X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=blobdiff_plain;f=lightning%2Fsrc%2Futil%2Fconfig.rs;h=ec34f5322890f2095fcc56f22d237dedc2b76a56;hb=328407351c6aeb84e9407281ec5d35b1a4690650;hp=a76f71621011d80b55c02fe898e769055427a808;hpb=e53344663ce58ba0bd04b14f2fce26577de4defb;p=rust-lightning diff --git a/lightning/src/util/config.rs b/lightning/src/util/config.rs index a76f7162..ec34f532 100644 --- a/lightning/src/util/config.rs +++ b/lightning/src/util/config.rs @@ -10,8 +10,8 @@ //! Various user-configurable channel limits and settings which ChannelManager //! applies for you. -use ln::channel::MAX_FUNDING_SATOSHIS_NO_WUMBO; -use ln::channelmanager::{BREAKDOWN_TIMEOUT, MAX_LOCAL_BREAKDOWN_TIMEOUT}; +use crate::ln::channel::MAX_FUNDING_SATOSHIS_NO_WUMBO; +use crate::ln::channelmanager::{BREAKDOWN_TIMEOUT, MAX_LOCAL_BREAKDOWN_TIMEOUT}; /// Configuration we set when applicable. /// @@ -120,12 +120,56 @@ pub struct ChannelHandshakeConfig { /// any attacker who is able to take control of a channel can just as easily send the funds via /// lightning payments, so we never require that our counterparties support this option. /// - /// The upfront key committed is provided from [`KeysInterface::get_shutdown_scriptpubkey`]. + /// The upfront key committed is provided from [`SignerProvider::get_shutdown_scriptpubkey`]. /// /// Default value: true. /// - /// [`KeysInterface::get_shutdown_scriptpubkey`]: crate::chain::keysinterface::KeysInterface::get_shutdown_scriptpubkey + /// [`SignerProvider::get_shutdown_scriptpubkey`]: crate::chain::keysinterface::SignerProvider::get_shutdown_scriptpubkey pub commit_upfront_shutdown_pubkey: bool, + /// The Proportion of the channel value to configure as counterparty's channel reserve, + /// i.e., `their_channel_reserve_satoshis` for both outbound and inbound channels. + /// + /// `their_channel_reserve_satoshis` is the minimum balance that the other node has to maintain + /// on their side, at all times. + /// This ensures that if our counterparty broadcasts a revoked state, we can punish them by + /// claiming at least this value on chain. + /// + /// Channel reserve values greater than 30% could be considered highly unreasonable, since that + /// amount can never be used for payments. + /// Also, if our selected channel reserve for counterparty and counterparty's selected + /// channel reserve for us sum up to equal or greater than channel value, channel negotiations + /// will fail. + /// + /// Note: Versions of LDK earlier than v0.0.104 will fail to read channels with any channel reserve + /// other than the default value. + /// + /// Default value: 1% of channel value, i.e., configured as 10,000 millionths. + /// Minimum value: If the calculated proportional value is less than 1000 sats, it will be treated + /// as 1000 sats instead, which is a safe implementation-specific lower bound. + /// Maximum value: 1,000,000, any values larger than 1 Million will be treated as 1 Million (or 100%) + /// instead, although channel negotiations will fail in that case. + pub their_channel_reserve_proportional_millionths: u32, + #[cfg(anchors)] + /// If set, we attempt to negotiate the `anchors_zero_fee_htlc_tx`option for outbound channels. + /// + /// If this option is set, channels may be created that will not be readable by LDK versions + /// prior to 0.0.114, causing [`ChannelManager`]'s read method to return a + /// [`DecodeError::InvalidValue`]. + /// + /// Note that setting this to true does *not* prevent us from opening channels with + /// counterparties that do not support the `anchors_zero_fee_htlc_tx` option; we will simply + /// fall back to a `static_remote_key` channel. + /// + /// LDK will not support the legacy `option_anchors` commitment version due to a discovered + /// vulnerability after its deployment. For more context, see the [`SIGHASH_SINGLE + update_fee + /// Considered Harmful`] mailing list post. + /// + /// Default value: false. This value is likely to change to true in the future. + /// + /// [`ChannelManager`]: crate::ln::channelmanager::ChannelManager + /// [`DecodeError::InvalidValue`]: crate::ln::msgs::DecodeError::InvalidValue + /// [`SIGHASH_SINGLE + update_fee Considered Harmful`]: https://lists.linuxfoundation.org/pipermail/lightning-dev/2020-September/002796.html + pub negotiate_anchors_zero_fee_htlc_tx: bool, } impl Default for ChannelHandshakeConfig { @@ -138,6 +182,9 @@ impl Default for ChannelHandshakeConfig { negotiate_scid_privacy: false, announced_channel: false, commit_upfront_shutdown_pubkey: true, + their_channel_reserve_proportional_millionths: 10_000, + #[cfg(anchors)] + negotiate_anchors_zero_fee_htlc_tx: false, } } } @@ -146,7 +193,7 @@ impl Default for ChannelHandshakeConfig { /// /// These limits are only applied to our counterparty's limits, not our own. /// -/// Use 0/::max_value() as appropriate to skip checking. +/// Use 0/`::max_value()` as appropriate to skip checking. /// /// Provides sane defaults for most configurations. /// @@ -249,7 +296,7 @@ impl Default for ChannelHandshakeLimits { /// Options which apply on a per-channel basis and may change at runtime or based on negotiation /// with our counterparty. -#[derive(Copy, Clone, Debug)] +#[derive(Copy, Clone, Debug, PartialEq, Eq)] pub struct ChannelConfig { /// Amount (in millionths of a satoshi) charged per satoshi for payments forwarded outbound /// over the channel. @@ -300,6 +347,12 @@ pub struct ChannelConfig { /// to such payments may be sustantial if there are many dust HTLCs present when the /// channel is force-closed. /// + /// The dust threshold for each HTLC is based on the `dust_limit_satoshis` for each party in a + /// channel negotiated throughout the channel open process, along with the fees required to have + /// a broadcastable HTLC spending transaction. When a channel supports anchor outputs + /// (specifically the zero fee HTLC transaction variant), this threshold no longer takes into + /// account the HTLC transaction fee as it is zero. + /// /// This limit is applied for sent, forwarded, and received HTLCs and limits the total /// exposure across all three types per-channel. Setting this too low may prevent the /// sending or receipt of low-value HTLCs on high-traffic nodes, and this limit is very @@ -345,6 +398,17 @@ impl Default for ChannelConfig { } } +impl_writeable_tlv_based!(ChannelConfig, { + (0, forwarding_fee_proportional_millionths, required), + (2, forwarding_fee_base_msat, required), + (4, cltv_expiry_delta, required), + (6, max_dust_htlc_exposure_msat, required), + // ChannelConfig serialized this field with a required type of 8 prior to the introduction of + // LegacyChannelConfig. To make sure that serialization is not compatible with this one, we use + // the next required type of 10, which if seen by the old serialization will always fail. + (10, force_close_avoidance_max_fee_satoshis, required), +}); + /// Legacy version of [`ChannelConfig`] that stored the static /// [`ChannelHandshakeConfig::announced_channel`] and /// [`ChannelHandshakeConfig::commit_upfront_shutdown_pubkey`] fields. @@ -370,8 +434,8 @@ impl Default for LegacyChannelConfig { } } -impl ::util::ser::Writeable for LegacyChannelConfig { - fn write(&self, writer: &mut W) -> Result<(), ::io::Error> { +impl crate::util::ser::Writeable for LegacyChannelConfig { + fn write(&self, writer: &mut W) -> Result<(), crate::io::Error> { write_tlv_fields!(writer, { (0, self.options.forwarding_fee_proportional_millionths, required), (1, self.options.max_dust_htlc_exposure_msat, (default_value, 5_000_000)), @@ -385,8 +449,8 @@ impl ::util::ser::Writeable for LegacyChannelConfig { } } -impl ::util::ser::Readable for LegacyChannelConfig { - fn read(reader: &mut R) -> Result { +impl crate::util::ser::Readable for LegacyChannelConfig { + fn read(reader: &mut R) -> Result { let mut forwarding_fee_proportional_millionths = 0; let mut max_dust_htlc_exposure_msat = 5_000_000; let mut cltv_expiry_delta = 0; @@ -396,9 +460,9 @@ impl ::util::ser::Readable for LegacyChannelConfig { let mut forwarding_fee_base_msat = 0; read_tlv_fields!(reader, { (0, forwarding_fee_proportional_millionths, required), - (1, max_dust_htlc_exposure_msat, (default_value, 5_000_000)), + (1, max_dust_htlc_exposure_msat, (default_value, 5_000_000u64)), (2, cltv_expiry_delta, required), - (3, force_close_avoidance_max_fee_satoshis, (default_value, 1000)), + (3, force_close_avoidance_max_fee_satoshis, (default_value, 1000u64)), (4, announced_channel, required), (6, commit_upfront_shutdown_pubkey, required), (8, forwarding_fee_base_msat, required), @@ -459,10 +523,21 @@ pub struct UserConfig { /// /// Default value: false. /// - /// [`Event::OpenChannelRequest`]: crate::util::events::Event::OpenChannelRequest + /// [`Event::OpenChannelRequest`]: crate::events::Event::OpenChannelRequest /// [`msgs::OpenChannel`]: crate::ln::msgs::OpenChannel /// [`msgs::AcceptChannel`]: crate::ln::msgs::AcceptChannel pub manually_accept_inbound_channels: bool, + /// If this is set to true, LDK will intercept HTLCs that are attempting to be forwarded over + /// fake short channel ids generated via [`ChannelManager::get_intercept_scid`]. Upon HTLC + /// intercept, LDK will generate an [`Event::HTLCIntercepted`] which MUST be handled by the user. + /// + /// Setting this to true may break backwards compatibility with LDK versions < 0.0.113. + /// + /// Default value: false. + /// + /// [`ChannelManager::get_intercept_scid`]: crate::ln::channelmanager::ChannelManager::get_intercept_scid + /// [`Event::HTLCIntercepted`]: crate::events::Event::HTLCIntercepted + pub accept_intercept_htlcs: bool, } impl Default for UserConfig { @@ -474,6 +549,7 @@ impl Default for UserConfig { accept_forwards_to_priv_channels: false, accept_inbound_channels: true, manually_accept_inbound_channels: false, + accept_intercept_htlcs: false, } } }