sysadmin/ipxe
1
0
Fork 0
mirror of https://github.com/ipxe/ipxe synced 2025-12-06 17:30:26 +03:00
Code Issues Packages Projects Releases Wiki Activity
7,249 Commits 13 Branches 11 Tags
88c3e68dfb2f1a3d5c2ada29b4eeef600c94c5ac
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Michael Brown 88c3e68dfb [http] Abort connections after a long period of inactivity 
Once an HTTP download has started (i.e. once all request headers have
been sent), we generally have no more data to transmit.  If an HTTP
connection dies silently (e.g. due to a network failure, a NIC driver
bug, or a server crash) then there is no mechanism that will currently
detect this situation by default.

We do send TCP keep-alives (to maintain state in intermediate routers
and firewalls), but we do not attempt to elicit a response from the
server.  RFC 9293 explicitly states that the absence of a response to
a TCP keep-alive probe must not be interpreted as indicating a dead
connection, since TCP cannot guarantee reliable delivery of packets
that do not advance the sequence number.

Scripts may use the "--timeout" option to impose an overall time limit
on downloads, but this mechanism is off by default and requires
additional thought and configuration by the user (which goes against
iPXE's general philosophy of being as automatic as possible).

Add an idle connection watchdog timer which will cause the HTTP
download to abort after 120 seconds of inactivity.  Activity is
defined as an I/O buffer being delivered to the HTTP transaction's
upstream data transfer interface.

Downloads over HTTPS may experience a substantial delay until the
first recorded activity, since all TLS negotiation (including
cross-chained certificate downloads and OCSP checks) must complete
before any application data can be sent.  We choose to not reset the
watchdog timer during TLS negotiation, on the basis that 120 seconds
is already an unreasonably long time for a TLS negotiation to take to
complete.  If necessary, resetting the watchdog timer could be
accomplished by having the TLS layer deliver zero-length I/O buffers
(via xfer_seek()) to indicate forward progress being made.

When using PeerDist content encoding, the downloaded content
information is not passed through to the content-decoded interface and
so will not be classed as activity.  Any activity in the individual
PeerDist block downloads (either from peers or as range requests from
the origin server) will be classed as activity in the overall
download, since individual block downloads do not buffer data but
instead pass it through directly via the PeerDist download
multiplexer.

Signed-off-by: Michael Brown <mcb30@ipxe.org>
2025-12-04 14:47:45 +00:00
.github
[github] Extend sponsorship link
2025-08-06 13:31:00 +01:00
contrib
[cloud] Remove AWS public image access block only if not already unblocked
2025-10-20 12:58:03 +01:00
src
[http] Abort connections after a long period of inactivity
2025-12-04 14:47:45 +00:00
COPYING
[legal] Update GPLv2 licence text
2015-02-26 17:59:53 +00:00
COPYING.GPLv2
[legal] Update GPLv2 licence text
2015-02-26 17:59:53 +00:00
COPYING.UBDL
[legal] Add support for the Unmodified Binary Distribution Licence
2015-03-02 12:07:14 +00:00
README
[doc] Re-add README file
2010-05-28 00:03:47 +01:00

README 

iPXE README File

Quick start guide:

   cd src
   make

For any more detailed instructions, see http://ipxe.org
Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
ipxepxe
Readme 116 MiB
Languages
C 97.3%
Assembly 1.5%
Perl 0.6%
Makefile 0.3%
Python 0.2%