diff --git a/builder/files/config.toml b/builder/files/config.toml index 0f2919807f..f577706f7b 100644 --- a/builder/files/config.toml +++ b/builder/files/config.toml @@ -8,6 +8,8 @@ chain = "mainnet" datadir = "/var/lib/bor/data" # ancient = "" # keystore = "/var/lib/bor/keystore" +# "rpc.batchlimit" = 100 +# "rpc.returndatalimit" = 100000 syncmode = "full" # gcmode = "full" # snapshot = true diff --git a/docs/cli/example_config.toml b/docs/cli/example_config.toml index 64ef60ae12..6bf58a8361 100644 --- a/docs/cli/example_config.toml +++ b/docs/cli/example_config.toml @@ -8,6 +8,8 @@ log-level = "INFO" # Set log level for the server datadir = "var/lib/bor" # Path of the data directory to store information ancient = "" # Data directory for ancient chain segments (default = inside chaindata) keystore = "" # Path of the directory where keystores are located +"rpc.batchlimit" = 100 # Maximum number of messages in a batch (default=100, use 0 for no limits) +"rpc.returndatalimit" = 100000 # Maximum size (in bytes) a result of an rpc request could have (default=100000, use 0 for no limits) syncmode = "full" # Blockchain sync mode (only "full" sync supported) gcmode = "full" # Blockchain garbage collection mode ("full", "archive") snapshot = true # Enables the snapshot-database mode diff --git a/docs/cli/server.md b/docs/cli/server.md index 5bc0ff1024..caf10070c0 100644 --- a/docs/cli/server.md +++ b/docs/cli/server.md @@ -16,6 +16,10 @@ The ```bor server``` command runs the Bor client. - ```keystore```: Path of the directory where keystores are located +- ```rpc.batchlimit```: Maximum number of messages in a batch (default=100, use 0 for no limits) (default: 100) + +- ```rpc.returndatalimit```: Maximum size (in bytes) a result of an rpc request could have (default=100000, use 0 for no limits) (default: 100000) + - ```config```: File for the config file - ```syncmode```: Blockchain sync mode (only "full" sync supported) (default: full) diff --git a/eth/api_backend.go b/eth/api_backend.go index c33f3cf6f2..60aea7527e 100644 --- a/eth/api_backend.go +++ b/eth/api_backend.go @@ -317,6 +317,10 @@ func (b *EthAPIBackend) RPCGasCap() uint64 { return b.eth.config.RPCGasCap } +func (b *EthAPIBackend) RPCRpcReturnDataLimit() uint64 { + return b.eth.config.RPCReturnDataLimit +} + func (b *EthAPIBackend) RPCEVMTimeout() time.Duration { return b.eth.config.RPCEVMTimeout } diff --git a/eth/ethconfig/config.go b/eth/ethconfig/config.go index c9272758ab..68cf733cc6 100644 --- a/eth/ethconfig/config.go +++ b/eth/ethconfig/config.go @@ -94,11 +94,12 @@ var Defaults = Config{ GasPrice: big.NewInt(params.GWei), Recommit: 125 * time.Second, }, - TxPool: core.DefaultTxPoolConfig, - RPCGasCap: 50000000, - RPCEVMTimeout: 5 * time.Second, - GPO: FullNodeGPO, - RPCTxFeeCap: 5, // 5 matic + TxPool: core.DefaultTxPoolConfig, + RPCGasCap: 50000000, + RPCReturnDataLimit: 100000, + RPCEVMTimeout: 5 * time.Second, + GPO: FullNodeGPO, + RPCTxFeeCap: 5, // 5 matic } func init() { @@ -199,6 +200,9 @@ type Config struct { // RPCGasCap is the global gas cap for eth-call variants. RPCGasCap uint64 + // Maximum size (in bytes) a result of an rpc request could have + RPCReturnDataLimit uint64 + // RPCEVMTimeout is the global timeout for eth-call. RPCEVMTimeout time.Duration diff --git a/eth/tracers/api_test.go b/eth/tracers/api_test.go index 6dd94e4870..d394e4fbe3 100644 --- a/eth/tracers/api_test.go +++ b/eth/tracers/api_test.go @@ -126,6 +126,10 @@ func (b *testBackend) RPCGasCap() uint64 { return 25000000 } +func (b *testBackend) RPCRpcReturnDataLimit() uint64 { + return 100000 +} + func (b *testBackend) ChainConfig() *params.ChainConfig { return b.chainConfig } diff --git a/internal/cli/server/config.go b/internal/cli/server/config.go index 35d7e19359..e9321bfa01 100644 --- a/internal/cli/server/config.go +++ b/internal/cli/server/config.go @@ -60,6 +60,12 @@ type Config struct { // KeyStoreDir is the directory to store keystores KeyStoreDir string `hcl:"keystore,optional" toml:"keystore,optional"` + // Maximum number of messages in a batch (default=100, use 0 for no limits) + RPCBatchLimit uint64 `hcl:"rpc.batchlimit,optional" toml:"rpc.batchlimit,optional"` + + // Maximum size (in bytes) a result of an rpc request could have (default=100000, use 0 for no limits) + RPCReturnDataLimit uint64 `hcl:"rpc.returndatalimit,optional" toml:"rpc.returndatalimit,optional"` + // SyncMode selects the sync protocol SyncMode string `hcl:"syncmode,optional" toml:"syncmode,optional"` @@ -435,12 +441,14 @@ type DeveloperConfig struct { func DefaultConfig() *Config { return &Config{ - Chain: "mainnet", - Identity: Hostname(), - RequiredBlocks: map[string]string{}, - LogLevel: "INFO", - DataDir: DefaultDataDir(), - Ancient: "", + Chain: "mainnet", + Identity: Hostname(), + RequiredBlocks: map[string]string{}, + LogLevel: "INFO", + DataDir: DefaultDataDir(), + Ancient: "", + RPCBatchLimit: 100, + RPCReturnDataLimit: 100000, P2P: &P2PConfig{ MaxPeers: 50, MaxPendPeers: 50, @@ -936,6 +944,8 @@ func (c *Config) buildEth(stack *node.Node, accountManager *accounts.Manager) (* n.BorLogs = c.BorLogs n.DatabaseHandles = dbHandles + n.RPCReturnDataLimit = c.RPCReturnDataLimit + if c.Ancient != "" { n.DatabaseFreezer = c.Ancient } @@ -986,6 +996,7 @@ func (c *Config) buildNode() (*node.Config, error) { WriteTimeout: c.JsonRPC.HttpTimeout.WriteTimeout, IdleTimeout: c.JsonRPC.HttpTimeout.IdleTimeout, }, + RPCBatchLimit: c.RPCBatchLimit, } // dev mode diff --git a/internal/cli/server/flags.go b/internal/cli/server/flags.go index 822bb81aef..22d5b73485 100644 --- a/internal/cli/server/flags.go +++ b/internal/cli/server/flags.go @@ -46,6 +46,18 @@ func (c *Command) Flags() *flagset.Flagset { Usage: "Path of the directory where keystores are located", Value: &c.cliConfig.KeyStoreDir, }) + f.Uint64Flag(&flagset.Uint64Flag{ + Name: "rpc.batchlimit", + Usage: "Maximum number of messages in a batch (default=100, use 0 for no limits)", + Value: &c.cliConfig.RPCBatchLimit, + Default: c.cliConfig.RPCBatchLimit, + }) + f.Uint64Flag(&flagset.Uint64Flag{ + Name: "rpc.returndatalimit", + Usage: "Maximum size (in bytes) a result of an rpc request could have (default=100000, use 0 for no limits)", + Value: &c.cliConfig.RPCReturnDataLimit, + Default: c.cliConfig.RPCReturnDataLimit, + }) f.StringFlag(&flagset.StringFlag{ Name: "config", Usage: "File for the config file", diff --git a/internal/ethapi/api.go b/internal/ethapi/api.go index 2fd148c7c6..372d630c07 100644 --- a/internal/ethapi/api.go +++ b/internal/ethapi/api.go @@ -1078,6 +1078,11 @@ func (s *PublicBlockChainAPI) Call(ctx context.Context, args TransactionArgs, bl if err != nil { return nil, err } + + if int(s.b.RPCRpcReturnDataLimit()) > 0 && len(result.ReturnData) > int(s.b.RPCRpcReturnDataLimit()) { + return nil, fmt.Errorf("call returned result of length %d exceeding limit %d", len(result.ReturnData), int(s.b.RPCRpcReturnDataLimit())) + } + // If the result contains a revert reason, try to unpack and return it. if len(result.Revert()) > 0 { return nil, newRevertError(result) diff --git a/internal/ethapi/backend.go b/internal/ethapi/backend.go index 1287640b83..14ddbba70e 100644 --- a/internal/ethapi/backend.go +++ b/internal/ethapi/backend.go @@ -48,10 +48,11 @@ type Backend interface { ChainDb() ethdb.Database AccountManager() *accounts.Manager ExtRPCEnabled() bool - RPCGasCap() uint64 // global gas cap for eth_call over rpc: DoS protection - RPCEVMTimeout() time.Duration // global timeout for eth_call over rpc: DoS protection - RPCTxFeeCap() float64 // global tx fee cap for all transaction related APIs - UnprotectedAllowed() bool // allows only for EIP155 transactions. + RPCGasCap() uint64 // global gas cap for eth_call over rpc: DoS protection + RPCRpcReturnDataLimit() uint64 // Maximum size (in bytes) a result of an rpc request could have + RPCEVMTimeout() time.Duration // global timeout for eth_call over rpc: DoS protection + RPCTxFeeCap() float64 // global tx fee cap for all transaction related APIs + UnprotectedAllowed() bool // allows only for EIP155 transactions. // Blockchain API SetHead(number uint64) diff --git a/les/api_backend.go b/les/api_backend.go index c716a3967f..786e77ed46 100644 --- a/les/api_backend.go +++ b/les/api_backend.go @@ -294,6 +294,10 @@ func (b *LesApiBackend) RPCGasCap() uint64 { return b.eth.config.RPCGasCap } +func (b *LesApiBackend) RPCRpcReturnDataLimit() uint64 { + return b.eth.config.RPCReturnDataLimit +} + func (b *LesApiBackend) RPCEVMTimeout() time.Duration { return b.eth.config.RPCEVMTimeout } diff --git a/node/config.go b/node/config.go index 853190c95f..495e4c5fcb 100644 --- a/node/config.go +++ b/node/config.go @@ -204,6 +204,9 @@ type Config struct { // JWTSecret is the hex-encoded jwt secret. JWTSecret string `toml:",omitempty"` + + // Maximum number of messages in a batch + RPCBatchLimit uint64 `toml:",omitempty"` } // IPCEndpoint resolves an IPC endpoint based on a configured value, taking into diff --git a/node/node.go b/node/node.go index e12bcf6675..94fcfb8cbf 100644 --- a/node/node.go +++ b/node/node.go @@ -113,6 +113,9 @@ func New(conf *Config) (*Node, error) { databases: make(map[*closeTrackingDB]struct{}), } + // set RPC batch limit + node.inprocHandler.SetRPCBatchLimit(conf.RPCBatchLimit) + // Register built-in APIs. node.rpcAPIs = append(node.rpcAPIs, node.apis()...) @@ -153,10 +156,10 @@ func New(conf *Config) (*Node, error) { } // Configure RPC servers. - node.http = newHTTPServer(node.log, conf.HTTPTimeouts) - node.httpAuth = newHTTPServer(node.log, conf.HTTPTimeouts) - node.ws = newHTTPServer(node.log, rpc.DefaultHTTPTimeouts) - node.wsAuth = newHTTPServer(node.log, rpc.DefaultHTTPTimeouts) + node.http = newHTTPServer(node.log, conf.HTTPTimeouts, conf.RPCBatchLimit) + node.httpAuth = newHTTPServer(node.log, conf.HTTPTimeouts, conf.RPCBatchLimit) + node.ws = newHTTPServer(node.log, rpc.DefaultHTTPTimeouts, conf.RPCBatchLimit) + node.wsAuth = newHTTPServer(node.log, rpc.DefaultHTTPTimeouts, conf.RPCBatchLimit) node.ipc = newIPCServer(node.log, conf.IPCEndpoint()) return node, nil diff --git a/node/rpcstack.go b/node/rpcstack.go index eabf1dcae7..f2c31ecb08 100644 --- a/node/rpcstack.go +++ b/node/rpcstack.go @@ -81,10 +81,12 @@ type httpServer struct { port int handlerNames map[string]string + + RPCBatchLimit uint64 } -func newHTTPServer(log log.Logger, timeouts rpc.HTTPTimeouts) *httpServer { - h := &httpServer{log: log, timeouts: timeouts, handlerNames: make(map[string]string)} +func newHTTPServer(log log.Logger, timeouts rpc.HTTPTimeouts, rpcBatchLimit uint64) *httpServer { + h := &httpServer{log: log, timeouts: timeouts, handlerNames: make(map[string]string), RPCBatchLimit: rpcBatchLimit} h.httpHandler.Store((*rpcHandler)(nil)) h.wsHandler.Store((*rpcHandler)(nil)) @@ -283,6 +285,7 @@ func (h *httpServer) enableRPC(apis []rpc.API, config httpConfig) error { // Create RPC server and handler. srv := rpc.NewServer() + srv.SetRPCBatchLimit(h.RPCBatchLimit) if err := RegisterApis(apis, config.Modules, srv, false); err != nil { return err } @@ -314,6 +317,7 @@ func (h *httpServer) enableWS(apis []rpc.API, config wsConfig) error { } // Create RPC server and handler. srv := rpc.NewServer() + srv.SetRPCBatchLimit(h.RPCBatchLimit) if err := RegisterApis(apis, config.Modules, srv, false); err != nil { return err } diff --git a/node/rpcstack_test.go b/node/rpcstack_test.go index 60fcab5a90..49db8435ac 100644 --- a/node/rpcstack_test.go +++ b/node/rpcstack_test.go @@ -234,7 +234,7 @@ func Test_checkPath(t *testing.T) { func createAndStartServer(t *testing.T, conf *httpConfig, ws bool, wsConf *wsConfig) *httpServer { t.Helper() - srv := newHTTPServer(testlog.Logger(t, log.LvlDebug), rpc.DefaultHTTPTimeouts) + srv := newHTTPServer(testlog.Logger(t, log.LvlDebug), rpc.DefaultHTTPTimeouts, 100) assert.NoError(t, srv.enableRPC(nil, *conf)) if ws { assert.NoError(t, srv.enableWS(nil, *wsConf)) diff --git a/packaging/templates/mainnet-v1/archive/config.toml b/packaging/templates/mainnet-v1/archive/config.toml index 9eaafd3bee..8e98736196 100644 --- a/packaging/templates/mainnet-v1/archive/config.toml +++ b/packaging/templates/mainnet-v1/archive/config.toml @@ -4,6 +4,8 @@ chain = "mainnet" datadir = "/var/lib/bor/data" # ancient = "" # keystore = "" +# "rpc.batchlimit" = 100 +# "rpc.returndatalimit" = 100000 syncmode = "full" gcmode = "archive" # snapshot = true diff --git a/packaging/templates/mainnet-v1/sentry/sentry/bor/config.toml b/packaging/templates/mainnet-v1/sentry/sentry/bor/config.toml index 94dd6634f0..853b2ed313 100644 --- a/packaging/templates/mainnet-v1/sentry/sentry/bor/config.toml +++ b/packaging/templates/mainnet-v1/sentry/sentry/bor/config.toml @@ -4,6 +4,8 @@ chain = "mainnet" datadir = "/var/lib/bor/data" # ancient = "" # keystore = "" +# "rpc.batchlimit" = 100 +# "rpc.returndatalimit" = 100000 syncmode = "full" # gcmode = "full" # snapshot = true diff --git a/packaging/templates/mainnet-v1/sentry/validator/bor/config.toml b/packaging/templates/mainnet-v1/sentry/validator/bor/config.toml index 9c55683c96..284445113c 100644 --- a/packaging/templates/mainnet-v1/sentry/validator/bor/config.toml +++ b/packaging/templates/mainnet-v1/sentry/validator/bor/config.toml @@ -6,6 +6,8 @@ chain = "mainnet" datadir = "/var/lib/bor/data" # ancient = "" # keystore = "$BOR_DIR/keystore" +# "rpc.batchlimit" = 100 +# "rpc.returndatalimit" = 100000 syncmode = "full" # gcmode = "full" # snapshot = true diff --git a/packaging/templates/mainnet-v1/without-sentry/bor/config.toml b/packaging/templates/mainnet-v1/without-sentry/bor/config.toml index 573f1f3be8..22361b64bc 100644 --- a/packaging/templates/mainnet-v1/without-sentry/bor/config.toml +++ b/packaging/templates/mainnet-v1/without-sentry/bor/config.toml @@ -6,6 +6,8 @@ chain = "mainnet" datadir = "/var/lib/bor/data" # ancient = "" # keystore = "$BOR_DIR/keystore" +# "rpc.batchlimit" = 100 +# "rpc.returndatalimit" = 100000 syncmode = "full" # gcmode = "full" # snapshot = true diff --git a/packaging/templates/testnet-v4/archive/config.toml b/packaging/templates/testnet-v4/archive/config.toml index 1762fdf117..992aff0c68 100644 --- a/packaging/templates/testnet-v4/archive/config.toml +++ b/packaging/templates/testnet-v4/archive/config.toml @@ -4,6 +4,8 @@ chain = "mumbai" datadir = "/var/lib/bor/data" # ancient = "" # keystore = "" +# "rpc.batchlimit" = 100 +# "rpc.returndatalimit" = 100000 syncmode = "full" gcmode = "archive" # snapshot = true diff --git a/packaging/templates/testnet-v4/sentry/sentry/bor/config.toml b/packaging/templates/testnet-v4/sentry/sentry/bor/config.toml index ae191cec2c..1a335a42a3 100644 --- a/packaging/templates/testnet-v4/sentry/sentry/bor/config.toml +++ b/packaging/templates/testnet-v4/sentry/sentry/bor/config.toml @@ -4,6 +4,8 @@ chain = "mumbai" datadir = "/var/lib/bor/data" # ancient = "" # keystore = "" +# "rpc.batchlimit" = 100 +# "rpc.returndatalimit" = 100000 syncmode = "full" # gcmode = "full" # snapshot = true diff --git a/packaging/templates/testnet-v4/sentry/validator/bor/config.toml b/packaging/templates/testnet-v4/sentry/validator/bor/config.toml index b441cc137d..798375364e 100644 --- a/packaging/templates/testnet-v4/sentry/validator/bor/config.toml +++ b/packaging/templates/testnet-v4/sentry/validator/bor/config.toml @@ -6,6 +6,8 @@ chain = "mumbai" datadir = "/var/lib/bor/data" # ancient = "" # keystore = "$BOR_DIR/keystore" +# "rpc.batchlimit" = 100 +# "rpc.returndatalimit" = 100000 syncmode = "full" # gcmode = "full" # snapshot = true diff --git a/packaging/templates/testnet-v4/without-sentry/bor/config.toml b/packaging/templates/testnet-v4/without-sentry/bor/config.toml index 05a254e184..47a3053b58 100644 --- a/packaging/templates/testnet-v4/without-sentry/bor/config.toml +++ b/packaging/templates/testnet-v4/without-sentry/bor/config.toml @@ -6,6 +6,8 @@ chain = "mumbai" datadir = "/var/lib/bor/data" # ancient = "" # keystore = "$BOR_DIR/keystore" +# "rpc.batchlimit" = 100 +# "rpc.returndatalimit" = 100000 syncmode = "full" # gcmode = "full" # snapshot = true diff --git a/rpc/server.go b/rpc/server.go index babc5688e2..96c3861d66 100644 --- a/rpc/server.go +++ b/rpc/server.go @@ -18,6 +18,7 @@ package rpc import ( "context" + "fmt" "io" "sync/atomic" @@ -47,6 +48,8 @@ type Server struct { idgen func() ID run int32 codecs mapset.Set + + BatchLimit uint64 } // NewServer creates a new server instance with no registered handlers. @@ -59,6 +62,10 @@ func NewServer() *Server { return server } +func (s *Server) SetRPCBatchLimit(batchLimit uint64) { + s.BatchLimit = batchLimit +} + // RegisterName creates a service for the given receiver type under the given name. When no // methods on the given receiver match the criteria to be either a RPC method or a // subscription an error is returned. Otherwise a new service is created and added to the @@ -105,12 +112,23 @@ func (s *Server) serveSingleRequest(ctx context.Context, codec ServerCodec) { reqs, batch, err := codec.readBatch() if err != nil { if err != io.EOF { - codec.writeJSON(ctx, errorMessage(&invalidMessageError{"parse error"})) + if err1 := codec.writeJSON(ctx, err); err1 != nil { + log.Warn("WARNING - error in reading batch", "err", err1) + return + } } return } + if batch { - h.handleBatch(reqs) + if s.BatchLimit > 0 && len(reqs) > int(s.BatchLimit) { + if err1 := codec.writeJSON(ctx, errorMessage(fmt.Errorf("batch limit %d exceeded: %d requests given", s.BatchLimit, len(reqs)))); err1 != nil { + log.Warn("WARNING - requests given exceeds the batch limit", "err", err1) + log.Debug("batch limit %d exceeded: %d requests given", s.BatchLimit, len(reqs)) + } + } else { + h.handleBatch(reqs) + } } else { h.handleMsg(reqs[0]) }