dnsdist: Keep concurrent connection entries for live connections

Otherwise clients that manage to keep their connections around for
a long time can bypass the limit.

Signed-off-by: Remi Gacogne <remi.gacogne@powerdns.com>

diff --git a/pdns/dnsdistdist/dnsdist-concurrent-connections.cc b/pdns/dnsdistdist/dnsdist-concurrent-connections.cc
index dc414f2105d2cc1068351a785aa2a9010719fbe7..9db4b5a11f14fb5e757eb9c1f3999e4a42e6046c 100644 (file)
--- a/pdns/dnsdistdist/dnsdist-concurrent-connections.cc
+++ b/pdns/dnsdistdist/dnsdist-concurrent-connections.cc
@@ -160,9 +160,14 @@ void IncomingConcurrentTCPConnectionsManager::cleanup(time_t now)
   const auto interval = immutable.d_tcpConnectionsRatePerClientInterval;
   const auto cutOff = static_cast<time_t>(now - (interval * 60U)); // interval in minutes
   for (auto& shard : s_tcpClientsConnectionMetrics) {
-    auto db = shard.lock();
-    auto& index = db->get<TimeTag>();
+    auto clients = shard.lock();
+    auto& index = clients->get<TimeTag>();
     for (auto entry = index.begin(); entry != index.end();) {
+      if (entry->d_concurrentConnections > 0) {
+        /* we need to keep this around as we still have open connections */
+        ++entry;
+        continue;
+      }
       if (entry->d_lastSeen >= cutOff) {
         /* this index is ordered on timestamps,
            so the first valid entry we see means we are done */