nic-6443 opened a new pull request, #13516: URL: https://github.com/apache/apisix/pull/13516
### Description When multiple plugin configurations point at the same redis `host:port` but use a different `redis_database`, `redis_username` or `redis_password`, their counters end up mixed together. For example, two routes using `limit-count` with `policy: redis` against the same redis instance but `redis_database: 1` and `redis_database: 2` cross-contaminate: route A's `plugin-limit-count*` keys land in route B's database and vice versa. Root cause: `apisix/utils/redis.lua` calls `red:connect()` without an explicit `pool` option, so the cosocket keepalive pool defaults to `host:port` and is shared by all configurations pointing at that address, while `AUTH` and `SELECT` are only executed on fresh connections (`get_reused_times() == 0`). A connection created (and `SELECT`ed / `AUTH`ed) for one configuration is later reused as-is by another configuration with a different database or credentials. Fix: pass an explicit `pool` name in the connect options so each keepalive pool only holds connections with the same scheme (redis/rediss), host, port, database and credentials. Credentials are included as a crc32 digest rather than plaintext. `AUTH`/`SELECT` on fresh connections only remains correct once pools are homogeneous. This affects `limit-count`, `limit-req` and `limit-conn` with `policy: redis`, since they all share `apisix/utils/redis.lua` and return connections to the pool via `set_keepalive`. #### Which issue(s) this PR fixes: Fixes #13454 ### Checklist - [x] I have explained the need for this PR and the problem it solves - [x] I have explained the changes or the new features added to this PR - [x] I have added tests corresponding to this change - [ ] I have updated the documentation to reflect this change - [x] I have verified that this change is backward compatible (If not, please discuss on the [APISIX mailing list](https://github.com/apache/apisix/tree/master#community) first) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
