From da75705091b9db4fbc40a047208d1d0e49981abf Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Tue, 2 Feb 2016 18:50:47 +0100 Subject: BUG/MEDIUM: http-reuse: do not share private connections across backends When working on the previous bug, it appeared that it the case that was triggering the bug would also work between two backends, one of which doesn't support http-reuse. The reason is that while the idle connection is moved to the private pool, upon reuse we only check if it holds the CO_FL_PRIVATE flag. And we don't set this flag when there's no reuse. So let's always set it in this case, it will guarantee that no undesired connection sharing may happen. This fix must be backported to 1.6. (cherry picked from commit 53f9685b7288e78c80dea4741a6952809ba90c0f) --- src/proto_http.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/src/proto_http.c b/src/proto_http.c index f566874..febe155 100644 --- a/src/proto_http.c +++ b/src/proto_http.c @@ -5251,6 +5251,10 @@ void http_end_txn_clean_session(struct stream *s) srv_conn->flags |= CO_FL_PRIVATE; } + /* Never ever allow to reuse a connection from a non-reuse backend */ + if (srv_conn && (be->options & PR_O_REUSE_MASK) == PR_O_REUSE_NEVR) + srv_conn->flags |= CO_FL_PRIVATE; + if (fe->options2 & PR_O2_INDEPSTR) s->si[1].flags |= SI_FL_INDEP_STR; @@ -5286,8 +5290,7 @@ void http_end_txn_clean_session(struct stream *s) srv = objt_server(srv_conn->target); if (!srv) si_idle_conn(&s->si[1], NULL); - else if ((srv_conn->flags & CO_FL_PRIVATE) || - ((be->options & PR_O_REUSE_MASK) == PR_O_REUSE_NEVR)) + else if (srv_conn->flags & CO_FL_PRIVATE) si_idle_conn(&s->si[1], &srv->priv_conns); else if (prev_flags & TX_NOT_FIRST) /* note: we check the request, not the connection, but -- 1.7.12.1