From 64da41f2b5963d5271fc449c8b6118089b2e4c03 Mon Sep 17 00:00:00 2001 From: Philip Withnall Date: Wed, 13 Sep 2023 15:38:25 +0100 Subject: [PATCH] utils-http: Add transfer speed timeout for libcurl HTTP downloads There was already a timeout set using `CURLOPT_CONNECTTIMEOUT`, but that only affects the initial connection. Once a HTTP connection is established, the timeout is ineffective. That means that once a HTTP connection is established, there is no bound on the length of time a download can take. Sometimes, downloads drop to very low speeds (for Networking Reasons) and we need a way to give up on a download if that happens. So, set a low speed limit of 10KB/s for 60s. If a curl download goes more slowly than this, it will be considered timed out, and the `CURLE_OPERATION_TIMEDOUT` code path will be taken. Signed-off-by: Philip Withnall Fixes: https://github.com/flatpak/flatpak/issues/5519 (cherry picked from commit d6b10c26efd583805ec7085c040a52d0884c305b) --- common/flatpak-utils-http.c | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/common/flatpak-utils-http.c b/common/flatpak-utils-http.c index 828e2568..18098d4f 100644 --- a/common/flatpak-utils-http.c +++ b/common/flatpak-utils-http.c @@ -403,8 +403,16 @@ flatpak_create_http_session (const char *user_agent) curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, _write_cb); curl_easy_setopt(curl, CURLOPT_HEADERFUNCTION, _header_cb); + /* Abort the connection if connecting to the server takes too long. This + * timeout has no effect after a connection is established. */ curl_easy_setopt (curl, CURLOPT_CONNECTTIMEOUT, (long)FLATPAK_HTTP_TIMEOUT_SECS); + /* Abort the download if it’s slower than 10KB/sec for 60 seconds. An example + * compressed summary file is 1.5MB in size, so anything slower than this rate + * will mean it takes over 2.5 minutes to download just the summary file. */ + curl_easy_setopt(curl, CURLOPT_LOW_SPEED_TIME, (long)FLATPAK_HTTP_TIMEOUT_SECS); + curl_easy_setopt(curl, CURLOPT_LOW_SPEED_LIMIT, 10000L); + return session; }