Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / a5c0ab200b80a478c5f9274f1e2d9f5d493842fc^! / . / src / frontend.c
commita5c0ab200b80a478c5f9274f1e2d9f5d493842fc[log] [tgz]
authorWilly Tarreau <w@1wt.eu>Mon May 31 10:30:33 2010 +0200
committerWilly Tarreau <w@1wt.eu>Mon Jun 14 10:53:13 2010 +0200
tree02d75b9ec52cbb88674b3871c543c8e5791c7200
parent2281b7fd12ccf98caac305dab04591eee488a518 [diff] [blame]
[MEDIUM] frontend: check for LI_O_TCP_RULES in the listener

The new LI_O_TCP_RULES listener option indicates that some TCP rules
must be checked upon accept on this listener. It is now checked by
the frontend and the L4 rules are evaluated only in this case. The
flag is only set when at least one tcp-req rule is present in the
frontend.

The L4 rules check function has now been moved to proto_tcp.c where
it ought to be.

diff --git a/src/frontend.c b/src/frontend.c
index 08569ff..5af5582 100644
--- a/src/frontend.c
+++ b/src/frontend.c

@@ -63,7 +63,6 @@
 	struct session *s;
 	struct http_txn *txn;
 	struct task *t;
-	struct tcp_rule *rule;
 
 	if (unlikely((s = pool_alloc2(pool2_session)) == NULL)) {
 		Alert("out of memory in event_accept().\n");
@@ -134,40 +133,13 @@
 	proxy_inc_fe_ctr(l, p);	/* note: cum_beconn will be increased once assigned */
 
 	/* now evaluate the tcp-request rules */
-	list_for_each_entry(rule, &p->tcp_req.l4_rules, list) {
-		int ret = ACL_PAT_PASS;
-
-		if (rule->cond) {
-			ret = acl_exec_cond(rule->cond, p, s, &s->txn, ACL_DIR_REQ);
-			ret = acl_pass(ret);
-			if (rule->cond->pol == ACL_COND_UNLESS)
-				ret = !ret;
-		}
-
-		if (ret) {
-			/* we have a matching rule. */
-			if (rule->action == TCP_ACT_REJECT) {
-				p->counters.denied_req++;
-				if (l->counters)
-					l->counters->denied_req++;
-
-				if (!(s->flags & SN_ERR_MASK))
-					s->flags |= SN_ERR_PRXCOND;
-				if (!(s->flags & SN_FINST_MASK))
-					s->flags |= SN_FINST_R;
-
-				task_free(t);
-				LIST_DEL(&s->list);
-				pool_free2(pool2_session, s);
-
-				/* let's do a no-linger now to close with a single RST. */
-				setsockopt(cfd, SOL_SOCKET, SO_LINGER, (struct linger *) &nolinger, sizeof(struct linger));
-				return 0;
-			}
-
-			/* otherwise it's an accept */
-			break;
-		}
+	if ((l->options & LI_O_TCP_RULES) && !tcp_exec_req_rules(s)) {
+		task_free(t);
+		LIST_DEL(&s->list);
+		pool_free2(pool2_session, s);
+		/* let's do a no-linger now to close with a single RST. */
+		setsockopt(cfd, SOL_SOCKET, SO_LINGER, (struct linger *) &nolinger, sizeof(struct linger));
+		return 0;
 	}
 
 	/* pre-initialize the other side's stream interface */