MINOR: log/backend: prevent tcp-{request,response} use with LOG mode

We start implementing some postparsing compatibility checks for log
backends.

Here we report a warning if user tries to use tcp-{request,response} rules
with log backend, and we properly ignore such rules when inherited from
defaults section.

diff --git a/src/log.c b/src/log.c
index 88d399926344342552d6c0e2c8b12b305f731395..bd95c0b8e5ccfd9292e585429187fe4e8b191736 100644 (file)
--- a/src/log.c
+++ b/src/log.c
@@ -41,6 +41,7 @@
 #include <haproxy/ssl_sock.h>
 #include <haproxy/stconn.h>
 #include <haproxy/stream.h>
+#include <haproxy/action.h>
 #include <haproxy/time.h>
 #include <haproxy/hash.h>
 #include <haproxy/tools.h>
@@ -874,6 +875,32 @@ static void log_backend_srv_down(struct server *srv)
        HA_RWLOCK_WRUNLOCK(LBPRM_LOCK, &p->lbprm.lock);
 }
 
+/* check that current configuration is compatible with "mode log" */
+static int _postcheck_log_backend_compat(struct proxy *be)
+{
+       int err_code = ERR_NONE;
+
+       if (!LIST_ISEMPTY(&be->tcp_req.inspect_rules) ||
+           !LIST_ISEMPTY(&be->tcp_req.l4_rules) ||
+           !LIST_ISEMPTY(&be->tcp_req.l5_rules)) {
+               ha_warning("Cannot use tcp-request rules with 'mode log' in %s '%s'. They will be ignored.\n",
+                          proxy_type_str(be), be->id);
+
+               err_code |= ERR_WARN;
+               free_act_rules(&be->tcp_req.inspect_rules);
+               free_act_rules(&be->tcp_req.l4_rules);
+               free_act_rules(&be->tcp_req.l5_rules);
+       }
+       if (!LIST_ISEMPTY(&be->tcp_rep.inspect_rules)) {
+               ha_warning("Cannot use tcp-response rules with 'mode log' in %s '%s'. They will be ignored.\n",
+                          proxy_type_str(be), be->id);
+
+               err_code |= ERR_WARN;
+               free_act_rules(&be->tcp_rep.inspect_rules);
+       }
+       return err_code;
+}
+
 static int postcheck_log_backend(struct proxy *be)
 {
        char *msg = NULL;
@@ -885,6 +912,10 @@ static int postcheck_log_backend(struct proxy *be)
            (be->flags & (PR_FL_DISABLED|PR_FL_STOPPED)))
                return ERR_NONE; /* nothing to do */
 
+       err_code |= _postcheck_log_backend_compat(be);
+       if (err_code & ERR_CODE)
+               return err_code;
+
        /* First time encoutering this log backend, perform some init
         */
        be->lbprm.set_server_status_up = log_backend_srv_up;

diff --git a/src/tcp_rules.c b/src/tcp_rules.c
index c7bdddccaad6250a4cda809b1b3a46d64cc3a770..9ce6c903744d7a941436f7d99b07ff3c6c723d31 100644 (file)
--- a/src/tcp_rules.c
+++ b/src/tcp_rules.c
@@ -103,7 +103,9 @@ int tcp_inspect_request(struct stream *s, struct channel *req, int an_bit)
 
        DBG_TRACE_ENTER(STRM_EV_STRM_ANA|STRM_EV_TCP_ANA, s);
 
-       def_rules = ((s->be->defpx && (an_bit == AN_REQ_INSPECT_FE || s->be->defpx != sess->fe->defpx)) ? &s->be->defpx->tcp_req.inspect_rules : NULL);
+       def_rules = ((s->be->defpx &&
+                     (sess->fe->mode == PR_MODE_TCP || sess->fe->mode == PR_MODE_HTTP) &&
+                     (an_bit == AN_REQ_INSPECT_FE || s->be->defpx != sess->fe->defpx)) ? &s->be->defpx->tcp_req.inspect_rules : NULL);
        rules = &s->be->tcp_req.inspect_rules;
 
        /* We don't know whether we have enough data, so must proceed
@@ -286,7 +288,7 @@ int tcp_inspect_response(struct stream *s, struct channel *rep, int an_bit)
 
        DBG_TRACE_ENTER(STRM_EV_STRM_ANA|STRM_EV_TCP_ANA, s);
 
-       def_rules = (s->be->defpx ? &s->be->defpx->tcp_rep.inspect_rules : NULL);
+       def_rules = (s->be->defpx && (s->be->mode == PR_MODE_TCP || s->be->mode == PR_MODE_HTTP) ? &s->be->defpx->tcp_rep.inspect_rules : NULL);
        rules = &s->be->tcp_rep.inspect_rules;
 
        /* We don't know whether we have enough data, so must proceed
@@ -484,7 +486,7 @@ int tcp_exec_l4_rules(struct session *sess)
        if (!conn)
                return result;
 
-       if  (sess->fe->defpx)
+       if  (sess->fe->defpx && (sess->fe->mode == PR_MODE_TCP || sess->fe->mode == PR_MODE_HTTP))
                px = sess->fe->defpx;
 
   restart:
@@ -579,7 +581,7 @@ int tcp_exec_l5_rules(struct session *sess)
        int result = 1;
        enum acl_test_res ret;
 
-       if  (sess->fe->defpx)
+       if  (sess->fe->defpx && (sess->fe->mode == PR_MODE_TCP || sess->fe->mode == PR_MODE_HTTP))
                px = sess->fe->defpx;
 
   restart: