git.bitcoin.ninja Git - rust-lightning/commit

author	Matt Corallo <git@bluematt.me>
	Mon, 14 Oct 2024 15:13:34 +0000 (15:13 +0000)
committer	Matt Corallo <git@bluematt.me>
	Mon, 14 Oct 2024 19:36:23 +0000 (19:36 +0000)
commit	1486b1bde29af8bf4862e0a9e7447f692974100b
tree	01997312aa87f63c1925e2b65a45043684ad3f65	tree \| snapshot
parent	46d8a0db79f3257cd5f2a6cdf896b1577ffccd88	commit \| diff

Set `holder_commitment_point` to `Available` on upgrade

When we upgrade from LDK 0.0.123 or prior, we need to intialize
`holder_commitment_point` with commitment point(s). In
1f7f3a366c9e62cff5a5025724b5b508255a89d7 we changed the point(s)
which we fetch from both the current and next per-commitment-point
(setting the value to `HolderCommitmentPoint::Available` on
upgrade) to only fetching the current per-commitment-point (setting
the value to `HolderCommitmentPoint::PendingNext` on upgrade).

In `commitment_signed` handling, we expect the next
per-commitment-point to be available (allowing us to `advance()`
the `holder_commitment_point`), as it was included in the
`revoke_and_ack` we most recently sent to our peer, so must've been
available at that time.

Sadly, these two interact negatively with each other - on upgrade,
assuming the channel is at a steady state and there are no pending
updates, we'll not make the next per-commitment-point available but
if we receive a `commitment_signed` from our peer we'll assume it
is. As a result, in debug mode, we'll hit an assertion failure, and
in production mode we'll force-close the channel.

Instead, here, we fix the upgrade logic to always upgrade directly
to `HolderCommitmentPoint::Available`, making the next
per-commitment-point available immediately.

We also attempt to resolve the next per-commitment-point in
`get_channel_reestablish`, allowing any channels which were
upgraded to LDK 0.0.124 and are in this broken state to avoid the
force-closure, as long as they don't receive a `commitment_signed`
in the interim.