From bad7c631b7aab50d179755ee546357e4f4faca9d Mon Sep 17 00:00:00 2001
From: Simo Sorce <simo@redhat.com>
Date: Tue, 10 Sep 2019 14:33:37 +0000
Subject: [PATCH] Add TCP level timeout to LDAP services
In some cases the TCP connection may hang with data sent because
of network conditions, this may cause the socket to stall for much
longer than the timeout intended.
Set a TCP option to forcibly timeout a socket that sees its data not
ACKed within the ldap_network_timeout seconds.
Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 7aa96458f3bec4ef6ff7385107458e6b2b0b06ac)
---
src/util/sss_sockets.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/src/util/sss_sockets.c b/src/util/sss_sockets.c
index 0e4d8df8a..b6b6dbac5 100644
--- a/src/util/sss_sockets.c
+++ b/src/util/sss_sockets.c
@@ -79,6 +79,7 @@ static errno_t set_fd_common_opts(int fd, int timeout)
int dummy = 1;
int ret;
struct timeval tv;
+ unsigned int milli;
/* SO_KEEPALIVE and TCP_NODELAY are set by OpenLDAP client libraries but
* failures are ignored.*/
@@ -117,6 +118,16 @@ static errno_t set_fd_common_opts(int fd, int timeout)
"setsockopt SO_SNDTIMEO failed.[%d][%s].\n", ret,
strerror(ret));
}
+
+ milli = timeout * 1000; /* timeout in milliseconds */
+ ret = setsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT, milli,
+ sizeof(milli));
+ if (ret != 0) {
+ ret = errno;
+ DEBUG(SSSDBG_FUNC_DATA,
+ "setsockopt TCP_USER_TIMEOUT failed.[%d][%s].\n", ret,
+ strerror(ret));
+ }
}
return EOK;
--
2.20.1