relayd session timeout

Alexander Bluhm Thu, 01 Sep 2011 01:26:03 -0700

Hi,

The relayd used the CHECK_TIMEOUT for connect and ssl handshake.
This is 200 milliseconds and too short.  Instead use the 600 seconds
session timeout that is used for accepted sessions everywhere else.


While there, make flag handling in relay_ssl_transaction() consistent
to the other functions.

ok?

bluhm


Index: usr.sbin/relayd/relay.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/usr.sbin/relayd/relay.c,v
retrieving revision 1.138
diff -u -p -r1.138 relay.c
--- usr.sbin/relayd/relay.c     20 May 2011 09:43:53 -0000      1.138
+++ usr.sbin/relayd/relay.c     1 Sep 2011 07:58:40 -0000
@@ -2279,7 +2279,8 @@ relay_connect(struct rsession *con)
 
        if (errno == EINPROGRESS)
                event_again(&con->se_ev, con->se_out.s, EV_WRITE|EV_TIMEOUT,
-                   relay_connected, &con->se_tv_start, &env->sc_timeout, con);
+                   relay_connected, &con->se_tv_start, &rlay->rl_conf.timeout, 
+                   con);
        else
                relay_connected(con->se_out.s, EV_WRITE, con);
 
@@ -2625,7 +2626,7 @@ relay_ssl_transaction(struct rsession *c
        SSL                     *ssl;
        const SSL_METHOD        *method;
        void                    (*cb)(int, short, void *);
-       u_int                    flags = EV_TIMEOUT;
+       u_int                    flag;
 
        ssl = SSL_new(rlay->rl_ssl_ctx);
        if (ssl == NULL)
@@ -2634,11 +2635,11 @@ relay_ssl_transaction(struct rsession *c
        if (cre->dir == RELAY_DIR_REQUEST) {
                cb = relay_ssl_accept;
                method = SSLv23_server_method();
-               flags |= EV_READ;
+               flag = EV_READ;
        } else {
                cb = relay_ssl_connect;
                method = SSLv23_client_method();
-               flags |= EV_WRITE;
+               flag = EV_WRITE;
        }
 
        if (!SSL_set_ssl_method(ssl, method))
@@ -2653,8 +2654,10 @@ relay_ssl_transaction(struct rsession *c
 
        cre->ssl = ssl;
 
-       event_again(&con->se_ev, cre->s, EV_TIMEOUT|flags,
-           cb, &con->se_tv_start, &env->sc_timeout, con);
+       DPRINTF("%s: session %d: scheduling on %s", __func__, con->se_id,
+           (flag == EV_READ) ? "EV_READ" : "EV_WRITE");
+       event_again(&con->se_ev, cre->s, EV_TIMEOUT|flag, cb,
+           &con->se_tv_start, &rlay->rl_conf.timeout, con);
        return;
 
  err:
@@ -2721,7 +2724,7 @@ retry:
        DPRINTF("%s: session %d: scheduling on %s", __func__, con->se_id,
            (retry_flag == EV_READ) ? "EV_READ" : "EV_WRITE");
        event_again(&con->se_ev, fd, EV_TIMEOUT|retry_flag, relay_ssl_accept,
-           &con->se_tv_start, &env->sc_timeout, con);
+           &con->se_tv_start, &rlay->rl_conf.timeout, con);
 }
 
 void
@@ -2780,7 +2783,7 @@ retry:
        DPRINTF("%s: session %d: scheduling on %s", __func__, con->se_id,
            (retry_flag == EV_READ) ? "EV_READ" : "EV_WRITE");
        event_again(&con->se_ev, fd, EV_TIMEOUT|retry_flag, relay_ssl_connect,
-           &con->se_tv_start, &env->sc_timeout, con);
+           &con->se_tv_start, &rlay->rl_conf.timeout, con);
 }
 
 void

relayd session timeout

Reply via email to