commit 55ae1ab9e46bb8c10931cadfe685319e4fa9170c
author Willy Tarreau <w@1wt.eu> Mon Jun 15 18:08:07 2020 +0200
committer Willy Tarreau <w@1wt.eu> Mon Jun 15 18:16:20 2020 +0200
tree 2918f7634d9376c7cacb89c67144f19fe99d19bd
parent 9dc92b2650a83a17db9779eadf63cb011be4f8ff

BUG/MINOR: tcp-rules: tcp-response must check the buffer's fullness

It's unclear why the buffer length wasn't considered when tcp-response
rules were added in 1.5-dev3 with commit 97679e790 ("[MEDIUM] Implement
tcp inspect response rules"). But it's impossible to write working
tcp-response content rules as they're always waiting for the expiration
and do not consider the fact that the buffer is full. It's likely that
tcp-response content rules were only used with HTTP traffic.

This may be backported to stable versions, though it's not very
important considering that that nobody reported this in 10 years.

src/tcp_rules.c

diff --git a/src/tcp_rules.c b/src/tcp_rules.c
index 703bd4f..e09cc3c 100644
--- a/src/tcp_rules.c
+++ b/src/tcp_rules.c
@@ -260,8 +260,8 @@
 	 * - if one rule returns OK, then return OK
 	 * - if one rule returns KO, then return KO
 	 */
-
-	if (rep->flags & CF_SHUTR || tick_is_expired(rep->analyse_exp, now_ms))
+	if ((rep->flags & CF_SHUTR) || channel_full(rep, global.tune.maxrewrite) ||
+	    !s->be->tcp_rep.inspect_delay || tick_is_expired(rep->analyse_exp, now_ms))
 		partial = SMP_OPT_FINAL;
 	else
 		partial = 0;