From dbd026792ac4d1cb9a2c14e7f10946fc86a4f6de Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Wed, 6 Dec 2017 17:39:53 +0100 Subject: [PATCH] BUG/MEDIUM: peers: set NOLINGER on the outgoing stream interface Since peers were ported to an applet in 1.5, an issue appeared which is that certain attempts to close an outgoing connection are a bit "too nice". Specifically, protocol errors and stream timeouts result in a clean shutdown to be sent, waiting for the other side to confirm. This is particularly problematic in the case of timeouts since by definition the other side will not confirm as it has disappeared. As found by Fred, this issue was further emphasized in 1.8 by commit f9ce57e ("MEDIUM: connection: make conn_sock_shutw() aware of lingering") which causes clean shutdowns not to be sent if the fd is marked as linger_risk, because now even a clean timeout will not be sent on an idle peers session, and the other one will have nothing to respond to. The solution here is to set NOLINGER on the outgoing stream interface to ensure we always close whenever we attempt a simple shutdown. However it is important to keep in mind that this also underlines some weaknesses of the shutr/shutw processing inside process_stream() and that all this part needs to be reworked to clearly consider the abort case, and to stop the confusion between linger_risk and NOLINGER. This fix needs to be backported as far as 1.5 (all versions are affected). However, during testing of the backport it was found that 1.5 never tries to close the peers connection on timeout, so it suffers for another issue. --- src/peers.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/peers.c b/src/peers.c index 155f3342a3..988cd71e9a 100644 --- a/src/peers.c +++ b/src/peers.c @@ -1912,6 +1912,7 @@ static struct appctx *peer_session_create(struct peers *peers, struct peer *peer appctx_wakeup(appctx); /* initiate an outgoing connection */ + s->si[1].flags |= SI_FL_NOLINGER; si_set_state(&s->si[1], SI_ST_ASS); /* automatically prepare the stream interface to connect to the -- 2.39.5