REORG/MINOR: session: detect the TCP monitor checks at the protocol accept
It does not make sense anymore to wait for a session creation to process
a TCP monitor check which only closes the connection and returns. Better
to process this immediately after the accept() return. It also saves us
from counting a connection for monitor checks, which is much more logical.
diff --git a/src/protocols.c b/src/protocols.c
index cc7b3ce..adbe44d 100644
--- a/src/protocols.c
+++ b/src/protocols.c
@@ -339,6 +339,18 @@
}
}
+ /* if this connection comes from a known monitoring system, we want to ignore
+ * it as soon as possible, which means closing it immediately if it is only a
+ * TCP-based monitoring check.
+ */
+ if (unlikely((l->options & LI_O_CHK_MONNET) &&
+ (p->mode == PR_MODE_TCP) &&
+ addr.ss_family == AF_INET &&
+ (((struct sockaddr_in *)&addr)->sin_addr.s_addr & p->mon_mask.s_addr) == p->mon_net.s_addr)) {
+ close(cfd);
+ continue;
+ }
+
if (unlikely(cfd >= global.maxsock)) {
send_log(p, LOG_EMERG,
"Proxy %s reached the configured maximum connection limit. Please check the global 'maxconn' value.\n",
diff --git a/src/session.c b/src/session.c
index 4760a35..ed289b4 100644
--- a/src/session.c
+++ b/src/session.c
@@ -75,21 +75,6 @@
s->stkctr1_table = NULL;
s->stkctr2_table = NULL;
- /* if this session comes from a known monitoring system, we want to ignore
- * it as soon as possible, which means closing it immediately for TCP, but
- * cleanly.
- */
- if (unlikely((l->options & LI_O_CHK_MONNET) &&
- addr->ss_family == AF_INET &&
- (((struct sockaddr_in *)addr)->sin_addr.s_addr & p->mon_mask.s_addr) == p->mon_net.s_addr)) {
- if (p->mode == PR_MODE_TCP) {
- ret = 0; /* successful termination */
- goto out_free_session;
- }
- s->flags |= SN_MONITOR;
- s->logs.logwait = 0;
- }
-
if (unlikely((t = task_new()) == NULL))
goto out_free_session;
@@ -122,6 +107,17 @@
s->be = s->fe = p;
s->req = s->rep = NULL; /* will be allocated later */
+ /* if this session comes from a known monitoring system, we want to ignore
+ * it as soon as possible, which means closing it immediately for TCP, but
+ * cleanly.
+ */
+ if (unlikely((l->options & LI_O_CHK_MONNET) &&
+ addr->ss_family == AF_INET &&
+ (((struct sockaddr_in *)addr)->sin_addr.s_addr & p->mon_mask.s_addr) == p->mon_net.s_addr)) {
+ s->flags |= SN_MONITOR;
+ s->logs.logwait = 0;
+ }
+
/* now evaluate the tcp-request layer4 rules. Since we expect to be able
* to abort right here as soon as possible, we check the rules before
* even initializing the stream interfaces.