Expose API to update a channel's ChannelConfig

wpaulino · wpaulino · commit 14c8c4c55b21 · 2022-06-15T17:06:18.000-07:00
A new `update_channel_config` method is exposed on the `ChannelManger`
to update the ChannelConfig for a set of channels atomically. New
ChannelUpdate events are generated for each eligible channel.

Note that as currently implemented, a buggy and/or
auto-policy-management client could spam the network with updates as
there is no rate-limiting in place. This could already be done with
`broadcast_node_announcement`, though users are less inclined to update
that as frequently as its data is mostly static.
diff --git a/lightning/src/ln/channel.rs b/lightning/src/ln/channel.rs
@@ -495,6 +495,11 @@ pub(super) struct Channel<Signer: Sign> {
 	#[cfg(not(any(test, feature = "_test_utils")))]
 	config: LegacyChannelConfig,
 
+	// Track the previous `ChannelConfig` so that we can continue forwarding HTLCs that were
+	// constructed using it. The `ChannelManager` should determine when to expire it via
+	// `clear_prev_config`.
+	prev_config: Option<(ChannelConfig, u32)>,
+
 	inbound_handshake_limits_override: Option<ChannelHandshakeLimits>,
 
 	user_id: u64,
@@ -937,6 +942,8 @@ impl<Signer: Sign> Channel<Signer> {
 				commit_upfront_shutdown_pubkey: config.channel_handshake_config.commit_upfront_shutdown_pubkey,
 			},
 
+			prev_config: None,
+
 			inbound_handshake_limits_override: Some(config.channel_handshake_limits.clone()),
 
 			channel_id: keys_provider.get_secure_random_bytes(),
@@ -1264,6 +1271,8 @@ impl<Signer: Sign> Channel<Signer> {
 				commit_upfront_shutdown_pubkey: config.channel_handshake_config.commit_upfront_shutdown_pubkey,
 			},
 
+			prev_config: None,
+
 			inbound_handshake_limits_override: None,
 
 			channel_id: msg.temporary_channel_id,
@@ -4491,11 +4500,45 @@ impl<Signer: Sign> Channel<Signer> {
 		self.config.options.max_dust_htlc_exposure_msat
 	}
 
+	/// Returns the previous [`ChannelConfig`] applied to this channel, if any. The second element
+	/// in the tuple corresponds to the [`get_update_time_counter`] value prior to the
+	/// [`update_config`] call.
+	pub fn get_prev_config(&self) -> Option<(ChannelConfig, u32)> {
+		self.prev_config
+	}
+
+	/// Clears the previous [`ChannelConfig`] from a channel, such that it can no longer be used as
+	/// a fallback when forwarding HTLCs.
+	pub fn clear_prev_config(&mut self) {
+		self.prev_config = None;
+	}
+
 	// Returns the current [`ChannelConfig`] applied to the channel.
 	pub fn get_config(&self) -> ChannelConfig {
 		self.config.options
 	}
 
+	/// Updates the channel's config. `keep_prev_config` indicates whether the channel's previous
+	/// config should still be used to accept forwarded HTLCs for a short period of time. A bool is
+	/// returned indicating whether the config update applied resulted in a new ChannelUpdate
+	/// message.
+	pub fn update_config(&mut self, config: &ChannelConfig, keep_prev_config: bool) -> bool {
+		let did_channel_update =
+			self.config.options.forwarding_fee_proportional_millionths != config.forwarding_fee_proportional_millionths ||
+			self.config.options.forwarding_fee_base_msat != config.forwarding_fee_base_msat ||
+			self.config.options.cltv_expiry_delta != config.cltv_expiry_delta;
+		if did_channel_update {
+			if keep_prev_config {
+				self.prev_config = Some((self.config.options, self.update_time_counter));
+			}
+			// Update the counter, which backs the ChannelUpdate timestamp, to allow the relay
+			// policy change to propagate throughout the network.
+			self.update_time_counter += 1;
+		}
+		self.config.options = *config;
+		did_channel_update
+	}
+
 	pub fn get_feerate(&self) -> u32 {
 		self.feerate_per_kw
 	}
@@ -6344,6 +6387,8 @@ impl<'a, Signer: Sign, K: Deref> ReadableArgs<(&'a K, u32)> for Channel<Signer>
 
 			config: config.unwrap(),
 
+			prev_config: None,
+
 			// Note that we don't care about serializing handshake limits as we only ever serialize
 			// channel data after the handshake has completed.
 			inbound_handshake_limits_override: None,
diff --git a/lightning/src/ln/channelmanager.rs b/lightning/src/ln/channelmanager.rs
@@ -2919,6 +2919,68 @@ impl<Signer: Sign, M: Deref, T: Deref, K: Deref, F: Deref, L: Deref> ChannelMana
 		}
 	}
 
+	/// Atomically updates the [`ChannelConfig`] for the given channels.
+	///
+	/// Once the updates are applied, each eligible channel (advertised with a known short channel
+	/// ID and a change in [`forwarding_fee_proportional_millionths`], [`forwarding_fee_base_msat`],
+	/// or [`cltv_expiry_delta`]) has a [`BroadcastChannelUpdate`] event message generated
+	/// containing the new [`ChannelUpdate`] message which should be broadcast to the network.
+	///
+	/// Returns [`ChannelUnavailable`] when a channel is not found. In this case, none of the
+	/// updates should be considered applied.
+	///
+	/// Returns [`APIMisuseError`] when an incorrect `counterparty_node_id` is provided or a
+	/// [`cltv_expiry_delta`] update is to be applied with a value below [`MIN_CLTV_EXPIRY_DELTA`].
+	///
+	/// [`forwarding_fee_proportional_millionths`]: ChannelConfig::forwarding_fee_proportional_millionths
+	/// [`forwarding_fee_base_msat`]: ChannelConfig::forwarding_fee_base_msat
+	/// [`cltv_expiry_delta`]: ChannelConfig::cltv_expiry_delta
+	/// [`BroadcastChannelUpdate`]: events::MessageSendEvent::BroadcastChannelUpdate
+	/// [`ChannelUpdate`]: msgs::ChannelUpdate
+	/// [`ChannelUnavailable`]: APIError::ChannelUnavailable
+	/// [`APIMisuseError`]: APIError::APIMisuseError
+	pub fn update_channel_config(
+		&self, counterparty_node_id: &PublicKey, channel_ids: &[[u8; 32]], config: &ChannelConfig,
+	) -> Result<(), APIError> {
+		if config.cltv_expiry_delta < MIN_CLTV_EXPIRY_DELTA {
+			return Err(APIError::APIMisuseError {
+				err: format!("The chosen CLTV expiry delta is below the minimum of {}", MIN_CLTV_EXPIRY_DELTA),
+			});
+		}
+
+		let _persistence_guard = PersistenceNotifierGuard::notify_on_drop(
+			&self.total_consistency_lock, &self.persistence_notifier,
+		);
+		{
+			let mut channel_state_lock = self.channel_state.lock().unwrap();
+			let channel_state = &mut *channel_state_lock;
+			for channel_id in channel_ids {
+				let channel_counterparty_node_id = channel_state.by_id.get(channel_id)
+					.ok_or(APIError::ChannelUnavailable {
+						err: format!("Channel with ID {} was not found", log_bytes!(*channel_id)),
+					})?
+					.get_counterparty_node_id();
+				if channel_counterparty_node_id != *counterparty_node_id {
+					return Err(APIError::APIMisuseError {
+						err: "counterparty node id mismatch".to_owned(),
+					});
+				}
+			}
+			for channel_id in channel_ids {
+				let channel = channel_state.by_id.get_mut(channel_id).unwrap();
+				if !channel.update_config(config, true) {
+					continue;
+				}
+				if let Ok(msg) = self.get_channel_update_for_broadcast(channel) {
+					channel_state.pending_msg_events.push(
+						events::MessageSendEvent::BroadcastChannelUpdate { msg },
+					);
+				}
+			}
+		}
+		Ok(())
+	}
+
 	/// Processes HTLCs which are pending waiting on random forward delay.
 	///
 	/// Should only really ever be called in response to a PendingHTLCsForwardable event.
diff --git a/lightning/src/ln/onion_route_tests.rs b/lightning/src/ln/onion_route_tests.rs
@@ -11,10 +11,10 @@
 //! These tests work by standing up full nodes and route payments across the network, checking the
 //! returned errors decode to the correct thing.
 
-use chain::channelmonitor::{CLTV_CLAIM_BUFFER, LATENCY_GRACE_PERIOD_BLOCKS};
+use chain::channelmonitor::{ChannelMonitor, CLTV_CLAIM_BUFFER, LATENCY_GRACE_PERIOD_BLOCKS};
 use chain::keysinterface::{KeysInterface, Recipient};
 use ln::{PaymentHash, PaymentSecret};
-use ln::channelmanager::{HTLCForwardInfo, CLTV_FAR_FAR_AWAY, MIN_CLTV_EXPIRY_DELTA, PendingHTLCInfo, PendingHTLCRouting};
+use ln::channelmanager::{ChannelManager, ChannelManagerReadArgs, HTLCForwardInfo, CLTV_FAR_FAR_AWAY, MIN_CLTV_EXPIRY_DELTA, PendingHTLCInfo, PendingHTLCRouting};
 use ln::onion_utils;
 use routing::gossip::{NetworkUpdate, RoutingFees, NodeId};
 use routing::router::{get_route, PaymentParameters, Route, RouteHint, RouteHintHop};
@@ -23,9 +23,10 @@ use ln::msgs;
 use ln::msgs::{ChannelMessageHandler, ChannelUpdate, OptionalField};
 use ln::wire::Encode;
 use util::events::{Event, MessageSendEvent, MessageSendEventsProvider};
-use util::ser::{Writeable, Writer};
+use util::ser::{ReadableArgs, Writeable, Writer};
 use util::{byte_utils, test_utils};
-use util::config::UserConfig;
+use util::config::{UserConfig, ChannelConfig};
+use util::errors::APIError;
 
 use bitcoin::hash_types::BlockHash;
 
@@ -506,8 +507,6 @@ fn test_onion_failure() {
 	let preimage = send_along_route(&nodes[0], bogus_route, &[&nodes[1], &nodes[2]], amt_to_forward+1).0;
 	claim_payment(&nodes[0], &[&nodes[1], &nodes[2]], preimage);
 
-	//TODO: with new config API, we will be able to generate both valid and
-	//invalid channel_update cases.
 	let short_channel_id = channels[0].0.contents.short_channel_id;
 	run_onion_failure_test("fee_insufficient", 0, &nodes, &route, &payment_hash, &payment_secret, |msg| {
 		msg.amount_msat -= 1;
@@ -594,6 +593,140 @@ fn test_onion_failure() {
 	}, true, Some(23), None, None);
 }
 
+#[test]
+fn test_onion_failure_stale_channel_update() {
+	// Create a network of three nodes and two channels connecting them. We'll be updating the
+	// HTLC relay policy of the second channel, causing forwarding failures at the first hop.
+	let chanmon_cfgs = create_chanmon_cfgs(3);
+	let node_cfgs = create_node_cfgs(3, &chanmon_cfgs);
+	let node_chanmgrs = create_node_chanmgrs(3, &node_cfgs, &[None, None, None]);
+	let mut nodes = create_network(3, &node_cfgs, &node_chanmgrs);
+
+	let other_channel = create_announced_chan_between_nodes(
+		&nodes, 0, 1, InitFeatures::known(), InitFeatures::known(),
+	);
+	let channel_to_update = create_announced_chan_between_nodes(
+		&nodes, 1, 2, InitFeatures::known(), InitFeatures::known(),
+	);
+	let channel_to_update_counterparty = &nodes[2].node.get_our_node_id();
+
+	let default_config = ChannelConfig::default();
+
+	// A test payment should succeed as the HTLC relay paramters have not been changed yet.
+	const PAYMENT_AMT: u64 = 40000;
+	send_payment(&nodes[0], &[&nodes[1], &nodes[2]], PAYMENT_AMT);
+
+	// Closure to update and retrieve the latest ChannelUpdate.
+	let update_and_get_channel_update = |config: &ChannelConfig, expect_new_update: bool,
+		prev_update: Option<&msgs::ChannelUpdate>| -> Option<msgs::ChannelUpdate> {
+		nodes[1].node.update_channel_config(
+			channel_to_update_counterparty, &[channel_to_update.2], config,
+		).unwrap();
+		let events = nodes[1].node.get_and_clear_pending_msg_events();
+		assert_eq!(events.len(), expect_new_update as usize);
+		if !expect_new_update {
+			return None;
+		}
+		let new_update = match &events[0] {
+			MessageSendEvent::BroadcastChannelUpdate { msg, .. } => msg.clone(),
+			_ => panic!("expected BroadcastChannelUpdate event"),
+		};
+		if prev_update.is_some() {
+			assert!(new_update.contents.timestamp > prev_update.unwrap().contents.timestamp)
+		}
+		Some(new_update)
+	};
+
+	// We'll be attempting to route payments using the default ChannelUpdate for channels. This will
+	// lead to onion failures at the first hop once we update the HTLC relay parameters for the
+	// second hop.
+	let (route, payment_hash, _, payment_secret) = get_route_and_payment_hash!(
+		nodes[0], nodes[2], PAYMENT_AMT
+	);
+	let expect_onion_failure = |name: &str, error_code: u16, channel_update: &msgs::ChannelUpdate| {
+		let short_channel_id = channel_to_update.0.contents.short_channel_id;
+		let network_update = NetworkUpdate::ChannelUpdateMessage { msg: channel_update.clone() };
+		run_onion_failure_test(
+			name, 0, &nodes, &route, &payment_hash, &payment_secret, |_| {}, || {}, true,
+			Some(error_code), Some(network_update), Some(short_channel_id),
+		);
+	};
+
+	// Updates to cltv_expiry_delta below MIN_CLTV_EXPIRY_DELTA should fail with APIMisuseError.
+	let mut invalid_config = default_config.clone();
+	invalid_config.cltv_expiry_delta = 0;
+	match nodes[1].node.update_channel_config(
+		channel_to_update_counterparty, &[channel_to_update.2], &invalid_config,
+	) {
+		Err(APIError::APIMisuseError{ .. }) => {},
+		_ => panic!("unexpected result applying invalid cltv_expiry_delta"),
+	}
+
+	// Increase the base fee which should trigger a new ChannelUpdate.
+	let mut config = nodes[1].node.list_usable_channels().iter()
+		.find(|channel| channel.channel_id == channel_to_update.2).unwrap()
+		.config.unwrap();
+	config.forwarding_fee_base_msat = u32::max_value();
+	let msg = update_and_get_channel_update(&config, true, None).unwrap();
+	expect_onion_failure("fee_insufficient", UPDATE|12, &msg);
+
+	// Redundant updates should not trigger a new ChannelUpdate.
+	assert!(update_and_get_channel_update(&config, false, None).is_none());
+
+	// Similarly, updates that do not have an affect on ChannelUpdate should not trigger a new one.
+	config.force_close_avoidance_max_fee_satoshis *= 2;
+	assert!(update_and_get_channel_update(&config, false, None).is_none());
+
+	// Reset the base fee to the default and increase the proportional fee which should trigger a
+	// new ChannelUpdate.
+	config.forwarding_fee_base_msat = default_config.forwarding_fee_base_msat;
+	config.cltv_expiry_delta = u16::max_value();
+	let msg = update_and_get_channel_update(&config, true, Some(&msg)).unwrap();
+	expect_onion_failure("incorrect_cltv_expiry", UPDATE|13, &msg);
+
+	// Reset the proportional fee and increase the CLTV expiry delta which should trigger a new
+	// ChannelUpdate.
+	config.cltv_expiry_delta = default_config.cltv_expiry_delta;
+	config.forwarding_fee_proportional_millionths = u32::max_value();
+	let msg = update_and_get_channel_update(&config, true, Some(&msg)).unwrap();
+	expect_onion_failure("fee_insufficient", UPDATE|12, &msg);
+
+	// To test persistence of the updated config, we'll re-initialize the ChannelManager.
+	let config_after_restart = {
+		let persister = test_utils::TestPersister::new();
+		let chain_monitor = test_utils::TestChainMonitor::new(
+			Some(nodes[1].chain_source), nodes[1].tx_broadcaster.clone(), nodes[1].logger,
+			node_cfgs[1].fee_estimator, &persister, nodes[1].keys_manager,
+		);
+
+		let mut chanmon_1 = <(_, ChannelMonitor<_>)>::read(
+			&mut &get_monitor!(nodes[1], other_channel.2).encode()[..], nodes[1].keys_manager,
+		).unwrap().1;
+		let mut chanmon_2 = <(_, ChannelMonitor<_>)>::read(
+			&mut &get_monitor!(nodes[1], channel_to_update.2).encode()[..], nodes[1].keys_manager,
+		).unwrap().1;
+		let mut channel_monitors = HashMap::new();
+		channel_monitors.insert(chanmon_1.get_funding_txo().0, &mut chanmon_1);
+		channel_monitors.insert(chanmon_2.get_funding_txo().0, &mut chanmon_2);
+
+		let chanmgr = <(_, ChannelManager<_, _, _, _, _, _>)>::read(
+			&mut &nodes[1].node.encode()[..], ChannelManagerReadArgs {
+				default_config: *nodes[1].node.get_current_default_configuration(),
+				keys_manager: nodes[1].keys_manager,
+				fee_estimator: node_cfgs[1].fee_estimator,
+				chain_monitor: &chain_monitor,
+				tx_broadcaster: nodes[1].tx_broadcaster.clone(),
+				logger: nodes[1].logger,
+				channel_monitors: channel_monitors,
+			},
+		).unwrap().1;
+		chanmgr.list_channels().iter()
+			.find(|channel| channel.channel_id == channel_to_update.2).unwrap()
+			.config.unwrap()
+	};
+	assert_eq!(config, config_after_restart);
+}
+
 #[test]
 fn test_default_to_onion_payload_tlv_format() {
 	// Tests that we default to creating tlv format onion payloads when no `NodeAnnouncementInfo`
