MINOR: checks: add linger option to tcp connect

Allow declaring tcpcheck connect commands with a new parameter, "linger". This option will configure the connection to avoid using an RST segment to close, instead following the four-way termination handshake. Some servers would otherwise log each healthcheck as an error.
2025-03-05 10:58:14 +00:00 · 2020-02-07 15:37:17 +01:00 · 2020-02-07 15:37:17 +01:00 · f8ba6773e5
commit f8ba6773e5
parent 1afd826ae4
4 changed files with 16 additions and 3 deletions
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@ -9817,6 +9817,8 @@ tcp-check connect [params*]

    ssl          opens a ciphered connection

+    linger    cleanly close the connection instead of using a single RST.
+
    Examples:
         # check HTTP and HTTPs services on a server.
         # first open port 80 thanks to server line port directive, then
@ -9836,7 +9838,7 @@ tcp-check connect [params*]

         # check both POP and IMAP from a single server:
         option tcp-check
-         tcp-check connect port 110
+         tcp-check connect port 110 linger
         tcp-check expect string +OK\ POP3\ ready
         tcp-check connect port 143
         tcp-check expect string *\ OK\ IMAP4\ ready
--- a/include/types/checks.h
+++ b/include/types/checks.h
@ -223,6 +223,7 @@ enum tcpcheck_rule_type {
 #define TCPCHK_OPT_NONE         0x0000  /* no options specified, default */
 #define TCPCHK_OPT_SEND_PROXY   0x0001  /* send proxy-protocol string */
 #define TCPCHK_OPT_SSL          0x0002  /* SSL connection */
+#define TCPCHK_OPT_LINGER       0x0004  /* Do not RST connection, let it linger */

 struct tcpcheck_rule {
 	struct list list;                       /* list linked to from the proxy */
--- a/src/cfgparse-listen.c
+++ b/src/cfgparse-listen.c
@ -3097,6 +3097,10 @@ stats_error_parsing:
 					cur_arg++;
 				}
 #endif /* USE_OPENSSL */
+				else if (strcmp(args[cur_arg], "linger") == 0) {
+					tcpcheck->conn_opts |= TCPCHK_OPT_LINGER;
+					cur_arg++;
+				}
 				/* comment for this tcpcheck line */
 				else if (strcmp(args[cur_arg], "comment") == 0) {
 					if (!*args[cur_arg + 1]) {
@ -3110,9 +3114,9 @@ stats_error_parsing:
 				}
 				else {
 #ifdef USE_OPENSSL
-					ha_alert("parsing [%s:%d] : '%s %s' expects 'comment', 'port', 'send-proxy' or 'ssl' but got '%s' as argument.\n",
+					ha_alert("parsing [%s:%d] : '%s %s' expects 'comment', 'port', 'send-proxy', 'ssl' or 'linger' but got '%s' as argument.\n",
 #else /* USE_OPENSSL */
-					ha_alert("parsing [%s:%d] : '%s %s' expects 'comment', 'port', 'send-proxy' or but got '%s' as argument.\n",
+					ha_alert("parsing [%s:%d] : '%s %s' expects 'comment', 'port', 'send-proxy' or 'linger' but got '%s' as argument.\n",
 #endif /* USE_OPENSSL */
 						 file, linenum, args[0], args[1], args[cur_arg]);
 					err_code |= ERR_ALERT | ERR_FATAL;
--- a/src/checks.c
+++ b/src/checks.c
@ -2993,6 +2993,12 @@ static int tcpcheck_main(struct check *check)
 					ret = SF_ERR_RESOURCE;
 			}

+			if (conn_ctrl_ready(conn) &&
+			    check->current_step->conn_opts & TCPCHK_OPT_LINGER) {
+				/* Some servers don't like reset on close */
+				fdtab[cs->conn->handle.fd].linger_risk = 0;
+			}
+
 			/* It can return one of :
 			 *  - SF_ERR_NONE if everything's OK
 			 *  - SF_ERR_SRVTO if there are no more servers