1 // This file is Copyright its original authors, visible in version control
4 // This file is licensed under the Apache License, Version 2.0 <LICENSE-APACHE
5 // or http://www.apache.org/licenses/LICENSE-2.0> or the MIT license
6 // <LICENSE-MIT or http://opensource.org/licenses/MIT>, at your option.
7 // You may not use this file except in accordance with one or both of these
10 //! Various user-configurable channel limits and settings which ChannelManager
13 use crate::ln::channel::MAX_FUNDING_SATOSHIS_NO_WUMBO;
14 use crate::ln::channelmanager::{BREAKDOWN_TIMEOUT, MAX_LOCAL_BREAKDOWN_TIMEOUT};
16 /// Configuration we set when applicable.
18 /// Default::default() provides sane defaults.
19 #[derive(Copy, Clone, Debug)]
20 pub struct ChannelHandshakeConfig {
21 /// Confirmations we will wait for before considering the channel locked in.
22 /// Applied only for inbound channels (see ChannelHandshakeLimits::max_minimum_depth for the
23 /// equivalent limit applied to outbound channels).
25 /// A lower-bound of 1 is applied, requiring all channels to have a confirmed commitment
26 /// transaction before operation. If you wish to accept channels with zero confirmations, see
27 /// [`UserConfig::manually_accept_inbound_channels`] and
28 /// [`ChannelManager::accept_inbound_channel_from_trusted_peer_0conf`].
32 /// [`ChannelManager::accept_inbound_channel`]: crate::ln::channelmanager::ChannelManager::accept_inbound_channel
33 /// [`ChannelManager::accept_inbound_channel_from_trusted_peer_0conf`]: crate::ln::channelmanager::ChannelManager::accept_inbound_channel_from_trusted_peer_0conf
34 pub minimum_depth: u32,
35 /// Set to the number of blocks we require our counterparty to wait to claim their money (ie
36 /// the number of blocks we have to punish our counterparty if they broadcast a revoked
39 /// This is one of the main parameters of our security model. We (or one of our watchtowers) MUST
40 /// be online to check for revoked transactions on-chain at least once every our_to_self_delay
41 /// blocks (minus some margin to allow us enough time to broadcast and confirm a transaction,
42 /// possibly with time in between to RBF the spending transaction).
44 /// Meanwhile, asking for a too high delay, we bother peer to freeze funds for nothing in
45 /// case of an honest unilateral channel close, which implicitly decrease the economic value of
48 /// Default value: [`BREAKDOWN_TIMEOUT`], we enforce it as a minimum at channel opening so you
49 /// can tweak config to ask for more security, not less.
50 pub our_to_self_delay: u16,
51 /// Set to the smallest value HTLC we will accept to process.
53 /// This value is sent to our counterparty on channel-open and we close the channel any time
54 /// our counterparty misbehaves by sending us an HTLC with a value smaller than this.
56 /// Default value: 1. If the value is less than 1, it is ignored and set to 1, as is required
58 pub our_htlc_minimum_msat: u64,
59 /// Sets the percentage of the channel value we will cap the total value of outstanding inbound
62 /// This can be set to a value between 1-100, where the value corresponds to the percent of the
63 /// channel value in whole percentages.
66 /// * If configured to another value than the default value 10, any new channels created with
67 /// the non default value will cause versions of LDK prior to 0.0.104 to refuse to read the
70 /// * This caps the total value for inbound HTLCs in-flight only, and there's currently
71 /// no way to configure the cap for the total value of outbound HTLCs in-flight.
73 /// * The requirements for your node being online to ensure the safety of HTLC-encumbered funds
74 /// are different from the non-HTLC-encumbered funds. This makes this an important knob to
75 /// restrict exposure to loss due to being offline for too long.
76 /// See [`ChannelHandshakeConfig::our_to_self_delay`] and [`ChannelConfig::cltv_expiry_delta`]
77 /// for more information.
79 /// Default value: 10.
80 /// Minimum value: 1, any values less than 1 will be treated as 1 instead.
81 /// Maximum value: 100, any values larger than 100 will be treated as 100 instead.
82 pub max_inbound_htlc_value_in_flight_percent_of_channel: u8,
83 /// If set, we attempt to negotiate the `scid_privacy` (referred to as `scid_alias` in the
84 /// BOLTs) option for outbound private channels. This provides better privacy by not including
85 /// our real on-chain channel UTXO in each invoice and requiring that our counterparty only
86 /// relay HTLCs to us using the channel's SCID alias.
88 /// If this option is set, channels may be created that will not be readable by LDK versions
89 /// prior to 0.0.106, causing [`ChannelManager`]'s read method to return a
90 /// [`DecodeError::InvalidValue`].
92 /// Note that setting this to true does *not* prevent us from opening channels with
93 /// counterparties that do not support the `scid_alias` option; we will simply fall back to a
94 /// private channel without that option.
96 /// Ignored if the channel is negotiated to be announced, see
97 /// [`ChannelHandshakeConfig::announced_channel`] and
98 /// [`ChannelHandshakeLimits::force_announced_channel_preference`] for more.
100 /// Default value: false. This value is likely to change to true in the future.
102 /// [`ChannelManager`]: crate::ln::channelmanager::ChannelManager
103 /// [`DecodeError::InvalidValue`]: crate::ln::msgs::DecodeError::InvalidValue
104 pub negotiate_scid_privacy: bool,
105 /// Set to announce the channel publicly and notify all nodes that they can route via this
108 /// This should only be set to true for nodes which expect to be online reliably.
110 /// As the node which funds a channel picks this value this will only apply for new outbound
111 /// channels unless [`ChannelHandshakeLimits::force_announced_channel_preference`] is set.
113 /// Default value: false.
114 pub announced_channel: bool,
115 /// When set, we commit to an upfront shutdown_pubkey at channel open. If our counterparty
116 /// supports it, they will then enforce the mutual-close output to us matches what we provided
117 /// at intialization, preventing us from closing to an alternate pubkey.
119 /// This is set to true by default to provide a slight increase in security, though ultimately
120 /// any attacker who is able to take control of a channel can just as easily send the funds via
121 /// lightning payments, so we never require that our counterparties support this option.
123 /// The upfront key committed is provided from [`SignerProvider::get_shutdown_scriptpubkey`].
125 /// Default value: true.
127 /// [`SignerProvider::get_shutdown_scriptpubkey`]: crate::sign::SignerProvider::get_shutdown_scriptpubkey
128 pub commit_upfront_shutdown_pubkey: bool,
129 /// The Proportion of the channel value to configure as counterparty's channel reserve,
130 /// i.e., `their_channel_reserve_satoshis` for both outbound and inbound channels.
132 /// `their_channel_reserve_satoshis` is the minimum balance that the other node has to maintain
133 /// on their side, at all times.
134 /// This ensures that if our counterparty broadcasts a revoked state, we can punish them by
135 /// claiming at least this value on chain.
137 /// Channel reserve values greater than 30% could be considered highly unreasonable, since that
138 /// amount can never be used for payments.
139 /// Also, if our selected channel reserve for counterparty and counterparty's selected
140 /// channel reserve for us sum up to equal or greater than channel value, channel negotiations
143 /// Note: Versions of LDK earlier than v0.0.104 will fail to read channels with any channel reserve
144 /// other than the default value.
146 /// Default value: 1% of channel value, i.e., configured as 10,000 millionths.
147 /// Minimum value: If the calculated proportional value is less than 1000 sats, it will be treated
148 /// as 1000 sats instead, which is a safe implementation-specific lower bound.
149 /// Maximum value: 1,000,000, any values larger than 1 Million will be treated as 1 Million (or 100%)
150 /// instead, although channel negotiations will fail in that case.
151 pub their_channel_reserve_proportional_millionths: u32,
152 /// If set, we attempt to negotiate the `anchors_zero_fee_htlc_tx`option for all future
153 /// channels. This feature requires having a reserve of onchain funds readily available to bump
154 /// transactions in the event of a channel force close to avoid the possibility of losing funds.
156 /// Note that if you wish accept inbound channels with anchor outputs, you must enable
157 /// [`UserConfig::manually_accept_inbound_channels`] and manually accept them with
158 /// [`ChannelManager::accept_inbound_channel`]. This is done to give you the chance to check
159 /// whether your reserve of onchain funds is enough to cover the fees for all existing and new
160 /// channels featuring anchor outputs in the event of a force close.
162 /// If this option is set, channels may be created that will not be readable by LDK versions
163 /// prior to 0.0.116, causing [`ChannelManager`]'s read method to return a
164 /// [`DecodeError::InvalidValue`].
166 /// Note that setting this to true does *not* prevent us from opening channels with
167 /// counterparties that do not support the `anchors_zero_fee_htlc_tx` option; we will simply
168 /// fall back to a `static_remote_key` channel.
170 /// LDK will not support the legacy `option_anchors` commitment version due to a discovered
171 /// vulnerability after its deployment. For more context, see the [`SIGHASH_SINGLE + update_fee
172 /// Considered Harmful`] mailing list post.
174 /// Default value: false. This value is likely to change to true in the future.
176 /// [`ChannelManager`]: crate::ln::channelmanager::ChannelManager
177 /// [`ChannelManager::accept_inbound_channel`]: crate::ln::channelmanager::ChannelManager::accept_inbound_channel
178 /// [`DecodeError::InvalidValue`]: crate::ln::msgs::DecodeError::InvalidValue
179 /// [`SIGHASH_SINGLE + update_fee Considered Harmful`]: https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-September/002796.html
180 pub negotiate_anchors_zero_fee_htlc_tx: bool,
182 /// The maximum number of HTLCs in-flight from our counterparty towards us at the same time.
184 /// Increasing the value can help improve liquidity and stability in
185 /// routing at the cost of higher long term disk / DB usage.
187 /// Note: Versions of LDK earlier than v0.0.115 will fail to read channels with a configuration
188 /// other than the default value.
190 /// Default value: 50
191 /// Maximum value: 483, any values larger will be treated as 483.
192 /// This is the BOLT #2 spec limit on `max_accepted_htlcs`.
193 pub our_max_accepted_htlcs: u16,
196 impl Default for ChannelHandshakeConfig {
197 fn default() -> ChannelHandshakeConfig {
198 ChannelHandshakeConfig {
200 our_to_self_delay: BREAKDOWN_TIMEOUT,
201 our_htlc_minimum_msat: 1,
202 max_inbound_htlc_value_in_flight_percent_of_channel: 10,
203 negotiate_scid_privacy: false,
204 announced_channel: false,
205 commit_upfront_shutdown_pubkey: true,
206 their_channel_reserve_proportional_millionths: 10_000,
207 negotiate_anchors_zero_fee_htlc_tx: false,
208 our_max_accepted_htlcs: 50,
213 /// Optional channel limits which are applied during channel creation.
215 /// These limits are only applied to our counterparty's limits, not our own.
217 /// Use 0/`<type>::max_value()` as appropriate to skip checking.
219 /// Provides sane defaults for most configurations.
221 /// Most additional limits are disabled except those with which specify a default in individual
222 /// field documentation. Note that this may result in barely-usable channels, but since they
223 /// are applied mostly only to incoming channels that's not much of a problem.
224 #[derive(Copy, Clone, Debug)]
225 pub struct ChannelHandshakeLimits {
226 /// Minimum allowed satoshis when a channel is funded. This is supplied by the sender and so
227 /// only applies to inbound channels.
229 /// Default value: 0.
230 pub min_funding_satoshis: u64,
231 /// Maximum allowed satoshis when a channel is funded. This is supplied by the sender and so
232 /// only applies to inbound channels.
234 /// Default value: 2^24 - 1.
235 pub max_funding_satoshis: u64,
236 /// The remote node sets a limit on the minimum size of HTLCs we can send to them. This allows
237 /// you to limit the maximum minimum-size they can require.
239 /// Default value: u64::max_value.
240 pub max_htlc_minimum_msat: u64,
241 /// The remote node sets a limit on the maximum value of pending HTLCs to them at any given
242 /// time to limit their funds exposure to HTLCs. This allows you to set a minimum such value.
244 /// Default value: 0.
245 pub min_max_htlc_value_in_flight_msat: u64,
246 /// The remote node will require we keep a certain amount in direct payment to ourselves at all
247 /// time, ensuring that we are able to be punished if we broadcast an old state. This allows to
248 /// you limit the amount which we will have to keep to ourselves (and cannot use for HTLCs).
250 /// Default value: u64::max_value.
251 pub max_channel_reserve_satoshis: u64,
252 /// The remote node sets a limit on the maximum number of pending HTLCs to them at any given
253 /// time. This allows you to set a minimum such value.
255 /// Default value: 0.
256 pub min_max_accepted_htlcs: u16,
257 /// Before a channel is usable the funding transaction will need to be confirmed by at least a
258 /// certain number of blocks, specified by the node which is not the funder (as the funder can
259 /// assume they aren't going to double-spend themselves).
260 /// This config allows you to set a limit on the maximum amount of time to wait.
262 /// Default value: 144, or roughly one day and only applies to outbound channels.
263 pub max_minimum_depth: u32,
264 /// Whether we implicitly trust funding transactions generated by us for our own outbound
265 /// channels to not be double-spent.
267 /// If this is set, we assume that our own funding transactions are *never* double-spent, and
268 /// thus we can trust them without any confirmations. This is generally a reasonable
269 /// assumption, given we're the only ones who could ever double-spend it (assuming we have sole
270 /// control of the signing keys).
272 /// You may wish to un-set this if you allow the user to (or do in an automated fashion)
273 /// double-spend the funding transaction to RBF with an alternative channel open.
275 /// This only applies if our counterparty set their confirmations-required value to 0, and we
276 /// always trust our own funding transaction at 1 confirmation irrespective of this value.
277 /// Thus, this effectively acts as a `min_minimum_depth`, with the only possible values being
278 /// `true` (0) and `false` (1).
280 /// Default value: true
281 pub trust_own_funding_0conf: bool,
282 /// Set to force an incoming channel to match our announced channel preference in
283 /// [`ChannelHandshakeConfig::announced_channel`].
285 /// For a node which is not online reliably, this should be set to true and
286 /// [`ChannelHandshakeConfig::announced_channel`] set to false, ensuring that no announced (aka public)
287 /// channels will ever be opened.
289 /// Default value: true.
290 pub force_announced_channel_preference: bool,
291 /// Set to the amount of time we're willing to wait to claim money back to us.
293 /// Not checking this value would be a security issue, as our peer would be able to set it to
294 /// max relative lock-time (a year) and we would "lose" money as it would be locked for a long time.
296 /// Default value: 2016, which we also enforce as a maximum value so you can tweak config to
297 /// reduce the loss of having useless locked funds (if your peer accepts)
298 pub their_to_self_delay: u16
301 impl Default for ChannelHandshakeLimits {
302 fn default() -> Self {
303 ChannelHandshakeLimits {
304 min_funding_satoshis: 0,
305 max_funding_satoshis: MAX_FUNDING_SATOSHIS_NO_WUMBO,
306 max_htlc_minimum_msat: <u64>::max_value(),
307 min_max_htlc_value_in_flight_msat: 0,
308 max_channel_reserve_satoshis: <u64>::max_value(),
309 min_max_accepted_htlcs: 0,
310 trust_own_funding_0conf: true,
311 max_minimum_depth: 144,
312 force_announced_channel_preference: true,
313 their_to_self_delay: MAX_LOCAL_BREAKDOWN_TIMEOUT,
318 /// Options for how to set the max dust HTLC exposure allowed on a channel. See
319 /// [`ChannelConfig::max_dust_htlc_exposure`] for details.
320 #[derive(Copy, Clone, Debug, PartialEq, Eq)]
321 pub enum MaxDustHTLCExposure {
322 /// This sets a fixed limit on the total dust exposure in millisatoshis. Setting this too low
323 /// may prevent the sending or receipt of low-value HTLCs on high-traffic nodes, however this
324 /// limit is very important to prevent stealing of large amounts of dust HTLCs by miners
325 /// through [fee griefing
326 /// attacks](https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-May/002714.html).
328 /// Note that if the feerate increases significantly, without a manual increase
329 /// to this maximum the channel may be unable to send/receive HTLCs between the maximum dust
330 /// exposure and the new minimum value for HTLCs to be economically viable to claim.
332 /// This sets a multiplier on the estimated high priority feerate (sats/KW, as obtained from
333 /// [`FeeEstimator`]) to determine the maximum allowed dust exposure. If this variant is used
334 /// then the maximum dust exposure in millisatoshis is calculated as:
335 /// `high_priority_feerate_per_kw * value`. For example, with our default value
336 /// `FeeRateMultiplier(5000)`:
338 /// - For the minimum fee rate of 1 sat/vByte (250 sat/KW, although the minimum
339 /// defaults to 253 sats/KW for rounding, see [`FeeEstimator`]), the max dust exposure would
340 /// be 253 * 5000 = 1,265,000 msats.
341 /// - For a fee rate of 30 sat/vByte (7500 sat/KW), the max dust exposure would be
342 /// 7500 * 5000 = 37,500,000 msats.
344 /// This allows the maximum dust exposure to automatically scale with fee rate changes.
346 /// Note, if you're using a third-party fee estimator, this may leave you more exposed to a
347 /// fee griefing attack, where your fee estimator may purposely overestimate the fee rate,
348 /// causing you to accept more dust HTLCs than you would otherwise.
350 /// This variant is primarily meant to serve pre-anchor channels, as HTLC fees being included
351 /// on HTLC outputs means your channel may be subject to more dust exposure in the event of
352 /// increases in fee rate.
354 /// # Backwards Compatibility
355 /// This variant only became available in LDK 0.0.116, so if you downgrade to a prior version
356 /// by default this will be set to a [`Self::FixedLimitMsat`] of 5,000,000 msat.
358 /// [`FeeEstimator`]: crate::chain::chaininterface::FeeEstimator
359 FeeRateMultiplier(u64),
362 impl_writeable_tlv_based_enum!(MaxDustHTLCExposure, ;
364 (3, FeeRateMultiplier),
367 /// Options which apply on a per-channel basis and may change at runtime or based on negotiation
368 /// with our counterparty.
369 #[derive(Copy, Clone, Debug, PartialEq, Eq)]
370 pub struct ChannelConfig {
371 /// Amount (in millionths of a satoshi) charged per satoshi for payments forwarded outbound
372 /// over the channel.
373 /// This may be allowed to change at runtime in a later update, however doing so must result in
374 /// update messages sent to notify all nodes of our updated relay fee.
376 /// Default value: 0.
377 pub forwarding_fee_proportional_millionths: u32,
378 /// Amount (in milli-satoshi) charged for payments forwarded outbound over the channel, in
379 /// excess of [`forwarding_fee_proportional_millionths`].
380 /// This may be allowed to change at runtime in a later update, however doing so must result in
381 /// update messages sent to notify all nodes of our updated relay fee.
383 /// The default value of a single satoshi roughly matches the market rate on many routing nodes
384 /// as of July 2021. Adjusting it upwards or downwards may change whether nodes route through
387 /// Default value: 1000.
389 /// [`forwarding_fee_proportional_millionths`]: ChannelConfig::forwarding_fee_proportional_millionths
390 pub forwarding_fee_base_msat: u32,
391 /// The difference in the CLTV value between incoming HTLCs and an outbound HTLC forwarded over
392 /// the channel this config applies to.
394 /// This is analogous to [`ChannelHandshakeConfig::our_to_self_delay`] but applies to in-flight
395 /// HTLC balance when a channel appears on-chain whereas
396 /// [`ChannelHandshakeConfig::our_to_self_delay`] applies to the remaining
397 /// (non-HTLC-encumbered) balance.
399 /// Thus, for HTLC-encumbered balances to be enforced on-chain when a channel is force-closed,
400 /// we (or one of our watchtowers) MUST be online to check for broadcast of the current
401 /// commitment transaction at least once per this many blocks (minus some margin to allow us
402 /// enough time to broadcast and confirm a transaction, possibly with time in between to RBF
403 /// the spending transaction).
405 /// Default value: 72 (12 hours at an average of 6 blocks/hour).
406 /// Minimum value: [`MIN_CLTV_EXPIRY_DELTA`], any values less than this will be treated as
407 /// [`MIN_CLTV_EXPIRY_DELTA`] instead.
409 /// [`MIN_CLTV_EXPIRY_DELTA`]: crate::ln::channelmanager::MIN_CLTV_EXPIRY_DELTA
410 pub cltv_expiry_delta: u16,
411 /// Limit our total exposure to in-flight HTLCs which are burned to fees as they are too
412 /// small to claim on-chain.
414 /// When an HTLC present in one of our channels is below a "dust" threshold, the HTLC will
415 /// not be claimable on-chain, instead being turned into additional miner fees if either
416 /// party force-closes the channel. Because the threshold is per-HTLC, our total exposure
417 /// to such payments may be sustantial if there are many dust HTLCs present when the
418 /// channel is force-closed.
420 /// The dust threshold for each HTLC is based on the `dust_limit_satoshis` for each party in a
421 /// channel negotiated throughout the channel open process, along with the fees required to have
422 /// a broadcastable HTLC spending transaction. When a channel supports anchor outputs
423 /// (specifically the zero fee HTLC transaction variant), this threshold no longer takes into
424 /// account the HTLC transaction fee as it is zero. Because of this, you may want to set this
425 /// value to a fixed limit for channels using anchor outputs, while the fee rate multiplier
426 /// variant is primarily intended for use with pre-anchor channels.
428 /// The selected limit is applied for sent, forwarded, and received HTLCs and limits the total
429 /// exposure across all three types per-channel.
431 /// Default value: [`MaxDustHTLCExposure::FeeRateMultiplier`] with a multiplier of 5000.
432 pub max_dust_htlc_exposure: MaxDustHTLCExposure,
433 /// The additional fee we're willing to pay to avoid waiting for the counterparty's
434 /// `to_self_delay` to reclaim funds.
436 /// When we close a channel cooperatively with our counterparty, we negotiate a fee for the
437 /// closing transaction which both sides find acceptable, ultimately paid by the channel
438 /// funder/initiator.
440 /// When we are the funder, because we have to pay the channel closing fee, we bound the
441 /// acceptable fee by our [`Background`] and [`Normal`] fees, with the upper bound increased by
442 /// this value. Because the on-chain fee we'd pay to force-close the channel is kept near our
443 /// [`Normal`] feerate during normal operation, this value represents the additional fee we're
444 /// willing to pay in order to avoid waiting for our counterparty's to_self_delay to reclaim our
447 /// When we are not the funder, we require the closing transaction fee pay at least our
448 /// [`Background`] fee estimate, but allow our counterparty to pay as much fee as they like.
449 /// Thus, this value is ignored when we are not the funder.
451 /// Default value: 1000 satoshis.
453 /// [`Normal`]: crate::chain::chaininterface::ConfirmationTarget::Normal
454 /// [`Background`]: crate::chain::chaininterface::ConfirmationTarget::Background
455 pub force_close_avoidance_max_fee_satoshis: u64,
456 /// If set, allows this channel's counterparty to skim an additional fee off this node's inbound
457 /// HTLCs. Useful for liquidity providers to offload on-chain channel costs to end users.
460 /// - The payee will set this option and set its invoice route hints to use [intercept scids]
461 /// generated by this channel's counterparty.
462 /// - The counterparty will get an [`HTLCIntercepted`] event upon payment forward, and call
463 /// [`forward_intercepted_htlc`] with less than the amount provided in
464 /// [`HTLCIntercepted::expected_outbound_amount_msat`]. The difference between the expected and
465 /// actual forward amounts is their fee.
466 // TODO: link to LSP JIT channel invoice generation spec when it's merged
469 /// It's important for payee wallet software to verify that [`PaymentClaimable::amount_msat`] is
470 /// as-expected if this feature is activated, otherwise they may lose money!
471 /// [`PaymentClaimable::counterparty_skimmed_fee_msat`] provides the fee taken by the
475 /// Switching this config flag on may break compatibility with versions of LDK prior to 0.0.116.
476 /// Unsetting this flag between restarts may lead to payment receive failures.
478 /// Default value: false.
480 /// [intercept scids]: crate::ln::channelmanager::ChannelManager::get_intercept_scid
481 /// [`forward_intercepted_htlc`]: crate::ln::channelmanager::ChannelManager::forward_intercepted_htlc
482 /// [`HTLCIntercepted`]: crate::events::Event::HTLCIntercepted
483 /// [`HTLCIntercepted::expected_outbound_amount_msat`]: crate::events::Event::HTLCIntercepted::expected_outbound_amount_msat
484 /// [`PaymentClaimable::amount_msat`]: crate::events::Event::PaymentClaimable::amount_msat
485 /// [`PaymentClaimable::counterparty_skimmed_fee_msat`]: crate::events::Event::PaymentClaimable::counterparty_skimmed_fee_msat
486 // TODO: link to bLIP when it's merged
487 pub accept_underpaying_htlcs: bool,
491 /// Applies the given [`ChannelConfigUpdate`] as a partial update to the [`ChannelConfig`].
492 pub fn apply(&mut self, update: &ChannelConfigUpdate) {
493 if let Some(forwarding_fee_proportional_millionths) = update.forwarding_fee_proportional_millionths {
494 self.forwarding_fee_proportional_millionths = forwarding_fee_proportional_millionths;
496 if let Some(forwarding_fee_base_msat) = update.forwarding_fee_base_msat {
497 self.forwarding_fee_base_msat = forwarding_fee_base_msat;
499 if let Some(cltv_expiry_delta) = update.cltv_expiry_delta {
500 self.cltv_expiry_delta = cltv_expiry_delta;
502 if let Some(max_dust_htlc_exposure_msat) = update.max_dust_htlc_exposure_msat {
503 self.max_dust_htlc_exposure = max_dust_htlc_exposure_msat;
505 if let Some(force_close_avoidance_max_fee_satoshis) = update.force_close_avoidance_max_fee_satoshis {
506 self.force_close_avoidance_max_fee_satoshis = force_close_avoidance_max_fee_satoshis;
511 impl Default for ChannelConfig {
512 /// Provides sane defaults for most configurations (but with zero relay fees!).
513 fn default() -> Self {
515 forwarding_fee_proportional_millionths: 0,
516 forwarding_fee_base_msat: 1000,
517 cltv_expiry_delta: 6 * 12, // 6 blocks/hour * 12 hours
518 max_dust_htlc_exposure: MaxDustHTLCExposure::FeeRateMultiplier(5000),
519 force_close_avoidance_max_fee_satoshis: 1000,
520 accept_underpaying_htlcs: false,
525 impl crate::util::ser::Writeable for ChannelConfig {
526 fn write<W: crate::util::ser::Writer>(&self, writer: &mut W) -> Result<(), crate::io::Error> {
527 let max_dust_htlc_exposure_msat_fixed_limit = match self.max_dust_htlc_exposure {
528 MaxDustHTLCExposure::FixedLimitMsat(limit) => limit,
529 MaxDustHTLCExposure::FeeRateMultiplier(_) => 5_000_000,
531 write_tlv_fields!(writer, {
532 (0, self.forwarding_fee_proportional_millionths, required),
533 (1, self.accept_underpaying_htlcs, (default_value, false)),
534 (2, self.forwarding_fee_base_msat, required),
535 (3, self.max_dust_htlc_exposure, required),
536 (4, self.cltv_expiry_delta, required),
537 (6, max_dust_htlc_exposure_msat_fixed_limit, required),
538 // ChannelConfig serialized this field with a required type of 8 prior to the introduction of
539 // LegacyChannelConfig. To make sure that serialization is not compatible with this one, we use
540 // the next required type of 10, which if seen by the old serialization will always fail.
541 (10, self.force_close_avoidance_max_fee_satoshis, required),
547 impl crate::util::ser::Readable for ChannelConfig {
548 fn read<R: crate::io::Read>(reader: &mut R) -> Result<Self, crate::ln::msgs::DecodeError> {
549 let mut forwarding_fee_proportional_millionths = 0;
550 let mut accept_underpaying_htlcs = false;
551 let mut forwarding_fee_base_msat = 1000;
552 let mut cltv_expiry_delta = 6 * 12;
553 let mut max_dust_htlc_exposure_msat = None;
554 let mut max_dust_htlc_exposure_enum = None;
555 let mut force_close_avoidance_max_fee_satoshis = 1000;
556 read_tlv_fields!(reader, {
557 (0, forwarding_fee_proportional_millionths, required),
558 (1, accept_underpaying_htlcs, (default_value, false)),
559 (2, forwarding_fee_base_msat, required),
560 (3, max_dust_htlc_exposure_enum, option),
561 (4, cltv_expiry_delta, required),
562 // Has always been written, but became optionally read in 0.0.116
563 (6, max_dust_htlc_exposure_msat, option),
564 (10, force_close_avoidance_max_fee_satoshis, required),
566 let max_dust_htlc_fixed_limit = max_dust_htlc_exposure_msat.unwrap_or(5_000_000);
567 let max_dust_htlc_exposure_msat = max_dust_htlc_exposure_enum
568 .unwrap_or(MaxDustHTLCExposure::FixedLimitMsat(max_dust_htlc_fixed_limit));
570 forwarding_fee_proportional_millionths,
571 accept_underpaying_htlcs,
572 forwarding_fee_base_msat,
574 max_dust_htlc_exposure: max_dust_htlc_exposure_msat,
575 force_close_avoidance_max_fee_satoshis,
580 /// A parallel struct to [`ChannelConfig`] to define partial updates.
581 #[allow(missing_docs)]
582 pub struct ChannelConfigUpdate {
583 pub forwarding_fee_proportional_millionths: Option<u32>,
584 pub forwarding_fee_base_msat: Option<u32>,
585 pub cltv_expiry_delta: Option<u16>,
586 pub max_dust_htlc_exposure_msat: Option<MaxDustHTLCExposure>,
587 pub force_close_avoidance_max_fee_satoshis: Option<u64>,
590 impl Default for ChannelConfigUpdate {
591 fn default() -> ChannelConfigUpdate {
592 ChannelConfigUpdate {
593 forwarding_fee_proportional_millionths: None,
594 forwarding_fee_base_msat: None,
595 cltv_expiry_delta: None,
596 max_dust_htlc_exposure_msat: None,
597 force_close_avoidance_max_fee_satoshis: None,
602 impl From<ChannelConfig> for ChannelConfigUpdate {
603 fn from(config: ChannelConfig) -> ChannelConfigUpdate {
604 ChannelConfigUpdate {
605 forwarding_fee_proportional_millionths: Some(config.forwarding_fee_proportional_millionths),
606 forwarding_fee_base_msat: Some(config.forwarding_fee_base_msat),
607 cltv_expiry_delta: Some(config.cltv_expiry_delta),
608 max_dust_htlc_exposure_msat: Some(config.max_dust_htlc_exposure),
609 force_close_avoidance_max_fee_satoshis: Some(config.force_close_avoidance_max_fee_satoshis),
614 /// Legacy version of [`ChannelConfig`] that stored the static
615 /// [`ChannelHandshakeConfig::announced_channel`] and
616 /// [`ChannelHandshakeConfig::commit_upfront_shutdown_pubkey`] fields.
617 #[derive(Copy, Clone, Debug)]
618 pub(crate) struct LegacyChannelConfig {
619 pub(crate) options: ChannelConfig,
620 /// Deprecated but may still be read from. See [`ChannelHandshakeConfig::announced_channel`] to
621 /// set this when opening/accepting a channel.
622 pub(crate) announced_channel: bool,
623 /// Deprecated but may still be read from. See
624 /// [`ChannelHandshakeConfig::commit_upfront_shutdown_pubkey`] to set this when
625 /// opening/accepting a channel.
626 pub(crate) commit_upfront_shutdown_pubkey: bool,
629 impl Default for LegacyChannelConfig {
630 fn default() -> Self {
632 options: ChannelConfig::default(),
633 announced_channel: false,
634 commit_upfront_shutdown_pubkey: true,
639 impl crate::util::ser::Writeable for LegacyChannelConfig {
640 fn write<W: crate::util::ser::Writer>(&self, writer: &mut W) -> Result<(), crate::io::Error> {
641 let max_dust_htlc_exposure_msat_fixed_limit = match self.options.max_dust_htlc_exposure {
642 MaxDustHTLCExposure::FixedLimitMsat(limit) => limit,
643 MaxDustHTLCExposure::FeeRateMultiplier(_) => 5_000_000,
645 write_tlv_fields!(writer, {
646 (0, self.options.forwarding_fee_proportional_millionths, required),
647 (1, max_dust_htlc_exposure_msat_fixed_limit, required),
648 (2, self.options.cltv_expiry_delta, required),
649 (3, self.options.force_close_avoidance_max_fee_satoshis, (default_value, 1000)),
650 (4, self.announced_channel, required),
651 (5, self.options.max_dust_htlc_exposure, required),
652 (6, self.commit_upfront_shutdown_pubkey, required),
653 (8, self.options.forwarding_fee_base_msat, required),
659 impl crate::util::ser::Readable for LegacyChannelConfig {
660 fn read<R: crate::io::Read>(reader: &mut R) -> Result<Self, crate::ln::msgs::DecodeError> {
661 let mut forwarding_fee_proportional_millionths = 0;
662 let mut max_dust_htlc_exposure_msat_fixed_limit = None;
663 let mut cltv_expiry_delta = 0;
664 let mut force_close_avoidance_max_fee_satoshis = 1000;
665 let mut announced_channel = false;
666 let mut commit_upfront_shutdown_pubkey = false;
667 let mut forwarding_fee_base_msat = 0;
668 let mut max_dust_htlc_exposure_enum = None;
669 read_tlv_fields!(reader, {
670 (0, forwarding_fee_proportional_millionths, required),
671 // Has always been written, but became optionally read in 0.0.116
672 (1, max_dust_htlc_exposure_msat_fixed_limit, option),
673 (2, cltv_expiry_delta, required),
674 (3, force_close_avoidance_max_fee_satoshis, (default_value, 1000u64)),
675 (4, announced_channel, required),
676 (5, max_dust_htlc_exposure_enum, option),
677 (6, commit_upfront_shutdown_pubkey, required),
678 (8, forwarding_fee_base_msat, required),
680 let max_dust_htlc_exposure_msat_fixed_limit =
681 max_dust_htlc_exposure_msat_fixed_limit.unwrap_or(5_000_000);
682 let max_dust_htlc_exposure_msat = max_dust_htlc_exposure_enum
683 .unwrap_or(MaxDustHTLCExposure::FixedLimitMsat(max_dust_htlc_exposure_msat_fixed_limit));
685 options: ChannelConfig {
686 forwarding_fee_proportional_millionths,
687 max_dust_htlc_exposure: max_dust_htlc_exposure_msat,
689 force_close_avoidance_max_fee_satoshis,
690 forwarding_fee_base_msat,
691 accept_underpaying_htlcs: false,
694 commit_upfront_shutdown_pubkey,
699 /// Top-level config which holds ChannelHandshakeLimits and ChannelConfig.
701 /// Default::default() provides sane defaults for most configurations
702 /// (but currently with 0 relay fees!)
703 #[derive(Copy, Clone, Debug)]
704 pub struct UserConfig {
705 /// Channel handshake config that we propose to our counterparty.
706 pub channel_handshake_config: ChannelHandshakeConfig,
707 /// Limits applied to our counterparty's proposed channel handshake config settings.
708 pub channel_handshake_limits: ChannelHandshakeLimits,
709 /// Channel config which affects behavior during channel lifetime.
710 pub channel_config: ChannelConfig,
711 /// If this is set to false, we will reject any HTLCs which were to be forwarded over private
712 /// channels. This prevents us from taking on HTLC-forwarding risk when we intend to run as a
713 /// node which is not online reliably.
715 /// For nodes which are not online reliably, you should set all channels to *not* be announced
716 /// (using [`ChannelHandshakeConfig::announced_channel`] and
717 /// [`ChannelHandshakeLimits::force_announced_channel_preference`]) and set this to false to
718 /// ensure you are not exposed to any forwarding risk.
720 /// Note that because you cannot change a channel's announced state after creation, there is no
721 /// way to disable forwarding on public channels retroactively. Thus, in order to change a node
722 /// from a publicly-announced forwarding node to a private non-forwarding node you must close
723 /// all your channels and open new ones. For privacy, you should also change your node_id
724 /// (swapping all private and public key material for new ones) at that time.
726 /// Default value: false.
727 pub accept_forwards_to_priv_channels: bool,
728 /// If this is set to false, we do not accept inbound requests to open a new channel.
729 /// Default value: true.
730 pub accept_inbound_channels: bool,
731 /// If this is set to true, the user needs to manually accept inbound requests to open a new
734 /// When set to true, [`Event::OpenChannelRequest`] will be triggered once a request to open a
735 /// new inbound channel is received through a [`msgs::OpenChannel`] message. In that case, a
736 /// [`msgs::AcceptChannel`] message will not be sent back to the counterparty node unless the
737 /// user explicitly chooses to accept the request.
739 /// Default value: false.
741 /// [`Event::OpenChannelRequest`]: crate::events::Event::OpenChannelRequest
742 /// [`msgs::OpenChannel`]: crate::ln::msgs::OpenChannel
743 /// [`msgs::AcceptChannel`]: crate::ln::msgs::AcceptChannel
744 pub manually_accept_inbound_channels: bool,
745 /// If this is set to true, LDK will intercept HTLCs that are attempting to be forwarded over
746 /// fake short channel ids generated via [`ChannelManager::get_intercept_scid`]. Upon HTLC
747 /// intercept, LDK will generate an [`Event::HTLCIntercepted`] which MUST be handled by the user.
749 /// Setting this to true may break backwards compatibility with LDK versions < 0.0.113.
751 /// Default value: false.
753 /// [`ChannelManager::get_intercept_scid`]: crate::ln::channelmanager::ChannelManager::get_intercept_scid
754 /// [`Event::HTLCIntercepted`]: crate::events::Event::HTLCIntercepted
755 pub accept_intercept_htlcs: bool,
756 /// If this is set to false, when receiving a keysend payment we'll fail it if it has multiple
757 /// parts. If this is set to true, we'll accept the payment.
759 /// Setting this to true will break backwards compatibility upon downgrading to an LDK
760 /// version < 0.0.116 while receiving an MPP keysend. If we have already received an MPP
761 /// keysend, downgrading will cause us to fail to deserialize [`ChannelManager`].
763 /// Default value: false.
765 /// [`ChannelManager`]: crate::ln::channelmanager::ChannelManager
766 pub accept_mpp_keysend: bool,
769 impl Default for UserConfig {
770 fn default() -> Self {
772 channel_handshake_config: ChannelHandshakeConfig::default(),
773 channel_handshake_limits: ChannelHandshakeLimits::default(),
774 channel_config: ChannelConfig::default(),
775 accept_forwards_to_priv_channels: false,
776 accept_inbound_channels: true,
777 manually_accept_inbound_channels: false,
778 accept_intercept_htlcs: false,
779 accept_mpp_keysend: false,