tyler.durden
/
icinga2
mirror of https://github.com/Icinga/icinga2.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #8479 from Icinga/bugfix/close-anonymous-connections 

Close anonymous connections after 10 seconds
This commit is contained in:
Alexander Aleksandrovič Klimov 2020-11-24 16:44:09 +01:00 committed by GitHub
parent 2a2924855f d1edcb909c
commit 3dcc6c32f3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 31 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
lib/remote/jsonrpcconnection.cpp
View File

@ -348,20 +348,43 @@ void JsonRpcConnection::CheckLiveness(boost::asio::yield_context yc)
{
boost::system::error_code ec;
for (;;) {
m_CheckLivenessTimer.expires_from_now(boost::posix_time::seconds(30));
if (!m_Authenticated) {
/* Anonymous connections are normally only used for requesting a certificate and are closed after this request
* is received. However, the request is only sent if the child has successfully verified the certificate of its
* parent so that it is an authenticated connection from its perspective. In case this verification fails, both
* ends view it as an anonymous connection and never actually use it but attempt a reconnect after 10 seconds
* leaking the connection. Therefore close it after a timeout.
*/
m_CheckLivenessTimer.expires_from_now(boost::posix_time::seconds(10));
m_CheckLivenessTimer.async_wait(yc[ec]);
if (m_ShuttingDown) {
break;
return;
}
if (m_Seen < Utility::GetTime() - 60 && (!m_Endpoint || !m_Endpoint->GetSyncing())) {
Log(LogInformation, "JsonRpcConnection")
<< "No messages for identity '" << m_Identity << "' have been received in the last 60 seconds.";
auto remote (m_Stream->lowest_layer().remote_endpoint());
Disconnect();
break;
Log(LogInformation, "JsonRpcConnection")
<< "Closing anonymous connection [" << remote.address() << "]:" << remote.port() << " after 10 seconds.";
Disconnect();
} else {
for (;;) {
m_CheckLivenessTimer.expires_from_now(boost::posix_time::seconds(30));
m_CheckLivenessTimer.async_wait(yc[ec]);
if (m_ShuttingDown) {
break;
}
if (m_Seen < Utility::GetTime() - 60 && (!m_Endpoint || !m_Endpoint->GetSyncing())) {
Log(LogInformation, "JsonRpcConnection")
<< "No messages for identity '" << m_Identity << "' have been received in the last 60 seconds.";
Disconnect();
break;
}
}
}
}