commit 47a5600e6003326bc26f4b0e719d61903ffe5b3c
author Willy Tarreau <w@1wt.eu> Mon Jun 15 18:08:07 2020 +0200
committer Christopher Faulet <cfaulet@haproxy.com> Tue Jul 07 15:47:20 2020 +0200
tree 2f1ad0e0900cbef07905ce5f99d945cdb2faa675
parent 9f3bda030c7f6ae8df31136823cdeb558373aee9

BUG/MINOR: tcp-rules: tcp-response must check the buffer's fullness

It's unclear why the buffer length wasn't considered when tcp-response
rules were added in 1.5-dev3 with commit 97679e790 ("[MEDIUM] Implement
tcp inspect response rules"). But it's impossible to write working
tcp-response content rules as they're always waiting for the expiration
and do not consider the fact that the buffer is full. It's likely that
tcp-response content rules were only used with HTTP traffic.

This may be backported to stable versions, though it's not very
important considering that that nobody reported this in 10 years.

(cherry picked from commit 55ae1ab9e46bb8c10931cadfe685319e4fa9170c)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit 192060902bea4e43b86aaf4d69f4a6d3aadb39dd)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>

src/tcp_rules.c

diff --git a/src/tcp_rules.c b/src/tcp_rules.c
index 7fbc389..e7cf228 100644
--- a/src/tcp_rules.c
+++ b/src/tcp_rules.c
@@ -300,8 +300,8 @@
 	 * - if one rule returns OK, then return OK
 	 * - if one rule returns KO, then return KO
 	 */
-
-	if (rep->flags & CF_SHUTR || tick_is_expired(rep->analyse_exp, now_ms))
+	if ((rep->flags & CF_SHUTR) || channel_full(rep, global.tune.maxrewrite) ||
+	    !s->be->tcp_rep.inspect_delay || tick_is_expired(rep->analyse_exp, now_ms))
 		partial = SMP_OPT_FINAL;
 	else
 		partial = 0;