Re: [Tails-dev] Endless Data Attack and Defense

Delete this message

Reply to this message
Autor: adrelanos
Data:  
Dla: tails-dev
Stare tematy: Re: [Tails-dev] Endless Data Attack and Defense
Temat: Re: [Tails-dev] Endless Data Attack and Defense
intrigeri:
>> We're in luck. A fix doesn't appear to be that complicated. Curl
>> supports --max-time.
>
>> Adding a timeout between, well, 120 and 300 seconds?
>
>> Whatever a good timeout value would be, it's probable best not the hard
>> code let's say for example 120 seconds.
>
> I would happily take a patch against our htpdate fork that adds a 180
> seconds timeout. Interested?


After some further testing and thinking, --max-time 180 may not be the
best solution.

>From curl man page.


> -m, --max-time <seconds>

Maximum time in seconds that you allow the whole operation to
take.    This is useful for preventing your batch jobs from hang-
ing for hours due to slow networks or links going down.    See
also the --connect-timeout option.

> If this option is used several times, the last one will be used.


> --connect-timeout <seconds>

Maximum time in seconds that you allow the connection to the
server to take.    This only limits the connection phase, once
curl has connected this option is of no more use. See also the
-m, --max-time option.

> If this option is used several times, the last one will be used.


This means, it will wait a hardcoded 180 seconds in any case, even if
Tor is totally unable to connect (network down or censored). The
connection won't fail and curl won't exit before 180 seconds are over.

I tend to believe it would be better to combine --max-time 180 with
--connect-timeout xx...

What do you think? How many seconds for --connect-timeout? 60?

Cheers,
adrelanos