From: Gaetan Rivet Date: Fri, 7 Feb 2020 14:37:17 +0000 (+0100) Subject: MINOR: checks: add linger option to tcp connect X-Git-Tag: v2.2-dev7~173 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f8ba6773e5481cba826b8446b531f95f86bac3e8;p=thirdparty%2Fhaproxy.git MINOR: checks: add linger option to tcp connect Allow declaring tcpcheck connect commands with a new parameter, "linger". This option will configure the connection to avoid using an RST segment to close, instead following the four-way termination handshake. Some servers would otherwise log each healthcheck as an error. --- diff --git a/doc/configuration.txt b/doc/configuration.txt index 45312fd444..df0928003d 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -9817,6 +9817,8 @@ tcp-check connect [params*] ssl opens a ciphered connection + linger cleanly close the connection instead of using a single RST. + Examples: # check HTTP and HTTPs services on a server. # first open port 80 thanks to server line port directive, then @@ -9836,7 +9838,7 @@ tcp-check connect [params*] # check both POP and IMAP from a single server: option tcp-check - tcp-check connect port 110 + tcp-check connect port 110 linger tcp-check expect string +OK\ POP3\ ready tcp-check connect port 143 tcp-check expect string *\ OK\ IMAP4\ ready diff --git a/include/types/checks.h b/include/types/checks.h index 93d552ff17..d284d3f0e1 100644 --- a/include/types/checks.h +++ b/include/types/checks.h @@ -223,6 +223,7 @@ enum tcpcheck_rule_type { #define TCPCHK_OPT_NONE 0x0000 /* no options specified, default */ #define TCPCHK_OPT_SEND_PROXY 0x0001 /* send proxy-protocol string */ #define TCPCHK_OPT_SSL 0x0002 /* SSL connection */ +#define TCPCHK_OPT_LINGER 0x0004 /* Do not RST connection, let it linger */ struct tcpcheck_rule { struct list list; /* list linked to from the proxy */ diff --git a/src/cfgparse-listen.c b/src/cfgparse-listen.c index 4b099c181d..1f74ddbe4e 100644 --- a/src/cfgparse-listen.c +++ b/src/cfgparse-listen.c @@ -3097,6 +3097,10 @@ stats_error_parsing: cur_arg++; } #endif /* USE_OPENSSL */ + else if (strcmp(args[cur_arg], "linger") == 0) { + tcpcheck->conn_opts |= TCPCHK_OPT_LINGER; + cur_arg++; + } /* comment for this tcpcheck line */ else if (strcmp(args[cur_arg], "comment") == 0) { if (!*args[cur_arg + 1]) { @@ -3110,9 +3114,9 @@ stats_error_parsing: } else { #ifdef USE_OPENSSL - ha_alert("parsing [%s:%d] : '%s %s' expects 'comment', 'port', 'send-proxy' or 'ssl' but got '%s' as argument.\n", + ha_alert("parsing [%s:%d] : '%s %s' expects 'comment', 'port', 'send-proxy', 'ssl' or 'linger' but got '%s' as argument.\n", #else /* USE_OPENSSL */ - ha_alert("parsing [%s:%d] : '%s %s' expects 'comment', 'port', 'send-proxy' or but got '%s' as argument.\n", + ha_alert("parsing [%s:%d] : '%s %s' expects 'comment', 'port', 'send-proxy' or 'linger' but got '%s' as argument.\n", #endif /* USE_OPENSSL */ file, linenum, args[0], args[1], args[cur_arg]); err_code |= ERR_ALERT | ERR_FATAL; diff --git a/src/checks.c b/src/checks.c index bb45026bfd..65030afe6d 100644 --- a/src/checks.c +++ b/src/checks.c @@ -2993,6 +2993,12 @@ static int tcpcheck_main(struct check *check) ret = SF_ERR_RESOURCE; } + if (conn_ctrl_ready(conn) && + check->current_step->conn_opts & TCPCHK_OPT_LINGER) { + /* Some servers don't like reset on close */ + fdtab[cs->conn->handle.fd].linger_risk = 0; + } + /* It can return one of : * - SF_ERR_NONE if everything's OK * - SF_ERR_SRVTO if there are no more servers