From f50ec0fdbc7f5c8eff3fa91c09ce19c5df3cf8d6 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Tue, 29 Sep 2015 18:11:32 +0200
Subject: [PATCH] BUG/MINOR: tcp: make silent-drop always force a TCP reset

The silent-drop action is supposed to close with a TCP reset that is
either not sent or not too far. But since it's on the client-facing
side, the socket's lingering is enabled by default and the RST only
occurs if some pending unread data remain in the queue when closing.
This causes some clean shutdowns to occur with retransmits, which is
not good at all. Force linger_risk on the socket to flush all data
and destroy the socket.

No backport is needed, this was introduced in 1.6-dev6.
---
 src/proto_tcp.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/proto_tcp.c b/src/proto_tcp.c
index f6988898e..4c5005e0d 100644
--- a/src/proto_tcp.c
+++ b/src/proto_tcp.c
@@ -1445,6 +1445,11 @@ static enum act_return tcp_exec_action_silent_drop(struct act_rule *rule, struct
 	if (strm)
 		strm->si[0].flags |= SI_FL_NOLINGER;
 
+	/* We're on the client-facing side, we must force to disable lingering to
+	 * ensure we will use an RST exclusively and kill any pending data.
+	 */
+	fdtab[conn->t.sock.fd].linger_risk = 1;
+
 #ifdef TCP_REPAIR
 	if (setsockopt(conn->t.sock.fd, SOL_TCP, TCP_REPAIR, &one, sizeof(one)) == 0) {
 		/* socket will be quiet now */