From: Olivier Houchard Date: Mon, 30 Dec 2019 14:13:42 +0000 (+0100) Subject: BUG/MEDIUM: checks: Only attempt to do handshakes if the connection is ready. X-Git-Tag: v2.2-dev1~141 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=37d7897aafc412f3c4a4a68a1dccbd6b5d6cb180;p=thirdparty%2Fhaproxy.git BUG/MEDIUM: checks: Only attempt to do handshakes if the connection is ready. When creating a new check connection, only attempt to add an handshake connection if the connection has fully been initialized. It can not be the case if a DNS resolution is still pending, and thus we don't yet have the address for the server, as the handshake code assumes the connection is fully initialized and would otherwise crash. This is not ideal, the check shouldn't probably run until we have an address, as it leads to check failures with "Socket error". While I'm there, also add an xprt handshake if we're using socks4, otherwise checks wouldn't be able to use socks4 properly. This should fix github issue #430 This should be backported to 2.0 and 2.1. --- diff --git a/src/checks.c b/src/checks.c index 0cd844ccb2..be8acdb2a5 100644 --- a/src/checks.c +++ b/src/checks.c @@ -1715,6 +1715,9 @@ static int connect_conn_chk(struct task *t) if (s->check.send_proxy && !(check->state & CHK_ST_AGENT)) { conn->send_proxy_ofs = 1; conn->flags |= CO_FL_SEND_PROXY; + } + if (conn->flags & (CO_FL_SEND_PROXY | CO_FL_SOCKS4) && + conn_ctrl_ready(conn)) { if (xprt_add_hs(conn) < 0) ret = SF_ERR_RESOURCE; } @@ -2962,7 +2965,8 @@ static int tcpcheck_main(struct check *check) if (proto && proto->connect) ret = proto->connect(conn, CONNECT_HAS_DATA /* I/O polling is always needed */ | (next && next->action == TCPCHK_ACT_EXPECT) ? 0 : CONNECT_DELACK_ALWAYS); - if (check->current_step->conn_opts & TCPCHK_OPT_SEND_PROXY) { + if (conn_ctrl_ready(conn) && + check->current_step->conn_opts & TCPCHK_OPT_SEND_PROXY) { conn->send_proxy_ofs = 1; conn->flags |= CO_FL_SEND_PROXY; if (xprt_add_hs(conn) < 0)