From 0ede5a3318a28e35e342227900a70334da604e46 Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Sat, 8 Dec 2012 08:44:02 +0100 Subject: [PATCH] BUG/MEDIUM: session: fix FD leak when transport layer logging is enabled Commit 2b199c9a attempted to fix all places where the transport layer is improperly closed, but it missed one place in session_free(). If SSL ciphers are logged, the close() is delayed post-log and performed in session_free(). However, conn_xprt_close() only closes the transport layer but not the file descriptor, resulting in a slow FD leak which is hardly noticeable until the process cannot accept any new connection. A workaround consisted in disabling %sslv/%sslc in log-format. So use conn_full_close() instead of conn_xprt_close() to fix this there too. A similar pending issue existed in the close during outgoing connection failure, though on this side, the transport layer is never tracked at the moment. --- src/session.c | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/src/session.c b/src/session.c index e5350350a..6e098e260 100644 --- a/src/session.c +++ b/src/session.c @@ -642,7 +642,7 @@ static void session_free(struct session *s) /* ensure the client-side transport layer is destroyed */ s->si[0].conn->flags &= ~CO_FL_XPRT_TRACKED; - conn_xprt_close(s->si[0].conn); + conn_full_close(s->si[0].conn); for (i = 0; i < s->store_count; i++) { if (!s->store[i].ts) @@ -834,9 +834,10 @@ static int sess_update_st_con_tcp(struct session *s, struct stream_interface *si } si->exp = TICK_ETERNITY; si->state = SI_ST_CER; - fd_delete(si->conn->t.sock.fd); - conn_xprt_close(si->conn); + si->conn->flags &= ~CO_FL_XPRT_TRACKED; + conn_full_close(si->conn); + if (si->release) si->release(si);