close the connection after sending tls alerts in the queue

tempesta-tech · Jul 30, 2019 · bfdc1f8 · bfdc1f8
1 parent 99d75b0
commit bfdc1f8
Showing 1 changed file with 13 additions and 12 deletions.
diff --git a/tempesta_fw/sock.c b/tempesta_fw/sock.c
@@ -866,17 +866,21 @@ ss_tcp_data_ready(struct sock *sk)
 		if (ss_tcp_process_data(sk) &&
 		    !(SS_CONN_TYPE(sk) & Conn_Stop)) {
 			/*
-			 * Drop connection in case of internal errors,
+			 * Close connection in case of internal errors,
 			 * banned packets, or FIN in the received packet,
 			 * and only if it's not on hold until explicitly
 			 * closed.
 			 *
-			 * ss_linkerror() is responsible for calling
+			 * ss_close() is responsible for calling
 			 * application layer connection closing callback.
 			 * The callback will free all SKBs linked with
 			 * the message that is currently being processed.
+			 *
+			 * Use ss_close() to close the connection after
+			 * sending responses in the queue, for example,
+			 * tls alerts
 			 */
-			ss_linkerror(sk);
+			ss_close(sk, SS_F_SYNC);
 		}
 	}
 	else {
@@ -990,7 +994,12 @@ ss_tcp_state_change(struct sock *sk)
 		if (!skb_queue_empty(&sk->sk_receive_queue))
 			ss_tcp_process_data(sk);
 		TFW_DBG2("[%d]: Peer connection closing\n", smp_processor_id());
-		ss_linkerror(sk);
+		/*
+		 * Use ss_close() to close the connection after
+		 * sending responses in the queue, for example,
+		 * tls alerts
+		 */
+		ss_close(sk, SS_F_SYNC);
 	}
 	else if (sk->sk_state == TCP_CLOSE) {
 		/*
@@ -1365,14 +1374,6 @@ ss_tx_action(void)
 			__sk_close_locked(sk); /* paired with bh_lock_sock() */
 			break;
 		case SS_CLOSE:
-			if (!((1 << sk->sk_state)
-			      & (TCPF_ESTABLISHED | TCPF_SYN_SENT)))
-			{
-				TFW_DBG2("[%d]: %s: Socket inactive: sk %p\n",
-				         smp_processor_id(), __func__, sk);
-				bh_unlock_sock(sk);
-				break;
-			}
 			__sk_close_locked(sk); /* paired with bh_lock_sock() */
 			break;
 		default: