From 49e3de993d95a7d0f8812f5cbd2d235e63a6313d Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sep 10 2019 14:33:37 +0000 Subject: Add TCP level timeout to LDAP services In some cases the TCP connection may hang with data sent because of network conditions, this may cause the socket to stall for much longer than the timeout intended. Set a TCP option to forcibly timeout a socket that sees its data not ACKed within the ldap_network_timeout seconds. Signed-off-by: Simo Sorce --- diff --git a/src/util/sss_sockets.c b/src/util/sss_sockets.c index 0e4d8df..b6b6dba 100644 --- a/src/util/sss_sockets.c +++ b/src/util/sss_sockets.c @@ -79,6 +79,7 @@ static errno_t set_fd_common_opts(int fd, int timeout) int dummy = 1; int ret; struct timeval tv; + unsigned int milli; /* SO_KEEPALIVE and TCP_NODELAY are set by OpenLDAP client libraries but * failures are ignored.*/ @@ -117,6 +118,16 @@ static errno_t set_fd_common_opts(int fd, int timeout) "setsockopt SO_SNDTIMEO failed.[%d][%s].\n", ret, strerror(ret)); } + + milli = timeout * 1000; /* timeout in milliseconds */ + ret = setsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT, milli, + sizeof(milli)); + if (ret != 0) { + ret = errno; + DEBUG(SSSDBG_FUNC_DATA, + "setsockopt TCP_USER_TIMEOUT failed.[%d][%s].\n", ret, + strerror(ret)); + } } return EOK;