diff --git a/proxy/ProtocolProbeSessionAccept.cc b/proxy/ProtocolProbeSessionAccept.cc index cdbffcf24ad..36bba6856f7 100644 --- a/proxy/ProtocolProbeSessionAccept.cc +++ b/proxy/ProtocolProbeSessionAccept.cc @@ -27,6 +27,7 @@ #include "http2/HTTP2.h" #include "ProxyProtocol.h" #include "I_NetVConnection.h" +#include "http/HttpConfig.h" static bool proto_is_http2(IOBufferReader *reader) @@ -176,7 +177,11 @@ ProtocolProbeSessionAccept::mainEvent(int event, void *data) NetVConnection *netvc = static_cast(data); ProtocolProbeTrampoline *probe = new ProtocolProbeTrampoline(this, netvc->mutex, nullptr, nullptr); - // XXX we need to apply accept inactivity timeout here ... + // The connection has completed, set the accept inactivity timeout here to watch over the difference between the + // connection set up and the first transaction.. + HttpConfigParams *param = HttpConfig::acquire(); + netvc->set_inactivity_timeout(HRTIME_SECONDS(param->accept_no_activity_timeout)); + HttpConfig::release(param); if (!probe->reader->is_read_avail_more_than(0)) { Debug("http", "probe needs data, read.."); diff --git a/proxy/http/HttpSM.cc b/proxy/http/HttpSM.cc index 6af96020aec..c381639fb6f 100644 --- a/proxy/http/HttpSM.cc +++ b/proxy/http/HttpSM.cc @@ -630,7 +630,7 @@ HttpSM::attach_client_session(ProxyTransaction *client_vc, IOBufferReader *buffe ///////////////////////// // set up timeouts // ///////////////////////// - client_vc->set_inactivity_timeout(HRTIME_SECONDS(t_state.http_config_param->accept_no_activity_timeout)); + client_vc->set_inactivity_timeout(HRTIME_SECONDS(t_state.txn_conf->transaction_no_activity_timeout_in)); client_vc->set_active_timeout(HRTIME_SECONDS(t_state.txn_conf->transaction_active_timeout_in)); ++reentrancy_count; diff --git a/tests/gold_tests/timeout/accept_timeout.test.py b/tests/gold_tests/timeout/accept_timeout.test.py new file mode 100644 index 00000000000..1d513271d70 --- /dev/null +++ b/tests/gold_tests/timeout/accept_timeout.test.py @@ -0,0 +1,70 @@ +''' +''' +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +Test.Summary = 'Testing ATS inactivity timeout' + +Test.SkipUnless( + Condition.HasCurlFeature('http2'), + Condition.HasProgram("telnet", "Need telnet to shutdown when server shuts down tcp"), + Condition.HasProgram("nc", "Need nc to send data to server") +) + +ts = Test.MakeATSProcess("ts", select_ports=True, enable_tls=True) + +ts.addSSLfile("../tls/ssl/server.pem") +ts.addSSLfile("../tls/ssl/server.key") + +ts.Disk.records_config.update({ + 'proxy.config.ssl.server.cert.path': '{0}'.format(ts.Variables.SSLDir), + 'proxy.config.ssl.server.private_key.path': '{0}'.format(ts.Variables.SSLDir), + 'proxy.config.http.transaction_no_activity_timeout_in': 6, + 'proxy.config.http.accept_no_activity_timeout': 2, + 'proxy.config.net.default_inactivity_timeout': 10, + 'proxy.config.net.defer_accept': 0 # Must turn off defer accept to test the raw TCP case +}) + +ts.Disk.ssl_multicert_config.AddLine( + 'dest_ip=* ssl_cert_name=server.pem ssl_key_name=server.key' +) + +# case 1 TLS with no data +tr = Test.AddTestRun("tr") +tr.Setup.Copy("time_client.sh") +tr.Processes.Default.StartBefore(ts) +tr.Processes.Default.Command = 'sh ./time_client.sh \'openssl s_client -ign_eof -connect 127.0.0.1:{0}\''.format( + ts.Variables.ssl_port) +tr.Processes.Default.Streams.stdout = Testers.ContainsExpression("Accept timeout", "Request should fail from the accept timeout") + +# case 2 TLS with incomplete request header +tr2 = Test.AddTestRun("tr") +tr2.Processes.Default.Command = 'echo "GET /.html HTTP/1.1" | sh ./time_client.sh \'openssl s_client -ign_eof -connect 127.0.0.1:{0}\''.format( + ts.Variables.ssl_port) +tr2.Processes.Default.Streams.stdout = Testers.ContainsExpression( + "Transaction inactivity timeout", "Request should fail with transaction inactivity timeout") + +# case 3 TCP with no data +tr3 = Test.AddTestRun("tr") +tr3.Processes.Default.Command = 'sh ./time_client.sh \'telnet 127.0.0.1 {0}\''.format(ts.Variables.port) +tr3.Processes.Default.Streams.stdout = Testers.ContainsExpression("Accept timeout", "Request should fail from the accept timeout") + +# case 4 TCP with incomplete request header +tr4 = Test.AddTestRun("tr") +tr4.Setup.Copy("create_request.sh") +tr4.Processes.Default.Command = 'sh ./time_client.sh \'nc -c ./create_request.sh 127.0.0.1 {0}\''.format(ts.Variables.port) +tr4.Processes.Default.Streams.stdout = Testers.ContainsExpression( + "Transaction inactivity timeout", "Request should fail with transaction inactivity timeout") diff --git a/tests/gold_tests/timeout/create_request.sh b/tests/gold_tests/timeout/create_request.sh new file mode 100755 index 00000000000..7adddfa951b --- /dev/null +++ b/tests/gold_tests/timeout/create_request.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +printf GET / HTTP/1.1 +sleep 11 diff --git a/tests/gold_tests/timeout/time_client.sh b/tests/gold_tests/timeout/time_client.sh new file mode 100644 index 00000000000..e838b41ef06 --- /dev/null +++ b/tests/gold_tests/timeout/time_client.sh @@ -0,0 +1,34 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +start=`date +%s` +$1 +end=`date +%s` + +runtime=$((end-start)) +echo $runtime +if [ $runtime -lt 6 ] +then + echo "Accept timeout $runtime" + exit 0 +elif [ $runtime -lt 10 ] +then + echo "Transaction inactivity timeout $runtime" + exit 0 +else + echo "Default inactivity timeout $runtime" + exit 1 +fi