From 53f9685b7288e78c80dea4741a6952809ba90c0f Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Tue, 2 Feb 2016 18:50:47 +0100 Subject: [PATCH] BUG/MEDIUM: http-reuse: do not share private connections across backends When working on the previous bug, it appeared that it the case that was triggering the bug would also work between two backends, one of which doesn't support http-reuse. The reason is that while the idle connection is moved to the private pool, upon reuse we only check if it holds the CO_FL_PRIVATE flag. And we don't set this flag when there's no reuse. So let's always set it in this case, it will guarantee that no undesired connection sharing may happen. This fix must be backported to 1.6. --- src/proto_http.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/proto_http.c b/src/proto_http.c index 2f76afe02..247c3b612 100644 --- a/src/proto_http.c +++ b/src/proto_http.c @@ -5257,6 +5257,10 @@ void http_end_txn_clean_session(struct stream *s) srv_conn->flags |= CO_FL_PRIVATE; } + /* Never ever allow to reuse a connection from a non-reuse backend */ + if (srv_conn && (be->options & PR_O_REUSE_MASK) == PR_O_REUSE_NEVR) + srv_conn->flags |= CO_FL_PRIVATE; + if (fe->options2 & PR_O2_INDEPSTR) s->si[1].flags |= SI_FL_INDEP_STR; @@ -5292,8 +5296,7 @@ void http_end_txn_clean_session(struct stream *s) srv = objt_server(srv_conn->target); if (!srv) si_idle_conn(&s->si[1], NULL); - else if ((srv_conn->flags & CO_FL_PRIVATE) || - ((be->options & PR_O_REUSE_MASK) == PR_O_REUSE_NEVR)) + else if (srv_conn->flags & CO_FL_PRIVATE) si_idle_conn(&s->si[1], &srv->priv_conns); else if (prev_flags & TX_NOT_FIRST) /* note: we check the request, not the connection, but