On Tue, Aug 02, 2022 at 12:27:57PM -0600, Theo de Raadt wrote:
> I think you intend for that to be two seperate diffs, not merged into
> one.
>
> For connect < 15 seconds, I think that is a bit strict.
>
> For IO stalling 15 seconds, I suspect such IO stalls happen more than
> we know, and will do harm to RPKI processing results.
>
> I don't see any way this can be tested in less than 24 hours.
Over the course of a couple of days hours I ran multiple instances (with
the previously posted 15-second-timeout patch, and without) in a 'while
true' loop. I also ran instances at 1-hour-cadance on slow machines.
I've not been able to discern any harm to RPKI processing results.
The big upside to the 15-second-timeout appears to be that total
execution time is a fair chunk shorter.
I'd like us to move forward with shorter connect() timeouts.
Below is the changeset for just rsync. OK?
Kind regards,
Job
Index: rsync.c
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/rsync.c,v
retrieving revision 1.38
diff -u -p -r1.38 rsync.c
--- rsync.c 24 May 2022 09:20:49 -0000 1.38
+++ rsync.c 8 Aug 2022 12:57:18 -0000
@@ -312,6 +312,7 @@ proc_rsync(char *prog, char *bind_addr,
args[i++] = "-rt";
args[i++] = "--no-motd";
args[i++] = "--max-size=" STRINGIFY(MAX_FILE_SIZE);
+ args[i++] = "--contimeout=" STRINGIFY(MAX_CONTIMEOUT);
args[i++] = "--timeout=180";
args[i++] = "--include=*/";
args[i++] = "--include=*.cer";
Index: extern.h
===================================================================
RCS file: /cvs/src/usr.sbin/rpki-client/extern.h,v
retrieving revision 1.143
diff -u -p -r1.143 extern.h
--- extern.h 27 Jun 2022 10:18:27 -0000 1.143
+++ extern.h 8 Aug 2022 12:57:18 -0000
@@ -727,6 +727,9 @@ int mkpathat(int, const char *);
#define MAX_HTTP_REQUESTS 64
#define MAX_RSYNC_REQUESTS 16
+/* How many seconds to wait for a connection to succeed. */
+#define MAX_CONTIMEOUT 15
+
/* Maximum allowd repositories per tal */
#define MAX_REPO_PER_TAL 1000
