test_utils::TestLogger::new())).unwrap();
        assert!(chan_0_monitor_read.is_empty());
 
        let mut nodes_0_read = &nodes_0_serialized[..];
        let config = UserConfig::new();
-       let keys_manager = Arc::new(keysinterface::KeysManager::new(&nodes[0].node_seed, Network::Testnet, Arc::new(test_utils::TestLogger::new())));
+       let keys_manager = Arc::new(test_utils::TestKeysInterface::new(&nodes[0].node_seed, Network::Testnet, Arc::new(test_utils::TestLogger::new())));
        let (_, nodes_0_deserialized) = {
                let mut channel_monitors = HashMap::new();
                channel_monitors.insert(chan_0_monitor.get_funding_txo().unwrap(), &chan_0_monitor);
@@ -3116,8 +3280,8 @@ fn test_no_txn_manager_serialize_deserialize() {
 
 #[test]
 fn test_simple_manager_serialize_deserialize() {
-       let mut nodes = create_network(2);
-       create_announced_chan_between_nodes(&nodes, 0, 1);
+       let mut nodes = create_network(2, &[None, None]);
+       create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
 
        let (our_payment_preimage, _) = route_payment(&nodes[0], &[&nodes[1]], 1000000);
        let (_, our_payment_hash) = route_payment(&nodes[0], &[&nodes[1]], 1000000);
@@ -3128,13 +3292,13 @@ fn test_simple_manager_serialize_deserialize() {
        let mut chan_0_monitor_serialized = test_utils::TestVecWriter(Vec::new());
        nodes[0].chan_monitor.simple_monitor.monitors.lock().unwrap().iter().next().unwrap().1.write_for_disk(&mut chan_0_monitor_serialized).unwrap();
 
-       nodes[0].chan_monitor = Arc::new(test_utils::TestChannelMonitor::new(nodes[0].chain_monitor.clone(), nodes[0].tx_broadcaster.clone(), Arc::new(test_utils::TestLogger::new())));
+       nodes[0].chan_monitor = Arc::new(test_utils::TestChannelMonitor::new(nodes[0].chain_monitor.clone(), nodes[0].tx_broadcaster.clone(), Arc::new(test_utils::TestLogger::new()), Arc::new(test_utils::TestFeeEstimator { sat_per_kw: 253 })));
        let mut chan_0_monitor_read = &chan_0_monitor_serialized.0[..];
        let (_, chan_0_monitor) = <(Sha256dHash, ChannelMonitor)>::read(&mut chan_0_monitor_read, Arc::new(test_utils::TestLogger::new())).unwrap();
        assert!(chan_0_monitor_read.is_empty());
 
        let mut nodes_0_read = &nodes_0_serialized[..];
-       let keys_manager = Arc::new(keysinterface::KeysManager::new(&nodes[0].node_seed, Network::Testnet, Arc::new(test_utils::TestLogger::new())));
+       let keys_manager = Arc::new(test_utils::TestKeysInterface::new(&nodes[0].node_seed, Network::Testnet, Arc::new(test_utils::TestLogger::new())));
        let (_, nodes_0_deserialized) = {
                let mut channel_monitors = HashMap::new();
                channel_monitors.insert(chan_0_monitor.get_funding_txo().unwrap(), &chan_0_monitor);
@@ -3164,10 +3328,10 @@ fn test_simple_manager_serialize_deserialize() {
 #[test]
 fn test_manager_serialize_deserialize_inconsistent_monitor() {
        // Test deserializing a ChannelManager with an out-of-date ChannelMonitor
-       let mut nodes = create_network(4);
-       create_announced_chan_between_nodes(&nodes, 0, 1);
-       create_announced_chan_between_nodes(&nodes, 2, 0);
-       let (_, _, channel_id, funding_tx) = create_announced_chan_between_nodes(&nodes, 0, 3);
+       let mut nodes = create_network(4, &[None, None, None, None]);
+       create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
+       create_announced_chan_between_nodes(&nodes, 2, 0, LocalFeatures::new(), LocalFeatures::new());
+       let (_, _, channel_id, funding_tx) = create_announced_chan_between_nodes(&nodes, 0, 3, LocalFeatures::new(), LocalFeatures::new());
 
        let (our_payment_preimage, _) = route_payment(&nodes[2], &[&nodes[0], &nodes[1]], 1000000);
 
@@ -3188,7 +3352,7 @@ fn test_manager_serialize_deserialize_inconsistent_monitor() {
                node_0_monitors_serialized.push(writer.0);
        }
 
-       nodes[0].chan_monitor = Arc::new(test_utils::TestChannelMonitor::new(nodes[0].chain_monitor.clone(), nodes[0].tx_broadcaster.clone(), Arc::new(test_utils::TestLogger::new())));
+       nodes[0].chan_monitor = Arc::new(test_utils::TestChannelMonitor::new(nodes[0].chain_monitor.clone(), nodes[0].tx_broadcaster.clone(), Arc::new(test_utils::TestLogger::new()), Arc::new(test_utils::TestFeeEstimator { sat_per_kw: 253 })));
        let mut node_0_monitors = Vec::new();
        for serialized in node_0_monitors_serialized.iter() {
                let mut read = &serialized[..];
@@ -3198,7 +3362,7 @@ fn test_manager_serialize_deserialize_inconsistent_monitor() {
        }
 
        let mut nodes_0_read = &nodes_0_serialized[..];
-       let keys_manager = Arc::new(keysinterface::KeysManager::new(&nodes[0].node_seed, Network::Testnet, Arc::new(test_utils::TestLogger::new())));
+       let keys_manager = Arc::new(test_utils::TestKeysInterface::new(&nodes[0].node_seed, Network::Testnet, Arc::new(test_utils::TestLogger::new())));
        let (_, nodes_0_deserialized) = <(Sha256dHash, ChannelManager)>::read(&mut nodes_0_read, ChannelManagerReadArgs {
                default_config: UserConfig::new(),
                keys_manager,
@@ -3267,7 +3431,7 @@ macro_rules! check_spendable_outputs {
                                                                        };
                                                                        let secp_ctx = Secp256k1::new();
                                                                        let remotepubkey = PublicKey::from_secret_key(&secp_ctx, &key);
-                                                                       let witness_script = Address::p2pkh(&remotepubkey, Network::Testnet).script_pubkey();
+                                                                       let witness_script = Address::p2pkh(&::bitcoin::PublicKey{compressed: true, key: remotepubkey}, Network::Testnet).script_pubkey();
                                                                        let sighash = Message::from_slice(&bip143::SighashComponents::new(&spend_tx).sighash_all(&spend_tx.input[0], &witness_script, output.value)[..]).unwrap();
                                                                        let remotesig = secp_ctx.sign(&sighash, key);
                                                                        spend_tx.input[0].witness.push(remotesig.serialize_der().to_vec());
@@ -3322,7 +3486,7 @@ macro_rules! check_spendable_outputs {
                                                                        let secret = {
                                                                                match ExtendedPrivKey::new_master(Network::Testnet, &$node.node_seed) {
                                                                                        Ok(master_key) => {
-                                                                                               match master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx($der_idx)) {
+                                                                                               match master_key.ckd_priv(&secp_ctx, ChildNumber::from_hardened_idx($der_idx).expect("key space exhausted")) {
                                                                                                        Ok(key) => key,
                                                                                                        Err(_) => panic!("Your RNG is busted"),
                                                                                                }
@@ -3333,10 +3497,10 @@ macro_rules! check_spendable_outputs {
                                                                        let pubkey = ExtendedPubKey::from_private(&secp_ctx, &secret).public_key;
                                                                        let witness_script = Address::p2pkh(&pubkey, Network::Testnet).script_pubkey();
                                                                        let sighash = Message::from_slice(&bip143::SighashComponents::new(&spend_tx).sighash_all(&spend_tx.input[0], &witness_script, output.value)[..]).unwrap();
-                                                                       let sig = secp_ctx.sign(&sighash, &secret.secret_key);
+                                                                       let sig = secp_ctx.sign(&sighash, &secret.private_key.key);
                                                                        spend_tx.input[0].witness.push(sig.serialize_der().to_vec());
                                                                        spend_tx.input[0].witness[0].push(SigHashType::All as u8);
-                                                                       spend_tx.input[0].witness.push(pubkey.serialize().to_vec());
+                                                                       spend_tx.input[0].witness.push(pubkey.key.serialize().to_vec());
                                                                        txn.push(spend_tx);
                                                                },
                                                        }
@@ -3353,9 +3517,9 @@ macro_rules! check_spendable_outputs {
 #[test]
 fn test_claim_sizeable_push_msat() {
        // Incidentally test SpendableOutput event generation due to detection of to_local output on commitment tx
-       let nodes = create_network(2);
+       let nodes = create_network(2, &[None, None]);
 
-       let chan = create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 100000, 99000000);
+       let chan = create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 100000, 99000000, LocalFeatures::new(), LocalFeatures::new());
        nodes[1].node.force_close_channel(&chan.2);
        check_closed_broadcast!(nodes[1]);
        let node_txn = nodes[1].tx_broadcaster.txn_broadcasted.lock().unwrap();
@@ -3375,9 +3539,9 @@ fn test_claim_on_remote_sizeable_push_msat() {
        // Same test as previous, just test on remote commitment tx, as per_commitment_point registration changes following you're funder/fundee and
        // to_remote output is encumbered by a P2WPKH
 
-       let nodes = create_network(2);
+       let nodes = create_network(2, &[None, None]);
 
-       let chan = create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 100000, 99000000);
+       let chan = create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 100000, 99000000, LocalFeatures::new(), LocalFeatures::new());
        nodes[0].node.force_close_channel(&chan.2);
        check_closed_broadcast!(nodes[0]);
 
@@ -3400,9 +3564,9 @@ fn test_claim_on_remote_revoked_sizeable_push_msat() {
        // Same test as previous, just test on remote revoked commitment tx, as per_commitment_point registration changes following you're funder/fundee and
        // to_remote output is encumbered by a P2WPKH
 
-       let nodes = create_network(2);
+       let nodes = create_network(2, &[None, None]);
 
-       let chan = create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 100000, 59000000);
+       let chan = create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 100000, 59000000, LocalFeatures::new(), LocalFeatures::new());
        let payment_preimage = route_payment(&nodes[0], &vec!(&nodes[1])[..], 3000000).0;
        let revoked_local_txn = nodes[0].node.channel_state.lock().unwrap().by_id.get(&chan.2).unwrap().last_local_commitment_txn.clone();
        assert_eq!(revoked_local_txn[0].input.len(), 1);
@@ -3424,10 +3588,10 @@ fn test_claim_on_remote_revoked_sizeable_push_msat() {
 
 #[test]
 fn test_static_spendable_outputs_preimage_tx() {
-       let nodes = create_network(2);
+       let nodes = create_network(2, &[None, None]);
 
        // Create some initial channels
-       let chan_1 = create_announced_chan_between_nodes(&nodes, 0, 1);
+       let chan_1 = create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
 
        let payment_preimage = route_payment(&nodes[0], &vec!(&nodes[1])[..], 3000000).0;
 
@@ -3465,10 +3629,10 @@ fn test_static_spendable_outputs_preimage_tx() {
 
 #[test]
 fn test_static_spendable_outputs_justice_tx_revoked_commitment_tx() {
-       let nodes = create_network(2);
+       let nodes = create_network(2, &[None, None]);
 
        // Create some initial channels
-       let chan_1 = create_announced_chan_between_nodes(&nodes, 0, 1);
+       let chan_1 = create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
 
        let payment_preimage = route_payment(&nodes[0], &vec!(&nodes[1])[..], 3000000).0;
        let revoked_local_txn = nodes[0].node.channel_state.lock().unwrap().by_id.iter().next().unwrap().1.last_local_commitment_txn.clone();
@@ -3495,10 +3659,10 @@ fn test_static_spendable_outputs_justice_tx_revoked_commitment_tx() {
 
 #[test]
 fn test_static_spendable_outputs_justice_tx_revoked_htlc_timeout_tx() {
-       let nodes = create_network(2);
+       let nodes = create_network(2, &[None, None]);
 
        // Create some initial channels
-       let chan_1 = create_announced_chan_between_nodes(&nodes, 0, 1);
+       let chan_1 = create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
 
        let payment_preimage = route_payment(&nodes[0], &vec!(&nodes[1])[..], 3000000).0;
        let revoked_local_txn = nodes[0].node.channel_state.lock().unwrap().by_id.get(&chan_1.2).unwrap().last_local_commitment_txn.clone();
@@ -3539,10 +3703,10 @@ fn test_static_spendable_outputs_justice_tx_revoked_htlc_timeout_tx() {
 
 #[test]
 fn test_static_spendable_outputs_justice_tx_revoked_htlc_success_tx() {
-       let nodes = create_network(2);
+       let nodes = create_network(2, &[None, None]);
 
        // Create some initial channels
-       let chan_1 = create_announced_chan_between_nodes(&nodes, 0, 1);
+       let chan_1 = create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
 
        let payment_preimage = route_payment(&nodes[0], &vec!(&nodes[1])[..], 3000000).0;
        let revoked_local_txn = nodes[1].node.channel_state.lock().unwrap().by_id.get(&chan_1.2).unwrap().last_local_commitment_txn.clone();
@@ -3592,11 +3756,11 @@ fn test_onchain_to_onchain_claim() {
        // Finally, check that B will claim the HTLC output if A's latest commitment transaction
        // gets broadcast.
 
-       let nodes = create_network(3);
+       let nodes = create_network(3, &[None, None, None]);
 
        // Create some initial channels
-       let chan_1 = create_announced_chan_between_nodes(&nodes, 0, 1);
-       let chan_2 = create_announced_chan_between_nodes(&nodes, 1, 2);
+       let chan_1 = create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
+       let chan_2 = create_announced_chan_between_nodes(&nodes, 1, 2, LocalFeatures::new(), LocalFeatures::new());
 
        // Rebalance the network a bit by relaying one payment through all the channels ...
        send_payment(&nodes[0], &vec!(&nodes[1], &nodes[2])[..], 8000000);
@@ -3680,10 +3844,10 @@ fn test_onchain_to_onchain_claim() {
 fn test_duplicate_payment_hash_one_failure_one_success() {
        // Topology : A --> B --> C
        // We route 2 payments with same hash between B and C, one will be timeout, the other successfully claim
-       let mut nodes = create_network(3);
+       let mut nodes = create_network(3, &[None, None, None]);
 
-       create_announced_chan_between_nodes(&nodes, 0, 1);
-       let chan_2 = create_announced_chan_between_nodes(&nodes, 1, 2);
+       create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
+       let chan_2 = create_announced_chan_between_nodes(&nodes, 1, 2, LocalFeatures::new(), LocalFeatures::new());
 
        let (our_payment_preimage, duplicate_payment_hash) = route_payment(&nodes[0], &vec!(&nodes[1], &nodes[2])[..], 900000);
        *nodes[0].network_payment_count.borrow_mut() -= 1;
@@ -3740,6 +3904,7 @@ fn test_duplicate_payment_hash_one_failure_one_success() {
        check_spends!(htlc_success_txn[1], commitment_txn[0].clone());
 
        nodes[1].chain_monitor.block_connected_with_filtering(&Block { header, txdata: vec![htlc_timeout_tx] }, 200);
+       connect_blocks(&nodes[1].chain_monitor, ANTI_REORG_DELAY - 1, 200, true, header.bitcoin_hash());
        expect_pending_htlcs_forwardable!(nodes[1]);
        let htlc_updates = get_htlc_update_msgs!(nodes[1], nodes[0].node.get_our_node_id());
        assert!(htlc_updates.update_add_htlcs.is_empty());
@@ -3793,10 +3958,10 @@ fn test_duplicate_payment_hash_one_failure_one_success() {
 
 #[test]
 fn test_dynamic_spendable_outputs_local_htlc_success_tx() {
-       let nodes = create_network(2);
+       let nodes = create_network(2, &[None, None]);
 
        // Create some initial channels
-       let chan_1 = create_announced_chan_between_nodes(&nodes, 0, 1);
+       let chan_1 = create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
 
        let payment_preimage = route_payment(&nodes[0], &vec!(&nodes[1])[..], 9000000).0;
        let local_txn = nodes[1].node.channel_state.lock().unwrap().by_id.get(&chan_1.2).unwrap().last_local_commitment_txn.clone();
@@ -3842,13 +4007,13 @@ fn do_test_fail_backwards_unrevoked_remote_announce(deliver_last_raa: bool, anno
        //    - C - D -
        // B /         \ F
        // And test where C fails back to A/B when D announces its latest commitment transaction
-       let nodes = create_network(6);
+       let nodes = create_network(6, &[None, None, None, None, None, None]);
 
-       create_announced_chan_between_nodes(&nodes, 0, 2);
-       create_announced_chan_between_nodes(&nodes, 1, 2);
-       let chan = create_announced_chan_between_nodes(&nodes, 2, 3);
-       create_announced_chan_between_nodes(&nodes, 3, 4);
-       create_announced_chan_between_nodes(&nodes, 3, 5);
+       create_announced_chan_between_nodes(&nodes, 0, 2, LocalFeatures::new(), LocalFeatures::new());
+       create_announced_chan_between_nodes(&nodes, 1, 2, LocalFeatures::new(), LocalFeatures::new());
+       let chan = create_announced_chan_between_nodes(&nodes, 2, 3, LocalFeatures::new(), LocalFeatures::new());
+       create_announced_chan_between_nodes(&nodes, 3, 4, LocalFeatures::new(), LocalFeatures::new());
+       create_announced_chan_between_nodes(&nodes, 3, 5, LocalFeatures::new(), LocalFeatures::new());
 
        // Rebalance and check output sanity...
        send_payment(&nodes[0], &[&nodes[2], &nodes[3], &nodes[4]], 500000);
@@ -3958,6 +4123,7 @@ fn do_test_fail_backwards_unrevoked_remote_announce(deliver_last_raa: bool, anno
        } else {
                nodes[2].chain_monitor.block_connected_checked(&header, 1, &[&ds_prev_commitment_tx[0]], &[1; 1]);
        }
+       connect_blocks(&nodes[2].chain_monitor, ANTI_REORG_DELAY - 1, 1, true,  header.bitcoin_hash());
        check_closed_broadcast!(nodes[2]);
        expect_pending_htlcs_forwardable!(nodes[2]);
        check_added_monitors!(nodes[2], 2);
@@ -4080,10 +4246,10 @@ fn test_fail_backwards_previous_remote_announce() {
 
 #[test]
 fn test_dynamic_spendable_outputs_local_htlc_timeout_tx() {
-       let nodes = create_network(2);
+       let nodes = create_network(2, &[None, None]);
 
        // Create some initial channels
-       let chan_1 = create_announced_chan_between_nodes(&nodes, 0, 1);
+       let chan_1 = create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
 
        route_payment(&nodes[0], &vec!(&nodes[1])[..], 9000000).0;
        let local_txn = nodes[0].node.channel_state.lock().unwrap().by_id.get(&chan_1.2).unwrap().last_local_commitment_txn.clone();
@@ -4115,9 +4281,9 @@ fn test_dynamic_spendable_outputs_local_htlc_timeout_tx() {
 
 #[test]
 fn test_static_output_closing_tx() {
-       let nodes = create_network(2);
+       let nodes = create_network(2, &[None, None]);
 
-       let chan = create_announced_chan_between_nodes(&nodes, 0, 1);
+       let chan = create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
 
        send_payment(&nodes[0], &vec!(&nodes[1])[..], 8000000);
        let closing_tx = close_channel(&nodes[0], &nodes[1], &chan.2, chan.3, true).2;
@@ -4135,8 +4301,8 @@ fn test_static_output_closing_tx() {
 }
 
 fn do_htlc_claim_local_commitment_only(use_dust: bool) {
-       let nodes = create_network(2);
-       let chan = create_announced_chan_between_nodes(&nodes, 0, 1);
+       let nodes = create_network(2, &[None, None]);
+       let chan = create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
 
        let (our_payment_preimage, _) = route_payment(&nodes[0], &[&nodes[1]], if use_dust { 50000 } else { 3000000 });
 
@@ -4172,8 +4338,8 @@ fn do_htlc_claim_local_commitment_only(use_dust: bool) {
 }
 
 fn do_htlc_claim_current_remote_commitment_only(use_dust: bool) {
-       let mut nodes = create_network(2);
-       let chan = create_announced_chan_between_nodes(&nodes, 0, 1);
+       let mut nodes = create_network(2, &[None, None]);
+       let chan = create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
 
        let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &Vec::new(), if use_dust { 50000 } else { 3000000 }, TEST_FINAL_CLTV).unwrap();
        let (_, payment_hash) = get_payment_preimage_hash!(nodes[0]);
@@ -4187,7 +4353,7 @@ fn do_htlc_claim_current_remote_commitment_only(use_dust: bool) {
        // to "time out" the HTLC.
 
        let mut header = BlockHeader { version: 0x20000000, prev_blockhash: Default::default(), merkle_root: Default::default(), time: 42, bits: 42, nonce: 42 };
-       for i in 1..TEST_FINAL_CLTV + HTLC_FAIL_TIMEOUT_BLOCKS + CHAN_CONFIRM_DEPTH + 1 {
+       for i in 1..TEST_FINAL_CLTV + LATENCY_GRACE_PERIOD_BLOCKS + CHAN_CONFIRM_DEPTH + 1 {
                nodes[0].chain_monitor.block_connected_checked(&header, i, &Vec::new(), &Vec::new());
                header.prev_blockhash = header.bitcoin_hash();
        }
@@ -4196,8 +4362,8 @@ fn do_htlc_claim_current_remote_commitment_only(use_dust: bool) {
 }
 
 fn do_htlc_claim_previous_remote_commitment_only(use_dust: bool, check_revoke_no_close: bool) {
-       let nodes = create_network(3);
-       let chan = create_announced_chan_between_nodes(&nodes, 0, 1);
+       let nodes = create_network(3, &[None, None, None]);
+       let chan = create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
 
        // Fail the payment, but don't deliver A's final RAA, resulting in the HTLC only being present
        // in B's previous (unrevoked) commitment transaction, but none of A's commitment transactions.
@@ -4226,7 +4392,7 @@ fn do_htlc_claim_previous_remote_commitment_only(use_dust: bool, check_revoke_no
        }
 
        let mut header = BlockHeader { version: 0x20000000, prev_blockhash: Default::default(), merkle_root: Default::default(), time: 42, bits: 42, nonce: 42 };
-       for i in 1..TEST_FINAL_CLTV + HTLC_FAIL_TIMEOUT_BLOCKS + CHAN_CONFIRM_DEPTH + 1 {
+       for i in 1..TEST_FINAL_CLTV + LATENCY_GRACE_PERIOD_BLOCKS + CHAN_CONFIRM_DEPTH + 1 {
                nodes[0].chain_monitor.block_connected_checked(&header, i, &Vec::new(), &Vec::new());
                header.prev_blockhash = header.bitcoin_hash();
        }
@@ -4315,7 +4481,6 @@ fn run_onion_failure_test_with_fail_intercept<F1,F2,F3>(_name: &str, test_case:
        macro_rules! expect_htlc_forward {
                ($node: expr) => {{
                        expect_event!($node, Event::PendingHTLCsForwardable);
-                       $node.node.channel_state.lock().unwrap().next_forward = Instant::now();
                        $node.node.process_pending_htlc_forwards();
                }}
        }
@@ -4456,7 +4621,7 @@ impl msgs::ChannelUpdate {
                msgs::ChannelUpdate {
                        signature: Signature::from(FFISignature::new()),
                        contents: msgs::UnsignedChannelUpdate {
-                               chain_hash: Sha256dHash::from_data(&vec![0u8][..]),
+                               chain_hash: Sha256dHash::hash(&vec![0u8][..]),
                                short_channel_id: 0,
                                timestamp: 0,
                                flags: 0,
@@ -4481,11 +4646,11 @@ fn test_onion_failure() {
        const NODE: u16 = 0x2000;
        const UPDATE: u16 = 0x1000;
 
-       let mut nodes = create_network(3);
+       let mut nodes = create_network(3, &[None, None, None]);
        for node in nodes.iter() {
                *node.keys_manager.override_session_priv.lock().unwrap() = Some(SecretKey::from_slice(&[3; 32]).unwrap());
        }
-       let channels = [create_announced_chan_between_nodes(&nodes, 0, 1), create_announced_chan_between_nodes(&nodes, 1, 2)];
+       let channels = [create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new()), create_announced_chan_between_nodes(&nodes, 1, 2, LocalFeatures::new(), LocalFeatures::new())];
        let (_, payment_hash) = get_payment_preimage_hash!(nodes[0]);
        let route = nodes[0].router.get_route(&nodes[2].node.get_our_node_id(), None, &Vec::new(), 40000, TEST_FINAL_CLTV).unwrap();
        // positve case
@@ -4630,7 +4795,7 @@ fn test_onion_failure() {
        }, || {}, true, Some(UPDATE|13), Some(msgs::HTLCFailChannelUpdate::ChannelClosed { short_channel_id: channels[0].0.contents.short_channel_id, is_permanent: true}));
 
        run_onion_failure_test("expiry_too_soon", 0, &nodes, &route, &payment_hash, |msg| {
-               let height = msg.cltv_expiry - CLTV_CLAIM_BUFFER - HTLC_FAIL_TIMEOUT_BLOCKS + 1;
+               let height = msg.cltv_expiry - CLTV_CLAIM_BUFFER - LATENCY_GRACE_PERIOD_BLOCKS + 1;
                let header = BlockHeader { version: 0x20000000, prev_blockhash: Default::default(), merkle_root: Default::default(), time: 42, bits: 42, nonce: 42 };
                nodes[1].chain_monitor.block_connected_checked(&header, height, &Vec::new()[..], &[0; 0]);
        }, ||{}, true, Some(UPDATE|14), Some(msgs::HTLCFailChannelUpdate::ChannelUpdateMessage{msg: ChannelUpdate::dummy()}));
@@ -4640,7 +4805,7 @@ fn test_onion_failure() {
        }, false, Some(PERM|15), None);
 
        run_onion_failure_test("final_expiry_too_soon", 1, &nodes, &route, &payment_hash, |msg| {
-               let height = msg.cltv_expiry - CLTV_CLAIM_BUFFER - HTLC_FAIL_TIMEOUT_BLOCKS + 1;
+               let height = msg.cltv_expiry - CLTV_CLAIM_BUFFER - LATENCY_GRACE_PERIOD_BLOCKS + 1;
                let header = BlockHeader { version: 0x20000000, prev_blockhash: Default::default(), merkle_root: Default::default(), time: 42, bits: 42, nonce: 42 };
                nodes[2].chain_monitor.block_connected_checked(&header, height, &Vec::new()[..], &[0; 0]);
        }, || {}, true, Some(17), None);
@@ -4693,7 +4858,7 @@ fn test_onion_failure() {
 #[test]
 #[should_panic]
 fn bolt2_open_channel_sending_node_checks_part1() { //This test needs to be on its own as we are catching a panic
-       let nodes = create_network(2);
+       let nodes = create_network(2, &[None, None]);
        //Force duplicate channel ids
        for node in nodes.iter() {
                *node.keys_manager.override_channel_id_priv.lock().unwrap() = Some([0; 32]);
@@ -4704,7 +4869,7 @@ fn bolt2_open_channel_sending_node_checks_part1() { //This test needs to be on i
        let push_msat=10001;
        nodes[0].node.create_channel(nodes[1].node.get_our_node_id(), channel_value_satoshis, push_msat, 42).unwrap();
        let node0_to_1_send_open_channel = get_event_msg!(nodes[0], MessageSendEvent::SendOpenChannel, nodes[1].node.get_our_node_id());
-       nodes[1].node.handle_open_channel(&nodes[0].node.get_our_node_id(), &node0_to_1_send_open_channel).unwrap();
+       nodes[1].node.handle_open_channel(&nodes[0].node.get_our_node_id(), LocalFeatures::new(), &node0_to_1_send_open_channel).unwrap();
 
        //Create a second channel with a channel_id collision
        assert!(nodes[0].node.create_channel(nodes[0].node.get_our_node_id(), channel_value_satoshis, push_msat, 42).is_err());
@@ -4712,7 +4877,7 @@ fn bolt2_open_channel_sending_node_checks_part1() { //This test needs to be on i
 
 #[test]
 fn bolt2_open_channel_sending_node_checks_part2() {
-       let nodes = create_network(2);
+       let nodes = create_network(2, &[None, None]);
 
        // BOLT #2 spec: Sending node must set funding_satoshis to less than 2^24 satoshis
        let channel_value_satoshis=2^24;
@@ -4760,8 +4925,8 @@ fn bolt2_open_channel_sending_node_checks_part2() {
 fn test_update_add_htlc_bolt2_sender_value_below_minimum_msat() {
        //BOLT2 Requirement: MUST offer amount_msat greater than 0.
        //BOLT2 Requirement: MUST NOT offer amount_msat below the receiving node's htlc_minimum_msat (same validation check catches both of these)
-       let mut nodes = create_network(2);
-       let _chan = create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 100000, 95000000);
+       let mut nodes = create_network(2, &[None, None]);
+       let _chan = create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 100000, 95000000, LocalFeatures::new(), LocalFeatures::new());
        let mut route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], 100000, TEST_FINAL_CLTV).unwrap();
        let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
 
@@ -4780,8 +4945,8 @@ fn test_update_add_htlc_bolt2_sender_value_below_minimum_msat() {
 fn test_update_add_htlc_bolt2_sender_cltv_expiry_too_high() {
        //BOLT 2 Requirement: MUST set cltv_expiry less than 500000000.
        //It is enforced when constructing a route.
-       let mut nodes = create_network(2);
-       let _chan = create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 100000, 0);
+       let mut nodes = create_network(2, &[None, None]);
+       let _chan = create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 100000, 0, LocalFeatures::new(), LocalFeatures::new());
        let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], 100000000, 500000001).unwrap();
        let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
 
@@ -4799,8 +4964,8 @@ fn test_update_add_htlc_bolt2_sender_exceed_max_htlc_num_and_htlc_id_increment()
        //BOLT 2 Requirement: if result would be offering more than the remote's max_accepted_htlcs HTLCs, in the remote commitment transaction: MUST NOT add an HTLC.
        //BOLT 2 Requirement: for the first HTLC it offers MUST set id to 0.
        //BOLT 2 Requirement: MUST increase the value of id by 1 for each successive offer.
-       let mut nodes = create_network(2);
-       let chan = create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 1000000, 0);
+       let mut nodes = create_network(2, &[None, None]);
+       let chan = create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 1000000, 0, LocalFeatures::new(), LocalFeatures::new());
        let max_accepted_htlcs = nodes[1].node.channel_state.lock().unwrap().by_id.get(&chan.2).unwrap().their_max_accepted_htlcs as u64;
 
        for i in 0..max_accepted_htlcs {
@@ -4840,9 +5005,9 @@ fn test_update_add_htlc_bolt2_sender_exceed_max_htlc_num_and_htlc_id_increment()
 #[test]
 fn test_update_add_htlc_bolt2_sender_exceed_max_htlc_value_in_flight() {
        //BOLT 2 Requirement: if the sum of total offered HTLCs would exceed the remote's max_htlc_value_in_flight_msat: MUST NOT add an HTLC.
-       let mut nodes = create_network(2);
+       let mut nodes = create_network(2, &[None, None]);
        let channel_value = 100000;
-       let chan = create_announced_chan_between_nodes_with_value(&nodes, 0, 1, channel_value, 0);
+       let chan = create_announced_chan_between_nodes_with_value(&nodes, 0, 1, channel_value, 0, LocalFeatures::new(), LocalFeatures::new());
        let max_in_flight = get_channel_value_stat!(nodes[0], chan.2).their_max_htlc_value_in_flight_msat;
 
        send_payment(&nodes[0], &vec!(&nodes[1])[..], max_in_flight);
@@ -4864,8 +5029,8 @@ fn test_update_add_htlc_bolt2_sender_exceed_max_htlc_value_in_flight() {
 #[test]
 fn test_update_add_htlc_bolt2_receiver_check_amount_received_more_than_min() {
        //BOLT2 Requirement: receiving an amount_msat equal to 0, OR less than its own htlc_minimum_msat -> SHOULD fail the channel.
-       let mut nodes = create_network(2);
-       let chan = create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 100000, 95000000);
+       let mut nodes = create_network(2, &[None, None]);
+       let chan = create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 100000, 95000000, LocalFeatures::new(), LocalFeatures::new());
        let htlc_minimum_msat: u64;
        {
                let chan_lock = nodes[0].node.channel_state.lock().unwrap();
@@ -4891,8 +5056,8 @@ fn test_update_add_htlc_bolt2_receiver_check_amount_received_more_than_min() {
 #[test]
 fn test_update_add_htlc_bolt2_receiver_sender_can_afford_amount_sent() {
        //BOLT2 Requirement: receiving an amount_msat that the sending node cannot afford at the current feerate_per_kw (while maintaining its channel reserve): SHOULD fail the channel
-       let mut nodes = create_network(2);
-       let chan = create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 100000, 95000000);
+       let mut nodes = create_network(2, &[None, None]);
+       let chan = create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 100000, 95000000, LocalFeatures::new(), LocalFeatures::new());
 
        let their_channel_reserve = get_channel_value_stat!(nodes[0], chan.2).channel_reserve_msat;
 
@@ -4919,14 +5084,15 @@ fn test_update_add_htlc_bolt2_receiver_sender_can_afford_amount_sent() {
 fn test_update_add_htlc_bolt2_receiver_check_max_htlc_limit() {
        //BOLT 2 Requirement: if a sending node adds more than its max_accepted_htlcs HTLCs to its local commitment transaction: SHOULD fail the channel
        //BOLT 2 Requirement: MUST allow multiple HTLCs with the same payment_hash.
-       let mut nodes = create_network(2);
-       let chan = create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 100000, 95000000);
+       let mut nodes = create_network(2, &[None, None]);
+       let chan = create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 100000, 95000000, LocalFeatures::new(), LocalFeatures::new());
        let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], 3999999, TEST_FINAL_CLTV).unwrap();
        let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
 
        let session_priv = SecretKey::from_slice(&{
                let mut session_key = [0; 32];
-               rng::fill_bytes(&mut session_key);
+               let mut rng = thread_rng();
+               rng.fill_bytes(&mut session_key);
                session_key
        }).expect("RNG is bad!");
 
@@ -4964,8 +5130,8 @@ fn test_update_add_htlc_bolt2_receiver_check_max_htlc_limit() {
 #[test]
 fn test_update_add_htlc_bolt2_receiver_check_max_in_flight_msat() {
        //OR adds more than its max_htlc_value_in_flight_msat worth of offered HTLCs to its local commitment transaction: SHOULD fail the channel
-       let mut nodes = create_network(2);
-       let chan = create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 1000000, 1000000);
+       let mut nodes = create_network(2, &[None, None]);
+       let chan = create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 1000000, 1000000, LocalFeatures::new(), LocalFeatures::new());
        let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], 1000000, TEST_FINAL_CLTV).unwrap();
        let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
        nodes[0].node.send_payment(route, our_payment_hash).unwrap();
@@ -4987,8 +5153,8 @@ fn test_update_add_htlc_bolt2_receiver_check_max_in_flight_msat() {
 #[test]
 fn test_update_add_htlc_bolt2_receiver_check_cltv_expiry() {
        //BOLT2 Requirement: if sending node sets cltv_expiry to greater or equal to 500000000: SHOULD fail the channel.
-       let mut nodes = create_network(2);
-       create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 100000, 95000000);
+       let mut nodes = create_network(2, &[None, None]);
+       create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 100000, 95000000, LocalFeatures::new(), LocalFeatures::new());
        let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], 3999999, TEST_FINAL_CLTV).unwrap();
        let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
        nodes[0].node.send_payment(route, our_payment_hash).unwrap();
@@ -5012,8 +5178,8 @@ fn test_update_add_htlc_bolt2_receiver_check_repeated_id_ignore() {
        //BOLT 2 requirement: if the sender did not previously acknowledge the commitment of that HTLC: MUST ignore a repeated id value after a reconnection.
        // We test this by first testing that that repeated HTLCs pass commitment signature checks
        // after disconnect and that non-sequential htlc_ids result in a channel failure.
-       let mut nodes = create_network(2);
-       create_announced_chan_between_nodes(&nodes, 0, 1);
+       let mut nodes = create_network(2, &[None, None]);
+       create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
        let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], 1000000, TEST_FINAL_CLTV).unwrap();
        let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
        nodes[0].node.send_payment(route, our_payment_hash).unwrap();
@@ -5057,8 +5223,8 @@ fn test_update_add_htlc_bolt2_receiver_check_repeated_id_ignore() {
 fn test_update_fulfill_htlc_bolt2_update_fulfill_htlc_before_commitment() {
        //BOLT 2 Requirement: until the corresponding HTLC is irrevocably committed in both sides' commitment transactions:     MUST NOT send an update_fulfill_htlc, update_fail_htlc, or update_fail_malformed_htlc.
 
-       let mut nodes = create_network(2);
-       let chan = create_announced_chan_between_nodes(&nodes, 0, 1);
+       let mut nodes = create_network(2, &[None, None]);
+       let chan = create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
 
        let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], 1000000, TEST_FINAL_CLTV).unwrap();
        let (our_payment_preimage, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
@@ -5089,8 +5255,8 @@ fn test_update_fulfill_htlc_bolt2_update_fulfill_htlc_before_commitment() {
 fn test_update_fulfill_htlc_bolt2_update_fail_htlc_before_commitment() {
        //BOLT 2 Requirement: until the corresponding HTLC is irrevocably committed in both sides' commitment transactions:     MUST NOT send an update_fulfill_htlc, update_fail_htlc, or update_fail_malformed_htlc.
 
-       let mut nodes = create_network(2);
-       let chan = create_announced_chan_between_nodes(&nodes, 0, 1);
+       let mut nodes = create_network(2, &[None, None]);
+       let chan = create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
 
        let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], 1000000, TEST_FINAL_CLTV).unwrap();
        let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
@@ -5121,8 +5287,8 @@ fn test_update_fulfill_htlc_bolt2_update_fail_htlc_before_commitment() {
 fn test_update_fulfill_htlc_bolt2_update_fail_malformed_htlc_before_commitment() {
        //BOLT 2 Requirement: until the corresponding HTLC is irrevocably committed in both sides' commitment transactions:     MUST NOT send an update_fulfill_htlc, update_fail_htlc, or update_fail_malformed_htlc.
 
-       let mut nodes = create_network(2);
-       let chan = create_announced_chan_between_nodes(&nodes, 0, 1);
+       let mut nodes = create_network(2, &[None, None]);
+       let chan = create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
 
        let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], 1000000, TEST_FINAL_CLTV).unwrap();
        let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
@@ -5154,8 +5320,8 @@ fn test_update_fulfill_htlc_bolt2_update_fail_malformed_htlc_before_commitment()
 fn test_update_fulfill_htlc_bolt2_incorrect_htlc_id() {
        //BOLT 2 Requirement: A receiving node: if the id does not correspond to an HTLC in its current commitment transaction MUST fail the channel.
 
-       let nodes = create_network(2);
-       create_announced_chan_between_nodes(&nodes, 0, 1);
+       let nodes = create_network(2, &[None, None]);
+       create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
 
        let our_payment_preimage = route_payment(&nodes[0], &[&nodes[1]], 100000).0;
 
@@ -5195,8 +5361,8 @@ fn test_update_fulfill_htlc_bolt2_incorrect_htlc_id() {
 fn test_update_fulfill_htlc_bolt2_wrong_preimage() {
        //BOLT 2 Requirement: A receiving node: if the payment_preimage value in update_fulfill_htlc doesn't SHA256 hash to the corresponding HTLC payment_hash MUST fail the channel.
 
-       let nodes = create_network(2);
-       create_announced_chan_between_nodes(&nodes, 0, 1);
+       let nodes = create_network(2, &[None, None]);
+       create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
 
        let our_payment_preimage = route_payment(&nodes[0], &[&nodes[1]], 100000).0;
 
@@ -5237,8 +5403,8 @@ fn test_update_fulfill_htlc_bolt2_wrong_preimage() {
 fn test_update_fulfill_htlc_bolt2_missing_badonion_bit_for_malformed_htlc_message() {
        //BOLT 2 Requirement: A receiving node: if the BADONION bit in failure_code is not set for update_fail_malformed_htlc MUST fail the channel.
 
-       let mut nodes = create_network(2);
-       create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 1000000, 1000000);
+       let mut nodes = create_network(2, &[None, None]);
+       create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 1000000, 1000000, LocalFeatures::new(), LocalFeatures::new());
        let route = nodes[0].router.get_route(&nodes[1].node.get_our_node_id(), None, &[], 1000000, TEST_FINAL_CLTV).unwrap();
        let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
        nodes[0].node.send_payment(route, our_payment_hash).unwrap();
@@ -5283,9 +5449,9 @@ fn test_update_fulfill_htlc_bolt2_after_malformed_htlc_message_must_forward_upda
        //BOLT 2 Requirement: a receiving node which has an outgoing HTLC canceled by update_fail_malformed_htlc:
        //    * MUST return an error in the update_fail_htlc sent to the link which originally sent the HTLC, using the failure_code given and setting the data to sha256_of_onion.
 
-       let mut nodes = create_network(3);
-       create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 1000000, 1000000);
-       create_announced_chan_between_nodes_with_value(&nodes, 1, 2, 1000000, 1000000);
+       let mut nodes = create_network(3, &[None, None, None]);
+       create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 1000000, 1000000, LocalFeatures::new(), LocalFeatures::new());
+       create_announced_chan_between_nodes_with_value(&nodes, 1, 2, 1000000, 1000000, LocalFeatures::new(), LocalFeatures::new());
 
        let route = nodes[0].router.get_route(&nodes[2].node.get_our_node_id(), None, &Vec::new(), 100000, TEST_FINAL_CLTV).unwrap();
        let (_, our_payment_hash) = get_payment_preimage_hash!(nodes[0]);
@@ -5352,3 +5518,430 @@ fn test_update_fulfill_htlc_bolt2_after_malformed_htlc_message_must_forward_upda
 
        check_added_monitors!(nodes[1], 1);
 }
+
+fn do_test_failure_delay_dust_htlc_local_commitment(announce_latest: bool) {
+       // Dust-HTLC failure updates must be delayed until failure-trigger tx (in this case local commitment) reach ANTI_REORG_DELAY
+       // We can have at most two valid local commitment tx, so both cases must be covered, and both txs must be checked to get them all as
+       // HTLC could have been removed from lastest local commitment tx but still valid until we get remote RAA
+
+       let nodes = create_network(2, &[None, None]);
+       let chan =create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
+
+       let bs_dust_limit = nodes[1].node.channel_state.lock().unwrap().by_id.get(&chan.2).unwrap().our_dust_limit_satoshis;
+
+       // We route 2 dust-HTLCs between A and B
+       let (_, payment_hash_1) = route_payment(&nodes[0], &[&nodes[1]], bs_dust_limit*1000);
+       let (_, payment_hash_2) = route_payment(&nodes[0], &[&nodes[1]], bs_dust_limit*1000);
+       route_payment(&nodes[0], &[&nodes[1]], 1000000);
+
+       // Cache one local commitment tx as previous
+       let as_prev_commitment_tx = nodes[0].node.channel_state.lock().unwrap().by_id.get(&chan.2).unwrap().last_local_commitment_txn.clone();
+
+       // Fail one HTLC to prune it in the will-be-latest-local commitment tx
+       assert!(nodes[1].node.fail_htlc_backwards(&payment_hash_2));
+       check_added_monitors!(nodes[1], 0);
+       expect_pending_htlcs_forwardable!(nodes[1]);
+       check_added_monitors!(nodes[1], 1);
+
+       let remove = get_htlc_update_msgs!(nodes[1], nodes[0].node.get_our_node_id());
+       nodes[0].node.handle_update_fail_htlc(&nodes[1].node.get_our_node_id(), &remove.update_fail_htlcs[0]).unwrap();
+       nodes[0].node.handle_commitment_signed(&nodes[1].node.get_our_node_id(), &remove.commitment_signed).unwrap();
+       check_added_monitors!(nodes[0], 1);
+
+       // Cache one local commitment tx as lastest
+       let as_last_commitment_tx = nodes[0].node.channel_state.lock().unwrap().by_id.get(&chan.2).unwrap().last_local_commitment_txn.clone();
+
+       let events = nodes[0].node.get_and_clear_pending_msg_events();
+       match events[0] {
+               MessageSendEvent::SendRevokeAndACK { node_id, .. } => {
+                       assert_eq!(node_id, nodes[1].node.get_our_node_id());
+               },
+               _ => panic!("Unexpected event"),
+       }
+       match events[1] {
+               MessageSendEvent::UpdateHTLCs { node_id, .. } => {
+                       assert_eq!(node_id, nodes[1].node.get_our_node_id());
+               },
+               _ => panic!("Unexpected event"),
+       }
+
+       assert_ne!(as_prev_commitment_tx, as_last_commitment_tx);
+       // Fail the 2 dust-HTLCs, move their failure in maturation buffer (htlc_updated_waiting_threshold_conf)
+       let header = BlockHeader { version: 0x20000000, prev_blockhash: Default::default(), merkle_root: Default::default(), time: 42, bits: 42, nonce: 42 };
+       if announce_latest {
+               nodes[0].chain_monitor.block_connected_checked(&header, 1, &[&as_last_commitment_tx[0]], &[1; 1]);
+       } else {
+               nodes[0].chain_monitor.block_connected_checked(&header, 1, &[&as_prev_commitment_tx[0]], &[1; 1]);
+       }
+
+       let events = nodes[0].node.get_and_clear_pending_msg_events();
+       assert_eq!(events.len(), 1);
+       match events[0] {
+               MessageSendEvent::BroadcastChannelUpdate { .. } => {},
+               _ => panic!("Unexpected event"),
+       }
+
+       assert_eq!(nodes[0].node.get_and_clear_pending_events().len(), 0);
+       connect_blocks(&nodes[0].chain_monitor, ANTI_REORG_DELAY - 1, 1, true,  header.bitcoin_hash());
+       let events = nodes[0].node.get_and_clear_pending_events();
+       // Only 2 PaymentFailed events should show up, over-dust HTLC has to be failed by timeout tx
+       assert_eq!(events.len(), 2);
+       let mut first_failed = false;
+       for event in events {
+               match event {
+                       Event::PaymentFailed { payment_hash, .. } => {
+                               if payment_hash == payment_hash_1 {
+                                       assert!(!first_failed);
+                                       first_failed = true;
+                               } else {
+                                       assert_eq!(payment_hash, payment_hash_2);
+                               }
+                       }
+                       _ => panic!("Unexpected event"),
+               }
+       }
+}
+
+#[test]
+fn test_failure_delay_dust_htlc_local_commitment() {
+       do_test_failure_delay_dust_htlc_local_commitment(true);
+       do_test_failure_delay_dust_htlc_local_commitment(false);
+}
+
+#[test]
+fn test_no_failure_dust_htlc_local_commitment() {
+       // Transaction filters for failing back dust htlc based on local commitment txn infos has been
+       // prone to error, we test here that a dummy transaction don't fail them.
+
+       let nodes = create_network(2, &[None, None]);
+       let chan = create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
+
+       // Rebalance a bit
+       send_payment(&nodes[0], &vec!(&nodes[1])[..], 8000000);
+
+       let as_dust_limit = nodes[0].node.channel_state.lock().unwrap().by_id.get(&chan.2).unwrap().our_dust_limit_satoshis;
+       let bs_dust_limit = nodes[1].node.channel_state.lock().unwrap().by_id.get(&chan.2).unwrap().our_dust_limit_satoshis;
+
+       // We route 2 dust-HTLCs between A and B
+       let (preimage_1, _) = route_payment(&nodes[0], &[&nodes[1]], bs_dust_limit*1000);
+       let (preimage_2, _) = route_payment(&nodes[1], &[&nodes[0]], as_dust_limit*1000);
+
+       // Build a dummy invalid transaction trying to spend a commitment tx
+       let input = TxIn {
+               previous_output: BitcoinOutPoint { txid: chan.3.txid(), vout: 0 },
+               script_sig: Script::new(),
+               sequence: 0,
+               witness: Vec::new(),
+       };
+
+       let outp = TxOut {
+               script_pubkey: Builder::new().push_opcode(opcodes::all::OP_RETURN).into_script(),
+               value: 10000,
+       };
+
+       let dummy_tx = Transaction {
+               version: 2,
+               lock_time: 0,
+               input: vec![input],
+               output: vec![outp]
+       };
+
+       let header = BlockHeader { version: 0x20000000, prev_blockhash: Default::default(), merkle_root: Default::default(), time: 42, bits: 42, nonce: 42 };
+       nodes[0].chan_monitor.simple_monitor.block_connected(&header, 1, &[&dummy_tx], &[1;1]);
+       assert_eq!(nodes[0].node.get_and_clear_pending_events().len(), 0);
+       assert_eq!(nodes[0].node.get_and_clear_pending_msg_events().len(), 0);
+       // We broadcast a few more block to check everything is all right
+       connect_blocks(&nodes[0].chain_monitor, 20, 1, true,  header.bitcoin_hash());
+       assert_eq!(nodes[0].node.get_and_clear_pending_events().len(), 0);
+       assert_eq!(nodes[0].node.get_and_clear_pending_msg_events().len(), 0);
+
+       claim_payment(&nodes[0], &vec!(&nodes[1])[..], preimage_1);
+       claim_payment(&nodes[1], &vec!(&nodes[0])[..], preimage_2);
+}
+
+fn do_test_sweep_outbound_htlc_failure_update(revoked: bool, local: bool) {
+       // Outbound HTLC-failure updates must be cancelled if we get a reorg before we reach ANTI_REORG_DELAY.
+       // Broadcast of revoked remote commitment tx, trigger failure-update of dust/non-dust HTLCs
+       // Broadcast of remote commitment tx, trigger failure-update of dust-HTLCs
+       // Broadcast of timeout tx on remote commitment tx, trigger failure-udate of non-dust HTLCs
+       // Broadcast of local commitment tx, trigger failure-update of dust-HTLCs
+       // Broadcast of HTLC-timeout tx on local commitment tx, trigger failure-update of non-dust HTLCs
+
+       let nodes = create_network(3, &[None, None, None]);
+       let chan = create_announced_chan_between_nodes(&nodes, 0, 1, LocalFeatures::new(), LocalFeatures::new());
+
+       let bs_dust_limit = nodes[1].node.channel_state.lock().unwrap().by_id.get(&chan.2).unwrap().our_dust_limit_satoshis;
+
+       let (_payment_preimage_1, dust_hash) = route_payment(&nodes[0], &[&nodes[1]], bs_dust_limit*1000);
+       let (_payment_preimage_2, non_dust_hash) = route_payment(&nodes[0], &[&nodes[1]], 1000000);
+
+       let as_commitment_tx = nodes[0].node.channel_state.lock().unwrap().by_id.get(&chan.2).unwrap().last_local_commitment_txn.clone();
+       let bs_commitment_tx = nodes[1].node.channel_state.lock().unwrap().by_id.get(&chan.2).unwrap().last_local_commitment_txn.clone();
+
+       // We revoked bs_commitment_tx
+       if revoked {
+               let (payment_preimage_3, _) = route_payment(&nodes[0], &[&nodes[1]], 1000000);
+               claim_payment(&nodes[0], &vec!(&nodes[1])[..], payment_preimage_3);
+       }
+
+       let header = BlockHeader { version: 0x20000000, prev_blockhash: Default::default(), merkle_root: Default::default(), time: 42, bits: 42, nonce: 42 };
+       let mut timeout_tx = Vec::new();
+       if local {
+               // We fail dust-HTLC 1 by broadcast of local commitment tx
+               nodes[0].chain_monitor.block_connected_checked(&header, 1, &[&as_commitment_tx[0]], &[1; 1]);
+               let events = nodes[0].node.get_and_clear_pending_msg_events();
+               assert_eq!(events.len(), 1);
+               match events[0] {
+                       MessageSendEvent::BroadcastChannelUpdate { .. } => {},
+                       _ => panic!("Unexpected event"),
+               }
+               assert_eq!(nodes[0].node.get_and_clear_pending_events().len(), 0);
+               timeout_tx.push(nodes[0].tx_broadcaster.txn_broadcasted.lock().unwrap()[0].clone());
+               let parent_hash  = connect_blocks(&nodes[0].chain_monitor, ANTI_REORG_DELAY - 1, 2, true, header.bitcoin_hash());
+               let events = nodes[0].node.get_and_clear_pending_events();
+               assert_eq!(events.len(), 1);
+               match events[0] {
+                       Event::PaymentFailed { payment_hash, .. } => {
+                               assert_eq!(payment_hash, dust_hash);
+                       },
+                       _ => panic!("Unexpected event"),
+               }
+               assert_eq!(timeout_tx[0].input[0].witness.last().unwrap().len(), OFFERED_HTLC_SCRIPT_WEIGHT);
+               // We fail non-dust-HTLC 2 by broadcast of local HTLC-timeout tx on local commitment tx
+               let header_2 = BlockHeader { version: 0x20000000, prev_blockhash: parent_hash, merkle_root: Default::default(), time: 42, bits: 42, nonce: 42 };
+               assert_eq!(nodes[0].node.get_and_clear_pending_events().len(), 0);
+               nodes[0].chain_monitor.block_connected_checked(&header_2, 7, &[&timeout_tx[0]], &[1; 1]);
+               let header_3 = BlockHeader { version: 0x20000000, prev_blockhash: header_2.bitcoin_hash(), merkle_root: Default::default(), time: 42, bits: 42, nonce: 42 };
+               connect_blocks(&nodes[0].chain_monitor, ANTI_REORG_DELAY - 1, 8, true, header_3.bitcoin_hash());
+               let events = nodes[0].node.get_and_clear_pending_events();
+               assert_eq!(events.len(), 1);
+               match events[0] {
+                       Event::PaymentFailed { payment_hash, .. } => {
+                               assert_eq!(payment_hash, non_dust_hash);
+                       },
+                       _ => panic!("Unexpected event"),
+               }
+       } else {
+               // We fail dust-HTLC 1 by broadcast of remote commitment tx. If revoked, fail also non-dust HTLC
+               nodes[0].chain_monitor.block_connected_checked(&header, 1, &[&bs_commitment_tx[0]], &[1; 1]);
+               assert_eq!(nodes[0].node.get_and_clear_pending_events().len(), 0);
+               let events = nodes[0].node.get_and_clear_pending_msg_events();
+               assert_eq!(events.len(), 1);
+               match events[0] {
+                       MessageSendEvent::BroadcastChannelUpdate { .. } => {},
+                       _ => panic!("Unexpected event"),
+               }
+               timeout_tx.push(nodes[0].tx_broadcaster.txn_broadcasted.lock().unwrap()[0].clone());
+               let parent_hash  = connect_blocks(&nodes[0].chain_monitor, ANTI_REORG_DELAY - 1, 2, true, header.bitcoin_hash());
+               let header_2 = BlockHeader { version: 0x20000000, prev_blockhash: parent_hash, merkle_root: Default::default(), time: 42, bits: 42, nonce: 42 };
+               if !revoked {
+                       let events = nodes[0].node.get_and_clear_pending_events();
+                       assert_eq!(events.len(), 1);
+                       match events[0] {
+                               Event::PaymentFailed { payment_hash, .. } => {
+                                       assert_eq!(payment_hash, dust_hash);
+                               },
+                               _ => panic!("Unexpected event"),
+                       }
+                       assert_eq!(timeout_tx[0].input[0].witness.last().unwrap().len(), ACCEPTED_HTLC_SCRIPT_WEIGHT);
+                       // We fail non-dust-HTLC 2 by broadcast of local timeout tx on remote commitment tx
+                       nodes[0].chain_monitor.block_connected_checked(&header_2, 7, &[&timeout_tx[0]], &[1; 1]);
+                       assert_eq!(nodes[0].node.get_and_clear_pending_events().len(), 0);
+                       let header_3 = BlockHeader { version: 0x20000000, prev_blockhash: header_2.bitcoin_hash(), merkle_root: Default::default(), time: 42, bits: 42, nonce: 42 };
+                       connect_blocks(&nodes[0].chain_monitor, ANTI_REORG_DELAY - 1, 8, true, header_3.bitcoin_hash());
+                       let events = nodes[0].node.get_and_clear_pending_events();
+                       assert_eq!(events.len(), 1);
+                       match events[0] {
+                               Event::PaymentFailed { payment_hash, .. } => {
+                                       assert_eq!(payment_hash, non_dust_hash);
+                               },
+                               _ => panic!("Unexpected event"),
+                       }
+               } else {
+                       // If revoked, both dust & non-dust HTLCs should have been failed after ANTI_REORG_DELAY confs of revoked
+                       // commitment tx
+                       let events = nodes[0].node.get_and_clear_pending_events();
+                       assert_eq!(events.len(), 2);
+                       let first;
+                       match events[0] {
+                               Event::PaymentFailed { payment_hash, .. } => {
+                                       if payment_hash == dust_hash { first = true; }
+                                       else { first = false; }
+                               },
+                               _ => panic!("Unexpected event"),
+                       }
+                       match events[1] {
+                               Event::PaymentFailed { payment_hash, .. } => {
+                                       if first { assert_eq!(payment_hash, non_dust_hash); }
+                                       else { assert_eq!(payment_hash, dust_hash); }
+                               },
+                               _ => panic!("Unexpected event"),
+                       }
+               }
+       }
+}
+
+#[test]
+fn test_sweep_outbound_htlc_failure_update() {
+       do_test_sweep_outbound_htlc_failure_update(false, true);
+       do_test_sweep_outbound_htlc_failure_update(false, false);
+       do_test_sweep_outbound_htlc_failure_update(true, false);
+}
+
+#[test]
+fn test_upfront_shutdown_script() {
+       // BOLT 2 : Option upfront shutdown script, if peer commit its closing_script at channel opening
+       // enforce it at shutdown message
+
+       let mut config = UserConfig::new();
+       config.channel_options.announced_channel = true;
+       config.peer_channel_config_limits.force_announced_channel_preference = false;
+       config.channel_options.commit_upfront_shutdown_pubkey = false;
+       let nodes = create_network(3, &[None, Some(config), None]);
+
+       // We test that in case of peer committing upfront to a script, if it changes at closing, we refuse to sign
+       let flags = LocalFeatures::new();
+       let chan = create_announced_chan_between_nodes_with_value(&nodes, 0, 2, 1000000, 1000000, flags.clone(), flags.clone());
+       nodes[0].node.close_channel(&OutPoint::new(chan.3.txid(), 0).to_channel_id()).unwrap();
+       let mut node_0_shutdown = get_event_msg!(nodes[0], MessageSendEvent::SendShutdown, nodes[2].node.get_our_node_id());
+       node_0_shutdown.scriptpubkey = Builder::new().push_opcode(opcodes::all::OP_RETURN).into_script().to_p2sh();
+       // Test we enforce upfront_scriptpbukey if by providing a diffrent one at closing that  we disconnect peer
+       if let Err(error) = nodes[2].node.handle_shutdown(&nodes[0].node.get_our_node_id(), &node_0_shutdown) {
+               if let Some(error) = error.action {
+                       match error {
+                               ErrorAction::SendErrorMessage { msg } => {
+                                       assert_eq!(msg.data,"Got shutdown request with a scriptpubkey which did not match their previous scriptpubkey");
+                               },
+                               _ => { assert!(false); }
+                       }
+               } else { assert!(false); }
+       } else { assert!(false); }
+       let events = nodes[2].node.get_and_clear_pending_msg_events();
+       assert_eq!(events.len(), 1);
+       match events[0] {
+               MessageSendEvent::BroadcastChannelUpdate { .. } => {},
+               _ => panic!("Unexpected event"),
+       }
+
+       // We test that in case of peer committing upfront to a script, if it doesn't change at closing, we sign
+       let chan = create_announced_chan_between_nodes_with_value(&nodes, 0, 2, 1000000, 1000000, flags.clone(), flags.clone());
+       nodes[0].node.close_channel(&OutPoint::new(chan.3.txid(), 0).to_channel_id()).unwrap();
+       let node_0_shutdown = get_event_msg!(nodes[0], MessageSendEvent::SendShutdown, nodes[2].node.get_our_node_id());
+       // We test that in case of peer committing upfront to a script, if it oesn't change at closing, we sign
+       if let Ok(_) = nodes[2].node.handle_shutdown(&nodes[0].node.get_our_node_id(), &node_0_shutdown) {}
+       else { assert!(false) }
+       let events = nodes[2].node.get_and_clear_pending_msg_events();
+       assert_eq!(events.len(), 1);
+       match events[0] {
+               MessageSendEvent::SendShutdown { node_id, .. } => { assert_eq!(node_id, nodes[0].node.get_our_node_id()) }
+               _ => panic!("Unexpected event"),
+       }
+
+       // We test that if case of peer non-signaling we don't enforce committed script at channel opening
+       let mut flags_no = LocalFeatures::new();
+       flags_no.unset_upfront_shutdown_script();
+       let chan = create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 1000000, 1000000, flags_no, flags.clone());
+       nodes[0].node.close_channel(&OutPoint::new(chan.3.txid(), 0).to_channel_id()).unwrap();
+       let mut node_1_shutdown = get_event_msg!(nodes[0], MessageSendEvent::SendShutdown, nodes[1].node.get_our_node_id());
+       node_1_shutdown.scriptpubkey = Builder::new().push_opcode(opcodes::all::OP_RETURN).into_script().to_p2sh();
+       if let Ok(_) = nodes[1].node.handle_shutdown(&nodes[0].node.get_our_node_id(), &node_1_shutdown) {}
+       else { assert!(false) }
+       let events = nodes[1].node.get_and_clear_pending_msg_events();
+       assert_eq!(events.len(), 1);
+       match events[0] {
+               MessageSendEvent::SendShutdown { node_id, .. } => { assert_eq!(node_id, nodes[0].node.get_our_node_id()) }
+               _ => panic!("Unexpected event"),
+       }
+
+       // We test that if user opt-out, we provide a zero-length script at channel opening and we are able to close
+       // channel smoothly, opt-out is from channel initiator here
+       let chan = create_announced_chan_between_nodes_with_value(&nodes, 1, 0, 1000000, 1000000, flags.clone(), flags.clone());
+       nodes[1].node.close_channel(&OutPoint::new(chan.3.txid(), 0).to_channel_id()).unwrap();
+       let mut node_0_shutdown = get_event_msg!(nodes[1], MessageSendEvent::SendShutdown, nodes[0].node.get_our_node_id());
+       node_0_shutdown.scriptpubkey = Builder::new().push_opcode(opcodes::all::OP_RETURN).into_script().to_p2sh();
+       if let Ok(_) = nodes[0].node.handle_shutdown(&nodes[1].node.get_our_node_id(), &node_0_shutdown) {}
+       else { assert!(false) }
+       let events = nodes[0].node.get_and_clear_pending_msg_events();
+       assert_eq!(events.len(), 1);
+       match events[0] {
+               MessageSendEvent::SendShutdown { node_id, .. } => { assert_eq!(node_id, nodes[1].node.get_our_node_id()) }
+               _ => panic!("Unexpected event"),
+       }
+
+       //// We test that if user opt-out, we provide a zero-length script at channel opening and we are able to close
+       //// channel smoothly
+       let chan = create_announced_chan_between_nodes_with_value(&nodes, 0, 1, 1000000, 1000000, flags.clone(), flags.clone());
+       nodes[1].node.close_channel(&OutPoint::new(chan.3.txid(), 0).to_channel_id()).unwrap();
+       let mut node_0_shutdown = get_event_msg!(nodes[1], MessageSendEvent::SendShutdown, nodes[0].node.get_our_node_id());
+       node_0_shutdown.scriptpubkey = Builder::new().push_opcode(opcodes::all::OP_RETURN).into_script().to_p2sh();
+       if let Ok(_) = nodes[0].node.handle_shutdown(&nodes[1].node.get_our_node_id(), &node_0_shutdown) {}
+       else { assert!(false) }
+       let events = nodes[0].node.get_and_clear_pending_msg_events();
+       assert_eq!(events.len(), 2);
+       match events[0] {
+               MessageSendEvent::SendShutdown { node_id, .. } => { assert_eq!(node_id, nodes[1].node.get_our_node_id()) }
+               _ => panic!("Unexpected event"),
+       }
+       match events[1] {
+               MessageSendEvent::SendClosingSigned { node_id, .. } => { assert_eq!(node_id, nodes[1].node.get_our_node_id()) }
+               _ => panic!("Unexpected event"),
+       }
+}
+
+#[test]
+fn test_user_configurable_csv_delay() {
+       // We test our channel constructors yield errors when we pass them absurd csv delay
+
+       let mut low_our_to_self_config = UserConfig::new();
+       low_our_to_self_config.own_channel_config.our_to_self_delay = 6;
+       let mut high_their_to_self_config = UserConfig::new();
+       high_their_to_self_config.peer_channel_config_limits.their_to_self_delay = 100;
+       let nodes = create_network(2, &[Some(high_their_to_self_config.clone()), None]);
+
+       // We test config.our_to_self > BREAKDOWN_TIMEOUT is enforced in Channel::new_outbound()
+       let keys_manager: Arc<KeysInterface> = Arc::new(KeysManager::new(&nodes[0].node_seed, Network::Testnet, Arc::new(test_utils::TestLogger::new()), 10, 20));
+       if let Err(error) = Channel::new_outbound(&test_utils::TestFeeEstimator { sat_per_kw: 253 }, &keys_manager, nodes[1].node.get_our_node_id(), 1000000, 1000000, 0, Arc::new(test_utils::TestLogger::new()), &low_our_to_self_config) {
+               match error {
+                       APIError::APIMisuseError { err } => { assert_eq!(err, "Configured with an unreasonable our_to_self_delay putting user funds at risks"); },
+                       _ => panic!("Unexpected event"),
+               }
+       } else { assert!(false) }
+
+       // We test config.our_to_self > BREAKDOWN_TIMEOUT is enforced in Channel::new_from_req()
+       nodes[1].node.create_channel(nodes[0].node.get_our_node_id(), 1000000, 1000000, 42).unwrap();
+       let mut open_channel = get_event_msg!(nodes[1], MessageSendEvent::SendOpenChannel, nodes[0].node.get_our_node_id());
+       open_channel.to_self_delay = 200;
+       if let Err(error) = Channel::new_from_req(&test_utils::TestFeeEstimator { sat_per_kw: 253 }, &keys_manager, nodes[1].node.get_our_node_id(), LocalFeatures::new(), &open_channel, 0, Arc::new(test_utils::TestLogger::new()), &low_our_to_self_config) {
+               match error {
+                       ChannelError::Close(err) => { assert_eq!(err, "Configured with an unreasonable our_to_self_delay putting user funds at risks"); },
+                       _ => panic!("Unexpected event"),
+               }
+       } else { assert!(false); }
+
+       // We test msg.to_self_delay <= config.their_to_self_delay is enforced in Chanel::accept_channel()
+       nodes[0].node.create_channel(nodes[1].node.get_our_node_id(), 1000000, 1000000, 42).unwrap();
+       nodes[1].node.handle_open_channel(&nodes[0].node.get_our_node_id(), LocalFeatures::new(), &get_event_msg!(nodes[0], MessageSendEvent::SendOpenChannel, nodes[1].node.get_our_node_id())).unwrap();
+       let mut accept_channel = get_event_msg!(nodes[1], MessageSendEvent::SendAcceptChannel, nodes[0].node.get_our_node_id());
+       accept_channel.to_self_delay = 200;
+       if let Err(error) = nodes[0].node.handle_accept_channel(&nodes[1].node.get_our_node_id(), LocalFeatures::new(), &accept_channel) {
+               if let Some(error) = error.action {
+                       match error {
+                               ErrorAction::SendErrorMessage { msg } => {
+                                       assert_eq!(msg.data,"They wanted our payments to be delayed by a needlessly long period");
+                               },
+                               _ => { assert!(false); }
+                       }
+               } else { assert!(false); }
+       } else { assert!(false); }
+
+       // We test msg.to_self_delay <= config.their_to_self_delay is enforced in Channel::new_from_req()
+       nodes[1].node.create_channel(nodes[0].node.get_our_node_id(), 1000000, 1000000, 42).unwrap();
+       let mut open_channel = get_event_msg!(nodes[1], MessageSendEvent::SendOpenChannel, nodes[0].node.get_our_node_id());
+       open_channel.to_self_delay = 200;
+       if let Err(error) = Channel::new_from_req(&test_utils::TestFeeEstimator { sat_per_kw: 253 }, &keys_manager, nodes[1].node.get_our_node_id(), LocalFeatures::new(), &open_channel, 0, Arc::new(test_utils::TestLogger::new()), &high_their_to_self_config) {
+               match error {
+                       ChannelError::Close(err) => { assert_eq!(err, "They wanted our payments to be delayed by a needlessly long period"); },
+                       _ => panic!("Unexpected event"),
+               }
+       } else { assert!(false); }
+}
diff --git a/src/ln/msgs.rs b/src/ln/msgs.rs
index f00dc34a50024a48d36c9a0ebf3c0dc695567f3b..f6968c5d3a32dfd4b0b20915ee5db02839943efb 100644 (file)
--- a/src/ln/msgs.rs
+++ b/src/ln/msgs.rs
@@ -18,7 +18,7 @@
 use secp256k1::key::PublicKey;
 use secp256k1::Signature;
 use secp256k1;
-use bitcoin::util::hash::Sha256dHash;
+use bitcoin_hashes::sha256d::Hash as Sha256dHash;
 use bitcoin::blockdata::script::Script;
 
 use std::error::Error;
@@ -59,9 +59,17 @@ pub struct LocalFeatures {
 }
 
 impl LocalFeatures {
+       /// Create a blank LocalFeatures flags (visibility extended for fuzz tests)
+       #[cfg(not(feature = "fuzztarget"))]
        pub(crate) fn new() -> LocalFeatures {
                LocalFeatures {
-                       flags: Vec::new(),
+                       flags: vec![1 << 5],
+               }
+       }
+       #[cfg(feature = "fuzztarget")]
+       pub fn new() -> LocalFeatures {
+               LocalFeatures {
+                       flags: vec![1 << 5],
                }
        }
 
@@ -86,37 +94,32 @@ impl LocalFeatures {
        pub(crate) fn supports_upfront_shutdown_script(&self) -> bool {
                self.flags.len() > 0 && (self.flags[0] & (3 << 4)) != 0
        }
-       pub(crate) fn requires_upfront_shutdown_script(&self) -> bool {
-               self.flags.len() > 0 && (self.flags[0] & (1 << 4)) != 0
+       #[cfg(test)]
+       pub(crate) fn unset_upfront_shutdown_script(&mut self) {
+               self.flags[0] ^= 1 << 5;
        }
 
        pub(crate) fn requires_unknown_bits(&self) -> bool {
-               for (idx, &byte) in self.flags.iter().enumerate() {
-                       if idx != 0 && (byte & 0x55) != 0 {
-                               return true;
-                       } else if idx == 0 && (byte & 0x14) != 0 {
-                               return true;
-                       }
-               }
-               return false;
+               self.flags.iter().enumerate().any(|(idx, &byte)| {
+                       ( idx != 0 && (byte & 0x55) != 0 ) || ( idx == 0 && (byte & 0x14) != 0 )
+               })
        }
 
        pub(crate) fn supports_unknown_bits(&self) -> bool {
-               for (idx, &byte) in self.flags.iter().enumerate() {
-                       if idx != 0 && byte != 0 {
-                               return true;
-                       } else if idx == 0 && (byte & 0xc4) != 0 {
-                               return true;
-                       }
-               }
-               return false;
+               self.flags.iter().enumerate().any(|(idx, &byte)| {
+                       ( idx != 0 && byte != 0 ) || ( idx == 0 && (byte & 0xc4) != 0 )
+               })
        }
 }
 
 /// Tracks globalfeatures which are in init messages and routing announcements
-#[derive(Clone, PartialEq)]
+#[derive(Clone, PartialEq, Debug)]
 pub struct GlobalFeatures {
+       #[cfg(not(test))]
        flags: Vec<u8>,
+       // Used to test encoding of diverse msgs
+       #[cfg(test)]
+       pub flags: Vec<u8>
 }
 
 impl GlobalFeatures {
@@ -326,7 +329,7 @@ pub struct ChannelReestablish {
 }
 
 /// An announcement_signatures message to be sent or received from a peer
-#[derive(Clone)]
+#[derive(PartialEq, Clone, Debug)]
 pub struct AnnouncementSignatures {
        pub(crate) channel_id: [u8; 32],
        pub(crate) short_channel_id: u64,
@@ -335,7 +338,7 @@ pub struct AnnouncementSignatures {
 }
 
 /// An address which can be used to connect to a remote peer
-#[derive(PartialEq, Clone)]
+#[derive(Clone, PartialEq, Debug)]
 pub enum NetAddress {
        /// An IPv4 address/port on which the peer is listening.
        IPv4 {
@@ -458,9 +461,9 @@ impl<R: ::std::io::Read>  Readable<R> for Result<NetAddress, u8> {
        }
 }
 
-#[derive(PartialEq, Clone)]
 // Only exposed as broadcast of node_announcement should be filtered by node_id
 /// The unsigned part of a node_announcement
+#[derive(PartialEq, Clone, Debug)]
 pub struct UnsignedNodeAnnouncement {
        pub(crate) features: GlobalFeatures,
        pub(crate) timestamp: u32,
@@ -484,7 +487,7 @@ pub struct NodeAnnouncement {
 
 // Only exposed as broadcast of channel_announcement should be filtered by node_id
 /// The unsigned part of a channel_announcement
-#[derive(PartialEq, Clone)]
+#[derive(PartialEq, Clone, Debug)]
 pub struct UnsignedChannelAnnouncement {
        pub(crate) features: GlobalFeatures,
        pub(crate) chain_hash: Sha256dHash,
@@ -498,7 +501,7 @@ pub struct UnsignedChannelAnnouncement {
        pub(crate) excess_data: Vec<u8>,
 }
 /// A channel_announcement message to be sent or received from a peer
-#[derive(PartialEq, Clone)]
+#[derive(PartialEq, Clone, Debug)]
 pub struct ChannelAnnouncement {
        pub(crate) node_signature_1: Signature,
        pub(crate) node_signature_2: Signature,
@@ -507,7 +510,7 @@ pub struct ChannelAnnouncement {
        pub(crate) contents: UnsignedChannelAnnouncement,
 }
 
-#[derive(PartialEq, Clone)]
+#[derive(PartialEq, Clone, Debug)]
 pub(crate) struct UnsignedChannelUpdate {
        pub(crate) chain_hash: Sha256dHash,
        pub(crate) short_channel_id: u64,
@@ -520,7 +523,7 @@ pub(crate) struct UnsignedChannelUpdate {
        pub(crate) excess_data: Vec<u8>,
 }
 /// A channel_update message to be sent or received from a peer
-#[derive(PartialEq, Clone)]
+#[derive(PartialEq, Clone, Debug)]
 pub struct ChannelUpdate {
        pub(crate) signature: Signature,
        pub(crate) contents: UnsignedChannelUpdate,
@@ -617,9 +620,9 @@ pub enum OptionalField<T> {
 pub trait ChannelMessageHandler : events::MessageSendEventsProvider + Send + Sync {
        //Channel init:
        /// Handle an incoming open_channel message from the given peer.
-       fn handle_open_channel(&self, their_node_id: &PublicKey, msg: &OpenChannel) -> Result<(), HandleError>;
+       fn handle_open_channel(&self, their_node_id: &PublicKey, their_local_features: LocalFeatures, msg: &OpenChannel) -> Result<(), HandleError>;
        /// Handle an incoming accept_channel message from the given peer.
-       fn handle_accept_channel(&self, their_node_id: &PublicKey, msg: &AcceptChannel) -> Result<(), HandleError>;
+       fn handle_accept_channel(&self, their_node_id: &PublicKey, their_local_features: LocalFeatures, msg: &AcceptChannel) -> Result<(), HandleError>;
        /// Handle an incoming funding_created message from the given peer.
        fn handle_funding_created(&self, their_node_id: &PublicKey, msg: &FundingCreated) -> Result<(), HandleError>;
        /// Handle an incoming funding_signed message from the given peer.
@@ -711,7 +714,6 @@ mod fuzzy_internal_msgs {
                pub(crate) data: OnionRealm0HopData,
                pub(crate) hmac: [u8; 32],
        }
-       unsafe impl ::util::internal_traits::NoDealloc for OnionHopData{}
 
        pub struct DecodedOnionErrorPacket {
                pub(crate) hmac: [u8; 32],
@@ -1388,10 +1390,19 @@ impl_writeable_len_match!(NodeAnnouncement, {
 mod tests {
        use hex;
        use ln::msgs;
-       use ln::msgs::OptionalField;
+       use ln::msgs::{GlobalFeatures, LocalFeatures, OptionalField, OnionErrorPacket};
+       use ln::channelmanager::{PaymentPreimage, PaymentHash};
        use util::ser::Writeable;
+
+       use bitcoin_hashes::sha256d::Hash as Sha256dHash;
+       use bitcoin_hashes::hex::FromHex;
+       use bitcoin::util::address::Address;
+       use bitcoin::network::constants::Network;
+       use bitcoin::blockdata::script::Builder;
+       use bitcoin::blockdata::opcodes;
+
        use secp256k1::key::{PublicKey,SecretKey};
-       use secp256k1::Secp256k1;
+       use secp256k1::{Secp256k1, Message};
 
        #[test]
        fn encoding_channel_reestablish_no_secret() {
@@ -1429,4 +1440,628 @@ mod tests {
                        vec![4, 0, 0, 0, 0, 0, 0, 0, 5, 0, 0, 0, 0, 0, 0, 0, 6, 0, 0, 0, 0, 0, 0, 0, 7, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 3, 0, 0, 0, 0, 0, 0, 0, 4, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 9, 3, 27, 132, 197, 86, 123, 18, 100, 64, 153, 93, 62, 213, 170, 186, 5, 101, 215, 30, 24, 52, 96, 72, 25, 255, 156, 23, 245, 233, 213, 221, 7, 143]
                );
        }
+
+       macro_rules! get_keys_from {
+               ($slice: expr, $secp_ctx: expr) => {
+                       {
+                               let privkey = SecretKey::from_slice(&hex::decode($slice).unwrap()[..]).unwrap();
+                               let pubkey = PublicKey::from_secret_key(&$secp_ctx, &privkey);
+                               (privkey, pubkey)
+                       }
+               }
+       }
+
+       macro_rules! get_sig_on {
+               ($privkey: expr, $ctx: expr, $string: expr) => {
+                       {
+                               let sighash = Message::from_slice(&$string.into_bytes()[..]).unwrap();
+                               $ctx.sign(&sighash, &$privkey)
+                       }
+               }
+       }
+
+       #[test]
+       fn encoding_announcement_signatures() {
+               let secp_ctx = Secp256k1::new();
+               let (privkey, _) = get_keys_from!("0101010101010101010101010101010101010101010101010101010101010101", secp_ctx);
+               let sig_1 = get_sig_on!(privkey, secp_ctx, String::from("01010101010101010101010101010101"));
+               let sig_2 = get_sig_on!(privkey, secp_ctx, String::from("02020202020202020202020202020202"));
+               let announcement_signatures = msgs::AnnouncementSignatures {
+                       channel_id: [4, 0, 0, 0, 0, 0, 0, 0, 5, 0, 0, 0, 0, 0, 0, 0, 6, 0, 0, 0, 0, 0, 0, 0, 7, 0, 0, 0, 0, 0, 0, 0],
+                       short_channel_id: 2316138423780173,
+                       node_signature: sig_1,
+                       bitcoin_signature: sig_2,
+               };
+
+               let encoded_value = announcement_signatures.encode();
+               assert_eq!(encoded_value, hex::decode("040000000000000005000000000000000600000000000000070000000000000000083a840000034dd977cb9b53d93a6ff64bb5f1e158b4094b66e798fb12911168a3ccdf80a83096340a6a95da0ae8d9f776528eecdbb747eb6b545495a4319ed5378e35b21e073acf9953cef4700860f5967838eba2bae89288ad188ebf8b20bf995c3ea53a26df1876d0a3a0e13172ba286a673140190c02ba9da60a2e43a745188c8a83c7f3ef").unwrap());
+       }
+
+       fn do_encoding_channel_announcement(unknown_features_bits: bool, non_bitcoin_chain_hash: bool, excess_data: bool) {
+               let secp_ctx = Secp256k1::new();
+               let (privkey_1, pubkey_1) = get_keys_from!("0101010101010101010101010101010101010101010101010101010101010101", secp_ctx);
+               let (privkey_2, pubkey_2) = get_keys_from!("0202020202020202020202020202020202020202020202020202020202020202", secp_ctx);
+               let (privkey_3, pubkey_3) = get_keys_from!("0303030303030303030303030303030303030303030303030303030303030303", secp_ctx);
+               let (privkey_4, pubkey_4) = get_keys_from!("0404040404040404040404040404040404040404040404040404040404040404", secp_ctx);
+               let sig_1 = get_sig_on!(privkey_1, secp_ctx, String::from("01010101010101010101010101010101"));
+               let sig_2 = get_sig_on!(privkey_2, secp_ctx, String::from("01010101010101010101010101010101"));
+               let sig_3 = get_sig_on!(privkey_3, secp_ctx, String::from("01010101010101010101010101010101"));
+               let sig_4 = get_sig_on!(privkey_4, secp_ctx, String::from("01010101010101010101010101010101"));
+               let mut features = GlobalFeatures::new();
+               if unknown_features_bits {
+                       features.flags = vec![0xFF, 0xFF];
+               }
+               let unsigned_channel_announcement = msgs::UnsignedChannelAnnouncement {
+                       features,
+                       chain_hash: if !non_bitcoin_chain_hash { Sha256dHash::from_hex("6fe28c0ab6f1b372c1a6a246ae63f74f931e8365e15a089c68d6190000000000").unwrap() } else { Sha256dHash::from_hex("000000000933ea01ad0ee984209779baaec3ced90fa3f408719526f8d77f4943").unwrap() },
+                       short_channel_id: 2316138423780173,
+                       node_id_1: pubkey_1,
+                       node_id_2: pubkey_2,
+                       bitcoin_key_1: pubkey_3,
+                       bitcoin_key_2: pubkey_4,
+                       excess_data: if excess_data { vec![10, 0, 0, 20, 0, 0, 30, 0, 0, 40] } else { Vec::new() },
+               };
+               let channel_announcement = msgs::ChannelAnnouncement {
+                       node_signature_1: sig_1,
+                       node_signature_2: sig_2,
+                       bitcoin_signature_1: sig_3,
+                       bitcoin_signature_2: sig_4,
+                       contents: unsigned_channel_announcement,
+               };
+               let encoded_value = channel_announcement.encode();
+               let mut target_value = hex::decode("d977cb9b53d93a6ff64bb5f1e158b4094b66e798fb12911168a3ccdf80a83096340a6a95da0ae8d9f776528eecdbb747eb6b545495a4319ed5378e35b21e073a1735b6a427e80d5fe7cd90a2f4ee08dc9c27cda7c35a4172e5d85b12c49d4232537e98f9b1f3c5e6989a8b9644e90e8918127680dbd0d4043510840fc0f1e11a216c280b5395a2546e7e4b2663e04f811622f15a4f91e83aa2e92ba2a573c139142c54ae63072a1ec1ee7dc0c04bde5c847806172aa05c92c22ae8e308d1d2692b12cc195ce0a2d1bda6a88befa19fa07f51caa75ce83837f28965600b8aacab0855ffb0e741ec5f7c41421e9829a9d48611c8c831f71be5ea73e66594977ffd").unwrap();
+               if unknown_features_bits {
+                       target_value.append(&mut hex::decode("0002ffff").unwrap());
+               } else {
+                       target_value.append(&mut hex::decode("0000").unwrap());
+               }
+               if non_bitcoin_chain_hash {
+                       target_value.append(&mut hex::decode("43497fd7f826957108f4a30fd9cec3aeba79972084e90ead01ea330900000000").unwrap());
+               } else {
+                       target_value.append(&mut hex::decode("000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f").unwrap());
+               }
+               target_value.append(&mut hex::decode("00083a840000034d031b84c5567b126440995d3ed5aaba0565d71e1834604819ff9c17f5e9d5dd078f024d4b6cd1361032ca9bd2aeb9d900aa4d45d9ead80ac9423374c451a7254d076602531fe6068134503d2723133227c867ac8fa6c83c537e9a44c3c5bdbdcb1fe33703462779ad4aad39514614751a71085f2f10e1c7a593e4e030efb5b8721ce55b0b").unwrap());
+               if excess_data {
+                       target_value.append(&mut hex::decode("0a00001400001e000028").unwrap());
+               }
+               assert_eq!(encoded_value, target_value);
+       }
+
+       #[test]
+       fn encoding_channel_announcement() {
+               do_encoding_channel_announcement(false, false, false);
+               do_encoding_channel_announcement(true, false, false);
+               do_encoding_channel_announcement(true, true, false);
+               do_encoding_channel_announcement(true, true, true);
+               do_encoding_channel_announcement(false, true, true);
+               do_encoding_channel_announcement(false, false, true);
+               do_encoding_channel_announcement(false, true, false);
+               do_encoding_channel_announcement(true, false, true);
+       }
+
+       fn do_encoding_node_announcement(unknown_features_bits: bool, ipv4: bool, ipv6: bool, onionv2: bool, onionv3: bool, excess_address_data: bool, excess_data: bool) {
+               let secp_ctx = Secp256k1::new();
+               let (privkey_1, pubkey_1) = get_keys_from!("0101010101010101010101010101010101010101010101010101010101010101", secp_ctx);
+               let sig_1 = get_sig_on!(privkey_1, secp_ctx, String::from("01010101010101010101010101010101"));
+               let mut features = GlobalFeatures::new();
+               if unknown_features_bits {
+                       features.flags = vec![0xFF, 0xFF];
+               }
+               let mut addresses = Vec::new();
+               if ipv4 {
+                       addresses.push(msgs::NetAddress::IPv4 {
+                               addr: [255, 254, 253, 252],
+                               port: 9735
+                       });
+               }
+               if ipv6 {
+                       addresses.push(msgs::NetAddress::IPv6 {
+                               addr: [255, 254, 253, 252, 251, 250, 249, 248, 247, 246, 245, 244, 243, 242, 241, 240],
+                               port: 9735
+                       });
+               }
+               if onionv2 {
+                       addresses.push(msgs::NetAddress::OnionV2 {
+                               addr: [255, 254, 253, 252, 251, 250, 249, 248, 247, 246],
+                               port: 9735
+                       });
+               }
+               if onionv3 {
+                       addresses.push(msgs::NetAddress::OnionV3 {
+                               ed25519_pubkey: [255, 254, 253, 252, 251, 250, 249, 248, 247, 246, 245, 244, 243, 242, 241, 240, 239, 238, 237, 236, 235, 234, 233, 232, 231, 230, 229, 228, 227, 226, 225, 224],
+                               checksum: 32,
+                               version: 16,
+                               port: 9735
+                       });
+               }
+               let mut addr_len = 0;
+               for addr in &addresses {
+                       addr_len += addr.len() + 1;
+               }
+               let unsigned_node_announcement = msgs::UnsignedNodeAnnouncement {
+                       features,
+                       timestamp: 20190119,
+                       node_id: pubkey_1,
+                       rgb: [32; 3],
+                       alias: [16;32],
+                       addresses,
+                       excess_address_data: if excess_address_data { vec![33, 108, 40, 11, 83, 149, 162, 84, 110, 126, 75, 38, 99, 224, 79, 129, 22, 34, 241, 90, 79, 146, 232, 58, 162, 233, 43, 162, 165, 115, 193, 57, 20, 44, 84, 174, 99, 7, 42, 30, 193, 238, 125, 192, 192, 75, 222, 92, 132, 120, 6, 23, 42, 160, 92, 146, 194, 42, 232, 227, 8, 209, 210, 105] } else { Vec::new() },
+                       excess_data: if excess_data { vec![59, 18, 204, 25, 92, 224, 162, 209, 189, 166, 168, 139, 239, 161, 159, 160, 127, 81, 202, 167, 92, 232, 56, 55, 242, 137, 101, 96, 11, 138, 172, 171, 8, 85, 255, 176, 231, 65, 236, 95, 124, 65, 66, 30, 152, 41, 169, 212, 134, 17, 200, 200, 49, 247, 27, 229, 234, 115, 230, 101, 148, 151, 127, 253] } else { Vec::new() },
+               };
+               addr_len += unsigned_node_announcement.excess_address_data.len() as u16;
+               let node_announcement = msgs::NodeAnnouncement {
+                       signature: sig_1,
+                       contents: unsigned_node_announcement,
+               };
+               let encoded_value = node_announcement.encode();
+               let mut target_value = hex::decode("d977cb9b53d93a6ff64bb5f1e158b4094b66e798fb12911168a3ccdf80a83096340a6a95da0ae8d9f776528eecdbb747eb6b545495a4319ed5378e35b21e073a").unwrap();
+               if unknown_features_bits {
+                       target_value.append(&mut hex::decode("0002ffff").unwrap());
+               } else {
+                       target_value.append(&mut hex::decode("0000").unwrap());
+               }
+               target_value.append(&mut hex::decode("013413a7031b84c5567b126440995d3ed5aaba0565d71e1834604819ff9c17f5e9d5dd078f2020201010101010101010101010101010101010101010101010101010101010101010").unwrap());
+               target_value.append(&mut vec![(addr_len >> 8) as u8, addr_len as u8]);
+               if ipv4 {
+                       target_value.append(&mut hex::decode("01fffefdfc2607").unwrap());
+               }
+               if ipv6 {
+                       target_value.append(&mut hex::decode("02fffefdfcfbfaf9f8f7f6f5f4f3f2f1f02607").unwrap());
+               }
+               if onionv2 {
+                       target_value.append(&mut hex::decode("03fffefdfcfbfaf9f8f7f62607").unwrap());
+               }
+               if onionv3 {
+                       target_value.append(&mut hex::decode("04fffefdfcfbfaf9f8f7f6f5f4f3f2f1f0efeeedecebeae9e8e7e6e5e4e3e2e1e00020102607").unwrap());
+               }
+               if excess_address_data {
+                       target_value.append(&mut hex::decode("216c280b5395a2546e7e4b2663e04f811622f15a4f92e83aa2e92ba2a573c139142c54ae63072a1ec1ee7dc0c04bde5c847806172aa05c92c22ae8e308d1d269").unwrap());
+               }
+               if excess_data {
+                       target_value.append(&mut hex::decode("3b12cc195ce0a2d1bda6a88befa19fa07f51caa75ce83837f28965600b8aacab0855ffb0e741ec5f7c41421e9829a9d48611c8c831f71be5ea73e66594977ffd").unwrap());
+               }
+               assert_eq!(encoded_value, target_value);
+       }
+
+       #[test]
+       fn encoding_node_announcement() {
+               do_encoding_node_announcement(true, true, true, true, true, true, true);
+               do_encoding_node_announcement(false, false, false, false, false, false, false);
+               do_encoding_node_announcement(false, true, false, false, false, false, false);
+               do_encoding_node_announcement(false, false, true, false, false, false, false);
+               do_encoding_node_announcement(false, false, false, true, false, false, false);
+               do_encoding_node_announcement(false, false, false, false, true, false, false);
+               do_encoding_node_announcement(false, false, false, false, false, true, false);
+               do_encoding_node_announcement(false, true, false, true, false, true, false);
+               do_encoding_node_announcement(false, false, true, false, true, false, false);
+       }
+
+       fn do_encoding_channel_update(non_bitcoin_chain_hash: bool, direction: bool, disable: bool, htlc_maximum_msat: bool) {
+               let secp_ctx = Secp256k1::new();
+               let (privkey_1, _) = get_keys_from!("0101010101010101010101010101010101010101010101010101010101010101", secp_ctx);
+               let sig_1 = get_sig_on!(privkey_1, secp_ctx, String::from("01010101010101010101010101010101"));
+               let unsigned_channel_update = msgs::UnsignedChannelUpdate {
+                       chain_hash: if !non_bitcoin_chain_hash { Sha256dHash::from_hex("6fe28c0ab6f1b372c1a6a246ae63f74f931e8365e15a089c68d6190000000000").unwrap() } else { Sha256dHash::from_hex("000000000933ea01ad0ee984209779baaec3ced90fa3f408719526f8d77f4943").unwrap() },
+                       short_channel_id: 2316138423780173,
+                       timestamp: 20190119,
+                       flags: if direction { 1 } else { 0 } | if disable { 1 << 1 } else { 0 } | if htlc_maximum_msat { 1 << 8 } else { 0 },
+                       cltv_expiry_delta: 144,
+                       htlc_minimum_msat: 1000000,
+                       fee_base_msat: 10000,
+                       fee_proportional_millionths: 20,
+                       excess_data: if htlc_maximum_msat { vec![0, 0, 0, 0, 59, 154, 202, 0] } else { Vec::new() }
+               };
+               let channel_update = msgs::ChannelUpdate {
+                       signature: sig_1,
+                       contents: unsigned_channel_update
+               };
+               let encoded_value = channel_update.encode();
+               let mut target_value = hex::decode("d977cb9b53d93a6ff64bb5f1e158b4094b66e798fb12911168a3ccdf80a83096340a6a95da0ae8d9f776528eecdbb747eb6b545495a4319ed5378e35b21e073a").unwrap();
+               if non_bitcoin_chain_hash {
+                       target_value.append(&mut hex::decode("43497fd7f826957108f4a30fd9cec3aeba79972084e90ead01ea330900000000").unwrap());
+               } else {
+                       target_value.append(&mut hex::decode("000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f").unwrap());
+               }
+               target_value.append(&mut hex::decode("00083a840000034d013413a7").unwrap());
+               if htlc_maximum_msat {
+                       target_value.append(&mut hex::decode("01").unwrap());
+               } else {
+                       target_value.append(&mut hex::decode("00").unwrap());
+               }
+               target_value.append(&mut hex::decode("00").unwrap());
+               if direction {
+                       let flag = target_value.last_mut().unwrap();
+                       *flag = 1;
+               }
+               if disable {
+                       let flag = target_value.last_mut().unwrap();
+                       *flag = *flag | 1 << 1;
+               }
+               target_value.append(&mut hex::decode("009000000000000f42400000271000000014").unwrap());
+               if htlc_maximum_msat {
+                       target_value.append(&mut hex::decode("000000003b9aca00").unwrap());
+               }
+               assert_eq!(encoded_value, target_value);
+       }
+
+       #[test]
+       fn encoding_channel_update() {
+               do_encoding_channel_update(false, false, false, false);
+               do_encoding_channel_update(true, false, false, false);
+               do_encoding_channel_update(false, true, false, false);
+               do_encoding_channel_update(false, false, true, false);
+               do_encoding_channel_update(false, false, false, true);
+               do_encoding_channel_update(true, true, true, true);
+       }
+
+       fn do_encoding_open_channel(non_bitcoin_chain_hash: bool, random_bit: bool, shutdown: bool) {
+               let secp_ctx = Secp256k1::new();
+               let (_, pubkey_1) = get_keys_from!("0101010101010101010101010101010101010101010101010101010101010101", secp_ctx);
+               let (_, pubkey_2) = get_keys_from!("0202020202020202020202020202020202020202020202020202020202020202", secp_ctx);
+               let (_, pubkey_3) = get_keys_from!("0303030303030303030303030303030303030303030303030303030303030303", secp_ctx);
+               let (_, pubkey_4) = get_keys_from!("0404040404040404040404040404040404040404040404040404040404040404", secp_ctx);
+               let (_, pubkey_5) = get_keys_from!("0505050505050505050505050505050505050505050505050505050505050505", secp_ctx);
+               let (_, pubkey_6) = get_keys_from!("0606060606060606060606060606060606060606060606060606060606060606", secp_ctx);
+               let open_channel = msgs::OpenChannel {
+                       chain_hash: if !non_bitcoin_chain_hash { Sha256dHash::from_hex("6fe28c0ab6f1b372c1a6a246ae63f74f931e8365e15a089c68d6190000000000").unwrap() } else { Sha256dHash::from_hex("000000000933ea01ad0ee984209779baaec3ced90fa3f408719526f8d77f4943").unwrap() },
+                       temporary_channel_id: [2; 32],
+                       funding_satoshis: 1311768467284833366,
+                       push_msat: 2536655962884945560,
+                       dust_limit_satoshis: 3608586615801332854,
+                       max_htlc_value_in_flight_msat: 8517154655701053848,
+                       channel_reserve_satoshis: 8665828695742877976,
+                       htlc_minimum_msat: 2316138423780173,
+                       feerate_per_kw: 821716,
+                       to_self_delay: 49340,
+                       max_accepted_htlcs: 49340,
+                       funding_pubkey: pubkey_1,
+                       revocation_basepoint: pubkey_2,
+                       payment_basepoint: pubkey_3,
+                       delayed_payment_basepoint: pubkey_4,
+                       htlc_basepoint: pubkey_5,
+                       first_per_commitment_point: pubkey_6,
+                       channel_flags: if random_bit { 1 << 5 } else { 0 },
+                       shutdown_scriptpubkey: if shutdown { OptionalField::Present(Address::p2pkh(&::bitcoin::PublicKey{compressed: true, key: pubkey_1}, Network::Testnet).script_pubkey()) } else { OptionalField::Absent }
+               };
+               let encoded_value = open_channel.encode();
+               let mut target_value = Vec::new();
+               if non_bitcoin_chain_hash {
+                       target_value.append(&mut hex::decode("43497fd7f826957108f4a30fd9cec3aeba79972084e90ead01ea330900000000").unwrap());
+               } else {
+                       target_value.append(&mut hex::decode("000000000019d6689c085ae165831e934ff763ae46a2a6c172b3f1b60a8ce26f").unwrap());
+               }
+               target_value.append(&mut hex::decode("02020202020202020202020202020202020202020202020202020202020202021234567890123456233403289122369832144668701144767633030896203198784335490624111800083a840000034d000c89d4c0bcc0bc031b84c5567b126440995d3ed5aaba0565d71e1834604819ff9c17f5e9d5dd078f024d4b6cd1361032ca9bd2aeb9d900aa4d45d9ead80ac9423374c451a7254d076602531fe6068134503d2723133227c867ac8fa6c83c537e9a44c3c5bdbdcb1fe33703462779ad4aad39514614751a71085f2f10e1c7a593e4e030efb5b8721ce55b0b0362c0a046dacce86ddd0343c6d3c7c79c2208ba0d9c9cf24a6d046d21d21f90f703f006a18d5653c4edf5391ff23a61f03ff83d237e880ee61187fa9f379a028e0a").unwrap());
+               if random_bit {
+                       target_value.append(&mut hex::decode("20").unwrap());
+               } else {
+                       target_value.append(&mut hex::decode("00").unwrap());
+               }
+               if shutdown {
+                       target_value.append(&mut hex::decode("001976a91479b000887626b294a914501a4cd226b58b23598388ac").unwrap());
+               }
+               assert_eq!(encoded_value, target_value);
+       }
+
+       #[test]
+       fn encoding_open_channel() {
+               do_encoding_open_channel(false, false, false);
+               do_encoding_open_channel(true, false, false);
+               do_encoding_open_channel(false, true, false);
+               do_encoding_open_channel(false, false, true);
+               do_encoding_open_channel(true, true, true);
+       }
+
+       fn do_encoding_accept_channel(shutdown: bool) {
+               let secp_ctx = Secp256k1::new();
+               let (_, pubkey_1) = get_keys_from!("0101010101010101010101010101010101010101010101010101010101010101", secp_ctx);
+               let (_, pubkey_2) = get_keys_from!("0202020202020202020202020202020202020202020202020202020202020202", secp_ctx);
+               let (_, pubkey_3) = get_keys_from!("0303030303030303030303030303030303030303030303030303030303030303", secp_ctx);
+               let (_, pubkey_4) = get_keys_from!("0404040404040404040404040404040404040404040404040404040404040404", secp_ctx);
+               let (_, pubkey_5) = get_keys_from!("0505050505050505050505050505050505050505050505050505050505050505", secp_ctx);
+               let (_, pubkey_6) = get_keys_from!("0606060606060606060606060606060606060606060606060606060606060606", secp_ctx);
+               let accept_channel = msgs::AcceptChannel {
+                       temporary_channel_id: [2; 32],
+                       dust_limit_satoshis: 1311768467284833366,
+                       max_htlc_value_in_flight_msat: 2536655962884945560,
+                       channel_reserve_satoshis: 3608586615801332854,
+                       htlc_minimum_msat: 2316138423780173,
+                       minimum_depth: 821716,
+                       to_self_delay: 49340,
+                       max_accepted_htlcs: 49340,
+                       funding_pubkey: pubkey_1,
+                       revocation_basepoint: pubkey_2,
+                       payment_basepoint: pubkey_3,
+                       delayed_payment_basepoint: pubkey_4,
+                       htlc_basepoint: pubkey_5,
+                       first_per_commitment_point: pubkey_6,
+                       shutdown_scriptpubkey: if shutdown { OptionalField::Present(Address::p2pkh(&::bitcoin::PublicKey{compressed: true, key: pubkey_1}, Network::Testnet).script_pubkey()) } else { OptionalField::Absent }
+               };
+               let encoded_value = accept_channel.encode();
+               let mut target_value = hex::decode("020202020202020202020202020202020202020202020202020202020202020212345678901234562334032891223698321446687011447600083a840000034d000c89d4c0bcc0bc031b84c5567b126440995d3ed5aaba0565d71e1834604819ff9c17f5e9d5dd078f024d4b6cd1361032ca9bd2aeb9d900aa4d45d9ead80ac9423374c451a7254d076602531fe6068134503d2723133227c867ac8fa6c83c537e9a44c3c5bdbdcb1fe33703462779ad4aad39514614751a71085f2f10e1c7a593e4e030efb5b8721ce55b0b0362c0a046dacce86ddd0343c6d3c7c79c2208ba0d9c9cf24a6d046d21d21f90f703f006a18d5653c4edf5391ff23a61f03ff83d237e880ee61187fa9f379a028e0a").unwrap();
+               if shutdown {
+                       target_value.append(&mut hex::decode("001976a91479b000887626b294a914501a4cd226b58b23598388ac").unwrap());
+               }
+               assert_eq!(encoded_value, target_value);
+       }
+
+       #[test]
+       fn encoding_accept_channel() {
+               do_encoding_accept_channel(false);
+               do_encoding_accept_channel(true);
+       }
+
+       #[test]
+       fn encoding_funding_created() {
+               let secp_ctx = Secp256k1::new();
+               let (privkey_1, _) = get_keys_from!("0101010101010101010101010101010101010101010101010101010101010101", secp_ctx);
+               let sig_1 = get_sig_on!(privkey_1, secp_ctx, String::from("01010101010101010101010101010101"));
+               let funding_created = msgs::FundingCreated {
+                       temporary_channel_id: [2; 32],
+                       funding_txid: Sha256dHash::from_hex("c2d4449afa8d26140898dd54d3390b057ba2a5afcf03ba29d7dc0d8b9ffe966e").unwrap(),
+                       funding_output_index: 255,
+                       signature: sig_1,
+               };
+               let encoded_value = funding_created.encode();
+               let target_value = hex::decode("02020202020202020202020202020202020202020202020202020202020202026e96fe9f8b0ddcd729ba03cfafa5a27b050b39d354dd980814268dfa9a44d4c200ffd977cb9b53d93a6ff64bb5f1e158b4094b66e798fb12911168a3ccdf80a83096340a6a95da0ae8d9f776528eecdbb747eb6b545495a4319ed5378e35b21e073a").unwrap();
+               assert_eq!(encoded_value, target_value);
+       }
+
+       #[test]
+       fn encoding_funding_signed() {
+               let secp_ctx = Secp256k1::new();
+               let (privkey_1, _) = get_keys_from!("0101010101010101010101010101010101010101010101010101010101010101", secp_ctx);
+               let sig_1 = get_sig_on!(privkey_1, secp_ctx, String::from("01010101010101010101010101010101"));
+               let funding_signed = msgs::FundingSigned {
+                       channel_id: [2; 32],
+                       signature: sig_1,
+               };
+               let encoded_value = funding_signed.encode();
+               let target_value = hex::decode("0202020202020202020202020202020202020202020202020202020202020202d977cb9b53d93a6ff64bb5f1e158b4094b66e798fb12911168a3ccdf80a83096340a6a95da0ae8d9f776528eecdbb747eb6b545495a4319ed5378e35b21e073a").unwrap();
+               assert_eq!(encoded_value, target_value);
+       }
+
+       #[test]
+       fn encoding_funding_locked() {
+               let secp_ctx = Secp256k1::new();
+               let (_, pubkey_1,) = get_keys_from!("0101010101010101010101010101010101010101010101010101010101010101", secp_ctx);
+               let funding_locked = msgs::FundingLocked {
+                       channel_id: [2; 32],
+                       next_per_commitment_point: pubkey_1,
+               };
+               let encoded_value = funding_locked.encode();
+               let target_value = hex::decode("0202020202020202020202020202020202020202020202020202020202020202031b84c5567b126440995d3ed5aaba0565d71e1834604819ff9c17f5e9d5dd078f").unwrap();
+               assert_eq!(encoded_value, target_value);
+       }
+
+       fn do_encoding_shutdown(script_type: u8) {
+               let secp_ctx = Secp256k1::new();
+               let (_, pubkey_1) = get_keys_from!("0101010101010101010101010101010101010101010101010101010101010101", secp_ctx);
+               let script = Builder::new().push_opcode(opcodes::OP_TRUE).into_script();
+               let shutdown = msgs::Shutdown {
+                       channel_id: [2; 32],
+                       scriptpubkey: if script_type == 1 { Address::p2pkh(&::bitcoin::PublicKey{compressed: true, key: pubkey_1}, Network::Testnet).script_pubkey() } else if script_type == 2 { Address::p2sh(&script, Network::Testnet).script_pubkey() } else if script_type == 3 { Address::p2wpkh(&::bitcoin::PublicKey{compressed: true, key: pubkey_1}, Network::Testnet).script_pubkey() } else { Address::p2wsh(&script, Network::Testnet).script_pubkey() },
+               };
+               let encoded_value = shutdown.encode();
+               let mut target_value = hex::decode("0202020202020202020202020202020202020202020202020202020202020202").unwrap();
+               if script_type == 1 {
+                       target_value.append(&mut hex::decode("001976a91479b000887626b294a914501a4cd226b58b23598388ac").unwrap());
+               } else if script_type == 2 {
+                       target_value.append(&mut hex::decode("0017a914da1745e9b549bd0bfa1a569971c77eba30cd5a4b87").unwrap());
+               } else if script_type == 3 {
+                       target_value.append(&mut hex::decode("0016001479b000887626b294a914501a4cd226b58b235983").unwrap());
+               } else if script_type == 4 {
+                       target_value.append(&mut hex::decode("002200204ae81572f06e1b88fd5ced7a1a000945432e83e1551e6f721ee9c00b8cc33260").unwrap());
+               }
+               assert_eq!(encoded_value, target_value);
+       }
+
+       #[test]
+       fn encoding_shutdown() {
+               do_encoding_shutdown(1);
+               do_encoding_shutdown(2);
+               do_encoding_shutdown(3);
+               do_encoding_shutdown(4);
+       }
+
+       #[test]
+       fn encoding_closing_signed() {
+               let secp_ctx = Secp256k1::new();
+               let (privkey_1, _) = get_keys_from!("0101010101010101010101010101010101010101010101010101010101010101", secp_ctx);
+               let sig_1 = get_sig_on!(privkey_1, secp_ctx, String::from("01010101010101010101010101010101"));
+               let closing_signed = msgs::ClosingSigned {
+                       channel_id: [2; 32],
+                       fee_satoshis: 2316138423780173,
+                       signature: sig_1,
+               };
+               let encoded_value = closing_signed.encode();
+               let target_value = hex::decode("020202020202020202020202020202020202020202020202020202020202020200083a840000034dd977cb9b53d93a6ff64bb5f1e158b4094b66e798fb12911168a3ccdf80a83096340a6a95da0ae8d9f776528eecdbb747eb6b545495a4319ed5378e35b21e073a").unwrap();
+               assert_eq!(encoded_value, target_value);
+       }
+
+       #[test]
+       fn encoding_update_add_htlc() {
+               let secp_ctx = Secp256k1::new();
+               let (_, pubkey_1) = get_keys_from!("0101010101010101010101010101010101010101010101010101010101010101", secp_ctx);
+               let onion_routing_packet = msgs::OnionPacket {
+                       version: 255,
+                       public_key: Ok(pubkey_1),
+                       hop_data: [1; 20*65],
+                       hmac: [2; 32]
+               };
+               let update_add_htlc = msgs::UpdateAddHTLC {
+                       channel_id: [2; 32],
+                       htlc_id: 2316138423780173,
+                       amount_msat: 3608586615801332854,
+                       payment_hash: PaymentHash([1; 32]),
+                       cltv_expiry: 821716,
+                       onion_routing_packet
+               };
+               let encoded_value = update_add_htlc.encode();
+               let target_value = hex::decode("020202020202020202020202020202020202020202020202020202020202020200083a840000034d32144668701144760101010101010101010101010101010101010101010101010101010101010101000c89d4ff031b84c5567b126440995d3ed5aaba0565d71e1834604819ff9c17f5e9d5dd078f010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010101010202020202020202020202020202020202020202020202020202020202020202").unwrap();
+               assert_eq!(encoded_value, target_value);
+       }
+
+       #[test]
+       fn encoding_update_fulfill_htlc() {
+               let update_fulfill_htlc = msgs::UpdateFulfillHTLC {
+                       channel_id: [2; 32],
+                       htlc_id: 2316138423780173,
+                       payment_preimage: PaymentPreimage([1; 32]),
+               };
+               let encoded_value = update_fulfill_htlc.encode();
+               let target_value = hex::decode("020202020202020202020202020202020202020202020202020202020202020200083a840000034d0101010101010101010101010101010101010101010101010101010101010101").unwrap();
+               assert_eq!(encoded_value, target_value);
+       }
+
+       #[test]
+       fn encoding_update_fail_htlc() {
+               let reason = OnionErrorPacket {
+                       data: [1; 32].to_vec(),
+               };
+               let update_fail_htlc = msgs::UpdateFailHTLC {
+                       channel_id: [2; 32],
+                       htlc_id: 2316138423780173,
+                       reason
+               };
+               let encoded_value = update_fail_htlc.encode();
+               let target_value = hex::decode("020202020202020202020202020202020202020202020202020202020202020200083a840000034d00200101010101010101010101010101010101010101010101010101010101010101").unwrap();
+               assert_eq!(encoded_value, target_value);
+       }
+
+       #[test]
+       fn encoding_update_fail_malformed_htlc() {
+               let update_fail_malformed_htlc = msgs::UpdateFailMalformedHTLC {
+                       channel_id: [2; 32],
+                       htlc_id: 2316138423780173,
+                       sha256_of_onion: [1; 32],
+                       failure_code: 255
+               };
+               let encoded_value = update_fail_malformed_htlc.encode();
+               let target_value = hex::decode("020202020202020202020202020202020202020202020202020202020202020200083a840000034d010101010101010101010101010101010101010101010101010101010101010100ff").unwrap();
+               assert_eq!(encoded_value, target_value);
+       }
+
+       fn do_encoding_commitment_signed(htlcs: bool) {
+               let secp_ctx = Secp256k1::new();
+               let (privkey_1, _) = get_keys_from!("0101010101010101010101010101010101010101010101010101010101010101", secp_ctx);
+               let (privkey_2, _) = get_keys_from!("0202020202020202020202020202020202020202020202020202020202020202", secp_ctx);
+               let (privkey_3, _) = get_keys_from!("0303030303030303030303030303030303030303030303030303030303030303", secp_ctx);
+               let (privkey_4, _) = get_keys_from!("0404040404040404040404040404040404040404040404040404040404040404", secp_ctx);
+               let sig_1 = get_sig_on!(privkey_1, secp_ctx, String::from("01010101010101010101010101010101"));
+               let sig_2 = get_sig_on!(privkey_2, secp_ctx, String::from("01010101010101010101010101010101"));
+               let sig_3 = get_sig_on!(privkey_3, secp_ctx, String::from("01010101010101010101010101010101"));
+               let sig_4 = get_sig_on!(privkey_4, secp_ctx, String::from("01010101010101010101010101010101"));
+               let commitment_signed = msgs::CommitmentSigned {
+                       channel_id: [2; 32],
+                       signature: sig_1,
+                       htlc_signatures: if htlcs { vec![sig_2, sig_3, sig_4] } else { Vec::new() },
+               };
+               let encoded_value = commitment_signed.encode();
+               let mut target_value = hex::decode("0202020202020202020202020202020202020202020202020202020202020202d977cb9b53d93a6ff64bb5f1e158b4094b66e798fb12911168a3ccdf80a83096340a6a95da0ae8d9f776528eecdbb747eb6b545495a4319ed5378e35b21e073a").unwrap();
+               if htlcs {
+                       target_value.append(&mut hex::decode("00031735b6a427e80d5fe7cd90a2f4ee08dc9c27cda7c35a4172e5d85b12c49d4232537e98f9b1f3c5e6989a8b9644e90e8918127680dbd0d4043510840fc0f1e11a216c280b5395a2546e7e4b2663e04f811622f15a4f91e83aa2e92ba2a573c139142c54ae63072a1ec1ee7dc0c04bde5c847806172aa05c92c22ae8e308d1d2692b12cc195ce0a2d1bda6a88befa19fa07f51caa75ce83837f28965600b8aacab0855ffb0e741ec5f7c41421e9829a9d48611c8c831f71be5ea73e66594977ffd").unwrap());
+               } else {
+                       target_value.append(&mut hex::decode("0000").unwrap());
+               }
+               assert_eq!(encoded_value, target_value);
+       }
+
+       #[test]
+       fn encoding_commitment_signed() {
+               do_encoding_commitment_signed(true);
+               do_encoding_commitment_signed(false);
+       }
+
+       #[test]
+       fn encoding_revoke_and_ack() {
+               let secp_ctx = Secp256k1::new();
+               let (_, pubkey_1) = get_keys_from!("0101010101010101010101010101010101010101010101010101010101010101", secp_ctx);
+               let raa = msgs::RevokeAndACK {
+                       channel_id: [2; 32],
+                       per_commitment_secret: [1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1, 1],
+                       next_per_commitment_point: pubkey_1,
+               };
+               let encoded_value = raa.encode();
+               let target_value = hex::decode("02020202020202020202020202020202020202020202020202020202020202020101010101010101010101010101010101010101010101010101010101010101031b84c5567b126440995d3ed5aaba0565d71e1834604819ff9c17f5e9d5dd078f").unwrap();
+               assert_eq!(encoded_value, target_value);
+       }
+
+       #[test]
+       fn encoding_update_fee() {
+               let update_fee = msgs::UpdateFee {
+                       channel_id: [2; 32],
+                       feerate_per_kw: 20190119,
+               };
+               let encoded_value = update_fee.encode();
+               let target_value = hex::decode("0202020202020202020202020202020202020202020202020202020202020202013413a7").unwrap();
+               assert_eq!(encoded_value, target_value);
+       }
+
+       fn do_encoding_init(unknown_global_bits: bool, initial_routing_sync: bool) {
+               let mut global = GlobalFeatures::new();
+               if unknown_global_bits {
+                       global.flags = vec![0xFF, 0xFF];
+               }
+               let mut local = LocalFeatures::new();
+               if initial_routing_sync {
+                       local.set_initial_routing_sync();
+               }
+               let init = msgs::Init {
+                       global_features: global,
+                       local_features: local,
+               };
+               let encoded_value = init.encode();
+               let mut target_value = Vec::new();
+               if unknown_global_bits {
+                       target_value.append(&mut hex::decode("0002ffff").unwrap());
+               } else {
+                       target_value.append(&mut hex::decode("0000").unwrap());
+               }
+               if initial_routing_sync {
+                       target_value.append(&mut hex::decode("000128").unwrap());
+               } else {
+                       target_value.append(&mut hex::decode("000120").unwrap());
+               }
+               assert_eq!(encoded_value, target_value);
+       }
+
+       #[test]
+       fn encoding_init() {
+               do_encoding_init(false, false);
+               do_encoding_init(true, false);
+               do_encoding_init(false, true);
+               do_encoding_init(true, true);
+       }
+
+       #[test]
+       fn encoding_error() {
+               let error = msgs::ErrorMessage {
+                       channel_id: [2; 32],
+                       data: String::from("rust-lightning"),
+               };
+               let encoded_value = error.encode();
+               let target_value = hex::decode("0202020202020202020202020202020202020202020202020202020202020202000e727573742d6c696768746e696e67").unwrap();
+               assert_eq!(encoded_value, target_value);
+       }
+
+       #[test]
+       fn encoding_ping() {
+               let ping = msgs::Ping {
+                       ponglen: 64,
+                       byteslen: 64
+               };
+               let encoded_value = ping.encode();
+               let target_value = hex::decode("0040004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000").unwrap();
+               assert_eq!(encoded_value, target_value);
+       }
+
+       #[test]
+       fn encoding_pong() {
+               let pong = msgs::Pong {
+                       byteslen: 64
+               };
+               let encoded_value = pong.encode();
+               let target_value = hex::decode("004000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000").unwrap();
+               assert_eq!(encoded_value, target_value);
+       }
 }
diff --git a/src/ln/onion_utils.rs b/src/ln/onion_utils.rs
index 8783aa0bde0e107708122c62fb06f2dd9102bbf4..6ca8811e444aa5b3fcca7546e47a486e07f601f7 100644 (file)
--- a/src/ln/onion_utils.rs
+++ b/src/ln/onion_utils.rs
@@ -1,7 +1,7 @@
 use ln::channelmanager::{PaymentHash, HTLCSource};
 use ln::msgs;
 use ln::router::{Route,RouteHop};
-use util::{byte_utils, internal_traits};
+use util::byte_utils;
 use util::chacha20::ChaCha20;
 use util::errors::{self, APIError};
 use util::ser::{Readable, Writeable};
@@ -17,7 +17,6 @@ use secp256k1::Secp256k1;
 use secp256k1::ecdh::SharedSecret;
 use secp256k1;
 
-use std::ptr;
 use std::io::Cursor;
 use std::sync::Arc;
 
@@ -114,16 +113,14 @@ pub(super) fn build_onion_payloads(route: &Route, starting_htlc_offset: u32) ->
        let mut cur_cltv = starting_htlc_offset;
        let mut last_short_channel_id = 0;
        let mut res: Vec<msgs::OnionHopData> = Vec::with_capacity(route.hops.len());
-       internal_traits::test_no_dealloc::<msgs::OnionHopData>(None);
-       unsafe { res.set_len(route.hops.len()); }
 
-       for (idx, hop) in route.hops.iter().enumerate().rev() {
+       for hop in route.hops.iter().rev() {
                // First hop gets special values so that it can check, on receipt, that everything is
                // exactly as it should be (and the next hop isn't trying to probe to find out if we're
                // the intended recipient).
                let value_msat = if cur_value_msat == 0 { hop.fee_msat } else { cur_value_msat };
                let cltv = if cur_cltv == starting_htlc_offset { hop.cltv_expiry_delta + starting_htlc_offset } else { cur_cltv };
-               res[idx] = msgs::OnionHopData {
+               res.insert(0, msgs::OnionHopData {
                        realm: 0,
                        data: msgs::OnionRealm0HopData {
                                short_channel_id: last_short_channel_id,
@@ -131,7 +128,7 @@ pub(super) fn build_onion_payloads(route: &Route, starting_htlc_offset: u32) ->
                                outgoing_cltv_value: cltv,
                        },
                        hmac: [0; 32],
-               };
+               });
                cur_value_msat += hop.fee_msat;
                if cur_value_msat >= 21000000 * 100000000 * 1000 {
                        return Err(APIError::RouteError{err: "Channel fees overflowed?!"});
@@ -147,8 +144,8 @@ pub(super) fn build_onion_payloads(route: &Route, starting_htlc_offset: u32) ->
 
 #[inline]
 fn shift_arr_right(arr: &mut [u8; 20*65]) {
-       unsafe {
-               ptr::copy(arr[0..].as_ptr(), arr[65..].as_mut_ptr(), 19*65);
+       for i in (65..20*65).rev() {
+               arr[i] = arr[i-65];
        }
        for i in 0..65 {
                arr[i] = 0;
diff --git a/src/ln/peer_channel_encryptor.rs b/src/ln/peer_channel_encryptor.rs
index f13b886d7b1a55ed678dfaca81de1dd31dce0761..9d716a2dc5aa6109ad3d9b4847486bcbbc014465 100644 (file)
--- a/src/ln/peer_channel_encryptor.rs
+++ b/src/ln/peer_channel_encryptor.rs
@@ -10,7 +10,7 @@ use secp256k1::ecdh::SharedSecret;
 use secp256k1;
 
 use util::chacha20poly1305rfc::ChaCha20Poly1305RFC;
-use util::{byte_utils,rng};
+use util::byte_utils;
 
 // Sha256("Noise_XK_secp256k1_ChaChaPoly_SHA256")
 const NOISE_CK: [u8; 32] = [0x26, 0x40, 0xf5, 0x2e, 0xeb, 0xcd, 0x9e, 0x88, 0x29, 0x58, 0x95, 0x1c, 0x79, 0x42, 0x50, 0xee, 0xdb, 0x28, 0x00, 0x2c, 0x05, 0xd7, 0xdc, 0x2e, 0xa0, 0xf1, 0x95, 0x40, 0x60, 0x42, 0xca, 0xf1];
@@ -70,12 +70,8 @@ pub struct PeerChannelEncryptor {
 }
 
 impl PeerChannelEncryptor {
-       pub fn new_outbound(their_node_id: PublicKey) -> PeerChannelEncryptor {
-               let mut key = [0u8; 32];
-               rng::fill_bytes(&mut key);
-
+       pub fn new_outbound(their_node_id: PublicKey, ephemeral_key: SecretKey) -> PeerChannelEncryptor {
                let secp_ctx = Secp256k1::signing_only();
-               let sec_key = SecretKey::from_slice(&key).unwrap(); //TODO: nicer rng-is-bad error message
 
                let mut sha = Sha256::engine();
                sha.input(&NOISE_H);
@@ -88,7 +84,7 @@ impl PeerChannelEncryptor {
                        noise_state: NoiseState::InProgress {
                                state: NoiseStep::PreActOne,
                                directional_state: DirectionalNoiseState::Outbound {
-                                       ie: sec_key,
+                                       ie: ephemeral_key,
                                },
                                bidirectional_state: BidirectionalNoiseState {
                                        h: h,
@@ -243,8 +239,7 @@ impl PeerChannelEncryptor {
                }
        }
 
-       // Separated for testing:
-       fn process_act_one_with_ephemeral_key(&mut self, act_one: &[u8], our_node_secret: &SecretKey, our_ephemeral: SecretKey) -> Result<[u8; 50], HandleError> {
+       pub fn process_act_one_with_keys(&mut self, act_one: &[u8], our_node_secret: &SecretKey, our_ephemeral: SecretKey) -> Result<[u8; 50], HandleError> {
                assert_eq!(act_one.len(), 50);
 
                match self.noise_state {
@@ -271,15 +266,6 @@ impl PeerChannelEncryptor {
                }
        }
 
-       pub fn process_act_one_with_key(&mut self, act_one: &[u8], our_node_secret: &SecretKey) -> Result<[u8; 50], HandleError> {
-               assert_eq!(act_one.len(), 50);
-
-               let mut key = [0u8; 32];
-               rng::fill_bytes(&mut key);
-               let our_ephemeral_key = SecretKey::from_slice(&key).unwrap(); //TODO: nicer rng-is-bad error message
-               self.process_act_one_with_ephemeral_key(act_one, our_node_secret, our_ephemeral_key)
-       }
-
        pub fn process_act_two(&mut self, act_two: &[u8], our_node_secret: &SecretKey) -> Result<([u8; 66], PublicKey), HandleError> {
                assert_eq!(act_two.len(), 50);
 
@@ -485,21 +471,12 @@ mod tests {
 
        use hex;
 
-       use ln::peer_channel_encryptor::{PeerChannelEncryptor,NoiseState,DirectionalNoiseState};
+       use ln::peer_channel_encryptor::{PeerChannelEncryptor,NoiseState};
 
        fn get_outbound_peer_for_initiator_test_vectors() -> PeerChannelEncryptor {
                let their_node_id = PublicKey::from_slice(&hex::decode("028d7500dd4c12685d1f568b4c2b5048e8534b873319f3a8daa612b469132ec7f7").unwrap()[..]).unwrap();
 
-               let mut outbound_peer = PeerChannelEncryptor::new_outbound(their_node_id);
-               match outbound_peer.noise_state {
-                       NoiseState::InProgress { state: _, ref mut directional_state, bidirectional_state: _ } => {
-                               *directional_state = DirectionalNoiseState::Outbound { // overwrite ie...
-                                       ie: SecretKey::from_slice(&hex::decode("1212121212121212121212121212121212121212121212121212121212121212").unwrap()[..]).unwrap(),
-                               };
-                       },
-                       _ => panic!()
-               }
-
+               let mut outbound_peer = PeerChannelEncryptor::new_outbound(their_node_id, SecretKey::from_slice(&hex::decode("1212121212121212121212121212121212121212121212121212121212121212").unwrap()[..]).unwrap());
                assert_eq!(outbound_peer.get_act_one()[..], hex::decode("00036360e856310ce5d294e8be33fc807077dc56ac80d95d9cd4ddbd21325eff73f70df6086551151f58b8afe6c195782c6a").unwrap()[..]);
                outbound_peer
        }
@@ -566,7 +543,7 @@ mod tests {
                        let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id);
 
                        let act_one = hex::decode("00036360e856310ce5d294e8be33fc807077dc56ac80d95d9cd4ddbd21325eff73f70df6086551151f58b8afe6c195782c6a").unwrap().to_vec();
-                       assert_eq!(inbound_peer.process_act_one_with_ephemeral_key(&act_one[..], &our_node_id, our_ephemeral.clone()).unwrap()[..], hex::decode("0002466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap()[..]);
+                       assert_eq!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone()).unwrap()[..], hex::decode("0002466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap()[..]);
 
                        let act_three = hex::decode("00b9e3a702e93e3a9948c2ed6e5fd7590a6e1c3a0344cfc9d5b57357049aa22355361aa02e55a8fc28fef5bd6d71ad0c38228dc68b1c466263b47fdf31e560e139ba").unwrap().to_vec();
                        // test vector doesn't specify the initiator static key, but it's the same as the one
@@ -594,28 +571,28 @@ mod tests {
                        let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id);
 
                        let act_one = hex::decode("01036360e856310ce5d294e8be33fc807077dc56ac80d95d9cd4ddbd21325eff73f70df6086551151f58b8afe6c195782c6a").unwrap().to_vec();
-                       assert!(inbound_peer.process_act_one_with_ephemeral_key(&act_one[..], &our_node_id, our_ephemeral.clone()).is_err());
+                       assert!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone()).is_err());
                }
                {
                        // transport-responder act1 bad key serialization test
                        let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id);
 
                        let act_one =hex::decode("00046360e856310ce5d294e8be33fc807077dc56ac80d95d9cd4ddbd21325eff73f70df6086551151f58b8afe6c195782c6a").unwrap().to_vec();
-                       assert!(inbound_peer.process_act_one_with_ephemeral_key(&act_one[..], &our_node_id, our_ephemeral.clone()).is_err());
+                       assert!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone()).is_err());
                }
                {
                        // transport-responder act1 bad MAC test
                        let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id);
 
                        let act_one = hex::decode("00036360e856310ce5d294e8be33fc807077dc56ac80d95d9cd4ddbd21325eff73f70df6086551151f58b8afe6c195782c6b").unwrap().to_vec();
-                       assert!(inbound_peer.process_act_one_with_ephemeral_key(&act_one[..], &our_node_id, our_ephemeral.clone()).is_err());
+                       assert!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone()).is_err());
                }
                {
                        // transport-responder act3 bad version test
                        let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id);
 
                        let act_one = hex::decode("00036360e856310ce5d294e8be33fc807077dc56ac80d95d9cd4ddbd21325eff73f70df6086551151f58b8afe6c195782c6a").unwrap().to_vec();
-                       assert_eq!(inbound_peer.process_act_one_with_ephemeral_key(&act_one[..], &our_node_id, our_ephemeral.clone()).unwrap()[..], hex::decode("0002466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap()[..]);
+                       assert_eq!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone()).unwrap()[..], hex::decode("0002466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap()[..]);
 
                        let act_three = hex::decode("01b9e3a702e93e3a9948c2ed6e5fd7590a6e1c3a0344cfc9d5b57357049aa22355361aa02e55a8fc28fef5bd6d71ad0c38228dc68b1c466263b47fdf31e560e139ba").unwrap().to_vec();
                        assert!(inbound_peer.process_act_three(&act_three[..]).is_err());
@@ -629,7 +606,7 @@ mod tests {
                        let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id);
 
                        let act_one = hex::decode("00036360e856310ce5d294e8be33fc807077dc56ac80d95d9cd4ddbd21325eff73f70df6086551151f58b8afe6c195782c6a").unwrap().to_vec();
-                       assert_eq!(inbound_peer.process_act_one_with_ephemeral_key(&act_one[..], &our_node_id, our_ephemeral.clone()).unwrap()[..], hex::decode("0002466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap()[..]);
+                       assert_eq!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone()).unwrap()[..], hex::decode("0002466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap()[..]);
 
                        let act_three = hex::decode("00c9e3a702e93e3a9948c2ed6e5fd7590a6e1c3a0344cfc9d5b57357049aa22355361aa02e55a8fc28fef5bd6d71ad0c38228dc68b1c466263b47fdf31e560e139ba").unwrap().to_vec();
                        assert!(inbound_peer.process_act_three(&act_three[..]).is_err());
@@ -639,7 +616,7 @@ mod tests {
                        let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id);
 
                        let act_one = hex::decode("00036360e856310ce5d294e8be33fc807077dc56ac80d95d9cd4ddbd21325eff73f70df6086551151f58b8afe6c195782c6a").unwrap().to_vec();
-                       assert_eq!(inbound_peer.process_act_one_with_ephemeral_key(&act_one[..], &our_node_id, our_ephemeral.clone()).unwrap()[..], hex::decode("0002466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap()[..]);
+                       assert_eq!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone()).unwrap()[..], hex::decode("0002466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap()[..]);
 
                        let act_three = hex::decode("00bfe3a702e93e3a9948c2ed6e5fd7590a6e1c3a0344cfc9d5b57357049aa2235536ad09a8ee351870c2bb7f78b754a26c6cef79a98d25139c856d7efd252c2ae73c").unwrap().to_vec();
                        assert!(inbound_peer.process_act_three(&act_three[..]).is_err());
@@ -649,7 +626,7 @@ mod tests {
                        let mut inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id);
 
                        let act_one = hex::decode("00036360e856310ce5d294e8be33fc807077dc56ac80d95d9cd4ddbd21325eff73f70df6086551151f58b8afe6c195782c6a").unwrap().to_vec();
-                       assert_eq!(inbound_peer.process_act_one_with_ephemeral_key(&act_one[..], &our_node_id, our_ephemeral.clone()).unwrap()[..], hex::decode("0002466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap()[..]);
+                       assert_eq!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone()).unwrap()[..], hex::decode("0002466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap()[..]);
 
                        let act_three = hex::decode("00b9e3a702e93e3a9948c2ed6e5fd7590a6e1c3a0344cfc9d5b57357049aa22355361aa02e55a8fc28fef5bd6d71ad0c38228dc68b1c466263b47fdf31e560e139bb").unwrap().to_vec();
                        assert!(inbound_peer.process_act_three(&act_three[..]).is_err());
@@ -692,7 +669,7 @@ mod tests {
                        inbound_peer = PeerChannelEncryptor::new_inbound(&our_node_id);
 
                        let act_one = hex::decode("00036360e856310ce5d294e8be33fc807077dc56ac80d95d9cd4ddbd21325eff73f70df6086551151f58b8afe6c195782c6a").unwrap().to_vec();
-                       assert_eq!(inbound_peer.process_act_one_with_ephemeral_key(&act_one[..], &our_node_id, our_ephemeral.clone()).unwrap()[..], hex::decode("0002466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap()[..]);
+                       assert_eq!(inbound_peer.process_act_one_with_keys(&act_one[..], &our_node_id, our_ephemeral.clone()).unwrap()[..], hex::decode("0002466d7fcae563e5cb09a0d1870bb580344804617879a14949cf22285f1bae3f276e2470b93aac583c9ef6eafca3f730ae").unwrap()[..]);
 
                        let act_three = hex::decode("00b9e3a702e93e3a9948c2ed6e5fd7590a6e1c3a0344cfc9d5b57357049aa22355361aa02e55a8fc28fef5bd6d71ad0c38228dc68b1c466263b47fdf31e560e139ba").unwrap().to_vec();
                        // test vector doesn't specify the initiator static key, but it's the same as the one
diff --git a/src/ln/peer_handler.rs b/src/ln/peer_handler.rs
index cfdc6f1cb81ce9bfff7f0ca335aae4bfe6ba21db..a13705f4aeeb9ff8fa3182ee707a196253142a44 100644 (file)
--- a/src/ln/peer_handler.rs
+++ b/src/ln/peer_handler.rs
@@ -20,6 +20,10 @@ use std::sync::{Arc, Mutex};
 use std::sync::atomic::{AtomicUsize, Ordering};
 use std::{cmp,error,hash,fmt};
 
+use bitcoin_hashes::sha256::Hash as Sha256;
+use bitcoin_hashes::sha256::HashEngine as Sha256Engine;
+use bitcoin_hashes::{HashEngine, Hash};
+
 /// Provides references to trait impls which handle different types of messages.
 pub struct MessageHandler {
        /// A message handler which handles messages specific to channels. Usually this is just a
@@ -41,12 +45,13 @@ pub struct MessageHandler {
 /// careful to ensure you don't have races whereby you might register a new connection with an fd
 /// the same as a yet-to-be-disconnect_event()-ed.
 pub trait SocketDescriptor : cmp::Eq + hash::Hash + Clone {
-       /// Attempts to send some data from the given Vec starting at the given offset to the peer.
+       /// Attempts to send some data from the given slice to the peer.
+       ///
        /// Returns the amount of data which was sent, possibly 0 if the socket has since disconnected.
        /// Note that in the disconnected case, a disconnect_event must still fire and further write
        /// attempts may occur until that time.
        ///
-       /// If the returned size is smaller than data.len() - write_offset, a write_available event must
+       /// If the returned size is smaller than data.len(), a write_available event must
        /// trigger the next time more data can be written. Additionally, until the a send_data event
        /// completes fully, no further read_events should trigger on the same peer!
        ///
@@ -54,7 +59,7 @@ pub trait SocketDescriptor : cmp::Eq + hash::Hash + Clone {
        /// events should be paused to prevent DoS in the send buffer), resume_read may be set
        /// indicating that read events on this descriptor should resume. A resume_read of false does
        /// *not* imply that further read events should be paused.
-       fn send_data(&mut self, data: &Vec<u8>, write_offset: usize, resume_read: bool) -> usize;
+       fn send_data(&mut self, data: &[u8], resume_read: bool) -> usize;
        /// Disconnect the socket pointed to by this SocketDescriptor. Once this function returns, no
        /// more calls to write_event, read_event or disconnect_event may be made with this descriptor.
        /// No disconnect_event should be generated as a result of this call, though obviously races
@@ -151,12 +156,25 @@ impl<Descriptor: SocketDescriptor> PeerHolder<Descriptor> {
        }
 }
 
+#[cfg(not(any(target_pointer_width = "32", target_pointer_width = "64")))]
+fn _check_usize_is_32_or_64() {
+       // See below, less than 32 bit pointers may be unsafe here!
+       unsafe { mem::transmute::<*const usize, [u8; 4]>(panic!()); }
+}
+
 /// A PeerManager manages a set of peers, described by their SocketDescriptor and marshalls socket
 /// events into messages which it passes on to its MessageHandlers.
 pub struct PeerManager<Descriptor: SocketDescriptor> {
        message_handler: MessageHandler,
        peers: Mutex<PeerHolder<Descriptor>>,
        our_node_secret: SecretKey,
+       ephemeral_key_midstate: Sha256Engine,
+
+       // Usize needs to be at least 32 bits to avoid overflowing both low and high. If usize is 64
+       // bits we will never realistically count into high:
+       peer_counter_low: AtomicUsize,
+       peer_counter_high: AtomicUsize,
+
        initial_syncs_sent: AtomicUsize,
        logger: Arc<Logger>,
 }
@@ -188,7 +206,12 @@ const INITIAL_SYNCS_TO_SEND: usize = 5;
 /// PeerIds may repeat, but only after disconnect_event() has been called.
 impl<Descriptor: SocketDescriptor> PeerManager<Descriptor> {
        /// Constructs a new PeerManager with the given message handlers and node_id secret key
-       pub fn new(message_handler: MessageHandler, our_node_secret: SecretKey, logger: Arc<Logger>) -> PeerManager<Descriptor> {
+       /// ephemeral_random_data is used to derive per-connection ephemeral keys and must be
+       /// cryptographically secure random bytes.
+       pub fn new(message_handler: MessageHandler, our_node_secret: SecretKey, ephemeral_random_data: &[u8; 32], logger: Arc<Logger>) -> PeerManager<Descriptor> {
+               let mut ephemeral_key_midstate = Sha256::engine();
+               ephemeral_key_midstate.input(ephemeral_random_data);
+
                PeerManager {
                        message_handler: message_handler,
                        peers: Mutex::new(PeerHolder {
@@ -197,6 +220,9 @@ impl<Descriptor: SocketDescriptor> PeerManager<Descriptor> {
                                node_id_to_descriptor: HashMap::new()
                        }),
                        our_node_secret: our_node_secret,
+                       ephemeral_key_midstate,
+                       peer_counter_low: AtomicUsize::new(0),
+                       peer_counter_high: AtomicUsize::new(0),
                        initial_syncs_sent: AtomicUsize::new(0),
                        logger,
                }
@@ -217,6 +243,19 @@ impl<Descriptor: SocketDescriptor> PeerManager<Descriptor> {
                }).collect()
        }
 
+       fn get_ephemeral_key(&self) -> SecretKey {
+               let mut ephemeral_hash = self.ephemeral_key_midstate.clone();
+               let low = self.peer_counter_low.fetch_add(1, Ordering::AcqRel);
+               let high = if low == 0 {
+                       self.peer_counter_high.fetch_add(1, Ordering::AcqRel)
+               } else {
+                       self.peer_counter_high.load(Ordering::Acquire)
+               };
+               ephemeral_hash.input(&byte_utils::le64_to_array(low as u64));
+               ephemeral_hash.input(&byte_utils::le64_to_array(high as u64));
+               SecretKey::from_slice(&Sha256::from_engine(ephemeral_hash).into_inner()).expect("You broke SHA-256!")
+       }
+
        /// Indicates a new outbound connection has been established to a node with the given node_id.
        /// Note that if an Err is returned here you MUST NOT call disconnect_event for the new
        /// descriptor but must disconnect the connection immediately.
@@ -226,7 +265,7 @@ impl<Descriptor: SocketDescriptor> PeerManager<Descriptor> {
        /// Panics if descriptor is duplicative with some other descriptor which has not yet has a
        /// disconnect_event.
        pub fn new_outbound_connection(&self, their_node_id: PublicKey, descriptor: Descriptor) -> Result<Vec<u8>, PeerHandleError> {
-               let mut peer_encryptor = PeerChannelEncryptor::new_outbound(their_node_id.clone());
+               let mut peer_encryptor = PeerChannelEncryptor::new_outbound(their_node_id.clone(), self.get_ephemeral_key());
                let res = peer_encryptor.get_act_one().to_vec();
                let pending_read_buffer = [0; 50].to_vec(); // Noise act two is 50 bytes
 
@@ -349,7 +388,8 @@ impl<Descriptor: SocketDescriptor> PeerManager<Descriptor> {
                                };
 
                                let should_be_reading = peer.pending_outbound_buffer.len() < MSG_BUFF_SIZE;
-                               let data_sent = descriptor.send_data(next_buff, peer.pending_outbound_buffer_first_msg_offset, should_be_reading);
+                               let pending = &next_buff[peer.pending_outbound_buffer_first_msg_offset..];
+                               let data_sent = descriptor.send_data(pending, should_be_reading);
                                peer.pending_outbound_buffer_first_msg_offset += data_sent;
                                if peer.pending_outbound_buffer_first_msg_offset == next_buff.len() { true } else { false }
                        } {
@@ -517,7 +557,7 @@ impl<Descriptor: SocketDescriptor> PeerManager<Descriptor> {
                                                        let next_step = peer.channel_encryptor.get_noise_step();
                                                        match next_step {
                                                                NextNoiseStep::ActOne => {
-                                                                       let act_two = try_potential_handleerror!(peer.channel_encryptor.process_act_one_with_key(&peer.pending_read_buffer[..], &self.our_node_secret)).to_vec();
+                                                                       let act_two = try_potential_handleerror!(peer.channel_encryptor.process_act_one_with_keys(&peer.pending_read_buffer[..], &self.our_node_secret, self.get_ephemeral_key())).to_vec();
                                                                        peer.pending_outbound_buffer.push_back(act_two);
                                                                        peer.pending_read_buffer = [0; 66].to_vec(); // act three is 66 bytes long
                                                                },
@@ -587,10 +627,6 @@ impl<Descriptor: SocketDescriptor> PeerManager<Descriptor> {
                                                                                                        log_info!(self, "Peer local features required data_loss_protect");
                                                                                                        return Err(PeerHandleError{ no_connection_possible: true });
                                                                                                }
-                                                                                               if msg.local_features.requires_upfront_shutdown_script() {
-                                                                                                       log_info!(self, "Peer local features required upfront_shutdown_script");
-                                                                                                       return Err(PeerHandleError{ no_connection_possible: true });
-                                                                                               }
                                                                                                if peer.their_global_features.is_some() {
                                                                                                        return Err(PeerHandleError{ no_connection_possible: false });
                                                                                                }
@@ -659,11 +695,11 @@ impl<Descriptor: SocketDescriptor> PeerManager<Descriptor> {
                                                                                        // Channel control:
                                                                                        32 => {
                                                                                                let msg = try_potential_decodeerror!(msgs::OpenChannel::read(&mut reader));
-                                                                                               try_potential_handleerror!(self.message_handler.chan_handler.handle_open_channel(&peer.their_node_id.unwrap(), &msg));
+                                                                                               try_potential_handleerror!(self.message_handler.chan_handler.handle_open_channel(&peer.their_node_id.unwrap(), peer.their_local_features.clone().unwrap(), &msg));
                                                                                        },
                                                                                        33 => {
                                                                                                let msg = try_potential_decodeerror!(msgs::AcceptChannel::read(&mut reader));
-                                                                                               try_potential_handleerror!(self.message_handler.chan_handler.handle_accept_channel(&peer.their_node_id.unwrap(), &msg));
+                                                                                               try_potential_handleerror!(self.message_handler.chan_handler.handle_accept_channel(&peer.their_node_id.unwrap(), peer.their_local_features.clone().unwrap(), &msg));
                                                                                        },
 
                                                                                        34 => {
@@ -1088,9 +1124,8 @@ mod tests {
        }
 
        impl SocketDescriptor for FileDescriptor {
-               fn send_data(&mut self, data: &Vec<u8>, write_offset: usize, _resume_read: bool) -> usize {
-                       assert!(write_offset < data.len());
-                       data.len() - write_offset
+               fn send_data(&mut self, data: &[u8], _resume_read: bool) -> usize {
+                       data.len()
                }
 
                fn disconnect_socket(&mut self) {}
@@ -1100,6 +1135,8 @@ mod tests {
                let mut peers = Vec::new();
                let mut rng = thread_rng();
                let logger : Arc<Logger> = Arc::new(test_utils::TestLogger::new());
+               let mut ephemeral_bytes = [0; 32];
+               rng.fill_bytes(&mut ephemeral_bytes);
 
                for _ in 0..peer_count {
                        let chan_handler = test_utils::TestChannelMessageHandler::new();
@@ -1110,7 +1147,7 @@ mod tests {
                                SecretKey::from_slice(&key_slice).unwrap()
                        };
                        let msg_handler = MessageHandler { chan_handler: Arc::new(chan_handler), route_handler: Arc::new(router) };
-                       let peer = PeerManager::new(msg_handler, node_id, Arc::clone(&logger));
+                       let peer = PeerManager::new(msg_handler, node_id, &ephemeral_bytes, Arc::clone(&logger));
                        peers.push(peer);
                }
 
diff --git a/src/ln/router.rs b/src/ln/router.rs
index 1d932ea998db61cc635b9b259afdd63fe7da926e..bb20c31c35af9f868ee76c91933558b173130dc4 100644 (file)
--- a/src/ln/router.rs
+++ b/src/ln/router.rs
@@ -7,7 +7,8 @@ use secp256k1::key::PublicKey;
 use secp256k1::Secp256k1;
 use secp256k1;
 
-use bitcoin::util::hash::Sha256dHash;
+use bitcoin_hashes::sha256d::Hash as Sha256dHash;
+use bitcoin_hashes::Hash;
 use bitcoin::blockdata::script::Builder;
 use bitcoin::blockdata::opcodes;
 
@@ -410,7 +411,7 @@ macro_rules! secp_verify_sig {
 
 impl RoutingMessageHandler for Router {
        fn handle_node_announcement(&self, msg: &msgs::NodeAnnouncement) -> Result<bool, HandleError> {
-               let msg_hash = hash_to_message!(&Sha256dHash::from_data(&msg.contents.encode()[..])[..]);
+               let msg_hash = hash_to_message!(&Sha256dHash::hash(&msg.contents.encode()[..])[..]);
                secp_verify_sig!(self.secp_ctx, &msg_hash, &msg.signature, &msg.contents.node_id);
 
                if msg.contents.features.requires_unknown_bits() {
@@ -443,7 +444,7 @@ impl RoutingMessageHandler for Router {
                        return Err(HandleError{err: "Channel announcement node had a channel with itself", action: Some(ErrorAction::IgnoreError)});
                }
 
-               let msg_hash = hash_to_message!(&Sha256dHash::from_data(&msg.contents.encode()[..])[..]);
+               let msg_hash = hash_to_message!(&Sha256dHash::hash(&msg.contents.encode()[..])[..]);
                secp_verify_sig!(self.secp_ctx, &msg_hash, &msg.node_signature_1, &msg.contents.node_id_1);
                secp_verify_sig!(self.secp_ctx, &msg_hash, &msg.node_signature_2, &msg.contents.node_id_2);
                secp_verify_sig!(self.secp_ctx, &msg_hash, &msg.bitcoin_signature_1, &msg.contents.bitcoin_key_1);
@@ -619,7 +620,7 @@ impl RoutingMessageHandler for Router {
                                                };
                                        }
                                }
-                               let msg_hash = hash_to_message!(&Sha256dHash::from_data(&msg.contents.encode()[..])[..]);
+                               let msg_hash = hash_to_message!(&Sha256dHash::hash(&msg.contents.encode()[..])[..]);
                                if msg.contents.flags & 1 == 1 {
                                        dest_node_id = channel.one_to_two.src_node_id.clone();
                                        secp_verify_sig!(self.secp_ctx, &msg_hash, &msg.signature, &channel.two_to_one.src_node_id);
@@ -1020,7 +1021,8 @@ mod tests {
        use util::logger::Logger;
        use util::ser::{Writeable, Readable};
 
-       use bitcoin::util::hash::Sha256dHash;
+       use bitcoin_hashes::sha256d::Hash as Sha256dHash;
+       use bitcoin_hashes::Hash;
        use bitcoin::network::constants::Network;
 
        use hex;
@@ -1104,7 +1106,7 @@ mod tests {
                let node7 = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&hex::decode("0808080808080808080808080808080808080808080808080808080808080808").unwrap()[..]).unwrap());
                let node8 = PublicKey::from_secret_key(&secp_ctx, &SecretKey::from_slice(&hex::decode("0909090909090909090909090909090909090909090909090909090909090909").unwrap()[..]).unwrap());
 
-               let zero_hash = Sha256dHash::from_data(&[0; 32]);
+               let zero_hash = Sha256dHash::hash(&[0; 32]);
 
                {
                        let mut network = router.network_map.write().unwrap();
@@ -1466,6 +1468,9 @@ mod tests {
                                remote_network_id: node8.clone(),
                                channel_value_satoshis: 0,
                                user_id: 0,
+                               outbound_capacity_msat: 0,
+                               inbound_capacity_msat: 0,
+                               is_live: true,
                        }];
                        let route = router.get_route(&node3, Some(&our_chans), &Vec::new(), 100, 42).unwrap();
                        assert_eq!(route.hops.len(), 2);
@@ -1541,6 +1546,9 @@ mod tests {
                                remote_network_id: node4.clone(),
                                channel_value_satoshis: 0,
                                user_id: 0,
+                               outbound_capacity_msat: 0,
+                               inbound_capacity_msat: 0,
+                               is_live: true,
                        }];
                        let route = router.get_route(&node7, Some(&our_chans), &last_hops, 100, 42).unwrap();
                        assert_eq!(route.hops.len(), 2);
diff --git a/src/util/config.rs b/src/util/config.rs
index a3abdbedeecc9e88174899b05b76330dda22ce22..0b61a5699ea853489d1a59901584784edcba7c0f 100644 (file)
--- a/src/util/config.rs
+++ b/src/util/config.rs
@@ -1,11 +1,15 @@
 //! Various user-configurable channel limits and settings which ChannelManager
 //! applies for you.
 
+use ln::channelmanager::{BREAKDOWN_TIMEOUT, MAX_LOCAL_BREAKDOWN_TIMEOUT};
+
 /// Top-level config which holds ChannelHandshakeLimits and ChannelConfig.
 #[derive(Clone, Debug)]
 pub struct UserConfig {
-       /// Limits applied during channel creation.
-       pub channel_limits: ChannelHandshakeLimits,
+       /// Channel config that we propose to our counterparty.
+       pub own_channel_config: ChannelHandshakeConfig,
+       /// Limits applied to our counterparty's proposed channel config settings.
+       pub peer_channel_config_limits: ChannelHandshakeLimits,
        /// Channel config which affects behavior during channel lifetime.
        pub channel_options: ChannelConfig,
 }
@@ -14,12 +18,44 @@ impl UserConfig {
        /// Provides sane defaults for most configurations (but with 0 relay fees!)
        pub fn new() -> Self{
                UserConfig {
-                       channel_limits: ChannelHandshakeLimits::new(),
+                       own_channel_config: ChannelHandshakeConfig::new(),
+                       peer_channel_config_limits: ChannelHandshakeLimits::new(),
                        channel_options: ChannelConfig::new(),
                }
        }
 }
 
+/// Configuration we set when applicable.
+#[derive(Clone, Debug)]
+pub struct ChannelHandshakeConfig {
+       /// Confirmations we will wait for before considering the channel locked in.
+       /// Applied only for inbound channels (see ChannelHandshakeLimits::max_minimum_depth for the
+       /// equivalent limit applied to outbound channels).
+       pub minimum_depth: u32,
+       /// Set to the amount of time we require our counterparty to wait to claim their money.
+       ///
+       /// It's one of the main parameter of our security model. We (or one of our watchtowers) MUST
+       /// be online to check for peer having broadcast a revoked transaction to steal our funds
+       /// at least once every our_to_self_delay blocks.
+       /// Default is BREAKDOWN_TIMEOUT, we enforce it as a minimum at channel opening so you can
+       /// tweak config to ask for more security, not less.
+       ///
+       /// Meanwhile, asking for a too high delay, we bother peer to freeze funds for nothing in
+       /// case of an honest unilateral channel close, which implicitly decrease the economic value of
+       /// our channel.
+       pub our_to_self_delay: u16,
+}
+
+impl ChannelHandshakeConfig {
+       /// Provides sane defaults for `ChannelHandshakeConfig`
+       pub fn new() -> ChannelHandshakeConfig {
+               ChannelHandshakeConfig {
+                       minimum_depth: 6,
+                       our_to_self_delay: BREAKDOWN_TIMEOUT,
+               }
+       }
+}
+
 /// Optional channel limits which are applied during channel creation.
 ///
 /// These limits are only applied to our counterparty's limits, not our own.
@@ -67,6 +103,13 @@ pub struct ChannelHandshakeLimits {
        /// Defaults to true to make the default that no announced channels are possible (which is
        /// appropriate for any nodes which are not online very reliably).
        pub force_announced_channel_preference: bool,
+       /// Set to the amount of time we're willing to wait to claim money back to us.
+       ///
+       /// Not checking this value would be a security issue, as our peer would be able to set it to
+       /// max relative lock-time (a year) and we would "lose" money as it would be locked for a long time.
+       /// Default is MAX_LOCAL_BREAKDOWN_TIMEOUT, which we also enforce as a maximum value
+       /// so you can tweak config to reduce the loss of having useless locked funds (if your peer accepts)
+       pub their_to_self_delay: u16
 }
 
 impl ChannelHandshakeLimits {
@@ -86,6 +129,7 @@ impl ChannelHandshakeLimits {
                        max_dust_limit_satoshis: <u64>::max_value(),
                        max_minimum_depth: 144,
                        force_announced_channel_preference: true,
+                       their_to_self_delay: MAX_LOCAL_BREAKDOWN_TIMEOUT,
                }
        }
 }
@@ -108,6 +152,16 @@ pub struct ChannelConfig {
        ///
        /// This cannot be changed after the initial channel handshake.
        pub announced_channel: bool,
+       /// When set, we commit to an upfront shutdown_pubkey at channel open. If our counterparty
+       /// supports it, they will then enforce the mutual-close output to us matches what we provided
+       /// at intialization, preventing us from closing to an alternate pubkey.
+       ///
+       /// This is set to true by default to provide a slight increase in security, though ultimately
+       /// any attacker who is able to take control of a channel can just as easily send the funds via
+       /// lightning payments, so we never require that our counterparties support this option.
+       ///
+       /// This cannot be changed after a channel has been initialized.
+       pub commit_upfront_shutdown_pubkey: bool
 }
 
 impl ChannelConfig {
@@ -116,12 +170,14 @@ impl ChannelConfig {
                ChannelConfig {
                        fee_proportional_millionths: 0,
                        announced_channel: false,
+                       commit_upfront_shutdown_pubkey: true,
                }
        }
 }
 
 //Add write and readable traits to channelconfig
-impl_writeable!(ChannelConfig, 8+1, {
+impl_writeable!(ChannelConfig, 8+1+1, {
        fee_proportional_millionths,
-       announced_channel
+       announced_channel,
+       commit_upfront_shutdown_pubkey
 });
diff --git a/src/util/events.rs b/src/util/events.rs
index 8f8e7a52c3c8968facd6ad92aec0ab6808004327..96a5b48a76d26877cf58545528fb99f4c3e3b91b 100644 (file)
--- a/src/util/events.rs
+++ b/src/util/events.rs
@@ -21,7 +21,7 @@ use bitcoin::blockdata::script::Script;
 
 use secp256k1::key::PublicKey;
 
-use std::time::Instant;
+use std::time::Duration;
 
 /// An Event which you should probably take some action in response to.
 pub enum Event {
@@ -92,8 +92,11 @@ pub enum Event {
        /// Used to indicate that ChannelManager::process_pending_htlc_forwards should be called at a
        /// time in the future.
        PendingHTLCsForwardable {
-               /// The earliest time at which process_pending_htlc_forwards should be called.
-               time_forwardable: Instant,
+               /// The minimum amount of time that should be waited prior to calling
+               /// process_pending_htlc_forwards. To increase the effort required to correlate payments,
+               /// you should wait a random amount of time in roughly the range (now + time_forwardable,
+               /// now + 5*time_forwardable).
+               time_forwardable: Duration,
        },
        /// Used to indicate that an output was generated on-chain which you should know how to spend.
        /// Such an output will *not* ever be spent by rust-lightning, so you need to store them
diff --git a/src/util/internal_traits.rs b/src/util/internal_traits.rs
deleted file mode 100644 (file)
index c12276c..0000000
--- a/src/util/internal_traits.rs
+++ /dev/null
@@ -1,7 +0,0 @@
-/// A simple marker trait that indicates a type requires no deallocation. Implies we can set_len()
-/// on a Vec of these things and will be safe to overwrite them with =.
-pub unsafe trait NoDealloc {}
-
-/// Just call with test_no_dealloc::<Type>(None)
-#[inline]
-pub fn test_no_dealloc<T : NoDealloc>(_: Option<T>) { }
diff --git a/src/util/logger.rs b/src/util/logger.rs
index 82b8e3ea57d8d7351cc029913ee4995209e89085..e727723c16dedbc6bb4713b4bd137238884ce0b5 100644 (file)
--- a/src/util/logger.rs
+++ b/src/util/logger.rs
@@ -21,7 +21,7 @@ use std::sync::Arc;
 static LOG_LEVEL_NAMES: [&'static str; 6] = ["OFF", "ERROR", "WARN", "INFO", "DEBUG", "TRACE"];
 
 /// An enum representing the available verbosity levels of the logger.
-#[derive(Copy, Clone, Eq, Debug, Hash)]
+#[derive(Copy, Clone, PartialEq, Eq, Debug, Hash)]
 pub enum Level {
        ///Designates logger being silent
        Off,
@@ -37,13 +37,6 @@ pub enum Level {
        Trace,
 }
 
-impl PartialEq for Level {
-       #[inline]
-       fn eq(&self, other: &Level) -> bool {
-               *self as usize == *other as usize
-       }
-}
-
 impl PartialOrd for Level {
        #[inline]
        fn partial_cmp(&self, other: &Level) -> Option<cmp::Ordering> {
diff --git a/src/util/macro_logger.rs b/src/util/macro_logger.rs
index fb38e347c2adec973351d0d4f4cc6204781630e5..1f68542773e462bd9623f24d27562d0d11339caa 100644 (file)
--- a/src/util/macro_logger.rs
+++ b/src/util/macro_logger.rs
@@ -1,6 +1,6 @@
 use chain::transaction::OutPoint;
 
-use bitcoin::util::hash::Sha256dHash;
+use bitcoin_hashes::sha256d::Hash as Sha256dHash;
 use secp256k1::key::PublicKey;
 
 use ln::router::Route;
diff --git a/src/util/mod.rs b/src/util/mod.rs
index e4170590d1003045deb0cd2567ff70e71aa461a9..aab77035d387d452d469067329e6db9ad77a69e2 100644 (file)
--- a/src/util/mod.rs
+++ b/src/util/mod.rs
@@ -9,8 +9,6 @@ pub(crate) mod chacha20;
 #[cfg(not(feature = "fuzztarget"))]
 pub(crate) mod poly1305;
 pub(crate) mod chacha20poly1305rfc;
-pub(crate) mod internal_traits;
-pub(crate) mod rng;
 pub(crate) mod transaction_utils;
 
 #[macro_use]
@@ -22,9 +20,6 @@ pub(crate) mod macro_logger;
 pub mod logger;
 pub mod config;
 
-#[cfg(feature = "fuzztarget")]
-pub use self::rng::{reset_rng_state, fill_bytes};
-
 #[cfg(test)]
 pub(crate) mod test_utils;
 
diff --git a/src/util/rng.rs b/src/util/rng.rs
deleted file mode 100644 (file)
index 63fbc99..0000000
--- a/src/util/rng.rs
+++ /dev/null
@@ -1,44 +0,0 @@
-#[cfg(not(feature = "fuzztarget"))]
-mod real_rng {
-       use rand::{thread_rng,Rng};
-
-       pub fn fill_bytes(data: &mut [u8]) {
-               let mut rng = thread_rng();
-               rng.fill_bytes(data);
-       }
-
-       pub fn rand_f32() -> f32 {
-               let mut rng = thread_rng();
-               rng.next_f32()
-       }
-}
-#[cfg(not(feature = "fuzztarget"))]
-pub use self::real_rng::*;
-
-#[cfg(feature = "fuzztarget")]
-mod fuzzy_rng {
-       use util::byte_utils;
-
-       static mut RNG_ITER: u64 = 0;
-
-       pub fn fill_bytes(data: &mut [u8]) {
-               let rng = unsafe { RNG_ITER += 1; RNG_ITER -1 };
-               for i in 0..data.len() / 8 {
-                       data[i*8..(i+1)*8].copy_from_slice(&byte_utils::be64_to_array(rng));
-               }
-               let rem = data.len() % 8;
-               let off = data.len() - rem;
-               data[off..].copy_from_slice(&byte_utils::be64_to_array(rng)[0..rem]);
-       }
-
-       pub fn rand_f32() -> f32 {
-               let rng = unsafe { RNG_ITER += 1; RNG_ITER - 1 };
-               f64::from_bits(rng) as f32
-       }
-
-       pub fn reset_rng_state() {
-               unsafe { RNG_ITER = 0; }
-       }
-}
-#[cfg(feature = "fuzztarget")]
-pub use self::fuzzy_rng::*;
diff --git a/src/util/ser.rs b/src/util/ser.rs
index d832c7018825e75df028bd2e2b8ea538962cc0e3..a2ef16b5e2462c51dd22f7c4444cd0cf7b22460a 100644 (file)
--- a/src/util/ser.rs
+++ b/src/util/ser.rs
@@ -8,8 +8,9 @@ use std::hash::Hash;
 
 use secp256k1::Signature;
 use secp256k1::key::{PublicKey, SecretKey};
-use bitcoin::util::hash::Sha256dHash;
 use bitcoin::blockdata::script::Script;
+use bitcoin::blockdata::transaction::OutPoint;
+use bitcoin_hashes::sha256d::Hash as Sha256dHash;
 use std::marker::Sized;
 use ln::msgs::DecodeError;
 use ln::channelmanager::{PaymentPreimage, PaymentHash};
@@ -342,14 +343,16 @@ impl<R: Read> Readable<R> for SecretKey {
 
 impl Writeable for Sha256dHash {
        fn write<W: Writer>(&self, w: &mut W) -> Result<(), ::std::io::Error> {
-               self.as_bytes().write(w)
+               w.write_all(&self[..])
        }
 }
 
 impl<R: Read> Readable<R> for Sha256dHash {
        fn read(r: &mut R) -> Result<Self, DecodeError> {
+               use bitcoin_hashes::Hash;
+
                let buf: [u8; 32] = Readable::read(r)?;
-               Ok(From::from(&buf[..]))
+               Ok(Sha256dHash::from_slice(&buf[..]).unwrap())
        }
 }
 
@@ -420,3 +423,22 @@ impl<R, T> Readable<R> for Option<T>
                }
        }
 }
+
+impl Writeable for OutPoint {
+       fn write<W: Writer>(&self, w: &mut W) -> Result<(), ::std::io::Error> {
+               self.txid.write(w)?;
+               self.vout.write(w)?;
+               Ok(())
+       }
+}
+
+impl<R: Read> Readable<R> for OutPoint {
+       fn read(r: &mut R) -> Result<Self, DecodeError> {
+               let txid = Readable::read(r)?;
+               let vout = Readable::read(r)?;
+               Ok(OutPoint {
+                       txid,
+                       vout,
+               })
+       }
+}
diff --git a/src/util/test_utils.rs b/src/util/test_utils.rs
index 4360c5701c40e93927eab81bcdc3a4963236a34e..cc6fe969df81f47fa6864df00905e9aa24c1c51d 100644 (file)
--- a/src/util/test_utils.rs
+++ b/src/util/test_utils.rs
@@ -4,6 +4,7 @@ use chain::transaction::OutPoint;
 use chain::keysinterface;
 use ln::channelmonitor;
 use ln::msgs;
+use ln::msgs::LocalFeatures;
 use ln::msgs::{HandleError};
 use ln::channelmonitor::HTLCUpdate;
 use util::events;
@@ -12,11 +13,12 @@ use util::ser::{ReadableArgs, Writer};
 
 use bitcoin::blockdata::transaction::Transaction;
 use bitcoin::blockdata::script::Script;
-use bitcoin::util::hash::Sha256dHash;
+use bitcoin_hashes::sha256d::Hash as Sha256dHash;
 use bitcoin::network::constants::Network;
 
 use secp256k1::{SecretKey, PublicKey};
 
+use std::time::{SystemTime, UNIX_EPOCH};
 use std::sync::{Arc,Mutex};
 use std::{mem};
 
@@ -46,10 +48,10 @@ pub struct TestChannelMonitor {
        pub update_ret: Mutex<Result<(), channelmonitor::ChannelMonitorUpdateErr>>,
 }
 impl TestChannelMonitor {
-       pub fn new(chain_monitor: Arc<chaininterface::ChainWatchInterface>, broadcaster: Arc<chaininterface::BroadcasterInterface>, logger: Arc<Logger>) -> Self {
+       pub fn new(chain_monitor: Arc<chaininterface::ChainWatchInterface>, broadcaster: Arc<chaininterface::BroadcasterInterface>, logger: Arc<Logger>, fee_estimator: Arc<chaininterface::FeeEstimator>) -> Self {
                Self {
                        added_monitors: Mutex::new(Vec::new()),
-                       simple_monitor: channelmonitor::SimpleManyChannelMonitor::new(chain_monitor, broadcaster, logger),
+                       simple_monitor: channelmonitor::SimpleManyChannelMonitor::new(chain_monitor, broadcaster, logger, fee_estimator),
                        update_ret: Mutex::new(Ok(())),
                }
        }
@@ -96,10 +98,10 @@ impl TestChannelMessageHandler {
 }
 
 impl msgs::ChannelMessageHandler for TestChannelMessageHandler {
-       fn handle_open_channel(&self, _their_node_id: &PublicKey, _msg: &msgs::OpenChannel) -> Result<(), HandleError> {
+       fn handle_open_channel(&self, _their_node_id: &PublicKey, _their_local_features: LocalFeatures, _msg: &msgs::OpenChannel) -> Result<(), HandleError> {
                Err(HandleError { err: "", action: None })
        }
-       fn handle_accept_channel(&self, _their_node_id: &PublicKey, _msg: &msgs::AcceptChannel) -> Result<(), HandleError> {
+       fn handle_accept_channel(&self, _their_node_id: &PublicKey, _their_local_features: LocalFeatures, _msg: &msgs::AcceptChannel) -> Result<(), HandleError> {
                Err(HandleError { err: "", action: None })
        }
        fn handle_funding_created(&self, _their_node_id: &PublicKey, _msg: &msgs::FundingCreated) -> Result<(), HandleError> {
@@ -241,8 +243,9 @@ impl keysinterface::KeysInterface for TestKeysInterface {
 
 impl TestKeysInterface {
        pub fn new(seed: &[u8; 32], network: Network, logger: Arc<Logger>) -> Self {
+               let now = SystemTime::now().duration_since(UNIX_EPOCH).expect("Time went backwards");
                Self {
-                       backing: keysinterface::KeysManager::new(seed, network, logger),
+                       backing: keysinterface::KeysManager::new(seed, network, logger, now.as_secs(), now.subsec_nanos()),
                        override_session_priv: Mutex::new(None),
                        override_channel_id_priv: Mutex::new(None),
                }
diff --git a/src/util/transaction_utils.rs b/src/util/transaction_utils.rs
index 33072f605ad87e25e41bd938e60e507501427162..a7c1e6bc6f78a48e15b69cf4081f0b88534b30e3 100644 (file)
--- a/src/util/transaction_utils.rs
+++ b/src/util/transaction_utils.rs
@@ -1,36 +1,14 @@
-use bitcoin::blockdata::transaction::{TxIn, TxOut};
+use bitcoin::blockdata::transaction::TxOut;
 
 use std::cmp::Ordering;
 
-pub fn sort_outputs<T>(outputs: &mut Vec<(TxOut, T)>) {
+pub fn sort_outputs<T, C : Fn(&T, &T) -> Ordering>(outputs: &mut Vec<(TxOut, T)>, tie_breaker: C) {
        outputs.sort_unstable_by(|a, b| {
-               if a.0.value < b.0.value {
-                       Ordering::Less
-               } else if b.0.value < a.0.value {
-                       Ordering::Greater
-               } else if a.0.script_pubkey[..] < b.0.script_pubkey[..] {
-                       Ordering::Less
-               } else if b.0.script_pubkey[..] < a.0.script_pubkey[..] {
-                       Ordering::Greater
-               } else {
-                       Ordering::Equal
-               }
-       });
-}
-
-pub fn sort_inputs<T>(inputs: &mut Vec<(TxIn, T)>) {
-       inputs.sort_unstable_by(|a, b| {
-               if a.0.previous_output.txid.into_le() < b.0.previous_output.txid.into_le() {
-                       Ordering::Less
-               } else if b.0.previous_output.txid.into_le() < a.0.previous_output.txid.into_le() {
-                       Ordering::Greater
-               } else if a.0.previous_output.vout < b.0.previous_output.vout {
-                       Ordering::Less
-               } else if b.0.previous_output.vout < a.0.previous_output.vout {
-                       Ordering::Greater
-               } else {
-                       Ordering::Equal
-               }
+               a.0.value.cmp(&b.0.value).then_with(|| {
+                       a.0.script_pubkey[..].cmp(&b.0.script_pubkey[..]).then_with(|| {
+                               tie_breaker(&a.1, &b.1)
+                       })
+               })
        });
 }
 
@@ -39,8 +17,7 @@ mod tests {
        use super::*;
 
        use bitcoin::blockdata::script::{Script, Builder};
-       use bitcoin::blockdata::transaction::{TxOut, OutPoint};
-       use bitcoin::util::hash::Sha256dHash;
+       use bitcoin::blockdata::transaction::TxOut;
 
        use hex::decode;
 
@@ -59,7 +36,7 @@ mod tests {
                let txout2_ = txout2.clone();
 
                let mut outputs = vec![(txout1, "ignore"), (txout2, "ignore")];
-               sort_outputs(&mut outputs);
+               sort_outputs(&mut outputs, |_, _| { unreachable!(); });
 
                assert_eq!(
                        &outputs,
@@ -82,7 +59,7 @@ mod tests {
                let txout2_ = txout2.clone();
 
                let mut outputs = vec![(txout1, "ignore"), (txout2, "ignore")];
-               sort_outputs(&mut outputs);
+               sort_outputs(&mut outputs, |_, _| { unreachable!(); });
 
                assert_eq!(
                        &outputs,
@@ -106,11 +83,31 @@ mod tests {
                let txout2_ = txout2.clone();
 
                let mut outputs = vec![(txout1, "ignore"), (txout2, "ignore")];
-               sort_outputs(&mut outputs);
+               sort_outputs(&mut outputs, |_, _| { unreachable!(); });
 
                assert_eq!(&outputs, &vec![(txout1_, "ignore"), (txout2_, "ignore")]);
        }
 
+       #[test]
+       fn sort_output_tie_breaker_test() {
+               let txout1 = TxOut {
+                       value:  100,
+                       script_pubkey: Builder::new().push_int(1).push_int(2).into_script()
+               };
+               let txout1_ = txout1.clone();
+
+               let txout2 = txout1.clone();
+               let txout2_ = txout1.clone();
+
+               let mut outputs = vec![(txout1, 420), (txout2, 69)];
+               sort_outputs(&mut outputs, |a, b| { a.cmp(b) });
+
+               assert_eq!(
+                       &outputs,
+                       &vec![(txout2_, 69), (txout1_, 420)]
+               );
+       }
+
        fn script_from_hex(hex_str: &str) -> Script {
                Script::from(decode(hex_str).unwrap())
        }
@@ -132,7 +129,7 @@ mod tests {
                                        outputs.reverse(); // prep it
 
                                        // actually do the work!
-                                       sort_outputs(&mut outputs);
+                                       sort_outputs(&mut outputs, |_, _| { unreachable!(); });
 
                                        assert_eq!(outputs, expected);
                                }
@@ -152,63 +149,4 @@ mod tests {
                bip69_txout_test_1: TXOUT1.to_vec(),
                bip69_txout_test_2: TXOUT2.to_vec(),
        }
-
-       macro_rules! bip_txin_tests {
-               ($($name:ident: $value:expr,)*) => {
-                       $(
-                               #[test]
-                               fn $name() {
-                                       let expected_raw: Vec<(&str, u32)> = $value;
-                                       let expected: Vec<(TxIn, &str)> = expected_raw.iter().map(
-                                               |txin_raw| TxIn {
-                                                       previous_output: OutPoint {
-                                                               txid: Sha256dHash::from_hex(txin_raw.0).unwrap(),
-                                                               vout: txin_raw.1,
-                                                       },
-                                                       script_sig: Script::new(),
-                                                       sequence: 0,
-                                                       witness: vec![]
-                                               }
-                                               ).map(|txin| (txin, "ignore")).collect();
-
-                                       let mut inputs = expected.clone();
-                                       inputs.reverse();
-
-                                       sort_inputs(&mut inputs);
-
-                                       assert_eq!(expected, inputs);
-                               }
-                       )*
-               }
-       }
-
-       const TXIN1_BIP69: [(&str, u32); 17] = [
-               ("0e53ec5dfb2cb8a71fec32dc9a634a35b7e24799295ddd5278217822e0b31f57", 0),
-               ("26aa6e6d8b9e49bb0630aac301db6757c02e3619feb4ee0eea81eb1672947024", 1),
-               ("28e0fdd185542f2c6ea19030b0796051e7772b6026dd5ddccd7a2f93b73e6fc2", 0),
-               ("381de9b9ae1a94d9c17f6a08ef9d341a5ce29e2e60c36a52d333ff6203e58d5d", 1),
-               ("3b8b2f8efceb60ba78ca8bba206a137f14cb5ea4035e761ee204302d46b98de2", 0),
-               ("402b2c02411720bf409eff60d05adad684f135838962823f3614cc657dd7bc0a", 1),
-               ("54ffff182965ed0957dba1239c27164ace5a73c9b62a660c74b7b7f15ff61e7a", 1),
-               ("643e5f4e66373a57251fb173151e838ccd27d279aca882997e005016bb53d5aa", 0),
-               ("6c1d56f31b2de4bfc6aaea28396b333102b1f600da9c6d6149e96ca43f1102b1", 1),
-               ("7a1de137cbafb5c70405455c49c5104ca3057a1f1243e6563bb9245c9c88c191", 0),
-               ("7d037ceb2ee0dc03e82f17be7935d238b35d1deabf953a892a4507bfbeeb3ba4", 1),
-               ("a5e899dddb28776ea9ddac0a502316d53a4a3fca607c72f66c470e0412e34086", 0),
-               ("b4112b8f900a7ca0c8b0e7c4dfad35c6be5f6be46b3458974988e1cdb2fa61b8", 0),
-               ("bafd65e3c7f3f9fdfdc1ddb026131b278c3be1af90a4a6ffa78c4658f9ec0c85", 0),
-               ("de0411a1e97484a2804ff1dbde260ac19de841bebad1880c782941aca883b4e9", 1),
-               ("f0a130a84912d03c1d284974f563c5949ac13f8342b8112edff52971599e6a45", 0),
-               ("f320832a9d2e2452af63154bc687493484a0e7745ebd3aaf9ca19eb80834ad60", 0),
-       ];
-
-
-       const TXIN2_BIP69: [(&str, u32); 2] = [
-               ("35288d269cee1941eaebb2ea85e32b42cdb2b04284a56d8b14dcc3f5c65d6055", 0),
-               ("35288d269cee1941eaebb2ea85e32b42cdb2b04284a56d8b14dcc3f5c65d6055", 1),
-       ];
-       bip_txin_tests! {
-               bip69_txin_test_1: TXIN1_BIP69.to_vec(),
-               bip69_txin_test_2: TXIN2_BIP69.to_vec(),
-       }
 }
Personal fork of Rust-Lightning. Upstream is https://github.com/rust-bitcoin/rust-lightning