channeld: add in RFC notes for max_htlc_dust_exposure_msat

And update some behavior to check both sides on receipt of a
update_fee, as per the proposed spec.

https://github.com/lightningnetwork/lightning-rfc/pull/919

channeld/channeld.c

@@ -1292,6 +1292,20 @@ static void send_commit(struct peer *peer)
 		if (feerate_changes_done(peer->channel->fee_states, false)) {
 			u8 *msg;
 
+			/* BOLT-919 #2:
+			 *
+			 * A sending node:
+			 * - if the `dust_balance_on_counterparty_tx` at the
+			 *   new `dust_buffer_feerate` is superior to
+			 *   `max_dust_htlc_exposure_msat`:
+			 *   - MAY NOT send `update_fee`
+			 *   - MAY fail the channel
+			 * - if the `dust_balance_on_holder_tx` at the
+			 *   new `dust_buffer_feerate` is superior to
+			 *   the `max_dust_htlc_exposure_msat`:
+			 *   - MAY NOT send `update_fee`
+			 *   - MAY fail the channel
+			 */
 			/* Is this feerate update going to push the committed
 			 * htlcs over our allowed dust limits? */
 			if (!htlc_dust_ok(peer->channel, feerate_target, REMOTE)
@@ -3369,6 +3383,12 @@ static void handle_offer_htlc(struct peer *peer, const u8 *inmsg)
 		failstr = "Too many HTLCs";
 		goto failed;
 	case CHANNEL_ERR_DUST_FAILURE:
+		/* BOLT-919 #2:
+		 * - upon an outgoing HTLC:
+		 *   - if a HTLC's `amount_msat` is inferior the counterparty's...
+		 *   - SHOULD NOT send this HTLC
+		 *   - SHOULD fail this HTLC if it's forwarded
+		 */
 		failwiremsg = towire_temporary_channel_failure(inmsg, get_local_channel_update(inmsg, peer));
 		failstr = "HTLC too dusty, allowed dust limit reached";
 		goto failed;

channeld/full_channel.c

@@ -801,6 +801,18 @@ static enum channel_add_err add_htlc(struct channel *channel,
 
 	if (amount_msat_greater(htlc_dust_amt,
 				channel->config[LOCAL].max_dust_htlc_exposure_msat)) {
+		/* BOLT-919 #2:
+		 * A node:
+		 * - upon an incoming HTLC:
+		 *   - if a HTLC's `amount_msat` is inferior to the
+		 *   counterparty's `dust_limit_satoshis` plus the HTLC-timeout fee
+		 *   at the `dust_buffer_feerate`: ...
+		 *   - SHOULD fail this HTLC once it's committed
+		 *   - SHOULD NOT reveal a preimage for this HTLC
+		*/
+		/* Note: Marking this as 'fail_immediate' and
+		 * NOT returning an ERR will fail this HTLC
+		 * once it's committed */
 		htlc->fail_immediate = true;
 		if (err_immediate_failures)
 			return CHANNEL_ERR_DUST_FAILURE;
@@ -1281,7 +1293,15 @@ bool channel_update_feerate(struct channel *channel, u32 feerate_per_kw)
 	if (!can_opener_afford_feerate(channel, feerate_per_kw))
 		return false;
 
-	if (!htlc_dust_ok(channel, feerate_per_kw, REMOTE))
+	/* BOLT-919 #2:
+	 * - if the `dust_balance_on_holder_tx` at the
+	 *   new `dust_buffer_feerate` is superior to
+	 *   the `max_dust_htlc_exposure_msat`:
+	 *   ...
+	 *   - MAY fail the channel
+	 */
+	if (!htlc_dust_ok(channel, feerate_per_kw, REMOTE) ||
+	    !htlc_dust_ok(channel, feerate_per_kw, LOCAL))
 		return false;
 
 	status_debug("Setting %s feerate to %u",

common/htlc_trim.c

@@ -50,7 +50,11 @@ bool htlc_is_trimmed(enum side htlc_owner,
 
 u32 htlc_trim_feerate_ceiling(u32 feerate_per_kw)
 {
-	/* Add the greater of 1.25x or 2530 sat/kw */
+	/* BOLT-919 #2:
+	 *
+	 * `dust_buffer_feerate` is defined as the maximum
+	 * of either 2530 sats per kWU or 125% of the
+	 * current `feerate_per_kw`. */
 	return max(feerate_per_kw + feerate_per_kw / 4,
 		   feerate_per_kw + HTLC_FEE_MIN_RANGE);
 }