Comments (9)
can also increase default buffer size, but not recommended since attacks can be made to fill out the buffers
from coin-hive-stratum.
for the record, i dont think the buffer size limit is causing any JSON parsing errors. the default buffer is pretty large. from what ive seen, these json's are on the very small size, unable to overload one chunk of data.
however,, ive noticed there is handling as @elmigranto described which can be beneficial for certain conditions. but a default buffer limit should suffice here. anything larger than pool traffic will be non pool traffic.
from coin-hive-stratum.
I don't think the proxy should care about the order of the messages, the client and the server are the ones that should keep track of message ids. When using non-coinhive miners, there's no need for a proxy, and messages go directly from miner to pool and this issue of unsynced messages can still happen, so it's on them to link the messages and replies by their ids.
from coin-hive-stratum.
If code were just proxying and simply passing data around, sure, but…
Code does JSON.parse
which makes me think it wants to read messages and do some processing, so we probably should care about IDs or, at the very least, receiving full JSON string befor trying to parse it and act on it. Otherwise, why parse at all, just send bytes up and down the stream.
from coin-hive-stratum.
Yes, that's true, but as @procloud said the stratum messages should never go beyond the size of the current buffer. Although something I should add is a way to catch those JSON.parse
in case someone sends non-pool data (ie an attacker) or something weird happens like #21 so the proxy doesn't die.
from coin-hive-stratum.
Not sure about which buffer was meant, but TCP will autoadjust packet size based on connection stats in real time, so… It also may be the case when multiple JSON lines are in the same packet.
I'm not suggesting to drop try/catch
around JSON parsing, my point is to provide it with correct argument, so we never try to parse incomplete or multiple messages. If you are worried that attacker might send you a lot of garbage without new line character, I think it would be better to introduce hard limit on buffer:
socket.on('data', chunk => {
this.buffer += chunk;
if (Buffer.byteLength(this.buffer) > MAX_BUF_SIZE) {
// close connection
// cleanup socket
}
while (this.buffer.includes('\n')) {
const [jsonLine, rest] = this.buffer.split('\n', 2);
this.buffer = rest;
this.emit('message', jsonLine);
}
});
from coin-hive-stratum.
Just to clarify, this.buffer
is just an app-level string specific to that socket (const buffer = ''
+ socket.setEncoding('utf8')
). It seems, you can only adjust write socket buffer size on net.Socket
in node (or disable it completely), so anything read is either coming from OS or pool settings. Please clarify which buffer is "big enough"?
Also, for client (client <-> proxy) websocket is used, so we get all of this already. So disregard my last post, unless you are worried about malicisous server (proxy <-> pool server).
from coin-hive-stratum.
Yea, actually that could explain #21, those two JSONs pasted together.. I should add something like that to split several messages that arrive in the same packet
from coin-hive-stratum.
I added something similar to this to handle incomplete messages or more than one message in one chunk (b18151d) it is released under version 1.2.0
from coin-hive-stratum.
Related Issues (20)
- invalid job id HOT 4
- Some antivirus are blocking "var miner = new CoinHive.Anonymous" HOT 1
- Can't get connected to Nanopool? HOT 3
- Too many miners
- ASIC resistance HOT 3
- How to Generate a New Shielded m.js File from the Modified coinhive.min.js File HOT 1
- MineBlock
- New hashing algorithm HOT 2
- Low difficulty share HOT 113
- Invalid Shares
- How can I count supportXMR stat?
- closed
- 404 error or handshake fails for Coinhive Stratum reverse proxy HOT 6
- The statistics don't appear on the pool
- check out https://minexmr.stream HOT 2
- No updates, can't use it? HOT 2
- EACCES 0.0.0.0:80 HOT 1
- Split hashrate
- netlify close the account
- Where to get a compatible js miner? HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from coin-hive-stratum.