From bad7c631b7aab50d179755ee546357e4f4faca9d Mon Sep 17 00:00:00 2001

From: Simo Sorce <simo@redhat.com>

Date: Tue, 10 Sep 2019 14:33:37 +0000

Subject: [PATCH] Add TCP level timeout to LDAP services

In some cases the TCP connection may hang with data sent because

of network conditions, this may cause the socket to stall for much

longer than the timeout intended.

Set a TCP option to forcibly timeout a socket that sees its data not

ACKed within the ldap_network_timeout seconds.

Signed-off-by: Simo Sorce <simo@redhat.com>

Reviewed-by: Sumit Bose <sbose@redhat.com>

(cherry picked from commit 7aa96458f3bec4ef6ff7385107458e6b2b0b06ac)

---

 src/util/sss_sockets.c | 11 +++++++++++

 1 file changed, 11 insertions(+)

diff --git a/src/util/sss_sockets.c b/src/util/sss_sockets.c

index 0e4d8df8a..b6b6dbac5 100644

--- a/src/util/sss_sockets.c

+++ b/src/util/sss_sockets.c

@@ -79,6 +79,7 @@ static errno_t set_fd_common_opts(int fd, int timeout)

     int dummy = 1;

     int ret;

     struct timeval tv;

+    unsigned int milli;

     /* SO_KEEPALIVE and TCP_NODELAY are set by OpenLDAP client libraries but

      * failures are ignored.*/

@@ -117,6 +118,16 @@ static errno_t set_fd_common_opts(int fd, int timeout)

                   "setsockopt SO_SNDTIMEO failed.[%d][%s].\n", ret,

                   strerror(ret));

         }

+

+        milli = timeout * 1000; /* timeout in milliseconds */

+        ret = setsockopt(fd, IPPROTO_TCP, TCP_USER_TIMEOUT, milli,

+                         sizeof(milli));

+        if (ret != 0) {

+            ret = errno;

+            DEBUG(SSSDBG_FUNC_DATA,

+                  "setsockopt TCP_USER_TIMEOUT failed.[%d][%s].\n", ret,

+                  strerror(ret));

+        }

     }

     return EOK;

-- 

2.20.1