Add configuration for the maximum idle duration of connections before…

… they are discarded
Nitrokey · Aug 22, 2024 · 71ae273 · 71ae273
1 parent 4bfa6ea
commit 71ae273
Show file tree

Hide file tree

Showing 3 changed files with 25 additions and 3 deletions.
diff --git a/p11nethsm.example.conf b/p11nethsm.example.conf
@@ -63,6 +63,18 @@ slots:
       count: 3
       # The delay between retries, in integer seconds
       delay_seconds: 1
+    # it is possible to configure idle connections to make use of TCP keepalives, preventing the closing of connections by a firewall or detecting such cases
+    tcp_keepalive:
+      # the number of seconds before keepalives packets start being sent
+      time_seconds: 600
+      # the number of seconds between each keepalive packet
+      interval_seconds: 60
+      # the number of keepalive packets being sent without a response before the connection 
+      # is considered closed
+      retries: 3
+    # Time a connection can spend idle before being closed
+    connections_max_idle_duration: 1800
+
     # Configurable timeout for network operations. If a network operation takes more than, `timeout_seconds`, consider it failed. If `retries` is configured, it will be retried.
     # Defaults to infinite
     timeout_seconds: 10
diff --git a/pkcs11/src/config/config_file.rs b/pkcs11/src/config/config_file.rs
@@ -200,11 +200,11 @@ pub struct SlotConfig {
     #[serde(default)]
     pub retries: Option<RetryConfig>,
     #[serde(default)]
-    pub tcp_keepalives: Option<TcpKeepaliveConfig>,
+    pub tcp_keepalive: Option<TcpKeepaliveConfig>,
     #[serde(default)]
     pub timeout_seconds: Option<u64>,
     #[serde(default)]
-    pub connection_stale_after_seconds: Option<u64>,
+    pub connections_max_idle_duration: Option<u64>,
 }
 
 // An user
@@ -393,6 +393,12 @@ password: ""
                         delay_seconds: 1
                     }),
                     timeout_seconds: Some(10),
+                    tcp_keepalive: Some(TcpKeepaliveConfig {
+                        time_seconds: 600,
+                        interval_seconds: 60,
+                        retries: 3
+                    }),
+                    connections_max_idle_duration: Some(60 * 30)
                 }]
             },
             serde_yaml::from_str(config).unwrap()

diff --git a/pkcs11/src/config/initialization.rs b/pkcs11/src/config/initialization.rs
@@ -180,13 +180,17 @@ fn slot_from_config(slot: &SlotConfig) -> Result<Slot, InitializationError> {
                 .timeout(Duration::from_secs(t))
                 .timeout_connect(Duration::from_secs(10));
         }
-        if let Some(keepalive) = slot.tcp_keepalives {
+        if let Some(keepalive) = slot.tcp_keepalive {
             builder = builder
                 .tcp_keepalive_time(Duration::from_secs(keepalive.time_seconds))
                 .tcp_keepalive_interval(Duration::from_secs(keepalive.interval_seconds))
                 .tcp_keepalive_retries(keepalive.retries);
         }
 
+        if let Some(max_idle_duration) = slot.connections_max_idle_duration {
+            builder = builder.max_idle_duration(Duration::from_secs(max_idle_duration));
+        }
+
         let agent = builder.build();
 
         let api_config = nethsm_sdk_rs::apis::configuration::Configuration {