-
Notifications
You must be signed in to change notification settings - Fork 605
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement rate limits for network messages #11617
Comments
Draft document with tentative rate limits. |
Snippet of configuration showing how default rate limits can be customized:
|
github-merge-queue bot
pushed a commit
that referenced
this issue
Jun 27, 2024
Implementation for rate limits of incoming network messages. Original issue: #11617. Also supersedes #11618. **Note:** rate limits are implemented but not defined with this PR; in practice, nothing should change for a node. ## PR summary This PR adds: - A module to arbitrate rate limits using a token bucket algorithm (see `token_bucket.rs`) - Convenience class to handle all rate limits of a network connection (see `messages_limits.rs`) - Changes to `peer_actor.rs` to implement the rate limits on received messages - Changes to the network configuration - A new metric to count messages dropped due to rate limits - Unit tests ## Leftovers - ~Make rate limits configurable, likely through config files with overrides~ _done_ - ~Use more accurate token allocation for some network messages, in particular the ones containing a dynamic number of elements. For reference: [analysis](https://docs.google.com/document/d/1Uo4211zkjgU7lHEnrEBBqD997Tn19eIh67P6Czl4JUg/edit#heading=h.711dlbykkndl)~ _to be done in a another PR_
Test is in progress with two custom made nodes deployed on mainnet. Dashboard link. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Issue to track the implementation of rate limits for network messages received by nodes.
Motivation
Prevent abuse and attacks carried by malicious actors. Technically, as of today, a bad actor could attempt to establish a connection to a node as a peer and proceed with sending a huge number of network messages; some of those messages might cause the node to be overwhelmed by intensive computations.
Tasks
The text was updated successfully, but these errors were encountered: