dirmngr: New option --resolver-timeout.

* dirmngr/dns-stuff.c (DEFAULT_TIMEOUT): New. (opt_timeout): New var. (set_dns_timeout): New. (libdns_res_open): Set the default timeout. (libdns_res_wait): Use configurable timeout. (resolve_name_libdns): Ditto. * dirmngr/dirmngr.c (oResolverTimeout): New const. (opts): New option --resolver-timeout. (parse_rereadable_options): Set that option. (main) <aGPGConfList>: Add --nameserver and --resolver-timeout. * tools/gpgconf-comp.c (gc_options_dirmngr): Add --resolver-timeout and --nameserver. * dirmngr/http.c (connect_server): Fix yesterday introduced bug in error diagnostic. -- This timeout is a pretty crude thing because libdns has a few other internal timeouts as well. Signed-off-by: Werner Koch <wk@gnupg.org>
2025-07-02 22:46:30 +02:00 · 2016-12-20 09:53:58 +01:00 · 2016-12-20 09:53:58 +01:00 · 81c012787f
commit 81c012787f
parent af8b68fae3
7 changed files with 65 additions and 5 deletions
--- a/dirmngr/dns-stuff.c
+++ b/dirmngr/dns-stuff.c
@ -108,10 +108,17 @@
 /* The default nameserver used in Tor mode.  */
 #define DEFAULT_NAMESERVER "8.8.8.8"

+/* The default timeout in seconds for libdns requests.  */
+#define DEFAULT_TIMEOUT 30
+
+
 /* Two flags to enable verbose and debug mode.  */
 static int opt_verbose;
 static int opt_debug;

+/* The timeout in seconds for libdns requests.  */
+static int opt_timeout;
+
 /* If set force the use of the standard resolver.  */
 static int standard_resolver;

@ -219,6 +226,22 @@ set_dns_verbose (int verbose, int debug)
 }


+/* Set the timeout for libdns requests to SECONDS.  A value of 0 sets
+ * the default timeout and values are capped at 10 minutes.  */
+void
+set_dns_timeout (int seconds)
+{
+  if (!seconds)
+    seconds = DEFAULT_TIMEOUT;
+  else if (seconds < 1)
+    seconds = 1;
+  else if (seconds > 600)
+    seconds = 600;
+
+  opt_timeout = seconds;
+}
+
+
 /* Change the default IP address of the nameserver to IPADDR.  The
   address needs to be a numerical IP address and will be used for the
   next DNS query.  Note that this is only used in Tor mode.  */
@ -421,7 +444,8 @@ libdns_init (void)
           pip && idx < DIM (ld.resolv_conf->nameserver);
           pip = pip->Next)
        {
-          log_debug ("ninfo->dnsserver[%d] '%s'\n", idx, pip->IpAddress.String);
+          if (opt_debug)
+            log_debug ("dns: dnsserver[%d] '%s'\n", idx, pip->IpAddress.String);
          err = libdns_error_to_gpg_error
            (dns_resconf_pton (&ld.resolv_conf->nameserver[idx],
                               pip->IpAddress.String));
@ -547,6 +571,9 @@ libdns_res_open (struct dns_resolver **r_res)
  if (err)
    return err;

+  if (!opt_timeout)
+    set_dns_timeout (0);
+
  res = dns_res_open (libdns.resolv_conf, libdns.hosts, libdns.hints, NULL,
                      dns_opts (.socks_host     = &libdns.socks_host,
                                .socks_user     = tor_socks_user,
@ -604,7 +631,7 @@ libdns_res_wait (struct dns_resolver *res)
  while ((err = libdns_error_to_gpg_error (dns_res_check (res)))
         && gpg_err_code (err) == GPG_ERR_EAGAIN)
    {
-      if (dns_res_elapsed (res) > 30)
+      if (dns_res_elapsed (res) > opt_timeout)
        {
          err = gpg_error (GPG_ERR_DNS_TIMEOUT);
          break;
@ -677,7 +704,7 @@ resolve_name_libdns (const char *name, unsigned short port,
        }
      if (gpg_err_code (err) == GPG_ERR_EAGAIN)
        {
-          if (dns_ai_elapsed (ai) > 30)
+          if (dns_ai_elapsed (ai) > opt_timeout)
            {
              err = gpg_error (GPG_ERR_DNS_TIMEOUT);
              goto leave;