From: Willy Tarreau <w@1wt.eu>
Date: Sun, 12 Jul 2009 08:10:05 +0000 (+0200)
Subject: [MINOR] allow TCP inspection rules to make use of HTTP ACLs
X-Git-Tag: v1.4-dev1~24
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=51d5dad90a7de3f57d61184264d4824ecf8bbe3f;p=thirdparty%2Fhaproxy.git

[MINOR] allow TCP inspection rules to make use of HTTP ACLs

Since we can call the HTTP parser from TCP inspection rules, it makes
sense to be able to use the HTTP ACLs with it. That way, we can decide
from a TCP frontend to take a switching decision based on full layer7
decoding. This might be useful to perform layer7 content switching from
a layer4 frontend in fact. For instance, we might want to be able to
detect http/https on a frontend, but still switch to backend X or Y
depending on the Host header. Note that it is mandatory to wait for
an HTTP request otherwise the ACLs will randomly match.
---

diff --git a/src/proto_tcp.c b/src/proto_tcp.c
index 846040ac32..4488a49bae 100644
--- a/src/proto_tcp.c
+++ b/src/proto_tcp.c
@@ -406,7 +406,7 @@ int tcp_inspect_request(struct session *s, struct buffer *req, int an_bit)
 		int ret = ACL_PAT_PASS;
 
 		if (rule->cond) {
-			ret = acl_exec_cond(rule->cond, s->fe, s, NULL, ACL_DIR_REQ | partial);
+			ret = acl_exec_cond(rule->cond, s->fe, s, &s->txn, ACL_DIR_REQ | partial);
 			if (ret == ACL_PAT_MISS) {
 				buffer_write_dis(req);
 				/* just set the request timeout once at the beginning of the request */