Refactor delayed verdict handling and add configurable retries

Extract HandleDelayedVerdict() to eliminate duplication and make
retry count and polling time configurable. Add delayed verdict
handling to SendRequestEnd with unit tests.

attachments/nano_attachment/nano_attachment.c

@@ -89,6 +89,8 @@ InitNanoAttachment(uint8_t attachment_type, int worker_id, int num_of_workers, i
     attachment->res_header_thread_timeout_msec = 100;
     attachment->res_body_thread_timeout_msec = 150;
     attachment->waiting_for_verdict_thread_timeout_msec = 150;
+    attachment->hold_verdict_retries = 10;
+    attachment->hold_verdict_polling_time = 1;
     attachment->metric_timeout_timeout = 100;
     attachment->inspection_mode = NON_BLOCKING_THREAD;
     attachment->num_of_nano_ipc_elements = 200;

attachments/nano_attachment/nano_attachment_sender.c

@@ -291,6 +291,70 @@ FinalizeFailedResponse(NanoAttachment *attachment, SessionID session_id, HttpEve
     return response;
 }
 
+///
+/// @brief Handles delayed verdict by spawning SendDelayedVerdictRequestThread and waiting for the verdict.
+///
+/// @param attachment Pointer to the NanoAttachment struct representing the attachment.
+/// @param data Pointer to the AttachmentData struct containing the attachment data.
+/// @param session_id The session ID associated with the attachment.
+/// @param ctx Pointer to the HttpEventThreadCtx struct containing the HTTP event context.
+/// @param transaction_type The transaction type (REQUEST or RESPONSE).
+/// @return 1 if timeout occurred (caller should handle timeout response), 0 if successful (continue processing).
+///
+static int
+HandleDelayedVerdict(
+    NanoAttachment *attachment,
+    AttachmentData *data,
+    SessionID session_id,
+    HttpEventThreadCtx *ctx,
+    TransactionType transaction_type
+)
+{
+    int res;
+    unsigned int i;
+
+    for (i = 0; i < attachment->hold_verdict_retries; i++) {
+        sleep(attachment->hold_verdict_polling_time);
+        write_dbg(attachment, session_id, DBG_LEVEL_DEBUG, "spawn SendDelayedVerdictRequestThread");
+        res = NanoRunInThreadTimeout(
+            attachment, 
+            data,
+            SendDelayedVerdictRequestThread,
+            (void *)ctx,
+            attachment->waiting_for_verdict_thread_timeout_msec,
+            "SendDelayedVerdictRequestThread",
+            transaction_type
+        );
+        if (!res) {
+            updateMetricField(attachment, HOLD_THREAD_TIMEOUT, 1);
+            return 1;
+        }
+
+        write_dbg(
+            attachment,
+            session_id,
+            DBG_LEVEL_DEBUG,
+            "finished SendDelayedVerdictRequestThread successfully. res=%d",
+            ctx->res
+        );
+
+        if (ctx->session_data_p->verdict != TRAFFIC_VERDICT_DELAYED) {
+            return 0;
+        }
+    }
+
+    write_dbg(
+        attachment,
+        session_id,
+        DBG_LEVEL_WARNING,
+        "SendDelayedVerdictRequestThread timed out after %d retries",
+        attachment->hold_verdict_retries
+    );
+
+    ctx->res = NANO_ERROR;
+    return 0;
+}
+
 AttachmentVerdictResponse
 SendRequestFilter(NanoAttachment *attachment, AttachmentData *data)
 {
@@ -446,28 +510,9 @@ SendRequestHeaders(NanoAttachment *attachment, AttachmentData *data)
     );
 
     if (session_data_p->verdict == TRAFFIC_VERDICT_DELAYED) {
-        write_dbg(attachment, session_id, DBG_LEVEL_DEBUG, "spawn SendDelayedVerdictRequestThread");
+        if (HandleDelayedVerdict(attachment, data, session_id, &ctx, REQUEST)) {
-        res = NanoRunInThreadTimeout(
-            attachment,
-            data,
-            SendDelayedVerdictRequestThread,
-            (void *)&ctx,
-            attachment->waiting_for_verdict_thread_timeout_msec,
-            "SendDelayedVerdictRequestThread",
-            REQUEST
-        );
-        if (!res) {
-            updateMetricField(attachment, HOLD_THREAD_TIMEOUT, 1);
             return SendThreadTimeoutVerdict(attachment, session_id, &ctx);
         }
-
-        write_dbg(
-            attachment,
-            session_id,
-            DBG_LEVEL_DEBUG,
-            "finished SendDelayedVerdictRequestThread successfully. res=%d",
-            ctx.res
-        );
     }
 
     if (ctx.res != NANO_HTTP_FORBIDDEN && ctx.res != NANO_OK) {
@@ -567,28 +612,9 @@ SendRequestBody(NanoAttachment *attachment, AttachmentData *data)
     );
 
     if (session_data_p->verdict == TRAFFIC_VERDICT_DELAYED) {
-        write_dbg(attachment, session_id, DBG_LEVEL_DEBUG, "spawn SendDelayedVerdictRequestThread");
+        if (HandleDelayedVerdict(attachment, data, session_id, &ctx, REQUEST)) {
-        res = NanoRunInThreadTimeout(
-            attachment,
-            data,
-            SendDelayedVerdictRequestThread,
-            (void *)&ctx,
-            attachment->waiting_for_verdict_thread_timeout_msec,
-            "SendDelayedVerdictRequestThread",
-            REQUEST
-        );
-        if (!res) {
-            updateMetricField(attachment, HOLD_THREAD_TIMEOUT, 1);
             return SendThreadTimeoutVerdict(attachment, session_id, &ctx);
         }
-
-        write_dbg(
-            attachment,
-            session_id,
-            DBG_LEVEL_DEBUG,
-            "finished SendDelayedVerdictRequestThread successfully. res=%d",
-            ctx.res
-        );
     }
 
     if (ctx.res != NANO_HTTP_FORBIDDEN && ctx.res != NANO_OK) {
@@ -637,28 +663,9 @@ SendResponseBody(NanoAttachment *attachment, AttachmentData *data)
     );
 
     if (session_data_p->verdict == TRAFFIC_VERDICT_DELAYED) {
-        write_dbg(attachment, session_id, DBG_LEVEL_DEBUG, "spawn SendDelayedVerdictRequestThread");
+        if (HandleDelayedVerdict(attachment, data, session_id, &ctx, RESPONSE)) {
-        res = NanoRunInThreadTimeout(
-            attachment,
-            data,
-            SendDelayedVerdictRequestThread,
-            (void *)&ctx,
-            attachment->waiting_for_verdict_thread_timeout_msec,
-            "SendDelayedVerdictRequestThread",
-            RESPONSE
-        );
-        if (!res) {
-            updateMetricField(attachment, HOLD_THREAD_TIMEOUT, 1);
             return SendThreadTimeoutVerdict(attachment, session_id, &ctx);
         }
-
-        write_dbg(
-            attachment,
-            session_id,
-            DBG_LEVEL_DEBUG,
-            "finished SendDelayedVerdictRequestThread successfully. res=%d",
-            ctx.res
-        );
     }
 
     if (ctx.res != NANO_HTTP_FORBIDDEN && ctx.res != NANO_OK) {
@@ -713,28 +720,9 @@ SendRequestEnd(NanoAttachment *attachment, AttachmentData *data)
     );
 
     if (session_data_p->verdict == TRAFFIC_VERDICT_DELAYED) {
-        write_dbg(attachment, session_id, DBG_LEVEL_DEBUG, "spawn SendDelayedVerdictRequestThread");
+        if (HandleDelayedVerdict(attachment, data, session_id, &ctx, REQUEST)) {
-        res = NanoRunInThreadTimeout(
-            attachment,
-            data,
-            SendDelayedVerdictRequestThread,
-            (void *)&ctx,
-            attachment->waiting_for_verdict_thread_timeout_msec,
-            "SendDelayedVerdictRequestThread",
-            RESPONSE
-        );
-        if (!res) {
-            updateMetricField(attachment, HOLD_THREAD_TIMEOUT, 1);
             return SendThreadTimeoutVerdict(attachment, session_id, &ctx);
         }
-
-        write_dbg(
-            attachment,
-            session_id,
-            DBG_LEVEL_DEBUG,
-            "finished SendDelayedVerdictRequestThread successfully. res=%d",
-            ctx.res
-        );
     }
 
     if (ctx.res != NANO_HTTP_FORBIDDEN && ctx.res != NANO_OK) {

attachments/nano_attachment/nano_attachment_util/nano_attachment_util.cc

@@ -155,6 +155,18 @@ getWaitingForVerdictThreadTimeout()
     return conf_data.getNumericalValue("waiting_for_verdict_thread_timeout_msec");
 }
 
+unsigned int
+getHoldVerdictRetries()
+{
+    return conf_data.getNumericalValue("hold_verdict_retries");
+}
+
+unsigned int
+getHoldVerdictPollingTime()
+{
+    return conf_data.getNumericalValue("hold_verdict_polling_time");
+}
+
 int
 isIPAddress(c_str ip_str)
 {

attachments/nano_attachment/nano_configuration.c

@@ -72,6 +72,8 @@ init_attachment_config(NanoAttachment *attachment, const char *conf_path)
     attachment->res_header_thread_timeout_msec = getResHeaderThreadTimeout();
     attachment->res_body_thread_timeout_msec = getResBodyThreadTimeout();
     attachment->waiting_for_verdict_thread_timeout_msec = getWaitingForVerdictThreadTimeout();
+    attachment->hold_verdict_retries = getHoldVerdictRetries();
+    attachment->hold_verdict_polling_time = getHoldVerdictPollingTime();
 
     attachment->num_of_nano_ipc_elements = getNumOfNginxIpcElements();
     attachment->keep_alive_interval_msec = getKeepAliveIntervalMsec();
@@ -105,6 +107,8 @@ init_attachment_config(NanoAttachment *attachment, const char *conf_path)
         "res header thread timeout: %u msec, "
         "res body thread timeout: %u msec, "
         "delayed thread timeout: %u msec, "
+        "hold verdict retries: %u, "
+        "hold verdict polling time: %u msec, "
         "static resources path: %s, "
         "num of nginx ipc elements: %u, "
         "keep alive interval msec: %u msec",
@@ -125,6 +129,8 @@ init_attachment_config(NanoAttachment *attachment, const char *conf_path)
         attachment->res_header_thread_timeout_msec,
         attachment->res_body_thread_timeout_msec,
         attachment->waiting_for_verdict_thread_timeout_msec,
+        attachment->hold_verdict_retries,
+        attachment->hold_verdict_polling_time,
         getStaticResourcesPath(),
         attachment->num_of_nano_ipc_elements,
         attachment->keep_alive_interval_msec

attachments/nano_attachment/nano_initializer.h

@@ -72,6 +72,8 @@ typedef struct NanoAttachment {
     unsigned int res_header_thread_timeout_msec; ///< Response header processing timeout in milliseconds.
     unsigned int res_body_thread_timeout_msec; ///< Response body processing timeout in milliseconds.
     unsigned int waiting_for_verdict_thread_timeout_msec; ///< Wait thread processing timeout in milliseconds.
+    unsigned int hold_verdict_retries; ///< Number of retries when handling delayed verdict.
+    unsigned int hold_verdict_polling_time; ///< Polling time in milliseconds between retries when handling delayed verdict.
     unsigned int metric_timeout_timeout; ///< Metric timeout in milliseconds.
     NanoHttpInspectionMode inspection_mode; ///< Default inspection mode.
     unsigned int num_of_nano_ipc_elements; ///< Number of NANO IPC elements.

core/include/attachments/nano_attachment_util.h

@@ -56,6 +56,8 @@ unsigned int getResHeaderThreadTimeout();
 unsigned int getResBodyThreadTimeout();
 
 unsigned int getWaitingForVerdictThreadTimeout();
+unsigned int getHoldVerdictRetries();
+unsigned int getHoldVerdictPollingTime();
 
 int isIPAddress(c_str ip_str);
 int isSkipSource(c_str ip_str);