use bitcoin::blockdata::script::{Script,Builder};
use bitcoin::blockdata::transaction::{TxIn, TxOut, Transaction, SigHashType};
use bitcoin::blockdata::opcodes;
-use bitcoin::util::hash::{BitcoinHash, Sha256dHash};
+use bitcoin::util::hash::BitcoinHash;
use bitcoin::util::bip143;
use bitcoin::consensus::encode::{self, Encodable, Decodable};
use bitcoin_hashes::{Hash, HashEngine};
use bitcoin_hashes::sha256::Hash as Sha256;
use bitcoin_hashes::hash160::Hash as Hash160;
+use bitcoin_hashes::sha256d::Hash as Sha256dHash;
use secp256k1::key::{PublicKey,SecretKey};
use secp256k1::{Secp256k1,Signature};
use secp256k1;
use ln::msgs;
-use ln::msgs::{DecodeError, OptionalField};
+use ln::msgs::{DecodeError, OptionalField, LocalFeatures};
use ln::channelmonitor::ChannelMonitor;
use ln::channelmanager::{PendingHTLCStatus, HTLCSource, HTLCFailReason, HTLCFailureMsg, PendingForwardHTLCInfo, RAACommitmentOrder, PaymentPreimage, PaymentHash};
use ln::chan_utils::{TxCreationKeys,HTLCOutputInCommitment,HTLC_SUCCESS_TX_WEIGHT,HTLC_TIMEOUT_TX_WEIGHT};
use chain::keysinterface::{ChannelKeys, KeysInterface};
use util::transaction_utils;
use util::ser::{Readable, ReadableArgs, Writeable, Writer, WriterWriteAdaptor};
-use util::logger::Logger;
+use util::logger::{Logger, LogHolder};
use util::errors::APIError;
use util::config::{UserConfig,ChannelConfig};
use std;
use std::default::Default;
use std::{cmp,mem};
-use std::time::Instant;
use std::sync::{Arc};
#[cfg(test)]
/// Added by us and included in a commitment_signed (if we were AwaitingRemoteRevoke when we
/// created it we would have put it in the holding cell instead). When they next revoke_and_ack
/// we will promote to Committed (note that they may not accept it until the next time we
- /// revoke, but we dont really care about that:
+ /// revoke, but we don't really care about that:
/// * they've revoked, so worst case we can announce an old state and get our (option on)
- /// money back (though we wont), and,
+ /// money back (though we won't), and,
/// * we'll send them a revoke when they send a commitment_signed, and since only they're
/// allowed to remove it, the "can only be removed once committed on both sides" requirement
- /// doesn't matter to us and its up to them to enforce it, worst-case they jump ahead but
+ /// doesn't matter to us and it's up to them to enforce it, worst-case they jump ahead but
/// we'll never get out of sync).
- /// Note that we Box the OnionPacket as its rather large and we don't want to blow up
+ /// Note that we Box the OnionPacket as it's rather large and we don't want to blow up
/// OutboundHTLCOutput's size just for a temporary bit
LocalAnnounced(Box<msgs::OnionPacket>),
Committed,
/// Remote removed this (outbound) HTLC. We're waiting on their commitment_signed to finalize
/// the change (though they'll need to revoke before we fail the payment).
- RemoteRemoved,
+ RemoteRemoved(Option<HTLCFailReason>),
/// Remote removed this and sent a commitment_signed (implying we've revoke_and_ack'ed it), but
/// the remote side hasn't yet revoked their previous state, which we need them to do before we
/// can do any backwards failing. Implies AwaitingRemoteRevoke.
/// We also have not yet removed this HTLC in a commitment_signed message, and are waiting on a
/// remote revoke_and_ack on a previous state before we can do so.
- AwaitingRemoteRevokeToRemove,
+ AwaitingRemoteRevokeToRemove(Option<HTLCFailReason>),
/// Remote removed this and sent a commitment_signed (implying we've revoke_and_ack'ed it), but
/// the remote side hasn't yet revoked their previous state, which we need them to do before we
/// can do any backwards failing. Implies AwaitingRemoteRevoke.
/// We have removed this HTLC in our latest commitment_signed and are now just waiting on a
/// revoke_and_ack to drop completely.
- AwaitingRemovedRemoteRevoke,
+ AwaitingRemovedRemoteRevoke(Option<HTLCFailReason>),
}
struct OutboundHTLCOutput {
payment_hash: PaymentHash,
state: OutboundHTLCState,
source: HTLCSource,
- /// If we're in a removed state, set if they failed, otherwise None
- fail_reason: Option<HTLCFailReason>,
}
/// See AwaitingRemoteRevoke ChannelState for more info
enum HTLCUpdateAwaitingACK {
- AddHTLC {
+ AddHTLC { // TODO: Time out if we're getting close to cltv_expiry
// always outbound
amount_msat: u64,
cltv_expiry: u32,
payment_hash: PaymentHash,
source: HTLCSource,
onion_routing_packet: msgs::OnionPacket,
- time_created: Instant, //TODO: Some kind of timeout thing-a-majig
},
ClaimHTLC {
payment_preimage: PaymentPreimage,
cur_local_commitment_transaction_number: u64,
cur_remote_commitment_transaction_number: u64,
value_to_self_msat: u64, // Excluding all pending_htlcs, excluding fees
- /// Upon receipt of a channel_reestablish we have to figure out whether to send a
- /// revoke_and_ack first or a commitment update first. Generally, we prefer to send
- /// revoke_and_ack first, but if we had a pending commitment update of our own waiting on a
- /// remote revoke when we received the latest commitment update from the remote we have to make
- /// sure that commitment update gets resent first.
- received_commitment_while_awaiting_raa: bool,
pending_inbound_htlcs: Vec<InboundHTLCOutput>,
pending_outbound_htlcs: Vec<OutboundHTLCOutput>,
holding_cell_htlc_updates: Vec<HTLCUpdateAwaitingACK>,
+ /// When resending CS/RAA messages on channel monitor restoration or on reconnect, we always
+ /// need to ensure we resend them in the order we originally generated them. Note that because
+ /// there can only ever be one in-flight CS and/or one in-flight RAA at any time, it is
+ /// sufficient to simply set this to the opposite of any message we are generating as we
+ /// generate it. ie when we generate a CS, we set this to RAAFirst as, if there is a pending
+ /// in-flight RAA to resend, it will have been the first thing we generated, and thus we should
+ /// send it first.
+ resend_order: RAACommitmentOrder,
+
monitor_pending_revoke_and_ack: bool,
monitor_pending_commitment_signed: bool,
- monitor_pending_order: Option<RAACommitmentOrder>,
monitor_pending_forwards: Vec<(PendingForwardHTLCInfo, u64)>,
monitor_pending_failures: Vec<(HTLCSource, PaymentHash, HTLCFailReason)>,
last_sent_closing_fee: Option<(u64, u64)>, // (feerate, fee)
/// The hash of the block in which the funding transaction reached our CONF_TARGET. We use this
- /// to detect unconfirmation after a serialize-unserialize roudtrip where we may not see a full
+ /// to detect unconfirmation after a serialize-unserialize roundtrip where we may not see a full
/// series of block_connected/block_disconnected calls. Obviously this is not a guarantee as we
/// could miss the funding_tx_confirmed_in block as well, but it serves as a useful fallback.
funding_tx_confirmed_in: Option<Sha256dHash>,
1000 // TODO
}
- fn derive_minimum_depth(_channel_value_satoshis_msat: u64, _value_to_self_msat: u64) -> u32 {
- // Note that in order to comply with BOLT 7 announcement_signatures requirements this must
- // be at least 6.
- const CONF_TARGET: u32 = 12; //TODO: Should be much higher
- CONF_TARGET
- }
-
// Constructors:
pub fn new_outbound(fee_estimator: &FeeEstimator, keys_provider: &Arc<KeysInterface>, their_node_id: PublicKey, channel_value_satoshis: u64, push_msat: u64, user_id: u64, logger: Arc<Logger>, config: &UserConfig) -> Result<Channel, APIError> {
let chan_keys = keys_provider.get_channel_keys(false);
cur_local_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
cur_remote_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
value_to_self_msat: channel_value_satoshis * 1000 - push_msat,
- received_commitment_while_awaiting_raa: false,
pending_inbound_htlcs: Vec::new(),
pending_outbound_htlcs: Vec::new(),
next_remote_htlc_id: 0,
channel_update_count: 1,
+ resend_order: RAACommitmentOrder::CommitmentFirst,
+
monitor_pending_revoke_and_ack: false,
monitor_pending_commitment_signed: false,
- monitor_pending_order: None,
monitor_pending_forwards: Vec::new(),
monitor_pending_failures: Vec::new(),
/// Creates a new channel from a remote sides' request for one.
/// Assumes chain_hash has already been checked and corresponds with what we expect!
- pub fn new_from_req(fee_estimator: &FeeEstimator, keys_provider: &Arc<KeysInterface>, their_node_id: PublicKey, msg: &msgs::OpenChannel, user_id: u64, logger: Arc<Logger>, config: &UserConfig) -> Result<Channel, ChannelError> {
+ pub fn new_from_req(fee_estimator: &FeeEstimator, keys_provider: &Arc<KeysInterface>, their_node_id: PublicKey, _their_local_features: LocalFeatures, msg: &msgs::OpenChannel, user_id: u64, logger: Arc<Logger>, config: &UserConfig) -> Result<Channel, ChannelError> {
let chan_keys = keys_provider.get_channel_keys(true);
let mut local_config = (*config).channel_options.clone();
return Err(ChannelError::Close("Bogus; channel reserve is less than dust limit"));
}
if msg.htlc_minimum_msat >= (msg.funding_satoshis - msg.channel_reserve_satoshis) * 1000 {
- return Err(ChannelError::Close("Miminum htlc value is full channel value"));
+ return Err(ChannelError::Close("Minimum htlc value is full channel value"));
}
Channel::check_remote_fee(fee_estimator, msg.feerate_per_kw)?;
}
// Now check against optional parameters as set by config...
- if msg.funding_satoshis < config.channel_limits.min_funding_satoshis {
+ if msg.funding_satoshis < config.peer_channel_config_limits.min_funding_satoshis {
return Err(ChannelError::Close("funding satoshis is less than the user specified limit"));
}
- if msg.htlc_minimum_msat > config.channel_limits.max_htlc_minimum_msat {
+ if msg.htlc_minimum_msat > config.peer_channel_config_limits.max_htlc_minimum_msat {
return Err(ChannelError::Close("htlc minimum msat is higher than the user specified limit"));
}
- if msg.max_htlc_value_in_flight_msat < config.channel_limits.min_max_htlc_value_in_flight_msat {
+ if msg.max_htlc_value_in_flight_msat < config.peer_channel_config_limits.min_max_htlc_value_in_flight_msat {
return Err(ChannelError::Close("max htlc value in flight msat is less than the user specified limit"));
}
- if msg.channel_reserve_satoshis > config.channel_limits.max_channel_reserve_satoshis {
+ if msg.channel_reserve_satoshis > config.peer_channel_config_limits.max_channel_reserve_satoshis {
return Err(ChannelError::Close("channel reserve satoshis is higher than the user specified limit"));
}
- if msg.max_accepted_htlcs < config.channel_limits.min_max_accepted_htlcs {
+ if msg.max_accepted_htlcs < config.peer_channel_config_limits.min_max_accepted_htlcs {
return Err(ChannelError::Close("max accepted htlcs is less than the user specified limit"));
}
- if msg.dust_limit_satoshis < config.channel_limits.min_dust_limit_satoshis {
+ if msg.dust_limit_satoshis < config.peer_channel_config_limits.min_dust_limit_satoshis {
return Err(ChannelError::Close("dust limit satoshis is less than the user specified limit"));
}
- if msg.dust_limit_satoshis > config.channel_limits.max_dust_limit_satoshis {
+ if msg.dust_limit_satoshis > config.peer_channel_config_limits.max_dust_limit_satoshis {
return Err(ChannelError::Close("dust limit satoshis is greater than the user specified limit"));
}
// Convert things into internal flags and prep our state:
let their_announce = if (msg.channel_flags & 1) == 1 { true } else { false };
- if config.channel_limits.force_announced_channel_preference {
+ if config.peer_channel_config_limits.force_announced_channel_preference {
if local_config.announced_channel != their_announce {
return Err(ChannelError::Close("Peer tried to open channel but their announcement preference is different from ours"));
}
cur_local_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
cur_remote_commitment_transaction_number: INITIAL_COMMITMENT_NUMBER,
value_to_self_msat: msg.push_msat,
- received_commitment_while_awaiting_raa: false,
pending_inbound_htlcs: Vec::new(),
pending_outbound_htlcs: Vec::new(),
next_remote_htlc_id: 0,
channel_update_count: 1,
+ resend_order: RAACommitmentOrder::CommitmentFirst,
+
monitor_pending_revoke_and_ack: false,
monitor_pending_commitment_signed: false,
- monitor_pending_order: None,
monitor_pending_forwards: Vec::new(),
monitor_pending_failures: Vec::new(),
our_htlc_minimum_msat: Channel::derive_our_htlc_minimum_msat(msg.feerate_per_kw as u64),
their_to_self_delay: msg.to_self_delay,
their_max_accepted_htlcs: msg.max_accepted_htlcs,
- minimum_depth: Channel::derive_minimum_depth(msg.funding_satoshis*1000, msg.push_msat),
+ minimum_depth: config.own_channel_config.minimum_depth,
their_funding_pubkey: Some(msg.funding_pubkey),
their_revocation_basepoint: Some(msg.revocation_basepoint),
let mut local_htlc_total_msat = 0;
let mut value_to_self_msat_offset = 0;
+ log_trace!(self, "Building commitment transaction number {} for {}, generated by {} with fee {}...", commitment_number, if local { "us" } else { "remote" }, if generated_by_local { "us" } else { "remote" }, feerate_per_kw);
+
macro_rules! get_htlc_in_commitment {
($htlc: expr, $offered: expr) => {
HTLCOutputInCommitment {
}
macro_rules! add_htlc_output {
- ($htlc: expr, $outbound: expr, $source: expr) => {
+ ($htlc: expr, $outbound: expr, $source: expr, $state_name: expr) => {
if $outbound == local { // "offered HTLC output"
let htlc_in_tx = get_htlc_in_commitment!($htlc, true);
if $htlc.amount_msat / 1000 >= dust_limit_satoshis + (feerate_per_kw * HTLC_TIMEOUT_TX_WEIGHT / 1000) {
+ log_trace!(self, " ...including {} {} HTLC {} (hash {}) with value {}", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, log_bytes!($htlc.payment_hash.0), $htlc.amount_msat);
txouts.push((TxOut {
script_pubkey: chan_utils::get_htlc_redeemscript(&htlc_in_tx, &keys).to_v0_p2wsh(),
value: $htlc.amount_msat / 1000
}, Some((htlc_in_tx, $source))));
} else {
+ log_trace!(self, " ...including {} {} dust HTLC {} (hash {}) with value {} due to dust limit", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, log_bytes!($htlc.payment_hash.0), $htlc.amount_msat);
included_dust_htlcs.push((htlc_in_tx, $source));
}
} else {
let htlc_in_tx = get_htlc_in_commitment!($htlc, false);
if $htlc.amount_msat / 1000 >= dust_limit_satoshis + (feerate_per_kw * HTLC_SUCCESS_TX_WEIGHT / 1000) {
+ log_trace!(self, " ...including {} {} HTLC {} (hash {}) with value {}", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, log_bytes!($htlc.payment_hash.0), $htlc.amount_msat);
txouts.push((TxOut { // "received HTLC output"
script_pubkey: chan_utils::get_htlc_redeemscript(&htlc_in_tx, &keys).to_v0_p2wsh(),
value: $htlc.amount_msat / 1000
}, Some((htlc_in_tx, $source))));
} else {
+ log_trace!(self, " ...including {} {} dust HTLC {} (hash {}) with value {}", if $outbound { "outbound" } else { "inbound" }, $state_name, $htlc.htlc_id, log_bytes!($htlc.payment_hash.0), $htlc.amount_msat);
included_dust_htlcs.push((htlc_in_tx, $source));
}
}
}
for ref htlc in self.pending_inbound_htlcs.iter() {
- let include = match htlc.state {
- InboundHTLCState::RemoteAnnounced(_) => !generated_by_local,
- InboundHTLCState::AwaitingRemoteRevokeToAnnounce(_) => !generated_by_local,
- InboundHTLCState::AwaitingAnnouncedRemoteRevoke(_) => true,
- InboundHTLCState::Committed => true,
- InboundHTLCState::LocalRemoved(_) => !generated_by_local,
+ let (include, state_name) = match htlc.state {
+ InboundHTLCState::RemoteAnnounced(_) => (!generated_by_local, "RemoteAnnounced"),
+ InboundHTLCState::AwaitingRemoteRevokeToAnnounce(_) => (!generated_by_local, "AwaitingRemoteRevokeToAnnounce"),
+ InboundHTLCState::AwaitingAnnouncedRemoteRevoke(_) => (true, "AwaitingAnnouncedRemoteRevoke"),
+ InboundHTLCState::Committed => (true, "Committed"),
+ InboundHTLCState::LocalRemoved(_) => (!generated_by_local, "LocalRemoved"),
};
if include {
- add_htlc_output!(htlc, false, None);
+ add_htlc_output!(htlc, false, None, state_name);
remote_htlc_total_msat += htlc.amount_msat;
} else {
+ log_trace!(self, " ...not including inbound HTLC {} (hash {}) with value {} due to state ({})", htlc.htlc_id, log_bytes!(htlc.payment_hash.0), htlc.amount_msat, state_name);
match &htlc.state {
&InboundHTLCState::LocalRemoved(ref reason) => {
if generated_by_local {
}
for ref htlc in self.pending_outbound_htlcs.iter() {
- let include = match htlc.state {
- OutboundHTLCState::LocalAnnounced(_) => generated_by_local,
- OutboundHTLCState::Committed => true,
- OutboundHTLCState::RemoteRemoved => generated_by_local,
- OutboundHTLCState::AwaitingRemoteRevokeToRemove => generated_by_local,
- OutboundHTLCState::AwaitingRemovedRemoteRevoke => false,
+ let (include, state_name) = match htlc.state {
+ OutboundHTLCState::LocalAnnounced(_) => (generated_by_local, "LocalAnnounced"),
+ OutboundHTLCState::Committed => (true, "Committed"),
+ OutboundHTLCState::RemoteRemoved(_) => (generated_by_local, "RemoteRemoved"),
+ OutboundHTLCState::AwaitingRemoteRevokeToRemove(_) => (generated_by_local, "AwaitingRemoteRevokeToRemove"),
+ OutboundHTLCState::AwaitingRemovedRemoteRevoke(_) => (false, "AwaitingRemovedRemoteRevoke"),
};
if include {
- add_htlc_output!(htlc, true, Some(&htlc.source));
+ add_htlc_output!(htlc, true, Some(&htlc.source), state_name);
local_htlc_total_msat += htlc.amount_msat;
} else {
+ log_trace!(self, " ...not including outbound HTLC {} (hash {}) with value {} due to state ({})", htlc.htlc_id, log_bytes!(htlc.payment_hash.0), htlc.amount_msat, state_name);
match htlc.state {
- OutboundHTLCState::AwaitingRemoteRevokeToRemove|OutboundHTLCState::AwaitingRemovedRemoteRevoke => {
- if htlc.fail_reason.is_none() {
- value_to_self_msat_offset -= htlc.amount_msat as i64;
- }
+ OutboundHTLCState::AwaitingRemoteRevokeToRemove(None)|OutboundHTLCState::AwaitingRemovedRemoteRevoke(None) => {
+ value_to_self_msat_offset -= htlc.amount_msat as i64;
},
- OutboundHTLCState::RemoteRemoved => {
- if !generated_by_local && htlc.fail_reason.is_none() {
+ OutboundHTLCState::RemoteRemoved(None) => {
+ if !generated_by_local {
value_to_self_msat_offset -= htlc.amount_msat as i64;
}
},
}
}
-
let value_to_self_msat: i64 = (self.value_to_self_msat - local_htlc_total_msat) as i64 + value_to_self_msat_offset;
- let value_to_remote_msat: i64 = (self.channel_value_satoshis * 1000 - self.value_to_self_msat - remote_htlc_total_msat) as i64 - value_to_self_msat_offset;
+ assert!(value_to_self_msat >= 0);
+ // Note that in case they have several just-awaiting-last-RAA fulfills in-progress (ie
+ // AwaitingRemoteRevokeToRemove or AwaitingRemovedRemoteRevoke) we may have allowed them to
+ // "violate" their reserve value by couting those against it. Thus, we have to convert
+ // everything to i64 before subtracting as otherwise we can overflow.
+ let value_to_remote_msat: i64 = (self.channel_value_satoshis * 1000) as i64 - (self.value_to_self_msat as i64) - (remote_htlc_total_msat as i64) - value_to_self_msat_offset;
+ assert!(value_to_remote_msat >= 0);
#[cfg(debug_assertions)]
{
let value_to_b = if local { value_to_remote } else { value_to_self };
if value_to_a >= (dust_limit_satoshis as i64) {
+ log_trace!(self, " ...including {} output with value {}", if local { "to_local" } else { "to_remote" }, value_to_a);
txouts.push((TxOut {
script_pubkey: chan_utils::get_revokeable_redeemscript(&keys.revocation_key,
if local { self.their_to_self_delay } else { BREAKDOWN_TIMEOUT },
}
if value_to_b >= (dust_limit_satoshis as i64) {
+ log_trace!(self, " ...including {} output with value {}", if local { "to_remote" } else { "to_local" }, value_to_b);
txouts.push((TxOut {
script_pubkey: Builder::new().push_opcode(opcodes::all::OP_PUSHBYTES_0)
.push_slice(&Hash160::hash(&keys.b_payment_key.serialize())[..])
}, None));
}
- transaction_utils::sort_outputs(&mut txouts);
+ transaction_utils::sort_outputs(&mut txouts, |a, b| {
+ if let &Some(ref a_htlc) = a {
+ if let &Some(ref b_htlc) = b {
+ a_htlc.0.cltv_expiry.cmp(&b_htlc.0.cltv_expiry)
+ // Note that due to hash collisions, we have to have a fallback comparison
+ // here for fuzztarget mode (otherwise at least chanmon_fail_consistency
+ // may fail)!
+ .then(a_htlc.0.payment_hash.0.cmp(&b_htlc.0.payment_hash.0))
+ // For non-HTLC outputs, if they're copying our SPK we don't really care if we
+ // close the channel due to mismatches - they're doing something dumb:
+ } else { cmp::Ordering::Equal }
+ } else { cmp::Ordering::Equal }
+ });
let mut outputs: Vec<TxOut> = Vec::with_capacity(txouts.len());
let mut htlcs_included: Vec<(HTLCOutputInCommitment, Option<&HTLCSource>)> = Vec::with_capacity(txouts.len() + included_dust_htlcs.len());
}, ()));
}
- transaction_utils::sort_outputs(&mut txouts);
+ transaction_utils::sort_outputs(&mut txouts, |_, _| { cmp::Ordering::Equal }); // Ordering doesnt matter if they used our pubkey...
let mut outputs: Vec<TxOut> = Vec::new();
for out in txouts.drain(..) {
}
/// Signs a transaction created by build_htlc_transaction. If the transaction is an
- /// HTLC-Success transaction (ie htlc.offered is false), preimate must be set!
+ /// HTLC-Success transaction (ie htlc.offered is false), preimage must be set!
fn sign_htlc_transaction(&self, tx: &mut Transaction, their_sig: &Signature, preimage: &Option<PaymentPreimage>, htlc: &HTLCOutputInCommitment, keys: &TxCreationKeys) -> Result<Signature, ChannelError> {
if tx.input.len() != 1 {
panic!("Tried to sign HTLC transaction that had input count != 1!");
/// In such cases we debug_assert!(false) and return an IgnoreError. Thus, will always return
/// Ok(_) if debug assertions are turned on and preconditions are met.
fn get_update_fulfill_htlc(&mut self, htlc_id_arg: u64, payment_preimage_arg: PaymentPreimage) -> Result<(Option<msgs::UpdateFulfillHTLC>, Option<ChannelMonitor>), ChannelError> {
- // Either ChannelFunded got set (which means it wont bet unset) or there is no way any
+ // Either ChannelFunded got set (which means it won't be unset) or there is no way any
// caller thought we could have something claimed (cause we wouldn't have accepted in an
// incoming HTLC anyway). If we got to ShutdownComplete, callers aren't allowed to call us,
// either.
_ => {}
}
}
+ log_trace!(self, "Adding HTLC claim to holding_cell! Current state: {}", self.channel_state);
self.holding_cell_htlc_updates.push(HTLCUpdateAwaitingACK::ClaimHTLC {
payment_preimage: payment_preimage_arg, htlc_id: htlc_id_arg,
});
debug_assert!(false, "Have an inbound HTLC we tried to claim before it was fully committed to");
return Ok((None, Some(self.channel_monitor.clone())));
}
+ log_trace!(self, "Upgrading HTLC {} to LocalRemoved with a Fulfill!", log_bytes!(htlc.payment_hash.0));
htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::Fulfill(payment_preimage_arg.clone()));
}
},
_ => {
debug_assert!(false, "Have an inbound HTLC we tried to claim before it was fully committed to");
- return Err(ChannelError::Ignore("Unable to find a pending HTLC which matchd the given HTLC ID"));
+ return Err(ChannelError::Ignore("Unable to find a pending HTLC which matched the given HTLC ID"));
}
}
pending_idx = idx;
// Message handlers:
- pub fn accept_channel(&mut self, msg: &msgs::AcceptChannel, config: &UserConfig) -> Result<(), ChannelError> {
+ pub fn accept_channel(&mut self, msg: &msgs::AcceptChannel, config: &UserConfig, _their_local_features: LocalFeatures) -> Result<(), ChannelError> {
// Check sanity of message fields:
if !self.channel_outbound {
return Err(ChannelError::Close("Got an accept_channel message from an inbound peer"));
return Err(ChannelError::Close("They wanted our payments to be delayed by a needlessly long period"));
}
if msg.max_accepted_htlcs < 1 {
- return Err(ChannelError::Close("0 max_accpted_htlcs makes for a useless channel"));
+ return Err(ChannelError::Close("0 max_accepted_htlcs makes for a useless channel"));
}
if msg.max_accepted_htlcs > 483 {
- return Err(ChannelError::Close("max_accpted_htlcs > 483"));
+ return Err(ChannelError::Close("max_accepted_htlcs > 483"));
}
// Now check against optional parameters as set by config...
- if msg.htlc_minimum_msat > config.channel_limits.max_htlc_minimum_msat {
+ if msg.htlc_minimum_msat > config.peer_channel_config_limits.max_htlc_minimum_msat {
return Err(ChannelError::Close("htlc minimum msat is higher than the user specified limit"));
}
- if msg.max_htlc_value_in_flight_msat < config.channel_limits.min_max_htlc_value_in_flight_msat {
+ if msg.max_htlc_value_in_flight_msat < config.peer_channel_config_limits.min_max_htlc_value_in_flight_msat {
return Err(ChannelError::Close("max htlc value in flight msat is less than the user specified limit"));
}
- if msg.channel_reserve_satoshis > config.channel_limits.max_channel_reserve_satoshis {
+ if msg.channel_reserve_satoshis > config.peer_channel_config_limits.max_channel_reserve_satoshis {
return Err(ChannelError::Close("channel reserve satoshis is higher than the user specified limit"));
}
- if msg.max_accepted_htlcs < config.channel_limits.min_max_accepted_htlcs {
+ if msg.max_accepted_htlcs < config.peer_channel_config_limits.min_max_accepted_htlcs {
return Err(ChannelError::Close("max accepted htlcs is less than the user specified limit"));
}
- if msg.dust_limit_satoshis < config.channel_limits.min_dust_limit_satoshis {
+ if msg.dust_limit_satoshis < config.peer_channel_config_limits.min_dust_limit_satoshis {
return Err(ChannelError::Close("dust limit satoshis is less than the user specified limit"));
}
- if msg.dust_limit_satoshis > config.channel_limits.max_dust_limit_satoshis {
+ if msg.dust_limit_satoshis > config.peer_channel_config_limits.max_dust_limit_satoshis {
return Err(ChannelError::Close("dust limit satoshis is greater than the user specified limit"));
}
- if msg.minimum_depth > config.channel_limits.max_minimum_depth {
+ if msg.minimum_depth > config.peer_channel_config_limits.max_minimum_depth {
return Err(ChannelError::Close("We consider the minimum depth to be unreasonably large"));
}
}
if self.channel_state != (ChannelState::OurInitSent as u32 | ChannelState::TheirInitSent as u32) {
// BOLT 2 says that if we disconnect before we send funding_signed we SHOULD NOT
- // remember the channel, so its safe to just send an error_message here and drop the
+ // remember the channel, so it's safe to just send an error_message here and drop the
// channel.
return Err(ChannelError::Close("Received funding_created after we got the channel!"));
}
(self.pending_inbound_htlcs.len() as u32, htlc_inbound_value_msat)
}
- /// Returns (outbound_htlc_count, htlc_outbound_value_msat)
+ /// Returns (outbound_htlc_count, htlc_outbound_value_msat) *including* pending adds in our
+ /// holding cell.
fn get_outbound_pending_htlc_stats(&self) -> (u32, u64) {
let mut htlc_outbound_value_msat = 0;
for ref htlc in self.pending_outbound_htlcs.iter() {
htlc_outbound_value_msat += htlc.amount_msat;
}
- (self.pending_outbound_htlcs.len() as u32, htlc_outbound_value_msat)
+ let mut htlc_outbound_count = self.pending_outbound_htlcs.len();
+ for update in self.holding_cell_htlc_updates.iter() {
+ if let &HTLCUpdateAwaitingACK::AddHTLC { ref amount_msat, .. } = update {
+ htlc_outbound_count += 1;
+ htlc_outbound_value_msat += amount_msat;
+ }
+ }
+
+ (htlc_outbound_count as u32, htlc_outbound_value_msat)
+ }
+
+ /// Get the available (ie not including pending HTLCs) inbound and outbound balance in msat.
+ /// Doesn't bother handling the
+ /// if-we-removed-it-already-but-haven't-fully-resolved-they-can-still-send-an-inbound-HTLC
+ /// corner case properly.
+ pub fn get_inbound_outbound_available_balance_msat(&self) -> (u64, u64) {
+ // Note that we have to handle overflow due to the above case.
+ (cmp::min(self.channel_value_satoshis as i64 * 1000 - self.value_to_self_msat as i64 - self.get_inbound_pending_htlc_stats().1 as i64, 0) as u64,
+ cmp::min(self.value_to_self_msat as i64 - self.get_outbound_pending_htlc_stats().1 as i64, 0) as u64)
}
pub fn update_add_htlc(&mut self, msg: &msgs::UpdateAddHTLC, pending_forward_state: PendingHTLCStatus) -> Result<(), ChannelError> {
// Check our_channel_reserve_satoshis (we're getting paid, so they have to at least meet
// the reserve_satoshis we told them to always have as direct payment so that they lose
// something if we punish them for broadcasting an old state).
- if htlc_inbound_value_msat + msg.amount_msat + self.value_to_self_msat > (self.channel_value_satoshis - Channel::get_our_channel_reserve_satoshis(self.channel_value_satoshis)) * 1000 {
+ // Note that we don't really care about having a small/no to_remote output in our local
+ // commitment transactions, as the purpose of the channel reserve is to ensure we can
+ // punish *them* if they misbehave, so we discount any outbound HTLCs which will not be
+ // present in the next commitment transaction we send them (at least for fulfilled ones,
+ // failed ones won't modify value_to_self).
+ // Note that we will send HTLCs which another instance of rust-lightning would think
+ // violate the reserve value if we do not do this (as we forget inbound HTLCs from the
+ // Channel state once they will not be present in the next received commitment
+ // transaction).
+ let mut removed_outbound_total_msat = 0;
+ for ref htlc in self.pending_outbound_htlcs.iter() {
+ if let OutboundHTLCState::AwaitingRemoteRevokeToRemove(None) = htlc.state {
+ removed_outbound_total_msat += htlc.amount_msat;
+ } else if let OutboundHTLCState::AwaitingRemovedRemoteRevoke(None) = htlc.state {
+ removed_outbound_total_msat += htlc.amount_msat;
+ }
+ }
+ if htlc_inbound_value_msat + msg.amount_msat + self.value_to_self_msat > (self.channel_value_satoshis - Channel::get_our_channel_reserve_satoshis(self.channel_value_satoshis)) * 1000 + removed_outbound_total_msat {
return Err(ChannelError::Close("Remote HTLC add would put them over their reserve value"));
}
if self.next_remote_htlc_id != msg.htlc_id {
OutboundHTLCState::LocalAnnounced(_) =>
return Err(ChannelError::Close("Remote tried to fulfill/fail HTLC before it had been committed")),
OutboundHTLCState::Committed => {
- htlc.state = OutboundHTLCState::RemoteRemoved;
- htlc.fail_reason = fail_reason;
+ htlc.state = OutboundHTLCState::RemoteRemoved(fail_reason);
},
- OutboundHTLCState::AwaitingRemoteRevokeToRemove | OutboundHTLCState::AwaitingRemovedRemoteRevoke | OutboundHTLCState::RemoteRemoved =>
+ OutboundHTLCState::AwaitingRemoteRevokeToRemove(_) | OutboundHTLCState::AwaitingRemovedRemoteRevoke(_) | OutboundHTLCState::RemoteRemoved(_) =>
return Err(ChannelError::Close("Remote tried to fulfill/fail HTLC that they'd already fulfilled/failed")),
}
return Ok(&htlc.source);
};
let local_commitment_txid = local_commitment_tx.0.txid();
let local_sighash = hash_to_message!(&bip143::SighashComponents::new(&local_commitment_tx.0).sighash_all(&local_commitment_tx.0.input[0], &funding_script, self.channel_value_satoshis)[..]);
+ log_trace!(self, "Checking commitment tx signature {} by key {} against tx {} with redeemscript {}", log_bytes!(msg.signature.serialize_compact()[..]), log_bytes!(self.their_funding_pubkey.unwrap().serialize()), encode::serialize_hex(&local_commitment_tx.0), encode::serialize_hex(&funding_script));
secp_check!(self.secp_ctx.verify(&local_sighash, &msg.signature, &self.their_funding_pubkey.unwrap()), "Invalid commitment tx signature from peer");
//If channel fee was updated by funder confirm funder can afford the new fee rate when applied to the current local commitment transaction
if let Some(_) = htlc.transaction_output_index {
let mut htlc_tx = self.build_htlc_transaction(&local_commitment_txid, &htlc, true, &local_keys, feerate_per_kw);
let htlc_redeemscript = chan_utils::get_htlc_redeemscript(&htlc, &local_keys);
+ log_trace!(self, "Checking HTLC tx signature {} by key {} against tx {} with redeemscript {}", log_bytes!(msg.htlc_signatures[idx].serialize_compact()[..]), log_bytes!(local_keys.b_htlc_key.serialize()), encode::serialize_hex(&htlc_tx), encode::serialize_hex(&htlc_redeemscript));
let htlc_sighash = hash_to_message!(&bip143::SighashComponents::new(&htlc_tx).sighash_all(&htlc_tx.input[0], &htlc_redeemscript, htlc.amount_msat / 1000)[..]);
secp_check!(self.secp_ctx.verify(&htlc_sighash, &msg.htlc_signatures[idx], &local_keys.b_htlc_key), "Invalid HTLC tx signature from peer");
let htlc_sig = if htlc.offered {
}
}
- if self.channel_state & (ChannelState::MonitorUpdateFailed as u32) == 0 {
- // This is a response to our post-monitor-failed unfreeze messages, so we can clear the
- // monitor_pending_order requirement as we won't re-send the monitor_pending messages.
- self.monitor_pending_order = None;
- }
-
self.channel_monitor.provide_latest_local_commitment_tx_info(local_commitment_tx.0, local_keys, self.feerate_per_kw, htlcs_and_sigs);
for htlc in self.pending_inbound_htlcs.iter_mut() {
}
}
for htlc in self.pending_outbound_htlcs.iter_mut() {
- if let OutboundHTLCState::RemoteRemoved = htlc.state {
- htlc.state = OutboundHTLCState::AwaitingRemoteRevokeToRemove;
+ if let Some(fail_reason) = if let &mut OutboundHTLCState::RemoteRemoved(ref mut fail_reason) = &mut htlc.state {
+ Some(fail_reason.take())
+ } else { None } {
+ htlc.state = OutboundHTLCState::AwaitingRemoteRevokeToRemove(fail_reason);
need_our_commitment = true;
}
}
self.cur_local_commitment_transaction_number -= 1;
self.last_local_commitment_txn = new_local_commitment_txn;
- self.received_commitment_while_awaiting_raa = (self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32)) != 0;
+ // Note that if we need_our_commitment & !AwaitingRemoteRevoke we'll call
+ // send_commitment_no_status_check() next which will reset this to RAAFirst.
+ self.resend_order = RAACommitmentOrder::CommitmentFirst;
if (self.channel_state & ChannelState::MonitorUpdateFailed as u32) != 0 {
+ // In case we initially failed monitor updating without requiring a response, we need
+ // to make sure the RAA gets sent first.
self.monitor_pending_revoke_and_ack = true;
- self.monitor_pending_commitment_signed |= need_our_commitment;
+ if need_our_commitment && (self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32)) == 0 {
+ // If we were going to send a commitment_signed after the RAA, go ahead and do all
+ // the corresponding HTLC status updates so that get_last_commitment_update
+ // includes the right HTLCs.
+ // Note that this generates a monitor update that we ignore! This is OK since we
+ // won't actually send the commitment_signed that generated the update to the other
+ // side until the latest monitor has been pulled from us and stored.
+ self.monitor_pending_commitment_signed = true;
+ self.send_commitment_no_status_check()?;
+ }
+ // TODO: Call maybe_propose_first_closing_signed on restoration (or call it here and
+ // re-send the message on restoration)
return Err(ChannelError::Ignore("Previous monitor update failure prevented generation of RAA"));
}
fn free_holding_cell_htlcs(&mut self) -> Result<Option<(msgs::CommitmentUpdate, ChannelMonitor)>, ChannelError> {
assert_eq!(self.channel_state & ChannelState::MonitorUpdateFailed as u32, 0);
if self.holding_cell_htlc_updates.len() != 0 || self.holding_cell_update_fee.is_some() {
+ log_trace!(self, "Freeing holding cell with {} HTLC updates{}", self.holding_cell_htlc_updates.len(), if self.holding_cell_update_fee.is_some() { " and a fee update" } else { "" });
+
let mut htlc_updates = Vec::new();
mem::swap(&mut htlc_updates, &mut self.holding_cell_htlc_updates);
let mut update_add_htlcs = Vec::with_capacity(htlc_updates.len());
for htlc_update in htlc_updates.drain(..) {
// Note that this *can* fail, though it should be due to rather-rare conditions on
// fee races with adding too many outputs which push our total payments just over
- // the limit. In case its less rare than I anticipate, we may want to revisit
- // handling this case better and maybe fufilling some of the HTLCs while attempting
+ // the limit. In case it's less rare than I anticipate, we may want to revisit
+ // handling this case better and maybe fulfilling some of the HTLCs while attempting
// to rebalance channels.
if err.is_some() { // We're back to AwaitingRemoteRevoke (or are about to fail the channel)
self.holding_cell_htlc_updates.push(htlc_update);
match self.send_htlc(amount_msat, *payment_hash, cltv_expiry, source.clone(), onion_routing_packet.clone()) {
Ok(update_add_msg_option) => update_add_htlcs.push(update_add_msg_option.unwrap()),
Err(e) => {
+ match e {
+ ChannelError::Ignore(ref msg) => {
+ log_info!(self, "Failed to send HTLC with payment_hash {} due to {}", log_bytes!(payment_hash.0), msg);
+ },
+ _ => {
+ log_info!(self, "Failed to send HTLC with payment_hash {} resulting in a channel closure during holding_cell freeing", log_bytes!(payment_hash.0));
+ },
+ }
err = Some(e);
}
}
}
if err.is_some() {
self.holding_cell_htlc_updates.push(htlc_update);
+ if let Some(ChannelError::Ignore(_)) = err {
+ // If we failed to add the HTLC, but got an Ignore error, we should
+ // still send the new commitment_signed, so reset the err to None.
+ err = None;
+ }
}
}
}
- //TODO: Need to examine the type of err - if its a fee issue or similar we may want to
- //fail it back the route, if its a temporary issue we can ignore it...
+ //TODO: Need to examine the type of err - if it's a fee issue or similar we may want to
+ //fail it back the route, if it's a temporary issue we can ignore it...
match err {
None => {
if update_add_htlcs.is_empty() && update_fulfill_htlcs.is_empty() && update_fail_htlcs.is_empty() && self.holding_cell_update_fee.is_none() {
self.their_prev_commitment_point = self.their_cur_commitment_point;
self.their_cur_commitment_point = Some(msg.next_per_commitment_point);
self.cur_remote_commitment_transaction_number -= 1;
- self.received_commitment_while_awaiting_raa = false;
- if self.channel_state & (ChannelState::MonitorUpdateFailed as u32) == 0 {
- // This is a response to our post-monitor-failed unfreeze messages, so we can clear the
- // monitor_pending_order requirement as we won't re-send the monitor_pending messages.
- self.monitor_pending_order = None;
- }
+ log_trace!(self, "Updating HTLCs on receipt of RAA...");
let mut to_forward_infos = Vec::new();
let mut revoked_htlcs = Vec::new();
let mut update_fail_htlcs = Vec::new();
let mut update_fail_malformed_htlcs = Vec::new();
let mut require_commitment = false;
let mut value_to_self_msat_diff: i64 = 0;
- // We really shouldnt have two passes here, but retain gives a non-mutable ref (Rust bug)
- self.pending_inbound_htlcs.retain(|htlc| {
- if let &InboundHTLCState::LocalRemoved(ref reason) = &htlc.state {
- if let &InboundHTLCRemovalReason::Fulfill(_) = reason {
- value_to_self_msat_diff += htlc.amount_msat as i64;
- }
- false
- } else { true }
- });
- self.pending_outbound_htlcs.retain(|htlc| {
- if let OutboundHTLCState::AwaitingRemovedRemoteRevoke = htlc.state {
- if let Some(reason) = htlc.fail_reason.clone() { // We really want take() here, but, again, non-mut ref :(
- revoked_htlcs.push((htlc.source.clone(), htlc.payment_hash, reason));
- } else {
- // They fulfilled, so we sent them money
- value_to_self_msat_diff -= htlc.amount_msat as i64;
- }
- false
- } else { true }
- });
- for htlc in self.pending_inbound_htlcs.iter_mut() {
- let swap = if let &InboundHTLCState::AwaitingRemoteRevokeToAnnounce(_) = &htlc.state {
- true
- } else if let &InboundHTLCState::AwaitingAnnouncedRemoteRevoke(_) = &htlc.state {
- true
- } else { false };
- if swap {
- let mut state = InboundHTLCState::Committed;
- mem::swap(&mut state, &mut htlc.state);
-
- if let InboundHTLCState::AwaitingRemoteRevokeToAnnounce(forward_info) = state {
- htlc.state = InboundHTLCState::AwaitingAnnouncedRemoteRevoke(forward_info);
- require_commitment = true;
- } else if let InboundHTLCState::AwaitingAnnouncedRemoteRevoke(forward_info) = state {
- match forward_info {
- PendingHTLCStatus::Fail(fail_msg) => {
- require_commitment = true;
- match fail_msg {
- HTLCFailureMsg::Relay(msg) => {
- htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::FailRelay(msg.reason.clone()));
- update_fail_htlcs.push(msg)
- },
- HTLCFailureMsg::Malformed(msg) => {
- htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::FailMalformed((msg.sha256_of_onion, msg.failure_code)));
- update_fail_malformed_htlcs.push(msg)
- },
+
+ {
+ // Take references explicitly so that we can hold multiple references to self.
+ let pending_inbound_htlcs: &mut Vec<_> = &mut self.pending_inbound_htlcs;
+ let pending_outbound_htlcs: &mut Vec<_> = &mut self.pending_outbound_htlcs;
+ let logger = LogHolder { logger: &self.logger };
+
+ // We really shouldnt have two passes here, but retain gives a non-mutable ref (Rust bug)
+ pending_inbound_htlcs.retain(|htlc| {
+ if let &InboundHTLCState::LocalRemoved(ref reason) = &htlc.state {
+ log_trace!(logger, " ...removing inbound LocalRemoved {}", log_bytes!(htlc.payment_hash.0));
+ if let &InboundHTLCRemovalReason::Fulfill(_) = reason {
+ value_to_self_msat_diff += htlc.amount_msat as i64;
+ }
+ false
+ } else { true }
+ });
+ pending_outbound_htlcs.retain(|htlc| {
+ if let &OutboundHTLCState::AwaitingRemovedRemoteRevoke(ref fail_reason) = &htlc.state {
+ log_trace!(logger, " ...removing outbound AwaitingRemovedRemoteRevoke {}", log_bytes!(htlc.payment_hash.0));
+ if let Some(reason) = fail_reason.clone() { // We really want take() here, but, again, non-mut ref :(
+ revoked_htlcs.push((htlc.source.clone(), htlc.payment_hash, reason));
+ } else {
+ // They fulfilled, so we sent them money
+ value_to_self_msat_diff -= htlc.amount_msat as i64;
+ }
+ false
+ } else { true }
+ });
+ for htlc in pending_inbound_htlcs.iter_mut() {
+ let swap = if let &InboundHTLCState::AwaitingRemoteRevokeToAnnounce(_) = &htlc.state {
+ log_trace!(logger, " ...promoting inbound AwaitingRemoteRevokeToAnnounce {} to Committed", log_bytes!(htlc.payment_hash.0));
+ true
+ } else if let &InboundHTLCState::AwaitingAnnouncedRemoteRevoke(_) = &htlc.state {
+ log_trace!(logger, " ...promoting inbound AwaitingAnnouncedRemoteRevoke {} to Committed", log_bytes!(htlc.payment_hash.0));
+ true
+ } else { false };
+ if swap {
+ let mut state = InboundHTLCState::Committed;
+ mem::swap(&mut state, &mut htlc.state);
+
+ if let InboundHTLCState::AwaitingRemoteRevokeToAnnounce(forward_info) = state {
+ htlc.state = InboundHTLCState::AwaitingAnnouncedRemoteRevoke(forward_info);
+ require_commitment = true;
+ } else if let InboundHTLCState::AwaitingAnnouncedRemoteRevoke(forward_info) = state {
+ match forward_info {
+ PendingHTLCStatus::Fail(fail_msg) => {
+ require_commitment = true;
+ match fail_msg {
+ HTLCFailureMsg::Relay(msg) => {
+ htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::FailRelay(msg.reason.clone()));
+ update_fail_htlcs.push(msg)
+ },
+ HTLCFailureMsg::Malformed(msg) => {
+ htlc.state = InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::FailMalformed((msg.sha256_of_onion, msg.failure_code)));
+ update_fail_malformed_htlcs.push(msg)
+ },
+ }
+ },
+ PendingHTLCStatus::Forward(forward_info) => {
+ to_forward_infos.push((forward_info, htlc.htlc_id));
+ htlc.state = InboundHTLCState::Committed;
}
- },
- PendingHTLCStatus::Forward(forward_info) => {
- to_forward_infos.push((forward_info, htlc.htlc_id));
- htlc.state = InboundHTLCState::Committed;
}
}
}
}
- }
- for htlc in self.pending_outbound_htlcs.iter_mut() {
- if let OutboundHTLCState::LocalAnnounced(_) = htlc.state {
- htlc.state = OutboundHTLCState::Committed;
- } else if let OutboundHTLCState::AwaitingRemoteRevokeToRemove = htlc.state {
- htlc.state = OutboundHTLCState::AwaitingRemovedRemoteRevoke;
- require_commitment = true;
+ for htlc in pending_outbound_htlcs.iter_mut() {
+ if let OutboundHTLCState::LocalAnnounced(_) = htlc.state {
+ log_trace!(logger, " ...promoting outbound LocalAnnounced {} to Committed", log_bytes!(htlc.payment_hash.0));
+ htlc.state = OutboundHTLCState::Committed;
+ }
+ if let Some(fail_reason) = if let &mut OutboundHTLCState::AwaitingRemoteRevokeToRemove(ref mut fail_reason) = &mut htlc.state {
+ Some(fail_reason.take())
+ } else { None } {
+ log_trace!(logger, " ...promoting outbound AwaitingRemoteRevokeToRemove {} to AwaitingRemovedRemoteRevoke", log_bytes!(htlc.payment_hash.0));
+ htlc.state = OutboundHTLCState::AwaitingRemovedRemoteRevoke(fail_reason);
+ require_commitment = true;
+ }
}
}
self.value_to_self_msat = (self.value_to_self_msat as i64 + value_to_self_msat_diff) as u64;
}
} else {
if let Some(feerate) = self.pending_update_fee {
- // Because a node cannot send two commitment_signed's in a row without getting a
+ // Because a node cannot send two commitment_signeds in a row without getting a
// revoke_and_ack from us (as it would otherwise not know the per_commitment_point
// it should use to create keys with) and because a node can't send a
// commitment_signed without changes, checking if the feerate is equal to the
// cells) while we can't update the monitor, so we just return what we have.
if require_commitment {
self.monitor_pending_commitment_signed = true;
+ // When the monitor updating is restored we'll call get_last_commitment_update(),
+ // which does not update state, but we're definitely now awaiting a remote revoke
+ // before we can step forward any more, so set it here.
+ self.send_commitment_no_status_check()?;
}
self.monitor_pending_forwards.append(&mut to_forward_infos);
self.monitor_pending_failures.append(&mut revoked_htlcs);
self.next_remote_htlc_id -= inbound_drop_count;
for htlc in self.pending_outbound_htlcs.iter_mut() {
- if let OutboundHTLCState::RemoteRemoved = htlc.state {
+ if let OutboundHTLCState::RemoteRemoved(_) = htlc.state {
// They sent us an update to remove this but haven't yet sent the corresponding
// commitment_signed, we need to move it back to Committed and they can re-send
// the update upon reconnection.
/// Indicates that a ChannelMonitor update failed to be stored by the client and further
/// updates are partially paused.
/// This must be called immediately after the call which generated the ChannelMonitor update
- /// which failed, with the order argument set to the type of call it represented (ie a
- /// commitment update or a revoke_and_ack generation). The messages which were generated from
- /// that original call must *not* have been sent to the remote end, and must instead have been
- /// dropped. They will be regenerated when monitor_updating_restored is called.
- pub fn monitor_update_failed(&mut self, order: RAACommitmentOrder, resend_raa: bool, resend_commitment: bool, mut pending_forwards: Vec<(PendingForwardHTLCInfo, u64)>, mut pending_fails: Vec<(HTLCSource, PaymentHash, HTLCFailReason)>) {
+ /// which failed. The messages which were generated from that call which generated the
+ /// monitor update failure must *not* have been sent to the remote end, and must instead
+ /// have been dropped. They will be regenerated when monitor_updating_restored is called.
+ pub fn monitor_update_failed(&mut self, resend_raa: bool, resend_commitment: bool, mut pending_forwards: Vec<(PendingForwardHTLCInfo, u64)>, mut pending_fails: Vec<(HTLCSource, PaymentHash, HTLCFailReason)>) {
assert_eq!(self.channel_state & ChannelState::MonitorUpdateFailed as u32, 0);
self.monitor_pending_revoke_and_ack = resend_raa;
self.monitor_pending_commitment_signed = resend_commitment;
- self.monitor_pending_order = Some(order);
assert!(self.monitor_pending_forwards.is_empty());
mem::swap(&mut pending_forwards, &mut self.monitor_pending_forwards);
assert!(self.monitor_pending_failures.is_empty());
mem::swap(&mut failures, &mut self.monitor_pending_failures);
if self.channel_state & (ChannelState::PeerDisconnected as u32) != 0 {
- // Leave monitor_pending_order so we can order our channel_reestablish responses
self.monitor_pending_revoke_and_ack = false;
self.monitor_pending_commitment_signed = false;
return (None, None, RAACommitmentOrder::RevokeAndACKFirst, forwards, failures);
self.monitor_pending_revoke_and_ack = false;
self.monitor_pending_commitment_signed = false;
- (raa, commitment_update, self.monitor_pending_order.clone().unwrap(), forwards, failures)
+ let order = self.resend_order.clone();
+ log_trace!(self, "Restored monitor updating resulting in {} commitment update and {} RAA, with {} first",
+ if commitment_update.is_some() { "a" } else { "no" },
+ if raa.is_some() { "an" } else { "no" },
+ match order { RAACommitmentOrder::CommitmentFirst => "commitment", RAACommitmentOrder::RevokeAndACKFirst => "RAA"});
+ (raa, commitment_update, order, forwards, failures)
}
pub fn update_fee(&mut self, fee_estimator: &FeeEstimator, msg: &msgs::UpdateFee) -> Result<(), ChannelError> {
}
}
+ log_trace!(self, "Regenerated latest commitment update with {} update_adds, {} update_fulfills, {} update_fails, and {} update_fail_malformeds",
+ update_add_htlcs.len(), update_fulfill_htlcs.len(), update_fail_htlcs.len(), update_fail_malformed_htlcs.len());
msgs::CommitmentUpdate {
update_add_htlcs, update_fulfill_htlcs, update_fail_htlcs, update_fail_malformed_htlcs,
update_fee: None, //TODO: We need to support re-generating any update_fees in the last commitment_signed!
})
} else { None };
- let order = self.monitor_pending_order.clone().unwrap_or(if self.received_commitment_while_awaiting_raa {
- RAACommitmentOrder::CommitmentFirst
- } else {
- RAACommitmentOrder::RevokeAndACKFirst
- });
-
if msg.next_local_commitment_number == our_next_remote_commitment_number {
if required_revoke.is_some() {
log_debug!(self, "Reconnected channel {} with only lost outbound RAA", log_bytes!(self.channel_id()));
log_debug!(self, "Reconnected channel {} with no loss", log_bytes!(self.channel_id()));
}
- if (self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::MonitorUpdateFailed as u32)) == 0 &&
- self.monitor_pending_order.is_none() { // monitor_pending_order indicates we're waiting on a response to a unfreeze
+ if (self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32 | ChannelState::MonitorUpdateFailed as u32)) == 0 {
// We're up-to-date and not waiting on a remote revoke (if we are our
// channel_reestablish should result in them sending a revoke_and_ack), but we may
// have received some updates while we were disconnected. Free the holding cell
match self.free_holding_cell_htlcs() {
Err(ChannelError::Close(msg)) => return Err(ChannelError::Close(msg)),
Err(ChannelError::Ignore(_)) => panic!("Got non-channel-failing result from free_holding_cell_htlcs"),
- Ok(Some((commitment_update, channel_monitor))) => return Ok((resend_funding_locked, required_revoke, Some(commitment_update), Some(channel_monitor), order, shutdown_msg)),
- Ok(None) => return Ok((resend_funding_locked, required_revoke, None, None, order, shutdown_msg)),
+ Ok(Some((commitment_update, channel_monitor))) => return Ok((resend_funding_locked, required_revoke, Some(commitment_update), Some(channel_monitor), self.resend_order.clone(), shutdown_msg)),
+ Ok(None) => return Ok((resend_funding_locked, required_revoke, None, None, self.resend_order.clone(), shutdown_msg)),
}
} else {
- return Ok((resend_funding_locked, required_revoke, None, None, order, shutdown_msg));
+ return Ok((resend_funding_locked, required_revoke, None, None, self.resend_order.clone(), shutdown_msg));
}
} else if msg.next_local_commitment_number == our_next_remote_commitment_number - 1 {
if required_revoke.is_some() {
log_debug!(self, "Reconnected channel {} with only lost remote commitment tx", log_bytes!(self.channel_id()));
}
- // If monitor_pending_order is set, it must be CommitmentSigned if we have no RAA
- debug_assert!(self.monitor_pending_order != Some(RAACommitmentOrder::RevokeAndACKFirst) || required_revoke.is_some());
-
if self.channel_state & (ChannelState::MonitorUpdateFailed as u32) != 0 {
self.monitor_pending_commitment_signed = true;
- return Ok((resend_funding_locked, None, None, None, order, shutdown_msg));
+ return Ok((resend_funding_locked, None, None, None, self.resend_order.clone(), shutdown_msg));
}
- return Ok((resend_funding_locked, required_revoke, Some(self.get_last_commitment_update()), None, order, shutdown_msg));
+ return Ok((resend_funding_locked, required_revoke, Some(self.get_last_commitment_update()), None, self.resend_order.clone(), shutdown_msg));
} else {
return Err(ChannelError::Close("Peer attempted to reestablish channel with a very old remote commitment transaction"));
}
assert_eq!(self.channel_state & ChannelState::ShutdownComplete as u32, 0);
// BOLT 2 says we must only send a scriptpubkey of certain standard forms, which are up to
- // 34 bytes in length, so dont let the remote peer feed us some super fee-heavy script.
+ // 34 bytes in length, so don't let the remote peer feed us some super fee-heavy script.
if self.channel_outbound && msg.scriptpubkey.len() > 34 {
return Err(ChannelError::Close("Got shutdown_scriptpubkey of absurd length from remote peer"));
}
excess_data: Vec::new(),
};
- let msghash = hash_to_message!(&Sha256dHash::from_data(&msg.encode()[..])[..]);
+ let msghash = hash_to_message!(&Sha256dHash::hash(&msg.encode()[..])[..]);
let sig = self.secp_ctx.sign(&msghash, &self.local_keys.funding_key);
Ok((msg, sig))
/// waiting on the remote peer to send us a revoke_and_ack during which time we cannot add new
/// HTLCs on the wire or we wouldn't be able to determine what they actually ACK'ed.
/// You MUST call send_commitment prior to any other calls on this Channel
- /// If an Err is returned, its a ChannelError::Ignore!
+ /// If an Err is returned, it's a ChannelError::Ignore!
pub fn send_htlc(&mut self, amount_msat: u64, payment_hash: PaymentHash, cltv_expiry: u32, source: HTLCSource, onion_routing_packet: msgs::OnionPacket) -> Result<Option<msgs::UpdateAddHTLC>, ChannelError> {
if (self.channel_state & (ChannelState::ChannelFunded as u32 | BOTH_SIDES_SHUTDOWN_MASK)) != (ChannelState::ChannelFunded as u32) {
return Err(ChannelError::Ignore("Cannot send HTLC until channel is fully established and we haven't started shutting down"));
//TODO: Spec is unclear if this is per-direction or in total (I assume per direction):
// Check their_max_htlc_value_in_flight_msat
if htlc_outbound_value_msat + amount_msat > self.their_max_htlc_value_in_flight_msat {
- return Err(ChannelError::Ignore("Cannot send value that would put us over our max HTLC value in flight"));
- }
-
- let mut holding_cell_outbound_amount_msat = 0;
- for holding_htlc in self.holding_cell_htlc_updates.iter() {
- match holding_htlc {
- &HTLCUpdateAwaitingACK::AddHTLC { ref amount_msat, .. } => {
- holding_cell_outbound_amount_msat += *amount_msat;
- }
- _ => {}
- }
+ return Err(ChannelError::Ignore("Cannot send value that would put us over the max HTLC value in flight"));
}
// Check self.their_channel_reserve_satoshis (the amount we must keep as
// reserve for them to have something to claim if we misbehave)
- if self.value_to_self_msat < self.their_channel_reserve_satoshis * 1000 + amount_msat + holding_cell_outbound_amount_msat + htlc_outbound_value_msat {
- return Err(ChannelError::Ignore("Cannot send value that would put us over our reserve value"));
+ if self.value_to_self_msat < self.their_channel_reserve_satoshis * 1000 + amount_msat + htlc_outbound_value_msat {
+ return Err(ChannelError::Ignore("Cannot send value that would put us over the reserve value"));
}
//TODO: Check cltv_expiry? Do this in channel manager?
// Now update local state:
if (self.channel_state & (ChannelState::AwaitingRemoteRevoke as u32)) == (ChannelState::AwaitingRemoteRevoke as u32) {
- //TODO: Check the limits *including* other pending holding cell HTLCs!
self.holding_cell_htlc_updates.push(HTLCUpdateAwaitingACK::AddHTLC {
amount_msat: amount_msat,
payment_hash: payment_hash,
cltv_expiry: cltv_expiry,
source,
onion_routing_packet: onion_routing_packet,
- time_created: Instant::now(),
});
return Ok(None);
}
cltv_expiry: cltv_expiry,
state: OutboundHTLCState::LocalAnnounced(Box::new(onion_routing_packet.clone())),
source,
- fail_reason: None,
});
let res = msgs::UpdateAddHTLC {
}
}
for htlc in self.pending_outbound_htlcs.iter_mut() {
- if let OutboundHTLCState::AwaitingRemoteRevokeToRemove = htlc.state {
- htlc.state = OutboundHTLCState::AwaitingRemovedRemoteRevoke;
+ if let Some(fail_reason) = if let &mut OutboundHTLCState::AwaitingRemoteRevokeToRemove(ref mut fail_reason) = &mut htlc.state {
+ Some(fail_reason.take())
+ } else { None } {
+ htlc.state = OutboundHTLCState::AwaitingRemovedRemoteRevoke(fail_reason);
}
}
+ self.resend_order = RAACommitmentOrder::RevokeAndACKFirst;
let (res, remote_commitment_tx, htlcs) = match self.send_commitment_no_state_update() {
Ok((res, (remote_commitment_tx, mut htlcs))) => {
let remote_commitment_txid = remote_commitment_tx.0.txid();
let remote_sighash = hash_to_message!(&bip143::SighashComponents::new(&remote_commitment_tx.0).sighash_all(&remote_commitment_tx.0.input[0], &funding_script, self.channel_value_satoshis)[..]);
let our_sig = self.secp_ctx.sign(&remote_sighash, &self.local_keys.funding_key);
+ log_trace!(self, "Signing remote commitment tx {} with redeemscript {} with pubkey {} -> {}", encode::serialize_hex(&remote_commitment_tx.0), encode::serialize_hex(&funding_script), log_bytes!(PublicKey::from_secret_key(&self.secp_ctx, &self.local_keys.funding_key).serialize()), log_bytes!(our_sig.serialize_compact()[..]));
let mut htlc_sigs = Vec::with_capacity(remote_commitment_tx.1);
for &(ref htlc, _) in remote_commitment_tx.2.iter() {
let htlc_sighash = hash_to_message!(&bip143::SighashComponents::new(&htlc_tx).sighash_all(&htlc_tx.input[0], &htlc_redeemscript, htlc.amount_msat / 1000)[..]);
let our_htlc_key = secp_check!(chan_utils::derive_private_key(&self.secp_ctx, &remote_keys.per_commitment_point, &self.local_keys.htlc_base_key), "Derived invalid key, peer is maliciously selecting parameters");
htlc_sigs.push(self.secp_ctx.sign(&htlc_sighash, &our_htlc_key));
+ log_trace!(self, "Signing remote HTLC tx {} with redeemscript {} with pubkey {} -> {}", encode::serialize_hex(&htlc_tx), encode::serialize_hex(&htlc_redeemscript), log_bytes!(PublicKey::from_secret_key(&self.secp_ctx, &our_htlc_key).serialize()), log_bytes!(htlc_sigs.last().unwrap().serialize_compact()[..]));
}
}
}, dropped_outbound_htlcs))
}
- /// Gets the latest commitment transaction and any dependant transactions for relay (forcing
+ /// Gets the latest commitment transaction and any dependent transactions for relay (forcing
/// shutdown of this channel - no more calls into this Channel may be made afterwards except
/// those explicitly stated to be allowed after shutdown completes, eg some simple getters).
/// Also returns the list of payment_hashes for channels which we can safely fail backwards
self.cur_remote_commitment_transaction_number.write(writer)?;
self.value_to_self_msat.write(writer)?;
- self.received_commitment_while_awaiting_raa.write(writer)?;
-
let mut dropped_inbound_htlcs = 0;
for htlc in self.pending_inbound_htlcs.iter() {
if let InboundHTLCState::RemoteAnnounced(_) = htlc.state {
htlc.cltv_expiry.write(writer)?;
htlc.payment_hash.write(writer)?;
htlc.source.write(writer)?;
- write_option!(htlc.fail_reason);
match &htlc.state {
&OutboundHTLCState::LocalAnnounced(ref onion_packet) => {
0u8.write(writer)?;
&OutboundHTLCState::Committed => {
1u8.write(writer)?;
},
- &OutboundHTLCState::RemoteRemoved => {
+ &OutboundHTLCState::RemoteRemoved(ref fail_reason) => {
2u8.write(writer)?;
+ write_option!(*fail_reason);
},
- &OutboundHTLCState::AwaitingRemoteRevokeToRemove => {
+ &OutboundHTLCState::AwaitingRemoteRevokeToRemove(ref fail_reason) => {
3u8.write(writer)?;
+ write_option!(*fail_reason);
},
- &OutboundHTLCState::AwaitingRemovedRemoteRevoke => {
+ &OutboundHTLCState::AwaitingRemovedRemoteRevoke(ref fail_reason) => {
4u8.write(writer)?;
+ write_option!(*fail_reason);
},
}
}
(self.holding_cell_htlc_updates.len() as u64).write(writer)?;
for update in self.holding_cell_htlc_updates.iter() {
match update {
- &HTLCUpdateAwaitingACK::AddHTLC { ref amount_msat, ref cltv_expiry, ref payment_hash, ref source, ref onion_routing_packet, time_created: _ } => {
+ &HTLCUpdateAwaitingACK::AddHTLC { ref amount_msat, ref cltv_expiry, ref payment_hash, ref source, ref onion_routing_packet } => {
0u8.write(writer)?;
amount_msat.write(writer)?;
cltv_expiry.write(writer)?;
payment_hash.write(writer)?;
source.write(writer)?;
onion_routing_packet.write(writer)?;
- // time_created is not serialized - we re-init the timeout upon deserialization
},
&HTLCUpdateAwaitingACK::ClaimHTLC { ref payment_preimage, ref htlc_id } => {
1u8.write(writer)?;
}
}
+ match self.resend_order {
+ RAACommitmentOrder::CommitmentFirst => 0u8.write(writer)?,
+ RAACommitmentOrder::RevokeAndACKFirst => 1u8.write(writer)?,
+ }
+
self.monitor_pending_revoke_and_ack.write(writer)?;
self.monitor_pending_commitment_signed.write(writer)?;
- match self.monitor_pending_order {
- None => 0u8.write(writer)?,
- Some(RAACommitmentOrder::CommitmentFirst) => 1u8.write(writer)?,
- Some(RAACommitmentOrder::RevokeAndACKFirst) => 2u8.write(writer)?,
- }
(self.monitor_pending_forwards.len() as u64).write(writer)?;
for &(ref pending_forward, ref htlc_id) in self.monitor_pending_forwards.iter() {
let cur_remote_commitment_transaction_number = Readable::read(reader)?;
let value_to_self_msat = Readable::read(reader)?;
- let received_commitment_while_awaiting_raa = Readable::read(reader)?;
-
let pending_inbound_htlc_count: u64 = Readable::read(reader)?;
let mut pending_inbound_htlcs = Vec::with_capacity(cmp::min(pending_inbound_htlc_count as usize, OUR_MAX_HTLCS as usize));
for _ in 0..pending_inbound_htlc_count {
cltv_expiry: Readable::read(reader)?,
payment_hash: Readable::read(reader)?,
source: Readable::read(reader)?,
- fail_reason: Readable::read(reader)?,
state: match <u8 as Readable<R>>::read(reader)? {
0 => OutboundHTLCState::LocalAnnounced(Box::new(Readable::read(reader)?)),
1 => OutboundHTLCState::Committed,
- 2 => OutboundHTLCState::RemoteRemoved,
- 3 => OutboundHTLCState::AwaitingRemoteRevokeToRemove,
- 4 => OutboundHTLCState::AwaitingRemovedRemoteRevoke,
+ 2 => OutboundHTLCState::RemoteRemoved(Readable::read(reader)?),
+ 3 => OutboundHTLCState::AwaitingRemoteRevokeToRemove(Readable::read(reader)?),
+ 4 => OutboundHTLCState::AwaitingRemovedRemoteRevoke(Readable::read(reader)?),
_ => return Err(DecodeError::InvalidValue),
},
});
payment_hash: Readable::read(reader)?,
source: Readable::read(reader)?,
onion_routing_packet: Readable::read(reader)?,
- time_created: Instant::now(),
},
1 => HTLCUpdateAwaitingACK::ClaimHTLC {
payment_preimage: Readable::read(reader)?,
});
}
- let monitor_pending_revoke_and_ack = Readable::read(reader)?;
- let monitor_pending_commitment_signed = Readable::read(reader)?;
-
- let monitor_pending_order = match <u8 as Readable<R>>::read(reader)? {
- 0 => None,
- 1 => Some(RAACommitmentOrder::CommitmentFirst),
- 2 => Some(RAACommitmentOrder::RevokeAndACKFirst),
+ let resend_order = match <u8 as Readable<R>>::read(reader)? {
+ 0 => RAACommitmentOrder::CommitmentFirst,
+ 1 => RAACommitmentOrder::RevokeAndACKFirst,
_ => return Err(DecodeError::InvalidValue),
};
+ let monitor_pending_revoke_and_ack = Readable::read(reader)?;
+ let monitor_pending_commitment_signed = Readable::read(reader)?;
+
let monitor_pending_forwards_count: u64 = Readable::read(reader)?;
let mut monitor_pending_forwards = Vec::with_capacity(cmp::min(monitor_pending_forwards_count as usize, OUR_MAX_HTLCS as usize));
for _ in 0..monitor_pending_forwards_count {
cur_remote_commitment_transaction_number,
value_to_self_msat,
- received_commitment_while_awaiting_raa,
pending_inbound_htlcs,
pending_outbound_htlcs,
holding_cell_htlc_updates,
+ resend_order,
+
monitor_pending_revoke_and_ack,
monitor_pending_commitment_signed,
- monitor_pending_order,
monitor_pending_forwards,
monitor_pending_failures,
#[cfg(test)]
mod tests {
- use bitcoin::util::hash::{Sha256dHash, Hash160};
use bitcoin::util::bip143;
use bitcoin::consensus::encode::serialize;
use bitcoin::blockdata::script::{Script, Builder};
use bitcoin::blockdata::transaction::Transaction;
use bitcoin::blockdata::opcodes;
+ use bitcoin_hashes::hex::FromHex;
use hex;
use ln::channelmanager::{HTLCSource, PaymentPreimage, PaymentHash};
use ln::channel::{Channel,ChannelKeys,InboundHTLCOutput,OutboundHTLCOutput,InboundHTLCState,OutboundHTLCState,HTLCOutputInCommitment,TxCreationKeys};
use secp256k1::{Secp256k1,Message,Signature};
use secp256k1::key::{SecretKey,PublicKey};
use bitcoin_hashes::sha256::Hash as Sha256;
+ use bitcoin_hashes::sha256d::Hash as Sha256dHash;
+ use bitcoin_hashes::hash160::Hash as Hash160;
use bitcoin_hashes::Hash;
use std::sync::Arc;
#[test]
fn test_max_funding_satoshis() {
assert!(MAX_FUNDING_SATOSHIS <= 21_000_000 * 100_000_000,
- "MAX_FUNDING_SATOSHIS is greater than all satoshis on existence");
+ "MAX_FUNDING_SATOSHIS is greater than all satoshis in existence");
}
struct Keys {
fn get_destination_script(&self) -> Script {
let secp_ctx = Secp256k1::signing_only();
let channel_monitor_claim_key = SecretKey::from_slice(&hex::decode("0fffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff").unwrap()[..]).unwrap();
- let our_channel_monitor_claim_key_hash = Hash160::from_data(&PublicKey::from_secret_key(&secp_ctx, &channel_monitor_claim_key).serialize());
+ let our_channel_monitor_claim_key_hash = Hash160::hash(&PublicKey::from_secret_key(&secp_ctx, &channel_monitor_claim_key).serialize());
Builder::new().push_opcode(opcodes::all::OP_PUSHBYTES_0).push_slice(&our_channel_monitor_claim_key_hash[..]).into_script()
}
payment_hash: PaymentHash([0; 32]),
state: OutboundHTLCState::Committed,
source: HTLCSource::dummy(),
- fail_reason: None,
};
out.payment_hash.0 = Sha256::hash(&hex::decode("0202020202020202020202020202020202020202020202020202020202020202").unwrap()).into_inner();
out
payment_hash: PaymentHash([0; 32]),
state: OutboundHTLCState::Committed,
source: HTLCSource::dummy(),
- fail_reason: None,
};
out.payment_hash.0 = Sha256::hash(&hex::decode("0303030303030303030303030303030303030303030303030303030303030303").unwrap()).into_inner();
out