Merged
Conversation
3f65600 to
0a8f47b
Compare
Codecov Report
@@ Coverage Diff @@
## develop #1781 +/- ##
===========================================
+ Coverage 62.37% 62.64% +0.27%
===========================================
Files 140 140
Lines 11887 11910 +23
===========================================
+ Hits 7414 7461 +47
+ Misses 3785 3757 -28
- Partials 688 692 +4
|
Contributor
Author
|
Just crashed Tendermint by attacking gRPC server (even though it's not running by default, it's good to test and fix this). |
0549f37 to
4913bbe
Compare
Closed
Refs #1740 also, expose limit option for number concurrent streams for gRPC (unlimited by default)
4913bbe to
936a655
Compare
melekes
commented
Jun 22, 2018
config/config.go
Outdated
|
|
||
| Unsafe: false, | ||
| // should be < ({ulimit -Sn} - {MaxNumPeers} - {N of wal, db and other open files}) / 2 | ||
| // divided by 2 because 1 fd for ipv4, 1 fd - ipv6 |
Contributor
Author
There was a problem hiding this comment.
anybody knows why websocket connection results in 2 fd: ipv4 and ipv6?
grpc open only 1 ipv6 connection
Contributor
Author
There was a problem hiding this comment.
can't replicate it anymore... hm
Contributor
Author
|
xla
reviewed
Jun 22, 2018
| - [main] added metrics (served under `/metrics` using a Prometheus client; | ||
| disabled by default). See the new `instrumentation` section in the config and | ||
| [metrics](https://tendermint.readthedocs.io/projects/tools/en/v0.21.0/metrics.html) | ||
| guide. |
Contributor
There was a problem hiding this comment.
This is part of an older PR, right? Did you rebase recently?
Contributor
Author
There was a problem hiding this comment.
Right. For some reason, Bucky did not include it in the 0.21.0 section. But this feature was released in 0.21.0
rpc/lib/server/http_server.go
Outdated
|
|
||
| // StartHTTPServer starts an HTTP server on listenAddr with the given handler. | ||
| // It wraps handler with RecoverAndLogHandler. | ||
| func StartHTTPServer(listenAddr string, handler http.Handler, logger log.Logger, config Config) (listener net.Listener, err error) { |
Contributor
There was a problem hiding this comment.
This line is quite long, maybe we break it apart
rpc/lib/server/http_server.go
Outdated
| // StartHTTPAndTLSServer starts an HTTPS server on listenAddr with the given | ||
| // handler. | ||
| // It wraps handler with RecoverAndLogHandler. | ||
| func StartHTTPAndTLSServer(listenAddr string, handler http.Handler, certFile, keyFile string, logger log.Logger, config Config) (listener net.Listener, err error) { |
Contributor
There was a problem hiding this comment.
Another one of those long lines.
| return nil, errors.Errorf("Failed to listen on %v: %v", listenAddr, err) | ||
| } | ||
| if config.MaxOpenConnections > 0 { | ||
| listener = netutil.LimitListener(listener, config.MaxOpenConnections) |
Contributor
There was a problem hiding this comment.
Beautiful! What is the behaviour of LimitListener, will it just block on the socket until a connection gets freed up? Is there an attack vector for resource exhaustion other than ports/fds when we use this?
Contributor
Author
There was a problem hiding this comment.
will it just block on the socket until a connection gets freed up
yes
Is there an attack vector for resource exhaustion other than ports/fds when we use this?
there is still no rate limiting. so one client can occupy all available slots
xla
approved these changes
Jun 22, 2018
Contributor
xla
left a comment
There was a problem hiding this comment.
👍 
🍡
Really like the solution, we should wrap all our listeners with this.
firelizzard18
pushed a commit
to AccumulateNetwork/tendermint
that referenced
this pull request
Feb 1, 2024
* docs: remove "Run" section from install The "Quick Start" guide does a much better job explaining what is happening, and readers should follow that guide instead. * docs: move "CometBFT Quality Assurance" down No reason to have “CometBFT Quality Assurance” as a second item. The target audience for that document is probably security researchers - not the primary audience. * docs: remove cmdKVStore func in favor of link I can’t see a single reason why users need to see the source code of that function in order to progress with the abci-cli tool. Also the link should point to kvstore app, not abci-cli tool! * docs: swap abci-cli and getting-started items https://docs.cometbft.com/v0.38/app-dev/getting-started#first-cometbft-app should go before https://docs.cometbft.com/v0.38/app-dev/abci-cli because the latter is used to test ABCI applications. And by this point, the reader doesn’t have an app to test. * docs: remove "Committing a Block" from validators page not clear what’s the reason of explaining consensus details in the validators section. If a validator wants to get familiar with consensus, shouldn’t it go to consensus spec / page? * docs: make it clear who curates the validator set “Validators are expected to be online, and the set of validators is permissioned/curated by some external process.” This sentence is confusing to me. The set is curated by the ABCI application. * docs: replace EndBlock with FinalizeBlock * docs: add Bash script to compile persistent peers string Getting an ID from every machine is tedious and can be streamlined with a script, which, given IPs, collects IDs and outputs the command to run CometBFT.
iKapitonau
pushed a commit
to scrtlabs/tendermint
that referenced
this pull request
Jul 10, 2024
…t#1803) * chore(docs): small improvements (tendermint#1781) * docs: remove "Run" section from install The "Quick Start" guide does a much better job explaining what is happening, and readers should follow that guide instead. * docs: move "CometBFT Quality Assurance" down No reason to have “CometBFT Quality Assurance” as a second item. The target audience for that document is probably security researchers - not the primary audience. * docs: remove cmdKVStore func in favor of link I can’t see a single reason why users need to see the source code of that function in order to progress with the abci-cli tool. Also the link should point to kvstore app, not abci-cli tool! * docs: swap abci-cli and getting-started items https://docs.cometbft.com/v0.38/app-dev/getting-started#first-cometbft-app should go before https://docs.cometbft.com/v0.38/app-dev/abci-cli because the latter is used to test ABCI applications. And by this point, the reader doesn’t have an app to test. * docs: remove "Committing a Block" from validators page not clear what’s the reason of explaining consensus details in the validators section. If a validator wants to get familiar with consensus, shouldn’t it go to consensus spec / page? * docs: make it clear who curates the validator set “Validators are expected to be online, and the set of validators is permissioned/curated by some external process.” This sentence is confusing to me. The set is curated by the ABCI application. * docs: replace EndBlock with FinalizeBlock * docs: add Bash script to compile persistent peers string Getting an ID from every machine is tedious and can be streamlined with a script, which, given IPs, collects IDs and outputs the command to run CometBFT. (cherry picked from commit 9020ce2) # Conflicts: # docs/app-dev/abci-cli.md # docs/core/validators.md # docs/data-companion/README.md * fix conflicts * correct number for qa item --------- Co-authored-by: Anton Kaliaev <anton.kalyaev@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Refs #1740
also, expose limit option for number concurrent streams for gRPC
(unlimited by default)
add metrics:will be done in a separate PRrpc.ws_connections