Hi Cyril, On Tue, Mar 15, 2011 at 10:34:51PM +0100, Cyril Bonté wrote: > Hi Willy and Cory, > > Le mardi 15 mars 2011 22:17:50, Willy Tarreau a écrit : > > > Whether I use "src_conn_cur" or sc1_conn_cur, with or without the table > > > argument, this does not work. No matter how many concurrent connections > > > per ip in the stick table, they never get denied. > > > > > > Any suggestions? > > > > At first glance, I cannot spot anything wrong. > > I think there's a bug in the function acl_fetch_src_conn_cur() : > its code contains return acl_fetch_conn_cnt(...) > where it probably should be return acl_fetch_conn_cur(...)
Oh yes you're damn right! That's a pretty bad copy-paste :-( I was wondering why I never encountered the issue but now it's pretty clear that sc1_conn_cur works. Cory, if you prefer to fix the code, please try the attached patch. Otherwise, you can move your tracking rules to the frontend and use sc1_conn_cur instead of src_conn_cur. Regards, Willy
>From 1b6e608c115ac40e69e473e990aefb6a9cc1bc19 Mon Sep 17 00:00:00 2001 From: Willy Tarreau <[email protected]> Date: Wed, 16 Mar 2011 06:55:50 +0100 Subject: [BUG] session: src_conn_cur was returning src_conn_cnt instead MIME-Version: 1.0 Content-Type: text/plain; charset=latin1 Content-Transfer-Encoding: 8bit Issue reported by Cory Forsyth and diagnosed by Cyril Bonté. Just a plain stupid copy-paste of the wrong fetch function call. --- src/session.c | 2 +- 1 files changed, 1 insertions(+), 1 deletions(-) diff --git a/src/session.c b/src/session.c index 2127576..24df936 100644 --- a/src/session.c +++ b/src/session.c @@ -2533,7 +2533,7 @@ acl_fetch_src_conn_cur(struct proxy *px, struct session *l4, void *l7, int dir, if (!px) return 0; /* table not found */ - return acl_fetch_conn_cnt(&px->table, test, stktable_lookup_key(&px->table, key)); + return acl_fetch_conn_cur(&px->table, test, stktable_lookup_key(&px->table, key)); } /* set test->i to the cumulated number of sessions in the stksess entry <ts> */ -- 1.7.2.1.45.g54fbc
