Skip to content

rpc: add SetWebsocketReadLimit in Server #32279#1411

Merged
gzliudan merged 1 commit intoXinFinOrg:dev-upgradefrom
gzliudan:expose-readerlimit
Sep 3, 2025
Merged

rpc: add SetWebsocketReadLimit in Server #32279#1411
gzliudan merged 1 commit intoXinFinOrg:dev-upgradefrom
gzliudan:expose-readerlimit

Conversation

@gzliudan
Copy link
Copy Markdown
Collaborator

@gzliudan gzliudan commented Sep 1, 2025

Proposed changes

Ref: ethereum#32279

Types of changes

What types of changes does your code introduce to XDC network?
Put an in the boxes that apply

  • Bugfix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)
  • Documentation Update (if none of the other choices apply)
  • Regular KTLO or any of the maintaince work. e.g code style
  • CICD Improvement

Impacted Components

Which part of the codebase this PR will touch base on,

Put an in the boxes that apply

  • Consensus
  • Account
  • Network
  • Geth
  • Smart Contract
  • External components
  • Not sure (Please specify below)

Checklist

Put an in the boxes once you have confirmed below actions (or provide reasons on not doing so) that

  • This PR has sufficient test coverage (unit/integration test) OR I have provided reason in the PR description for not having test coverage
  • Provide an end-to-end test plan in the PR description on how to manually test it on the devnet/testnet.
  • Tested the backwards compatibility.
  • Tested with XDC nodes running this version co-exist with those running the previous version.
  • Relevant documentation has been updated as part of this PR
  • N/A

@yzang2019 @fjl @gzliudan
rpc: add SetWebsocketReadLimit in Server ethereum#32279
41dce88 
Exposing the public method to setReadLimits for Websocket RPC to
prevent OOM.

Current, Geth Server is using a default 32MB max read limit (message
size) for websocket, which is prune to being attacked for OOM. Any one
can easily launch a client to send a bunch of concurrent large request
to cause the node to crash for OOM. One example of such script that can
easily crash a Geth node running websocket server is like this:

https://gist.githubusercontent.com/DeltaXV/b64d221e342e9c1ec6c99c1ab8201544/raw/ec830979ac9a707d98f40dfcc0ce918fc8fb9057/poc.go

---------

Co-authored-by: Felix Lange <fjl@twurst.com>
@gzliudan gzliudan merged commit a676211 into XinFinOrg:dev-upgrade Sep 3, 2025
12 checks passed
@gzliudan gzliudan deleted the expose-readerlimit branch September 3, 2025 07:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@benjamin202410 benjamin202410 benjamin202410 approved these changes

@liam-lai liam-lai Awaiting requested review from liam-lai

@AnilChinchawale AnilChinchawale Awaiting requested review from AnilChinchawale

@wanwiset25 wanwiset25 Awaiting requested review from wanwiset25

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@gzliudan @benjamin202410 @yzang2019