]> git.ipfire.org Git - thirdparty/haproxy.git/commitdiff
projects / thirdparty / haproxy.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 177f480)
BUG/MINOR: rules: Return ACT_RET_ABRT when a silent-drop action is executed
authorChristopher Faulet <cfaulet@haproxy.com>
Fri, 6 Mar 2020 14:15:49 +0000 (15:15 +0100)
committerChristopher Faulet <cfaulet@haproxy.com>
Fri, 6 Mar 2020 14:36:04 +0000 (15:36 +0100)
When an action interrupts a transaction, returning a response or not, it must
return the ACT_RET_ABRT value and not ACT_RET_STOP. ACT_RET_STOP is reserved to
stop the processing of the current ruleset.

No backport needed because on previous versions, the action return values are
not handled the same way.

src/proto_tcp.c patch | blob | blame | history

diff --git a/src/proto_tcp.c b/src/proto_tcp.c
index cc07792febcc5f29a4ecbe0bdd6b63d4b9ee0c24..74790e8c3963d33bf8430b02592f4e86494e25c3 100644 (file)
--- a/src/proto_tcp.c
+++ b/src/proto_tcp.c
@@ -1276,7 +1276,7 @@ static enum act_return tcp_exec_action_silent_drop(struct act_rule *rule, struct
        if (sess->listener->counters)
                _HA_ATOMIC_ADD(&sess->listener->counters->denied_req, 1);
 
-       return ACT_RET_STOP;
+       return ACT_RET_ABRT;
 }
 
 /* parse "set-{src,dst}[-port]" action */
Mirror of https://github.com/haproxy/haproxy.git