X-Git-Url: http://git.bitcoin.ninja/index.cgi?a=blobdiff_plain;f=src%2Fmain%2Fjava%2Forg%2Fldk%2Fenums%2FChannelMonitorUpdateErr.java;h=55c551e4dbea37fe6481f4b338031a0c973cfe0c;hb=f3e670e9341decac613d33fc52febf19cea32f20;hp=d7b1ddb4355e0f7f24891976b0ae75cfcf4bf8ea;hpb=e30b350e325e7d517ea744578876d473839ad495;p=ldk-java diff --git a/src/main/java/org/ldk/enums/ChannelMonitorUpdateErr.java b/src/main/java/org/ldk/enums/ChannelMonitorUpdateErr.java index d7b1ddb4..55c551e4 100644 --- a/src/main/java/org/ldk/enums/ChannelMonitorUpdateErr.java +++ b/src/main/java/org/ldk/enums/ChannelMonitorUpdateErr.java @@ -4,7 +4,69 @@ package org.ldk.enums; * An error enum representing a failure to persist a channel monitor update. */ public enum ChannelMonitorUpdateErr { + /** + * Used to indicate a temporary failure (eg connection to a watchtower or remote backup of + * our state failed, but is expected to succeed at some point in the future). + * + * Such a failure will \"freeze\" a channel, preventing us from revoking old states or + * submitting new commitment transactions to the counterparty. Once the update(s) that failed + * have been successfully applied, a [`MonitorEvent::UpdateCompleted`] event should be returned + * via [`Watch::release_pending_monitor_events`] which will then restore the channel to an + * operational state. + * + * Note that a given ChannelManager will *never* re-generate a given ChannelMonitorUpdate. If + * you return a TemporaryFailure you must ensure that it is written to disk safely before + * writing out the latest ChannelManager state. + * + * Even when a channel has been \"frozen\" updates to the ChannelMonitor can continue to occur + * (eg if an inbound HTLC which we forwarded was claimed upstream resulting in us attempting + * to claim it on this channel) and those updates must be applied wherever they can be. At + * least one such updated ChannelMonitor must be persisted otherwise PermanentFailure should + * be returned to get things on-chain ASAP using only the in-memory copy. Obviously updates to + * the channel which would invalidate previous ChannelMonitors are not made when a channel has + * been \"frozen\". + * + * Note that even if updates made after TemporaryFailure succeed you must still provide a + * [`MonitorEvent::UpdateCompleted`] to ensure you have the latest monitor and re-enable + * normal channel operation. Note that this is normally generated through a call to + * [`ChainMonitor::channel_monitor_updated`]. + * + * Note that the update being processed here will not be replayed for you when you return a + * [`MonitorEvent::UpdateCompleted`] event via [`Watch::release_pending_monitor_events`], so + * you must store the update itself on your own local disk prior to returning a + * TemporaryFailure. You may, of course, employ a journaling approach, storing only the + * ChannelMonitorUpdate on disk without updating the monitor itself, replaying the journal at + * reload-time. + * + * For deployments where a copy of ChannelMonitors and other local state are backed up in a + * remote location (with local copies persisted immediately), it is anticipated that all + * updates will return TemporaryFailure until the remote copies could be updated. + * + * [`ChainMonitor::channel_monitor_updated`]: chainmonitor::ChainMonitor::channel_monitor_updated + */ LDKChannelMonitorUpdateErr_TemporaryFailure, + /** + * Used to indicate no further channel monitor updates will be allowed (eg we've moved on to a + * different watchtower and cannot update with all watchtowers that were previously informed + * of this channel). + * + * At reception of this error, ChannelManager will force-close the channel and return at + * least a final ChannelMonitorUpdate::ChannelForceClosed which must be delivered to at + * least one ChannelMonitor copy. Revocation secret MUST NOT be released and offchain channel + * update must be rejected. + * + * This failure may also signal a failure to update the local persisted copy of one of + * the channel monitor instance. + * + * Note that even when you fail a holder commitment transaction update, you must store the + * update to ensure you can claim from it in case of a duplicate copy of this ChannelMonitor + * broadcasts it (e.g distributed channel-monitor deployment) + * + * In case of distributed watchtowers deployment, the new version must be written to disk, as + * state may have been stored but rejected due to a block forcing a commitment broadcast. This + * storage is used to claim outputs of rejected state confirmed onchain by another watchtower, + * lagging behind on block processing. + */ LDKChannelMonitorUpdateErr_PermanentFailure, ; static native void init(); static { init(); }