BUG/MINOR: tcp: make silent-drop always force a TCP reset

The silent-drop action is supposed to close with a TCP reset that is
either not sent or not too far. But since it's on the client-facing
side, the socket's lingering is enabled by default and the RST only
occurs if some pending unread data remain in the queue when closing.
This causes some clean shutdowns to occur with retransmits, which is
not good at all. Force linger_risk on the socket to flush all data
and destroy the socket.

No backport is needed, this was introduced in 1.6-dev6.

diff --git a/src/proto_tcp.c b/src/proto_tcp.c
index f6988898ead62ccf18241b58f29341fc295fc381..4c5005e0d3beee1c7f269264f8f83213fa5101b4 100644 (file)
--- a/src/proto_tcp.c
+++ b/src/proto_tcp.c
@@ -1445,6 +1445,11 @@ static enum act_return tcp_exec_action_silent_drop(struct act_rule *rule, struct
        if (strm)
                strm->si[0].flags |= SI_FL_NOLINGER;
 
+       /* We're on the client-facing side, we must force to disable lingering to
+        * ensure we will use an RST exclusively and kill any pending data.
+        */
+       fdtab[conn->t.sock.fd].linger_risk = 1;
+
 #ifdef TCP_REPAIR
        if (setsockopt(conn->t.sock.fd, SOL_TCP, TCP_REPAIR, &one, sizeof(one)) == 0) {
                /* socket will be quiet now */