From: Willy Tarreau <w@1wt.eu>
Date: Sun, 20 May 2012 17:22:25 +0000 (+0200)
Subject: REORG/MINOR: session: detect the TCP monitor checks at the protocol accept
X-Git-Tag: v1.5-dev12~177
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=fe7f1ea68e009041a98d50d6cfffe69a6df8216f;p=thirdparty%2Fhaproxy.git

REORG/MINOR: session: detect the TCP monitor checks at the protocol accept

It does not make sense anymore to wait for a session creation to process
a TCP monitor check which only closes the connection and returns. Better
to process this immediately after the accept() return. It also saves us
from counting a connection for monitor checks, which is much more logical.
---

diff --git a/src/protocols.c b/src/protocols.c
index cc7b3ce312..adbe44d5c8 100644
--- a/src/protocols.c
+++ b/src/protocols.c
@@ -339,6 +339,18 @@ int listener_accept(int fd)
 			}
 		}
 
+		/* if this connection comes from a known monitoring system, we want to ignore
+		 * it as soon as possible, which means closing it immediately if it is only a
+		 * TCP-based monitoring check.
+		 */
+		if (unlikely((l->options & LI_O_CHK_MONNET) &&
+			     (p->mode == PR_MODE_TCP) &&
+			     addr.ss_family == AF_INET &&
+			     (((struct sockaddr_in *)&addr)->sin_addr.s_addr & p->mon_mask.s_addr) == p->mon_net.s_addr)) {
+			close(cfd);
+			continue;
+		}
+
 		if (unlikely(cfd >= global.maxsock)) {
 			send_log(p, LOG_EMERG,
 				 "Proxy %s reached the configured maximum connection limit. Please check the global 'maxconn' value.\n",
diff --git a/src/session.c b/src/session.c
index 4760a350bc..ed289b4436 100644
--- a/src/session.c
+++ b/src/session.c
@@ -75,21 +75,6 @@ int session_accept(struct listener *l, int cfd, struct sockaddr_storage *addr)
 	s->stkctr1_table = NULL;
 	s->stkctr2_table = NULL;
 
-	/* if this session comes from a known monitoring system, we want to ignore
-	 * it as soon as possible, which means closing it immediately for TCP, but
-	 * cleanly.
-	 */
-	if (unlikely((l->options & LI_O_CHK_MONNET) &&
-		     addr->ss_family == AF_INET &&
-		     (((struct sockaddr_in *)addr)->sin_addr.s_addr & p->mon_mask.s_addr) == p->mon_net.s_addr)) {
-		if (p->mode == PR_MODE_TCP) {
-			ret = 0; /* successful termination */
-			goto out_free_session;
-		}
-		s->flags |= SN_MONITOR;
-		s->logs.logwait = 0;
-	}
-
 	if (unlikely((t = task_new()) == NULL))
 		goto out_free_session;
 
@@ -122,6 +107,17 @@ int session_accept(struct listener *l, int cfd, struct sockaddr_storage *addr)
 	s->be  = s->fe  = p;
 	s->req = s->rep = NULL; /* will be allocated later */
 
+	/* if this session comes from a known monitoring system, we want to ignore
+	 * it as soon as possible, which means closing it immediately for TCP, but
+	 * cleanly.
+	 */
+	if (unlikely((l->options & LI_O_CHK_MONNET) &&
+		     addr->ss_family == AF_INET &&
+		     (((struct sockaddr_in *)addr)->sin_addr.s_addr & p->mon_mask.s_addr) == p->mon_net.s_addr)) {
+		s->flags |= SN_MONITOR;
+		s->logs.logwait = 0;
+	}
+
 	/* now evaluate the tcp-request layer4 rules. Since we expect to be able
 	 * to abort right here as soon as possible, we check the rules before
 	 * even initializing the stream interfaces.