sec -> ms in mask timeouts config. allows subsecond values in tests

This commit is contained in:
Batmaev
2026-04-07 22:40:07 +03:00
parent 380678380d
commit 0fa4ef7455
5 changed files with 32 additions and 31 deletions
+12 -12
View File
@@ -2466,8 +2466,8 @@ Note: This section also accepts the legacy alias `[server.admin_api]` (same sche
| [`mask_shape_above_cap_blur`](#cfg-censorship-mask_shape_above_cap_blur) | `bool` | `false` | | [`mask_shape_above_cap_blur`](#cfg-censorship-mask_shape_above_cap_blur) | `bool` | `false` |
| [`mask_shape_above_cap_blur_max_bytes`](#cfg-censorship-mask_shape_above_cap_blur_max_bytes) | `usize` | `512` | | [`mask_shape_above_cap_blur_max_bytes`](#cfg-censorship-mask_shape_above_cap_blur_max_bytes) | `usize` | `512` |
| [`mask_relay_max_bytes`](#cfg-censorship-mask_relay_max_bytes) | `usize` | `5242880` | | [`mask_relay_max_bytes`](#cfg-censorship-mask_relay_max_bytes) | `usize` | `5242880` |
| [`mask_relay_timeout_secs`](#cfg-censorship-mask_relay_timeout_secs) | `u64` | `60` | | [`mask_relay_timeout_ms`](#cfg-censorship-mask_relay_timeout_ms) | `u64` | `60_000` |
| [`mask_relay_idle_timeout_secs`](#cfg-censorship-mask_relay_idle_timeout_secs) | `u64` | `5` | | [`mask_relay_idle_timeout_ms`](#cfg-censorship-mask_relay_idle_timeout_ms) | `u64` | `5_000` |
| [`mask_classifier_prefetch_timeout_ms`](#cfg-censorship-mask_classifier_prefetch_timeout_ms) | `u64` | `5` | | [`mask_classifier_prefetch_timeout_ms`](#cfg-censorship-mask_classifier_prefetch_timeout_ms) | `u64` | `5` |
| [`mask_timing_normalization_enabled`](#cfg-censorship-mask_timing_normalization_enabled) | `bool` | `false` | | [`mask_timing_normalization_enabled`](#cfg-censorship-mask_timing_normalization_enabled) | `bool` | `false` |
| [`mask_timing_normalization_floor_ms`](#cfg-censorship-mask_timing_normalization_floor_ms) | `u64` | `0` | | [`mask_timing_normalization_floor_ms`](#cfg-censorship-mask_timing_normalization_floor_ms) | `u64` | `0` |
@@ -2738,25 +2738,25 @@ Note: This section also accepts the legacy alias `[server.admin_api]` (same sche
[censorship] [censorship]
mask_relay_max_bytes = 5242880 mask_relay_max_bytes = 5242880
``` ```
<a id="cfg-censorship-mask_relay_timeout_secs"></a> <a id="cfg-censorship-mask_relay_timeout_ms"></a>
- `mask_relay_timeout_secs` - `mask_relay_timeout_ms`
- **Constraints / validation**: Should be `>= mask_relay_idle_timeout_secs`. - **Constraints / validation**: Should be `>= mask_relay_idle_timeout_ms`.
- **Description**: Wall-clock cap (seconds) for the full masking relay on non-MTProto fallback paths. Raise when the mask target is a long-lived service (e.g. WebSocket). - **Description**: Wall-clock cap (ms) for the full masking relay on non-MTProto fallback paths. Raise when the mask target is a long-lived service (e.g. WebSocket). Default: 60 000 ms (60 s).
- **Example**: - **Example**:
```toml ```toml
[censorship] [censorship]
mask_relay_timeout_secs = 60 mask_relay_timeout_ms = 60000
``` ```
<a id="cfg-censorship-mask_relay_idle_timeout_secs"></a> <a id="cfg-censorship-mask_relay_idle_timeout_ms"></a>
- `mask_relay_idle_timeout_secs` - `mask_relay_idle_timeout_ms`
- **Constraints / validation**: Should be `<= mask_relay_timeout_secs`. - **Constraints / validation**: Should be `<= mask_relay_timeout_ms`.
- **Description**: Per-read idle timeout (seconds) on masking relay and drain paths. Limits resource consumption by slow-loris attacks and port scanners. A read call stalling beyond this value is treated as an abandoned connection. - **Description**: Per-read idle timeout (ms) on masking relay and drain paths. Limits resource consumption by slow-loris attacks and port scanners. A read call stalling beyond this value is treated as an abandoned connection. Default: 5 000 ms (5 s).
- **Example**: - **Example**:
```toml ```toml
[censorship] [censorship]
mask_relay_idle_timeout_secs = 5 mask_relay_idle_timeout_ms = 5000
``` ```
<a id="cfg-censorship-mask_classifier_prefetch_timeout_ms"></a> <a id="cfg-censorship-mask_classifier_prefetch_timeout_ms"></a>
- `mask_classifier_prefetch_timeout_ms` - `mask_classifier_prefetch_timeout_ms`
+8 -8
View File
@@ -616,23 +616,23 @@ pub(crate) fn default_mask_relay_max_bytes() -> usize {
} }
#[cfg(not(test))] #[cfg(not(test))]
pub(crate) fn default_mask_relay_timeout_secs() -> u64 { pub(crate) fn default_mask_relay_timeout_ms() -> u64 {
60 60_000
} }
#[cfg(test)] #[cfg(test)]
pub(crate) fn default_mask_relay_timeout_secs() -> u64 { pub(crate) fn default_mask_relay_timeout_ms() -> u64 {
10 200
} }
#[cfg(not(test))] #[cfg(not(test))]
pub(crate) fn default_mask_relay_idle_timeout_secs() -> u64 { pub(crate) fn default_mask_relay_idle_timeout_ms() -> u64 {
5 5_000
} }
#[cfg(test)] #[cfg(test)]
pub(crate) fn default_mask_relay_idle_timeout_secs() -> u64 { pub(crate) fn default_mask_relay_idle_timeout_ms() -> u64 {
1 100
} }
pub(crate) fn default_mask_classifier_prefetch_timeout_ms() -> u64 { pub(crate) fn default_mask_classifier_prefetch_timeout_ms() -> u64 {
+2 -3
View File
@@ -611,9 +611,8 @@ fn warn_non_hot_changes(old: &ProxyConfig, new: &ProxyConfig, non_hot_changed: b
|| old.censorship.mask_shape_above_cap_blur_max_bytes || old.censorship.mask_shape_above_cap_blur_max_bytes
!= new.censorship.mask_shape_above_cap_blur_max_bytes != new.censorship.mask_shape_above_cap_blur_max_bytes
|| old.censorship.mask_relay_max_bytes != new.censorship.mask_relay_max_bytes || old.censorship.mask_relay_max_bytes != new.censorship.mask_relay_max_bytes
|| old.censorship.mask_relay_timeout_secs != new.censorship.mask_relay_timeout_secs || old.censorship.mask_relay_timeout_ms != new.censorship.mask_relay_timeout_ms
|| old.censorship.mask_relay_idle_timeout_secs || old.censorship.mask_relay_idle_timeout_ms != new.censorship.mask_relay_idle_timeout_ms
!= new.censorship.mask_relay_idle_timeout_secs
|| old.censorship.mask_classifier_prefetch_timeout_ms || old.censorship.mask_classifier_prefetch_timeout_ms
!= new.censorship.mask_classifier_prefetch_timeout_ms != new.censorship.mask_classifier_prefetch_timeout_ms
|| old.censorship.mask_timing_normalization_enabled || old.censorship.mask_timing_normalization_enabled
+8 -6
View File
@@ -1688,14 +1688,16 @@ pub struct AntiCensorshipConfig {
/// Wall-clock cap for the full masking relay on non-MTProto fallback paths. /// Wall-clock cap for the full masking relay on non-MTProto fallback paths.
/// Raise when the mask target is a long-lived service (e.g. WebSocket). /// Raise when the mask target is a long-lived service (e.g. WebSocket).
#[serde(default = "default_mask_relay_timeout_secs")] /// Default: 60 000 ms (60 s).
pub mask_relay_timeout_secs: u64, #[serde(default = "default_mask_relay_timeout_ms")]
pub mask_relay_timeout_ms: u64,
/// Per-read idle timeout on masking relay and drain paths. /// Per-read idle timeout on masking relay and drain paths.
/// Limits resource consumption by slow-loris attacks and port scanners. /// Limits resource consumption by slow-loris attacks and port scanners.
/// A read call stalling beyond this is treated as an abandoned connection. /// A read call stalling beyond this is treated as an abandoned connection.
#[serde(default = "default_mask_relay_idle_timeout_secs")] /// Default: 5 000 ms (5 s).
pub mask_relay_idle_timeout_secs: u64, #[serde(default = "default_mask_relay_idle_timeout_ms")]
pub mask_relay_idle_timeout_ms: u64,
/// Prefetch timeout (ms) for extending fragmented masking classifier window. /// Prefetch timeout (ms) for extending fragmented masking classifier window.
#[serde(default = "default_mask_classifier_prefetch_timeout_ms")] #[serde(default = "default_mask_classifier_prefetch_timeout_ms")]
@@ -1742,8 +1744,8 @@ impl Default for AntiCensorshipConfig {
mask_shape_above_cap_blur: default_mask_shape_above_cap_blur(), mask_shape_above_cap_blur: default_mask_shape_above_cap_blur(),
mask_shape_above_cap_blur_max_bytes: default_mask_shape_above_cap_blur_max_bytes(), mask_shape_above_cap_blur_max_bytes: default_mask_shape_above_cap_blur_max_bytes(),
mask_relay_max_bytes: default_mask_relay_max_bytes(), mask_relay_max_bytes: default_mask_relay_max_bytes(),
mask_relay_timeout_secs: default_mask_relay_timeout_secs(), mask_relay_timeout_ms: default_mask_relay_timeout_ms(),
mask_relay_idle_timeout_secs: default_mask_relay_idle_timeout_secs(), mask_relay_idle_timeout_ms: default_mask_relay_idle_timeout_ms(),
mask_classifier_prefetch_timeout_ms: default_mask_classifier_prefetch_timeout_ms(), mask_classifier_prefetch_timeout_ms: default_mask_classifier_prefetch_timeout_ms(),
mask_timing_normalization_enabled: default_mask_timing_normalization_enabled(), mask_timing_normalization_enabled: default_mask_timing_normalization_enabled(),
mask_timing_normalization_floor_ms: default_mask_timing_normalization_floor_ms(), mask_timing_normalization_floor_ms: default_mask_timing_normalization_floor_ms(),
+2 -2
View File
@@ -643,8 +643,8 @@ pub async fn handle_bad_client<R, W>(
beobachten.record(client_type, peer.ip(), ttl); beobachten.record(client_type, peer.ip(), ttl);
} }
let relay_timeout = Duration::from_secs(config.censorship.mask_relay_timeout_secs); let relay_timeout = Duration::from_millis(config.censorship.mask_relay_timeout_ms);
let idle_timeout = Duration::from_secs(config.censorship.mask_relay_idle_timeout_secs); let idle_timeout = Duration::from_millis(config.censorship.mask_relay_idle_timeout_ms);
if !config.censorship.mask { if !config.censorship.mask {
// Masking disabled, just consume data // Masking disabled, just consume data