From: Christopher Faulet <cfaulet@haproxy.com>
Date: Fri, 6 Mar 2020 14:15:49 +0000 (+0100)
Subject: BUG/MINOR: rules: Return ACT_RET_ABRT when a silent-drop action is executed
X-Git-Tag: v2.2-dev4~22
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=f573ba2033c9da0f2733f9dd7808b2237ec280b9;p=thirdparty%2Fhaproxy.git

BUG/MINOR: rules: Return ACT_RET_ABRT when a silent-drop action is executed

When an action interrupts a transaction, returning a response or not, it must
return the ACT_RET_ABRT value and not ACT_RET_STOP. ACT_RET_STOP is reserved to
stop the processing of the current ruleset.

No backport needed because on previous versions, the action return values are
not handled the same way.
---

diff --git a/src/proto_tcp.c b/src/proto_tcp.c
index cc07792feb..74790e8c39 100644
--- a/src/proto_tcp.c
+++ b/src/proto_tcp.c
@@ -1276,7 +1276,7 @@ static enum act_return tcp_exec_action_silent_drop(struct act_rule *rule, struct
 	if (sess->listener->counters)
 		_HA_ATOMIC_ADD(&sess->listener->counters->denied_req, 1);
 
-	return ACT_RET_STOP;
+	return ACT_RET_ABRT;
 }
 
 /* parse "set-{src,dst}[-port]" action */