Fix crash on an empty account descriptor for HTTP limiting: add a

new listening port to the bitmap before moving the socket to listening
state - this way we guarantee that HTTP limiting is called on the
initialized accounting descriptor.

The problem appears on constant system restart under 2000 HTTPS
connections from wrk.

fw/http_limits.c

@@ -1443,7 +1443,6 @@ frang_tls_handler(TlsCtx *tls, int state)
 	TfwVhost *dflt_vh = tfw_vhost_lookup_default();
 	int r;
 
-	BUG_ON(!ra); // TODO #1643 remove me
 	if (WARN_ON_ONCE(!dflt_vh))
 		return TFW_BLOCK;
 
@@ -1470,7 +1469,6 @@ static DECLARE_BITMAP(tfw_inports, 65536) __read_mostly;
 void
 tfw_classifier_add_inport(__be16 port)
 {
-	pr_err("AK_DBG 1643: set port %x in bitmap\n", port); // TODO #1643 remove me
 	set_bit(port, tfw_inports);
 }
 
@@ -1491,7 +1489,6 @@ tfw_classify_conn_estab(struct sock *sk)
 {
 	if (test_bit(tfw_addr_get_sk_sport(sk), tfw_inports))
 		return frang_conn_new(sk);
-	else BUG_ON(tfw_addr_get_sk_sport(sk) == 0xbb01/*443*/); // TODO #1643 remove me
 
 	return TFW_PASS;
 }

fw/sock_clnt.c

@@ -682,13 +682,19 @@ tfw_sock_clnt_start(void)
 		list_del(&ls->list);
 		list_add(&ls->list, &tfw_listen_socks);
 
+		/*
+		 * Paired with tfw_classify_conn_estab(): firstly add the port
+		 * to the bitmap and then move it to the listen state to
+		 * guarantee that the HTTP limits initialization code was called.
+		 */
+		tfw_classifier_add_inport(tfw_addr_port(&ls->addr));
+
 		if ((r = tfw_listen_sock_start(ls))) {
 			T_ERR_ADDR("can't start listening on", &ls->addr,
 				   TFW_WITH_PORT);
 			goto done;
 		}
 
-		tfw_classifier_add_inport(tfw_addr_port(&ls->addr));
 		listen_socks_sz++;
 	}