BUG/MEDIUM: session: fix FD leak when transport layer logging is enabled

Commit 2b199c9a attempted to fix all places where the transport layer
is improperly closed, but it missed one place in session_free(). If
SSL ciphers are logged, the close() is delayed post-log and performed
in session_free(). However, conn_xprt_close() only closes the transport
layer but not the file descriptor, resulting in a slow FD leak which is
hardly noticeable until the process cannot accept any new connection.

A workaround consisted in disabling %sslv/%sslc in log-format.

So use conn_full_close() instead of conn_xprt_close() to fix this there
too.

A similar pending issue existed in the close during outgoing connection
failure, though on this side, the transport layer is never tracked at the
moment.

diff --git a/src/session.c b/src/session.c
index e5350350a02702c7058bfd242ae00bbc38d92150..6e098e2603e90fdb8fea1d09246713ff71d7813a 100644 (file)
--- a/src/session.c
+++ b/src/session.c
@@ -642,7 +642,7 @@ static void session_free(struct session *s)
 
        /* ensure the client-side transport layer is destroyed */
        s->si[0].conn->flags &= ~CO_FL_XPRT_TRACKED;
-       conn_xprt_close(s->si[0].conn);
+       conn_full_close(s->si[0].conn);
 
        for (i = 0; i < s->store_count; i++) {
                if (!s->store[i].ts)
@@ -834,9 +834,10 @@ static int sess_update_st_con_tcp(struct session *s, struct stream_interface *si
                }
                si->exp   = TICK_ETERNITY;
                si->state = SI_ST_CER;
-               fd_delete(si->conn->t.sock.fd);
 
-               conn_xprt_close(si->conn);
+               si->conn->flags &= ~CO_FL_XPRT_TRACKED;
+               conn_full_close(si->conn);
+
                if (si->release)
                        si->release(si);