From: Willy Tarreau Date: Mon, 15 Jun 2020 16:08:07 +0000 (+0200) Subject: BUG/MINOR: tcp-rules: tcp-response must check the buffer's fullness X-Git-Tag: v2.2-dev10~46 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=55ae1ab9e46bb8c10931cadfe685319e4fa9170c;p=thirdparty%2Fhaproxy.git BUG/MINOR: tcp-rules: tcp-response must check the buffer's fullness It's unclear why the buffer length wasn't considered when tcp-response rules were added in 1.5-dev3 with commit 97679e790 ("[MEDIUM] Implement tcp inspect response rules"). But it's impossible to write working tcp-response content rules as they're always waiting for the expiration and do not consider the fact that the buffer is full. It's likely that tcp-response content rules were only used with HTTP traffic. This may be backported to stable versions, though it's not very important considering that that nobody reported this in 10 years. --- diff --git a/src/tcp_rules.c b/src/tcp_rules.c index 703bd4fbbc..e09cc3c10a 100644 --- a/src/tcp_rules.c +++ b/src/tcp_rules.c @@ -260,8 +260,8 @@ int tcp_inspect_response(struct stream *s, struct channel *rep, int an_bit) * - if one rule returns OK, then return OK * - if one rule returns KO, then return KO */ - - if (rep->flags & CF_SHUTR || tick_is_expired(rep->analyse_exp, now_ms)) + if ((rep->flags & CF_SHUTR) || channel_full(rep, global.tune.maxrewrite) || + !s->be->tcp_rep.inspect_delay || tick_is_expired(rep->analyse_exp, now_ms)) partial = SMP_OPT_FINAL; else partial = 0;