diff --git a/fuzz/src/router.rs b/fuzz/src/router.rs index 21fb2dc152a..84afb91f952 100644 --- a/fuzz/src/router.rs +++ b/fuzz/src/router.rs @@ -235,6 +235,7 @@ pub fn do_test(data: &[u8], out: Out) { next_outbound_htlc_limit_msat: capacity.saturating_mul(1000), inbound_htlc_minimum_msat: None, inbound_htlc_maximum_msat: None, + config: None, }); } Some(&first_hops_vec[..]) diff --git a/lightning/src/ln/channel.rs b/lightning/src/ln/channel.rs index 9b47770f120..b88a38b5650 100644 --- a/lightning/src/ln/channel.rs +++ b/lightning/src/ln/channel.rs @@ -39,7 +39,7 @@ use util::events::ClosureReason; use util::ser::{Readable, ReadableArgs, Writeable, Writer, VecWriter}; use util::logger::Logger; use util::errors::APIError; -use util::config::{UserConfig, LegacyChannelConfig, ChannelHandshakeConfig, ChannelHandshakeLimits}; +use util::config::{UserConfig, ChannelConfig, LegacyChannelConfig, ChannelHandshakeConfig, ChannelHandshakeLimits}; use util::scid_utils::scid_from_parts; use io; @@ -482,6 +482,16 @@ pub(crate) const CONCURRENT_INBOUND_HTLC_FEE_BUFFER: u32 = 2; /// transaction (not counting the value of the HTLCs themselves). pub(crate) const MIN_AFFORDABLE_HTLC_COUNT: usize = 4; +/// When a [`Channel`] has its [`ChannelConfig`] updated, its existing one is stashed for up to this +/// number of ticks to allow forwarding HTLCs by nodes that have yet to receive the new +/// ChannelUpdate prompted by the config update. This value was determined as follows: +/// +/// * The expected interval between ticks (1 minute). +/// * The average convergence delay of updates across the network, i.e., ~300 seconds on average +/// for a node to see an update as seen on ``. +/// * `EXPIRE_PREV_CONFIG_TICKS` = convergence_delay / tick_interval +pub(crate) const EXPIRE_PREV_CONFIG_TICKS: usize = 5; + // TODO: We should refactor this to be an Inbound/OutboundChannel until initial setup handshaking // has been completed, and then turn into a Channel to get compiler-time enforcement of things like // calling channel_id() before we're set up or things like get_outbound_funding_signed on an @@ -490,11 +500,13 @@ pub(crate) const MIN_AFFORDABLE_HTLC_COUNT: usize = 4; // Holder designates channel data owned for the benefice of the user client. // Counterparty designates channel data owned by the another channel participant entity. pub(super) struct Channel { - #[cfg(any(test, feature = "_test_utils"))] - pub(crate) config: LegacyChannelConfig, - #[cfg(not(any(test, feature = "_test_utils")))] config: LegacyChannelConfig, + // Track the previous `ChannelConfig` so that we can continue forwarding HTLCs that were + // constructed using it. The second element in the tuple corresponds to the number of ticks that + // have elapsed since the update occurred. + prev_config: Option<(ChannelConfig, usize)>, + inbound_handshake_limits_override: Option, user_id: u64, @@ -937,6 +949,8 @@ impl Channel { commit_upfront_shutdown_pubkey: config.channel_handshake_config.commit_upfront_shutdown_pubkey, }, + prev_config: None, + inbound_handshake_limits_override: Some(config.channel_handshake_limits.clone()), channel_id: keys_provider.get_secure_random_bytes(), @@ -1264,6 +1278,8 @@ impl Channel { commit_upfront_shutdown_pubkey: config.channel_handshake_config.commit_upfront_shutdown_pubkey, }, + prev_config: None, + inbound_handshake_limits_override: None, channel_id: msg.temporary_channel_id, @@ -4491,6 +4507,84 @@ impl Channel { self.config.options.max_dust_htlc_exposure_msat } + /// Returns the previous [`ChannelConfig`] applied to this channel, if any. + pub fn prev_config(&self) -> Option { + self.prev_config.map(|prev_config| prev_config.0) + } + + /// Tracks the number of ticks elapsed since the previous [`ChannelConfig`] was updated. Once + /// [`EXPIRE_PREV_CONFIG_TICKS`] is reached, the previous config is considered expired and will + /// no longer be considered when forwarding HTLCs. + pub fn maybe_expire_prev_config(&mut self) { + if self.prev_config.is_none() { + return; + } + let prev_config = self.prev_config.as_mut().unwrap(); + prev_config.1 += 1; + if prev_config.1 == EXPIRE_PREV_CONFIG_TICKS { + self.prev_config = None; + } + } + + /// Returns the current [`ChannelConfig`] applied to the channel. + pub fn config(&self) -> ChannelConfig { + self.config.options + } + + /// Updates the channel's config. A bool is returned indicating whether the config update + /// applied resulted in a new ChannelUpdate message. + pub fn update_config(&mut self, config: &ChannelConfig) -> bool { + let did_channel_update = + self.config.options.forwarding_fee_proportional_millionths != config.forwarding_fee_proportional_millionths || + self.config.options.forwarding_fee_base_msat != config.forwarding_fee_base_msat || + self.config.options.cltv_expiry_delta != config.cltv_expiry_delta; + if did_channel_update { + self.prev_config = Some((self.config.options, 0)); + // Update the counter, which backs the ChannelUpdate timestamp, to allow the relay + // policy change to propagate throughout the network. + self.update_time_counter += 1; + } + self.config.options = *config; + did_channel_update + } + + fn internal_htlc_satisfies_config( + &self, htlc: &msgs::UpdateAddHTLC, amt_to_forward: u64, outgoing_cltv_value: u32, config: &ChannelConfig, + ) -> Result<(), (&'static str, u16)> { + let fee = amt_to_forward.checked_mul(config.forwarding_fee_proportional_millionths as u64) + .and_then(|prop_fee| (prop_fee / 1000000).checked_add(config.forwarding_fee_base_msat as u64)); + if fee.is_none() || htlc.amount_msat < fee.unwrap() || + (htlc.amount_msat - fee.unwrap()) < amt_to_forward { + return Err(( + "Prior hop has deviated from specified fees parameters or origin node has obsolete ones", + 0x1000 | 12, // fee_insufficient + )); + } + if (htlc.cltv_expiry as u64) < outgoing_cltv_value as u64 + config.cltv_expiry_delta as u64 { + return Err(( + "Forwarding node has tampered with the intended HTLC values or origin node has an obsolete cltv_expiry_delta", + 0x1000 | 13, // incorrect_cltv_expiry + )); + } + Ok(()) + } + + /// Determines whether the parameters of an incoming HTLC to be forwarded satisfy the channel's + /// [`ChannelConfig`]. This first looks at the channel's current [`ChannelConfig`], and if + /// unsuccessful, falls back to the previous one if one exists. + pub fn htlc_satisfies_config( + &self, htlc: &msgs::UpdateAddHTLC, amt_to_forward: u64, outgoing_cltv_value: u32, + ) -> Result<(), (&'static str, u16)> { + self.internal_htlc_satisfies_config(&htlc, amt_to_forward, outgoing_cltv_value, &self.config()) + .or_else(|err| { + if let Some(prev_config) = self.prev_config() { + self.internal_htlc_satisfies_config(htlc, amt_to_forward, outgoing_cltv_value, &prev_config) + } else { + Err(err) + } + }) + } + pub fn get_feerate(&self) -> u32 { self.feerate_per_kw } @@ -6339,6 +6433,8 @@ impl<'a, Signer: Sign, K: Deref> ReadableArgs<(&'a K, u32)> for Channel config: config.unwrap(), + prev_config: None, + // Note that we don't care about serializing handshake limits as we only ever serialize // channel data after the handshake has completed. inbound_handshake_limits_override: None, diff --git a/lightning/src/ln/channelmanager.rs b/lightning/src/ln/channelmanager.rs index cf593068947..ef37dabc8ad 100644 --- a/lightning/src/ln/channelmanager.rs +++ b/lightning/src/ln/channelmanager.rs @@ -51,7 +51,7 @@ use ln::onion_utils; use ln::msgs::{ChannelMessageHandler, DecodeError, LightningError, MAX_VALUE_MSAT, OptionalField}; use ln::wire::Encode; use chain::keysinterface::{Sign, KeysInterface, KeysManager, InMemorySigner, Recipient}; -use util::config::UserConfig; +use util::config::{UserConfig, ChannelConfig}; use util::events::{EventHandler, EventsProvider, MessageSendEvent, MessageSendEventsProvider, ClosureReason}; use util::{byte_utils, events}; use util::scid_utils::fake_scid; @@ -1095,6 +1095,10 @@ pub struct ChannelDetails { pub inbound_htlc_minimum_msat: Option, /// The largest value HTLC (in msat) we currently will accept, for this channel. pub inbound_htlc_maximum_msat: Option, + /// Set of configurable parameters that affect channel operation. + /// + /// This field is only `None` for `ChannelDetails` objects serialized prior to LDK 0.0.109. + pub config: Option, } impl ChannelDetails { @@ -1759,7 +1763,8 @@ impl ChannelMana is_usable: channel.is_live(), is_public: channel.should_announce(), inbound_htlc_minimum_msat: Some(channel.get_holder_htlc_minimum_msat()), - inbound_htlc_maximum_msat: channel.get_holder_htlc_maximum_msat() + inbound_htlc_maximum_msat: channel.get_holder_htlc_maximum_msat(), + config: Some(channel.config()), }); } } @@ -2225,7 +2230,7 @@ impl ChannelMana }, Some(id) => Some(id.clone()), }; - let (chan_update_opt, forwardee_cltv_expiry_delta) = if let Some(forwarding_id) = forwarding_id_opt { + let chan_update_opt = if let Some(forwarding_id) = forwarding_id_opt { let chan = channel_state.as_mut().unwrap().by_id.get_mut(&forwarding_id).unwrap(); if !chan.should_announce() && !self.default_configuration.accept_forwards_to_priv_channels { // Note that the behavior here should be identical to the above block - we @@ -2252,18 +2257,20 @@ impl ChannelMana if *amt_to_forward < chan.get_counterparty_htlc_minimum_msat() { // amount_below_minimum break Some(("HTLC amount was below the htlc_minimum_msat", 0x1000 | 11, chan_update_opt)); } - let fee = amt_to_forward.checked_mul(chan.get_fee_proportional_millionths() as u64) - .and_then(|prop_fee| { (prop_fee / 1000000) - .checked_add(chan.get_outbound_forwarding_fee_base_msat() as u64) }); - if fee.is_none() || msg.amount_msat < fee.unwrap() || (msg.amount_msat - fee.unwrap()) < *amt_to_forward { // fee_insufficient - break Some(("Prior hop has deviated from specified fees parameters or origin node has obsolete ones", 0x1000 | 12, chan_update_opt)); + if let Err((err, code)) = chan.htlc_satisfies_config(&msg, *amt_to_forward, *outgoing_cltv_value) { + break Some((err, code, chan_update_opt)); + } + chan_update_opt + } else { + if (msg.cltv_expiry as u64) < (*outgoing_cltv_value) as u64 + MIN_CLTV_EXPIRY_DELTA as u64 { // incorrect_cltv_expiry + break Some(( + "Forwarding node has tampered with the intended HTLC values or origin node has an obsolete cltv_expiry_delta", + 0x1000 | 13, None, + )); } - (chan_update_opt, chan.get_cltv_expiry_delta()) - } else { (None, MIN_CLTV_EXPIRY_DELTA) }; + None + }; - if (msg.cltv_expiry as u64) < (*outgoing_cltv_value) as u64 + forwardee_cltv_expiry_delta as u64 { // incorrect_cltv_expiry - break Some(("Forwarding node has tampered with the intended HTLC values or origin node has an obsolete cltv_expiry_delta", 0x1000 | 13, chan_update_opt)); - } let cur_height = self.best_block.read().unwrap().height() + 1; // Theoretically, channel counterparty shouldn't send us a HTLC expiring now, // but we want to be robust wrt to counterparty packet sanitization (see @@ -2914,6 +2921,73 @@ impl ChannelMana } } + /// Atomically updates the [`ChannelConfig`] for the given channels. + /// + /// Once the updates are applied, each eligible channel (advertised with a known short channel + /// ID and a change in [`forwarding_fee_proportional_millionths`], [`forwarding_fee_base_msat`], + /// or [`cltv_expiry_delta`]) has a [`BroadcastChannelUpdate`] event message generated + /// containing the new [`ChannelUpdate`] message which should be broadcast to the network. + /// + /// Returns [`ChannelUnavailable`] when a channel is not found or an incorrect + /// `counterparty_node_id` is provided. + /// + /// Returns [`APIMisuseError`] when a [`cltv_expiry_delta`] update is to be applied with a value + /// below [`MIN_CLTV_EXPIRY_DELTA`]. + /// + /// If an error is returned, none of the updates should be considered applied. + /// + /// [`forwarding_fee_proportional_millionths`]: ChannelConfig::forwarding_fee_proportional_millionths + /// [`forwarding_fee_base_msat`]: ChannelConfig::forwarding_fee_base_msat + /// [`cltv_expiry_delta`]: ChannelConfig::cltv_expiry_delta + /// [`BroadcastChannelUpdate`]: events::MessageSendEvent::BroadcastChannelUpdate + /// [`ChannelUpdate`]: msgs::ChannelUpdate + /// [`ChannelUnavailable`]: APIError::ChannelUnavailable + /// [`APIMisuseError`]: APIError::APIMisuseError + pub fn update_channel_config( + &self, counterparty_node_id: &PublicKey, channel_ids: &[[u8; 32]], config: &ChannelConfig, + ) -> Result<(), APIError> { + if config.cltv_expiry_delta < MIN_CLTV_EXPIRY_DELTA { + return Err(APIError::APIMisuseError { + err: format!("The chosen CLTV expiry delta is below the minimum of {}", MIN_CLTV_EXPIRY_DELTA), + }); + } + + let _persistence_guard = PersistenceNotifierGuard::notify_on_drop( + &self.total_consistency_lock, &self.persistence_notifier, + ); + { + let mut channel_state_lock = self.channel_state.lock().unwrap(); + let channel_state = &mut *channel_state_lock; + for channel_id in channel_ids { + let channel_counterparty_node_id = channel_state.by_id.get(channel_id) + .ok_or(APIError::ChannelUnavailable { + err: format!("Channel with ID {} was not found", log_bytes!(*channel_id)), + })? + .get_counterparty_node_id(); + if channel_counterparty_node_id != *counterparty_node_id { + return Err(APIError::APIMisuseError { + err: "counterparty node id mismatch".to_owned(), + }); + } + } + for channel_id in channel_ids { + let channel = channel_state.by_id.get_mut(channel_id).unwrap(); + if !channel.update_config(config) { + continue; + } + if let Ok(msg) = self.get_channel_update_for_broadcast(channel) { + channel_state.pending_msg_events.push(events::MessageSendEvent::BroadcastChannelUpdate { msg }); + } else if let Ok(msg) = self.get_channel_update_for_unicast(channel) { + channel_state.pending_msg_events.push(events::MessageSendEvent::SendChannelUpdate { + node_id: channel.get_counterparty_node_id(), + msg, + }); + } + } + } + Ok(()) + } + /// Processes HTLCs which are pending waiting on random forward delay. /// /// Should only really ever be called in response to a PendingHTLCsForwardable event. @@ -3439,6 +3513,8 @@ impl ChannelMana /// * Broadcasting `ChannelUpdate` messages if we've been disconnected from our peer for more /// than a minute, informing the network that they should no longer attempt to route over /// the channel. + /// * Expiring a channel's previous `ChannelConfig` if necessary to only allow forwarding HTLCs + /// with the current `ChannelConfig`. /// /// Note that this may cause reentrancy through `chain::Watch::update_channel` calls or feerate /// estimate fetches. @@ -3497,6 +3573,8 @@ impl ChannelMana _ => {}, } + chan.maybe_expire_prev_config(); + true }); @@ -6089,6 +6167,7 @@ impl_writeable_tlv_based!(ChannelDetails, { (4, counterparty, required), (5, outbound_scid_alias, option), (6, funding_txo, option), + (7, config, option), (8, short_channel_id, option), (10, channel_value_satoshis, required), (12, unspendable_punishment_reserve, option), diff --git a/lightning/src/ln/functional_test_utils.rs b/lightning/src/ln/functional_test_utils.rs index 38c05998e6a..fe78395e2f9 100644 --- a/lightning/src/ln/functional_test_utils.rs +++ b/lightning/src/ln/functional_test_utils.rs @@ -1689,9 +1689,16 @@ pub fn do_claim_payment_along_route<'a, 'b, 'c>(origin_node: &Node<'a, 'b, 'c>, ($node: expr, $prev_node: expr, $next_node: expr, $new_msgs: expr) => { { $node.node.handle_update_fulfill_htlc(&$prev_node.node.get_our_node_id(), &next_msgs.as_ref().unwrap().0); - let fee = $node.node.channel_state.lock().unwrap() - .by_id.get(&next_msgs.as_ref().unwrap().0.channel_id).unwrap() - .config.options.forwarding_fee_base_msat; + let fee = { + let channel_state = $node.node.channel_state.lock().unwrap(); + let channel = channel_state + .by_id.get(&next_msgs.as_ref().unwrap().0.channel_id).unwrap(); + if let Some(prev_config) = channel.prev_config() { + prev_config.forwarding_fee_base_msat + } else { + channel.config().forwarding_fee_base_msat + } + }; expect_payment_forwarded!($node, $next_node, $prev_node, Some(fee as u64), false, false); expected_total_fee_msat += fee as u64; check_added_monitors!($node, 1); diff --git a/lightning/src/ln/onion_route_tests.rs b/lightning/src/ln/onion_route_tests.rs index 1e340d4a15e..c66f45a4492 100644 --- a/lightning/src/ln/onion_route_tests.rs +++ b/lightning/src/ln/onion_route_tests.rs @@ -11,10 +11,11 @@ //! These tests work by standing up full nodes and route payments across the network, checking the //! returned errors decode to the correct thing. -use chain::channelmonitor::{CLTV_CLAIM_BUFFER, LATENCY_GRACE_PERIOD_BLOCKS}; +use chain::channelmonitor::{ChannelMonitor, CLTV_CLAIM_BUFFER, LATENCY_GRACE_PERIOD_BLOCKS}; use chain::keysinterface::{KeysInterface, Recipient}; use ln::{PaymentHash, PaymentSecret}; -use ln::channelmanager::{HTLCForwardInfo, CLTV_FAR_FAR_AWAY, MIN_CLTV_EXPIRY_DELTA, PendingHTLCInfo, PendingHTLCRouting}; +use ln::channel::EXPIRE_PREV_CONFIG_TICKS; +use ln::channelmanager::{ChannelManager, ChannelManagerReadArgs, HTLCForwardInfo, CLTV_FAR_FAR_AWAY, MIN_CLTV_EXPIRY_DELTA, PendingHTLCInfo, PendingHTLCRouting}; use ln::onion_utils; use routing::gossip::{NetworkUpdate, RoutingFees, NodeId}; use routing::router::{get_route, PaymentParameters, Route, RouteHint, RouteHintHop}; @@ -23,9 +24,10 @@ use ln::msgs; use ln::msgs::{ChannelMessageHandler, ChannelUpdate, OptionalField}; use ln::wire::Encode; use util::events::{Event, MessageSendEvent, MessageSendEventsProvider}; -use util::ser::{Writeable, Writer}; +use util::ser::{ReadableArgs, Writeable, Writer}; use util::{byte_utils, test_utils}; -use util::config::UserConfig; +use util::config::{UserConfig, ChannelConfig}; +use util::errors::APIError; use bitcoin::hash_types::BlockHash; @@ -506,8 +508,6 @@ fn test_onion_failure() { let preimage = send_along_route(&nodes[0], bogus_route, &[&nodes[1], &nodes[2]], amt_to_forward+1).0; claim_payment(&nodes[0], &[&nodes[1], &nodes[2]], preimage); - //TODO: with new config API, we will be able to generate both valid and - //invalid channel_update cases. let short_channel_id = channels[0].0.contents.short_channel_id; run_onion_failure_test("fee_insufficient", 0, &nodes, &route, &payment_hash, &payment_secret, |msg| { msg.amount_msat -= 1; @@ -594,6 +594,202 @@ fn test_onion_failure() { }, true, Some(23), None, None); } +fn do_test_onion_failure_stale_channel_update(announced_channel: bool) { + // Create a network of three nodes and two channels connecting them. We'll be updating the + // HTLC relay policy of the second channel, causing forwarding failures at the first hop. + let mut config = UserConfig::default(); + config.channel_handshake_config.announced_channel = announced_channel; + config.channel_handshake_limits.force_announced_channel_preference = false; + config.accept_forwards_to_priv_channels = !announced_channel; + let chanmon_cfgs = create_chanmon_cfgs(3); + let node_cfgs = create_node_cfgs(3, &chanmon_cfgs); + let node_chanmgrs = create_node_chanmgrs(3, &node_cfgs, &[None, Some(config), None]); + let mut nodes = create_network(3, &node_cfgs, &node_chanmgrs); + + let other_channel = create_chan_between_nodes( + &nodes[0], &nodes[1], InitFeatures::known(), InitFeatures::known(), + ); + let channel_to_update = if announced_channel { + let channel = create_announced_chan_between_nodes( + &nodes, 1, 2, InitFeatures::known(), InitFeatures::known(), + ); + (channel.2, channel.0.contents.short_channel_id) + } else { + let channel = create_unannounced_chan_between_nodes_with_value( + &nodes, 1, 2, 100000, 10001, InitFeatures::known(), InitFeatures::known(), + ); + (channel.0.channel_id, channel.0.short_channel_id_alias.unwrap()) + }; + let channel_to_update_counterparty = &nodes[2].node.get_our_node_id(); + + let default_config = ChannelConfig::default(); + + // A test payment should succeed as the ChannelConfig has not been changed yet. + const PAYMENT_AMT: u64 = 40000; + let (route, payment_hash, payment_preimage, payment_secret) = if announced_channel { + get_route_and_payment_hash!(nodes[0], nodes[2], PAYMENT_AMT) + } else { + let hop_hints = vec![RouteHint(vec![RouteHintHop { + src_node_id: nodes[1].node.get_our_node_id(), + short_channel_id: channel_to_update.1, + fees: RoutingFees { + base_msat: default_config.forwarding_fee_base_msat, + proportional_millionths: default_config.forwarding_fee_proportional_millionths, + }, + cltv_expiry_delta: default_config.cltv_expiry_delta, + htlc_maximum_msat: None, + htlc_minimum_msat: None, + }])]; + let payment_params = PaymentParameters::from_node_id(*channel_to_update_counterparty) + .with_features(InvoiceFeatures::known()) + .with_route_hints(hop_hints); + get_route_and_payment_hash!(nodes[0], nodes[2], payment_params, PAYMENT_AMT, TEST_FINAL_CLTV) + }; + send_along_route_with_secret(&nodes[0], route.clone(), &[&[&nodes[1], &nodes[2]]], PAYMENT_AMT, + payment_hash, payment_secret); + claim_payment(&nodes[0], &[&nodes[1], &nodes[2]], payment_preimage); + + // Closure to force expiry of a channel's previous config. + let expire_prev_config = || { + for _ in 0..EXPIRE_PREV_CONFIG_TICKS { + nodes[1].node.timer_tick_occurred(); + } + }; + + // Closure to update and retrieve the latest ChannelUpdate. + let update_and_get_channel_update = |config: &ChannelConfig, expect_new_update: bool, + prev_update: Option<&msgs::ChannelUpdate>, should_expire_prev_config: bool| -> Option { + nodes[1].node.update_channel_config( + channel_to_update_counterparty, &[channel_to_update.0], config, + ).unwrap(); + let events = nodes[1].node.get_and_clear_pending_msg_events(); + assert_eq!(events.len(), expect_new_update as usize); + if !expect_new_update { + return None; + } + let new_update = match &events[0] { + MessageSendEvent::BroadcastChannelUpdate { msg } => { + assert!(announced_channel); + msg.clone() + }, + MessageSendEvent::SendChannelUpdate { node_id, msg } => { + assert_eq!(node_id, channel_to_update_counterparty); + assert!(!announced_channel); + msg.clone() + }, + _ => panic!("expected Broadcast/SendChannelUpdate event"), + }; + if prev_update.is_some() { + assert!(new_update.contents.timestamp > prev_update.unwrap().contents.timestamp) + } + if should_expire_prev_config { + expire_prev_config(); + } + Some(new_update) + }; + + // We'll be attempting to route payments using the default ChannelUpdate for channels. This will + // lead to onion failures at the first hop once we update the ChannelConfig for the + // second hop. + let expect_onion_failure = |name: &str, error_code: u16, channel_update: &msgs::ChannelUpdate| { + let short_channel_id = channel_to_update.1; + let network_update = NetworkUpdate::ChannelUpdateMessage { msg: channel_update.clone() }; + run_onion_failure_test( + name, 0, &nodes, &route, &payment_hash, &payment_secret, |_| {}, || {}, true, + Some(error_code), Some(network_update), Some(short_channel_id), + ); + }; + + // Updates to cltv_expiry_delta below MIN_CLTV_EXPIRY_DELTA should fail with APIMisuseError. + let mut invalid_config = default_config.clone(); + invalid_config.cltv_expiry_delta = 0; + match nodes[1].node.update_channel_config( + channel_to_update_counterparty, &[channel_to_update.0], &invalid_config, + ) { + Err(APIError::APIMisuseError{ .. }) => {}, + _ => panic!("unexpected result applying invalid cltv_expiry_delta"), + } + + // Increase the base fee which should trigger a new ChannelUpdate. + let mut config = nodes[1].node.list_usable_channels().iter() + .find(|channel| channel.channel_id == channel_to_update.0).unwrap() + .config.unwrap(); + config.forwarding_fee_base_msat = u32::max_value(); + let msg = update_and_get_channel_update(&config, true, None, false).unwrap(); + + // The old policy should still be in effect until a new block is connected. + send_along_route_with_secret(&nodes[0], route.clone(), &[&[&nodes[1], &nodes[2]]], PAYMENT_AMT, + payment_hash, payment_secret); + claim_payment(&nodes[0], &[&nodes[1], &nodes[2]], payment_preimage); + + // Connect a block, which should expire the previous config, leading to a failure when + // forwarding the HTLC. + expire_prev_config(); + expect_onion_failure("fee_insufficient", UPDATE|12, &msg); + + // Redundant updates should not trigger a new ChannelUpdate. + assert!(update_and_get_channel_update(&config, false, None, false).is_none()); + + // Similarly, updates that do not have an affect on ChannelUpdate should not trigger a new one. + config.force_close_avoidance_max_fee_satoshis *= 2; + assert!(update_and_get_channel_update(&config, false, None, false).is_none()); + + // Reset the base fee to the default and increase the proportional fee which should trigger a + // new ChannelUpdate. + config.forwarding_fee_base_msat = default_config.forwarding_fee_base_msat; + config.cltv_expiry_delta = u16::max_value(); + let msg = update_and_get_channel_update(&config, true, Some(&msg), true).unwrap(); + expect_onion_failure("incorrect_cltv_expiry", UPDATE|13, &msg); + + // Reset the proportional fee and increase the CLTV expiry delta which should trigger a new + // ChannelUpdate. + config.cltv_expiry_delta = default_config.cltv_expiry_delta; + config.forwarding_fee_proportional_millionths = u32::max_value(); + let msg = update_and_get_channel_update(&config, true, Some(&msg), true).unwrap(); + expect_onion_failure("fee_insufficient", UPDATE|12, &msg); + + // To test persistence of the updated config, we'll re-initialize the ChannelManager. + let config_after_restart = { + let persister = test_utils::TestPersister::new(); + let chain_monitor = test_utils::TestChainMonitor::new( + Some(nodes[1].chain_source), nodes[1].tx_broadcaster.clone(), nodes[1].logger, + node_cfgs[1].fee_estimator, &persister, nodes[1].keys_manager, + ); + + let mut chanmon_1 = <(_, ChannelMonitor<_>)>::read( + &mut &get_monitor!(nodes[1], other_channel.3).encode()[..], nodes[1].keys_manager, + ).unwrap().1; + let mut chanmon_2 = <(_, ChannelMonitor<_>)>::read( + &mut &get_monitor!(nodes[1], channel_to_update.0).encode()[..], nodes[1].keys_manager, + ).unwrap().1; + let mut channel_monitors = HashMap::new(); + channel_monitors.insert(chanmon_1.get_funding_txo().0, &mut chanmon_1); + channel_monitors.insert(chanmon_2.get_funding_txo().0, &mut chanmon_2); + + let chanmgr = <(_, ChannelManager<_, _, _, _, _, _>)>::read( + &mut &nodes[1].node.encode()[..], ChannelManagerReadArgs { + default_config: *nodes[1].node.get_current_default_configuration(), + keys_manager: nodes[1].keys_manager, + fee_estimator: node_cfgs[1].fee_estimator, + chain_monitor: &chain_monitor, + tx_broadcaster: nodes[1].tx_broadcaster.clone(), + logger: nodes[1].logger, + channel_monitors: channel_monitors, + }, + ).unwrap().1; + chanmgr.list_channels().iter() + .find(|channel| channel.channel_id == channel_to_update.0).unwrap() + .config.unwrap() + }; + assert_eq!(config, config_after_restart); +} + +#[test] +fn test_onion_failure_stale_channel_update() { + do_test_onion_failure_stale_channel_update(false); + do_test_onion_failure_stale_channel_update(true); +} + #[test] fn test_default_to_onion_payload_tlv_format() { // Tests that we default to creating tlv format onion payloads when no `NodeAnnouncementInfo` diff --git a/lightning/src/ln/payment_tests.rs b/lightning/src/ln/payment_tests.rs index 935cb8f9ba4..37ca25babe9 100644 --- a/lightning/src/ln/payment_tests.rs +++ b/lightning/src/ln/payment_tests.rs @@ -15,6 +15,7 @@ use chain::{ChannelMonitorUpdateErr, Confirm, Listen, Watch}; use chain::channelmonitor::{ANTI_REORG_DELAY, ChannelMonitor, LATENCY_GRACE_PERIOD_BLOCKS}; use chain::transaction::OutPoint; use chain::keysinterface::KeysInterface; +use ln::channel::EXPIRE_PREV_CONFIG_TICKS; use ln::channelmanager::{BREAKDOWN_TIMEOUT, ChannelManager, ChannelManagerReadArgs, MPP_TIMEOUT_TICKS, PaymentId, PaymentSendFailure}; use ln::features::{InitFeatures, InvoiceFeatures}; use ln::msgs; @@ -531,9 +532,19 @@ fn do_retry_with_no_persist(confirm_before_reload: bool) { // Update the fee on the middle hop to ensure PaymentSent events have the correct (retried) fee // and not the original fee. We also update node[1]'s relevant config as // do_claim_payment_along_route expects us to never overpay. - nodes[1].node.channel_state.lock().unwrap().by_id.get_mut(&chan_id_2).unwrap() - .config.options.forwarding_fee_base_msat += 100_000; - new_route.paths[0][0].fee_msat += 100_000; + { + let mut channel_state = nodes[1].node.channel_state.lock().unwrap(); + let mut channel = channel_state.by_id.get_mut(&chan_id_2).unwrap(); + let mut new_config = channel.config(); + new_config.forwarding_fee_base_msat += 100_000; + channel.update_config(&new_config); + new_route.paths[0][0].fee_msat += 100_000; + } + + // Force expiration of the channel's previous config. + for _ in 0..EXPIRE_PREV_CONFIG_TICKS { + nodes[1].node.timer_tick_occurred(); + } assert!(nodes[0].node.retry_payment(&new_route, payment_id_1).is_err()); // Shouldn't be allowed to retry a fulfilled payment nodes[0].node.retry_payment(&new_route, payment_id).unwrap(); diff --git a/lightning/src/routing/router.rs b/lightning/src/routing/router.rs index 2c25b277f26..634282d6c4b 100644 --- a/lightning/src/routing/router.rs +++ b/lightning/src/routing/router.rs @@ -1937,6 +1937,7 @@ mod tests { is_usable: true, is_public: true, inbound_htlc_minimum_msat: None, inbound_htlc_maximum_msat: None, + config: None, } } @@ -5806,6 +5807,7 @@ mod benches { is_public: true, inbound_htlc_minimum_msat: None, inbound_htlc_maximum_msat: None, + config: None, } } diff --git a/lightning/src/util/config.rs b/lightning/src/util/config.rs index a76f7162101..be7accc18da 100644 --- a/lightning/src/util/config.rs +++ b/lightning/src/util/config.rs @@ -249,7 +249,7 @@ impl Default for ChannelHandshakeLimits { /// Options which apply on a per-channel basis and may change at runtime or based on negotiation /// with our counterparty. -#[derive(Copy, Clone, Debug)] +#[derive(Copy, Clone, Debug, PartialEq)] pub struct ChannelConfig { /// Amount (in millionths of a satoshi) charged per satoshi for payments forwarded outbound /// over the channel. @@ -345,6 +345,17 @@ impl Default for ChannelConfig { } } +impl_writeable_tlv_based!(ChannelConfig, { + (0, forwarding_fee_proportional_millionths, required), + (2, forwarding_fee_base_msat, required), + (4, cltv_expiry_delta, required), + (6, max_dust_htlc_exposure_msat, required), + // ChannelConfig serialized this field with a required type of 8 prior to the introduction of + // LegacyChannelConfig. To make sure that serialization is not compatible with this one, we use + // the next required type of 10, which if seen by the old serialization will always fail. + (10, force_close_avoidance_max_fee_satoshis, required), +}); + /// Legacy version of [`ChannelConfig`] that stored the static /// [`ChannelHandshakeConfig::announced_channel`] and /// [`ChannelHandshakeConfig::commit_upfront_shutdown_pubkey`] fields.