-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added WithConnLimiter option for resource manager #2872
Conversation
You probably want some sort of bound here. Otherwise you make sybil like attacks much much easier. The conn limiter isn't perfect but it does up the ante by requiring some set of different IP addresses. I don't mean to tell you how to design your system, but you likely do want some sort of protection around this in production. Feel free to email me directly and we can chat more.
This is wrong. You can use the existing options and not consume any extra memory. Here's an example that basically turns off the conn limiter: https://gist.github.com/MarcoPolo/1b0fd80c25695ddf6cf7e6601fef855c. But, again, you probably don't want that in a production environment. The options aren't that complicated. You have two knobs (each for ipv4 and ipv6):
By setting the general subnet limit to a prefix length of 0 (every ip address will fall into this subnet), and max count you then store only a single prefix and int. Closing this PR as you don't need it. If you'd like to open another PR with just the naming changes, I'm happy to review and merge. |
Hey @MarcoPolo, thanks for the explanations. How can we be sure that more than 8 hosts on the same machine will be able to connect to the network if some of our validators decide to run them? Secondly, are those limits documented somewhere? |
They are documented in the Go Doc comments: WithLimitPerSubnet and WithNetworkPrefixLimit. They were called out on the release notes for v0.34 and v0.35 as well.
Are you protecting yourself at lower levels as well? The resource manager tries to protect memory as soon as possible. Without doing something at the beginning you open yourself up to certain attacks. Maybe you're using the connection gater?
What logic do you require that you need a configurable conn limiter? If you're just disabling it to get the old behavior you can do that with the gist I shared.
You can use the WithLimitPerSubnet(
[]ConnLimitPerSubnet{{PrefixLength: 32, ConnCount: 32}}, // IPv4. Every ip4 address gets 32 concurrent connections.
[]ConnLimitPerSubnet{ // IPv6
{
ConnCount: 32,
PrefixLength: 56,
},
{
ConnCount: 8 * 32,
PrefixLength: 48,
},
}) |
Considering the case where multiple hosts are running on the same ip, it would be very hard to decide what would be the proper limit in terms of using one. Although the default options, with ConnCount set to math.MaxInt would be fix this problem, the internal array of maps would still consume a lot of memory.
WithConnLimiter option would be a great option in order to allow clients their own custom implementation of the connLimiter. In our case, simply use an empty limiter would be the best option for the moment.
Also added a tiny change request on the readme, in order to completely align with our new naming.