+/// Information which is provided, encrypted, to the payment recipient when sending HTLCs.
+///
+/// This should generally be constructed with data communicated to us from the recipient (via a
+/// BOLT11 or BOLT12 invoice).
+#[derive(Clone, Debug, PartialEq, Eq)]
+pub struct RecipientOnionFields {
+ /// The [`PaymentSecret`] is an arbitrary 32 bytes provided by the recipient for us to repeat
+ /// in the onion. It is unrelated to `payment_hash` (or [`PaymentPreimage`]) and exists to
+ /// authenticate the sender to the recipient and prevent payment-probing (deanonymization)
+ /// attacks.
+ ///
+ /// If you do not have one, the [`Route`] you pay over must not contain multiple paths as
+ /// multi-path payments require a recipient-provided secret.
+ ///
+ /// Note that for spontaneous payments most lightning nodes do not currently support MPP
+ /// receives, thus you should generally never be providing a secret here for spontaneous
+ /// payments.
+ pub payment_secret: Option<PaymentSecret>,
+ /// The payment metadata serves a similar purpose as [`Self::payment_secret`] but is of
+ /// arbitrary length. This gives recipients substantially more flexibility to receive
+ /// additional data.
+ ///
+ /// In LDK, while the [`Self::payment_secret`] is fixed based on an internal authentication
+ /// scheme to authenticate received payments against expected payments and invoices, this field
+ /// is not used in LDK for received payments, and can be used to store arbitrary data in
+ /// invoices which will be received with the payment.
+ ///
+ /// Note that this field was added to the lightning specification more recently than
+ /// [`Self::payment_secret`] and while nearly all lightning senders support secrets, metadata
+ /// may not be supported as universally.
+ pub payment_metadata: Option<Vec<u8>>,
+}
+
+impl_writeable_tlv_based!(RecipientOnionFields, {
+ (0, payment_secret, option),
+ (2, payment_metadata, option),
+});
+
+impl RecipientOnionFields {
+ /// Creates a [`RecipientOnionFields`] from only a [`PaymentSecret`]. This is the most common
+ /// set of onion fields for today's BOLT11 invoices - most nodes require a [`PaymentSecret`]
+ /// but do not require or provide any further data.
+ pub fn secret_only(payment_secret: PaymentSecret) -> Self {
+ Self { payment_secret: Some(payment_secret), payment_metadata: None }
+ }
+
+ /// Creates a new [`RecipientOnionFields`] with no fields. This generally does not create
+ /// payable HTLCs except for spontaneous payments, i.e. this should generally only be used for
+ /// calls to [`ChannelManager::send_spontaneous_payment`].
+ ///
+ /// [`ChannelManager::send_spontaneous_payment`]: super::channelmanager::ChannelManager::send_spontaneous_payment
+ pub fn spontaneous_empty() -> Self {
+ Self { payment_secret: None, payment_metadata: None }
+ }
+
+ /// When we have received some HTLC(s) towards an MPP payment, as we receive further HTLC(s) we
+ /// have to make sure that some fields match exactly across the parts. For those that aren't
+ /// required to match, if they don't match we should remove them so as to not expose data
+ /// that's dependent on the HTLC receive order to users.
+ ///
+ /// Here we implement this, first checking compatibility then mutating two objects and then
+ /// dropping any remaining non-matching fields from both.
+ pub(super) fn check_merge(&mut self, further_htlc_fields: &mut Self) -> Result<(), ()> {
+ if self.payment_secret != further_htlc_fields.payment_secret { return Err(()); }
+ if self.payment_metadata != further_htlc_fields.payment_metadata { return Err(()); }
+ // For custom TLVs we should just drop non-matching ones, but not reject the payment.
+ Ok(())
+ }
+}
+
+pub(super) struct OutboundPayments {
+ pub(super) pending_outbound_payments: Mutex<HashMap<PaymentId, PendingOutboundPayment>>,
+ pub(super) retry_lock: Mutex<()>,
+}
+
+impl OutboundPayments {
+ pub(super) fn new() -> Self {
+ Self {
+ pending_outbound_payments: Mutex::new(HashMap::new()),
+ retry_lock: Mutex::new(()),
+ }
+ }
+
+ pub(super) fn send_payment<R: Deref, ES: Deref, NS: Deref, IH, SP, L: Deref>(
+ &self, payment_hash: PaymentHash, recipient_onion: RecipientOnionFields, payment_id: PaymentId,
+ retry_strategy: Retry, route_params: RouteParameters, router: &R,
+ first_hops: Vec<ChannelDetails>, compute_inflight_htlcs: IH, entropy_source: &ES,
+ node_signer: &NS, best_block_height: u32, logger: &L,
+ pending_events: &Mutex<VecDeque<(events::Event, Option<EventCompletionAction>)>>, send_payment_along_path: SP,
+ ) -> Result<(), RetryableSendFailure>
+ where
+ R::Target: Router,
+ ES::Target: EntropySource,
+ NS::Target: NodeSigner,
+ L::Target: Logger,
+ IH: Fn() -> InFlightHtlcs,
+ SP: Fn(&Path, &PaymentHash, RecipientOnionFields, u64, u32, PaymentId,
+ &Option<PaymentPreimage>, [u8; 32]) -> Result<(), APIError>,
+ {
+ self.send_payment_internal(payment_id, payment_hash, recipient_onion, None, retry_strategy,
+ route_params, router, first_hops, &compute_inflight_htlcs, entropy_source, node_signer,
+ best_block_height, logger, pending_events, &send_payment_along_path)
+ }
+
+ pub(super) fn send_payment_with_route<ES: Deref, NS: Deref, F>(
+ &self, route: &Route, payment_hash: PaymentHash, recipient_onion: RecipientOnionFields,
+ payment_id: PaymentId, entropy_source: &ES, node_signer: &NS, best_block_height: u32,
+ send_payment_along_path: F
+ ) -> Result<(), PaymentSendFailure>
+ where
+ ES::Target: EntropySource,
+ NS::Target: NodeSigner,
+ F: Fn(&Path, &PaymentHash, RecipientOnionFields, u64, u32, PaymentId,
+ &Option<PaymentPreimage>, [u8; 32]) -> Result<(), APIError>
+ {
+ let onion_session_privs = self.add_new_pending_payment(payment_hash, recipient_onion.clone(), payment_id, None, route, None, None, entropy_source, best_block_height)?;
+ self.pay_route_internal(route, payment_hash, recipient_onion, None, payment_id, None,
+ onion_session_privs, node_signer, best_block_height, &send_payment_along_path)
+ .map_err(|e| { self.remove_outbound_if_all_failed(payment_id, &e); e })
+ }
+
+ pub(super) fn send_spontaneous_payment<R: Deref, ES: Deref, NS: Deref, IH, SP, L: Deref>(
+ &self, payment_preimage: Option<PaymentPreimage>, recipient_onion: RecipientOnionFields,
+ payment_id: PaymentId, retry_strategy: Retry, route_params: RouteParameters, router: &R,
+ first_hops: Vec<ChannelDetails>, inflight_htlcs: IH, entropy_source: &ES,
+ node_signer: &NS, best_block_height: u32, logger: &L,
+ pending_events: &Mutex<VecDeque<(events::Event, Option<EventCompletionAction>)>>, send_payment_along_path: SP
+ ) -> Result<PaymentHash, RetryableSendFailure>
+ where
+ R::Target: Router,
+ ES::Target: EntropySource,
+ NS::Target: NodeSigner,
+ L::Target: Logger,
+ IH: Fn() -> InFlightHtlcs,
+ SP: Fn(&Path, &PaymentHash, RecipientOnionFields, u64, u32, PaymentId,
+ &Option<PaymentPreimage>, [u8; 32]) -> Result<(), APIError>,
+ {
+ let preimage = payment_preimage
+ .unwrap_or_else(|| PaymentPreimage(entropy_source.get_secure_random_bytes()));
+ let payment_hash = PaymentHash(Sha256::hash(&preimage.0).into_inner());
+ self.send_payment_internal(payment_id, payment_hash, recipient_onion, Some(preimage),
+ retry_strategy, route_params, router, first_hops, inflight_htlcs, entropy_source,
+ node_signer, best_block_height, logger, pending_events, send_payment_along_path)
+ .map(|()| payment_hash)
+ }
+
+ pub(super) fn send_spontaneous_payment_with_route<ES: Deref, NS: Deref, F>(
+ &self, route: &Route, payment_preimage: Option<PaymentPreimage>,
+ recipient_onion: RecipientOnionFields, payment_id: PaymentId, entropy_source: &ES,
+ node_signer: &NS, best_block_height: u32, send_payment_along_path: F
+ ) -> Result<PaymentHash, PaymentSendFailure>
+ where
+ ES::Target: EntropySource,
+ NS::Target: NodeSigner,
+ F: Fn(&Path, &PaymentHash, RecipientOnionFields, u64, u32, PaymentId,
+ &Option<PaymentPreimage>, [u8; 32]) -> Result<(), APIError>
+ {
+ let preimage = payment_preimage
+ .unwrap_or_else(|| PaymentPreimage(entropy_source.get_secure_random_bytes()));
+ let payment_hash = PaymentHash(Sha256::hash(&preimage.0).into_inner());
+ let onion_session_privs = self.add_new_pending_payment(payment_hash, recipient_onion.clone(),
+ payment_id, Some(preimage), &route, None, None, entropy_source, best_block_height)?;
+
+ match self.pay_route_internal(route, payment_hash, recipient_onion, Some(preimage),
+ payment_id, None, onion_session_privs, node_signer, best_block_height, &send_payment_along_path
+ ) {
+ Ok(()) => Ok(payment_hash),
+ Err(e) => {
+ self.remove_outbound_if_all_failed(payment_id, &e);
+ Err(e)
+ }
+ }
+ }
+
+ pub(super) fn check_retry_payments<R: Deref, ES: Deref, NS: Deref, SP, IH, FH, L: Deref>(
+ &self, router: &R, first_hops: FH, inflight_htlcs: IH, entropy_source: &ES, node_signer: &NS,
+ best_block_height: u32,
+ pending_events: &Mutex<VecDeque<(events::Event, Option<EventCompletionAction>)>>, logger: &L,
+ send_payment_along_path: SP,
+ )
+ where
+ R::Target: Router,
+ ES::Target: EntropySource,
+ NS::Target: NodeSigner,
+ SP: Fn(&Path, &PaymentHash, RecipientOnionFields, u64, u32, PaymentId,
+ &Option<PaymentPreimage>, [u8; 32]) -> Result<(), APIError>,
+ IH: Fn() -> InFlightHtlcs,
+ FH: Fn() -> Vec<ChannelDetails>,
+ L::Target: Logger,
+ {
+ let _single_thread = self.retry_lock.lock().unwrap();
+ loop {
+ let mut outbounds = self.pending_outbound_payments.lock().unwrap();
+ let mut retry_id_route_params = None;
+ for (pmt_id, pmt) in outbounds.iter_mut() {
+ if pmt.is_auto_retryable_now() {
+ if let PendingOutboundPayment::Retryable { pending_amt_msat, total_msat, payment_params: Some(params), payment_hash, .. } = pmt {
+ if pending_amt_msat < total_msat {
+ retry_id_route_params = Some((*payment_hash, *pmt_id, RouteParameters {
+ final_value_msat: *total_msat - *pending_amt_msat,
+ payment_params: params.clone(),
+ }));
+ break
+ }
+ } else { debug_assert!(false); }
+ }
+ }
+ core::mem::drop(outbounds);
+ if let Some((payment_hash, payment_id, route_params)) = retry_id_route_params {
+ self.retry_payment_internal(payment_hash, payment_id, route_params, router, first_hops(), &inflight_htlcs, entropy_source, node_signer, best_block_height, logger, pending_events, &send_payment_along_path)
+ } else { break }
+ }
+
+ let mut outbounds = self.pending_outbound_payments.lock().unwrap();
+ outbounds.retain(|pmt_id, pmt| {
+ let mut retain = true;
+ if !pmt.is_auto_retryable_now() && pmt.remaining_parts() == 0 {
+ pmt.mark_abandoned(PaymentFailureReason::RetriesExhausted);
+ if let PendingOutboundPayment::Abandoned { payment_hash, reason, .. } = pmt {
+ pending_events.lock().unwrap().push_back((events::Event::PaymentFailed {
+ payment_id: *pmt_id,
+ payment_hash: *payment_hash,
+ reason: *reason,
+ }, None));
+ retain = false;
+ }
+ }
+ retain
+ });
+ }
+
+ pub(super) fn needs_abandon(&self) -> bool {
+ let outbounds = self.pending_outbound_payments.lock().unwrap();
+ outbounds.iter().any(|(_, pmt)|
+ !pmt.is_auto_retryable_now() && pmt.remaining_parts() == 0 && !pmt.is_fulfilled())
+ }
+
+ /// Errors immediately on [`RetryableSendFailure`] error conditions. Otherwise, further errors may
+ /// be surfaced asynchronously via [`Event::PaymentPathFailed`] and [`Event::PaymentFailed`].
+ ///
+ /// [`Event::PaymentPathFailed`]: crate::events::Event::PaymentPathFailed
+ /// [`Event::PaymentFailed`]: crate::events::Event::PaymentFailed
+ fn send_payment_internal<R: Deref, NS: Deref, ES: Deref, IH, SP, L: Deref>(
+ &self, payment_id: PaymentId, payment_hash: PaymentHash, recipient_onion: RecipientOnionFields,
+ keysend_preimage: Option<PaymentPreimage>, retry_strategy: Retry, route_params: RouteParameters,
+ router: &R, first_hops: Vec<ChannelDetails>, inflight_htlcs: IH, entropy_source: &ES,
+ node_signer: &NS, best_block_height: u32, logger: &L,
+ pending_events: &Mutex<VecDeque<(events::Event, Option<EventCompletionAction>)>>, send_payment_along_path: SP,
+ ) -> Result<(), RetryableSendFailure>
+ where
+ R::Target: Router,
+ ES::Target: EntropySource,
+ NS::Target: NodeSigner,
+ L::Target: Logger,
+ IH: Fn() -> InFlightHtlcs,
+ SP: Fn(&Path, &PaymentHash, RecipientOnionFields, u64, u32, PaymentId,
+ &Option<PaymentPreimage>, [u8; 32]) -> Result<(), APIError>
+ {
+ #[cfg(feature = "std")] {
+ if has_expired(&route_params) {
+ return Err(RetryableSendFailure::PaymentExpired)
+ }
+ }
+
+ let route = router.find_route_with_id(
+ &node_signer.get_node_id(Recipient::Node).unwrap(), &route_params,
+ Some(&first_hops.iter().collect::<Vec<_>>()), &inflight_htlcs(),
+ payment_hash, payment_id,
+ ).map_err(|_| RetryableSendFailure::RouteNotFound)?;
+
+ let onion_session_privs = self.add_new_pending_payment(payment_hash,
+ recipient_onion.clone(), payment_id, keysend_preimage, &route, Some(retry_strategy),
+ Some(route_params.payment_params.clone()), entropy_source, best_block_height)
+ .map_err(|_| RetryableSendFailure::DuplicatePayment)?;
+
+ let res = self.pay_route_internal(&route, payment_hash, recipient_onion, None, payment_id, None,
+ onion_session_privs, node_signer, best_block_height, &send_payment_along_path);
+ log_info!(logger, "Result sending payment with id {}: {:?}", log_bytes!(payment_id.0), res);
+ if let Err(e) = res {
+ self.handle_pay_route_err(e, payment_id, payment_hash, route, route_params, router, first_hops, &inflight_htlcs, entropy_source, node_signer, best_block_height, logger, pending_events, &send_payment_along_path);
+ }
+ Ok(())
+ }
+
+ fn retry_payment_internal<R: Deref, NS: Deref, ES: Deref, IH, SP, L: Deref>(
+ &self, payment_hash: PaymentHash, payment_id: PaymentId, route_params: RouteParameters,
+ router: &R, first_hops: Vec<ChannelDetails>, inflight_htlcs: &IH, entropy_source: &ES,
+ node_signer: &NS, best_block_height: u32, logger: &L,
+ pending_events: &Mutex<VecDeque<(events::Event, Option<EventCompletionAction>)>>, send_payment_along_path: &SP,
+ )
+ where
+ R::Target: Router,
+ ES::Target: EntropySource,
+ NS::Target: NodeSigner,
+ L::Target: Logger,
+ IH: Fn() -> InFlightHtlcs,
+ SP: Fn(&Path, &PaymentHash, RecipientOnionFields, u64, u32, PaymentId,
+ &Option<PaymentPreimage>, [u8; 32]) -> Result<(), APIError>
+ {
+ #[cfg(feature = "std")] {
+ if has_expired(&route_params) {
+ log_error!(logger, "Payment params expired on retry, abandoning payment {}", log_bytes!(payment_id.0));
+ self.abandon_payment(payment_id, PaymentFailureReason::PaymentExpired, pending_events);
+ return
+ }
+ }
+
+ let route = match router.find_route_with_id(
+ &node_signer.get_node_id(Recipient::Node).unwrap(), &route_params,
+ Some(&first_hops.iter().collect::<Vec<_>>()), &inflight_htlcs(),
+ payment_hash, payment_id,
+ ) {
+ Ok(route) => route,
+ Err(e) => {
+ log_error!(logger, "Failed to find a route on retry, abandoning payment {}: {:#?}", log_bytes!(payment_id.0), e);
+ self.abandon_payment(payment_id, PaymentFailureReason::RouteNotFound, pending_events);
+ return
+ }
+ };
+ for path in route.paths.iter() {
+ if path.hops.len() == 0 {
+ log_error!(logger, "Unusable path in route (path.hops.len() must be at least 1");
+ self.abandon_payment(payment_id, PaymentFailureReason::UnexpectedError, pending_events);
+ return
+ }
+ }
+
+ const RETRY_OVERFLOW_PERCENTAGE: u64 = 10;
+ let mut onion_session_privs = Vec::with_capacity(route.paths.len());
+ for _ in 0..route.paths.len() {
+ onion_session_privs.push(entropy_source.get_secure_random_bytes());
+ }
+
+ macro_rules! abandon_with_entry {
+ ($payment: expr, $reason: expr) => {
+ $payment.get_mut().mark_abandoned($reason);
+ if let PendingOutboundPayment::Abandoned { reason, .. } = $payment.get() {
+ if $payment.get().remaining_parts() == 0 {
+ pending_events.lock().unwrap().push_back((events::Event::PaymentFailed {
+ payment_id,
+ payment_hash,
+ reason: *reason,
+ }, None));
+ $payment.remove();
+ }
+ }
+ }
+ }
+ let (total_msat, recipient_onion, keysend_preimage) = {
+ let mut outbounds = self.pending_outbound_payments.lock().unwrap();
+ match outbounds.entry(payment_id) {
+ hash_map::Entry::Occupied(mut payment) => {
+ let res = match payment.get() {
+ PendingOutboundPayment::Retryable {
+ total_msat, keysend_preimage, payment_secret, payment_metadata, pending_amt_msat, ..
+ } => {
+ let retry_amt_msat = route.get_total_amount();
+ if retry_amt_msat + *pending_amt_msat > *total_msat * (100 + RETRY_OVERFLOW_PERCENTAGE) / 100 {
+ log_error!(logger, "retry_amt_msat of {} will put pending_amt_msat (currently: {}) more than 10% over total_payment_amt_msat of {}", retry_amt_msat, pending_amt_msat, total_msat);
+ abandon_with_entry!(payment, PaymentFailureReason::UnexpectedError);
+ return
+ }
+ (*total_msat, RecipientOnionFields {
+ payment_secret: *payment_secret,
+ payment_metadata: payment_metadata.clone(),
+ }, *keysend_preimage)
+ },
+ PendingOutboundPayment::Legacy { .. } => {
+ log_error!(logger, "Unable to retry payments that were initially sent on LDK versions prior to 0.0.102");
+ return
+ },
+ PendingOutboundPayment::Fulfilled { .. } => {
+ log_error!(logger, "Payment already completed");
+ return
+ },
+ PendingOutboundPayment::Abandoned { .. } => {
+ log_error!(logger, "Payment already abandoned (with some HTLCs still pending)");
+ return
+ },
+ };
+ if !payment.get().is_retryable_now() {
+ log_error!(logger, "Retries exhausted for payment id {}", log_bytes!(payment_id.0));
+ abandon_with_entry!(payment, PaymentFailureReason::RetriesExhausted);
+ return
+ }
+ payment.get_mut().increment_attempts();
+ for (path, session_priv_bytes) in route.paths.iter().zip(onion_session_privs.iter()) {
+ assert!(payment.get_mut().insert(*session_priv_bytes, path));
+ }
+ res
+ },
+ hash_map::Entry::Vacant(_) => {
+ log_error!(logger, "Payment with ID {} not found", log_bytes!(payment_id.0));
+ return
+ }
+ }
+ };
+ let res = self.pay_route_internal(&route, payment_hash, recipient_onion, keysend_preimage,
+ payment_id, Some(total_msat), onion_session_privs, node_signer, best_block_height,
+ &send_payment_along_path);
+ log_info!(logger, "Result retrying payment id {}: {:?}", log_bytes!(payment_id.0), res);
+ if let Err(e) = res {
+ self.handle_pay_route_err(e, payment_id, payment_hash, route, route_params, router, first_hops, inflight_htlcs, entropy_source, node_signer, best_block_height, logger, pending_events, send_payment_along_path);
+ }
+ }
+
+ fn handle_pay_route_err<R: Deref, NS: Deref, ES: Deref, IH, SP, L: Deref>(
+ &self, err: PaymentSendFailure, payment_id: PaymentId, payment_hash: PaymentHash, route: Route,
+ mut route_params: RouteParameters, router: &R, first_hops: Vec<ChannelDetails>,
+ inflight_htlcs: &IH, entropy_source: &ES, node_signer: &NS, best_block_height: u32, logger: &L,
+ pending_events: &Mutex<VecDeque<(events::Event, Option<EventCompletionAction>)>>, send_payment_along_path: &SP,
+ )
+ where
+ R::Target: Router,
+ ES::Target: EntropySource,
+ NS::Target: NodeSigner,
+ L::Target: Logger,
+ IH: Fn() -> InFlightHtlcs,
+ SP: Fn(&Path, &PaymentHash, RecipientOnionFields, u64, u32, PaymentId,
+ &Option<PaymentPreimage>, [u8; 32]) -> Result<(), APIError>
+ {
+ match err {
+ PaymentSendFailure::AllFailedResendSafe(errs) => {
+ Self::push_path_failed_evs_and_scids(payment_id, payment_hash, &mut route_params, route.paths, errs.into_iter().map(|e| Err(e)), logger, pending_events);
+ self.retry_payment_internal(payment_hash, payment_id, route_params, router, first_hops, inflight_htlcs, entropy_source, node_signer, best_block_height, logger, pending_events, send_payment_along_path);
+ },
+ PaymentSendFailure::PartialFailure { failed_paths_retry: Some(mut retry), results, .. } => {
+ Self::push_path_failed_evs_and_scids(payment_id, payment_hash, &mut retry, route.paths, results.into_iter(), logger, pending_events);
+ // Some paths were sent, even if we failed to send the full MPP value our recipient may
+ // misbehave and claim the funds, at which point we have to consider the payment sent, so
+ // return `Ok()` here, ignoring any retry errors.
+ self.retry_payment_internal(payment_hash, payment_id, retry, router, first_hops, inflight_htlcs, entropy_source, node_signer, best_block_height, logger, pending_events, send_payment_along_path);
+ },
+ PaymentSendFailure::PartialFailure { failed_paths_retry: None, .. } => {
+ // This may happen if we send a payment and some paths fail, but only due to a temporary
+ // monitor failure or the like, implying they're really in-flight, but we haven't sent the
+ // initial HTLC-Add messages yet.
+ },
+ PaymentSendFailure::PathParameterError(results) => {
+ log_error!(logger, "Failed to send to route due to parameter error in a single path. Your router is buggy");
+ Self::push_path_failed_evs_and_scids(payment_id, payment_hash, &mut route_params, route.paths, results.into_iter(), logger, pending_events);
+ self.abandon_payment(payment_id, PaymentFailureReason::UnexpectedError, pending_events);
+ },
+ PaymentSendFailure::ParameterError(e) => {
+ log_error!(logger, "Failed to send to route due to parameter error: {:?}. Your router is buggy", e);
+ self.abandon_payment(payment_id, PaymentFailureReason::UnexpectedError, pending_events);
+ },
+ PaymentSendFailure::DuplicatePayment => debug_assert!(false), // unreachable
+ }
+ }
+
+ fn push_path_failed_evs_and_scids<I: ExactSizeIterator + Iterator<Item = Result<(), APIError>>, L: Deref>(
+ payment_id: PaymentId, payment_hash: PaymentHash, route_params: &mut RouteParameters,
+ paths: Vec<Path>, path_results: I, logger: &L,
+ pending_events: &Mutex<VecDeque<(events::Event, Option<EventCompletionAction>)>>,
+ ) where L::Target: Logger {
+ let mut events = pending_events.lock().unwrap();
+ debug_assert_eq!(paths.len(), path_results.len());
+ for (path, path_res) in paths.into_iter().zip(path_results) {
+ if let Err(e) = path_res {
+ if let APIError::MonitorUpdateInProgress = e { continue }
+ log_error!(logger, "Failed to send along path due to error: {:?}", e);
+ let mut failed_scid = None;
+ if let APIError::ChannelUnavailable { .. } = e {
+ let scid = path.hops[0].short_channel_id;
+ failed_scid = Some(scid);
+ route_params.payment_params.previously_failed_channels.push(scid);
+ }
+ events.push_back((events::Event::PaymentPathFailed {
+ payment_id: Some(payment_id),
+ payment_hash,
+ payment_failed_permanently: false,
+ failure: events::PathFailure::InitialSend { err: e },
+ path,
+ short_channel_id: failed_scid,
+ #[cfg(test)]
+ error_code: None,
+ #[cfg(test)]
+ error_data: None,
+ }, None));
+ }
+ }
+ }
+
+ pub(super) fn send_probe<ES: Deref, NS: Deref, F>(
+ &self, path: Path, probing_cookie_secret: [u8; 32], entropy_source: &ES, node_signer: &NS,
+ best_block_height: u32, send_payment_along_path: F
+ ) -> Result<(PaymentHash, PaymentId), PaymentSendFailure>
+ where
+ ES::Target: EntropySource,
+ NS::Target: NodeSigner,
+ F: Fn(&Path, &PaymentHash, RecipientOnionFields, u64, u32, PaymentId,
+ &Option<PaymentPreimage>, [u8; 32]) -> Result<(), APIError>
+ {
+ let payment_id = PaymentId(entropy_source.get_secure_random_bytes());
+
+ let payment_hash = probing_cookie_from_id(&payment_id, probing_cookie_secret);
+
+ if path.hops.len() < 2 && path.blinded_tail.is_none() {
+ return Err(PaymentSendFailure::ParameterError(APIError::APIMisuseError {
+ err: "No need probing a path with less than two hops".to_string()
+ }))
+ }
+
+ let route = Route { paths: vec![path], payment_params: None };
+ let onion_session_privs = self.add_new_pending_payment(payment_hash,
+ RecipientOnionFields::spontaneous_empty(), payment_id, None, &route, None, None,
+ entropy_source, best_block_height)?;
+
+ match self.pay_route_internal(&route, payment_hash, RecipientOnionFields::spontaneous_empty(),
+ None, payment_id, None, onion_session_privs, node_signer, best_block_height, &send_payment_along_path
+ ) {
+ Ok(()) => Ok((payment_hash, payment_id)),
+ Err(e) => {
+ self.remove_outbound_if_all_failed(payment_id, &e);
+ Err(e)
+ }
+ }
+ }
+
+ #[cfg(test)]
+ pub(super) fn test_set_payment_metadata(
+ &self, payment_id: PaymentId, new_payment_metadata: Option<Vec<u8>>
+ ) {
+ match self.pending_outbound_payments.lock().unwrap().get_mut(&payment_id).unwrap() {
+ PendingOutboundPayment::Retryable { payment_metadata, .. } => {
+ *payment_metadata = new_payment_metadata;
+ },
+ _ => panic!("Need a retryable payment to update metadata on"),
+ }
+ }
+
+ #[cfg(test)]
+ pub(super) fn test_add_new_pending_payment<ES: Deref>(
+ &self, payment_hash: PaymentHash, recipient_onion: RecipientOnionFields, payment_id: PaymentId,
+ route: &Route, retry_strategy: Option<Retry>, entropy_source: &ES, best_block_height: u32
+ ) -> Result<Vec<[u8; 32]>, PaymentSendFailure> where ES::Target: EntropySource {
+ self.add_new_pending_payment(payment_hash, recipient_onion, payment_id, None, route, retry_strategy, None, entropy_source, best_block_height)
+ }
+
+ pub(super) fn add_new_pending_payment<ES: Deref>(
+ &self, payment_hash: PaymentHash, recipient_onion: RecipientOnionFields, payment_id: PaymentId,
+ keysend_preimage: Option<PaymentPreimage>, route: &Route, retry_strategy: Option<Retry>,
+ payment_params: Option<PaymentParameters>, entropy_source: &ES, best_block_height: u32
+ ) -> Result<Vec<[u8; 32]>, PaymentSendFailure> where ES::Target: EntropySource {
+ let mut onion_session_privs = Vec::with_capacity(route.paths.len());
+ for _ in 0..route.paths.len() {
+ onion_session_privs.push(entropy_source.get_secure_random_bytes());
+ }
+
+ let mut pending_outbounds = self.pending_outbound_payments.lock().unwrap();
+ match pending_outbounds.entry(payment_id) {
+ hash_map::Entry::Occupied(_) => Err(PaymentSendFailure::DuplicatePayment),
+ hash_map::Entry::Vacant(entry) => {
+ let payment = entry.insert(PendingOutboundPayment::Retryable {
+ retry_strategy,
+ attempts: PaymentAttempts::new(),
+ payment_params,
+ session_privs: HashSet::new(),
+ pending_amt_msat: 0,
+ pending_fee_msat: Some(0),
+ payment_hash,
+ payment_secret: recipient_onion.payment_secret,
+ payment_metadata: recipient_onion.payment_metadata,
+ keysend_preimage,
+ starting_block_height: best_block_height,
+ total_msat: route.get_total_amount(),
+ });
+
+ for (path, session_priv_bytes) in route.paths.iter().zip(onion_session_privs.iter()) {
+ assert!(payment.insert(*session_priv_bytes, path));
+ }
+
+ Ok(onion_session_privs)
+ },
+ }
+ }
+
+ fn pay_route_internal<NS: Deref, F>(
+ &self, route: &Route, payment_hash: PaymentHash, recipient_onion: RecipientOnionFields,
+ keysend_preimage: Option<PaymentPreimage>, payment_id: PaymentId, recv_value_msat: Option<u64>,
+ onion_session_privs: Vec<[u8; 32]>, node_signer: &NS, best_block_height: u32,
+ send_payment_along_path: &F
+ ) -> Result<(), PaymentSendFailure>
+ where
+ NS::Target: NodeSigner,
+ F: Fn(&Path, &PaymentHash, RecipientOnionFields, u64, u32, PaymentId,
+ &Option<PaymentPreimage>, [u8; 32]) -> Result<(), APIError>
+ {
+ if route.paths.len() < 1 {
+ return Err(PaymentSendFailure::ParameterError(APIError::InvalidRoute{err: "There must be at least one path to send over".to_owned()}));
+ }
+ if recipient_onion.payment_secret.is_none() && route.paths.len() > 1 {
+ return Err(PaymentSendFailure::ParameterError(APIError::APIMisuseError{err: "Payment secret is required for multi-path payments".to_owned()}));
+ }
+ let mut total_value = 0;
+ let our_node_id = node_signer.get_node_id(Recipient::Node).unwrap(); // TODO no unwrap
+ let mut path_errs = Vec::with_capacity(route.paths.len());
+ 'path_check: for path in route.paths.iter() {
+ if path.hops.len() < 1 || path.hops.len() > 20 {
+ path_errs.push(Err(APIError::InvalidRoute{err: "Path didn't go anywhere/had bogus size".to_owned()}));
+ continue 'path_check;
+ }
+ if path.blinded_tail.is_some() {
+ path_errs.push(Err(APIError::InvalidRoute{err: "Sending to blinded paths isn't supported yet".to_owned()}));
+ continue 'path_check;
+ }
+ let dest_hop_idx = if path.blinded_tail.is_some() && path.blinded_tail.as_ref().unwrap().hops.len() > 1 {
+ usize::max_value() } else { path.hops.len() - 1 };
+ for (idx, hop) in path.hops.iter().enumerate() {
+ if idx != dest_hop_idx && hop.pubkey == our_node_id {
+ path_errs.push(Err(APIError::InvalidRoute{err: "Path went through us but wasn't a simple rebalance loop to us".to_owned()}));
+ continue 'path_check;
+ }
+ }
+ total_value += path.final_value_msat();
+ path_errs.push(Ok(()));
+ }
+ if path_errs.iter().any(|e| e.is_err()) {
+ return Err(PaymentSendFailure::PathParameterError(path_errs));
+ }
+ if let Some(amt_msat) = recv_value_msat {
+ total_value = amt_msat;
+ }
+
+ let cur_height = best_block_height + 1;
+ let mut results = Vec::new();
+ debug_assert_eq!(route.paths.len(), onion_session_privs.len());
+ for (path, session_priv) in route.paths.iter().zip(onion_session_privs.into_iter()) {
+ let mut path_res = send_payment_along_path(&path, &payment_hash, recipient_onion.clone(),
+ total_value, cur_height, payment_id, &keysend_preimage, session_priv);
+ match path_res {
+ Ok(_) => {},
+ Err(APIError::MonitorUpdateInProgress) => {
+ // While a MonitorUpdateInProgress is an Err(_), the payment is still
+ // considered "in flight" and we shouldn't remove it from the
+ // PendingOutboundPayment set.
+ },
+ Err(_) => {
+ let mut pending_outbounds = self.pending_outbound_payments.lock().unwrap();
+ if let Some(payment) = pending_outbounds.get_mut(&payment_id) {
+ let removed = payment.remove(&session_priv, Some(path));
+ debug_assert!(removed, "This can't happen as the payment has an entry for this path added by callers");
+ } else {
+ debug_assert!(false, "This can't happen as the payment was added by callers");
+ path_res = Err(APIError::APIMisuseError { err: "Internal error: payment disappeared during processing. Please report this bug!".to_owned() });
+ }
+ }
+ }
+ results.push(path_res);
+ }
+ let mut has_ok = false;
+ let mut has_err = false;
+ let mut pending_amt_unsent = 0;
+ for (res, path) in results.iter().zip(route.paths.iter()) {
+ if res.is_ok() { has_ok = true; }
+ if res.is_err() { has_err = true; }
+ if let &Err(APIError::MonitorUpdateInProgress) = res {
+ // MonitorUpdateInProgress is inherently unsafe to retry, so we call it a
+ // PartialFailure.
+ has_err = true;
+ has_ok = true;
+ } else if res.is_err() {
+ pending_amt_unsent += path.final_value_msat();
+ }
+ }
+ if has_err && has_ok {
+ Err(PaymentSendFailure::PartialFailure {
+ results,
+ payment_id,
+ failed_paths_retry: if pending_amt_unsent != 0 {
+ if let Some(payment_params) = &route.payment_params {
+ Some(RouteParameters {
+ payment_params: payment_params.clone(),
+ final_value_msat: pending_amt_unsent,
+ })
+ } else { None }
+ } else { None },
+ })
+ } else if has_err {
+ Err(PaymentSendFailure::AllFailedResendSafe(results.drain(..).map(|r| r.unwrap_err()).collect()))
+ } else {
+ Ok(())
+ }
+ }
+
+ #[cfg(test)]
+ pub(super) fn test_send_payment_internal<NS: Deref, F>(
+ &self, route: &Route, payment_hash: PaymentHash, recipient_onion: RecipientOnionFields,
+ keysend_preimage: Option<PaymentPreimage>, payment_id: PaymentId, recv_value_msat: Option<u64>,
+ onion_session_privs: Vec<[u8; 32]>, node_signer: &NS, best_block_height: u32,
+ send_payment_along_path: F
+ ) -> Result<(), PaymentSendFailure>
+ where
+ NS::Target: NodeSigner,
+ F: Fn(&Path, &PaymentHash, RecipientOnionFields, u64, u32, PaymentId,
+ &Option<PaymentPreimage>, [u8; 32]) -> Result<(), APIError>
+ {
+ self.pay_route_internal(route, payment_hash, recipient_onion, keysend_preimage, payment_id,
+ recv_value_msat, onion_session_privs, node_signer, best_block_height,
+ &send_payment_along_path)
+ .map_err(|e| { self.remove_outbound_if_all_failed(payment_id, &e); e })
+ }
+
+ // If we failed to send any paths, remove the new PaymentId from the `pending_outbound_payments`
+ // map as the payment is free to be resent.
+ fn remove_outbound_if_all_failed(&self, payment_id: PaymentId, err: &PaymentSendFailure) {
+ if let &PaymentSendFailure::AllFailedResendSafe(_) = err {
+ let removed = self.pending_outbound_payments.lock().unwrap().remove(&payment_id).is_some();
+ debug_assert!(removed, "We should always have a pending payment to remove here");
+ }
+ }
+
+ pub(super) fn claim_htlc<L: Deref>(
+ &self, payment_id: PaymentId, payment_preimage: PaymentPreimage, session_priv: SecretKey,
+ path: Path, from_onchain: bool,
+ pending_events: &Mutex<VecDeque<(events::Event, Option<EventCompletionAction>)>>,
+ logger: &L,
+ ) where L::Target: Logger {
+ let mut session_priv_bytes = [0; 32];
+ session_priv_bytes.copy_from_slice(&session_priv[..]);
+ let mut outbounds = self.pending_outbound_payments.lock().unwrap();
+ let mut pending_events = pending_events.lock().unwrap();
+ if let hash_map::Entry::Occupied(mut payment) = outbounds.entry(payment_id) {
+ if !payment.get().is_fulfilled() {
+ let payment_hash = PaymentHash(Sha256::hash(&payment_preimage.0).into_inner());
+ let fee_paid_msat = payment.get().get_pending_fee_msat();
+ pending_events.push_back((events::Event::PaymentSent {
+ payment_id: Some(payment_id),
+ payment_preimage,
+ payment_hash,
+ fee_paid_msat,
+ }, None));
+ payment.get_mut().mark_fulfilled();
+ }
+
+ if from_onchain {
+ // We currently immediately remove HTLCs which were fulfilled on-chain.
+ // This could potentially lead to removing a pending payment too early,
+ // with a reorg of one block causing us to re-add the fulfilled payment on
+ // restart.
+ // TODO: We should have a second monitor event that informs us of payments
+ // irrevocably fulfilled.
+ if payment.get_mut().remove(&session_priv_bytes, Some(&path)) {
+ let payment_hash = Some(PaymentHash(Sha256::hash(&payment_preimage.0).into_inner()));
+ pending_events.push_back((events::Event::PaymentPathSuccessful {
+ payment_id,
+ payment_hash,
+ path,
+ }, None));
+ }
+ }
+ } else {
+ log_trace!(logger, "Received duplicative fulfill for HTLC with payment_preimage {}", log_bytes!(payment_preimage.0));
+ }
+ }
+
+ pub(super) fn finalize_claims(&self, sources: Vec<HTLCSource>,
+ pending_events: &Mutex<VecDeque<(events::Event, Option<EventCompletionAction>)>>)
+ {
+ let mut outbounds = self.pending_outbound_payments.lock().unwrap();
+ let mut pending_events = pending_events.lock().unwrap();
+ for source in sources {
+ if let HTLCSource::OutboundRoute { session_priv, payment_id, path, .. } = source {
+ let mut session_priv_bytes = [0; 32];
+ session_priv_bytes.copy_from_slice(&session_priv[..]);
+ if let hash_map::Entry::Occupied(mut payment) = outbounds.entry(payment_id) {
+ assert!(payment.get().is_fulfilled());
+ if payment.get_mut().remove(&session_priv_bytes, None) {
+ let payment_hash = payment.get().payment_hash();
+ debug_assert!(payment_hash.is_some());
+ pending_events.push_back((events::Event::PaymentPathSuccessful {
+ payment_id,
+ payment_hash,
+ path,
+ }, None));
+ }
+ }
+ }
+ }
+ }
+
+ pub(super) fn remove_stale_resolved_payments(&self,
+ pending_events: &Mutex<VecDeque<(events::Event, Option<EventCompletionAction>)>>)
+ {
+ // If an outbound payment was completed, and no pending HTLCs remain, we should remove it
+ // from the map. However, if we did that immediately when the last payment HTLC is claimed,
+ // this could race the user making a duplicate send_payment call and our idempotency
+ // guarantees would be violated. Instead, we wait a few timer ticks to do the actual
+ // removal. This should be more than sufficient to ensure the idempotency of any
+ // `send_payment` calls that were made at the same time the `PaymentSent` event was being
+ // processed.
+ let mut pending_outbound_payments = self.pending_outbound_payments.lock().unwrap();
+ let pending_events = pending_events.lock().unwrap();
+ pending_outbound_payments.retain(|payment_id, payment| {
+ if let PendingOutboundPayment::Fulfilled { session_privs, timer_ticks_without_htlcs, .. } = payment {
+ let mut no_remaining_entries = session_privs.is_empty();
+ if no_remaining_entries {
+ for (ev, _) in pending_events.iter() {
+ match ev {
+ events::Event::PaymentSent { payment_id: Some(ev_payment_id), .. } |
+ events::Event::PaymentPathSuccessful { payment_id: ev_payment_id, .. } |
+ events::Event::PaymentPathFailed { payment_id: Some(ev_payment_id), .. } => {
+ if payment_id == ev_payment_id {
+ no_remaining_entries = false;
+ break;
+ }
+ },
+ _ => {},
+ }
+ }
+ }
+ if no_remaining_entries {
+ *timer_ticks_without_htlcs += 1;
+ *timer_ticks_without_htlcs <= IDEMPOTENCY_TIMEOUT_TICKS
+ } else {
+ *timer_ticks_without_htlcs = 0;
+ true
+ }
+ } else { true }
+ });
+ }
+
+ // Returns a bool indicating whether a PendingHTLCsForwardable event should be generated.
+ pub(super) fn fail_htlc<L: Deref>(
+ &self, source: &HTLCSource, payment_hash: &PaymentHash, onion_error: &HTLCFailReason,
+ path: &Path, session_priv: &SecretKey, payment_id: &PaymentId,
+ probing_cookie_secret: [u8; 32], secp_ctx: &Secp256k1<secp256k1::All>,
+ pending_events: &Mutex<VecDeque<(events::Event, Option<EventCompletionAction>)>>, logger: &L,
+ ) -> bool where L::Target: Logger {
+ #[cfg(test)]
+ let (network_update, short_channel_id, payment_retryable, onion_error_code, onion_error_data) = onion_error.decode_onion_failure(secp_ctx, logger, &source);
+ #[cfg(not(test))]
+ let (network_update, short_channel_id, payment_retryable, _, _) = onion_error.decode_onion_failure(secp_ctx, logger, &source);
+
+ let payment_is_probe = payment_is_probe(payment_hash, &payment_id, probing_cookie_secret);
+ let mut session_priv_bytes = [0; 32];
+ session_priv_bytes.copy_from_slice(&session_priv[..]);
+ let mut outbounds = self.pending_outbound_payments.lock().unwrap();
+
+ // If any payments already need retry, there's no need to generate a redundant
+ // `PendingHTLCsForwardable`.
+ let already_awaiting_retry = outbounds.iter().any(|(_, pmt)| {
+ let mut awaiting_retry = false;
+ if pmt.is_auto_retryable_now() {
+ if let PendingOutboundPayment::Retryable { pending_amt_msat, total_msat, .. } = pmt {
+ if pending_amt_msat < total_msat {
+ awaiting_retry = true;
+ }
+ }
+ }
+ awaiting_retry
+ });
+
+ let mut full_failure_ev = None;
+ let mut pending_retry_ev = false;
+ let attempts_remaining = if let hash_map::Entry::Occupied(mut payment) = outbounds.entry(*payment_id) {
+ if !payment.get_mut().remove(&session_priv_bytes, Some(&path)) {
+ log_trace!(logger, "Received duplicative fail for HTLC with payment_hash {}", log_bytes!(payment_hash.0));
+ return false
+ }
+ if payment.get().is_fulfilled() {
+ log_trace!(logger, "Received failure of HTLC with payment_hash {} after payment completion", log_bytes!(payment_hash.0));
+ return false
+ }
+ let mut is_retryable_now = payment.get().is_auto_retryable_now();
+ if let Some(scid) = short_channel_id {
+ // TODO: If we decided to blame ourselves (or one of our channels) in
+ // process_onion_failure we should close that channel as it implies our
+ // next-hop is needlessly blaming us!
+ payment.get_mut().insert_previously_failed_scid(scid);
+ }
+
+ if payment_is_probe || !is_retryable_now || !payment_retryable {
+ let reason = if !payment_retryable {
+ PaymentFailureReason::RecipientRejected
+ } else {
+ PaymentFailureReason::RetriesExhausted
+ };
+ payment.get_mut().mark_abandoned(reason);
+ is_retryable_now = false;
+ }
+ if payment.get().remaining_parts() == 0 {
+ if let PendingOutboundPayment::Abandoned { payment_hash, reason, .. }= payment.get() {
+ if !payment_is_probe {
+ full_failure_ev = Some(events::Event::PaymentFailed {
+ payment_id: *payment_id,
+ payment_hash: *payment_hash,
+ reason: *reason,
+ });
+ }
+ payment.remove();
+ }
+ }
+ is_retryable_now
+ } else {
+ log_trace!(logger, "Received duplicative fail for HTLC with payment_hash {}", log_bytes!(payment_hash.0));
+ return false
+ };
+ core::mem::drop(outbounds);
+ log_trace!(logger, "Failing outbound payment HTLC with payment_hash {}", log_bytes!(payment_hash.0));
+
+ let path_failure = {
+ if payment_is_probe {
+ if !payment_retryable {
+ events::Event::ProbeSuccessful {
+ payment_id: *payment_id,
+ payment_hash: payment_hash.clone(),
+ path: path.clone(),
+ }
+ } else {
+ events::Event::ProbeFailed {
+ payment_id: *payment_id,
+ payment_hash: payment_hash.clone(),
+ path: path.clone(),
+ short_channel_id,
+ }
+ }
+ } else {
+ // If we miss abandoning the payment above, we *must* generate an event here or else the
+ // payment will sit in our outbounds forever.
+ if attempts_remaining && !already_awaiting_retry {
+ debug_assert!(full_failure_ev.is_none());
+ pending_retry_ev = true;
+ }
+ events::Event::PaymentPathFailed {
+ payment_id: Some(*payment_id),
+ payment_hash: payment_hash.clone(),
+ payment_failed_permanently: !payment_retryable,
+ failure: events::PathFailure::OnPath { network_update },
+ path: path.clone(),
+ short_channel_id,
+ #[cfg(test)]
+ error_code: onion_error_code,
+ #[cfg(test)]
+ error_data: onion_error_data
+ }
+ }
+ };
+ let mut pending_events = pending_events.lock().unwrap();
+ pending_events.push_back((path_failure, None));
+ if let Some(ev) = full_failure_ev { pending_events.push_back((ev, None)); }
+ pending_retry_ev
+ }
+
+ pub(super) fn abandon_payment(
+ &self, payment_id: PaymentId, reason: PaymentFailureReason,
+ pending_events: &Mutex<VecDeque<(events::Event, Option<EventCompletionAction>)>>
+ ) {
+ let mut outbounds = self.pending_outbound_payments.lock().unwrap();
+ if let hash_map::Entry::Occupied(mut payment) = outbounds.entry(payment_id) {
+ payment.get_mut().mark_abandoned(reason);
+ if let PendingOutboundPayment::Abandoned { payment_hash, reason, .. } = payment.get() {
+ if payment.get().remaining_parts() == 0 {
+ pending_events.lock().unwrap().push_back((events::Event::PaymentFailed {
+ payment_id,
+ payment_hash: *payment_hash,
+ reason: *reason,
+ }, None));
+ payment.remove();
+ }
+ }
+ }
+ }
+
+ #[cfg(test)]
+ pub fn has_pending_payments(&self) -> bool {
+ !self.pending_outbound_payments.lock().unwrap().is_empty()
+ }
+
+ #[cfg(test)]
+ pub fn clear_pending_payments(&self) {
+ self.pending_outbound_payments.lock().unwrap().clear()
+ }
+}
+
+/// Returns whether a payment with the given [`PaymentHash`] and [`PaymentId`] is, in fact, a
+/// payment probe.
+pub(super) fn payment_is_probe(payment_hash: &PaymentHash, payment_id: &PaymentId,
+ probing_cookie_secret: [u8; 32]) -> bool
+{
+ let target_payment_hash = probing_cookie_from_id(payment_id, probing_cookie_secret);
+ target_payment_hash == *payment_hash
+}
+
+/// Returns the 'probing cookie' for the given [`PaymentId`].
+fn probing_cookie_from_id(payment_id: &PaymentId, probing_cookie_secret: [u8; 32]) -> PaymentHash {
+ let mut preimage = [0u8; 64];
+ preimage[..32].copy_from_slice(&probing_cookie_secret);
+ preimage[32..].copy_from_slice(&payment_id.0);
+ PaymentHash(Sha256::hash(&preimage).into_inner())
+}
+