fix(evmrpc): limit listener max open connections, configurable via max_open_connections (PLT-704)#3637
Conversation
amir-deris
changed the title
PR SummaryMedium Risk Overview Operators set
Reviewed by Cursor Bugbot for commit 34bc736. Bugbot is set up for automated code reviews on this repo. Configure here. |
|
The latest Buf updates on your PR. Results from workflow Buf / buf (pull_request).
|
…connection-config
Codecov Report❌ Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #3637 +/- ##
==========================================
- Coverage 59.17% 58.15% -1.03%
==========================================
Files 2262 2176 -86
Lines 187055 176885 -10170
==========================================
- Hits 110690 102859 -7831
+ Misses 66427 64931 -1496
+ Partials 9938 9095 -843
Flags with carried forward coverage won't be shown. Click here to find out more.
🚀 New features to boost your workflow:
|
…connection-config
![seidroid[bot]](https://avatars.githubusercontent.com/in/2745135?s=60&v=4){kind=small}
There was a problem hiding this comment.
A small, well-tested change that wraps the EVM HTTP/WS listeners with netutil.LimitListener, configurable via evm.max_open_connections. No blocking issues; a couple of minor robustness and formatting nits worth addressing.
Findings: 0 blocking | 4 non-blocking | 2 posted inline
Blockers
- None at the file/PR level.
Non-blocking
- cursor-review.md was empty — the Cursor second-opinion pass produced no output. REVIEW_GUIDELINES.md was also empty, so no repo-specific standards were applied.
- Per-listener budgeting means the documented default of 2000 actually permits up to ~4000 simultaneous connections across the HTTP (:8545) and WS (:8546) listeners combined. This is intended per the PR description, but operators may read
max_open_connections = 2000as a node-wide cap; consider clarifying the per-listener semantics in the app.toml comment as well (the struct doc comment already explains it, but the template comment does not). - 2 suggestion(s)/nit(s) flagged inline on specific lines.
| } | ||
| } | ||
| if v := opts.Get(flagMaxOpenConnections); v != nil { | ||
| if cfg.MaxOpenConnections, err = cast.ToIntE(v); err != nil { |
There was a problem hiding this comment.
[suggestion] A negative value (e.g. an operator typo like -1) is accepted here and then silently disables the cap, because Start() only applies LimitListener when maxOpenConns > 0. The public config text states only 0 disables the limit, so this is surprising. Consider rejecting negatives (return an error) or normalizing them to 0 explicitly so the documented contract holds. (Also raised by Codex.)
| // batched JSON-RPC call (HTTP and WebSocket). Set to 0 to disable the limit. | ||
| BatchResponseMaxSize int `mapstructure:"batch_response_max_size"` | ||
|
|
||
|
|
There was a problem hiding this comment.
[nit] Stray double blank line — there are two consecutive blank lines (180 and 181) before the MaxOpenConnections comment. gofmt collapses consecutive blank lines to one, so this is not gofmt-clean; running gofmt -s -w will remove the extra line.
…connection-config
There was a problem hiding this comment.
A small, well-scoped change that bounds simultaneously-accepted connections on the EVM HTTP/WS listeners via netutil.LimitListener, configurable through max_open_connections with a sane default and a passing test. The only issue is a gofmt violation (double blank line) that will fail the lint CI gate.
Findings: 1 blocking | 2 non-blocking | 1 posted inline
Blockers
- None at the file/PR level.
- 1 blocking issue(s) flagged inline on specific lines.
Non-blocking
- Cursor's second-opinion review file (cursor-review.md) was empty — no output was produced by that pass.
- HTTPServer.SetMaxOpenConns writes h.maxOpenConns under h.mu, but Start() reads it without holding the lock. This is safe in current call order (set is always invoked before Start in NewEVMHTTPServer/NewEVMWebSocketServer), but a brief comment or reading under the lock would make the invariant explicit.
| // batched JSON-RPC call (HTTP and WebSocket). Set to 0 to disable the limit. | ||
| BatchResponseMaxSize int `mapstructure:"batch_response_max_size"` | ||
|
|
||
|
|
There was a problem hiding this comment.
[blocker] This introduces a double blank line before the MaxOpenConnections comment, so the file is not gofmt-clean — gofmt -s collapses consecutive blank lines, and the golangci/CI gate will fail. Remove one of the blank lines (run gofmt -s -w evmrpc/config/config.go).
3 participants
Describe your changes and provide context
Bounds the number of simultaneously accepted connections on the EVM JSON-RPC HTTP (
:8545) and WebSocket (:8546) listeners to protect nodes from connection exhaustion (fd/goroutine pressure) under load or abuse.net.ListeninStart()withnetutil.LimitListener(l, maxOpenConns). Excess connections wait in the accept queue until an active connection closes.max_open_connectionsas an operator config field inevmrpc/config(evm.max_open_connectionsinapp.toml), wired throughReadConfigand the config template.HTTPServer.SetMaxOpenConns, set from config in bothNewEVMHTTPServerandNewEVMWebSocketServerbefore the listener starts.2000. Set to0to disable the limit (unbounded, prior behavior). The wrap is guarded onmaxOpenConns > 0, sincenetutil.LimitListenerwould otherwise block all connections at0.Testing performed to validate your change
TestMaxOpenConns(evmrpc): with a cap of 1, verifies a second connection is not served while the first holds the only slot, and is served once the first closes.evmrpc/configtests for the new field;go test ./evmrpc/... ./evmrpc/config/...passes.go build ./evmrpc/...andgofmt -sclean.