From fbfd4ddf3ff47204d0240897867c0d07aedd5cbd Mon Sep 17 00:00:00 2001 From: PiBa-NL Date: Fri, 16 Sep 2016 00:26:05 +0200 Subject: Suricata, a broken download should not wait forever. (cherry picked from commit 137820ed63ffd74044448ac66c458100f38749dc) --- security/pfSense-pkg-suricata/Makefile | 2 +- .../files/usr/local/pkg/suricata/suricata_check_for_rule_updates.php | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/security/pfSense-pkg-suricata/Makefile b/security/pfSense-pkg-suricata/Makefile index 5423e68..e290753 100644 --- a/security/pfSense-pkg-suricata/Makefile +++ b/security/pfSense-pkg-suricata/Makefile @@ -2,7 +2,7 @@ PORTNAME= pfSense-pkg-suricata PORTVERSION= 3.0 -PORTREVISION= 7 +PORTREVISION= 8 CATEGORIES= security MASTER_SITES= # empty DISTFILES= # empty diff --git a/security/pfSense-pkg-suricata/files/usr/local/pkg/suricata/suricata_check_for_rule_updates.php b/security/pfSense-pkg-suricata/files/usr/local/pkg/suricata/suricata_check_for_rule_updates.php index 26e7790..c1a9019 100644 --- a/security/pfSense-pkg-suricata/files/usr/local/pkg/suricata/suricata_check_for_rule_updates.php +++ b/security/pfSense-pkg-suricata/files/usr/local/pkg/suricata/suricata_check_for_rule_updates.php @@ -196,6 +196,9 @@ function suricata_download_file_url($url, $file_out) { curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 10); curl_setopt($ch, CURLOPT_TIMEOUT, 0); + + // detect broken connection so it disconnects after +-10 minutes (with default TCP_KEEPIDLE and TCP_KEEPINTVL) to avoid waiting forever. + curl_setopt($ch, CURLOPT_TCP_KEEPALIVE, 1); // Honor any system restrictions on sending USERAGENT info if (!isset($config['system']['do_not_send_host_uuid'])) { -- cgit v1.1