Merge branch 'develop' into pratik/Charge-higher-fees-for-and-reject-heavy-TMGetObjectByHash-queries

include/xrpl/protocol/detail/features.macro

@@ -67,6 +67,7 @@ XRPL_FEATURE(Clawback,                   Supported::yes, VoteBehavior::DefaultNo
 XRPL_FIX    (UniversalNumber,            Supported::yes, VoteBehavior::DefaultNo)
 XRPL_FEATURE(XRPFees,                    Supported::yes, VoteBehavior::DefaultNo)
 XRPL_FIX    (RemoveNFTokenAutoTrustLine, Supported::yes, VoteBehavior::DefaultYes)
+XRPL_FIX    (TMGetObjectByHashLimit,     Supported::yes, VoteBehavior::DefaultYes)
 
 // The following amendments are obsolete, but must remain supported
 // because they could potentially get enabled.

src/xrpld/overlay/detail/PeerImp.cpp

@@ -18,6 +18,7 @@
 #include <xrpl/basics/base64.h>
 #include <xrpl/basics/random.h>
 #include <xrpl/basics/safe_cast.h>
+#include <xrpl/protocol/Feature.h>
 #include <xrpl/protocol/TxFlags.h>
 #include <xrpl/protocol/digest.h>
 
@@ -2589,9 +2590,51 @@ PeerImp::onMessage(std::shared_ptr<protocol::TMGetObjectByHash> const& m)
             reply.set_ledgerhash(packet.ledgerhash());
         }
 
-        fee_.update(
-            Resource::feeModerateBurdenPeer,
-            " received a get object by hash request");
+        // Get validated rules to check if the fix is enabled
+        auto const rules = app_.getLedgerMaster().getValidatedRules();
+
+        // Charge resource fee based on request size when fix is enabled
+        if (rules.enabled(fixTMGetObjectByHashLimit))
+        {
+            // Enforce per-request object cap
+            if (packet.objects_size() > Tuning::maxGetObjectByHash)
+            {
+                fee_.update(Resource::feeMalformedRequest, "too many objects");
+                return;
+            }
+
+            // Charge heavier fee for large requests (>256 objects)
+            if (packet.objects_size() > 256)
+            {
+                fee_.update(
+                    Resource::feeHeavyBurdenPeer,
+                    "large get object by hash request");
+            }
+            else if (packet.objects_size() > 64)
+            {
+                fee_.update(
+                    Resource::feeModerateBurdenPeer,
+                    "moderate get object by hash request");
+            }
+            else
+            {
+                fee_.update(
+                    Resource::feeTrivialPeer,
+                    "small get object by hash request");
+            }
+        }
+        else
+        {
+            // Legacy behavior: charge moderate fee for all requests
+            fee_.update(
+                Resource::feeModerateBurdenPeer,
+                "received a get object by hash request");
+        }
+
+        // Track reply bytes and stop when over budget (16 MiB) when fix is enabled
+        std::size_t replyBudgetBytes =
+            rules.enabled(fixTMGetObjectByHashLimit) ? megabytes(16) : 0;
+        std::size_t replyBytes = 0;
 
         // This is a very minimal implementation
         for (int i = 0; i < packet.objects_size(); ++i)
@@ -2606,17 +2649,28 @@ PeerImp::onMessage(std::shared_ptr<protocol::TMGetObjectByHash> const& m)
                 auto nodeObject{app_.getNodeStore().fetchNodeObject(hash, seq)};
                 if (nodeObject)
                 {
+                    auto const dataSz = nodeObject->getData().size();
+                    // Check if adding this object would exceed the reply budget
+                    // (only when fix is enabled)
+                    if (replyBudgetBytes > 0 &&
+                        replyBytes + dataSz + 64 > replyBudgetBytes)
+                        break;
+
                     protocol::TMIndexedObject& newObj = *reply.add_objects();
                     newObj.set_hash(hash.begin(), hash.size());
                     newObj.set_data(
                         &nodeObject->getData().front(),
-                        nodeObject->getData().size());
+                        dataSz);
 
                     if (obj.has_nodeid())
                         newObj.set_index(obj.nodeid());
                     if (obj.has_ledgerseq())
                         newObj.set_ledgerseq(obj.ledgerseq());
 
+                    // Track reply bytes when fix is enabled
+                    if (replyBudgetBytes > 0)
+                        replyBytes += dataSz + 64;  // include modest overhead estimate
+
                     // VFALCO NOTE "seq" in the message is obsolete
                 }
             }

src/xrpld/overlay/detail/Tuning.h

@@ -22,6 +22,9 @@ enum {
     /** The hard cap on the number of ledger entries in a single reply. */
     hardMaxReplyNodes = 12288,
 
+    /** Hard cap on TMGetObjectByHash objects per request (non-TRANSACTIONS). */
+    maxGetObjectByHash = 1024,
+
     /** How many timer intervals a sendq has to stay large before we disconnect
      */
     sendqIntervals = 4,