commit ac796d32181ae09d4225fa5bf3598d4d54d2b8cf
from: Omar Polo <op@omarpolo.com>
date: Fri Jan 28 21:49:15 2022 UTC

fix restart in listener

drop connections in the handshake phase: the listener from where
they've been accepted is now being replaced and its id is no more
meaningful.  Clients for which we have already sent an auth request
are kept.

commit - 59d845219a6112f64530c82f61f611e5a1d81008
commit + ac796d32181ae09d4225fa5bf3598d4d54d2b8cf
blob - 6a96350bfeff8bd73bf19fd118807fe07895bed8
blob + 8ec42aa40d8d39e7adba771bda2f402b047b1e88
--- kamid/listener.c
+++ kamid/listener.c
@@ -544,6 +544,22 @@ apply_config(struct kd_conf *conf)
 {
 	struct kd_pki_conf *pki;
 	struct kd_listen_conf *listen;
+	struct client *c;
+
+	/* drop any pre-auth inflight connections */
+	SPLAY_FOREACH(c, clients_tree_id, &clients) {
+		/*
+		 * c->event is set only during the handshake and the teardown
+		 * of the connection; c->bev is set only after auth.  Checking
+		 * for both ensures we drop only incoming connection in the
+		 * pre-auth state.
+		 */
+		if (event_pending(&c->event, EV_READ|EV_WRITE, NULL) &&
+		    c->bev == NULL) {
+			log_warn("closing in-flight connection due to reload");
+			close_conn(c);
+		}
+	}
 
 	/* swap the now config with the current one */
 	clear_config(listener_conf);