From: Amaury Denoyelle <adenoyelle@haproxy.com>
Date: Wed, 30 Jul 2025 07:55:37 +0000 (+0200)
Subject: MINOR: session: strengthen idle conn limit check
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=57e9425dbcd2fa943d52f6a7c89b66c2bbfc5ce9;p=thirdparty%2Fhaproxy.git

MINOR: session: strengthen idle conn limit check

Add a BUG_ON() on session_check_idle_conn() to ensure the connection is
not already flagged as CO_FL_SESS_IDLE.

This checks that this function is only called one time per connection
transition from active to idle. This is necessary to ensure that session
idle counter is only incremented one time per connection.
---

diff --git a/include/haproxy/session.h b/include/haproxy/session.h
index aa36fa9da..8ec1f7df5 100644
--- a/include/haproxy/session.h
+++ b/include/haproxy/session.h
@@ -237,16 +237,20 @@ static inline int session_check_idle_conn(struct session *sess, struct connectio
 	if (!conn->owner)
 		return 0;
 
+	/* Ensure conn is not already accounted as idle to prevent sess idle count excess increment. */
+	BUG_ON(conn->flags & CO_FL_SESS_IDLE);
+
 	if (sess->idle_conns >= sess->fe->max_out_conns) {
 		session_unown_conn(sess, conn);
 		conn->owner = NULL;
-		conn->flags &= ~CO_FL_SESS_IDLE;
 		conn->mux->destroy(conn->ctx);
 		return -1;
-	} else {
+	}
+	else {
 		conn->flags |= CO_FL_SESS_IDLE;
 		sess->idle_conns++;
 	}
+
 	return 0;
 }