RepoMirrors/haproxy
1
0
Fork 0
mirror of http://git.haproxy.org/git/haproxy.git/ synced 2025-01-19 12:10:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

REORG/MINOR: session: detect the TCP monitor checks at the protocol accept

Browse Source 
It does not make sense anymore to wait for a session creation to process
a TCP monitor check which only closes the connection and returns. Better
to process this immediately after the accept() return. It also saves us
from counting a connection for monitor checks, which is much more logical.
This commit is contained in:
Willy Tarreau 2012-05-20 19:22:25 +02:00
parent a190d591fc
commit fe7f1ea68e
2 changed files with 23 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/protocols.c
View File

@ -339,6 +339,18 @@ int listener_accept(int fd)
} }
} }
/* if this connection comes from a known monitoring system, we want to ignore
* it as soon as possible, which means closing it immediately if it is only a
* TCP-based monitoring check.
*/
if (unlikely((l->options & LI_O_CHK_MONNET) &&
(p->mode == PR_MODE_TCP) &&
addr.ss_family == AF_INET &&
(((struct sockaddr_in *)&addr)->sin_addr.s_addr & p->mon_mask.s_addr) == p->mon_net.s_addr)) {
close(cfd);
continue;
}
if (unlikely(cfd >= global.maxsock)) { if (unlikely(cfd >= global.maxsock)) {
send_log(p, LOG_EMERG, send_log(p, LOG_EMERG,
"Proxy %s reached the configured maximum connection limit. Please check the global 'maxconn' value.\n", "Proxy %s reached the configured maximum connection limit. Please check the global 'maxconn' value.\n",

26
src/session.c
View File

@ -75,21 +75,6 @@ int session_accept(struct listener *l, int cfd, struct sockaddr_storage *addr)
s->stkctr1_table = NULL; s->stkctr1_table = NULL;
s->stkctr2_table = NULL; s->stkctr2_table = NULL;
/* if this session comes from a known monitoring system, we want to ignore
* it as soon as possible, which means closing it immediately for TCP, but
* cleanly.
*/
if (unlikely((l->options & LI_O_CHK_MONNET) &&
addr->ss_family == AF_INET &&
(((struct sockaddr_in *)addr)->sin_addr.s_addr & p->mon_mask.s_addr) == p->mon_net.s_addr)) {
if (p->mode == PR_MODE_TCP) {
ret = 0; /* successful termination */
goto out_free_session;
}
s->flags |= SN_MONITOR;
s->logs.logwait = 0;
}
if (unlikely((t = task_new()) == NULL)) if (unlikely((t = task_new()) == NULL))
goto out_free_session; goto out_free_session;
@ -122,6 +107,17 @@ int session_accept(struct listener *l, int cfd, struct sockaddr_storage *addr)
s->be = s->fe = p; s->be = s->fe = p;
s->req = s->rep = NULL; /* will be allocated later */ s->req = s->rep = NULL; /* will be allocated later */
/* if this session comes from a known monitoring system, we want to ignore
* it as soon as possible, which means closing it immediately for TCP, but
* cleanly.
*/
if (unlikely((l->options & LI_O_CHK_MONNET) &&
addr->ss_family == AF_INET &&
(((struct sockaddr_in *)addr)->sin_addr.s_addr & p->mon_mask.s_addr) == p->mon_net.s_addr)) {
s->flags |= SN_MONITOR;
s->logs.logwait = 0;
}
/* now evaluate the tcp-request layer4 rules. Since we expect to be able /* now evaluate the tcp-request layer4 rules. Since we expect to be able
* to abort right here as soon as possible, we check the rules before * to abort right here as soon as possible, we check the rules before
* even initializing the stream interfaces. * even initializing the stream interfaces.