From 0f73eff96a6480d7791b54843238f5c16de6453d Mon Sep 17 00:00:00 2001 From: heil Date: Thu, 16 Mar 2017 22:35:59 +0100 Subject: [PATCH] package: haproxy - bump to stable 1.7.3 and pending patches from upstream Signed-off-by: heil --- net/haproxy/Makefile | 18 ++-- ...-Fix-how-backend-specific-analyzers-.patch | 36 ------- ...n-when-some-HTTP-rules-are-used-in-a.patch | 61 +++++++++++ ...ix-soft-stop-handler-using-a-specifi.patch | 58 ++++++++++ ...ix-parsing-of-arguments-in-spoe-mess.patch | 33 ++++++ ...lear-OpenSSL-error-stack-after-tryin.patch | 44 ++++++++ ...revent-double-free-in-CLI-ACL-lookup.patch | 32 ++++++ ...OR-Fix-get-map-map-value-CLI-command.patch | 32 ++++++ ...tion-update-CO_FL_CONNECTED-before-c.patch | 100 ++++++++++++++++++ 9 files changed, 369 insertions(+), 45 deletions(-) delete mode 100644 net/haproxy/patches/0001-BUG-MINOR-stream-Fix-how-backend-specific-analyzers-.patch create mode 100644 net/haproxy/patches/0001-MINOR-config-warn-when-some-HTTP-rules-are-used-in-a.patch create mode 100644 net/haproxy/patches/0002-BUG-MINOR-spoe-Fix-soft-stop-handler-using-a-specifi.patch create mode 100644 net/haproxy/patches/0003-BUG-MINOR-spoe-Fix-parsing-of-arguments-in-spoe-mess.patch create mode 100644 net/haproxy/patches/0004-BUG-MEDIUM-ssl-Clear-OpenSSL-error-stack-after-tryin.patch create mode 100644 net/haproxy/patches/0005-BUG-MEDIUM-cli-Prevent-double-free-in-CLI-ACL-lookup.patch create mode 100644 net/haproxy/patches/0006-BUG-MINOR-Fix-get-map-map-value-CLI-command.patch create mode 100644 net/haproxy/patches/0007-BUG-MAJOR-connection-update-CO_FL_CONNECTED-before-c.patch diff --git a/net/haproxy/Makefile b/net/haproxy/Makefile index 11aca06cd..d84d81e85 100644 --- a/net/haproxy/Makefile +++ b/net/haproxy/Makefile @@ -9,12 +9,12 @@ include $(TOPDIR)/rules.mk PKG_NAME:=haproxy -PKG_VERSION:=1.7.2 -PKG_RELEASE:=01 +PKG_VERSION:=1.7.3 +PKG_RELEASE:=07 PKG_SOURCE:=haproxy-$(PKG_VERSION).tar.gz PKG_SOURCE_URL:=http://haproxy.1wt.eu/download/1.7/src/ -PKG_MD5SUM:=7330b36f3764ebe409e9305803dc30e2 +PKG_MD5SUM:=e529c240c08e4004c6e9dcf3fd6b3ab PKG_BUILD_DIR:=$(BUILD_DIR)/$(PKG_NAME)-$(BUILD_VARIANT)/$(PKG_NAME)-$(PKG_VERSION) PKG_LICENSE:=GPL-2.0 @@ -120,16 +120,16 @@ define Build/Compile $(MAKE) TARGET=$(LINUX_TARGET) -C $(PKG_BUILD_DIR) \ DESTDIR="$(PKG_INSTALL_DIR)" \ CC="$(TARGET_CC)" \ - $(ADDON) - CFLAGS="$(TARGET_CFLAGS) -fno-align-jumps -fno-align-functions -fno-align-labels -fno-align-loops -pipe -fomit-frame-pointer -fhonour-copts" \ - LD="$(TARGET_LD)" \ - LDFLAGS="$(TARGET_LDFLAGS) -lcurses -lreadline" \ PCREDIR="$(STAGING_DIR)/usr/include" \ SMALL_OPTS="-DBUFSIZE=16384 -DMAXREWRITE=1030 -DSYSTEM_MAXCONN=165530 " \ USE_LINUX_TPROXY=1 USE_LINUX_SPLICE=1 USE_REGPARM=1 \ - USE_ZLIB=yes USE_PCRE=1 \ + USE_ZLIB=yes USE_PCRE=1 USE_PCRE_JIT=1\ VERSION="$(PKG_VERSION)-patch$(PKG_RELEASE)" \ - IGNOREGIT=1 + $(ADDON) + CFLAGS="$(TARGET_CFLAGS) -fno-align-jumps -fno-align-functions -fno-align-labels -fno-align-loops -pipe -fomit-frame-pointer -fhonour-copts" \ + LD="$(TARGET_LD)" \ + LDFLAGS="$(TARGET_LDFLAGS) -lcurses -lreadline" \ + GNOREGIT=1 $(MAKE_VARS) $(MAKE) -C $(PKG_BUILD_DIR) \ DESTDIR="$(PKG_INSTALL_DIR)" \ diff --git a/net/haproxy/patches/0001-BUG-MINOR-stream-Fix-how-backend-specific-analyzers-.patch b/net/haproxy/patches/0001-BUG-MINOR-stream-Fix-how-backend-specific-analyzers-.patch deleted file mode 100644 index 0bb430b44..000000000 --- a/net/haproxy/patches/0001-BUG-MINOR-stream-Fix-how-backend-specific-analyzers-.patch +++ /dev/null @@ -1,36 +0,0 @@ -From 7a03968243dbad8cab1a3bdd75794c4d7cc18d96 Mon Sep 17 00:00:00 2001 -From: Christopher Faulet -Date: Mon, 9 Jan 2017 16:33:19 +0100 -Subject: [PATCH] BUG/MINOR: stream: Fix how backend-specific analyzers are set - on a stream - -When the stream's backend was defined, the request's analyzers flag was always -set to 0 if the stream had no listener. This bug was introduced with the filter -API but never triggered (I think so). - -Because of the commit 5820a366, it is now possible to encountered it. For -example, this happens when the trace filter is enabled on a SPOE backend. The -fix is pretty trivial. - -This fix must be backported to 1.7. -(cherry picked from commit 70e2f272127a931a7b245a95e3a022879145e1dd) ---- - src/proxy.c | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/src/proxy.c b/src/proxy.c -index fec2555..a84a08f 100644 ---- a/src/proxy.c -+++ b/src/proxy.c -@@ -1156,7 +1156,7 @@ int stream_set_backend(struct stream *s, struct proxy *be) - * be more reliable to store the list of analysers that have been run, - * but what we do here is OK for now. - */ -- s->req.analysers |= be->be_req_ana & (strm_li(s) ? ~strm_li(s)->analysers : 0); -+ s->req.analysers |= be->be_req_ana & ~(strm_li(s) ? strm_li(s)->analysers : 0); - - /* If the target backend requires HTTP processing, we have to allocate - * the HTTP transaction and hdr_idx if we did not have one. --- -2.10.2 - diff --git a/net/haproxy/patches/0001-MINOR-config-warn-when-some-HTTP-rules-are-used-in-a.patch b/net/haproxy/patches/0001-MINOR-config-warn-when-some-HTTP-rules-are-used-in-a.patch new file mode 100644 index 000000000..a956acafd --- /dev/null +++ b/net/haproxy/patches/0001-MINOR-config-warn-when-some-HTTP-rules-are-used-in-a.patch @@ -0,0 +1,61 @@ +From 91715c09a4595af6451ad97c43bf41fec107c69e Mon Sep 17 00:00:00 2001 +From: Willy Tarreau +Date: Fri, 10 Mar 2017 11:49:21 +0100 +Subject: [PATCH 1/7] MINOR: config: warn when some HTTP rules are used in a + TCP proxy + +Surprizingly, http-request, http-response, block, redirect, and capture +rules did not cause a warning to be emitted when used in a TCP proxy, so +let's fix this. + +This patch may be backported to older versions as it helps spotting +configuration issues. +(cherry picked from commit de7dc88c517e22d3ae02ce8a8a23046ab2c62238) +--- + src/cfgparse.c | 30 ++++++++++++++++++++++++++++++ + 1 file changed, 30 insertions(+) + +diff --git a/src/cfgparse.c b/src/cfgparse.c +index fc6e149..d8d2fda 100644 +--- a/src/cfgparse.c ++++ b/src/cfgparse.c +@@ -8681,6 +8681,36 @@ out_uri_auth_compat: + curproxy->uri_auth = NULL; + } + ++ if (curproxy->capture_name) { ++ Warning("config : 'capture' statement ignored for %s '%s' as it requires HTTP mode.\n", ++ proxy_type_str(curproxy), curproxy->id); ++ err_code |= ERR_WARN; ++ } ++ ++ if (!LIST_ISEMPTY(&curproxy->http_req_rules)) { ++ Warning("config : 'http-request' rules ignored for %s '%s' as they require HTTP mode.\n", ++ proxy_type_str(curproxy), curproxy->id); ++ err_code |= ERR_WARN; ++ } ++ ++ if (!LIST_ISEMPTY(&curproxy->http_res_rules)) { ++ Warning("config : 'http-response' rules ignored for %s '%s' as they require HTTP mode.\n", ++ proxy_type_str(curproxy), curproxy->id); ++ err_code |= ERR_WARN; ++ } ++ ++ if (!LIST_ISEMPTY(&curproxy->block_rules)) { ++ Warning("config : 'block' rules ignored for %s '%s' as they require HTTP mode.\n", ++ proxy_type_str(curproxy), curproxy->id); ++ err_code |= ERR_WARN; ++ } ++ ++ if (!LIST_ISEMPTY(&curproxy->redirect_rules)) { ++ Warning("config : 'redirect' rules ignored for %s '%s' as they require HTTP mode.\n", ++ proxy_type_str(curproxy), curproxy->id); ++ err_code |= ERR_WARN; ++ } ++ + if (curproxy->options & (PR_O_FWDFOR | PR_O_FF_ALWAYS)) { + Warning("config : 'option %s' ignored for %s '%s' as it requires HTTP mode.\n", + "forwardfor", proxy_type_str(curproxy), curproxy->id); +-- +2.10.2 + diff --git a/net/haproxy/patches/0002-BUG-MINOR-spoe-Fix-soft-stop-handler-using-a-specifi.patch b/net/haproxy/patches/0002-BUG-MINOR-spoe-Fix-soft-stop-handler-using-a-specifi.patch new file mode 100644 index 000000000..523c2e323 --- /dev/null +++ b/net/haproxy/patches/0002-BUG-MINOR-spoe-Fix-soft-stop-handler-using-a-specifi.patch @@ -0,0 +1,58 @@ +From 8253b517585a664be53718f1522e24291f553d95 Mon Sep 17 00:00:00 2001 +From: Christopher Faulet +Date: Thu, 23 Feb 2017 10:17:15 +0100 +Subject: [PATCH 2/7] BUG/MINOR: spoe: Fix soft stop handler using a specific + id for spoe filters + +During a soft stop, we need to wakeup all SPOE applets to stop them. So we loop +on all proxies, and for each proxy, on all filters. But we must be sure to only +handle SPOE filters here. To do so, we use a specific id. +(cherry picked from commit 3b386a318f699def6f37b4d3199cd1d72c481a0f) +--- + src/flt_spoe.c | 14 ++++++++++++-- + 1 file changed, 12 insertions(+), 2 deletions(-) + +diff --git a/src/flt_spoe.c b/src/flt_spoe.c +index aa6414a..2a96c65 100644 +--- a/src/flt_spoe.c ++++ b/src/flt_spoe.c +@@ -235,6 +235,9 @@ struct spoe_context { + unsigned int process_exp; /* expiration date to process an event */ + }; + ++/* SPOE filter id. Used to identify SPOE filters */ ++const char *spoe_filter_id = "SPOE filter"; ++ + /* Set if the handle on SIGUSR1 is registered */ + static int sighandler_registered = 0; + +@@ -2286,10 +2289,16 @@ sig_stop_spoe(struct sig_handler *sh) + struct flt_conf *fconf; + + list_for_each_entry(fconf, &p->filter_configs, list) { +- struct spoe_config *conf = fconf->conf; +- struct spoe_agent *agent = conf->agent; ++ struct spoe_config *conf; ++ struct spoe_agent *agent; + struct appctx *appctx; + ++ if (fconf->id != spoe_filter_id) ++ continue; ++ ++ conf = fconf->conf; ++ agent = conf->agent; ++ + list_for_each_entry(appctx, &agent->cache, ctx.spoe.list) { + si_applet_want_get(appctx->owner); + si_applet_want_put(appctx->owner); +@@ -3178,6 +3187,7 @@ parse_spoe_flt(char **args, int *cur_arg, struct proxy *px, + } + + *cur_arg = pos; ++ fconf->id = spoe_filter_id; + fconf->ops = &spoe_ops; + fconf->conf = conf; + return 0; +-- +2.10.2 + diff --git a/net/haproxy/patches/0003-BUG-MINOR-spoe-Fix-parsing-of-arguments-in-spoe-mess.patch b/net/haproxy/patches/0003-BUG-MINOR-spoe-Fix-parsing-of-arguments-in-spoe-mess.patch new file mode 100644 index 000000000..1c6ea6db5 --- /dev/null +++ b/net/haproxy/patches/0003-BUG-MINOR-spoe-Fix-parsing-of-arguments-in-spoe-mess.patch @@ -0,0 +1,33 @@ +From a208d4dd73794b67a59dae7e3077378473650d6c Mon Sep 17 00:00:00 2001 +From: Christopher Faulet +Date: Thu, 23 Feb 2017 22:41:09 +0100 +Subject: [PATCH 3/7] BUG/MINOR: spoe: Fix parsing of arguments in spoe-message + section + +The array of pointers passed to sample_parse_expr was not really an array but a +pointer to pointer. So it can easily lead to a segfault during the configuration +parsing. +(cherry picked from commit b0b42388259224be54bf504fa559803b39d6453c) +--- + src/flt_spoe.c | 5 +++-- + 1 file changed, 3 insertions(+), 2 deletions(-) + +diff --git a/src/flt_spoe.c b/src/flt_spoe.c +index 2a96c65..57fb1da 100644 +--- a/src/flt_spoe.c ++++ b/src/flt_spoe.c +@@ -2966,8 +2966,9 @@ cfg_parse_spoe_message(const char *file, int linenum, char **args, int kwm) + arg->name_len = delim - args[cur_arg]; + delim++; + } +- +- arg->expr = sample_parse_expr(&delim, &idx, file, linenum, &errmsg, &curproxy->conf.args); ++ arg->expr = sample_parse_expr((char*[]){delim, NULL}, ++ &idx, file, linenum, &errmsg, ++ &curproxy->conf.args); + if (arg->expr == NULL) { + Alert("parsing [%s:%d] : '%s': %s.\n", file, linenum, args[0], errmsg); + err_code |= ERR_ALERT | ERR_FATAL; +-- +2.10.2 + diff --git a/net/haproxy/patches/0004-BUG-MEDIUM-ssl-Clear-OpenSSL-error-stack-after-tryin.patch b/net/haproxy/patches/0004-BUG-MEDIUM-ssl-Clear-OpenSSL-error-stack-after-tryin.patch new file mode 100644 index 000000000..d00905310 --- /dev/null +++ b/net/haproxy/patches/0004-BUG-MEDIUM-ssl-Clear-OpenSSL-error-stack-after-tryin.patch @@ -0,0 +1,44 @@ +From 821d3a9f513a63b06f1696352392996391807c16 Mon Sep 17 00:00:00 2001 +From: Janusz Dziemidowicz +Date: Wed, 8 Mar 2017 16:59:41 +0100 +Subject: [PATCH 4/7] BUG/MEDIUM: ssl: Clear OpenSSL error stack after trying + to parse OCSP file + +Invalid OCSP file (for example empty one that can be used to enable +OCSP response to be set dynamically later) causes errors that are +placed on OpenSSL error stack. Those errors are not cleared so +anything that checks this stack later will fail. + +Following configuration: + bind :443 ssl crt crt1.pem crt crt2.pem + +With following files: + crt1.pem + crt1.pem.ocsp - empty one + crt2.pem.rsa + crt2.pem.ecdsa + +Will fail to load. + +This patch should be backported to 1.7. +(cherry picked from commit 8d7104982e1c41f7dc4d75ae7f7d2bbb96052d40) +--- + src/ssl_sock.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/src/ssl_sock.c b/src/ssl_sock.c +index cc2dc12..daa584c 100644 +--- a/src/ssl_sock.c ++++ b/src/ssl_sock.c +@@ -433,6 +433,8 @@ static int ssl_sock_load_ocsp_response(struct chunk *ocsp_response, struct certi + + ret = 0; + out: ++ ERR_clear_error(); ++ + if (bs) + OCSP_BASICRESP_free(bs); + +-- +2.10.2 + diff --git a/net/haproxy/patches/0005-BUG-MEDIUM-cli-Prevent-double-free-in-CLI-ACL-lookup.patch b/net/haproxy/patches/0005-BUG-MEDIUM-cli-Prevent-double-free-in-CLI-ACL-lookup.patch new file mode 100644 index 000000000..e91b46f15 --- /dev/null +++ b/net/haproxy/patches/0005-BUG-MEDIUM-cli-Prevent-double-free-in-CLI-ACL-lookup.patch @@ -0,0 +1,32 @@ +From e9607769d56373cf29c4df040f605191603beb50 Mon Sep 17 00:00:00 2001 +From: Nenad Merdanovic +Date: Sun, 12 Mar 2017 22:01:35 +0100 +Subject: [PATCH 5/7] BUG/MEDIUM: cli: Prevent double free in CLI ACL lookup + +The memory is released by cli_release_mlook, which also properly sets the +pointer to NULL. This was introduced with a big code reorganization +involving moving to the new keyword registration form in commit ad8be61c7. + +This fix needs to be backported to 1.7. + +Signed-off-by: Nenad Merdanovic +(cherry picked from commit 24f45d8e34797ed9c16ac3fa6d89f3eed435e706) +--- + src/map.c | 1 - + 1 file changed, 1 deletion(-) + +diff --git a/src/map.c b/src/map.c +index b6fce4d..90deb08 100644 +--- a/src/map.c ++++ b/src/map.c +@@ -524,7 +524,6 @@ static int cli_io_handler_map_lookup(struct appctx *appctx) + + default: + appctx->st2 = STAT_ST_FIN; +- free(appctx->ctx.map.chunk.str); + return 1; + } + } +-- +2.10.2 + diff --git a/net/haproxy/patches/0006-BUG-MINOR-Fix-get-map-map-value-CLI-command.patch b/net/haproxy/patches/0006-BUG-MINOR-Fix-get-map-map-value-CLI-command.patch new file mode 100644 index 000000000..4aa1512e9 --- /dev/null +++ b/net/haproxy/patches/0006-BUG-MINOR-Fix-get-map-map-value-CLI-command.patch @@ -0,0 +1,32 @@ +From e1008f22fbb9c08080aad9f998a557170b96f3f9 Mon Sep 17 00:00:00 2001 +From: Nenad Merdanovic +Date: Sun, 12 Mar 2017 22:01:36 +0100 +Subject: [PATCH 6/7] BUG/MINOR: Fix "get map " CLI command + +The said form of the CLI command didn't return anything since commit +ad8be61c7. + +This fix needs to be backported to 1.7. + +Signed-off-by: Nenad Merdanovic +(cherry picked from commit 96c15719434a4eb46e191fcf1dafcb051065a76e) +--- + src/map.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/src/map.c b/src/map.c +index 90deb08..e8c6a2a 100644 +--- a/src/map.c ++++ b/src/map.c +@@ -906,7 +906,7 @@ static struct cli_kw_list cli_kws = {{ },{ + { { "add", "map", NULL }, "add map : add map entry", cli_parse_add_map, NULL }, + { { "clear", "map", NULL }, "clear map : clear the content of this map", cli_parse_clear_map, NULL }, + { { "del", "map", NULL }, "del map : delete map entry", cli_parse_del_map, NULL }, +- { { "get", "map", NULL }, "get map : report the keys and values matching a sample for a map", cli_parse_get_map, NULL }, ++ { { "get", "map", NULL }, "get map : report the keys and values matching a sample for a map", cli_parse_get_map, cli_io_handler_map_lookup, cli_release_mlook }, + { { "set", "map", NULL }, "set map : modify map entry", cli_parse_set_map, NULL }, + { { "show", "map", NULL }, "show map [id] : report available maps or dump a map's contents", cli_parse_show_map, NULL }, + { { NULL }, NULL, NULL, NULL } +-- +2.10.2 + diff --git a/net/haproxy/patches/0007-BUG-MAJOR-connection-update-CO_FL_CONNECTED-before-c.patch b/net/haproxy/patches/0007-BUG-MAJOR-connection-update-CO_FL_CONNECTED-before-c.patch new file mode 100644 index 000000000..4c0a1a1b7 --- /dev/null +++ b/net/haproxy/patches/0007-BUG-MAJOR-connection-update-CO_FL_CONNECTED-before-c.patch @@ -0,0 +1,100 @@ +From afbf56b951967e8fa4d509e423fdcb11c27d40e2 Mon Sep 17 00:00:00 2001 +From: Willy Tarreau +Date: Tue, 14 Mar 2017 20:19:29 +0100 +Subject: [PATCH 7/7] BUG/MAJOR: connection: update CO_FL_CONNECTED before + calling the data layer + +Matthias Fechner reported a regression in 1.7.3 brought by the backport +of commit 819efbf ("BUG/MEDIUM: tcp: don't poll for write when connect() +succeeds"), causing some connections to fail to establish once in a while. +While this commit itself was a fix for a bad sequencing of connection +events, it in fact unveiled a much deeper bug going back to the connection +rework era in v1.5-dev12 : 8f8c92f ("MAJOR: connection: add a new +CO_FL_CONNECTED flag"). + +It's worth noting that in a lab reproducing a similar environment as +Matthias' about only 1 every 19000 connections exhibit this behaviour, +making the issue not so easy to observe. A trick to make the problem +more observable consists in disabling non-blocking mode on the socket +before calling connect() and re-enabling it later, so that connect() +always succeeds. Then it becomes 100% reproducible. + +The problem is that this CO_FL_CONNECTED flag is tested after deciding to +call the data layer (typically the stream interface but might be a health +check as well), and that the decision to call the data layer relies on a +change of one of the flags covered by the CO_FL_CONN_STATE set, which is +made of CO_FL_CONNECTED among others. + +Before the fix above, this bug couldn't appear with TCP but it could +appear with Unix sockets. Indeed, connect() was always considered +blocking so the CO_FL_WAIT_L4_CONN connection flag was always set, and +polling for write events was always enabled. This used to guarantee that +the conn_fd_handler() could detect a change among the CO_FL_CONN_STATE +flags. + +Now with the fix above, if a connect() immediately succeeds for non-ssl +connection with send-proxy enabled, and no data in the buffer (thus TCP +mode only), the CO_FL_WAIT_L4_CONN flag is not set, the lack of data in +the buffer doesn't enable polling flags for the data layer, the +CO_FL_CONNECTED flag is not set due to send-proxy still being pending, +and once send-proxy is done, its completion doesn't cause the data layer +to be woken up due to the fact that CO_FL_CONNECT is still not present +and that the CO_FL_SEND_PROXY flag is not watched in CO_FL_CONN_STATE. + +Then no progress is made when data are received from the client (and +attempted to be forwarded), because a CF_WRITE_NULL (or CF_WRITE_PARTIAL) +flag is needed for the stream-interface state to turn from SI_ST_CON to +SI_ST_EST, allowing ->chk_snd() to be called when new data arrive. And +the only way to set this flag is to call the data layer of course. + +After the connect timeout, the connection gets killed and if in the mean +time some data have accumulated in the buffer, the retry will succeed. + +This patch fixes this situation by simply placing the update of +CO_FL_CONNECTED where it should have been, before the check for a flag +change needed to wake up the data layer and not after. + +This fix must be backported to 1.7, 1.6 and 1.5. Versions not having +the patch above are still affected for unix sockets. + +Special thanks to Matthias Fechner who provided a very detailed bug +report with a bisection designating the faulty patch, and to Olivier +Houchard for providing full access to a pretty similar environment where +the issue could first be reproduced. +(cherry picked from commit 7bf3fa3c23f6a1b7ed1212783507ac50f7e27544) +--- + src/connection.c | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/src/connection.c b/src/connection.c +index 26fc5f6..1e4c9aa 100644 +--- a/src/connection.c ++++ b/src/connection.c +@@ -131,6 +131,13 @@ void conn_fd_handler(int fd) + } + + leave: ++ /* Verify if the connection just established. The CO_FL_CONNECTED flag ++ * being included in CO_FL_CONN_STATE, its change will be noticed by ++ * the next block and be used to wake up the data layer. ++ */ ++ if (unlikely(!(conn->flags & (CO_FL_WAIT_L4_CONN | CO_FL_WAIT_L6_CONN | CO_FL_CONNECTED)))) ++ conn->flags |= CO_FL_CONNECTED; ++ + /* The wake callback may be used to process a critical error and abort the + * connection. If so, we don't want to go further as the connection will + * have been released and the FD destroyed. +@@ -140,10 +147,6 @@ void conn_fd_handler(int fd) + conn->data->wake(conn) < 0) + return; + +- /* Last check, verify if the connection just established */ +- if (unlikely(!(conn->flags & (CO_FL_WAIT_L4_CONN | CO_FL_WAIT_L6_CONN | CO_FL_CONNECTED)))) +- conn->flags |= CO_FL_CONNECTED; +- + /* remove the events before leaving */ + fdtab[fd].ev &= FD_POLL_STICKY; + +-- +2.10.2 +