From 0fa4ef745560caf30f8ef8433699f9f601744b53 Mon Sep 17 00:00:00 2001 From: Batmaev Date: Tue, 7 Apr 2026 22:40:07 +0300 Subject: [PATCH] sec -> ms in mask timeouts config. allows subsecond values in tests --- docs/CONFIG_PARAMS.en.md | 24 ++++++++++++------------ src/config/defaults.rs | 16 ++++++++-------- src/config/hot_reload.rs | 5 ++--- src/config/types.rs | 14 ++++++++------ src/proxy/masking.rs | 4 ++-- 5 files changed, 32 insertions(+), 31 deletions(-) diff --git a/docs/CONFIG_PARAMS.en.md b/docs/CONFIG_PARAMS.en.md index 7d708a0..504b0f8 100644 --- a/docs/CONFIG_PARAMS.en.md +++ b/docs/CONFIG_PARAMS.en.md @@ -2466,8 +2466,8 @@ Note: This section also accepts the legacy alias `[server.admin_api]` (same sche | [`mask_shape_above_cap_blur`](#cfg-censorship-mask_shape_above_cap_blur) | `bool` | `false` | | [`mask_shape_above_cap_blur_max_bytes`](#cfg-censorship-mask_shape_above_cap_blur_max_bytes) | `usize` | `512` | | [`mask_relay_max_bytes`](#cfg-censorship-mask_relay_max_bytes) | `usize` | `5242880` | -| [`mask_relay_timeout_secs`](#cfg-censorship-mask_relay_timeout_secs) | `u64` | `60` | -| [`mask_relay_idle_timeout_secs`](#cfg-censorship-mask_relay_idle_timeout_secs) | `u64` | `5` | +| [`mask_relay_timeout_ms`](#cfg-censorship-mask_relay_timeout_ms) | `u64` | `60_000` | +| [`mask_relay_idle_timeout_ms`](#cfg-censorship-mask_relay_idle_timeout_ms) | `u64` | `5_000` | | [`mask_classifier_prefetch_timeout_ms`](#cfg-censorship-mask_classifier_prefetch_timeout_ms) | `u64` | `5` | | [`mask_timing_normalization_enabled`](#cfg-censorship-mask_timing_normalization_enabled) | `bool` | `false` | | [`mask_timing_normalization_floor_ms`](#cfg-censorship-mask_timing_normalization_floor_ms) | `u64` | `0` | @@ -2738,25 +2738,25 @@ Note: This section also accepts the legacy alias `[server.admin_api]` (same sche [censorship] mask_relay_max_bytes = 5242880 ``` - -- `mask_relay_timeout_secs` - - **Constraints / validation**: Should be `>= mask_relay_idle_timeout_secs`. - - **Description**: Wall-clock cap (seconds) for the full masking relay on non-MTProto fallback paths. Raise when the mask target is a long-lived service (e.g. WebSocket). + +- `mask_relay_timeout_ms` + - **Constraints / validation**: Should be `>= mask_relay_idle_timeout_ms`. + - **Description**: Wall-clock cap (ms) for the full masking relay on non-MTProto fallback paths. Raise when the mask target is a long-lived service (e.g. WebSocket). Default: 60 000 ms (60 s). - **Example**: ```toml [censorship] - mask_relay_timeout_secs = 60 + mask_relay_timeout_ms = 60000 ``` - -- `mask_relay_idle_timeout_secs` - - **Constraints / validation**: Should be `<= mask_relay_timeout_secs`. - - **Description**: Per-read idle timeout (seconds) on masking relay and drain paths. Limits resource consumption by slow-loris attacks and port scanners. A read call stalling beyond this value is treated as an abandoned connection. + +- `mask_relay_idle_timeout_ms` + - **Constraints / validation**: Should be `<= mask_relay_timeout_ms`. + - **Description**: Per-read idle timeout (ms) on masking relay and drain paths. Limits resource consumption by slow-loris attacks and port scanners. A read call stalling beyond this value is treated as an abandoned connection. Default: 5 000 ms (5 s). - **Example**: ```toml [censorship] - mask_relay_idle_timeout_secs = 5 + mask_relay_idle_timeout_ms = 5000 ``` - `mask_classifier_prefetch_timeout_ms` diff --git a/src/config/defaults.rs b/src/config/defaults.rs index 847731e..8eebe6c 100644 --- a/src/config/defaults.rs +++ b/src/config/defaults.rs @@ -616,23 +616,23 @@ pub(crate) fn default_mask_relay_max_bytes() -> usize { } #[cfg(not(test))] -pub(crate) fn default_mask_relay_timeout_secs() -> u64 { - 60 +pub(crate) fn default_mask_relay_timeout_ms() -> u64 { + 60_000 } #[cfg(test)] -pub(crate) fn default_mask_relay_timeout_secs() -> u64 { - 10 +pub(crate) fn default_mask_relay_timeout_ms() -> u64 { + 200 } #[cfg(not(test))] -pub(crate) fn default_mask_relay_idle_timeout_secs() -> u64 { - 5 +pub(crate) fn default_mask_relay_idle_timeout_ms() -> u64 { + 5_000 } #[cfg(test)] -pub(crate) fn default_mask_relay_idle_timeout_secs() -> u64 { - 1 +pub(crate) fn default_mask_relay_idle_timeout_ms() -> u64 { + 100 } pub(crate) fn default_mask_classifier_prefetch_timeout_ms() -> u64 { diff --git a/src/config/hot_reload.rs b/src/config/hot_reload.rs index cb8d47e..61c36eb 100644 --- a/src/config/hot_reload.rs +++ b/src/config/hot_reload.rs @@ -611,9 +611,8 @@ fn warn_non_hot_changes(old: &ProxyConfig, new: &ProxyConfig, non_hot_changed: b || old.censorship.mask_shape_above_cap_blur_max_bytes != new.censorship.mask_shape_above_cap_blur_max_bytes || old.censorship.mask_relay_max_bytes != new.censorship.mask_relay_max_bytes - || old.censorship.mask_relay_timeout_secs != new.censorship.mask_relay_timeout_secs - || old.censorship.mask_relay_idle_timeout_secs - != new.censorship.mask_relay_idle_timeout_secs + || old.censorship.mask_relay_timeout_ms != new.censorship.mask_relay_timeout_ms + || old.censorship.mask_relay_idle_timeout_ms != new.censorship.mask_relay_idle_timeout_ms || old.censorship.mask_classifier_prefetch_timeout_ms != new.censorship.mask_classifier_prefetch_timeout_ms || old.censorship.mask_timing_normalization_enabled diff --git a/src/config/types.rs b/src/config/types.rs index 273512d..302d8ee 100644 --- a/src/config/types.rs +++ b/src/config/types.rs @@ -1688,14 +1688,16 @@ pub struct AntiCensorshipConfig { /// Wall-clock cap for the full masking relay on non-MTProto fallback paths. /// Raise when the mask target is a long-lived service (e.g. WebSocket). - #[serde(default = "default_mask_relay_timeout_secs")] - pub mask_relay_timeout_secs: u64, + /// Default: 60 000 ms (60 s). + #[serde(default = "default_mask_relay_timeout_ms")] + pub mask_relay_timeout_ms: u64, /// Per-read idle timeout on masking relay and drain paths. /// Limits resource consumption by slow-loris attacks and port scanners. /// A read call stalling beyond this is treated as an abandoned connection. - #[serde(default = "default_mask_relay_idle_timeout_secs")] - pub mask_relay_idle_timeout_secs: u64, + /// Default: 5 000 ms (5 s). + #[serde(default = "default_mask_relay_idle_timeout_ms")] + pub mask_relay_idle_timeout_ms: u64, /// Prefetch timeout (ms) for extending fragmented masking classifier window. #[serde(default = "default_mask_classifier_prefetch_timeout_ms")] @@ -1742,8 +1744,8 @@ impl Default for AntiCensorshipConfig { mask_shape_above_cap_blur: default_mask_shape_above_cap_blur(), mask_shape_above_cap_blur_max_bytes: default_mask_shape_above_cap_blur_max_bytes(), mask_relay_max_bytes: default_mask_relay_max_bytes(), - mask_relay_timeout_secs: default_mask_relay_timeout_secs(), - mask_relay_idle_timeout_secs: default_mask_relay_idle_timeout_secs(), + mask_relay_timeout_ms: default_mask_relay_timeout_ms(), + mask_relay_idle_timeout_ms: default_mask_relay_idle_timeout_ms(), mask_classifier_prefetch_timeout_ms: default_mask_classifier_prefetch_timeout_ms(), mask_timing_normalization_enabled: default_mask_timing_normalization_enabled(), mask_timing_normalization_floor_ms: default_mask_timing_normalization_floor_ms(), diff --git a/src/proxy/masking.rs b/src/proxy/masking.rs index c346b88..d49e4c3 100644 --- a/src/proxy/masking.rs +++ b/src/proxy/masking.rs @@ -643,8 +643,8 @@ pub async fn handle_bad_client( beobachten.record(client_type, peer.ip(), ttl); } - let relay_timeout = Duration::from_secs(config.censorship.mask_relay_timeout_secs); - let idle_timeout = Duration::from_secs(config.censorship.mask_relay_idle_timeout_secs); + let relay_timeout = Duration::from_millis(config.censorship.mask_relay_timeout_ms); + let idle_timeout = Duration::from_millis(config.censorship.mask_relay_idle_timeout_ms); if !config.censorship.mask { // Masking disabled, just consume data