From: Willy Tarreau Date: Sun, 15 Mar 2009 13:43:58 +0000 (+0100) Subject: [MINOR] tcp-inspect: permit the use of no-delay inspection X-Git-Tag: v1.3.16~22 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d869b2411955aec7d0710d914f50ae62b25f58a3;p=thirdparty%2Fhaproxy.git [MINOR] tcp-inspect: permit the use of no-delay inspection Sometimes it may make sense to be able to immediately apply a verdict without waiting at all. It was not possible because no inspect-delay meant no inspection at all. This is now fixed. --- diff --git a/doc/configuration.txt b/doc/configuration.txt index 3949764cb5..324b424fb7 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -3627,7 +3627,10 @@ tcp-request inspect-delay rules for every new chunk which gets in, taking into account the fact that those data are partial. If no rule matches before the aforementionned delay, a last check is performed upon expiration, this time considering that the - contents are definitive. + contents are definitive. If no delay is set, haproxy will not wait at all + and will immediately apply a verdict based on the available information. + Obviously this is unlikely to be very useful and might even be racy, so such + setups are not recommended. As soon as a rule matches, the request is released and continues as usual. If the timeout is reached and no rule matches, the default policy will be to let diff --git a/src/cfgparse.c b/src/cfgparse.c index 08fad67793..1158988ffe 100644 --- a/src/cfgparse.c +++ b/src/cfgparse.c @@ -3469,7 +3469,8 @@ int readcfgfile(const char *file) if (curproxy->mode == PR_MODE_HTTP) listener->analysers |= AN_REQ_HTTP_HDR; - if (curproxy->tcp_req.inspect_delay) + if (curproxy->tcp_req.inspect_delay || + !LIST_ISEMPTY(&curproxy->tcp_req.inspect_rules)) listener->analysers |= AN_REQ_INSPECT; listener = listener->next; diff --git a/src/proto_tcp.c b/src/proto_tcp.c index 2fb6a85c70..ec9d23a0c9 100644 --- a/src/proto_tcp.c +++ b/src/proto_tcp.c @@ -404,7 +404,7 @@ int tcp_inspect_request(struct session *s, struct buffer *req) * - if one rule returns KO, then return KO */ - if (req->flags & BF_SHUTR || tick_is_expired(req->analyse_exp, now_ms)) + if (req->flags & BF_SHUTR || !s->fe->tcp_req.inspect_delay || tick_is_expired(req->analyse_exp, now_ms)) partial = 0; else partial = ACL_PARTIAL; @@ -417,7 +417,7 @@ int tcp_inspect_request(struct session *s, struct buffer *req) if (ret == ACL_PAT_MISS) { buffer_write_dis(req); /* just set the request timeout once at the beginning of the request */ - if (!tick_isset(req->analyse_exp)) + if (!tick_isset(req->analyse_exp) && s->fe->tcp_req.inspect_delay) req->analyse_exp = tick_add_ifset(now_ms, s->fe->tcp_req.inspect_delay); return 0; }