From: Christopher Faulet Date: Thu, 3 Nov 2022 15:41:46 +0000 (+0100) Subject: BUG/MINOR: resolvers: Set port before IP address when processing SRV records X-Git-Tag: v2.7-dev9~59 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2364b39984e4fd4aa6a88148520d49fe0620c034;p=thirdparty%2Fhaproxy.git BUG/MINOR: resolvers: Set port before IP address when processing SRV records For a server subject to SRV resolution, when the server's address is set, its dynamic cookie, if any, and its server key are computed. Both are based on the ip/port pair. However, this happens before the server's port is set. Thus the port is equal to 0 at this stage. It is a problem if several servers share the same IP but with different ports because they will share the same dynamic cookie and the same server key, disturbing this way the connection persistency and the session stickiness. This patch must be backported as far as 2.2. --- diff --git a/src/resolvers.c b/src/resolvers.c index d93078003b..9cb23113b5 100644 --- a/src/resolvers.c +++ b/src/resolvers.c @@ -819,6 +819,9 @@ srv_found: srv->flags &= ~SRV_F_NO_RESOLUTION; srv->srvrq_check->expire = TICK_ETERNITY; + srv->svc_port = item->port; + srv->flags &= ~SRV_F_MAPPORTS; + /* Check if an Additional Record is associated to this SRV record. * Perform some sanity checks too to ensure the record can be used. * If all fine, we simply pick up the IP address found and associate @@ -873,9 +876,6 @@ srv_found: /* Update the server status */ srvrq_update_srv_status(srv, (srv->addr.ss_family != AF_INET && srv->addr.ss_family != AF_INET6)); - srv->svc_port = item->port; - srv->flags &= ~SRV_F_MAPPORTS; - if (!srv->resolv_opts.ignore_weight) { char weight[9]; int ha_weight;