diff --git a/contrib/debug/flags.c b/contrib/debug/flags.c index 585dea625..a9ba9a5ae 100644 --- a/contrib/debug/flags.c +++ b/contrib/debug/flags.c @@ -125,7 +125,6 @@ void show_conn_flags(unsigned int f) SHOW_FLAG(f, CO_FL_SEND_PROXY); SHOW_FLAG(f, CO_FL_WAIT_L6_CONN); SHOW_FLAG(f, CO_FL_WAIT_L4_CONN); - SHOW_FLAG(f, CO_FL_CONNECTED); SHOW_FLAG(f, CO_FL_ERROR); SHOW_FLAG(f, CO_FL_SOCK_WR_SH); SHOW_FLAG(f, CO_FL_SOCK_RD_SH); diff --git a/include/types/connection.h b/include/types/connection.h index 9329654e8..22e4ed6e0 100644 --- a/include/types/connection.h +++ b/include/types/connection.h @@ -178,9 +178,9 @@ enum { CO_FL_NOTIFY_DONE = 0x001C0000, /* any xprt shut/error flags above needs to be reported */ /* flags used to report connection status updates */ - CO_FL_CONNECTED = 0x00200000, /* L4+L6 now ready ; extra handshakes may or may not exist */ CO_FL_WAIT_L4_CONN = 0x00400000, /* waiting for L4 to be connected */ CO_FL_WAIT_L6_CONN = 0x00800000, /* waiting for L6 to be connected (eg: SSL) */ + CO_FL_WAIT_L4L6 = 0x00C00000, /* waiting for L4 and/or L6 to be connected */ /*** All the flags below are used for connection handshakes. Any new * handshake should be added after this point, and CO_FL_HANDSHAKE diff --git a/src/backend.c b/src/backend.c index ed2c96943..809fdd0a4 100644 --- a/src/backend.c +++ b/src/backend.c @@ -626,8 +626,7 @@ int assign_server(struct stream *s) tmpsrv->nbpend + 1 < s->be->max_ka_queue))) && srv_currently_usable(tmpsrv)) { list_for_each_entry(conn, &srv_list->conn_list, session_list) { - if (conn->flags & CO_FL_CONNECTED) { - + if (!(conn->flags & CO_FL_WAIT_L4L6)) { srv = tmpsrv; s->target = &srv->obj_type; goto out_ok; @@ -1221,7 +1220,7 @@ int connect_server(struct stream *s) } } - if (((!reuse || (srv_conn && !(srv_conn->flags & CO_FL_CONNECTED))) + if (((!reuse || (srv_conn && (srv_conn->flags & CO_FL_WAIT_L4L6))) && ha_used_fds > global.tune.pool_high_count) && srv && srv->idle_orphan_conns) { struct connection *tokill_conn; @@ -1935,7 +1934,7 @@ void back_handle_st_con(struct stream *s) } /* first, let's see if we've made any progress on this connection */ - if (!conn->mux && (conn->flags & CO_FL_CONNECTED)) { + if (!conn->mux && !(conn->flags & CO_FL_WAIT_L4L6)) { /* connection finished to set up */ struct server *srv; diff --git a/src/checks.c b/src/checks.c index be8acdb2a..2a495efae 100644 --- a/src/checks.c +++ b/src/checks.c @@ -683,7 +683,7 @@ static void chk_report_conn_err(struct check *check, int errno_bck, int expired) /* connection allocation error before the connection was established */ set_server_check_status(check, HCHK_STATUS_SOCKERR, err_msg); } - else if ((conn->flags & (CO_FL_CONNECTED|CO_FL_WAIT_L4_CONN)) == CO_FL_WAIT_L4_CONN) { + else if (conn->flags & CO_FL_WAIT_L4_CONN) { /* L4 not established (yet) */ if (conn->flags & CO_FL_ERROR || cs->flags & CS_FL_ERROR) set_server_check_status(check, HCHK_STATUS_L4CON, err_msg); @@ -698,7 +698,7 @@ static void chk_report_conn_err(struct check *check, int errno_bck, int expired) dns_trigger_resolution(check->server->dns_requester); } - else if ((conn->flags & (CO_FL_CONNECTED|CO_FL_WAIT_L6_CONN)) == CO_FL_WAIT_L6_CONN) { + else if (conn->flags & CO_FL_WAIT_L6_CONN) { /* L6 not established (yet) */ if (conn->flags & CO_FL_ERROR || cs->flags & CS_FL_ERROR) set_server_check_status(check, HCHK_STATUS_L6RSP, err_msg); @@ -886,7 +886,7 @@ static void __event_srv_chk_r(struct conn_stream *cs) } /* the rest of the code below expects the connection to be ready! */ - if (!(conn->flags & CO_FL_CONNECTED) && !done) + if (conn->flags & CO_FL_WAIT_L4L6 && !done) goto wait_more_data; /* Intermediate or complete response received. @@ -1392,7 +1392,7 @@ static void __event_srv_chk_r(struct conn_stream *cs) default: /* good connection is enough for pure TCP check */ - if ((conn->flags & CO_FL_CONNECTED) && !check->type) { + if (!(conn->flags & CO_FL_WAIT_L4L6) && !check->type) { if (check->use_ssl) set_server_check_status(check, HCHK_STATUS_L6OK, NULL); else @@ -2352,7 +2352,7 @@ static struct task *process_chk_conn(struct task *t, void *context, unsigned sho */ if (check->result == CHK_RES_UNKNOWN) { /* good connection is enough for pure TCP check */ - if ((conn->flags & CO_FL_CONNECTED) && !check->type) { + if (!(conn->flags & CO_FL_WAIT_L4L6) && !check->type) { if (check->use_ssl) set_server_check_status(check, HCHK_STATUS_L6OK, NULL); else @@ -2785,7 +2785,7 @@ static int tcpcheck_main(struct check *check) next = LIST_NEXT(&next->list, struct tcpcheck_rule *, list); if ((check->current_step || &next->list == head) && - (!(conn->flags & CO_FL_CONNECTED) || (conn->flags & CO_FL_HANDSHAKE))) { + (conn->flags & (CO_FL_WAIT_L4L6 | CO_FL_HANDSHAKE))) { /* we allow up to min(inter, timeout.connect) for a connection * to establish but only when timeout.check is set * as it may be to short for a full check otherwise @@ -3034,7 +3034,7 @@ static int tcpcheck_main(struct check *check) break; /* don't do anything until the connection is established */ - if (!(conn->flags & CO_FL_CONNECTED)) + if (conn->flags & CO_FL_WAIT_L4L6) break; } /* end 'connect' */ @@ -3233,7 +3233,7 @@ static int tcpcheck_main(struct check *check) } /* end loop over double chained step list */ /* don't do anything until the connection is established */ - if (!(conn->flags & CO_FL_CONNECTED)) { + if (conn->flags & CO_FL_WAIT_L4L6) { /* update expire time, should be done by process_chk */ /* we allow up to min(inter, timeout.connect) for a connection * to establish but only when timeout.check is set diff --git a/src/connection.c b/src/connection.c index 7e35630f4..319f85e5f 100644 --- a/src/connection.c +++ b/src/connection.c @@ -49,9 +49,6 @@ int conn_create_mux(struct connection *conn) if (conn->flags & CO_FL_ERROR) goto fail; - /* Verify if the connection just established. */ - if (unlikely(!(conn->flags & (CO_FL_WAIT_L4_CONN | CO_FL_WAIT_L6_CONN | CO_FL_CONNECTED)))) - conn->flags |= CO_FL_CONNECTED; if (conn_install_mux_be(conn, conn->ctx, conn->owner) < 0) goto fail; @@ -135,10 +132,6 @@ void conn_fd_handler(int fd) } leave: - /* Verify if the connection just established. */ - if (unlikely(!(conn->flags & (CO_FL_WAIT_L4_CONN | CO_FL_WAIT_L6_CONN | CO_FL_CONNECTED)))) - conn->flags |= CO_FL_CONNECTED; - /* If we don't yet have a mux, that means we were waiting for * informations to create one, typically from the ALPN. If we're * done with the handshake, attempt to create one. @@ -163,8 +156,8 @@ void conn_fd_handler(int fd) * the fd (and return < 0 in this case). */ if ((io_available || (((conn->flags ^ flags) & CO_FL_NOTIFY_DONE) || - ((flags & (CO_FL_CONNECTED|CO_FL_HANDSHAKE)) != CO_FL_CONNECTED && - (conn->flags & (CO_FL_CONNECTED|CO_FL_HANDSHAKE)) == CO_FL_CONNECTED))) && + ((flags & (CO_FL_WAIT_L4L6|CO_FL_HANDSHAKE)) && + (conn->flags & (CO_FL_WAIT_L4L6|CO_FL_HANDSHAKE)) == 0))) && conn->mux && conn->mux->wake && conn->mux->wake(conn) < 0) return; @@ -534,6 +527,8 @@ int conn_recv_proxy(struct connection *conn, int flag) goto fail; } + conn->flags &= ~CO_FL_WAIT_L4_CONN; + if (trash.data < 6) goto missing; @@ -858,6 +853,8 @@ int conn_recv_netscaler_cip(struct connection *conn, int flag) trash.data = ret; } while (0); + conn->flags &= ~CO_FL_WAIT_L4_CONN; + if (!trash.data) { /* client shutdown */ conn->err_code = CO_ER_CIP_EMPTY; @@ -1069,8 +1066,7 @@ int conn_send_socks4_proxy_request(struct connection *conn) /* The connection is ready now, simply return and let the connection * handler notify upper layers if needed. */ - if (conn->flags & CO_FL_WAIT_L4_CONN) - conn->flags &= ~CO_FL_WAIT_L4_CONN; + conn->flags &= ~CO_FL_WAIT_L4_CONN; if (conn->flags & CO_FL_SEND_PROXY) { /* @@ -1148,6 +1144,8 @@ int conn_recv_socks4_proxy_response(struct connection *conn) } } while (0); + conn->flags &= ~CO_FL_WAIT_L4_CONN; + if (ret < SOCKS4_HS_RSP_LEN) { /* Missing data. Since we're using MSG_PEEK, we can only poll again if * we are not able to read enough data. @@ -1532,7 +1530,7 @@ int smp_fetch_fc_rcvd_proxy(const struct arg *args, struct sample *smp, const ch if (!conn) return 0; - if (!(conn->flags & CO_FL_CONNECTED)) { + if (conn->flags & CO_FL_WAIT_L4L6) { smp->flags |= SMP_F_MAY_CHANGE; return 0; } @@ -1553,7 +1551,7 @@ int smp_fetch_fc_pp_authority(const struct arg *args, struct sample *smp, const if (!conn) return 0; - if (!(conn->flags & CO_FL_CONNECTED)) { + if (conn->flags & CO_FL_WAIT_L4L6) { smp->flags |= SMP_F_MAY_CHANGE; return 0; } diff --git a/src/mux_fcgi.c b/src/mux_fcgi.c index 09d357512..85bc2cbd1 100644 --- a/src/mux_fcgi.c +++ b/src/mux_fcgi.c @@ -3016,7 +3016,7 @@ static int fcgi_ctl(struct connection *conn, enum mux_ctl_type mux_ctl, void *ou int ret = 0; switch (mux_ctl) { case MUX_STATUS: - if (conn->flags & CO_FL_CONNECTED) + if (!(conn->flags & CO_FL_WAIT_L4L6)) ret |= MUX_STATUS_READY; return ret; default: diff --git a/src/mux_h1.c b/src/mux_h1.c index 484a389a9..eee595c4e 100644 --- a/src/mux_h1.c +++ b/src/mux_h1.c @@ -2667,8 +2667,7 @@ static size_t h1_snd_buf(struct conn_stream *cs, struct buffer *buf, size_t coun * now, as we don't want to remove everything from the channel buffer * before we're sure we can send it. */ - if (!(h1c->conn->flags & CO_FL_CONNECTED) || - (h1c->conn->flags & CO_FL_HANDSHAKE)) { + if (h1c->conn->flags & (CO_FL_WAIT_L4L6|CO_FL_HANDSHAKE)) { TRACE_LEAVE(H1_EV_STRM_SEND, h1c->conn, h1s); return 0; } @@ -2782,7 +2781,7 @@ static int h1_ctl(struct connection *conn, enum mux_ctl_type mux_ctl, void *outp int ret = 0; switch (mux_ctl) { case MUX_STATUS: - if (conn->flags & CO_FL_CONNECTED) + if (!(conn->flags & CO_FL_WAIT_L4L6)) ret |= MUX_STATUS_READY; return ret; default: diff --git a/src/mux_pt.c b/src/mux_pt.c index 4f4ebe9cc..d9da001f0 100644 --- a/src/mux_pt.c +++ b/src/mux_pt.c @@ -348,7 +348,7 @@ static int mux_pt_ctl(struct connection *conn, enum mux_ctl_type mux_ctl, void * int ret = 0; switch (mux_ctl) { case MUX_STATUS: - if (conn->flags & CO_FL_CONNECTED) + if (!(conn->flags & CO_FL_WAIT_L4L6)) ret |= MUX_STATUS_READY; return ret; default: diff --git a/src/raw_sock.c b/src/raw_sock.c index abd1f5f2e..5a1e943d7 100644 --- a/src/raw_sock.c +++ b/src/raw_sock.c @@ -371,8 +371,6 @@ static size_t raw_sock_from_buf(struct connection *conn, void *xprt_ctx, const s count -= ret; done += ret; - /* A send succeeded, so we can consier ourself connected */ - conn->flags |= CO_FL_CONNECTED; /* if the system buffer is full, don't insist */ if (ret < try) break; diff --git a/src/session.c b/src/session.c index 85c7976fc..d80392d1d 100644 --- a/src/session.c +++ b/src/session.c @@ -433,10 +433,6 @@ int conn_complete_session(struct connection *conn) if (conn->flags & CO_FL_ERROR) goto fail; - /* Verify if the connection just established. */ - if (unlikely(!(conn->flags & (CO_FL_WAIT_L4_CONN | CO_FL_WAIT_L6_CONN | CO_FL_CONNECTED)))) - conn->flags |= CO_FL_CONNECTED; - /* if logs require transport layer information, note it on the connection */ if (sess->fe->to_log & LW_XPRT) conn->flags |= CO_FL_XPRT_TRACKED; diff --git a/src/ssl_sock.c b/src/ssl_sock.c index 8ee164f55..b4e118c2b 100644 --- a/src/ssl_sock.c +++ b/src/ssl_sock.c @@ -1666,7 +1666,7 @@ void ssl_sock_infocbk(const SSL *ssl, int where, int ret) */ if (where & SSL_CB_HANDSHAKE_START) { /* Disable renegotiation (CVE-2009-3555) */ - if ((conn->flags & (CO_FL_CONNECTED | CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == CO_FL_CONNECTED) { + if ((conn->flags & (CO_FL_WAIT_L6_CONN | CO_FL_EARLY_SSL_HS | CO_FL_EARLY_DATA)) == 0) { conn->flags |= CO_FL_ERROR; conn->err_code = CO_ER_SSL_RENEG; } @@ -6113,7 +6113,7 @@ static int ssl_sock_handshake(struct connection *conn, unsigned int flag) * the reneg handshake. * Here we use SSL_peek as a workaround for reneg. */ - if ((conn->flags & CO_FL_CONNECTED) && SSL_renegotiate_pending(ctx->ssl)) { + if (!(conn->flags & CO_FL_WAIT_L6_CONN) && SSL_renegotiate_pending(ctx->ssl)) { char c; ret = SSL_peek(ctx->ssl, &c, 1); @@ -6700,8 +6700,8 @@ static size_t ssl_sock_from_buf(struct connection *conn, void *xprt_ctx, const s goto out_error; } if (ret > 0) { - /* A send succeeded, so we can consier ourself connected */ - conn->flags |= CO_FL_CONNECTED; + /* A send succeeded, so we can consider ourself connected */ + conn->flags &= ~CO_FL_WAIT_L4L6; ctx->xprt_st &= ~SSL_SOCK_SEND_UNLIMITED; count -= ret; done += ret; @@ -7411,7 +7411,7 @@ smp_fetch_ssl_fc_has_crt(const struct arg *args, struct sample *smp, const char ctx = conn->xprt_ctx; - if (!(conn->flags & CO_FL_CONNECTED)) { + if (conn->flags & CO_FL_WAIT_L6_CONN) { smp->flags |= SMP_F_MAY_CHANGE; return 0; } @@ -7442,7 +7442,7 @@ smp_fetch_ssl_x_der(const struct arg *args, struct sample *smp, const char *kw, return 0; ctx = conn->xprt_ctx; - if (!(conn->flags & CO_FL_CONNECTED)) { + if (conn->flags & CO_FL_WAIT_L6_CONN) { smp->flags |= SMP_F_MAY_CHANGE; return 0; } @@ -7489,7 +7489,7 @@ smp_fetch_ssl_x_serial(const struct arg *args, struct sample *smp, const char *k ctx = conn->xprt_ctx; - if (!(conn->flags & CO_FL_CONNECTED)) { + if (conn->flags & CO_FL_WAIT_L6_CONN) { smp->flags |= SMP_F_MAY_CHANGE; return 0; } @@ -7536,7 +7536,7 @@ smp_fetch_ssl_x_sha1(const struct arg *args, struct sample *smp, const char *kw, return 0; ctx = conn->xprt_ctx; - if (!(conn->flags & CO_FL_CONNECTED)) { + if (conn->flags & CO_FL_WAIT_L6_CONN) { smp->flags |= SMP_F_MAY_CHANGE; return 0; } @@ -7582,7 +7582,7 @@ smp_fetch_ssl_x_notafter(const struct arg *args, struct sample *smp, const char return 0; ctx = conn->xprt_ctx; - if (!(conn->flags & CO_FL_CONNECTED)) { + if (conn->flags & CO_FL_WAIT_L6_CONN) { smp->flags |= SMP_F_MAY_CHANGE; return 0; } @@ -7628,7 +7628,7 @@ smp_fetch_ssl_x_i_dn(const struct arg *args, struct sample *smp, const char *kw, return 0; ctx = conn->xprt_ctx; - if (!(conn->flags & CO_FL_CONNECTED)) { + if (conn->flags & CO_FL_WAIT_L6_CONN) { smp->flags |= SMP_F_MAY_CHANGE; return 0; } @@ -7690,7 +7690,7 @@ smp_fetch_ssl_x_notbefore(const struct arg *args, struct sample *smp, const char return 0; ctx = conn->xprt_ctx; - if (!(conn->flags & CO_FL_CONNECTED)) { + if (conn->flags & CO_FL_WAIT_L6_CONN) { smp->flags |= SMP_F_MAY_CHANGE; return 0; } @@ -7736,7 +7736,7 @@ smp_fetch_ssl_x_s_dn(const struct arg *args, struct sample *smp, const char *kw, return 0; ctx = conn->xprt_ctx; - if (!(conn->flags & CO_FL_CONNECTED)) { + if (conn->flags & CO_FL_WAIT_L6_CONN) { smp->flags |= SMP_F_MAY_CHANGE; return 0; } @@ -7792,7 +7792,7 @@ smp_fetch_ssl_c_used(const struct arg *args, struct sample *smp, const char *kw, return 0; ctx = conn->xprt_ctx; - if (!(conn->flags & CO_FL_CONNECTED)) { + if (conn->flags & CO_FL_WAIT_L6_CONN) { smp->flags |= SMP_F_MAY_CHANGE; return 0; } @@ -7825,7 +7825,7 @@ smp_fetch_ssl_x_version(const struct arg *args, struct sample *smp, const char * return 0; ctx = conn->xprt_ctx; - if (!(conn->flags & CO_FL_CONNECTED)) { + if (conn->flags & CO_FL_WAIT_L6_CONN) { smp->flags |= SMP_F_MAY_CHANGE; return 0; } @@ -7865,7 +7865,7 @@ smp_fetch_ssl_x_sig_alg(const struct arg *args, struct sample *smp, const char * return 0; ctx = conn->xprt_ctx; - if (!(conn->flags & CO_FL_CONNECTED)) { + if (conn->flags & CO_FL_WAIT_L6_CONN) { smp->flags |= SMP_F_MAY_CHANGE; return 0; } @@ -7917,7 +7917,7 @@ smp_fetch_ssl_x_key_alg(const struct arg *args, struct sample *smp, const char * return 0; ctx = conn->xprt_ctx; - if (!(conn->flags & CO_FL_CONNECTED)) { + if (conn->flags & CO_FL_WAIT_L6_CONN) { smp->flags |= SMP_F_MAY_CHANGE; return 0; } @@ -8397,7 +8397,7 @@ smp_fetch_ssl_fc_unique_id(const struct arg *args, struct sample *smp, const cha return 0; ctx = conn->xprt_ctx; - if (!(conn->flags & CO_FL_CONNECTED)) { + if (conn->flags & CO_FL_WAIT_L6_CONN) { smp->flags |= SMP_F_MAY_CHANGE; return 0; } @@ -8435,7 +8435,7 @@ smp_fetch_ssl_c_ca_err(const struct arg *args, struct sample *smp, const char *k return 0; ctx = conn->xprt_ctx; - if (!(conn->flags & CO_FL_CONNECTED)) { + if (conn->flags & CO_FL_WAIT_L6_CONN) { smp->flags = SMP_F_MAY_CHANGE; return 0; } @@ -8458,7 +8458,7 @@ smp_fetch_ssl_c_ca_err_depth(const struct arg *args, struct sample *smp, const c if (!conn || conn->xprt != &ssl_sock) return 0; - if (!(conn->flags & CO_FL_CONNECTED)) { + if (conn->flags & CO_FL_WAIT_L6_CONN) { smp->flags = SMP_F_MAY_CHANGE; return 0; } @@ -8482,7 +8482,7 @@ smp_fetch_ssl_c_err(const struct arg *args, struct sample *smp, const char *kw, if (!conn || conn->xprt != &ssl_sock) return 0; - if (!(conn->flags & CO_FL_CONNECTED)) { + if (conn->flags & CO_FL_WAIT_L6_CONN) { smp->flags = SMP_F_MAY_CHANGE; return 0; } @@ -8507,7 +8507,7 @@ smp_fetch_ssl_c_verify(const struct arg *args, struct sample *smp, const char *k if (!conn || conn->xprt != &ssl_sock) return 0; - if (!(conn->flags & CO_FL_CONNECTED)) { + if (conn->flags & CO_FL_WAIT_L6_CONN) { smp->flags = SMP_F_MAY_CHANGE; return 0; } diff --git a/src/stream_interface.c b/src/stream_interface.c index e1c51f4d7..a71b2d626 100644 --- a/src/stream_interface.c +++ b/src/stream_interface.c @@ -415,8 +415,7 @@ int conn_si_send_proxy(struct connection *conn, unsigned int flag) /* The connection is ready now, simply return and let the connection * handler notify upper layers if needed. */ - if (conn->flags & CO_FL_WAIT_L4_CONN) - conn->flags &= ~CO_FL_WAIT_L4_CONN; + conn->flags &= ~CO_FL_WAIT_L4_CONN; conn->flags &= ~flag; return 1; @@ -615,7 +614,7 @@ static int si_cs_process(struct conn_stream *cs) } if (!si_state_in(si->state, SI_SB_EST|SI_SB_DIS|SI_SB_CLO) && - (conn->flags & (CO_FL_CONNECTED | CO_FL_HANDSHAKE)) == CO_FL_CONNECTED) { + (conn->flags & (CO_FL_WAIT_L4L6 | CO_FL_HANDSHAKE)) == 0) { si->exp = TICK_ETERNITY; oc->flags |= CF_WRITE_NULL; if (si->state == SI_ST_CON) @@ -1501,7 +1500,7 @@ int si_cs_recv(struct conn_stream *cs) } else if (cs->flags & CS_FL_EOS) { /* connection closed */ - if (conn->flags & CO_FL_CONNECTED) { + if (!(conn->flags & CO_FL_WAIT_L4L6)) { /* we received a shutdown */ ic->flags |= CF_READ_NULL; if (ic->flags & CF_AUTO_CLOSE) diff --git a/src/xprt_handshake.c b/src/xprt_handshake.c index aaf5b6eed..8cd63a12f 100644 --- a/src/xprt_handshake.c +++ b/src/xprt_handshake.c @@ -95,9 +95,6 @@ out: ctx->subs = NULL; } - if (!(conn->flags & CO_FL_ERROR)) - conn->flags |= CO_FL_CONNECTED; - /* Remove ourself from the xprt chain */ if (ctx->wait_event.events != 0) ctx->xprt->unsubscribe(ctx->conn,