mirrors/monero
1
0
Fork 0
mirror of https://github.com/monero-project/monero.git synced 2026-01-22 20:34:23 +01:00
Code Issues Projects Releases Wiki Activity

Set response limits on http server connections

Browse Source
This commit is contained in:
Lee *!* Clagett
2025-01-21 09:56:52 -05:00
parent 915c5dc1d9
commit ec74ff4a3d
13 changed files with 423 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

47
src/rpc/core_rpc_server.cpp
View File

@@ -163,6 +163,10 @@ namespace cryptonote
command_line::add_arg(desc, arg_rpc_payment_difficulty);
command_line::add_arg(desc, arg_rpc_payment_credits);
command_line::add_arg(desc, arg_rpc_payment_allow_free_loopback);
command_line::add_arg(desc, arg_rpc_max_connections_per_public_ip);
command_line::add_arg(desc, arg_rpc_max_connections_per_private_ip);
command_line::add_arg(desc, arg_rpc_max_connections);
command_line::add_arg(desc, arg_rpc_response_soft_limit);
}
//------------------------------------------------------------------------------------------------------------------------------
core_rpc_server::core_rpc_server(
@@ -396,11 +400,28 @@ namespace cryptonote
}
} // if (store_ssl_key)
const auto max_connections_public = command_line::get_arg(vm, arg_rpc_max_connections_per_public_ip);
const auto max_connections_private = command_line::get_arg(vm, arg_rpc_max_connections_per_private_ip);
const auto max_connections = command_line::get_arg(vm, arg_rpc_max_connections);
if (max_connections < max_connections_public)
{
MFATAL(arg_rpc_max_connections_per_public_ip.name << " is bigger than " << arg_rpc_max_connections.name);
return false;
}
if (max_connections < max_connections_private)
{
MFATAL(arg_rpc_max_connections_per_private_ip.name << " is bigger than " << arg_rpc_max_connections.name);
return false;
}
auto rng = [](size_t len, uint8_t *ptr){ return crypto::rand(len, ptr); };
const bool inited = epee::http_server_impl_base<core_rpc_server, connection_context>::init(
rng, std::move(port), std::move(bind_ip_str),
std::move(bind_ipv6_str), std::move(rpc_config->use_ipv6), std::move(rpc_config->require_ipv4),
std::move(rpc_config->access_control_origins), std::move(http_login), std::move(rpc_config->ssl_options)
std::move(rpc_config->access_control_origins), std::move(http_login), std::move(rpc_config->ssl_options),
max_connections_public, max_connections_private, max_connections,
command_line::get_arg(vm, arg_rpc_response_soft_limit)
);
m_net_server.get_config_object().m_max_content_length = MAX_RPC_CONTENT_LENGTH;
@@ -3885,4 +3906,28 @@ namespace cryptonote
, "Allow free access from the loopback address (ie, the local host)"
, false
};
const command_line::arg_descriptor<std::size_t> core_rpc_server::arg_rpc_max_connections_per_public_ip = {
"rpc-max-connections-per-public-ip"
, "Max RPC connections per public IP permitted"
, DEFAULT_RPC_MAX_CONNECTIONS_PER_PUBLIC_IP
};
const command_line::arg_descriptor<std::size_t> core_rpc_server::arg_rpc_max_connections_per_private_ip = {
"rpc-max-connections-per-private-ip"
, "Max RPC connections per private and localhost IP permitted"
, DEFAULT_RPC_MAX_CONNECTIONS_PER_PRIVATE_IP
};
const command_line::arg_descriptor<std::size_t> core_rpc_server::arg_rpc_max_connections = {
"rpc-max-connections"
, "Max RPC connections permitted"
, DEFAULT_RPC_MAX_CONNECTIONS
};
const command_line::arg_descriptor<std::size_t> core_rpc_server::arg_rpc_response_soft_limit = {
"rpc-response-soft-limit"
, "Max response bytes that can be queued, enforced at next response attempt"
, DEFAULT_RPC_SOFT_LIMIT_SIZE
};
} // namespace cryptonote