1 // This file is Copyright its original authors, visible in version control
4 // This file is licensed under the Apache License, Version 2.0 <LICENSE-APACHE
5 // or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
6 // <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option.
7 // You may not use this file except in accordance with one or both of these
10 //! Utilities to send payments and manage outbound payment information.
12 use bitcoin::hashes::Hash;
13 use bitcoin::hashes::sha256::Hash as Sha256;
14 use bitcoin::secp256k1::{self, Secp256k1, SecretKey};
16 use crate::chain::keysinterface::{EntropySource, NodeSigner, Recipient};
17 use crate::ln::{PaymentHash, PaymentPreimage, PaymentSecret};
18 use crate::ln::channelmanager::{ChannelDetails, HTLCSource, IDEMPOTENCY_TIMEOUT_TICKS, MIN_HTLC_RELAY_HOLDING_CELL_MILLIS, PaymentId};
19 use crate::ln::msgs::DecodeError;
20 use crate::ln::onion_utils::HTLCFailReason;
21 use crate::routing::router::{InFlightHtlcs, PaymentParameters, Route, RouteHop, RouteParameters, RoutePath, Router};
22 use crate::util::errors::APIError;
23 use crate::util::events;
24 use crate::util::logger::Logger;
25 use crate::util::time::Time;
26 #[cfg(all(not(feature = "no-std"), test))]
27 use crate::util::time::tests::SinceEpoch;
30 use core::fmt::{self, Display, Formatter};
32 use core::time::Duration;
34 use crate::prelude::*;
35 use crate::sync::Mutex;
37 /// Stores the session_priv for each part of a payment that is still pending. For versions 0.0.102
38 /// and later, also stores information for retrying the payment.
39 pub(crate) enum PendingOutboundPayment {
41 session_privs: HashSet<[u8; 32]>,
44 retry_strategy: Retry,
45 attempts: PaymentAttempts,
46 route_params: Option<RouteParameters>,
47 session_privs: HashSet<[u8; 32]>,
48 payment_hash: PaymentHash,
49 payment_secret: Option<PaymentSecret>,
50 pending_amt_msat: u64,
51 /// Used to track the fee paid. Only present if the payment was serialized on 0.0.103+.
52 pending_fee_msat: Option<u64>,
53 /// The total payment amount across all paths, used to verify that a retry is not overpaying.
55 /// Our best known block height at the time this payment was initiated.
56 starting_block_height: u32,
58 /// When a pending payment is fulfilled, we continue tracking it until all pending HTLCs have
59 /// been resolved. This ensures we don't look up pending payments in ChannelMonitors on restart
60 /// and add a pending payment that was already fulfilled.
62 session_privs: HashSet<[u8; 32]>,
63 payment_hash: Option<PaymentHash>,
64 timer_ticks_without_htlcs: u8,
66 /// When a payer gives up trying to retry a payment, they inform us, letting us generate a
67 /// `PaymentFailed` event when all HTLCs have irrevocably failed. This avoids a number of race
68 /// conditions in MPP-aware payment retriers (1), where the possibility of multiple
69 /// `PaymentPathFailed` events with `all_paths_failed` can be pending at once, confusing a
70 /// downstream event handler as to when a payment has actually failed.
72 /// (1) <https://github.com/lightningdevkit/rust-lightning/issues/1164>
74 session_privs: HashSet<[u8; 32]>,
75 payment_hash: PaymentHash,
79 impl PendingOutboundPayment {
80 fn increment_attempts(&mut self) {
81 if let PendingOutboundPayment::Retryable { attempts, .. } = self {
85 fn is_retryable_now(&self) -> bool {
86 if let PendingOutboundPayment::Retryable { retry_strategy, attempts, .. } = self {
87 return retry_strategy.is_retryable_now(&attempts)
91 pub fn insert_previously_failed_scid(&mut self, scid: u64) {
92 if let PendingOutboundPayment::Retryable { route_params: Some(params), .. } = self {
93 params.payment_params.previously_failed_channels.push(scid);
96 pub(super) fn is_fulfilled(&self) -> bool {
98 PendingOutboundPayment::Fulfilled { .. } => true,
102 pub(super) fn abandoned(&self) -> bool {
104 PendingOutboundPayment::Abandoned { .. } => true,
108 fn get_pending_fee_msat(&self) -> Option<u64> {
110 PendingOutboundPayment::Retryable { pending_fee_msat, .. } => pending_fee_msat.clone(),
115 fn payment_hash(&self) -> Option<PaymentHash> {
117 PendingOutboundPayment::Legacy { .. } => None,
118 PendingOutboundPayment::Retryable { payment_hash, .. } => Some(*payment_hash),
119 PendingOutboundPayment::Fulfilled { payment_hash, .. } => *payment_hash,
120 PendingOutboundPayment::Abandoned { payment_hash, .. } => Some(*payment_hash),
124 fn mark_fulfilled(&mut self) {
125 let mut session_privs = HashSet::new();
126 core::mem::swap(&mut session_privs, match self {
127 PendingOutboundPayment::Legacy { session_privs } |
128 PendingOutboundPayment::Retryable { session_privs, .. } |
129 PendingOutboundPayment::Fulfilled { session_privs, .. } |
130 PendingOutboundPayment::Abandoned { session_privs, .. }
133 let payment_hash = self.payment_hash();
134 *self = PendingOutboundPayment::Fulfilled { session_privs, payment_hash, timer_ticks_without_htlcs: 0 };
137 fn mark_abandoned(&mut self) -> Result<(), ()> {
138 let mut session_privs = HashSet::new();
139 let our_payment_hash;
140 core::mem::swap(&mut session_privs, match self {
141 PendingOutboundPayment::Legacy { .. } |
142 PendingOutboundPayment::Fulfilled { .. } =>
144 PendingOutboundPayment::Retryable { session_privs, payment_hash, .. } |
145 PendingOutboundPayment::Abandoned { session_privs, payment_hash, .. } => {
146 our_payment_hash = *payment_hash;
150 *self = PendingOutboundPayment::Abandoned { session_privs, payment_hash: our_payment_hash };
154 /// panics if path is None and !self.is_fulfilled
155 fn remove(&mut self, session_priv: &[u8; 32], path: Option<&Vec<RouteHop>>) -> bool {
156 let remove_res = match self {
157 PendingOutboundPayment::Legacy { session_privs } |
158 PendingOutboundPayment::Retryable { session_privs, .. } |
159 PendingOutboundPayment::Fulfilled { session_privs, .. } |
160 PendingOutboundPayment::Abandoned { session_privs, .. } => {
161 session_privs.remove(session_priv)
165 if let PendingOutboundPayment::Retryable { ref mut pending_amt_msat, ref mut pending_fee_msat, .. } = self {
166 let path = path.expect("Fulfilling a payment should always come with a path");
167 let path_last_hop = path.last().expect("Outbound payments must have had a valid path");
168 *pending_amt_msat -= path_last_hop.fee_msat;
169 if let Some(fee_msat) = pending_fee_msat.as_mut() {
170 *fee_msat -= path.get_path_fees();
177 pub(super) fn insert(&mut self, session_priv: [u8; 32], path: &Vec<RouteHop>) -> bool {
178 let insert_res = match self {
179 PendingOutboundPayment::Legacy { session_privs } |
180 PendingOutboundPayment::Retryable { session_privs, .. } => {
181 session_privs.insert(session_priv)
183 PendingOutboundPayment::Fulfilled { .. } => false,
184 PendingOutboundPayment::Abandoned { .. } => false,
187 if let PendingOutboundPayment::Retryable { ref mut pending_amt_msat, ref mut pending_fee_msat, .. } = self {
188 let path_last_hop = path.last().expect("Outbound payments must have had a valid path");
189 *pending_amt_msat += path_last_hop.fee_msat;
190 if let Some(fee_msat) = pending_fee_msat.as_mut() {
191 *fee_msat += path.get_path_fees();
198 pub(super) fn remaining_parts(&self) -> usize {
200 PendingOutboundPayment::Legacy { session_privs } |
201 PendingOutboundPayment::Retryable { session_privs, .. } |
202 PendingOutboundPayment::Fulfilled { session_privs, .. } |
203 PendingOutboundPayment::Abandoned { session_privs, .. } => {
210 /// Strategies available to retry payment path failures.
211 #[derive(Clone, Copy, Debug, Eq, Hash, PartialEq)]
213 /// Max number of attempts to retry payment.
215 /// Note that this is the number of *path* failures, not full payment retries. For multi-path
216 /// payments, if this is less than the total number of paths, we will never even retry all of the
219 #[cfg(not(feature = "no-std"))]
220 /// Time elapsed before abandoning retries for a payment.
221 Timeout(core::time::Duration),
225 pub(crate) fn is_retryable_now(&self, attempts: &PaymentAttempts) -> bool {
226 match (self, attempts) {
227 (Retry::Attempts(max_retry_count), PaymentAttempts { count, .. }) => {
228 max_retry_count > count
230 #[cfg(all(not(feature = "no-std"), not(test)))]
231 (Retry::Timeout(max_duration), PaymentAttempts { first_attempted_at, .. }) =>
232 *max_duration >= std::time::Instant::now().duration_since(*first_attempted_at),
233 #[cfg(all(not(feature = "no-std"), test))]
234 (Retry::Timeout(max_duration), PaymentAttempts { first_attempted_at, .. }) =>
235 *max_duration >= SinceEpoch::now().duration_since(*first_attempted_at),
240 #[cfg(feature = "std")]
241 pub(super) fn has_expired(route_params: &RouteParameters) -> bool {
242 if let Some(expiry_time) = route_params.payment_params.expiry_time {
243 if let Ok(elapsed) = std::time::SystemTime::UNIX_EPOCH.elapsed() {
244 return elapsed > core::time::Duration::from_secs(expiry_time)
250 pub(crate) type PaymentAttempts = PaymentAttemptsUsingTime<ConfiguredTime>;
252 /// Storing minimal payment attempts information required for determining if a outbound payment can
254 pub(crate) struct PaymentAttemptsUsingTime<T: Time> {
255 /// This count will be incremented only after the result of the attempt is known. When it's 0,
256 /// it means the result of the first attempt is not known yet.
257 pub(crate) count: usize,
258 /// This field is only used when retry is `Retry::Timeout` which is only build with feature std
259 first_attempted_at: T
262 #[cfg(not(any(feature = "no-std", test)))]
263 type ConfiguredTime = std::time::Instant;
264 #[cfg(feature = "no-std")]
265 type ConfiguredTime = crate::util::time::Eternity;
266 #[cfg(all(not(feature = "no-std"), test))]
267 type ConfiguredTime = SinceEpoch;
269 impl<T: Time> PaymentAttemptsUsingTime<T> {
270 pub(crate) fn new() -> Self {
271 PaymentAttemptsUsingTime {
273 first_attempted_at: T::now()
278 impl<T: Time> Display for PaymentAttemptsUsingTime<T> {
279 fn fmt(&self, f: &mut Formatter) -> Result<(), fmt::Error> {
280 #[cfg(feature = "no-std")]
281 return write!(f, "attempts: {}", self.count);
282 #[cfg(not(feature = "no-std"))]
285 "attempts: {}, duration: {}s",
287 T::now().duration_since(self.first_attempted_at).as_secs()
292 /// If a payment fails to send, it can be in one of several states. This enum is returned as the
293 /// Err() type describing which state the payment is in, see the description of individual enum
295 #[derive(Clone, Debug)]
296 pub enum PaymentSendFailure {
297 /// A parameter which was passed to send_payment was invalid, preventing us from attempting to
298 /// send the payment at all.
300 /// You can freely resend the payment in full (with the parameter error fixed).
302 /// Because the payment failed outright, no payment tracking is done, you do not need to call
303 /// [`ChannelManager::abandon_payment`] and [`ChannelManager::retry_payment`] will *not* work
304 /// for this payment.
306 /// [`ChannelManager::abandon_payment`]: crate::ln::channelmanager::ChannelManager::abandon_payment
307 /// [`ChannelManager::retry_payment`]: crate::ln::channelmanager::ChannelManager::retry_payment
308 ParameterError(APIError),
309 /// A parameter in a single path which was passed to send_payment was invalid, preventing us
310 /// from attempting to send the payment at all.
312 /// You can freely resend the payment in full (with the parameter error fixed).
314 /// The results here are ordered the same as the paths in the route object which was passed to
317 /// Because the payment failed outright, no payment tracking is done, you do not need to call
318 /// [`ChannelManager::abandon_payment`] and [`ChannelManager::retry_payment`] will *not* work
319 /// for this payment.
321 /// [`ChannelManager::abandon_payment`]: crate::ln::channelmanager::ChannelManager::abandon_payment
322 /// [`ChannelManager::retry_payment`]: crate::ln::channelmanager::ChannelManager::retry_payment
323 PathParameterError(Vec<Result<(), APIError>>),
324 /// All paths which were attempted failed to send, with no channel state change taking place.
325 /// You can freely resend the payment in full (though you probably want to do so over different
326 /// paths than the ones selected).
328 /// Because the payment failed outright, no payment tracking is done, you do not need to call
329 /// [`ChannelManager::abandon_payment`] and [`ChannelManager::retry_payment`] will *not* work
330 /// for this payment.
332 /// [`ChannelManager::abandon_payment`]: crate::ln::channelmanager::ChannelManager::abandon_payment
333 /// [`ChannelManager::retry_payment`]: crate::ln::channelmanager::ChannelManager::retry_payment
334 AllFailedResendSafe(Vec<APIError>),
335 /// Indicates that a payment for the provided [`PaymentId`] is already in-flight and has not
336 /// yet completed (i.e. generated an [`Event::PaymentSent`]) or been abandoned (via
337 /// [`ChannelManager::abandon_payment`]).
339 /// [`PaymentId`]: crate::ln::channelmanager::PaymentId
340 /// [`Event::PaymentSent`]: crate::util::events::Event::PaymentSent
341 /// [`ChannelManager::abandon_payment`]: crate::ln::channelmanager::ChannelManager::abandon_payment
343 /// Some paths which were attempted failed to send, though possibly not all. At least some
344 /// paths have irrevocably committed to the HTLC and retrying the payment in full would result
345 /// in over-/re-payment.
347 /// The results here are ordered the same as the paths in the route object which was passed to
348 /// send_payment, and any `Err`s which are not [`APIError::MonitorUpdateInProgress`] can be
349 /// safely retried via [`ChannelManager::retry_payment`].
351 /// Any entries which contain `Err(APIError::MonitorUpdateInprogress)` or `Ok(())` MUST NOT be
352 /// retried as they will result in over-/re-payment. These HTLCs all either successfully sent
353 /// (in the case of `Ok(())`) or will send once a [`MonitorEvent::Completed`] is provided for
354 /// the next-hop channel with the latest update_id.
356 /// [`ChannelManager::retry_payment`]: crate::ln::channelmanager::ChannelManager::retry_payment
357 /// [`MonitorEvent::Completed`]: crate::chain::channelmonitor::MonitorEvent::Completed
359 /// The errors themselves, in the same order as the route hops.
360 results: Vec<Result<(), APIError>>,
361 /// If some paths failed without irrevocably committing to the new HTLC(s), this will
362 /// contain a [`RouteParameters`] object which can be used to calculate a new route that
363 /// will pay all remaining unpaid balance.
364 failed_paths_retry: Option<RouteParameters>,
365 /// The payment id for the payment, which is now at least partially pending.
366 payment_id: PaymentId,
370 pub(super) struct OutboundPayments {
371 pub(super) pending_outbound_payments: Mutex<HashMap<PaymentId, PendingOutboundPayment>>,
374 impl OutboundPayments {
375 pub(super) fn new() -> Self {
377 pending_outbound_payments: Mutex::new(HashMap::new())
381 pub(super) fn send_payment<R: Deref, ES: Deref, NS: Deref, F>(
382 &self, payment_hash: PaymentHash, payment_secret: &Option<PaymentSecret>, payment_id: PaymentId,
383 retry_strategy: Retry, route_params: RouteParameters, router: &R,
384 first_hops: Vec<ChannelDetails>, inflight_htlcs: InFlightHtlcs, entropy_source: &ES,
385 node_signer: &NS, best_block_height: u32, send_payment_along_path: F
386 ) -> Result<(), PaymentSendFailure>
389 ES::Target: EntropySource,
390 NS::Target: NodeSigner,
391 F: Fn(&Vec<RouteHop>, &Option<PaymentParameters>, &PaymentHash, &Option<PaymentSecret>, u64,
392 u32, PaymentId, &Option<PaymentPreimage>, [u8; 32]) -> Result<(), APIError>,
394 self.pay_internal(payment_id, Some((payment_hash, payment_secret, retry_strategy)),
395 route_params, router, first_hops, inflight_htlcs, entropy_source, node_signer,
396 best_block_height, &send_payment_along_path)
397 .map_err(|e| { self.remove_outbound_if_all_failed(payment_id, &e); e })
400 pub(super) fn send_payment_with_route<ES: Deref, NS: Deref, F>(
401 &self, route: &Route, payment_hash: PaymentHash, payment_secret: &Option<PaymentSecret>,
402 payment_id: PaymentId, entropy_source: &ES, node_signer: &NS, best_block_height: u32,
403 send_payment_along_path: F
404 ) -> Result<(), PaymentSendFailure>
406 ES::Target: EntropySource,
407 NS::Target: NodeSigner,
408 F: Fn(&Vec<RouteHop>, &Option<PaymentParameters>, &PaymentHash, &Option<PaymentSecret>, u64,
409 u32, PaymentId, &Option<PaymentPreimage>, [u8; 32]) -> Result<(), APIError>
411 let onion_session_privs = self.add_new_pending_payment(payment_hash, *payment_secret, payment_id, route, Retry::Attempts(0), None, entropy_source, best_block_height)?;
412 self.send_payment_internal(route, payment_hash, payment_secret, None, payment_id, None,
413 onion_session_privs, node_signer, best_block_height, &send_payment_along_path)
414 .map_err(|e| { self.remove_outbound_if_all_failed(payment_id, &e); e })
417 pub(super) fn send_spontaneous_payment<ES: Deref, NS: Deref, F>(
418 &self, route: &Route, payment_preimage: Option<PaymentPreimage>, payment_id: PaymentId,
419 entropy_source: &ES, node_signer: &NS, best_block_height: u32, send_payment_along_path: F
420 ) -> Result<PaymentHash, PaymentSendFailure>
422 ES::Target: EntropySource,
423 NS::Target: NodeSigner,
424 F: Fn(&Vec<RouteHop>, &Option<PaymentParameters>, &PaymentHash, &Option<PaymentSecret>, u64,
425 u32, PaymentId, &Option<PaymentPreimage>, [u8; 32]) -> Result<(), APIError>
427 let preimage = match payment_preimage {
429 None => PaymentPreimage(entropy_source.get_secure_random_bytes()),
431 let payment_hash = PaymentHash(Sha256::hash(&preimage.0).into_inner());
432 let onion_session_privs = self.add_new_pending_payment(payment_hash, None, payment_id, &route, Retry::Attempts(0), None, entropy_source, best_block_height)?;
434 match self.send_payment_internal(route, payment_hash, &None, Some(preimage), payment_id, None, onion_session_privs, node_signer, best_block_height, &send_payment_along_path) {
435 Ok(()) => Ok(payment_hash),
437 self.remove_outbound_if_all_failed(payment_id, &e);
443 pub(super) fn check_retry_payments<R: Deref, ES: Deref, NS: Deref, SP, IH, FH, L: Deref>(
444 &self, router: &R, first_hops: FH, inflight_htlcs: IH, entropy_source: &ES, node_signer: &NS,
445 best_block_height: u32, logger: &L, send_payment_along_path: SP,
449 ES::Target: EntropySource,
450 NS::Target: NodeSigner,
451 SP: Fn(&Vec<RouteHop>, &Option<PaymentParameters>, &PaymentHash, &Option<PaymentSecret>, u64,
452 u32, PaymentId, &Option<PaymentPreimage>, [u8; 32]) -> Result<(), APIError>,
453 IH: Fn() -> InFlightHtlcs,
454 FH: Fn() -> Vec<ChannelDetails>,
458 let mut outbounds = self.pending_outbound_payments.lock().unwrap();
459 let mut retry_id_route_params = None;
460 for (pmt_id, pmt) in outbounds.iter_mut() {
461 if pmt.is_retryable_now() {
462 if let PendingOutboundPayment::Retryable { pending_amt_msat, total_msat, route_params: Some(params), .. } = pmt {
463 if pending_amt_msat < total_msat {
464 retry_id_route_params = Some((*pmt_id, params.clone()));
465 pmt.increment_attempts();
471 if let Some((payment_id, route_params)) = retry_id_route_params {
472 core::mem::drop(outbounds);
473 if let Err(e) = self.pay_internal(payment_id, None, route_params, router, first_hops(), inflight_htlcs(), entropy_source, node_signer, best_block_height, &send_payment_along_path) {
474 log_trace!(logger, "Errored retrying payment: {:?}", e);
480 fn pay_internal<R: Deref, NS: Deref, ES: Deref, F>(
481 &self, payment_id: PaymentId,
482 initial_send_info: Option<(PaymentHash, &Option<PaymentSecret>, Retry)>,
483 route_params: RouteParameters, router: &R, first_hops: Vec<ChannelDetails>,
484 inflight_htlcs: InFlightHtlcs, entropy_source: &ES, node_signer: &NS, best_block_height: u32,
485 send_payment_along_path: &F
486 ) -> Result<(), PaymentSendFailure>
489 ES::Target: EntropySource,
490 NS::Target: NodeSigner,
491 F: Fn(&Vec<RouteHop>, &Option<PaymentParameters>, &PaymentHash, &Option<PaymentSecret>, u64,
492 u32, PaymentId, &Option<PaymentPreimage>, [u8; 32]) -> Result<(), APIError>
494 #[cfg(feature = "std")] {
495 if has_expired(&route_params) {
496 return Err(PaymentSendFailure::ParameterError(APIError::APIMisuseError {
497 err: format!("Invoice expired for payment id {}", log_bytes!(payment_id.0)),
502 let route = router.find_route(
503 &node_signer.get_node_id(Recipient::Node).unwrap(), &route_params,
504 Some(&first_hops.iter().collect::<Vec<_>>()), &inflight_htlcs
505 ).map_err(|e| PaymentSendFailure::ParameterError(APIError::APIMisuseError {
506 err: format!("Failed to find a route for payment {}: {:?}", log_bytes!(payment_id.0), e), // TODO: add APIError::RouteNotFound
509 let res = if let Some((payment_hash, payment_secret, retry_strategy)) = initial_send_info {
510 let onion_session_privs = self.add_new_pending_payment(payment_hash, *payment_secret, payment_id, &route, retry_strategy, Some(route_params.clone()), entropy_source, best_block_height)?;
511 self.send_payment_internal(&route, payment_hash, payment_secret, None, payment_id, None, onion_session_privs, node_signer, best_block_height, send_payment_along_path)
513 self.retry_payment_with_route(&route, payment_id, entropy_source, node_signer, best_block_height, send_payment_along_path)
516 Err(PaymentSendFailure::AllFailedResendSafe(_)) => {
517 let mut outbounds = self.pending_outbound_payments.lock().unwrap();
518 if let Some(payment) = outbounds.get_mut(&payment_id) {
519 let retryable = payment.is_retryable_now();
521 payment.increment_attempts();
522 } else { return res }
523 } else { return res }
524 core::mem::drop(outbounds);
525 self.pay_internal(payment_id, None, route_params, router, first_hops, inflight_htlcs, entropy_source, node_signer, best_block_height, send_payment_along_path)
527 Err(PaymentSendFailure::PartialFailure { failed_paths_retry: Some(retry), results, .. }) => {
528 let mut outbounds = self.pending_outbound_payments.lock().unwrap();
529 if let Some(payment) = outbounds.get_mut(&payment_id) {
530 let retryable = payment.is_retryable_now();
532 payment.increment_attempts();
533 } else { return Err(PaymentSendFailure::PartialFailure { failed_paths_retry: Some(retry), results, payment_id }) }
534 } else { return Err(PaymentSendFailure::PartialFailure { failed_paths_retry: Some(retry), results, payment_id }) }
535 core::mem::drop(outbounds);
537 // Some paths were sent, even if we failed to send the full MPP value our recipient may
538 // misbehave and claim the funds, at which point we have to consider the payment sent, so
539 // return `Ok()` here, ignoring any retry errors.
540 let _ = self.pay_internal(payment_id, None, retry, router, first_hops, inflight_htlcs, entropy_source, node_signer, best_block_height, send_payment_along_path);
543 Err(PaymentSendFailure::PartialFailure { failed_paths_retry: None, .. }) => {
544 // This may happen if we send a payment and some paths fail, but only due to a temporary
545 // monitor failure or the like, implying they're really in-flight, but we haven't sent the
546 // initial HTLC-Add messages yet.
553 pub(super) fn retry_payment_with_route<ES: Deref, NS: Deref, F>(
554 &self, route: &Route, payment_id: PaymentId, entropy_source: &ES, node_signer: &NS, best_block_height: u32,
555 send_payment_along_path: F
556 ) -> Result<(), PaymentSendFailure>
558 ES::Target: EntropySource,
559 NS::Target: NodeSigner,
560 F: Fn(&Vec<RouteHop>, &Option<PaymentParameters>, &PaymentHash, &Option<PaymentSecret>, u64,
561 u32, PaymentId, &Option<PaymentPreimage>, [u8; 32]) -> Result<(), APIError>
563 const RETRY_OVERFLOW_PERCENTAGE: u64 = 10;
564 for path in route.paths.iter() {
566 return Err(PaymentSendFailure::ParameterError(APIError::APIMisuseError {
567 err: "length-0 path in route".to_string()
572 let mut onion_session_privs = Vec::with_capacity(route.paths.len());
573 for _ in 0..route.paths.len() {
574 onion_session_privs.push(entropy_source.get_secure_random_bytes());
577 let (total_msat, payment_hash, payment_secret) = {
578 let mut outbounds = self.pending_outbound_payments.lock().unwrap();
579 match outbounds.get_mut(&payment_id) {
581 let res = match payment {
582 PendingOutboundPayment::Retryable {
583 total_msat, payment_hash, payment_secret, pending_amt_msat, ..
585 let retry_amt_msat: u64 = route.paths.iter().map(|path| path.last().unwrap().fee_msat).sum();
586 if retry_amt_msat + *pending_amt_msat > *total_msat * (100 + RETRY_OVERFLOW_PERCENTAGE) / 100 {
587 return Err(PaymentSendFailure::ParameterError(APIError::APIMisuseError {
588 err: format!("retry_amt_msat of {} will put pending_amt_msat (currently: {}) more than 10% over total_payment_amt_msat of {}", retry_amt_msat, pending_amt_msat, total_msat).to_string()
591 (*total_msat, *payment_hash, *payment_secret)
593 PendingOutboundPayment::Legacy { .. } => {
594 return Err(PaymentSendFailure::ParameterError(APIError::APIMisuseError {
595 err: "Unable to retry payments that were initially sent on LDK versions prior to 0.0.102".to_string()
598 PendingOutboundPayment::Fulfilled { .. } => {
599 return Err(PaymentSendFailure::ParameterError(APIError::APIMisuseError {
600 err: "Payment already completed".to_owned()
603 PendingOutboundPayment::Abandoned { .. } => {
604 return Err(PaymentSendFailure::ParameterError(APIError::APIMisuseError {
605 err: "Payment already abandoned (with some HTLCs still pending)".to_owned()
609 for (path, session_priv_bytes) in route.paths.iter().zip(onion_session_privs.iter()) {
610 assert!(payment.insert(*session_priv_bytes, path));
615 return Err(PaymentSendFailure::ParameterError(APIError::APIMisuseError {
616 err: format!("Payment with ID {} not found", log_bytes!(payment_id.0)),
620 self.send_payment_internal(route, payment_hash, &payment_secret, None, payment_id, Some(total_msat), onion_session_privs, node_signer, best_block_height, &send_payment_along_path)
623 pub(super) fn send_probe<ES: Deref, NS: Deref, F>(
624 &self, hops: Vec<RouteHop>, probing_cookie_secret: [u8; 32], entropy_source: &ES,
625 node_signer: &NS, best_block_height: u32, send_payment_along_path: F
626 ) -> Result<(PaymentHash, PaymentId), PaymentSendFailure>
628 ES::Target: EntropySource,
629 NS::Target: NodeSigner,
630 F: Fn(&Vec<RouteHop>, &Option<PaymentParameters>, &PaymentHash, &Option<PaymentSecret>, u64,
631 u32, PaymentId, &Option<PaymentPreimage>, [u8; 32]) -> Result<(), APIError>
633 let payment_id = PaymentId(entropy_source.get_secure_random_bytes());
635 let payment_hash = probing_cookie_from_id(&payment_id, probing_cookie_secret);
638 return Err(PaymentSendFailure::ParameterError(APIError::APIMisuseError {
639 err: "No need probing a path with less than two hops".to_string()
643 let route = Route { paths: vec![hops], payment_params: None };
644 let onion_session_privs = self.add_new_pending_payment(payment_hash, None, payment_id, &route, Retry::Attempts(0), None, entropy_source, best_block_height)?;
646 match self.send_payment_internal(&route, payment_hash, &None, None, payment_id, None, onion_session_privs, node_signer, best_block_height, &send_payment_along_path) {
647 Ok(()) => Ok((payment_hash, payment_id)),
649 self.remove_outbound_if_all_failed(payment_id, &e);
656 pub(super) fn test_add_new_pending_payment<ES: Deref>(
657 &self, payment_hash: PaymentHash, payment_secret: Option<PaymentSecret>, payment_id: PaymentId,
658 route: &Route, retry_strategy: Retry, entropy_source: &ES, best_block_height: u32
659 ) -> Result<Vec<[u8; 32]>, PaymentSendFailure> where ES::Target: EntropySource {
660 self.add_new_pending_payment(payment_hash, payment_secret, payment_id, route, retry_strategy, None, entropy_source, best_block_height)
663 pub(super) fn add_new_pending_payment<ES: Deref>(
664 &self, payment_hash: PaymentHash, payment_secret: Option<PaymentSecret>, payment_id: PaymentId,
665 route: &Route, retry_strategy: Retry, route_params: Option<RouteParameters>,
666 entropy_source: &ES, best_block_height: u32
667 ) -> Result<Vec<[u8; 32]>, PaymentSendFailure> where ES::Target: EntropySource {
668 let mut onion_session_privs = Vec::with_capacity(route.paths.len());
669 for _ in 0..route.paths.len() {
670 onion_session_privs.push(entropy_source.get_secure_random_bytes());
673 let mut pending_outbounds = self.pending_outbound_payments.lock().unwrap();
674 match pending_outbounds.entry(payment_id) {
675 hash_map::Entry::Occupied(_) => Err(PaymentSendFailure::DuplicatePayment),
676 hash_map::Entry::Vacant(entry) => {
677 let payment = entry.insert(PendingOutboundPayment::Retryable {
679 attempts: PaymentAttempts::new(),
681 session_privs: HashSet::new(),
683 pending_fee_msat: Some(0),
686 starting_block_height: best_block_height,
687 total_msat: route.get_total_amount(),
690 for (path, session_priv_bytes) in route.paths.iter().zip(onion_session_privs.iter()) {
691 assert!(payment.insert(*session_priv_bytes, path));
694 Ok(onion_session_privs)
699 fn send_payment_internal<NS: Deref, F>(
700 &self, route: &Route, payment_hash: PaymentHash, payment_secret: &Option<PaymentSecret>,
701 keysend_preimage: Option<PaymentPreimage>, payment_id: PaymentId, recv_value_msat: Option<u64>,
702 onion_session_privs: Vec<[u8; 32]>, node_signer: &NS, best_block_height: u32,
703 send_payment_along_path: &F
704 ) -> Result<(), PaymentSendFailure>
706 NS::Target: NodeSigner,
707 F: Fn(&Vec<RouteHop>, &Option<PaymentParameters>, &PaymentHash, &Option<PaymentSecret>, u64,
708 u32, PaymentId, &Option<PaymentPreimage>, [u8; 32]) -> Result<(), APIError>
710 if route.paths.len() < 1 {
711 return Err(PaymentSendFailure::ParameterError(APIError::InvalidRoute{err: "There must be at least one path to send over"}));
713 if payment_secret.is_none() && route.paths.len() > 1 {
714 return Err(PaymentSendFailure::ParameterError(APIError::APIMisuseError{err: "Payment secret is required for multi-path payments".to_string()}));
716 let mut total_value = 0;
717 let our_node_id = node_signer.get_node_id(Recipient::Node).unwrap(); // TODO no unwrap
718 let mut path_errs = Vec::with_capacity(route.paths.len());
719 'path_check: for path in route.paths.iter() {
720 if path.len() < 1 || path.len() > 20 {
721 path_errs.push(Err(APIError::InvalidRoute{err: "Path didn't go anywhere/had bogus size"}));
722 continue 'path_check;
724 for (idx, hop) in path.iter().enumerate() {
725 if idx != path.len() - 1 && hop.pubkey == our_node_id {
726 path_errs.push(Err(APIError::InvalidRoute{err: "Path went through us but wasn't a simple rebalance loop to us"}));
727 continue 'path_check;
730 total_value += path.last().unwrap().fee_msat;
731 path_errs.push(Ok(()));
733 if path_errs.iter().any(|e| e.is_err()) {
734 return Err(PaymentSendFailure::PathParameterError(path_errs));
736 if let Some(amt_msat) = recv_value_msat {
737 debug_assert!(amt_msat >= total_value);
738 total_value = amt_msat;
741 let cur_height = best_block_height + 1;
742 let mut results = Vec::new();
743 debug_assert_eq!(route.paths.len(), onion_session_privs.len());
744 for (path, session_priv) in route.paths.iter().zip(onion_session_privs.into_iter()) {
745 let mut path_res = send_payment_along_path(&path, &route.payment_params, &payment_hash, payment_secret, total_value, cur_height, payment_id, &keysend_preimage, session_priv);
748 Err(APIError::MonitorUpdateInProgress) => {
749 // While a MonitorUpdateInProgress is an Err(_), the payment is still
750 // considered "in flight" and we shouldn't remove it from the
751 // PendingOutboundPayment set.
754 let mut pending_outbounds = self.pending_outbound_payments.lock().unwrap();
755 if let Some(payment) = pending_outbounds.get_mut(&payment_id) {
756 let removed = payment.remove(&session_priv, Some(path));
757 debug_assert!(removed, "This can't happen as the payment has an entry for this path added by callers");
759 debug_assert!(false, "This can't happen as the payment was added by callers");
760 path_res = Err(APIError::APIMisuseError { err: "Internal error: payment disappeared during processing. Please report this bug!".to_owned() });
764 results.push(path_res);
766 let mut has_ok = false;
767 let mut has_err = false;
768 let mut pending_amt_unsent = 0;
769 let mut max_unsent_cltv_delta = 0;
770 for (res, path) in results.iter().zip(route.paths.iter()) {
771 if res.is_ok() { has_ok = true; }
772 if res.is_err() { has_err = true; }
773 if let &Err(APIError::MonitorUpdateInProgress) = res {
774 // MonitorUpdateInProgress is inherently unsafe to retry, so we call it a
778 } else if res.is_err() {
779 pending_amt_unsent += path.last().unwrap().fee_msat;
780 max_unsent_cltv_delta = cmp::max(max_unsent_cltv_delta, path.last().unwrap().cltv_expiry_delta);
783 if has_err && has_ok {
784 Err(PaymentSendFailure::PartialFailure {
787 failed_paths_retry: if pending_amt_unsent != 0 {
788 if let Some(payment_params) = &route.payment_params {
789 Some(RouteParameters {
790 payment_params: payment_params.clone(),
791 final_value_msat: pending_amt_unsent,
792 final_cltv_expiry_delta: max_unsent_cltv_delta,
798 Err(PaymentSendFailure::AllFailedResendSafe(results.drain(..).map(|r| r.unwrap_err()).collect()))
805 pub(super) fn test_send_payment_internal<NS: Deref, F>(
806 &self, route: &Route, payment_hash: PaymentHash, payment_secret: &Option<PaymentSecret>,
807 keysend_preimage: Option<PaymentPreimage>, payment_id: PaymentId, recv_value_msat: Option<u64>,
808 onion_session_privs: Vec<[u8; 32]>, node_signer: &NS, best_block_height: u32,
809 send_payment_along_path: F
810 ) -> Result<(), PaymentSendFailure>
812 NS::Target: NodeSigner,
813 F: Fn(&Vec<RouteHop>, &Option<PaymentParameters>, &PaymentHash, &Option<PaymentSecret>, u64,
814 u32, PaymentId, &Option<PaymentPreimage>, [u8; 32]) -> Result<(), APIError>
816 self.send_payment_internal(route, payment_hash, payment_secret, keysend_preimage, payment_id,
817 recv_value_msat, onion_session_privs, node_signer, best_block_height,
818 &send_payment_along_path)
819 .map_err(|e| { self.remove_outbound_if_all_failed(payment_id, &e); e })
822 // If we failed to send any paths, we should remove the new PaymentId from the
823 // `pending_outbound_payments` map, as the user isn't expected to `abandon_payment`.
824 fn remove_outbound_if_all_failed(&self, payment_id: PaymentId, err: &PaymentSendFailure) {
825 if let &PaymentSendFailure::AllFailedResendSafe(_) = err {
826 let removed = self.pending_outbound_payments.lock().unwrap().remove(&payment_id).is_some();
827 debug_assert!(removed, "We should always have a pending payment to remove here");
831 pub(super) fn claim_htlc<L: Deref>(
832 &self, payment_id: PaymentId, payment_preimage: PaymentPreimage, session_priv: SecretKey,
833 path: Vec<RouteHop>, from_onchain: bool, pending_events: &Mutex<Vec<events::Event>>, logger: &L
834 ) where L::Target: Logger {
835 let mut session_priv_bytes = [0; 32];
836 session_priv_bytes.copy_from_slice(&session_priv[..]);
837 let mut outbounds = self.pending_outbound_payments.lock().unwrap();
838 let mut pending_events = pending_events.lock().unwrap();
839 if let hash_map::Entry::Occupied(mut payment) = outbounds.entry(payment_id) {
840 if !payment.get().is_fulfilled() {
841 let payment_hash = PaymentHash(Sha256::hash(&payment_preimage.0).into_inner());
842 let fee_paid_msat = payment.get().get_pending_fee_msat();
844 events::Event::PaymentSent {
845 payment_id: Some(payment_id),
851 payment.get_mut().mark_fulfilled();
855 // We currently immediately remove HTLCs which were fulfilled on-chain.
856 // This could potentially lead to removing a pending payment too early,
857 // with a reorg of one block causing us to re-add the fulfilled payment on
859 // TODO: We should have a second monitor event that informs us of payments
860 // irrevocably fulfilled.
861 if payment.get_mut().remove(&session_priv_bytes, Some(&path)) {
862 let payment_hash = Some(PaymentHash(Sha256::hash(&payment_preimage.0).into_inner()));
864 events::Event::PaymentPathSuccessful {
873 log_trace!(logger, "Received duplicative fulfill for HTLC with payment_preimage {}", log_bytes!(payment_preimage.0));
877 pub(super) fn finalize_claims(&self, sources: Vec<HTLCSource>, pending_events: &Mutex<Vec<events::Event>>) {
878 let mut outbounds = self.pending_outbound_payments.lock().unwrap();
879 let mut pending_events = pending_events.lock().unwrap();
880 for source in sources {
881 if let HTLCSource::OutboundRoute { session_priv, payment_id, path, .. } = source {
882 let mut session_priv_bytes = [0; 32];
883 session_priv_bytes.copy_from_slice(&session_priv[..]);
884 if let hash_map::Entry::Occupied(mut payment) = outbounds.entry(payment_id) {
885 assert!(payment.get().is_fulfilled());
886 if payment.get_mut().remove(&session_priv_bytes, None) {
888 events::Event::PaymentPathSuccessful {
890 payment_hash: payment.get().payment_hash(),
900 pub(super) fn remove_stale_resolved_payments(&self, pending_events: &Mutex<Vec<events::Event>>) {
901 // If an outbound payment was completed, and no pending HTLCs remain, we should remove it
902 // from the map. However, if we did that immediately when the last payment HTLC is claimed,
903 // this could race the user making a duplicate send_payment call and our idempotency
904 // guarantees would be violated. Instead, we wait a few timer ticks to do the actual
905 // removal. This should be more than sufficient to ensure the idempotency of any
906 // `send_payment` calls that were made at the same time the `PaymentSent` event was being
908 let mut pending_outbound_payments = self.pending_outbound_payments.lock().unwrap();
909 let pending_events = pending_events.lock().unwrap();
910 pending_outbound_payments.retain(|payment_id, payment| {
911 if let PendingOutboundPayment::Fulfilled { session_privs, timer_ticks_without_htlcs, .. } = payment {
912 let mut no_remaining_entries = session_privs.is_empty();
913 if no_remaining_entries {
914 for ev in pending_events.iter() {
916 events::Event::PaymentSent { payment_id: Some(ev_payment_id), .. } |
917 events::Event::PaymentPathSuccessful { payment_id: ev_payment_id, .. } |
918 events::Event::PaymentPathFailed { payment_id: Some(ev_payment_id), .. } => {
919 if payment_id == ev_payment_id {
920 no_remaining_entries = false;
928 if no_remaining_entries {
929 *timer_ticks_without_htlcs += 1;
930 *timer_ticks_without_htlcs <= IDEMPOTENCY_TIMEOUT_TICKS
932 *timer_ticks_without_htlcs = 0;
939 pub(super) fn fail_htlc<L: Deref>(
940 &self, source: &HTLCSource, payment_hash: &PaymentHash, onion_error: &HTLCFailReason,
941 path: &Vec<RouteHop>, session_priv: &SecretKey, payment_id: &PaymentId,
942 payment_params: &Option<PaymentParameters>, probing_cookie_secret: [u8; 32],
943 secp_ctx: &Secp256k1<secp256k1::All>, pending_events: &Mutex<Vec<events::Event>>, logger: &L
944 ) where L::Target: Logger {
946 let (network_update, short_channel_id, payment_retryable, onion_error_code, onion_error_data) = onion_error.decode_onion_failure(secp_ctx, logger, &source);
948 let (network_update, short_channel_id, payment_retryable, _, _) = onion_error.decode_onion_failure(secp_ctx, logger, &source);
950 let mut session_priv_bytes = [0; 32];
951 session_priv_bytes.copy_from_slice(&session_priv[..]);
952 let mut outbounds = self.pending_outbound_payments.lock().unwrap();
953 let mut all_paths_failed = false;
954 let mut full_failure_ev = None;
955 let mut pending_retry_ev = None;
956 let attempts_remaining = if let hash_map::Entry::Occupied(mut payment) = outbounds.entry(*payment_id) {
957 if !payment.get_mut().remove(&session_priv_bytes, Some(&path)) {
958 log_trace!(logger, "Received duplicative fail for HTLC with payment_hash {}", log_bytes!(payment_hash.0));
961 if payment.get().is_fulfilled() {
962 log_trace!(logger, "Received failure of HTLC with payment_hash {} after payment completion", log_bytes!(payment_hash.0));
965 let is_retryable_now = payment.get().is_retryable_now();
966 if let Some(scid) = short_channel_id {
967 payment.get_mut().insert_previously_failed_scid(scid);
969 if payment.get().remaining_parts() == 0 {
970 all_paths_failed = true;
971 if payment.get().abandoned() {
972 full_failure_ev = Some(events::Event::PaymentFailed {
973 payment_id: *payment_id,
974 payment_hash: payment.get().payment_hash().expect("PendingOutboundPayments::RetriesExceeded always has a payment hash set"),
981 log_trace!(logger, "Received duplicative fail for HTLC with payment_hash {}", log_bytes!(payment_hash.0));
984 core::mem::drop(outbounds);
985 let mut retry = if let Some(payment_params_data) = payment_params {
986 let path_last_hop = path.last().expect("Outbound payments must have had a valid path");
987 Some(RouteParameters {
988 payment_params: payment_params_data.clone(),
989 final_value_msat: path_last_hop.fee_msat,
990 final_cltv_expiry_delta: path_last_hop.cltv_expiry_delta,
993 log_trace!(logger, "Failing outbound payment HTLC with payment_hash {}", log_bytes!(payment_hash.0));
996 if payment_is_probe(payment_hash, &payment_id, probing_cookie_secret) {
997 if !payment_retryable {
998 events::Event::ProbeSuccessful {
999 payment_id: *payment_id,
1000 payment_hash: payment_hash.clone(),
1004 events::Event::ProbeFailed {
1005 payment_id: *payment_id,
1006 payment_hash: payment_hash.clone(),
1012 // TODO: If we decided to blame ourselves (or one of our channels) in
1013 // process_onion_failure we should close that channel as it implies our
1014 // next-hop is needlessly blaming us!
1015 if let Some(scid) = short_channel_id {
1016 retry.as_mut().map(|r| r.payment_params.previously_failed_channels.push(scid));
1018 if payment_retryable && attempts_remaining && retry.is_some() {
1019 debug_assert!(full_failure_ev.is_none());
1020 pending_retry_ev = Some(events::Event::PendingHTLCsForwardable {
1021 time_forwardable: Duration::from_millis(MIN_HTLC_RELAY_HOLDING_CELL_MILLIS),
1024 events::Event::PaymentPathFailed {
1025 payment_id: Some(*payment_id),
1026 payment_hash: payment_hash.clone(),
1027 payment_failed_permanently: !payment_retryable,
1034 error_code: onion_error_code,
1036 error_data: onion_error_data
1040 let mut pending_events = pending_events.lock().unwrap();
1041 pending_events.push(path_failure);
1042 if let Some(ev) = full_failure_ev { pending_events.push(ev); }
1043 if let Some(ev) = pending_retry_ev { pending_events.push(ev); }
1046 pub(super) fn abandon_payment(&self, payment_id: PaymentId) -> Option<events::Event> {
1047 let mut failed_ev = None;
1048 let mut outbounds = self.pending_outbound_payments.lock().unwrap();
1049 if let hash_map::Entry::Occupied(mut payment) = outbounds.entry(payment_id) {
1050 if let Ok(()) = payment.get_mut().mark_abandoned() {
1051 if payment.get().remaining_parts() == 0 {
1052 failed_ev = Some(events::Event::PaymentFailed {
1054 payment_hash: payment.get().payment_hash().expect("PendingOutboundPayments::RetriesExceeded always has a payment hash set"),
1064 pub fn has_pending_payments(&self) -> bool {
1065 !self.pending_outbound_payments.lock().unwrap().is_empty()
1069 pub fn clear_pending_payments(&self) {
1070 self.pending_outbound_payments.lock().unwrap().clear()
1074 /// Returns whether a payment with the given [`PaymentHash`] and [`PaymentId`] is, in fact, a
1076 pub(super) fn payment_is_probe(payment_hash: &PaymentHash, payment_id: &PaymentId,
1077 probing_cookie_secret: [u8; 32]) -> bool
1079 let target_payment_hash = probing_cookie_from_id(payment_id, probing_cookie_secret);
1080 target_payment_hash == *payment_hash
1083 /// Returns the 'probing cookie' for the given [`PaymentId`].
1084 fn probing_cookie_from_id(payment_id: &PaymentId, probing_cookie_secret: [u8; 32]) -> PaymentHash {
1085 let mut preimage = [0u8; 64];
1086 preimage[..32].copy_from_slice(&probing_cookie_secret);
1087 preimage[32..].copy_from_slice(&payment_id.0);
1088 PaymentHash(Sha256::hash(&preimage).into_inner())
1091 impl_writeable_tlv_based_enum_upgradable!(PendingOutboundPayment,
1093 (0, session_privs, required),
1096 (0, session_privs, required),
1097 (1, payment_hash, option),
1098 (3, timer_ticks_without_htlcs, (default_value, 0)),
1101 (0, session_privs, required),
1102 (1, pending_fee_msat, option),
1103 (2, payment_hash, required),
1104 (not_written, retry_strategy, (static_value, Retry::Attempts(0))),
1105 (4, payment_secret, option),
1106 (not_written, attempts, (static_value, PaymentAttempts::new())),
1107 (6, total_msat, required),
1108 (not_written, route_params, (static_value, None)),
1109 (8, pending_amt_msat, required),
1110 (10, starting_block_height, required),
1113 (0, session_privs, required),
1114 (2, payment_hash, required),