From: Christopher Faulet Date: Fri, 13 Jan 2023 14:21:53 +0000 (+0100) Subject: BUG/MINOR: bwlim: Check scope for period expr for set-bandwitdh-limit actions X-Git-Tag: v2.8-dev2~14 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ab34ebe5f52ef6830d31f252792692ea156e0e53;p=thirdparty%2Fhaproxy.git BUG/MINOR: bwlim: Check scope for period expr for set-bandwitdh-limit actions If a period expression is defined for a set-bandwitdh-limit action, its scope must be tested. This patch must be backported to 2.7. --- diff --git a/src/flt_bwlim.c b/src/flt_bwlim.c index 203f91d370..d59da23cc9 100644 --- a/src/flt_bwlim.c +++ b/src/flt_bwlim.c @@ -434,6 +434,11 @@ int check_bwlim_action(struct act_rule *rule, struct proxy *px, char **err) return 0; } + if ((conf->flags & BWLIM_FL_SHARED) && rule->arg.act.p[2]) { + memprintf(err, "set-bandwidth-limit rule cannot define a period for a shared bwlim filter"); + return 0; + } + where = 0; if (px->cap & PR_CAP_FE) where |= (rule->from == ACT_F_HTTP_REQ ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_FE_HRS_HDR); @@ -460,6 +465,26 @@ int check_bwlim_action(struct act_rule *rule, struct proxy *px, char **err) } } + if (rule->arg.act.p[2]) { + struct sample_expr *expr = rule->arg.act.p[2]; + + if (!(expr->fetch->val & where)) { + memprintf(err, "set-bandwidth-limit rule uses a period extracting information from '%s', none of which is available here", + sample_src_names(expr->fetch->use)); + return 0; + } + + if (rule->from == ACT_F_TCP_REQ_CNT && (px->cap & PR_CAP_FE)) { + if (!px->tcp_req.inspect_delay && !(expr->fetch->val & SMP_VAL_FE_SES_ACC)) { + ha_warning("%s '%s' : a 'tcp-request content set-bandwidth-limit*' rule explicitly depending on request" + " contents without any 'tcp-request inspect-delay' setting." + " This means that this rule will randomly find its contents. This can be fixed by" + " setting the tcp-request inspect-delay.\n", + proxy_type_str(px), px->id); + } + } + } + if (conf->expr) { if (!(conf->expr->fetch->val & where)) { memprintf(err, "bwlim filter '%s uses a key extracting information from '%s', none of which is available here",