LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
12720 Commits
1 Branch
46 MiB
 
 
 
 
 
 
Tree: 9b83d51ddc
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '9b83d51ddc'
${ noResults }
openwrt-packages-dist/net/haproxy/patches/0006-BUG-MEDIUM-Cur-CumSslC...

62 lines
1.9 KiB
Raw Blame History

commit 30ba96df349ace825749a57490defeb50001a550
Author: Emeric Brun <ebrun@haproxy.com>
Date: Wed Oct 10 14:51:02 2018 +0200
BUG/MEDIUM: Cur/CumSslConns counters not threadsafe.
CurSslConns inc/dec operations are not threadsafe. The unsigned CurSslConns
counter can wrap to a negative value. So we could notice connection rejects
because of MaxSslConns limit artificially exceeded.
CumSslConns inc operation are also not threadsafe so we could miss
some connections and show inconsistenties values compared to CumConns.
This fix should be backported to v1.8.
(cherry picked from commit 7ad43e7928c9a61b40332e4d5e9a7ccc33e6b65b)
Signed-off-by: Willy Tarreau <w@1wt.eu>
diff --git a/src/ssl_sock.c b/src/ssl_sock.c
index 2da0df68..6eed8022 100644
--- a/src/ssl_sock.c
+++ b/src/ssl_sock.c
@@ -491,7 +491,7 @@ static void ssl_async_fd_free(int fd)
/* Now we can safely call SSL_free, no more pending job in engines */
SSL_free(ssl);
- sslconns--;
+ HA_ATOMIC_SUB(&sslconns, 1);
HA_ATOMIC_SUB(&jobs, 1);
}
/*
@@ -5011,8 +5011,8 @@ static int ssl_sock_init(struct connection *conn)
/* leave init state and start handshake */
conn->flags |= CO_FL_SSL_WAIT_HS | CO_FL_WAIT_L6_CONN;
- sslconns++;
- totalsslconns++;
+ HA_ATOMIC_ADD(&sslconns, 1);
+ HA_ATOMIC_ADD(&totalsslconns, 1);
return 0;
}
else if (objt_listener(conn->target)) {
@@ -5062,8 +5062,8 @@ static int ssl_sock_init(struct connection *conn)
conn->flags |= CO_FL_EARLY_SSL_HS;
#endif
- sslconns++;
- totalsslconns++;
+ HA_ATOMIC_ADD(&sslconns, 1);
+ HA_ATOMIC_ADD(&totalsslconns, 1);
return 0;
}
/* don't know how to handle such a target */
@@ -5713,7 +5713,7 @@ static void ssl_sock_close(struct connection *conn) {
#endif
SSL_free(conn->xprt_ctx);
conn->xprt_ctx = NULL;
- sslconns--;
+ HA_ATOMIC_SUB(&sslconns, 1);
}
}