From: Remi Gacogne <remi.gacogne@powerdns.com>
Date: Fri, 7 Mar 2025 11:34:46 +0000 (+0100)
Subject: dnsdist: Clear owned downstream TCP connections as soon as possible
X-Git-Tag: dnsdist-1.9.10~13^2~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=6eb2f4759329720a6f6eb08e5ccfe93e64152b5b;p=thirdparty%2Fpdns.git

dnsdist: Clear owned downstream TCP connections as soon as possible

(cherry picked from commit bcf887845bea6ac273b885da694ee70e80569824)
---

diff --git a/pdns/dnsdist-tcp.cc b/pdns/dnsdist-tcp.cc
index 6ae523bc80..f24912f206 100644
--- a/pdns/dnsdist-tcp.cc
+++ b/pdns/dnsdist-tcp.cc
@@ -128,6 +128,7 @@ static std::pair<std::shared_ptr<TCPConnectionToBackend>, bool> getOwnedDownstre
       if (conn->matchesTLVs(tlvs)) {
         DEBUGLOG("Got one owned connection accepting more for " << backend->getName());
         conn->setReused();
+        ++backend->tcpReusedConnections;
         return {conn, tlvsMismatch};
       }
       DEBUGLOG("Found one connection to " << backend->getName() << " but with different TLV values");
@@ -144,6 +145,10 @@ std::shared_ptr<TCPConnectionToBackend> IncomingTCPConnectionState::getDownstrea
   auto [downstream, tlvsMismatch] = getOwnedDownstreamConnection(d_ownedConnectionsToBackend, backend, tlvs);
 
   if (!downstream) {
+    if (backend->d_config.useProxyProtocol && tlvsMismatch) {
+      clearOwnedDownstreamConnections(backend);
+    }
+
     /* we don't have a connection to this backend owned yet, let's get one (it might not be a fresh one, though) */
     downstream = t_downstreamTCPConnectionsManager.getConnectionToDownstream(d_threadData.mplexer, backend, now, std::string());
     // if we had an existing connection but the TLVs are different, they are likely unique per query so do not bother keeping the connection
@@ -322,6 +327,11 @@ void IncomingTCPConnectionState::registerOwnedDownstreamConnection(std::shared_p
   }
 }
 
+void IncomingTCPConnectionState::clearOwnedDownstreamConnections(const std::shared_ptr<DownstreamState>& downstream)
+{
+  d_ownedConnectionsToBackend.erase(downstream);
+}
+
 /* called when the buffer has been set and the rules have been processed, and only from handleIO (sometimes indirectly via handleQuery) */
 IOState IncomingTCPConnectionState::sendResponse(const struct timeval& now, TCPResponse&& response)
 {
diff --git a/pdns/dnsdistdist/dnsdist-tcp-upstream.hh b/pdns/dnsdistdist/dnsdist-tcp-upstream.hh
index 58b88bb26d..93d7489bd2 100644
--- a/pdns/dnsdistdist/dnsdist-tcp-upstream.hh
+++ b/pdns/dnsdistdist/dnsdist-tcp-upstream.hh
@@ -118,6 +118,7 @@ public:
 
   std::shared_ptr<TCPConnectionToBackend> getDownstreamConnection(std::shared_ptr<DownstreamState>& backend, const std::unique_ptr<std::vector<ProxyProtocolValue>>& tlvs, const struct timeval& now);
   void registerOwnedDownstreamConnection(std::shared_ptr<TCPConnectionToBackend>& conn);
+  void clearOwnedDownstreamConnections(const std::shared_ptr<DownstreamState>& downstream);
 
   static size_t clearAllDownstreamConnections();