From: pcarana Date: Mon, 20 Jan 2020 23:32:35 +0000 (-0600) Subject: Add '--http.idle-timeout', drops HTTP connections after X seconds idle. X-Git-Tag: v1.2.0~14 X-Git-Url: http://git.ipfire.org/gitweb/gitweb.cgi?a=commitdiff_plain;h=e761fc772b7ac4bfd84300299e703add02dd1a79;p=thirdparty%2FFORT-validator.git Add '--http.idle-timeout', drops HTTP connections after X seconds idle. --- diff --git a/docs/usage.md b/docs/usage.md index 0f3bb5dc..e1fb9e54 100644 --- a/docs/usage.md +++ b/docs/usage.md @@ -34,27 +34,28 @@ command: fort 23. [`--http.user-agent`](#--httpuser-agent) 24. [`--http.connect-timeout`](#--httpconnect-timeout) 25. [`--http.transfer-timeout`](#--httptransfer-timeout) - 26. [`--http.ca-path`](#--httpca-path) - 27. [`--output.roa`](#--outputroa) - 28. [`--output.bgpsec`](#--outputbgpsec) - 29. [`--asn1-decode-max-stack`](#--asn1-decode-max-stack) - 30. [`--configuration-file`](#--configuration-file) - 31. [`--rrdp.enabled`](#--rrdpenabled) - 32. [`--rrdp.priority`](#--rrdppriority) - 33. [`--rrdp.retry.count`](#--rrdpretrycount) - 34. [`--rrdp.retry.interval`](#--rrdpretryinterval) - 35. [`--rsync.enabled`](#--rsyncenabled) - 36. [`--rsync.priority`](#--rsyncpriority) - 37. [`--rsync.strategy`](#--rsyncstrategy) + 26. [`--http.idle-timeout`](#--httpidle-timeout) + 27. [`--http.ca-path`](#--httpca-path) + 28. [`--output.roa`](#--outputroa) + 29. [`--output.bgpsec`](#--outputbgpsec) + 20. [`--asn1-decode-max-stack`](#--asn1-decode-max-stack) + 31. [`--configuration-file`](#--configuration-file) + 32. [`--rrdp.enabled`](#--rrdpenabled) + 33. [`--rrdp.priority`](#--rrdppriority) + 34. [`--rrdp.retry.count`](#--rrdpretrycount) + 35. [`--rrdp.retry.interval`](#--rrdpretryinterval) + 36. [`--rsync.enabled`](#--rsyncenabled) + 37. [`--rsync.priority`](#--rsyncpriority) + 38. [`--rsync.strategy`](#--rsyncstrategy) 1. [`strict`](#strict) 2. [`root`](#root) 3. [`root-except-ta`](#root-except-ta) - 38. [`--rsync.retry.count`](#--rsyncretrycount) - 39. [`--rsync.retry.interval`](#--rsyncretryinterval) - 40. [`rsync.program`](#rsyncprogram) - 41. [`rsync.arguments-recursive`](#rsyncarguments-recursive) - 42. [`rsync.arguments-flat`](#rsyncarguments-flat) - 43. [`incidences`](#incidences) + 39. [`--rsync.retry.count`](#--rsyncretrycount) + 40. [`--rsync.retry.interval`](#--rsyncretryinterval) + 41. [`rsync.program`](#rsyncprogram) + 42. [`rsync.arguments-recursive`](#rsyncarguments-recursive) + 43. [`rsync.arguments-flat`](#rsyncarguments-flat) + 44. [`incidences`](#incidences) ## Syntax @@ -95,6 +96,7 @@ command: fort [--http.user-agent=] [--http.connect-timeout=] [--http.transfer-timeout=] + [--http.idle-timeout=] [--http.ca-path=] [--output.roa=] [--output.bgpsec=] @@ -475,17 +477,32 @@ The value specified (either by the argument or the default value) is utilized in - **Type:** Integer - **Availability:** `argv` and JSON -- **Default:** 30 +- **Default:** 0 - **Range:** 0--[`UINT_MAX`](http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/limits.h.html) _**All requests are made using HTTPS, verifying the peer and the certificate name vs host**_ Maximum time in seconds (once the connection is established) that the request can last. -Once the connection is established with the server, the request will last a maximum of `http.transfer-timeout` seconds. A value of 0 means unlimited time (use with caution). +Once the connection is established with the server, the request will last a maximum of `http.transfer-timeout` seconds. A value of 0 means unlimited time. The value specified (either by the argument or the default value) is utilized in libcurl's option [CURLOPT_TIMEOUT](https://curl.haxx.se/libcurl/c/CURLOPT_TIMEOUT.html). +### `--http.idle-timeout` + +- **Type:** Integer +- **Availability:** `argv` and JSON +- **Default:** 15 +- **Range:** 0--[`UINT_MAX`](http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/limits.h.html) + +_**All requests are made using HTTPS, verifying the peer and the certificate name vs host**_ + +Maximum time in seconds (once the connection is established) that a request can be idle before dropping it. + +Once the connection is established with the server, the request can last a maximum of `http.idle-timeout` seconds without receiving data before dropping the connection. A value of 0 disables idle time verification (use with caution). + +The value specified (either by the argument or the default value) is utilized in libcurl's option [CURLOPT_LOW_SPEED_TIME](https://curl.haxx.se/libcurl/c/CURLOPT_LOW_SPEED_TIME.html). + ### `--http.ca-path` - **Type:** String (Path to directory) @@ -589,7 +606,8 @@ The configuration options are mostly the same as the ones from the `argv` interf "http": { "user-agent": "{{ page.command }}/{{ site.fort-latest-version }}", "connect-timeout": 30, - "transfer-timeout": 30, + "transfer-timeout": 0, + "idle-timeout": 15, "ca-path": "/usr/local/ssl/certs" }, diff --git a/examples/config.json b/examples/config.json index 17627732..9049e561 100644 --- a/examples/config.json +++ b/examples/config.json @@ -26,7 +26,8 @@ "http": { "user-agent": "fort/1.2.0", "connect-timeout": 30, - "transfer-timeout": 30, + "transfer-timeout": 0, + "idle-timeout": 15, "ca-path": "/usr/local/ssl/certs" }, "rrdp": { diff --git a/man/fort.8 b/man/fort.8 index a60cb670..e8b979eb 100644 --- a/man/fort.8 +++ b/man/fort.8 @@ -516,12 +516,29 @@ can last. .P Once the connection is established with the server, the request will last a maximum of \fBhttp.transfer-timeout\fR seconds. A value of \fI0\fR means -unlimited time (use with caution). +unlimited time (default value). .P The value specified (either by the argument or the default value) is utilized in libcurl’s option \fICURLOPT_TIMEOUT\fR. .P -By default, it has a value of \fI30\fR. The minimum allowed value is \fI0\fR. +By default, it has a value of \fI0\fR. +.RE +.P + +.B \-\-http.idle\-timeout=\fIUNSIGNED_INTEGER\fR +.RS 4 +Maximum time in seconds (once the connection is established) that the request +can be idle. +.P +Once the connection is established with the server, and if the request stops +receiving data for at least \fBhttp.idle-timeout\fR seconds, the connection +will be dropped. A value of \fI0\fR disables idle time verification (use with +caution). +.P +The value specified (either by the argument or the default value) is utilized +in libcurl’s option \fICURLOPT_LOW_SPEED_TIME\fR. +.P +By default, it has a value of \fI15\fR. .RE .P @@ -865,7 +882,8 @@ to a specific value: "http": { "user-agent": "fort/1.2.0", "connect-timeout": 30, - "transfer-timeout": 30, + "transfer-timeout": 0, + "idle-timeout": 15, "ca-path": "/usr/local/ssl/certs" }, "rrdp": { diff --git a/src/config.c b/src/config.c index 0602a565..a1f916c2 100644 --- a/src/config.c +++ b/src/config.c @@ -124,6 +124,8 @@ struct rpki_config { unsigned int connect_timeout; /* Maximum allowed time that a request can take */ unsigned int transfer_timeout; + /* Maximum idle time during a request */ + unsigned int idle_timeout; /* Directory where CA certs to verify peers are found */ char *ca_path; } http; @@ -474,12 +476,21 @@ static const struct option_field options[] = { .name = "http.transfer-timeout", .type = >_uint, .offset = offsetof(struct rpki_config, http.transfer_timeout), - .doc = "Maximum request time (once the connection is established) before dropping the connection", + .doc = "Maximum transfer time (once the connection is established) before dropping the connection", .min = 0, .max = UINT_MAX, }, { .id = 9003, + .name = "http.idle-timeout", + .type = >_uint, + .offset = offsetof(struct rpki_config, http.idle_timeout), + .doc = "Maximum idle time (once the connection is established) during a request before dropping the connection", + .min = 0, + .max = UINT_MAX, + }, + { + .id = 9004, .name = "http.ca-path", .type = >_string, .offset = offsetof(struct rpki_config, http.ca_path), @@ -762,7 +773,8 @@ set_default_values(void) goto revert_flat_array; } rpki_config.http.connect_timeout = 30; - rpki_config.http.transfer_timeout = 30; + rpki_config.http.transfer_timeout = 0; + rpki_config.http.idle_timeout = 15; rpki_config.http.ca_path = NULL; /* Use system default */ rpki_config.log.color = false; @@ -1142,6 +1154,12 @@ config_get_http_transfer_timeout(void) return rpki_config.http.transfer_timeout; } +unsigned int +config_get_http_idle_timeout(void) +{ + return rpki_config.http.idle_timeout; +} + char const * config_get_http_ca_path(void) { diff --git a/src/config.h b/src/config.h index 31ca9cd0..b64b867d 100644 --- a/src/config.h +++ b/src/config.h @@ -36,6 +36,7 @@ enum filename_format config_get_filename_format(void); char const *config_get_http_user_agent(void); unsigned int config_get_http_connect_timeout(void); unsigned int config_get_http_transfer_timeout(void); +unsigned int config_get_http_idle_timeout(void); char const *config_get_http_ca_path(void); uint8_t config_get_log_level(void); enum log_output config_get_log_output(void); diff --git a/src/http/http.c b/src/http/http.c index 3ae0f89b..66b6d6da 100644 --- a/src/http/http.c +++ b/src/http/http.c @@ -57,6 +57,15 @@ http_easy_init(struct http_handler *handler) config_get_http_connect_timeout()); curl_easy_setopt(tmp, CURLOPT_TIMEOUT, config_get_http_transfer_timeout()); + if (config_get_http_idle_timeout() > 0) { + curl_easy_setopt(tmp, CURLOPT_LOW_SPEED_TIME, + config_get_http_idle_timeout()); + curl_easy_setopt(tmp, CURLOPT_LOW_SPEED_LIMIT, 1); + } else { + /* Disabled */ + curl_easy_setopt(tmp, CURLOPT_LOW_SPEED_TIME, 0); + curl_easy_setopt(tmp, CURLOPT_LOW_SPEED_LIMIT, 0); + } curl_easy_setopt(tmp, CURLOPT_NOSIGNAL, 1); /* Always expect HTTPS usage */ diff --git a/test/impersonator.c b/test/impersonator.c index aa40c5a5..94fac4f5 100644 --- a/test/impersonator.c +++ b/test/impersonator.c @@ -194,8 +194,15 @@ config_get_http_connect_timeout(void) unsigned int config_get_http_transfer_timeout(void) { - return 30; + return 0; +} + +unsigned int +config_get_http_idle_timeout(void) +{ + return 15; } + char const * config_get_http_ca_path(void) {