rpc: add SetWebsocketReadLimit in Server#32279
Conversation
|
Please help take a look, thanks! |
|
--- FAIL: TestServerSetReadLimits (0.01s) Tests are failing |
It's true. Geth always assumes the instance should be protected by node operator for serving the RPC/Websocket requests. But I agree we should provide the ways for operators to apply the configurations. |
I think it was failing because of 1.24 tests were timing out, let me try running the test again |
rjl493456442
changed the title
|
How can I proceed next to rerun the failed test? I believe there were some flaky tests elsewhere that's not introduced by this change |
fjl
changed the title
|
Looks like the newly added unit test might be too heavy to run on github, which cause the test to timeout in 1.24, let me see if I can simplify the test a bit |
* master: (57 commits) core/vm: fix EIP-7823 modexp input length check (ethereum#32363) rlp: remove workaround for Value.Bytes (ethereum#32433) consensus/misc/eip4844: use blob parameters of current header (ethereum#32424) crypto/bn256: refactor to use bitutil.TestBytes (ethereum#32435) core/vm: refactor to use bitutil.TestBytes (ethereum#32434) cmd/evm: use PathScheme in blockrunner (ethereum#32444) trie, core/state: add the transition tree (verkle transition part 2) (ethereum#32366) build: remove unused functions (ethereum#32393) crypto/secp256k1: use ReadBits from common/math (ethereum#32430) build: upgrade -dlgo version to Go 1.25.0 (ethereum#32412) .github: upgrade workflows to Go 1.25 (ethereum#32425) p2p: refactor to use time.Now().UnixMilli() in golang std lib (ethereum#32402) eth/syncer: fix typo (ethereum#32427) eth/tracers: Adds codeHash to prestateTracer's response (ethereum#32391) rlp: optimize intsize (ethereum#32421) node: remove unused err var (ethereum#32398) eth: abort `requiredBlocks` check if peer handler terminated (ethereum#32413) cmd: fix inconsistent function name in comment (ethereum#32411) trie: refactor to use slices.Concat (ethereum#32401) consensus: fix ambiguous invalid gas limit error (ethereum#32405) ...
|
@fjl May I get another review? I've simplified the test cases, unit tests are all passing now |
Exposing the public method to setReadLimits for Websocket RPC to prevent OOM. Current, Geth Server is using a default 32MB max read limit (message size) for websocket, which is prune to being attacked for OOM. Any one can easily launch a client to send a bunch of concurrent large request to cause the node to crash for OOM. One example of such script that can easily crash a Geth node running websocket server is like this: https://gist.githubusercontent.com/DeltaXV/b64d221e342e9c1ec6c99c1ab8201544/raw/ec830979ac9a707d98f40dfcc0ce918fc8fb9057/poc.go --------- Co-authored-by: Felix Lange <fjl@twurst.com>
Exposing the public method to setReadLimits for Websocket RPC to prevent OOM. Current, Geth Server is using a default 32MB max read limit (message size) for websocket, which is prune to being attacked for OOM. Any one can easily launch a client to send a bunch of concurrent large request to cause the node to crash for OOM. One example of such script that can easily crash a Geth node running websocket server is like this: https://gist.githubusercontent.com/DeltaXV/b64d221e342e9c1ec6c99c1ab8201544/raw/ec830979ac9a707d98f40dfcc0ce918fc8fb9057/poc.go --------- Co-authored-by: Yiming Zang <50607998+yzang2019@users.noreply.github.com> Co-authored-by: Felix Lange <fjl@twurst.com>
Exposing the public method to setReadLimits for Websocket RPC to prevent OOM. Current, Geth Server is using a default 32MB max read limit (message size) for websocket, which is prune to being attacked for OOM. Any one can easily launch a client to send a bunch of concurrent large request to cause the node to crash for OOM. One example of such script that can easily crash a Geth node running websocket server is like this: https://gist.githubusercontent.com/DeltaXV/b64d221e342e9c1ec6c99c1ab8201544/raw/ec830979ac9a707d98f40dfcc0ce918fc8fb9057/poc.go --------- Co-authored-by: Felix Lange <fjl@twurst.com>
3 participants
TLDR:
Context:
Current, Geth Server is using a default 32MB max read limit (message size) for websocket, which is prune to being attacked for OOM. Any one can easily launch a client to send a bunch of concurrent large request to cause the node to crash for OOM. One example of such script that can easily crash a Geth node running websocket server is like this:
https://gist.githubusercontent.com/DeltaXV/b64d221e342e9c1ec6c99c1ab8201544/raw/ec830979ac9a707d98f40dfcc0ce918fc8fb9057/poc.go