MINOR: acl: add a warning when an ACL keyword is used without any value

It's quite common to write directives like the following :

  tcp-request reject if WAIT_END { sc0_inc_gpc0 }

This one will never reject, because sc0_inc_gpc0 is provided no value
to compare against. The proper form should have been something like this :

  tcp-request reject if WAIT_END { sc0_inc_gpc0 gt 0 }

or :

  tcp-request reject if WAIT_END { sc0_inc_gpc0 -m found }

Now we detect the absence of any argument on the command line and emit
a warning suggesting alternatives or the use of "--" to really avoid
matching anything (might be used when debugging).

diff --git a/src/acl.c b/src/acl.c
index 4d7216f1781a17b939d741a5fa5eb421cb977f27..0920a9ea68d95182f52caeb566110541a0d9562f 100644 (file)
--- a/src/acl.c
+++ b/src/acl.c
@@ -1146,6 +1146,17 @@ struct acl_expr *parse_acl_expr(const char **args, char **err, struct arg_list *
                }
        }
 
+       /* Additional check to protect against common mistakes */
+       if (expr->parse && expr->smp->out_type != SMP_T_BOOL && !*args[1]) {
+               Warning("parsing acl keyword '%s' :\n"
+                       "  no pattern to match against were provided, so this ACL will never match.\n"
+                       "  If this is what you intended, please add '--' to get rid of this warning.\n"
+                       "  If you intended to match only for existence, please use '-m found'.\n"
+                       "  If you wanted to force an int to match as a bool, please use '-m bool'.\n"
+                       "\n",
+                       args[0]);
+       }
+
        args++;
 
        /* check for options before patterns. Supported options are :