23. [`--http.user-agent`](#--httpuser-agent)
24. [`--http.connect-timeout`](#--httpconnect-timeout)
25. [`--http.transfer-timeout`](#--httptransfer-timeout)
- 26. [`--http.ca-path`](#--httpca-path)
- 27. [`--output.roa`](#--outputroa)
- 28. [`--output.bgpsec`](#--outputbgpsec)
- 29. [`--asn1-decode-max-stack`](#--asn1-decode-max-stack)
- 30. [`--configuration-file`](#--configuration-file)
- 31. [`--rrdp.enabled`](#--rrdpenabled)
- 32. [`--rrdp.priority`](#--rrdppriority)
- 33. [`--rrdp.retry.count`](#--rrdpretrycount)
- 34. [`--rrdp.retry.interval`](#--rrdpretryinterval)
- 35. [`--rsync.enabled`](#--rsyncenabled)
- 36. [`--rsync.priority`](#--rsyncpriority)
- 37. [`--rsync.strategy`](#--rsyncstrategy)
+ 26. [`--http.idle-timeout`](#--httpidle-timeout)
+ 27. [`--http.ca-path`](#--httpca-path)
+ 28. [`--output.roa`](#--outputroa)
+ 29. [`--output.bgpsec`](#--outputbgpsec)
+ 20. [`--asn1-decode-max-stack`](#--asn1-decode-max-stack)
+ 31. [`--configuration-file`](#--configuration-file)
+ 32. [`--rrdp.enabled`](#--rrdpenabled)
+ 33. [`--rrdp.priority`](#--rrdppriority)
+ 34. [`--rrdp.retry.count`](#--rrdpretrycount)
+ 35. [`--rrdp.retry.interval`](#--rrdpretryinterval)
+ 36. [`--rsync.enabled`](#--rsyncenabled)
+ 37. [`--rsync.priority`](#--rsyncpriority)
+ 38. [`--rsync.strategy`](#--rsyncstrategy)
1. [`strict`](#strict)
2. [`root`](#root)
3. [`root-except-ta`](#root-except-ta)
- 38. [`--rsync.retry.count`](#--rsyncretrycount)
- 39. [`--rsync.retry.interval`](#--rsyncretryinterval)
- 40. [`rsync.program`](#rsyncprogram)
- 41. [`rsync.arguments-recursive`](#rsyncarguments-recursive)
- 42. [`rsync.arguments-flat`](#rsyncarguments-flat)
- 43. [`incidences`](#incidences)
+ 39. [`--rsync.retry.count`](#--rsyncretrycount)
+ 40. [`--rsync.retry.interval`](#--rsyncretryinterval)
+ 41. [`rsync.program`](#rsyncprogram)
+ 42. [`rsync.arguments-recursive`](#rsyncarguments-recursive)
+ 43. [`rsync.arguments-flat`](#rsyncarguments-flat)
+ 44. [`incidences`](#incidences)
## Syntax
[--http.user-agent=<string>]
[--http.connect-timeout=<unsigned integer>]
[--http.transfer-timeout=<unsigned integer>]
+ [--http.idle-timeout=<unsigned integer>]
[--http.ca-path=<directory>]
[--output.roa=<file>]
[--output.bgpsec=<file>]
- **Type:** Integer
- **Availability:** `argv` and JSON
-- **Default:** 30
+- **Default:** 0
- **Range:** 0--[`UINT_MAX`](http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/limits.h.html)
_**All requests are made using HTTPS, verifying the peer and the certificate name vs host**_
Maximum time in seconds (once the connection is established) that the request can last.
-Once the connection is established with the server, the request will last a maximum of `http.transfer-timeout` seconds. A value of 0 means unlimited time (use with caution).
+Once the connection is established with the server, the request will last a maximum of `http.transfer-timeout` seconds. A value of 0 means unlimited time.
The value specified (either by the argument or the default value) is utilized in libcurl's option [CURLOPT_TIMEOUT](https://curl.haxx.se/libcurl/c/CURLOPT_TIMEOUT.html).
+### `--http.idle-timeout`
+
+- **Type:** Integer
+- **Availability:** `argv` and JSON
+- **Default:** 15
+- **Range:** 0--[`UINT_MAX`](http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/limits.h.html)
+
+_**All requests are made using HTTPS, verifying the peer and the certificate name vs host**_
+
+Maximum time in seconds (once the connection is established) that a request can be idle before dropping it.
+
+Once the connection is established with the server, the request can last a maximum of `http.idle-timeout` seconds without receiving data before dropping the connection. A value of 0 disables idle time verification (use with caution).
+
+The value specified (either by the argument or the default value) is utilized in libcurl's option [CURLOPT_LOW_SPEED_TIME](https://curl.haxx.se/libcurl/c/CURLOPT_LOW_SPEED_TIME.html).
+
### `--http.ca-path`
- **Type:** String (Path to directory)
"http": {
"<a href="#--httpuser-agent">user-agent</a>": "{{ page.command }}/{{ site.fort-latest-version }}",
"<a href="#--httpconnect-timeout">connect-timeout</a>": 30,
- "<a href="#--httptransfer-timeout">transfer-timeout</a>": 30,
+ "<a href="#--httptransfer-timeout">transfer-timeout</a>": 0,
+ "<a href="#--httpidle-timeout">idle-timeout</a>": 15,
"<a href="#--httpca-path">ca-path</a>": "/usr/local/ssl/certs"
},
"http": {
"user-agent": "fort/1.2.0",
"connect-timeout": 30,
- "transfer-timeout": 30,
+ "transfer-timeout": 0,
+ "idle-timeout": 15,
"ca-path": "/usr/local/ssl/certs"
},
"rrdp": {
.P
Once the connection is established with the server, the request will last a
maximum of \fBhttp.transfer-timeout\fR seconds. A value of \fI0\fR means
-unlimited time (use with caution).
+unlimited time (default value).
.P
The value specified (either by the argument or the default value) is utilized
in libcurl’s option \fICURLOPT_TIMEOUT\fR.
.P
-By default, it has a value of \fI30\fR. The minimum allowed value is \fI0\fR.
+By default, it has a value of \fI0\fR.
+.RE
+.P
+
+.B \-\-http.idle\-timeout=\fIUNSIGNED_INTEGER\fR
+.RS 4
+Maximum time in seconds (once the connection is established) that the request
+can be idle.
+.P
+Once the connection is established with the server, and if the request stops
+receiving data for at least \fBhttp.idle-timeout\fR seconds, the connection
+will be dropped. A value of \fI0\fR disables idle time verification (use with
+caution).
+.P
+The value specified (either by the argument or the default value) is utilized
+in libcurl’s option \fICURLOPT_LOW_SPEED_TIME\fR.
+.P
+By default, it has a value of \fI15\fR.
.RE
.P
"http": {
"user-agent": "fort/1.2.0",
"connect-timeout": 30,
- "transfer-timeout": 30,
+ "transfer-timeout": 0,
+ "idle-timeout": 15,
"ca-path": "/usr/local/ssl/certs"
},
"rrdp": {
unsigned int connect_timeout;
/* Maximum allowed time that a request can take */
unsigned int transfer_timeout;
+ /* Maximum idle time during a request */
+ unsigned int idle_timeout;
/* Directory where CA certs to verify peers are found */
char *ca_path;
} http;
.name = "http.transfer-timeout",
.type = >_uint,
.offset = offsetof(struct rpki_config, http.transfer_timeout),
- .doc = "Maximum request time (once the connection is established) before dropping the connection",
+ .doc = "Maximum transfer time (once the connection is established) before dropping the connection",
.min = 0,
.max = UINT_MAX,
},
{
.id = 9003,
+ .name = "http.idle-timeout",
+ .type = >_uint,
+ .offset = offsetof(struct rpki_config, http.idle_timeout),
+ .doc = "Maximum idle time (once the connection is established) during a request before dropping the connection",
+ .min = 0,
+ .max = UINT_MAX,
+ },
+ {
+ .id = 9004,
.name = "http.ca-path",
.type = >_string,
.offset = offsetof(struct rpki_config, http.ca_path),
goto revert_flat_array;
}
rpki_config.http.connect_timeout = 30;
- rpki_config.http.transfer_timeout = 30;
+ rpki_config.http.transfer_timeout = 0;
+ rpki_config.http.idle_timeout = 15;
rpki_config.http.ca_path = NULL; /* Use system default */
rpki_config.log.color = false;
return rpki_config.http.transfer_timeout;
}
+unsigned int
+config_get_http_idle_timeout(void)
+{
+ return rpki_config.http.idle_timeout;
+}
+
char const *
config_get_http_ca_path(void)
{
char const *config_get_http_user_agent(void);
unsigned int config_get_http_connect_timeout(void);
unsigned int config_get_http_transfer_timeout(void);
+unsigned int config_get_http_idle_timeout(void);
char const *config_get_http_ca_path(void);
uint8_t config_get_log_level(void);
enum log_output config_get_log_output(void);
config_get_http_connect_timeout());
curl_easy_setopt(tmp, CURLOPT_TIMEOUT,
config_get_http_transfer_timeout());
+ if (config_get_http_idle_timeout() > 0) {
+ curl_easy_setopt(tmp, CURLOPT_LOW_SPEED_TIME,
+ config_get_http_idle_timeout());
+ curl_easy_setopt(tmp, CURLOPT_LOW_SPEED_LIMIT, 1);
+ } else {
+ /* Disabled */
+ curl_easy_setopt(tmp, CURLOPT_LOW_SPEED_TIME, 0);
+ curl_easy_setopt(tmp, CURLOPT_LOW_SPEED_LIMIT, 0);
+ }
curl_easy_setopt(tmp, CURLOPT_NOSIGNAL, 1);
/* Always expect HTTPS usage */
unsigned int
config_get_http_transfer_timeout(void)
{
- return 30;
+ return 0;
+}
+
+unsigned int
+config_get_http_idle_timeout(void)
+{
+ return 15;
}
+
char const *
config_get_http_ca_path(void)
{
projects / thirdparty / FORT-validator.git / commitdiff
