Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Default MaxHeaderSize to 4kb #206

Merged
merged 2 commits into from
Jul 13, 2022
Merged

Default MaxHeaderSize to 4kb #206

merged 2 commits into from
Jul 13, 2022

Conversation

avalonche
Copy link
Collaborator

@avalonche avalonche commented Jul 12, 2022
edited
Loading

📝 Summary

Add flag for boost to configure max header size, defaulting to 4kb.

⛱ Motivation and Context

This is to prevent DoS attacks by preventing attackers sending oversized headers to mev-boost.

📚 References

✅ I have run these commands

  • make lint
  • make test
  • make run-mergemock-integration
  • go mod tidy

@codecov-commenter
Copy link

codecov-commenter commented Jul 12, 2022
edited
Loading

Codecov Report

Merging #206 (ada08fc) into main (f714167) will increase coverage by 0.45%.
The diff coverage is 85.71%.

@@            Coverage Diff             @@
##             main     #206      +/-   ##
==========================================
+ Coverage   71.65%   72.11%   +0.45%     
==========================================
  Files           6        6              
  Lines         621      624       +3     
==========================================
+ Hits          445      450       +5     
+ Misses        149      148       -1     
+ Partials       27       26       -1
Flag Coverage Δ
unittests 72.11% <85.71%> (+0.45%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
cmd/mev-boost/main.go 4.81% <0.00%> (-0.06%) ⬇️
server/service.go 82.50% <100.00%> (+1.11%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f714167...ada08fc. Read the comment docs.

@avalonche avalonche force-pushed the add-header-timeout branch 3 times, most recently from c4a2a96 to 05f6077 Compare July 12, 2022 12:22
@avalonche avalonche changed the title Add header timeout Default MaxHeaderSize to 4kb Jul 12, 2022
@avalonche avalonche force-pushed the add-header-timeout branch 4 times, most recently from 2d8eef9 to 2de9024 Compare July 12, 2022 12:59
@metachris
Copy link
Collaborator

metachris commented Jul 12, 2022
edited
Loading

Please remove the cli flag for it, I'd prefer not accumulating Flags for every setting. If we want to make it configurable then we can start with only an env var, but i don't expect this to change much.

Should be fine to just define a constant for now, maybe with am env var override.

@avalonche avalonche force-pushed the add-header-timeout branch 2 times, most recently from bc92547 to f9e9745 Compare July 13, 2022 08:00
@avalonche avalonche requested a review from metachris July 13, 2022 08:02
@metachris
Copy link
Collaborator

thanks 👍

@metachris metachris merged commit fa8967e into main Jul 13, 2022
@metachris metachris deleted the add-header-timeout branch July 13, 2022 08:41
@metachris metachris mentioned this pull request Jul 14, 2022
Closed
screwyprof pushed a commit to screwyprof/mev-boost that referenced this pull request Feb 3, 2023
@avalonche @screwyprof
Default MaxHeaderSize to 4kb (flashbots#206)
e3de075 
* Set max header byte size

* remove cli flag
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@metachris metachris Awaiting requested review from metachris

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@avalonche @codecov-commenter @metachris