X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=blobdiff_plain;f=lightning%2Fsrc%2Fln%2Fchannel.rs;h=1279f310d4bfdbcfd134a9b53c95674fa0dd21bf;hb=871f4143672b9d8e616dbc2b6df87366590179d0;hp=ca1887d8b2595c1485f7e120841b9368019237c5;hpb=c8d4536b3e4baa94590ca43bc39cff2cc85e96e1;p=rust-lightning

diff --git a/lightning/src/ln/channel.rs b/lightning/src/ln/channel.rs
index ca1887d8..1279f310 100644
--- a/lightning/src/ln/channel.rs
+++ b/lightning/src/ln/channel.rs
@@ -376,13 +376,10 @@ pub(super) struct Channel<Signer: Sign> {
 
 	last_sent_closing_fee: Option<(u32, u64, Signature)>, // (feerate, fee, holder_sig)
 
-	/// The hash of the block in which the funding transaction reached our CONF_TARGET. We use this
-	/// to detect unconfirmation after a serialize-unserialize roundtrip where we may not see a full
-	/// series of block_connected/block_disconnected calls. Obviously this is not a guarantee as we
-	/// could miss the funding_tx_confirmed_in block as well, but it serves as a useful fallback.
+	/// The hash of the block in which the funding transaction was included.
 	funding_tx_confirmed_in: Option<BlockHash>,
+	funding_tx_confirmation_height: u64,
 	short_channel_id: Option<u64>,
-	funding_tx_confirmations: u64,
 
 	counterparty_dust_limit_satoshis: u64,
 	#[cfg(test)]
@@ -441,10 +438,6 @@ struct CommitmentTxInfoCached {
 }
 
 pub const OUR_MAX_HTLCS: u16 = 50; //TODO
-/// Confirmation count threshold at which we close a channel. Ideally we'd keep the channel around
-/// on ice until the funding transaction gets more confirmations, but the LN protocol doesn't
-/// really allow for this, so instead we're stuck closing it out at that point.
-const UNCONF_THRESHOLD: u32 = 6;
 const SPENDING_INPUT_FOR_A_OUTPUT_WEIGHT: u64 = 79; // prevout: 36, nSequence: 4, script len: 1, witness lengths: (3+1)/4, sig: 73/4, if-selector: 1, redeemScript: (6 ops + 2*33 pubkeys + 1*2 delay)/4
 const B_OUTPUT_PLUS_SPENDING_INPUT_WEIGHT: u64 = 104; // prevout: 40, nSequence: 4, script len: 1, witness lengths: 3/4, sig: 73/4, pubkey: 33/4, output: 31 (TODO: Wrong? Useless?)
 
@@ -581,8 +574,8 @@ impl<Signer: Sign> Channel<Signer> {
 			last_sent_closing_fee: None,
 
 			funding_tx_confirmed_in: None,
+			funding_tx_confirmation_height: 0,
 			short_channel_id: None,
-			funding_tx_confirmations: 0,
 
 			feerate_per_kw: feerate,
 			counterparty_dust_limit_satoshis: 0,
@@ -818,8 +811,8 @@ impl<Signer: Sign> Channel<Signer> {
 			last_sent_closing_fee: None,
 
 			funding_tx_confirmed_in: None,
+			funding_tx_confirmation_height: 0,
 			short_channel_id: None,
-			funding_tx_confirmations: 0,
 
 			feerate_per_kw: msg.feerate_per_kw,
 			channel_value_satoshis: msg.funding_satoshis,
@@ -3509,38 +3502,7 @@ impl<Signer: Sign> Channel<Signer> {
 		self.network_sync == UpdateStatus::DisabledMarked
 	}
 
-	/// When we receive a new block, we (a) check whether the block contains the funding
-	/// transaction (which would start us counting blocks until we send the funding_signed), and
-	/// (b) check the height of the block against outbound holding cell HTLCs in case we need to
-	/// give up on them prematurely and time them out. Everything else (e.g. commitment
-	/// transaction broadcasts, channel closure detection, HTLC transaction broadcasting, etc) is
-	/// handled by the ChannelMonitor.
-	///
-	/// If we return Err, the channel may have been closed, at which point the standard
-	/// requirements apply - no calls may be made except those explicitly stated to be allowed
-	/// post-shutdown.
-	/// Only returns an ErrorAction of DisconnectPeer, if Err.
-	///
-	/// May return some HTLCs (and their payment_hash) which have timed out and should be failed
-	/// back.
-	pub fn block_connected(&mut self, header: &BlockHeader, txdata: &TransactionData, height: u32) -> Result<(Option<msgs::FundingLocked>, Vec<(HTLCSource, PaymentHash)>), msgs::ErrorMessage> {
-		let mut timed_out_htlcs = Vec::new();
-		self.holding_cell_htlc_updates.retain(|htlc_update| {
-			match htlc_update {
-				&HTLCUpdateAwaitingACK::AddHTLC { ref payment_hash, ref source, ref cltv_expiry, .. } => {
-					if *cltv_expiry <= height + HTLC_FAIL_BACK_BUFFER {
-						timed_out_htlcs.push((source.clone(), payment_hash.clone()));
-						false
-					} else { true }
-				},
-				_ => true
-			}
-		});
-
-		if self.funding_tx_confirmations > 0 {
-			self.funding_tx_confirmations += 1;
-		}
-
+	pub fn transactions_confirmed(&mut self, block_hash: &BlockHash, height: u32, txdata: &TransactionData) -> Result<(), msgs::ErrorMessage> {
 		let non_shutdown_state = self.channel_state & (!MULTI_STATE_FLAGS);
 		if non_shutdown_state & !(ChannelState::TheirFundingLocked as u32) == ChannelState::FundingSent as u32 {
 			for &(index_in_block, tx) in txdata.iter() {
@@ -3575,7 +3537,8 @@ impl<Signer: Sign> Channel<Signer> {
 								}
 							}
 						}
-						self.funding_tx_confirmations = 1;
+						self.funding_tx_confirmation_height = height as u64;
+						self.funding_tx_confirmed_in = Some(*block_hash);
 						self.short_channel_id = match scid_from_parts(height as u64, index_in_block as u64, txo_idx as u64) {
 							Ok(scid) => Some(scid),
 							Err(_) => panic!("Block was bogus - either height was > 16 million, had > 16 million transactions, or had > 65k outputs"),
@@ -3584,10 +3547,53 @@ impl<Signer: Sign> Channel<Signer> {
 				}
 			}
 		}
+		Ok(())
+	}
 
-		self.update_time_counter = cmp::max(self.update_time_counter, header.time);
-		if self.funding_tx_confirmations > 0 {
-			if self.funding_tx_confirmations == self.minimum_depth as u64 {
+	/// When a new block is connected, we check the height of the block against outbound holding
+	/// cell HTLCs in case we need to give up on them prematurely and time them out. Everything
+	/// else (e.g. commitment transaction broadcasts, HTLC transaction broadcasting, etc) is
+	/// handled by the ChannelMonitor.
+	///
+	/// If we return Err, the channel may have been closed, at which point the standard
+	/// requirements apply - no calls may be made except those explicitly stated to be allowed
+	/// post-shutdown.
+	///
+	/// May return some HTLCs (and their payment_hash) which have timed out and should be failed
+	/// back.
+	pub fn update_best_block(&mut self, height: u32, highest_header_time: u32) -> Result<(Option<msgs::FundingLocked>, Vec<(HTLCSource, PaymentHash)>), msgs::ErrorMessage> {
+		let mut timed_out_htlcs = Vec::new();
+		let unforwarded_htlc_cltv_limit = height + HTLC_FAIL_BACK_BUFFER;
+		self.holding_cell_htlc_updates.retain(|htlc_update| {
+			match htlc_update {
+				&HTLCUpdateAwaitingACK::AddHTLC { ref payment_hash, ref source, ref cltv_expiry, .. } => {
+					if *cltv_expiry <= unforwarded_htlc_cltv_limit {
+						timed_out_htlcs.push((source.clone(), payment_hash.clone()));
+						false
+					} else { true }
+				},
+				_ => true
+			}
+		});
+
+		self.update_time_counter = cmp::max(self.update_time_counter, highest_header_time);
+		if self.funding_tx_confirmation_height > 0 {
+			let funding_tx_confirmations = height as i64 - self.funding_tx_confirmation_height as i64 + 1;
+			if funding_tx_confirmations <= 0 {
+				self.funding_tx_confirmation_height = 0;
+			}
+
+			let non_shutdown_state = self.channel_state & (!MULTI_STATE_FLAGS);
+			if (non_shutdown_state >= ChannelState::ChannelFunded as u32 ||
+			   (non_shutdown_state & ChannelState::OurFundingLocked as u32) == ChannelState::OurFundingLocked as u32) &&
+			    funding_tx_confirmations < self.minimum_depth as i64 / 2 {
+				return Err(msgs::ErrorMessage {
+					channel_id: self.channel_id(),
+					data: format!("Funding transaction was un-confirmed. Locked at {} confs, now have {} confs.", self.minimum_depth, funding_tx_confirmations),
+				});
+			}
+
+			if funding_tx_confirmations == self.minimum_depth as i64 {
 				let need_commitment_update = if non_shutdown_state == ChannelState::FundingSent as u32 {
 					self.channel_state |= ChannelState::OurFundingLocked as u32;
 					true
@@ -3606,7 +3612,6 @@ impl<Signer: Sign> Channel<Signer> {
 					// funding_tx_confirmed_in and return.
 					false
 				};
-				self.funding_tx_confirmed_in = Some(header.block_hash());
 
 				//TODO: Note that this must be a duplicate of the previous commitment point they sent us,
 				//as otherwise we will have a commitment transaction that they can't revoke (well, kinda,
@@ -3626,21 +3631,35 @@ impl<Signer: Sign> Channel<Signer> {
 				}
 			}
 		}
+
 		Ok((None, timed_out_htlcs))
 	}
 
+	/// When we receive a new block, we (a) check whether the block contains the funding
+	/// transaction (which would start us counting blocks until we send the funding_signed), and
+	/// (b) check the height of the block against outbound holding cell HTLCs in case we need to
+	/// give up on them prematurely and time them out. Everything else (e.g. commitment
+	/// transaction broadcasts, channel closure detection, HTLC transaction broadcasting, etc) is
+	/// handled by the ChannelMonitor.
+	///
+	/// If we return Err, the channel may have been closed, at which point the standard
+	/// requirements apply - no calls may be made except those explicitly stated to be allowed
+	/// post-shutdown.
+	/// Only returns an ErrorAction of DisconnectPeer, if Err.
+	///
+	/// May return some HTLCs (and their payment_hash) which have timed out and should be failed
+	/// back.
+	pub fn block_connected(&mut self, header: &BlockHeader, txdata: &TransactionData, height: u32) -> Result<(Option<msgs::FundingLocked>, Vec<(HTLCSource, PaymentHash)>), msgs::ErrorMessage> {
+		self.transactions_confirmed(&header.block_hash(), height, txdata)?;
+		self.update_best_block(height, header.time)
+	}
+
 	/// Called by channelmanager based on chain blocks being disconnected.
 	/// Returns true if we need to close the channel now due to funding transaction
 	/// unconfirmation/reorg.
-	pub fn block_disconnected(&mut self, header: &BlockHeader) -> bool {
-		if self.funding_tx_confirmations > 0 {
-			self.funding_tx_confirmations -= 1;
-			if self.funding_tx_confirmations == UNCONF_THRESHOLD as u64 {
-				return true;
-			}
-		}
-		if Some(header.block_hash()) == self.funding_tx_confirmed_in {
-			self.funding_tx_confirmations = self.minimum_depth as u64 - 1;
+	pub fn block_disconnected(&mut self, header: &BlockHeader, new_height: u32) -> bool {
+		if self.update_best_block(new_height, header.time).is_err() {
+			return true;
 		}
 		false
 	}
@@ -4466,8 +4485,8 @@ impl<Signer: Sign> Writeable for Channel<Signer> {
 		}
 
 		self.funding_tx_confirmed_in.write(writer)?;
+		self.funding_tx_confirmation_height.write(writer)?;
 		self.short_channel_id.write(writer)?;
-		self.funding_tx_confirmations.write(writer)?;
 
 		self.counterparty_dust_limit_satoshis.write(writer)?;
 		self.holder_dust_limit_satoshis.write(writer)?;
@@ -4636,8 +4655,8 @@ impl<'a, Signer: Sign, K: Deref> ReadableArgs<&'a K> for Channel<Signer>
 		};
 
 		let funding_tx_confirmed_in = Readable::read(reader)?;
+		let funding_tx_confirmation_height = Readable::read(reader)?;
 		let short_channel_id = Readable::read(reader)?;
-		let funding_tx_confirmations = Readable::read(reader)?;
 
 		let counterparty_dust_limit_satoshis = Readable::read(reader)?;
 		let holder_dust_limit_satoshis = Readable::read(reader)?;
@@ -4716,8 +4735,8 @@ impl<'a, Signer: Sign, K: Deref> ReadableArgs<&'a K> for Channel<Signer>
 			last_sent_closing_fee,
 
 			funding_tx_confirmed_in,
+			funding_tx_confirmation_height,
 			short_channel_id,
-			funding_tx_confirmations,
 
 			counterparty_dust_limit_satoshis,
 			holder_dust_limit_satoshis,