BUG/MEDIUM: http-reuse: do not share private connections across backends
When working on the previous bug, it appeared that it the case that was
triggering the bug would also work between two backends, one of which
doesn't support http-reuse. The reason is that while the idle connection
is moved to the private pool, upon reuse we only check if it holds the
CO_FL_PRIVATE flag. And we don't set this flag when there's no reuse.
So let's always set it in this case, it will guarantee that no undesired
connection sharing may happen.
This fix must be backported to 1.6.
diff --git a/src/proto_http.c b/src/proto_http.c
index 2f76afe..247c3b6 100644
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -5257,6 +5257,10 @@
srv_conn->flags |= CO_FL_PRIVATE;
}
+ /* Never ever allow to reuse a connection from a non-reuse backend */
+ if (srv_conn && (be->options & PR_O_REUSE_MASK) == PR_O_REUSE_NEVR)
+ srv_conn->flags |= CO_FL_PRIVATE;
+
if (fe->options2 & PR_O2_INDEPSTR)
s->si[1].flags |= SI_FL_INDEP_STR;
@@ -5292,8 +5296,7 @@
srv = objt_server(srv_conn->target);
if (!srv)
si_idle_conn(&s->si[1], NULL);
- else if ((srv_conn->flags & CO_FL_PRIVATE) ||
- ((be->options & PR_O_REUSE_MASK) == PR_O_REUSE_NEVR))
+ else if (srv_conn->flags & CO_FL_PRIVATE)
si_idle_conn(&s->si[1], &srv->priv_conns);
else if (prev_flags & TX_NOT_FIRST)
/* note: we check the request, not the connection, but