use crate::ln::channel::MAX_FUNDING_SATOSHIS_NO_WUMBO;
use crate::ln::channelmanager::{BREAKDOWN_TIMEOUT, MAX_LOCAL_BREAKDOWN_TIMEOUT};
+#[cfg(fuzzing)]
+use crate::util::ser::Readable;
+
/// Configuration we set when applicable.
///
-/// Default::default() provides sane defaults.
+/// `Default::default()` provides sane defaults.
#[derive(Copy, Clone, Debug)]
pub struct ChannelHandshakeConfig {
/// Confirmations we will wait for before considering the channel locked in.
- /// Applied only for inbound channels (see ChannelHandshakeLimits::max_minimum_depth for the
+ /// Applied only for inbound channels (see [`ChannelHandshakeLimits::max_minimum_depth`] for the
/// equivalent limit applied to outbound channels).
///
- /// A lower-bound of 1 is applied, requiring all channels to have a confirmed commitment
+ /// A lower-bound of `1` is applied, requiring all channels to have a confirmed commitment
/// transaction before operation. If you wish to accept channels with zero confirmations, see
/// [`UserConfig::manually_accept_inbound_channels`] and
/// [`ChannelManager::accept_inbound_channel_from_trusted_peer_0conf`].
///
- /// Default value: 6.
+ /// Default value: `6`
///
/// [`ChannelManager::accept_inbound_channel`]: crate::ln::channelmanager::ChannelManager::accept_inbound_channel
/// [`ChannelManager::accept_inbound_channel_from_trusted_peer_0conf`]: crate::ln::channelmanager::ChannelManager::accept_inbound_channel_from_trusted_peer_0conf
/// case of an honest unilateral channel close, which implicitly decrease the economic value of
/// our channel.
///
- /// Default value: [`BREAKDOWN_TIMEOUT`], we enforce it as a minimum at channel opening so you
- /// can tweak config to ask for more security, not less.
+ /// Default value: [`BREAKDOWN_TIMEOUT`] (We enforce it as a minimum at channel opening so you
+ /// can tweak config to ask for more security, not less.)
pub our_to_self_delay: u16,
/// Set to the smallest value HTLC we will accept to process.
///
/// This value is sent to our counterparty on channel-open and we close the channel any time
/// our counterparty misbehaves by sending us an HTLC with a value smaller than this.
///
- /// Default value: 1. If the value is less than 1, it is ignored and set to 1, as is required
- /// by the protocol.
+ /// Default value: `1` (If the value is less than `1`, it is ignored and set to `1`, as is
+ /// required by the protocol.
pub our_htlc_minimum_msat: u64,
/// Sets the percentage of the channel value we will cap the total value of outstanding inbound
/// HTLCs to.
/// channel value in whole percentages.
///
/// Note that:
- /// * If configured to another value than the default value 10, any new channels created with
+ /// * If configured to another value than the default value `10`, any new channels created with
/// the non default value will cause versions of LDK prior to 0.0.104 to refuse to read the
/// `ChannelManager`.
///
/// See [`ChannelHandshakeConfig::our_to_self_delay`] and [`ChannelConfig::cltv_expiry_delta`]
/// for more information.
///
- /// Default value: 10.
- /// Minimum value: 1, any values less than 1 will be treated as 1 instead.
- /// Maximum value: 100, any values larger than 100 will be treated as 100 instead.
+ /// Default value: `10`
+ ///
+ /// Minimum value: `1` (Any values less will be treated as `1` instead.)
+ ///
+ /// Maximum value: `100` (Any values larger will be treated as `100` instead.)
pub max_inbound_htlc_value_in_flight_percent_of_channel: u8,
/// If set, we attempt to negotiate the `scid_privacy` (referred to as `scid_alias` in the
/// BOLTs) option for outbound private channels. This provides better privacy by not including
/// [`ChannelHandshakeConfig::announced_channel`] and
/// [`ChannelHandshakeLimits::force_announced_channel_preference`] for more.
///
- /// Default value: false. This value is likely to change to true in the future.
+ /// Default value: `false` (This value is likely to change to `true` in the future.)
///
/// [`ChannelManager`]: crate::ln::channelmanager::ChannelManager
/// [`DecodeError::InvalidValue`]: crate::ln::msgs::DecodeError::InvalidValue
/// As the node which funds a channel picks this value this will only apply for new outbound
/// channels unless [`ChannelHandshakeLimits::force_announced_channel_preference`] is set.
///
- /// Default value: false.
+ /// Default value: `false`
pub announced_channel: bool,
/// When set, we commit to an upfront shutdown_pubkey at channel open. If our counterparty
/// supports it, they will then enforce the mutual-close output to us matches what we provided
///
/// The upfront key committed is provided from [`SignerProvider::get_shutdown_scriptpubkey`].
///
- /// Default value: true.
+ /// Default value: `true`
///
/// [`SignerProvider::get_shutdown_scriptpubkey`]: crate::sign::SignerProvider::get_shutdown_scriptpubkey
pub commit_upfront_shutdown_pubkey: bool,
/// Note: Versions of LDK earlier than v0.0.104 will fail to read channels with any channel reserve
/// other than the default value.
///
- /// Default value: 1% of channel value, i.e., configured as 10,000 millionths.
- /// Minimum value: If the calculated proportional value is less than 1000 sats, it will be treated
- /// as 1000 sats instead, which is a safe implementation-specific lower bound.
- /// Maximum value: 1,000,000, any values larger than 1 Million will be treated as 1 Million (or 100%)
- /// instead, although channel negotiations will fail in that case.
+ /// Default value: `10_000` millionths (i.e., 1% of channel value)
+ ///
+ /// Minimum value: If the calculated proportional value is less than `1000` sats, it will be
+ /// treated as `1000` sats instead, which is a safe implementation-specific lower
+ /// bound.
+ ///
+ /// Maximum value: `1_000_000` (i.e., 100% of channel value. Any values larger than one million
+ /// will be treated as one million instead, although channel negotiations will
+ /// fail in that case.)
pub their_channel_reserve_proportional_millionths: u32,
/// If set, we attempt to negotiate the `anchors_zero_fee_htlc_tx`option for all future
/// channels. This feature requires having a reserve of onchain funds readily available to bump
/// vulnerability after its deployment. For more context, see the [`SIGHASH_SINGLE + update_fee
/// Considered Harmful`] mailing list post.
///
- /// Default value: false. This value is likely to change to true in the future.
+ /// Default value: `false` (This value is likely to change to `true` in the future.)
///
/// [`ChannelManager`]: crate::ln::channelmanager::ChannelManager
/// [`ChannelManager::accept_inbound_channel`]: crate::ln::channelmanager::ChannelManager::accept_inbound_channel
/// Note: Versions of LDK earlier than v0.0.115 will fail to read channels with a configuration
/// other than the default value.
///
- /// Default value: 50
- /// Maximum value: 483, any values larger will be treated as 483.
- /// This is the BOLT #2 spec limit on `max_accepted_htlcs`.
+ /// Default value: `50`
+ ///
+ /// Maximum value: `483` (Any values larger will be treated as `483`. This is the BOLT #2 spec
+ /// limit on `max_accepted_htlcs`.)
pub our_max_accepted_htlcs: u16,
}
}
}
+// When fuzzing, we want to allow the fuzzer to pick any configuration parameters. Thus, we
+// implement Readable here in a naive way (which is a bit easier for the fuzzer to handle). We
+// don't really want to ever expose this to users (if we did we'd want to use TLVs).
+#[cfg(fuzzing)]
+impl Readable for ChannelHandshakeConfig {
+ fn read<R: crate::io::Read>(reader: &mut R) -> Result<Self, crate::ln::msgs::DecodeError> {
+ Ok(Self {
+ minimum_depth: Readable::read(reader)?,
+ our_to_self_delay: Readable::read(reader)?,
+ our_htlc_minimum_msat: Readable::read(reader)?,
+ max_inbound_htlc_value_in_flight_percent_of_channel: Readable::read(reader)?,
+ negotiate_scid_privacy: Readable::read(reader)?,
+ announced_channel: Readable::read(reader)?,
+ commit_upfront_shutdown_pubkey: Readable::read(reader)?,
+ their_channel_reserve_proportional_millionths: Readable::read(reader)?,
+ negotiate_anchors_zero_fee_htlc_tx: Readable::read(reader)?,
+ our_max_accepted_htlcs: Readable::read(reader)?,
+ })
+ }
+}
+
/// Optional channel limits which are applied during channel creation.
///
/// These limits are only applied to our counterparty's limits, not our own.
///
-/// Use 0/`<type>::max_value()` as appropriate to skip checking.
+/// Use `0` or `<type>::max_value()` as appropriate to skip checking.
///
/// Provides sane defaults for most configurations.
///
/// Minimum allowed satoshis when a channel is funded. This is supplied by the sender and so
/// only applies to inbound channels.
///
- /// Default value: 0.
+ /// Default value: `0`
pub min_funding_satoshis: u64,
/// Maximum allowed satoshis when a channel is funded. This is supplied by the sender and so
/// only applies to inbound channels.
///
- /// Default value: 2^24 - 1.
+ /// Default value: `2^24 - 1`
pub max_funding_satoshis: u64,
/// The remote node sets a limit on the minimum size of HTLCs we can send to them. This allows
/// you to limit the maximum minimum-size they can require.
///
- /// Default value: u64::max_value.
+ /// Default value: `u64::max_value`
pub max_htlc_minimum_msat: u64,
/// The remote node sets a limit on the maximum value of pending HTLCs to them at any given
/// time to limit their funds exposure to HTLCs. This allows you to set a minimum such value.
///
- /// Default value: 0.
+ /// Default value: `0`
pub min_max_htlc_value_in_flight_msat: u64,
/// The remote node will require we keep a certain amount in direct payment to ourselves at all
/// time, ensuring that we are able to be punished if we broadcast an old state. This allows to
/// you limit the amount which we will have to keep to ourselves (and cannot use for HTLCs).
///
- /// Default value: u64::max_value.
+ /// Default value: `u64::max_value`.
pub max_channel_reserve_satoshis: u64,
/// The remote node sets a limit on the maximum number of pending HTLCs to them at any given
/// time. This allows you to set a minimum such value.
///
- /// Default value: 0.
+ /// Default value: `0`
pub min_max_accepted_htlcs: u16,
/// Before a channel is usable the funding transaction will need to be confirmed by at least a
/// certain number of blocks, specified by the node which is not the funder (as the funder can
/// assume they aren't going to double-spend themselves).
/// This config allows you to set a limit on the maximum amount of time to wait.
///
- /// Default value: 144, or roughly one day and only applies to outbound channels.
+ /// Default value: `144`, or roughly one day and only applies to outbound channels
pub max_minimum_depth: u32,
/// Whether we implicitly trust funding transactions generated by us for our own outbound
/// channels to not be double-spent.
/// You may wish to un-set this if you allow the user to (or do in an automated fashion)
/// double-spend the funding transaction to RBF with an alternative channel open.
///
- /// This only applies if our counterparty set their confirmations-required value to 0, and we
- /// always trust our own funding transaction at 1 confirmation irrespective of this value.
+ /// This only applies if our counterparty set their confirmations-required value to `0`, and we
+ /// always trust our own funding transaction at `1` confirmation irrespective of this value.
/// Thus, this effectively acts as a `min_minimum_depth`, with the only possible values being
- /// `true` (0) and `false` (1).
+ /// `true` (`0`) and `false` (`1`).
///
- /// Default value: true
+ /// Default value: `true`
pub trust_own_funding_0conf: bool,
/// Set to force an incoming channel to match our announced channel preference in
/// [`ChannelHandshakeConfig::announced_channel`].
/// [`ChannelHandshakeConfig::announced_channel`] set to false, ensuring that no announced (aka public)
/// channels will ever be opened.
///
- /// Default value: true.
+ /// Default value: `true`
pub force_announced_channel_preference: bool,
/// Set to the amount of time we're willing to wait to claim money back to us.
///
/// Not checking this value would be a security issue, as our peer would be able to set it to
/// max relative lock-time (a year) and we would "lose" money as it would be locked for a long time.
///
- /// Default value: 2016, which we also enforce as a maximum value so you can tweak config to
+ /// Default value: `2016`, which we also enforce as a maximum value so you can tweak config to
/// reduce the loss of having useless locked funds (if your peer accepts)
pub their_to_self_delay: u16
}
}
}
-/// Options for how to set the max dust HTLC exposure allowed on a channel. See
+// When fuzzing, we want to allow the fuzzer to pick any configuration parameters. Thus, we
+// implement Readable here in a naive way (which is a bit easier for the fuzzer to handle). We
+// don't really want to ever expose this to users (if we did we'd want to use TLVs).
+#[cfg(fuzzing)]
+impl Readable for ChannelHandshakeLimits {
+ fn read<R: crate::io::Read>(reader: &mut R) -> Result<Self, crate::ln::msgs::DecodeError> {
+ Ok(Self {
+ min_funding_satoshis: Readable::read(reader)?,
+ max_funding_satoshis: Readable::read(reader)?,
+ max_htlc_minimum_msat: Readable::read(reader)?,
+ min_max_htlc_value_in_flight_msat: Readable::read(reader)?,
+ max_channel_reserve_satoshis: Readable::read(reader)?,
+ min_max_accepted_htlcs: Readable::read(reader)?,
+ trust_own_funding_0conf: Readable::read(reader)?,
+ max_minimum_depth: Readable::read(reader)?,
+ force_announced_channel_preference: Readable::read(reader)?,
+ their_to_self_delay: Readable::read(reader)?,
+ })
+ }
+}
+
+/// Options for how to set the max dust exposure allowed on a channel. See
/// [`ChannelConfig::max_dust_htlc_exposure`] for details.
#[derive(Copy, Clone, Debug, PartialEq, Eq)]
pub enum MaxDustHTLCExposure {
/// to this maximum the channel may be unable to send/receive HTLCs between the maximum dust
/// exposure and the new minimum value for HTLCs to be economically viable to claim.
FixedLimitMsat(u64),
- /// This sets a multiplier on the estimated high priority feerate (sats/KW, as obtained from
- /// [`FeeEstimator`]) to determine the maximum allowed dust exposure. If this variant is used
- /// then the maximum dust exposure in millisatoshis is calculated as:
- /// `high_priority_feerate_per_kw * value`. For example, with our default value
- /// `FeeRateMultiplier(5000)`:
+ /// This sets a multiplier on the [`ConfirmationTarget::OnChainSweep`] feerate (in sats/KW) to
+ /// determine the maximum allowed dust exposure. If this variant is used then the maximum dust
+ /// exposure in millisatoshis is calculated as:
+ /// `feerate_per_kw * value`. For example, with our default value
+ /// `FeeRateMultiplier(10_000)`:
///
/// - For the minimum fee rate of 1 sat/vByte (250 sat/KW, although the minimum
/// defaults to 253 sats/KW for rounding, see [`FeeEstimator`]), the max dust exposure would
- /// be 253 * 5000 = 1,265,000 msats.
+ /// be 253 * 10_000 = 2,530,000 msats.
/// - For a fee rate of 30 sat/vByte (7500 sat/KW), the max dust exposure would be
- /// 7500 * 5000 = 37,500,000 msats.
- ///
- /// This allows the maximum dust exposure to automatically scale with fee rate changes.
+ /// 7500 * 50_000 = 75,000,000 msats (0.00075 BTC).
///
/// Note, if you're using a third-party fee estimator, this may leave you more exposed to a
/// fee griefing attack, where your fee estimator may purposely overestimate the fee rate,
/// by default this will be set to a [`Self::FixedLimitMsat`] of 5,000,000 msat.
///
/// [`FeeEstimator`]: crate::chain::chaininterface::FeeEstimator
+ /// [`ConfirmationTarget::OnChainSweep`]: crate::chain::chaininterface::ConfirmationTarget::OnChainSweep
FeeRateMultiplier(u64),
}
/// This may be allowed to change at runtime in a later update, however doing so must result in
/// update messages sent to notify all nodes of our updated relay fee.
///
- /// Default value: 0.
+ /// Default value: `0`
pub forwarding_fee_proportional_millionths: u32,
/// Amount (in milli-satoshi) charged for payments forwarded outbound over the channel, in
/// excess of [`forwarding_fee_proportional_millionths`].
/// as of July 2021. Adjusting it upwards or downwards may change whether nodes route through
/// this node.
///
- /// Default value: 1000.
+ /// Default value: `1000`
///
/// [`forwarding_fee_proportional_millionths`]: ChannelConfig::forwarding_fee_proportional_millionths
pub forwarding_fee_base_msat: u32,
/// enough time to broadcast and confirm a transaction, possibly with time in between to RBF
/// the spending transaction).
///
- /// Default value: 72 (12 hours at an average of 6 blocks/hour).
- /// Minimum value: [`MIN_CLTV_EXPIRY_DELTA`], any values less than this will be treated as
- /// [`MIN_CLTV_EXPIRY_DELTA`] instead.
+ /// Default value: `72` (12 hours at an average of 6 blocks/hour)
+ ///
+ /// Minimum value: [`MIN_CLTV_EXPIRY_DELTA`] (Any values less than this will be treated as
+ /// [`MIN_CLTV_EXPIRY_DELTA`] instead.)
///
/// [`MIN_CLTV_EXPIRY_DELTA`]: crate::ln::channelmanager::MIN_CLTV_EXPIRY_DELTA
pub cltv_expiry_delta: u16,
- /// Limit our total exposure to in-flight HTLCs which are burned to fees as they are too
- /// small to claim on-chain.
+ /// Limit our total exposure to potential loss to on-chain fees on close, including in-flight
+ /// HTLCs which are burned to fees as they are too small to claim on-chain and fees on
+ /// commitment transaction(s) broadcasted by our counterparty in excess of our own fee estimate.
+ ///
+ /// # HTLC-based Dust Exposure
///
/// When an HTLC present in one of our channels is below a "dust" threshold, the HTLC will
/// not be claimable on-chain, instead being turned into additional miner fees if either
/// party force-closes the channel. Because the threshold is per-HTLC, our total exposure
- /// to such payments may be sustantial if there are many dust HTLCs present when the
+ /// to such payments may be substantial if there are many dust HTLCs present when the
/// channel is force-closed.
///
/// The dust threshold for each HTLC is based on the `dust_limit_satoshis` for each party in a
/// The selected limit is applied for sent, forwarded, and received HTLCs and limits the total
/// exposure across all three types per-channel.
///
- /// Default value: [`MaxDustHTLCExposure::FeeRateMultiplier`] with a multiplier of 5000.
+ /// # Transaction Fee Dust Exposure
+ ///
+ /// Further, counterparties broadcasting a commitment transaction in a force-close may result
+ /// in other balance being burned to fees, and thus all fees on commitment and HTLC
+ /// transactions in excess of our local fee estimates are included in the dust calculation.
+ ///
+ /// Because of this, another way to look at this limit is to divide it by 43,000 (or 218,750
+ /// for non-anchor channels) and see it as the maximum feerate disagreement (in sats/vB) per
+ /// non-dust HTLC we're allowed to have with our peers before risking a force-closure for
+ /// inbound channels.
+ // This works because, for anchor channels the on-chain cost is 172 weight (172+703 for
+ // non-anchors with an HTLC-Success transaction), i.e.
+ // dust_exposure_limit_msat / 1000 = 172 * feerate_in_sat_per_vb / 4 * HTLC count
+ // dust_exposure_limit_msat = 43,000 * feerate_in_sat_per_vb * HTLC count
+ // dust_exposure_limit_msat / HTLC count / 43,000 = feerate_in_sat_per_vb
+ ///
+ /// Thus, for the default value of 10_000 * a current feerate estimate of 10 sat/vB (or 2,500
+ /// sat/KW), we risk force-closure if we disagree with our peer by:
+ /// * `10_000 * 2_500 / 43_000 / (483*2)` = 0.6 sat/vB for anchor channels with 483 HTLCs in
+ /// both directions (the maximum),
+ /// * `10_000 * 2_500 / 43_000 / (50*2)` = 5.8 sat/vB for anchor channels with 50 HTLCs in both
+ /// directions (the LDK default max from [`ChannelHandshakeConfig::our_max_accepted_htlcs`])
+ /// * `10_000 * 2_500 / 218_750 / (483*2)` = 0.1 sat/vB for non-anchor channels with 483 HTLCs
+ /// in both directions (the maximum),
+ /// * `10_000 * 2_500 / 218_750 / (50*2)` = 1.1 sat/vB for non-anchor channels with 50 HTLCs
+ /// in both (the LDK default maximum from [`ChannelHandshakeConfig::our_max_accepted_htlcs`])
+ ///
+ /// Note that when using [`MaxDustHTLCExposure::FeeRateMultiplier`] this maximum disagreement
+ /// will scale linearly with increases (or decreases) in the our feerate estimates. Further,
+ /// for anchor channels we expect our counterparty to use a relatively low feerate estimate
+ /// while we use [`ConfirmationTarget::OnChainSweep`] (which should be relatively high) and
+ /// feerate disagreement force-closures should only occur when theirs is higher than ours.
+ ///
+ /// Default value: [`MaxDustHTLCExposure::FeeRateMultiplier`] with a multiplier of `10_000`
+ ///
+ /// [`ConfirmationTarget::OnChainSweep`]: crate::chain::chaininterface::ConfirmationTarget::OnChainSweep
pub max_dust_htlc_exposure: MaxDustHTLCExposure,
/// The additional fee we're willing to pay to avoid waiting for the counterparty's
/// `to_self_delay` to reclaim funds.
/// funder/initiator.
///
/// When we are the funder, because we have to pay the channel closing fee, we bound the
- /// acceptable fee by our [`Background`] and [`Normal`] fees, with the upper bound increased by
+ /// acceptable fee by our [`ChannelCloseMinimum`] and [`NonAnchorChannelFee`] fees, with the upper bound increased by
/// this value. Because the on-chain fee we'd pay to force-close the channel is kept near our
- /// [`Normal`] feerate during normal operation, this value represents the additional fee we're
+ /// [`NonAnchorChannelFee`] feerate during normal operation, this value represents the additional fee we're
/// willing to pay in order to avoid waiting for our counterparty's to_self_delay to reclaim our
/// funds.
///
/// When we are not the funder, we require the closing transaction fee pay at least our
- /// [`Background`] fee estimate, but allow our counterparty to pay as much fee as they like.
+ /// [`ChannelCloseMinimum`] fee estimate, but allow our counterparty to pay as much fee as they like.
/// Thus, this value is ignored when we are not the funder.
///
- /// Default value: 1000 satoshis.
+ /// Default value: `1000`
///
- /// [`Normal`]: crate::chain::chaininterface::ConfirmationTarget::Normal
- /// [`Background`]: crate::chain::chaininterface::ConfirmationTarget::Background
+ /// [`NonAnchorChannelFee`]: crate::chain::chaininterface::ConfirmationTarget::NonAnchorChannelFee
+ /// [`ChannelCloseMinimum`]: crate::chain::chaininterface::ConfirmationTarget::ChannelCloseMinimum
pub force_close_avoidance_max_fee_satoshis: u64,
/// If set, allows this channel's counterparty to skim an additional fee off this node's inbound
/// HTLCs. Useful for liquidity providers to offload on-chain channel costs to end users.
/// - The counterparty will get an [`HTLCIntercepted`] event upon payment forward, and call
/// [`forward_intercepted_htlc`] with less than the amount provided in
/// [`HTLCIntercepted::expected_outbound_amount_msat`]. The difference between the expected and
- /// actual forward amounts is their fee.
- // TODO: link to LSP JIT channel invoice generation spec when it's merged
+ /// actual forward amounts is their fee. See
+ /// <https://github.com/BitcoinAndLightningLayerSpecs/lsp/tree/main/LSPS2#flow-lsp-trusts-client-model>
+ /// for how this feature may be used in the LSP use case.
///
/// # Note
/// It's important for payee wallet software to verify that [`PaymentClaimable::amount_msat`] is
/// Switching this config flag on may break compatibility with versions of LDK prior to 0.0.116.
/// Unsetting this flag between restarts may lead to payment receive failures.
///
- /// Default value: false.
+ /// Default value: `false`
///
/// [intercept scids]: crate::ln::channelmanager::ChannelManager::get_intercept_scid
/// [`forward_intercepted_htlc`]: crate::ln::channelmanager::ChannelManager::forward_intercepted_htlc
forwarding_fee_proportional_millionths: 0,
forwarding_fee_base_msat: 1000,
cltv_expiry_delta: 6 * 12, // 6 blocks/hour * 12 hours
- max_dust_htlc_exposure: MaxDustHTLCExposure::FeeRateMultiplier(5000),
+ max_dust_htlc_exposure: MaxDustHTLCExposure::FeeRateMultiplier(10000),
force_close_avoidance_max_fee_satoshis: 1000,
accept_underpaying_htlcs: false,
}
/// Top-level config which holds ChannelHandshakeLimits and ChannelConfig.
///
-/// Default::default() provides sane defaults for most configurations
-/// (but currently with 0 relay fees!)
+/// `Default::default()` provides sane defaults for most configurations
+/// (but currently with zero relay fees!)
#[derive(Copy, Clone, Debug)]
pub struct UserConfig {
/// Channel handshake config that we propose to our counterparty.
pub channel_handshake_limits: ChannelHandshakeLimits,
/// Channel config which affects behavior during channel lifetime.
pub channel_config: ChannelConfig,
- /// If this is set to false, we will reject any HTLCs which were to be forwarded over private
+ /// If this is set to `false`, we will reject any HTLCs which were to be forwarded over private
/// channels. This prevents us from taking on HTLC-forwarding risk when we intend to run as a
/// node which is not online reliably.
///
/// For nodes which are not online reliably, you should set all channels to *not* be announced
/// (using [`ChannelHandshakeConfig::announced_channel`] and
- /// [`ChannelHandshakeLimits::force_announced_channel_preference`]) and set this to false to
+ /// [`ChannelHandshakeLimits::force_announced_channel_preference`]) and set this to `false` to
/// ensure you are not exposed to any forwarding risk.
///
/// Note that because you cannot change a channel's announced state after creation, there is no
/// all your channels and open new ones. For privacy, you should also change your node_id
/// (swapping all private and public key material for new ones) at that time.
///
- /// Default value: false.
+ /// Default value: `false`
pub accept_forwards_to_priv_channels: bool,
- /// If this is set to false, we do not accept inbound requests to open a new channel.
- /// Default value: true.
+ /// If this is set to `false`, we do not accept inbound requests to open a new channel.
+ ///
+ /// Default value: `true`
pub accept_inbound_channels: bool,
- /// If this is set to true, the user needs to manually accept inbound requests to open a new
+ /// If this is set to `true`, the user needs to manually accept inbound requests to open a new
/// channel.
///
- /// When set to true, [`Event::OpenChannelRequest`] will be triggered once a request to open a
+ /// When set to `true`, [`Event::OpenChannelRequest`] will be triggered once a request to open a
/// new inbound channel is received through a [`msgs::OpenChannel`] message. In that case, a
/// [`msgs::AcceptChannel`] message will not be sent back to the counterparty node unless the
/// user explicitly chooses to accept the request.
///
- /// Default value: false.
+ /// Default value: `false`
///
/// [`Event::OpenChannelRequest`]: crate::events::Event::OpenChannelRequest
/// [`msgs::OpenChannel`]: crate::ln::msgs::OpenChannel
/// [`msgs::AcceptChannel`]: crate::ln::msgs::AcceptChannel
pub manually_accept_inbound_channels: bool,
- /// If this is set to true, LDK will intercept HTLCs that are attempting to be forwarded over
+ /// If this is set to `true`, LDK will intercept HTLCs that are attempting to be forwarded over
/// fake short channel ids generated via [`ChannelManager::get_intercept_scid`]. Upon HTLC
/// intercept, LDK will generate an [`Event::HTLCIntercepted`] which MUST be handled by the user.
///
- /// Setting this to true may break backwards compatibility with LDK versions < 0.0.113.
+ /// Setting this to `true` may break backwards compatibility with LDK versions < 0.0.113.
///
- /// Default value: false.
+ /// Default value: `false`
///
/// [`ChannelManager::get_intercept_scid`]: crate::ln::channelmanager::ChannelManager::get_intercept_scid
/// [`Event::HTLCIntercepted`]: crate::events::Event::HTLCIntercepted
pub accept_intercept_htlcs: bool,
- /// If this is set to false, when receiving a keysend payment we'll fail it if it has multiple
- /// parts. If this is set to true, we'll accept the payment.
+ /// If this is set to `false`, when receiving a keysend payment we'll fail it if it has multiple
+ /// parts. If this is set to `true`, we'll accept the payment.
///
- /// Setting this to true will break backwards compatibility upon downgrading to an LDK
- /// version < 0.0.116 while receiving an MPP keysend. If we have already received an MPP
+ /// Setting this to `true` will break backwards compatibility upon downgrading to an LDK
+ /// version prior to 0.0.116 while receiving an MPP keysend. If we have already received an MPP
/// keysend, downgrading will cause us to fail to deserialize [`ChannelManager`].
///
- /// Default value: false.
+ /// Default value: `false`
///
/// [`ChannelManager`]: crate::ln::channelmanager::ChannelManager
pub accept_mpp_keysend: bool,
+ /// If this is set to `true`, the user needs to manually pay [`Bolt12Invoice`]s when received.
+ ///
+ /// When set to `true`, [`Event::InvoiceReceived`] will be generated for each received
+ /// [`Bolt12Invoice`] instead of being automatically paid after verification. Use
+ /// [`ChannelManager::send_payment_for_bolt12_invoice`] to pay the invoice or
+ /// [`ChannelManager::abandon_payment`] to abandon the associated payment.
+ ///
+ /// Default value: `false`
+ ///
+ /// [`Bolt12Invoice`]: crate::offers::invoice::Bolt12Invoice
+ /// [`Event::InvoiceReceived`]: crate::events::Event::InvoiceReceived
+ /// [`ChannelManager::send_payment_for_bolt12_invoice`]: crate::ln::channelmanager::ChannelManager::send_payment_for_bolt12_invoice
+ /// [`ChannelManager::abandon_payment`]: crate::ln::channelmanager::ChannelManager::abandon_payment
+ pub manually_handle_bolt12_invoices: bool,
}
impl Default for UserConfig {
manually_accept_inbound_channels: false,
accept_intercept_htlcs: false,
accept_mpp_keysend: false,
+ manually_handle_bolt12_invoices: false,
}
}
}
+
+// When fuzzing, we want to allow the fuzzer to pick any configuration parameters. Thus, we
+// implement Readable here in a naive way (which is a bit easier for the fuzzer to handle). We
+// don't really want to ever expose this to users (if we did we'd want to use TLVs).
+#[cfg(fuzzing)]
+impl Readable for UserConfig {
+ fn read<R: crate::io::Read>(reader: &mut R) -> Result<Self, crate::ln::msgs::DecodeError> {
+ Ok(Self {
+ channel_handshake_config: Readable::read(reader)?,
+ channel_handshake_limits: Readable::read(reader)?,
+ channel_config: Readable::read(reader)?,
+ accept_forwards_to_priv_channels: Readable::read(reader)?,
+ accept_inbound_channels: Readable::read(reader)?,
+ manually_accept_inbound_channels: Readable::read(reader)?,
+ accept_intercept_htlcs: Readable::read(reader)?,
+ accept_mpp_keysend: Readable::read(reader)?,
+ manually_handle_bolt12_invoices: Readable::read(reader)?,
+ })
+ }
+}