BUG/MINOR: session: Eval L4/L5 rules defined in the default section

It is possible to define TCP/HTTP rules in a named default section to
inherit from it in a proxy. However, there is an issue with L4/L5 rules.
Only the lists of the current frontend are checked to know if an eval must
be performed. Nothing is done for an empty list. Of course, the lists of the
default proxy must also be checked to be sure to not ignored default L4/L5
rules. It is now fixed.

This patch should fix the issue #2637. It must be backported as far as 2.6.

diff --git a/src/session.c b/src/session.c
index 016e47120f2be9426092b37e025f25c1d3b7480d..710118024313abba9dff1a28c48f0a338f518b2c 100644 (file)
--- a/src/session.c
+++ b/src/session.c
@@ -201,7 +201,8 @@ int session_accept_fd(struct connection *cli_conn)
        /* now evaluate the tcp-request layer4 rules. We only need a session
         * and no stream for these rules.
         */
-       if (!LIST_ISEMPTY(&p->tcp_req.l4_rules) && !tcp_exec_l4_rules(sess)) {
+       if (((sess->fe->defpx && !LIST_ISEMPTY(&sess->fe->defpx->tcp_req.l4_rules)) ||
+            !LIST_ISEMPTY(&p->tcp_req.l4_rules)) && !tcp_exec_l4_rules(sess)) {
                /* let's do a no-linger now to close with a single RST. */
                if (!(cli_conn->flags & CO_FL_FDLESS))
                        setsockopt(cfd, SOL_SOCKET, SO_LINGER, (struct linger *) &nolinger, sizeof(struct linger));
@@ -493,7 +494,8 @@ int conn_complete_session(struct connection *conn)
                conn->flags |= CO_FL_XPRT_TRACKED;
 
        /* we may have some tcp-request-session rules */
-       if (!LIST_ISEMPTY(&sess->fe->tcp_req.l5_rules) && !tcp_exec_l5_rules(sess))
+       if (((sess->fe->defpx && !LIST_ISEMPTY(&sess->fe->defpx->tcp_req.l5_rules)) ||
+            !LIST_ISEMPTY(&sess->fe->tcp_req.l5_rules)) && !tcp_exec_l5_rules(sess))
                goto fail;
 
        session_count_new(sess);