Fixed reverse proxy timeout

2021-11-12 15:16:09 +01:00
parent fe0cdc9b1a
commit 171bca55fa
4 changed files with 35 additions and 13 deletions
--- a/src/lib/rev_proxy.c
+++ b/src/lib/rev_proxy.c
@ -181,18 +181,12 @@ int rev_proxy_init(http_req *req, http_res *res, http_status_ctx *ctx, host_conf
        return -1;
    }

-    server_timeout.tv_sec = SERVER_TIMEOUT;
+    server_timeout.tv_sec = SERVER_TIMEOUT_INIT;
    server_timeout.tv_usec = 0;
    if (setsockopt(rev_proxy.socket, SOL_SOCKET, SO_RCVTIMEO, &server_timeout, sizeof(server_timeout)) < 0)
        goto rev_proxy_timeout_err;
-    if (setsockopt(rev_proxy.socket, SOL_SOCKET, SO_SNDTIMEO, &server_timeout, sizeof(server_timeout)) < 0) {
-        rev_proxy_timeout_err:
-        res->status = http_get_status(500);
-        ctx->origin = INTERNAL;
-        print(ERR_STR "Unable to set timeout for socket: %s" CLR_STR, strerror(errno));
-        sprintf(err_msg, "Unable to set timeout for socket: %s", strerror(errno));
-        goto proxy_err;
-    }
+    if (setsockopt(rev_proxy.socket, SOL_SOCKET, SO_SNDTIMEO, &server_timeout, sizeof(server_timeout)) < 0)
+        goto rev_proxy_timeout_err;

    struct hostent *host_ent = gethostbyname2(conf->rev_proxy.hostname, AF_INET6);
    if (host_ent == NULL) {
@ -234,6 +228,19 @@ int rev_proxy_init(http_req *req, http_res *res, http_status_ctx *ctx, host_conf
        goto proxy_err;
    }

+    server_timeout.tv_sec = SERVER_TIMEOUT;
+    server_timeout.tv_usec = 0;
+    if (setsockopt(rev_proxy.socket, SOL_SOCKET, SO_RCVTIMEO, &server_timeout, sizeof(server_timeout)) < 0)
+        goto rev_proxy_timeout_err;
+    if (setsockopt(rev_proxy.socket, SOL_SOCKET, SO_SNDTIMEO, &server_timeout, sizeof(server_timeout)) < 0) {
+        rev_proxy_timeout_err:
+        res->status = http_get_status(500);
+        ctx->origin = INTERNAL;
+        print(ERR_STR "Unable to set timeout for reverse proxy socket: %s" CLR_STR, strerror(errno));
+        sprintf(err_msg, "Unable to set timeout for reverse proxy socket: %s", strerror(errno));
+        goto proxy_err;
+    }
+
    if (conf->rev_proxy.enc) {
        rev_proxy.ssl = SSL_new(rev_proxy.ctx);
        SSL_set_fd(rev_proxy.ssl, rev_proxy.socket);
@ -319,8 +326,16 @@ int rev_proxy_init(http_req *req, http_res *res, http_status_ctx *ctx, host_conf

    ret = sock_recv(&rev_proxy, buffer, sizeof(buffer), MSG_PEEK);
    if (ret <= 0) {
-        res->status = http_get_status(502);
-        ctx->origin = SERVER_RES;
+        int enc_err = sock_enc_error(&rev_proxy);
+        if (errno == EAGAIN || errno == EINPROGRESS || enc_err == SSL_ERROR_WANT_READ ||
+            enc_err == SSL_ERROR_WANT_WRITE)
+        {
+            res->status = http_get_status(504);
+            ctx->origin = SERVER_RES;
+        } else {
+            res->status = http_get_status(502);
+            ctx->origin = SERVER_RES;
+        }
        print(ERR_STR "Unable to receive response from server: %s" CLR_STR, sock_strerror(&rev_proxy));
        sprintf(err_msg, "Unable to receive response from server: %s.", sock_strerror(&rev_proxy));
        goto proxy_err;
--- a/src/lib/sock.c
+++ b/src/lib/sock.c
@ -12,6 +12,10 @@
 #include <sys/socket.h>
 #include <unistd.h>

+int sock_enc_error(sock *s) {
+    return (int) s->enc ? SSL_get_error(s->ssl, (int) s->_last_ret) : 0;
+}
+
 const char *sock_strerror(sock *s) {
    if (s->_last_ret == 0) {
        return "closed";
@ -21,7 +25,7 @@ const char *sock_strerror(sock *s) {
        }
        const char *err1 = ERR_reason_error_string(s->_ssl_error);
        const char *err2 = strerror(errno);
-        switch (SSL_get_error(s->ssl, (int) s->_last_ret)) {
+        switch (sock_enc_error(s)) {
            case SSL_ERROR_NONE:
                return NULL;
            case SSL_ERROR_ZERO_RETURN:
--- a/src/lib/sock.h
+++ b/src/lib/sock.h
@ -23,6 +23,8 @@ typedef struct {
    unsigned long _ssl_error;
 } sock;

+int sock_enc_error(sock *s);
+
 const char *sock_strerror(sock *s);

 long sock_send(sock *s, void *buf, unsigned long len, int flags);
--- a/src/necronda-server.h
+++ b/src/necronda-server.h
@ -17,7 +17,8 @@
 #define LISTEN_BACKLOG 16
 #define REQ_PER_CONNECTION 200
 #define CLIENT_TIMEOUT 3600
-#define SERVER_TIMEOUT 4
+#define SERVER_TIMEOUT_INIT 4
+#define SERVER_TIMEOUT 3600

 #define CHUNK_SIZE 8192