Date: Tue, 30 Jun 2020 15:47:12 +0000 (UTC) From: Rick Macklem <rmacklem@FreeBSD.org> To: src-committers@freebsd.org, svn-src-projects@freebsd.org Subject: svn commit: r362799 - projects/nfs-over-tls/sys/rpc/rpcsec_tls Message-ID: <202006301547.05UFlCYp010159@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: rmacklem Date: Tue Jun 30 15:47:11 2020 New Revision: 362799 URL: https://svnweb.freebsd.org/changeset/base/362799 Log: Although I have no way of testing how long the server side (SSL_accept()) might delay when the client is not responding to handshake records, I decided to make the timeout for the server the same as the client. Modified: projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctls_impl.c Modified: projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctls_impl.c ============================================================================== --- projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctls_impl.c Tue Jun 30 14:49:51 2020 (r362798) +++ projects/nfs-over-tls/sys/rpc/rpcsec_tls/rpctls_impl.c Tue Jun 30 15:47:11 2020 (r362799) @@ -218,17 +218,23 @@ printf("got cl=%p\n", cl); /* * The number of retries defaults to INT_MAX, which * effectively means an infinite, uninterruptable loop. - * Doing even one retry of these upcalls is probably - * not a good plan, since repeating the openssl - * operations are not likely to work. - * The timeout is set fairly large, since some - * openssl operations such as SSL_connect() take a - * long time to return upon failure. + * Set the try_count to 1 so that no retries of the + * RPC occur. Since it is an upcall to a local daemon, + * requests should not be lost and doing one of these + * RPCs multiple times is not correct. + * SSL_connect() in the openssl library has been + * observed to take 6 minutes when the server is not + * responding to the handshake records, so set the + * timeout to 10min. If it times out before the + * daemon completes the RPC, that should still be ok, + * since the daemon is single threaded and will not + * do further RPCs until the openssl library call + * returns (usually with a failure). */ if (cl != NULL) { try_count = 1; CLNT_CONTROL(cl, CLSET_RETRIES, &try_count); - timeo.tv_sec = 2 * 60; + timeo.tv_sec = 10 * 60; timeo.tv_usec = 0; CLNT_CONTROL(cl, CLSET_TIMEOUT, &timeo); } else
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202006301547.05UFlCYp010159>