PHP timeout optimization



  • The php.ini in PFSense 1.2 sets PHP's timeout and it is set 99999999 of seconds. This long timeout across all PHP code can cause problems. The problem that I ran into was on captive portal. If the captive portal lock file was not deleted in a timely manner then each new login attempt would start and not timeout until 99999999 seconds had passed or the machine was rebooted. The processes would then stack up and use all the web server listeners and that would clog up the web server. At this point it appears to the admin that pfSense GUI has hung. To the user the logins never loads.

    pfSense 1.2 php.ini default timeouts are currently set to:
    max_execution_time = 99999999
    max_input_time = 99999999

    I believe it is better instead to have the execution time a bit shorter something between 60-300 seconds:
    max_execution_time = 180
    max_input_time = 180

    Then on pages that require more time to use a PHP command to override the default timeout. PHP code that would need this would be like the pfSense backup and restore code that does the upload and maybe the download depending on how that is implemented.

    ini_set('max_execution_time', '3600'); // 0 = no limit.
    ini_set('max_input_time', '3600'); // 0 = no limit.

    With this approach the RAM, CPU and web server listening resources can be protected and maximized.



  • This all seems reasonable.  Would you like to submit patches to change the behavior?



  • I'm interested in helping. Do you want the patches against the latest cvs update or just against 1.2 release?

    In the past I have installed PFSense 1.2 Beta 2 with the developer boot strap however I ended up using that for testing on another project. I've tried it again and it has the same problem that the packages did with FreeBSD 6.2 packages being moved. Is there another dev_bootstrap.sh file or do I need to edit the current one and put it in an alternate location?

    I've also wondered now since the new version will be using FreeBSD 7 if I will need to setup the environment manually so that I can get pfSense running from FreeBSD 7?



  • Patches against RELENG_1 (1.3) and HEAD (2.0) would be wonderful.

    1.3 indeed is FreeBSD7.  Going forward all major releases will be FreeBSD7+.  We will release a 1.2.1 version with only security fixes that will be based on 6.3.  However this really isn't a security fix so it will not be in 1.2.1.

    Scott



  • I've gotten the developer ISO installed and working. Then released I could pick up current files for RELENG_1 and HEAD from: http://cvs.pfsense.org/cgi-bin/cvsweb.cgi/pfSense/

    I think picking up the files with Eclipse CVS may be even more convenient.
    I've been following the instructions from:
    http://devwiki.pfsense.org/UsingEclipseWithpfSense

    Is there a read only account for pfSense CVS?

    I have tried anonymous with a blank password but received 'connection timed out'

    Eclipse CVS Settings

    Host: cvs.pfsense.com
    Repository path: /cvsroot
    User: anonymous
    Connection Type: extssh

    My background:
    I'm an independent contractor for computer networking, server management (Windows, Linux, FreeBSD is my favorite), VOIP systems (Cisco, Asterisk, and FreeSwitch), and programming (several languages but PHP is my favorite).

    PHP experience:
    Wrote a Genealogy script to display my family tree on a website
    A web server in PHP to run from a CD or USB drive,
    Built a SQL Query tool that also writes PHP,
    PHP editor written in AJAX and PHP for PHP,
    A simple content management system centered on RSS,
    Integrated FreeRadius and Credit Card Gateway for a WISP,
    Built several company web pages and intranets,
    and contact, user, ticket, billing, and more.

    PFSense is great project and is fun to work on and I want to contribute to the project in anyway I can.



  • Only developers have access to the cvs. We don't provide a read only account currently. If you are really interested in helping out and frequently work on pfSense contact coreteam(at)pfsense(dot)org to get signed in.



  • @mcrane:

    I've gotten the developer ISO installed and working. Then released I could pick up current files for RELENG_1 and HEAD from: http://cvs.pfsense.org/cgi-bin/cvsweb.cgi/pfSense/

    I think picking up the files with Eclipse CVS may be even more convenient.
    I've been following the instructions from:
    http://devwiki.pfsense.org/UsingEclipseWithpfSense

    Is there a read only account for pfSense CVS?

    I have tried anonymous with a blank password but received 'connection timed out'

    Eclipse CVS Settings

    Host: cvs.pfsense.com
    Repository path: /cvsroot
    User: anonymous
    Connection Type: extssh

    My background:
    I'm an independent contractor for computer networking, server management (Windows, Linux, FreeBSD is my favorite), VOIP systems (Cisco, Asterisk, and FreeSwitch), and programming (several languages but PHP is my favorite).

    PHP experience:
    Wrote a Genealogy script to display my family tree on a website
    A web server in PHP to run from a CD or USB drive,
    Built a SQL Query tool that also writes PHP,
    PHP editor written in AJAX and PHP for PHP,
    A simple content management system centered on RSS,
    Integrated FreeRadius and Credit Card Gateway for a WISP,
    Built several company web pages and intranets,
    and contact, user, ticket, billing, and more.

    PFSense is great project and is fun to work on and I want to contribute to the project in anyway I can.

    Email me your username, password and Ip address and I will get you an account.



  • Thanks Scott!

    I have setup Eclipse and sent my first commits.

    Made the following changes to HEAD and RELENG_1
    1. Set PHP execution time to 180 seconds.
    2. Set additional max execution time 3600 seconds (1 hr) to backup/restore
    3. Set additional max execution time 3600 seconds (1 hr) to firmware upgrade.

    There may be additional pages that need more execution time the ones above are the pages that I'm aware of.
    Should get the changes optimizations for lighttpd and captive portal in next few days.



  • There's sometimes a long wait when adding a new vlan.


Locked