outbound_payment: set max path length in PaymentParameters.

So the router knows how long the maximum payment path can be.

Author: valentinewallace

lightning/src/ln/blinded_payment_tests.rs

@@ -282,9 +282,10 @@ fn do_forward_checks_failure(check: ForwardCheckFail, intro_fails: bool) {
 
 	let amt_msat = 5000;
 	let (_, payment_hash, payment_secret) = get_payment_preimage_hash(&nodes[3], Some(amt_msat), None);
-	let route_params = get_blinded_route_parameters(amt_msat, payment_secret, 1, 1_0000_0000,
+	let mut route_params = get_blinded_route_parameters(amt_msat, payment_secret, 1, 1_0000_0000,
 		nodes.iter().skip(1).map(|n| n.node.get_our_node_id()).collect(),
 		&[&chan_upd_1_2, &chan_upd_2_3], &chanmon_cfgs[3].keys_manager);
+	route_params.payment_params.max_intermediate_hops = 17;
 
 	let route = get_route(&nodes[0], &route_params).unwrap();
 	node_cfgs[0].router.expect_find_route(route_params.clone(), Ok(route.clone()));
@@ -804,6 +805,7 @@ fn do_multi_hop_receiver_fail(check: ReceiveCheckFail) {
 	let mut route_params = get_blinded_route_parameters(amt_msat, payment_secret, 1, 1_0000_0000,
 		nodes.iter().skip(1).map(|n| n.node.get_our_node_id()).collect(), &[&chan_upd_1_2],
 		&chanmon_cfgs[2].keys_manager);
+	route_params.payment_params.max_intermediate_hops = 18;
 
 	let route = if check == ReceiveCheckFail::ProcessPendingHTLCsCheck {
 		let mut route = get_route(&nodes[0], &route_params).unwrap();

lightning/src/ln/outbound_payment.rs

@@ -17,15 +17,16 @@ use crate::sign::{EntropySource, NodeSigner, Recipient};
 use crate::events::{self, PaymentFailureReason};
 use crate::ln::{PaymentHash, PaymentPreimage, PaymentSecret};
 use crate::ln::channelmanager::{ChannelDetails, EventCompletionAction, HTLCSource, PaymentId};
+use crate::ln::msgs;
 use crate::ln::onion_utils::{DecodedOnionFailure, HTLCFailReason};
 use crate::offers::invoice::Bolt12Invoice;
-use crate::routing::router::{BlindedTail, InFlightHtlcs, Path, PaymentParameters, Route, RouteParameters, Router};
+use crate::routing::router::{BlindedTail, InFlightHtlcs, MAX_PATH_LENGTH_ESTIMATE, Path, Payee, PaymentParameters, Route, RouteParameters, Router};
 use crate::util::errors::APIError;
 use crate::util::logger::Logger;
 use crate::util::time::Time;
 #[cfg(all(feature = "std", test))]
 use crate::util::time::tests::SinceEpoch;
-use crate::util::ser::ReadableArgs;
+use crate::util::ser::{ReadableArgs, Writeable};
 
 use core::fmt::{self, Display, Formatter};
 use core::ops::Deref;
@@ -421,6 +422,12 @@ pub enum RetryableSendFailure {
 	/// [`Event::PaymentSent`]: crate::events::Event::PaymentSent
 	/// [`Event::PaymentFailed`]: crate::events::Event::PaymentFailed
 	DuplicatePayment,
+	/// The [`RecipientOnionFields::payment_metadata`], [`RecipientOnionFields::custom_tlvs`], or
+	/// [`BlindedPath`]s provided are too large and caused us to exceed the maximum onion packet size
+	/// of 1300 bytes.
+	///
+	/// [`BlindedPath`]: crate::blinded_path::BlindedPath;
+	OnionPacketSizeExceeded,
 }
 
 /// If a payment fails to send with [`ChannelManager::send_payment_with_route`], it can be in one
@@ -886,7 +893,7 @@ impl OutboundPayments {
 	/// [`Event::PaymentFailed`]: crate::events::Event::PaymentFailed
 	fn send_payment_internal<R: Deref, NS: Deref, ES: Deref, IH, SP, L: Deref>(
 		&self, payment_id: PaymentId, payment_hash: PaymentHash, recipient_onion: RecipientOnionFields,
-		keysend_preimage: Option<PaymentPreimage>, retry_strategy: Retry, route_params: RouteParameters,
+		keysend_preimage: Option<PaymentPreimage>, retry_strategy: Retry, mut route_params: RouteParameters,
 		router: &R, first_hops: Vec<ChannelDetails>, inflight_htlcs: IH, entropy_source: &ES,
 		node_signer: &NS, best_block_height: u32, logger: &L,
 		pending_events: &Mutex<VecDeque<(events::Event, Option<EventCompletionAction>)>>, send_payment_along_path: SP,
@@ -907,6 +914,15 @@ impl OutboundPayments {
 			}
 		}
 
+		set_max_path_length(
+			&mut route_params, &recipient_onion, keysend_preimage, best_block_height
+		)
+			.map_err(|()| {
+				log_error!(logger, "Can't construct an onion packet without exceeding 1300-byte onion \
+					hop_data length for payment with id {} and hash {}", payment_id, payment_hash);
+				RetryableSendFailure::OnionPacketSizeExceeded
+			})?;
+
 		let mut route = router.find_route_with_id(
 			&node_signer.get_node_id(Recipient::Node).unwrap(), &route_params,
 			Some(&first_hops.iter().collect::<Vec<_>>()), inflight_htlcs(),
@@ -1771,6 +1787,75 @@ impl OutboundPayments {
 	}
 }
 
+fn set_max_path_length(
+	route_params: &mut RouteParameters, recipient_onion: &RecipientOnionFields,
+	keysend_preimage: Option<PaymentPreimage>, best_block_height: u32,
+) -> Result<(), ()> {
+	const PAYLOAD_HMAC_LEN: usize = 32;
+	const UNBLINDED_INTERMED_PAYLOAD_LEN: usize = PAYLOAD_HMAC_LEN
+		+ 1 + 1 + 8 // amt_to_forward
+		+ 1 + 1 + 4 // outgoing_cltv
+		+ 1 + 1 + 8; // short_channel_id
+
+	let num_reserved_bytes = match &route_params.payment_params.payee {
+		Payee::Blinded { route_hints, .. } => {
+			let largest_path = route_hints
+				.iter()
+				.map(|(_, path)| path)
+				.max_by(|path_a, path_b|
+					path_a.serialized_length().cmp(&path_b.serialized_length()))
+				.ok_or(())?;
+
+			largest_path.blinded_hops
+				.iter()
+				.rev()
+				.skip(1)
+				.map(|bh| msgs::OutboundOnionPayload::BlindedForward {
+					encrypted_tlvs: &bh.encrypted_payload,
+					// For simplicity, always set the intro_node_blinding_point in the
+					// final payload.
+					intro_node_blinding_point: None,
+				})
+				.chain(core::iter::once(msgs::OutboundOnionPayload::BlindedReceive {
+					sender_intended_htlc_amt_msat: route_params.final_value_msat,
+					total_msat: route_params.final_value_msat,
+					cltv_expiry_height:
+						best_block_height.saturating_add(route_params.payment_params.max_total_cltv_expiry_delta),
+					encrypted_tlvs: largest_path.blinded_hops
+						.last()
+						.map(|bh| &bh.encrypted_payload)
+						.unwrap_or(&Vec::new()),
+					intro_node_blinding_point: Some(largest_path.blinding_point),
+					keysend_preimage,
+					custom_tlvs: &recipient_onion.custom_tlvs,
+				}))
+				.map(|payload| payload.serialized_length().saturating_add(PAYLOAD_HMAC_LEN))
+				.fold(0, |acc: usize, payload_len| acc.saturating_add(payload_len))
+		},
+		Payee::Clear { final_cltv_expiry_delta, .. } => {
+			msgs::OutboundOnionPayload::Receive {
+				payment_data: recipient_onion.payment_secret.map(|payment_secret| {
+					msgs::FinalOnionHopData { payment_secret, total_msat: route_params.final_value_msat }
+				}),
+				payment_metadata: recipient_onion.payment_metadata.as_ref(),
+				keysend_preimage,
+				custom_tlvs: &recipient_onion.custom_tlvs,
+				sender_intended_htlc_amt_msat: route_params.final_value_msat,
+				cltv_expiry_height: best_block_height.saturating_add(*final_cltv_expiry_delta),
+			}
+			.serialized_length()
+			.saturating_add(PAYLOAD_HMAC_LEN)
+		}
+	};
+	let max_intermediate_unblinded_hops = 1300usize.checked_sub(num_reserved_bytes)
+		.map(|p| p / UNBLINDED_INTERMED_PAYLOAD_LEN)
+		.and_then(|l| u8::try_from(l).ok())
+		.ok_or(())?;
+
+	route_params.payment_params.max_intermediate_hops = core::cmp::min(max_intermediate_unblinded_hops, MAX_PATH_LENGTH_ESTIMATE);
+	Ok(())
+}
+
 /// Returns whether a payment with the given [`PaymentHash`] and [`PaymentId`] is, in fact, a
 /// payment probe.
 pub(super) fn payment_is_probe(payment_hash: &PaymentHash, payment_id: &PaymentId,