Add monitor_event_source to holding cell HTLC fails

valentinewallace · valentinewallace · commit 0eb619072a99 · 2026-03-19T13:10:41.000-04:00
Currently, the resolution of HTLCs (and decisions on when HTLCs can be
forwarded) is the responsibility of Channel objects (a part of ChannelManager)
until the channel is closed, and then the ChannelMonitor thereafter. This leads
to some complexity around race conditions for HTLCs right around channel
closure. Additionally, there is lots of complexity reconstructing the state of
all HTLCs in the ChannelManager deserialization/loading logic.

Instead, we want to do all resolution in ChannelMonitors (in response to
ChannelMonitorUpdates) and pass them back to ChannelManager in the form of
MonitorEvents (similar to how HTLCs are resolved after channels are closed). In
order to have reliable resolution, we'll need to keep MonitorEvents around in
the ChannelMonitor until the ChannelManager has finished processing them. This
will simplify things - on restart instead of examining the set of HTLCs in
monitors we can simply replay all the pending MonitorEvents.

To ensure we can resolve HTLC monitor events for forward failures, we need to
pipe the event id through the HTLC failure pipeline. We started this process
in the previous commit, and here we continue by storing the monitor event id
in the Channel's holding cell HTLC failures. In upcoming commits we will
eventually get to the point of acking the monitor event when the HTLC is
irrevocably removed from the inbound edge via monitor update.
diff --git a/lightning/src/ln/channel.rs b/lightning/src/ln/channel.rs
@@ -30,6 +30,7 @@ use crate::blinded_path::message::BlindedMessagePath;
 use crate::chain::chaininterface::{
 	ConfirmationTarget, FeeEstimator, LowerBoundedFeeEstimator, TransactionType,
 };
+use crate::chain::chainmonitor::MonitorEventSource;
 use crate::chain::channelmonitor::{
 	ChannelMonitor, ChannelMonitorUpdate, ChannelMonitorUpdateStep, CommitmentHTLCData,
 	LATENCY_GRACE_PERIOD_BLOCKS,
@@ -550,11 +551,13 @@ enum HTLCUpdateAwaitingACK {
 	FailHTLC {
 		htlc_id: u64,
 		err_packet: msgs::OnionErrorPacket,
+		monitor_event_source: Option<MonitorEventSource>,
 	},
 	FailMalformedHTLC {
 		htlc_id: u64,
 		failure_code: u16,
 		sha256_of_onion: [u8; 32],
+		monitor_event_source: Option<MonitorEventSource>,
 	},
 }
 
@@ -6470,7 +6473,7 @@ impl FailHTLCContents for msgs::OnionErrorPacket {
 		InboundHTLCState::LocalRemoved(InboundHTLCRemovalReason::FailRelay(self))
 	}
 	fn to_htlc_update_awaiting_ack(self, htlc_id: u64) -> HTLCUpdateAwaitingACK {
-		HTLCUpdateAwaitingACK::FailHTLC { htlc_id, err_packet: self }
+		HTLCUpdateAwaitingACK::FailHTLC { htlc_id, err_packet: self, monitor_event_source: None }
 	}
 }
 impl FailHTLCContents for ([u8; 32], u16) {
@@ -6494,6 +6497,7 @@ impl FailHTLCContents for ([u8; 32], u16) {
 			htlc_id,
 			sha256_of_onion: self.0,
 			failure_code: self.1,
+			monitor_event_source: None,
 		}
 	}
 }
@@ -8292,14 +8296,15 @@ where
 						monitor_update.updates.append(&mut additional_monitor_update.updates);
 						None
 					},
-					&HTLCUpdateAwaitingACK::FailHTLC { htlc_id, ref err_packet } => Some(
+					&HTLCUpdateAwaitingACK::FailHTLC { htlc_id, ref err_packet, .. } => Some(
 						self.fail_htlc(htlc_id, err_packet.clone(), false, logger)
 							.map(|fail_msg_opt| fail_msg_opt.map(|_| ())),
 					),
 					&HTLCUpdateAwaitingACK::FailMalformedHTLC {
 						htlc_id,
 						failure_code,
 						sha256_of_onion,
+						..
 					} => Some(
 						self.fail_htlc(htlc_id, (sha256_of_onion, failure_code), false, logger)
 							.map(|fail_msg_opt| fail_msg_opt.map(|_| ())),
@@ -14540,7 +14545,7 @@ impl<SP: SignerProvider> Writeable for FundedChannel<SP> {
 					// Store the attribution data for later writing.
 					holding_cell_attribution_data.push(attribution_data.as_ref());
 				},
-				&HTLCUpdateAwaitingACK::FailHTLC { ref htlc_id, ref err_packet } => {
+				&HTLCUpdateAwaitingACK::FailHTLC { ref htlc_id, ref err_packet, .. } => {
 					2u8.write(writer)?;
 					htlc_id.write(writer)?;
 					err_packet.data.write(writer)?;
@@ -14552,6 +14557,7 @@ impl<SP: SignerProvider> Writeable for FundedChannel<SP> {
 					htlc_id,
 					failure_code,
 					sha256_of_onion,
+					..
 				} => {
 					// We don't want to break downgrading by adding a new variant, so write a dummy
 					// `::FailHTLC` variant and write the real malformed error as an optional TLV.
@@ -14991,6 +14997,7 @@ impl<'a, 'b, 'c, ES: EntropySource, SP: SignerProvider>
 						data: Readable::read(reader)?,
 						attribution_data: None,
 					},
+					monitor_event_source: None,
 				},
 				_ => return Err(DecodeError::InvalidValue),
 			});
@@ -15445,7 +15452,7 @@ impl<'a, 'b, 'c, ES: EntropySource, SP: SignerProvider>
 				let htlc_idx = holding_cell_htlc_updates
 					.iter()
 					.position(|htlc| {
-						if let HTLCUpdateAwaitingACK::FailHTLC { htlc_id, err_packet } = htlc {
+						if let HTLCUpdateAwaitingACK::FailHTLC { htlc_id, err_packet, .. } = htlc {
 							let matches = *htlc_id == malformed_htlc_id;
 							if matches {
 								debug_assert!(err_packet.data.is_empty())
@@ -15460,6 +15467,7 @@ impl<'a, 'b, 'c, ES: EntropySource, SP: SignerProvider>
 					htlc_id: malformed_htlc_id,
 					failure_code,
 					sha256_of_onion,
+					monitor_event_source: None,
 				};
 				let _ =
 					core::mem::replace(&mut holding_cell_htlc_updates[htlc_idx], malformed_htlc);
@@ -16486,12 +16494,14 @@ mod tests {
 			|htlc_id, attribution_data| HTLCUpdateAwaitingACK::FailHTLC {
 				htlc_id,
 				err_packet: msgs::OnionErrorPacket { data: vec![42], attribution_data },
+				monitor_event_source: None,
 			};
 		let dummy_holding_cell_malformed_htlc =
 			|htlc_id| HTLCUpdateAwaitingACK::FailMalformedHTLC {
 				htlc_id,
 				failure_code: LocalHTLCFailureReason::InvalidOnionBlinding.failure_code(),
 				sha256_of_onion: [0; 32],
+				monitor_event_source: None,
 			};
 		let mut holding_cell_htlc_updates = Vec::with_capacity(12);
 		for i in 0..16 {
