Rate limits for `ping` RPC #22411

Issue

What are the rate limits for ping RPC which was added in #2937?

If no rate limits, do we need them?

What behavior did you expect?

I was expecting some errors in bitcoind or maybe peers ban my node based on the rate limits mentioned in https://bitcointalk.org/index.php?topic=279652.msg3002232#msg3002232

I added a ratelimit to RPC-requested ping, so that it will limit to 1/second per peer. The regular automated keepalive ping is immune to this.

But this comment says there is no rate limit:

Got rid of the idea of rate-limiting user-requested RPC pings, that simplifies a chunk of code.

#2937 (comment)

What was the actual behavior ?

No errors. Peers did not ban my node. I was sending 50-100 ping per second

How reliably can you reproduce the issue, what are the steps to do so?

Its easy to reproduce. Everyone can use different ways to send ping. I used the below steps:

1. Run bitcoind with bitcoin.conf:

   testnet=1
   server=1
   
   test.rpcport=18444
   rpcuser=user3
   rpcpassword=password3
   

2. Use intruder in Burp Suite to brute force and send ping RPC with different id in each request.

   Request:

   POST / HTTP/1.1
   Host: 127.0.01:18444
   Authorization: Basic dXNlcjM6cGFzc3dvcmQz
   Content-Type: text/plain
   Content-Length: 68
   
   {"jsonrpc": "1.0", "id": "$curltest$", "method": "ping", "params": []}
   

3. Check peers with -netinfo and getpeerinfo. Keep an eye on bitcoind for errors.

$ bitcoin-cli -netinfo
Bitcoin Core v21.99.0-bb4790816d84 testnet - 70016/Satoshi:21.99.0/

        ipv4    ipv6   onion   total   block
in         0       0       1       1
out        6       0       4      10       2
total      6       0       5      11

Local addresses
eadtub66sw6z4rtzf753aplvy7psthggirtgowr3rsnebbpsws2vyxyd.onion     port  18333    score      4

getpeerinfo : https://pastebin.com/vKi5sfK2

Requests sent at 06 Jul 2021 17:28:01 GMT (72111 - 72028 = 83)

<details><summary>First</summary>

</details>

<details><summary>Last</summary>

</details>

Bitcoin Core version

Bitcoin Core v21.99.0-bb4790816d84 (Had compiled yesterday for testing PR 17355)

What type of machine are you observing the error on (OS/CPU and disk type)?

Linux (Pop!_OS) as VM

Related question: https://bitcoin.stackexchange.com/questions/107431/what-is-ping-rpc-used-for

What are the rate limits for ping RPC which was added in #2937?

None, apart from your local rpc work queue limits.

If no rate limits, do we need them?

I'd say no, unless there is a reason to limit?

To clarify my answer a bit:

• The RPC interface is a private trusted interface, so the caller is assumed to behave honestly. If that assumption fails, rate limiting a single RPC isn't going to provide any meaningful benefit.
• The P2P "interface" is public and untrusted. Thus, any rate limit can simply be patched out by the bad actor. Any rate limiting would need to be applied at the receiver side. However, as no other message types (even unknown message types, such as pyng) are rate limited, rate limiting a single P2P message type isn't going to provide any meaningful benefit either.