From e0b3c5cba09104806d51bc58b538ab632fcf621d Mon Sep 17 00:00:00 2001
From: Robert Klotzner <eskimor@users.noreply.github.com>
Date: Wed, 4 Aug 2021 17:00:56 +0200
Subject: [PATCH] Better size limits. (#3572)
* Better size limits.
* Remove reference to private repo.
* Update node/network/protocol/src/request_response/mod.rs
Fix statement response size.
Co-authored-by: Andronik Ordian <write@reusable.software>
Co-authored-by: Andronik Ordian <write@reusable.software>
---
.../protocol/src/request_response/mod.rs | 24 ++++++++++++++-----
1 file changed, 18 insertions(+), 6 deletions(-)
diff --git a/polkadot/node/network/protocol/src/request_response/mod.rs b/polkadot/node/network/protocol/src/request_response/mod.rs
index 6ee276ecd73..e2b2464f5d5 100644
--- a/polkadot/node/network/protocol/src/request_response/mod.rs
+++ b/polkadot/node/network/protocol/src/request_response/mod.rs
@@ -102,6 +102,19 @@ const STATEMENTS_TIMEOUT: Duration = Duration::from_secs(1);
/// to have 3 slow nodes connected, to delay transfer for others by `STATEMENTS_TIMEOUT`.
pub const MAX_PARALLEL_STATEMENT_REQUESTS: u32 = 3;
+/// Response size limit for responses of POV like data.
+///
+/// This is larger than `MAX_POV_SIZE` to account for protocol overhead and for additional data in
+/// `CollationFetching` or `AvailableDataFetching` for example. We try to err on larger limits here
+/// as a too large limit only allows an attacker to waste our bandwidth some more, a too low limit
+/// might have more severe effects.
+const POV_RESPONSE_SIZE: u64 = MAX_POV_SIZE as u64 + 10_000;
+
+/// Maximum response sizes for `StatementFetching`.
+///
+/// This is `MAX_CODE_SIZE` plus some additional space for protocol overhead.
+const STATEMENT_RESPONSE_SIZE: u64 = MAX_CODE_SIZE as u64 + 10_000;
+
impl Protocol {
/// Get a configuration for a given Request response protocol.
///
@@ -114,7 +127,7 @@ impl Protocol {
Protocol::ChunkFetching => RequestResponseConfig {
name: p_name,
max_request_size: 1_000,
- max_response_size: MAX_POV_SIZE as u64 / 10,
+ max_response_size: POV_RESPONSE_SIZE as u64 / 10,
// We are connected to all validators:
request_timeout: DEFAULT_REQUEST_TIMEOUT_CONNECTED,
inbound_queue: Some(tx),
@@ -122,7 +135,7 @@ impl Protocol {
Protocol::CollationFetching => RequestResponseConfig {
name: p_name,
max_request_size: 1_000,
- max_response_size: MAX_POV_SIZE as u64 + 1000,
+ max_response_size: POV_RESPONSE_SIZE,
// Taken from initial implementation in collator protocol:
request_timeout: POV_REQUEST_TIMEOUT_CONNECTED,
inbound_queue: Some(tx),
@@ -130,7 +143,7 @@ impl Protocol {
Protocol::PoVFetching => RequestResponseConfig {
name: p_name,
max_request_size: 1_000,
- max_response_size: MAX_POV_SIZE as u64,
+ max_response_size: POV_RESPONSE_SIZE,
request_timeout: POV_REQUEST_TIMEOUT_CONNECTED,
inbound_queue: Some(tx),
},
@@ -138,7 +151,7 @@ impl Protocol {
name: p_name,
max_request_size: 1_000,
// Available data size is dominated by the PoV size.
- max_response_size: MAX_POV_SIZE as u64 + 1000,
+ max_response_size: POV_RESPONSE_SIZE,
request_timeout: POV_REQUEST_TIMEOUT_CONNECTED,
inbound_queue: Some(tx),
},
@@ -146,8 +159,7 @@ impl Protocol {
name: p_name,
max_request_size: 1_000,
// Available data size is dominated code size.
- // + 1000 to account for protocol overhead (should be way less).
- max_response_size: MAX_CODE_SIZE as u64 + 1000,
+ max_response_size: STATEMENT_RESPONSE_SIZE,
// We need statement fetching to be fast and will try our best at the responding
// side to answer requests within that timeout, assuming a bandwidth of 500Mbit/s
// - which is the recommended minimum bandwidth for nodes on Kusama as of April
--
GitLab