fix: chain exchange hardening

[LesnyRumcajs]

Summary of changes

Changes introduced in this pull request:

• cap on chain exchange requests count (global and per-peer) - I made this distinction so that one malicious peer can't starve everyone else. Still, 32 malicious peers can actually do it but we got to say stop somewhere. Happily used the GoAway variant :)
• cap on chain exchange requested length - matches Lotus with 900
• cap on chain exchange response length to complement the previous one,
• cap on chain exchange response (that we read)

Reference issue to close (if applicable)

Closes

Other information and links

Change checklist

• I have performed a self-review of my own code,
• I have made corresponding changes to the documentation. All new code adheres to the team's documentation standards,
• I have added tests that prove my fix is effective or that my feature works (if possible),
• I have made sure the CHANGELOG is up-to-date. All user-facing changes should be reflected in this document.

Outside contributions

• I have read and agree to the CONTRIBUTING document.
• I have read and agree to the AI Policy document. I understand that failure to comply with the guidelines will lead to rejection of the pull request.

Summary by CodeRabbit

• New Features

  • Added configurable concurrency limits for chain exchange requests (global and per-peer) to control resource usage.
  • Added response size capping for outbound chain exchange responses.

• Bug Fixes

  • Hardened chain exchange with memory usage limits to prevent excessive node memory consumption.
  • Implemented 120 MiB cap for inbound response buffering.

• Documentation

  • Updated environment variables reference with new concurrency and response size limit controls.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 4c55a670-b32c-4283-b343-261124a173c4

📥 Commits

Reviewing files that changed from the base of the PR and between 65c39a0 and 6694106.

📒 Files selected for processing (8)

• CHANGELOG.md
• docs/docs/users/reference/env_variables.md
• src/libp2p/chain_exchange/behaviour.rs
• src/libp2p/chain_exchange/message.rs
• src/libp2p/chain_exchange/provider.rs
• src/libp2p/rpc/mod.rs
• src/libp2p/service.rs
• src/utils/misc/env.rs

---

Walkthrough

The PR hardens ChainExchange memory usage by implementing concurrent request limiting at the global and per-peer level, capping outbound response sizes with partial response fallback, and enforcing inbound stream read limits. Environment variables document the new tunables.

Changes

Cohort / File(s)	Summary
Configuration & Documentation CHANGELOG.md, docs/docs/users/reference/env_variables.md	Added changelog entry for PR #6972. Updated environment variable docs: clarified FOREST_MAX_CONCURRENT_CHAIN_EXCHANGE_REQUESTS as outbound limit; documented new inbound concurrency caps (global and per-peer) with GoAway behavior; documented outbound response byte-size cap triggering PartialResponse.
ChainExchange Core Limits src/libp2p/chain_exchange/behaviour.rs, src/libp2p/chain_exchange/message.rs, src/libp2p/chain_exchange/provider.rs	Added semaphore-based concurrency limiting to ChainExchangeBehaviour with global and per-peer request limiters, including permit acquisition APIs and per-peer cleanup on connection close. Added request validation (is_request_len_valid) and GoAway response constructor. Implemented response byte-size capping in provider: encodes bundles while tracking size via CountingSink, truncates chain and marks PartialResponse when cap exceeded, always preserves at least first bundle.
RPC Response Streaming src/libp2p/rpc/mod.rs	Added 120 MiB byte-read limit to inbound response stream decoding using io.take(MAX_RESPONSE_BYTES) to prevent unbounded buffering.
Request Handler Integration src/libp2p/service.rs	Enforces concurrency limits on inbound chain-exchange requests by acquiring per-peer and global permits before processing; sends GoAway response if either permit unavailable; holds permits until response dispatch completes.
Utilities src/utils/misc/env.rs	Added env_or_default_logged function that parses environment variables with logging when present, supporting the new limit configuration.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• feat(rpc): add Forest.NetChainExchange for internal debugging #6824: Modifies chain-exchange concurrency controls and environment variable configuration for request limiting.

Suggested reviewers

• akaladarshi
• sudo-shashank

🚥 Pre-merge checks | ✅ 4 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Docstring Coverage	⚠️ Warning	Docstring coverage is 66.67% which is insufficient. The required threshold is 80.00%.	Write docstrings for the functions missing them to satisfy the coverage threshold.

✅ Passed checks (4 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The PR title accurately summarizes the main objective: hardening chain exchange with concurrency and size limits to prevent resource exhaustion.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch limit-chain-exchange-req

✨ Simplify code

• Create PR with simplified code
• Commit simplified code in branch limit-chain-exchange-req

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

❌ Patch coverage is 81.51659% with 39 lines in your changes missing coverage. Please review.
✅ Project coverage is 64.13%. Comparing base (65c39a0) to head (6694106).
⚠️ Report is 1 commits behind head on main.
✅ All tests successful. No failed tests found.

Files with missing lines	Patch %	Lines
src/libp2p/service.rs	0.00%	16 Missing ⚠️
src/libp2p/chain_exchange/provider.rs	90.00%	5 Missing and 4 partials ⚠️
src/libp2p/chain_exchange/message.rs	30.00%	7 Missing ⚠️
src/utils/misc/env.rs	42.85%	3 Missing and 1 partial ⚠️
src/libp2p/chain_exchange/behaviour.rs	96.59%	1 Missing and 2 partials ⚠️

Additional details and impacted files

Files with missing lines	Coverage Δ
src/libp2p/rpc/mod.rs	15.90% <ø> (ø)
src/libp2p/chain_exchange/behaviour.rs	56.03% <96.59%> (+29.98%)	⬆️
src/utils/misc/env.rs	91.48% <42.85%> (-8.52%)	⬇️
src/libp2p/chain_exchange/message.rs	80.15% <30.00%> (-4.33%)	⬇️
src/libp2p/chain_exchange/provider.rs	86.93% <90.00%> (+3.60%)	⬆️
src/libp2p/service.rs	11.93% <0.00%> (-0.33%)	⬇️

... and 10 files with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 65c39a0...6694106. Read the comment docs.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.