Allow overshooting total_msat for an MPP

While retrying a failed path of an MPP, a node may want to overshoot
the `total_msat` in order to use a path with an `htlc_minimum_msat`
greater than the remaining value being sent.

This commit no longer fails MPPs that overshoot the `total_msat`,
except when there is at least one HTLC in that MPP that has a value greater
than the difference between the received amount and `total_msat`.

Author: alecchendev

lightning/src/ln/channelmanager.rs

@@ -2584,7 +2584,7 @@ where
 	}
 
 	#[cfg(test)]
-	fn test_send_payment_internal(&self, route: &Route, payment_hash: PaymentHash, payment_secret: &Option<PaymentSecret>, keysend_preimage: Option<PaymentPreimage>, payment_id: PaymentId, recv_value_msat: Option<u64>, onion_session_privs: Vec<[u8; 32]>) -> Result<(), PaymentSendFailure> {
+	pub(super) fn test_send_payment_internal(&self, route: &Route, payment_hash: PaymentHash, payment_secret: &Option<PaymentSecret>, keysend_preimage: Option<PaymentPreimage>, payment_id: PaymentId, recv_value_msat: Option<u64>, onion_session_privs: Vec<[u8; 32]>) -> Result<(), PaymentSendFailure> {
 		let best_block_height = self.best_block.read().unwrap().height();
 		let _persistence_guard = PersistenceNotifierGuard::notify_on_drop(&self.total_consistency_lock, &self.persistence_notifier);
 		self.pending_outbound_payments.test_send_payment_internal(route, payment_hash, payment_secret, keysend_preimage, payment_id, recv_value_msat, onion_session_privs, &self.node_signer, best_block_height,
@@ -3274,11 +3274,17 @@ where
 												_ => unreachable!(),
 											}
 										}
-										if total_value >= msgs::MAX_VALUE_MSAT || total_value > $payment_data.total_msat {
-											log_trace!(self.logger, "Failing HTLCs with payment_hash {} as the total value {} ran over expected value {} (or HTLCs were inconsistent)",
-												log_bytes!(payment_hash.0), total_value, $payment_data.total_msat);
+										let smallest_htlc_value = htlcs.iter().map(|htlc| htlc.value).min().unwrap_or(claimable_htlc.value);
+										if total_value >= msgs::MAX_VALUE_MSAT {
+											log_trace!(self.logger, "Failing HTLCs with payment_hash {} as the total value {} ran over the maximum possible msats {}",
+												log_bytes!(payment_hash.0), total_value, msgs::MAX_VALUE_MSAT);
 											fail_htlc!(claimable_htlc, payment_hash);
-										} else if total_value == $payment_data.total_msat {
+										} else if total_value >= $payment_data.total_msat && smallest_htlc_value <= total_value - $payment_data.total_msat {
+											log_trace!(self.logger,
+												"Failing HTLCs with payment_hash {} as an individual HTLC has a value {} which is smaller than the difference between the total paid {} and total_msat {}",
+												log_bytes!(payment_hash.0), smallest_htlc_value, total_value, $payment_data.total_msat);
+											fail_htlc!(claimable_htlc, payment_hash);
+										} else if total_value >= $payment_data.total_msat {
 											let prev_channel_id = prev_funding_outpoint.to_channel_id();
 											htlcs.push(claimable_htlc);
 											new_events.push(events::Event::PaymentClaimable {
@@ -3935,7 +3941,7 @@ where
 			log_info!(self.logger, "Attempted to claim an incomplete payment which no longer had any available HTLCs!");
 			return;
 		}
-		if claimable_amt_msat != expected_amt_msat.unwrap() {
+		if claimable_amt_msat < expected_amt_msat.unwrap() {
 			self.claimable_payments.lock().unwrap().pending_claiming_payments.remove(&payment_hash);
 			log_info!(self.logger, "Attempted to claim an incomplete payment, expected {} msat, had {} available to claim.",
 				expected_amt_msat.unwrap(), claimable_amt_msat);

lightning/src/ln/functional_tests.rs

@@ -7925,6 +7925,116 @@ fn test_can_not_accept_unknown_inbound_channel() {
 	}
 }
 
+fn do_test_overshoot_mpp(msat_amounts: &[u64], total_msat: u64, should_fail: bool) {
+
+	let routing_node_count = msat_amounts.len();
+	let node_count = routing_node_count + 2;
+
+	let chanmon_cfgs = create_chanmon_cfgs(node_count);
+	let node_cfgs = create_node_cfgs(node_count, &chanmon_cfgs);
+	let node_chanmgrs = create_node_chanmgrs(node_count, &node_cfgs, &vec![None; node_count]);
+	let nodes = create_network(node_count, &node_cfgs, &node_chanmgrs);
+
+	let src_idx = 0;
+	let dst_idx = 1;
+
+	// Create channels for each amount
+	let mut expected_paths = Vec::with_capacity(routing_node_count);
+	let mut src_chan_ids = Vec::with_capacity(routing_node_count);
+	let mut dst_chan_ids = Vec::with_capacity(routing_node_count);
+	for i in 0..routing_node_count {
+		let routing_node = 2 + i;
+		let src_chan_id = create_announced_chan_between_nodes(&nodes, src_idx, routing_node).0.contents.short_channel_id;
+		src_chan_ids.push(src_chan_id);
+		let dst_chan_id = create_announced_chan_between_nodes(&nodes, routing_node, dst_idx).0.contents.short_channel_id;
+		dst_chan_ids.push(dst_chan_id);
+		let path = vec![&nodes[routing_node], &nodes[dst_idx]];
+		expected_paths.push(path);
+	}
+	let expected_paths: Vec<&[&Node]> = expected_paths.iter().map(|route| route.as_slice()).collect();
+
+	// Create a route for each amount
+	let example_amount = 100000;
+	let (mut route, our_payment_hash, our_payment_preimage, our_payment_secret) = get_route_and_payment_hash!(&nodes[src_idx], nodes[dst_idx], example_amount);
+	let sample_path = route.paths.pop().unwrap();
+	for i in 0..routing_node_count {
+		let routing_node = 2 + i;
+		let mut path = sample_path.clone();
+		path[0].pubkey = nodes[routing_node].node.get_our_node_id();
+		path[0].short_channel_id = src_chan_ids[i];
+		path[1].pubkey = nodes[dst_idx].node.get_our_node_id();
+		path[1].short_channel_id = dst_chan_ids[i];
+		path[1].fee_msat = msat_amounts[i];
+		route.paths.push(path);
+	}
+
+	// Send payment with manually set total_msat
+	let payment_id = PaymentId(nodes[src_idx].keys_manager.backing.get_secure_random_bytes());
+	let onion_session_privs = nodes[src_idx].node.test_add_new_pending_payment(our_payment_hash, Some(our_payment_secret), payment_id, &route).unwrap();
+	nodes[src_idx].node.test_send_payment_internal(&route, our_payment_hash, &Some(our_payment_secret), None, payment_id, Some(total_msat), onion_session_privs).unwrap();
+	check_added_monitors!(nodes[src_idx], expected_paths.len());
+
+	// Similar to pass_along_route but handles failures
+	let mut total_value = 0;
+	let mut events = nodes[src_idx].node.get_and_clear_pending_msg_events();
+	assert_eq!(events.len(), expected_paths.len());
+
+	for (path_idx, expected_path) in expected_paths.iter().enumerate() {
+		let ev = remove_first_msg_event_to_node(&expected_path[0].node.get_our_node_id(), &mut events);
+
+		total_value += route.paths[path_idx][1].fee_msat;
+		let payment_claimable_expected = total_value >= total_msat;
+
+		let mut payment_event = SendEvent::from_event(ev);
+		let mut prev_node = &nodes[src_idx];
+		for (idx, &node) in expected_path.iter().enumerate() {
+			assert_eq!(node.node.get_our_node_id(), payment_event.node_id);
+
+			node.node.handle_update_add_htlc(&prev_node.node.get_our_node_id(), &payment_event.msgs[0]);
+			check_added_monitors!(node, 0);
+			commitment_signed_dance!(node, prev_node, payment_event.commitment_msg, false);
+			expect_pending_htlcs_forwardable!(node);
+			prev_node = node;
+
+			let is_routing = idx != expected_path.len() - 1;
+			if is_routing {
+				let mut events_2 = node.node.get_and_clear_pending_msg_events();
+				assert_eq!(events_2.len(), 1);
+				check_added_monitors!(node, 1);
+				payment_event = SendEvent::from_event(events_2.remove(0));
+				assert_eq!(payment_event.msgs.len(), 1);
+			} else if !payment_claimable_expected {
+				let events_2 = node.node.get_and_clear_pending_events();
+				assert!(events_2.is_empty());
+			} else if should_fail {
+				expect_pending_htlcs_forwardable_and_htlc_handling_failed_ignore!(node, vec![HTLCDestination::FailedPayment { payment_hash: our_payment_hash }]);
+				check_added_monitors!(node, 1);
+				let msg_events = node.node.get_and_clear_pending_msg_events();
+				match msg_events[0] {
+					MessageSendEvent::UpdateHTLCs { .. } => {},
+					_ => panic!("Expected MessageSendEvent::UpdateHTLCs")
+				}
+			} else {
+				expect_payment_claimable!(node, our_payment_hash, our_payment_secret, total_value);
+				claim_payment_along_route(&nodes[src_idx], &expected_paths, false, our_payment_preimage);
+			}
+		}
+	}
+
+}
+
+#[test]
+fn test_overshoot_mpp() {
+	// Test an MPP that overruns the intended amount
+	do_test_overshoot_mpp(&[100_000, 100_000, 101_000], 300_000, false);
+	// Test an MPP where the smallest HTLC amount is less than or equal to
+	// the difference between the total amount received and the expected total_msat
+	do_test_overshoot_mpp(&[100_000, 10_000, 100_000], 200_000, true);
+	do_test_overshoot_mpp(&[100_000, 20_000, 5_000, 90_000], 200_000, true);
+	// Note this is not meant to test for HTLCs that arrive after the total_msat
+	// has already been received - see test_dup_htlc_second_rejected
+}
+
 #[test]
 fn test_simple_mpp() {
 	// Simple test of sending a multi-path payment.

lightning/src/ln/outbound_payment.rs

@@ -915,7 +915,6 @@ impl OutboundPayments {
 			return Err(PaymentSendFailure::PathParameterError(path_errs));
 		}
 		if let Some(amt_msat) = recv_value_msat {
-			debug_assert!(amt_msat >= total_value);
 			total_value = amt_msat;
 		}
 

lightning/src/util/events.rs

@@ -230,7 +230,7 @@ pub enum HTLCDestination {
 	///
 	/// Some of the reasons may include:
 	/// * HTLC Timeouts
-	/// * Expected MPP amount to claim does not equal HTLC total
+	/// * Total claimable HTLC value exceeds expected MPP amount by an entire HTLC
 	/// * Claimable amount does not match expected amount
 	FailedPayment {
 		/// The payment hash of the payment we attempted to process.
@@ -929,7 +929,7 @@ pub enum Event {
 	/// * Insufficient capacity in the outbound channel
 	/// * While waiting to forward the HTLC, the channel it is meant to be forwarded through closes
 	/// * When an unknown SCID is requested for forwarding a payment.
-	/// * Claiming an amount for an MPP payment that exceeds the HTLC total
+	/// * Claiming an MPP amount that exceeds the expected total by an entire HTLC
 	/// * The HTLC has timed out
 	///
 	/// This event, however, does not get generated if an HTLC fails to meet the forwarding