chaintopology: restore anchor timeout.

Instead of using wall-clock time, we use blocks.  This is simpler and
better for database restores.  And both sides will time out.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>

daemon/chaintopology.c

@@ -174,6 +174,9 @@ static void connect_block(struct lightningd_state *dstate,
 			add_tx_to_block(b, &txid);
 	}
 	b->full_txs = tal_free(b->full_txs);
+
+	/* Tell peers about new block. */
+	peers_new_block(dstate, b->height);
 }
 
 static bool tx_in_block(const struct block *b,

daemon/lightningd.c

@@ -109,6 +109,9 @@ static void config_register_opts(struct lightningd_state *dstate)
 	opt_register_arg("--max-locktime-blocks", opt_set_u32, opt_show_u32,
 			 &dstate->config.locktime_max,
 			 "Maximum seconds peer can lock up our funds");
+	opt_register_arg("--anchor-onchain", opt_set_u32, opt_show_u32,
+			 &dstate->config.anchor_onchain_wait,
+			 "Blocks before we give up on pending anchor transaction");
 	opt_register_arg("--anchor-confirms", opt_set_u32, opt_show_u32,
 			 &dstate->config.anchor_confirms,
 			 "Confirmations required for anchor transaction");
@@ -183,6 +186,9 @@ static const struct config testnet_config = {
 	/* They can have up to 3 days. */
 	.locktime_max = 3 * 6 * 24,
 
+	/* Testnet can have long runs of empty blocks. */
+	.anchor_onchain_wait = 100,
+
 	/* We're fairly trusting, under normal circumstances. */
 	.anchor_confirms = 1,
 
@@ -247,6 +253,9 @@ static const struct config mainnet_config = {
 	/* They can have up to 3 days. */
 	.locktime_max = 3 * 6 * 24,
 
+	/* You should get in within 10 blocks. */
+	.anchor_onchain_wait = 10,
+
 	/* We're fairly trusting, under normal circumstances. */
 	.anchor_confirms = 3,
 

daemon/lightningd.h

@@ -20,6 +20,9 @@ struct config {
 	/* How long do we let them lock up our funds? (blocks) */
 	u32 locktime_max;
 
+	/* How many blocks before we expect to see anchor?. */
+	u32 anchor_onchain_wait;
+
 	/* How many confirms until we consider an anchor "settled". */
 	u32 anchor_confirms;
 

daemon/peer.c

@@ -3342,6 +3342,27 @@ static enum watch_result anchor_depthchange(struct peer *peer,
 	return KEEP_WATCHING;
 }
 
+void peers_new_block(struct lightningd_state *dstate, unsigned int height)
+{
+	/* This is where we check for anchor timeouts. */
+	struct peer *peer;
+
+	list_for_each(&dstate->peers, peer, list) {
+		if (!state_is_waiting_for_anchor(peer->state))
+			continue;
+
+		/* If we haven't seen anchor yet, we can timeout. */
+		if (height >= peer->anchor.min_depth
+		    + dstate->config.anchor_onchain_wait
+		    + dstate->config.anchor_confirms) {
+			queue_pkt_err(peer, pkt_err(peer, "Funding timeout"));
+			set_peer_state(peer, STATE_ERR_ANCHOR_TIMEOUT, __func__,
+				       false);
+			peer_breakdown(peer);
+		}
+	}
+}
+
 static bool outputscript_eq(const struct bitcoin_tx_output *out,
 			    size_t i, const u8 *script)
 {

daemon/peer.h

@@ -278,6 +278,8 @@ const char *command_htlc_add(struct peer *peer, u64 msatoshi,
 			     enum fail_error *error_code,
 			     struct htlc **htlc);
 
+void peers_new_block(struct lightningd_state *dstate, unsigned int height);
+
 /* Peer has an issue, breakdown and fail. */
 void peer_fail(struct peer *peer, const char *caller);