Commit
cc87a11 ("MEDIUM: tcp: add register keyword system.") broke the
TCP ruleset by merging custom rules and accept. It was fixed a first time
by commit
e91ffd0 ("BUG/MAJOR: tcp: only call registered actions when
they're registered") but the accept action still didn't work anymore
and was causing the matching rule to simply be ignored.
Since the code introduced a very fragile behaviour by not even mentionning
that accept and custom were silently merged, let's fix this once for all by
adding an explicit check for the accept action. Nevertheless, as previously
mentionned, the action should be changed so that custom is the only action
and the continue vs break indication directly comes from the callee.
No backport is needed, this bug only affects 1.6-dev.
if (ret) {
resume_execution:
/* we have a matching rule. */
- if (rule->action == TCP_ACT_REJECT) {
+ if (rule->action == TCP_ACT_ACCEPT) {
+ break;
+ }
+ else if (rule->action == TCP_ACT_REJECT) {
channel_abort(req);
channel_abort(&s->res);
req->analysers = 0;
if (ret) {
resume_execution:
/* we have a matching rule. */
- if (rule->action == TCP_ACT_REJECT) {
+ if (rule->action == TCP_ACT_ACCEPT) {
+ break;
+ }
+ else if (rule->action == TCP_ACT_REJECT) {
channel_abort(rep);
channel_abort(&s->req);
rep->analysers = 0;
if (ret) {
/* we have a matching rule. */
- if (rule->action == TCP_ACT_REJECT) {
+ if (rule->action == TCP_ACT_ACCEPT) {
+ break;
+ }
+ else if (rule->action == TCP_ACT_REJECT) {
sess->fe->fe_counters.denied_conn++;
if (sess->listener->counters)
sess->listener->counters->denied_conn++;
projects / thirdparty / haproxy.git / commitdiff
