Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / fe7f1ea68e009041a98d50d6cfffe69a6df8216f^! / .
commitfe7f1ea68e009041a98d50d6cfffe69a6df8216f[log] [tgz]
authorWilly Tarreau <w@1wt.eu>Sun May 20 19:22:25 2012 +0200
committerWilly Tarreau <w@1wt.eu>Sun May 20 19:22:25 2012 +0200
tree96f5f662552dc7f2fb9264ec9b727ccffa4b4458
parenta190d591fcb9d3db8dfe5905bcd879770f473c5b [diff]
REORG/MINOR: session: detect the TCP monitor checks at the protocol accept

It does not make sense anymore to wait for a session creation to process
a TCP monitor check which only closes the connection and returns. Better
to process this immediately after the accept() return. It also saves us
from counting a connection for monitor checks, which is much more logical.

diff --git a/src/protocols.c b/src/protocols.c
index cc7b3ce..adbe44d 100644
--- a/src/protocols.c
+++ b/src/protocols.c

@@ -339,6 +339,18 @@
 			}
 		}
 
+		/* if this connection comes from a known monitoring system, we want to ignore
+		 * it as soon as possible, which means closing it immediately if it is only a
+		 * TCP-based monitoring check.
+		 */
+		if (unlikely((l->options & LI_O_CHK_MONNET) &&
+			     (p->mode == PR_MODE_TCP) &&
+			     addr.ss_family == AF_INET &&
+			     (((struct sockaddr_in *)&addr)->sin_addr.s_addr & p->mon_mask.s_addr) == p->mon_net.s_addr)) {
+			close(cfd);
+			continue;
+		}
+
 		if (unlikely(cfd >= global.maxsock)) {
 			send_log(p, LOG_EMERG,
 				 "Proxy %s reached the configured maximum connection limit. Please check the global 'maxconn' value.\n",

diff --git a/src/session.c b/src/session.c
index 4760a35..ed289b4 100644
--- a/src/session.c
+++ b/src/session.c

@@ -75,21 +75,6 @@
 	s->stkctr1_table = NULL;
 	s->stkctr2_table = NULL;
 
-	/* if this session comes from a known monitoring system, we want to ignore
-	 * it as soon as possible, which means closing it immediately for TCP, but
-	 * cleanly.
-	 */
-	if (unlikely((l->options & LI_O_CHK_MONNET) &&
-		     addr->ss_family == AF_INET &&
-		     (((struct sockaddr_in *)addr)->sin_addr.s_addr & p->mon_mask.s_addr) == p->mon_net.s_addr)) {
-		if (p->mode == PR_MODE_TCP) {
-			ret = 0; /* successful termination */
-			goto out_free_session;
-		}
-		s->flags |= SN_MONITOR;
-		s->logs.logwait = 0;
-	}
-
 	if (unlikely((t = task_new()) == NULL))
 		goto out_free_session;
 
@@ -122,6 +107,17 @@
 	s->be  = s->fe  = p;
 	s->req = s->rep = NULL; /* will be allocated later */
 
+	/* if this session comes from a known monitoring system, we want to ignore
+	 * it as soon as possible, which means closing it immediately for TCP, but
+	 * cleanly.
+	 */
+	if (unlikely((l->options & LI_O_CHK_MONNET) &&
+		     addr->ss_family == AF_INET &&
+		     (((struct sockaddr_in *)addr)->sin_addr.s_addr & p->mon_mask.s_addr) == p->mon_net.s_addr)) {
+		s->flags |= SN_MONITOR;
+		s->logs.logwait = 0;
+	}
+
 	/* now evaluate the tcp-request layer4 rules. Since we expect to be able
 	 * to abort right here as soon as possible, we check the rules before
 	 * even initializing the stream interfaces.