Struct ChannelHandshakeConfig
pub struct ChannelHandshakeConfig {
pub minimum_depth: u32,
pub our_to_self_delay: u16,
pub our_htlc_minimum_msat: u64,
pub max_inbound_htlc_value_in_flight_percent_of_channel: u8,
pub negotiate_scid_privacy: bool,
pub announced_channel: bool,
pub commit_upfront_shutdown_pubkey: bool,
pub their_channel_reserve_proportional_millionths: u32,
pub negotiate_anchors_zero_fee_htlc_tx: bool,
pub our_max_accepted_htlcs: u16,
}
Expand description
Configuration we set when applicable.
Default::default() provides sane defaults.
Fields§
§minimum_depth: u32
Confirmations we will wait for before considering the channel locked in. Applied only for inbound channels (see ChannelHandshakeLimits::max_minimum_depth for the equivalent limit applied to outbound channels).
A lower-bound of 1 is applied, requiring all channels to have a confirmed commitment
transaction before operation. If you wish to accept channels with zero confirmations, see
UserConfig::manually_accept_inbound_channels
and
ChannelManager::accept_inbound_channel_from_trusted_peer_0conf
.
Default value: 6.
our_to_self_delay: u16
Set to the number of blocks we require our counterparty to wait to claim their money (ie the number of blocks we have to punish our counterparty if they broadcast a revoked transaction).
This is one of the main parameters of our security model. We (or one of our watchtowers) MUST be online to check for revoked transactions on-chain at least once every our_to_self_delay blocks (minus some margin to allow us enough time to broadcast and confirm a transaction, possibly with time in between to RBF the spending transaction).
Meanwhile, asking for a too high delay, we bother peer to freeze funds for nothing in case of an honest unilateral channel close, which implicitly decrease the economic value of our channel.
Default value: BREAKDOWN_TIMEOUT
, we enforce it as a minimum at channel opening so you
can tweak config to ask for more security, not less.
our_htlc_minimum_msat: u64
Set to the smallest value HTLC we will accept to process.
This value is sent to our counterparty on channel-open and we close the channel any time our counterparty misbehaves by sending us an HTLC with a value smaller than this.
Default value: 1. If the value is less than 1, it is ignored and set to 1, as is required by the protocol.
max_inbound_htlc_value_in_flight_percent_of_channel: u8
Sets the percentage of the channel value we will cap the total value of outstanding inbound HTLCs to.
This can be set to a value between 1-100, where the value corresponds to the percent of the channel value in whole percentages.
Note that:
-
If configured to another value than the default value 10, any new channels created with the non default value will cause versions of LDK prior to 0.0.104 to refuse to read the
ChannelManager
. -
This caps the total value for inbound HTLCs in-flight only, and there’s currently no way to configure the cap for the total value of outbound HTLCs in-flight.
-
The requirements for your node being online to ensure the safety of HTLC-encumbered funds are different from the non-HTLC-encumbered funds. This makes this an important knob to restrict exposure to loss due to being offline for too long. See
ChannelHandshakeConfig::our_to_self_delay
andChannelConfig::cltv_expiry_delta
for more information.
Default value: 10. Minimum value: 1, any values less than 1 will be treated as 1 instead. Maximum value: 100, any values larger than 100 will be treated as 100 instead.
negotiate_scid_privacy: bool
If set, we attempt to negotiate the scid_privacy
(referred to as scid_alias
in the
BOLTs) option for outbound private channels. This provides better privacy by not including
our real on-chain channel UTXO in each invoice and requiring that our counterparty only
relay HTLCs to us using the channel’s SCID alias.
If this option is set, channels may be created that will not be readable by LDK versions
prior to 0.0.106, causing ChannelManager
’s read method to return a
DecodeError::InvalidValue
.
Note that setting this to true does not prevent us from opening channels with
counterparties that do not support the scid_alias
option; we will simply fall back to a
private channel without that option.
Ignored if the channel is negotiated to be announced, see
ChannelHandshakeConfig::announced_channel
and
ChannelHandshakeLimits::force_announced_channel_preference
for more.
Default value: false. This value is likely to change to true in the future.
announced_channel: bool
Set to announce the channel publicly and notify all nodes that they can route via this channel.
This should only be set to true for nodes which expect to be online reliably.
As the node which funds a channel picks this value this will only apply for new outbound
channels unless ChannelHandshakeLimits::force_announced_channel_preference
is set.
Default value: false.
commit_upfront_shutdown_pubkey: bool
When set, we commit to an upfront shutdown_pubkey at channel open. If our counterparty supports it, they will then enforce the mutual-close output to us matches what we provided at intialization, preventing us from closing to an alternate pubkey.
This is set to true by default to provide a slight increase in security, though ultimately any attacker who is able to take control of a channel can just as easily send the funds via lightning payments, so we never require that our counterparties support this option.
The upfront key committed is provided from SignerProvider::get_shutdown_scriptpubkey
.
Default value: true.
their_channel_reserve_proportional_millionths: u32
The Proportion of the channel value to configure as counterparty’s channel reserve,
i.e., their_channel_reserve_satoshis
for both outbound and inbound channels.
their_channel_reserve_satoshis
is the minimum balance that the other node has to maintain
on their side, at all times.
This ensures that if our counterparty broadcasts a revoked state, we can punish them by
claiming at least this value on chain.
Channel reserve values greater than 30% could be considered highly unreasonable, since that amount can never be used for payments. Also, if our selected channel reserve for counterparty and counterparty’s selected channel reserve for us sum up to equal or greater than channel value, channel negotiations will fail.
Note: Versions of LDK earlier than v0.0.104 will fail to read channels with any channel reserve other than the default value.
Default value: 1% of channel value, i.e., configured as 10,000 millionths. Minimum value: If the calculated proportional value is less than 1000 sats, it will be treated as 1000 sats instead, which is a safe implementation-specific lower bound. Maximum value: 1,000,000, any values larger than 1 Million will be treated as 1 Million (or 100%) instead, although channel negotiations will fail in that case.
negotiate_anchors_zero_fee_htlc_tx: bool
If set, we attempt to negotiate the anchors_zero_fee_htlc_tx
option for all future
channels. This feature requires having a reserve of onchain funds readily available to bump
transactions in the event of a channel force close to avoid the possibility of losing funds.
Note that if you wish accept inbound channels with anchor outputs, you must enable
UserConfig::manually_accept_inbound_channels
and manually accept them with
ChannelManager::accept_inbound_channel
. This is done to give you the chance to check
whether your reserve of onchain funds is enough to cover the fees for all existing and new
channels featuring anchor outputs in the event of a force close.
If this option is set, channels may be created that will not be readable by LDK versions
prior to 0.0.116, causing ChannelManager
’s read method to return a
DecodeError::InvalidValue
.
Note that setting this to true does not prevent us from opening channels with
counterparties that do not support the anchors_zero_fee_htlc_tx
option; we will simply
fall back to a static_remote_key
channel.
LDK will not support the legacy option_anchors
commitment version due to a discovered
vulnerability after its deployment. For more context, see the SIGHASH_SINGLE + update_fee Considered Harmful
mailing list post.
Default value: false. This value is likely to change to true in the future.
our_max_accepted_htlcs: u16
The maximum number of HTLCs in-flight from our counterparty towards us at the same time.
Increasing the value can help improve liquidity and stability in routing at the cost of higher long term disk / DB usage.
Note: Versions of LDK earlier than v0.0.115 will fail to read channels with a configuration other than the default value.
Default value: 50
Maximum value: 483, any values larger will be treated as 483.
This is the BOLT #2 spec limit on max_accepted_htlcs
.
Trait Implementations§
§impl Clone for ChannelHandshakeConfig
impl Clone for ChannelHandshakeConfig
§fn clone(&self) -> ChannelHandshakeConfig
fn clone(&self) -> ChannelHandshakeConfig
1.0.0 · source§fn clone_from(&mut self, source: &Self)
fn clone_from(&mut self, source: &Self)
source
. Read more§impl Debug for ChannelHandshakeConfig
impl Debug for ChannelHandshakeConfig
§impl Default for ChannelHandshakeConfig
impl Default for ChannelHandshakeConfig
§fn default() -> ChannelHandshakeConfig
fn default() -> ChannelHandshakeConfig
impl Copy for ChannelHandshakeConfig
Auto Trait Implementations§
impl Freeze for ChannelHandshakeConfig
impl RefUnwindSafe for ChannelHandshakeConfig
impl Send for ChannelHandshakeConfig
impl Sync for ChannelHandshakeConfig
impl Unpin for ChannelHandshakeConfig
impl UnwindSafe for ChannelHandshakeConfig
Blanket Implementations§
§impl<'a, T, E> AsTaggedExplicit<'a, E> for Twhere
T: 'a,
impl<'a, T, E> AsTaggedExplicit<'a, E> for Twhere
T: 'a,
§impl<'a, T, E> AsTaggedImplicit<'a, E> for Twhere
T: 'a,
impl<'a, T, E> AsTaggedImplicit<'a, E> for Twhere
T: 'a,
source§impl<T> BorrowMut<T> for Twhere
T: ?Sized,
impl<T> BorrowMut<T> for Twhere
T: ?Sized,
source§fn borrow_mut(&mut self) -> &mut T
fn borrow_mut(&mut self) -> &mut T
source§impl<T> CloneToUninit for Twhere
T: Clone,
impl<T> CloneToUninit for Twhere
T: Clone,
source§unsafe fn clone_to_uninit(&self, dst: *mut T)
unsafe fn clone_to_uninit(&self, dst: *mut T)
clone_to_uninit
)§impl<T> Instrument for T
impl<T> Instrument for T
§fn instrument(self, span: Span) -> Instrumented<Self> ⓘ
fn instrument(self, span: Span) -> Instrumented<Self> ⓘ
source§impl<T> IntoRequest<T> for T
impl<T> IntoRequest<T> for T
source§fn into_request(self) -> Request<T>
fn into_request(self) -> Request<T>
T
in a tonic::Request