[MINOR] acl: add the "wait_end" acl verb
The new "wait_end" acl delays evaluation of the rule (and the next ones)
to the end of the analysis period. This is intented to be used with TCP
content analysis. A rule referencing such an ACL will not match until
the delay is over. An equivalent default ACL "WAIT_END" has been created.
diff --git a/tests/test-inspect-smtp.cfg b/tests/test-inspect-smtp.cfg
index 1c0d46d..5cfc864 100644
--- a/tests/test-inspect-smtp.cfg
+++ b/tests/test-inspect-smtp.cfg
@@ -3,7 +3,7 @@
# - if the address is in the white list, then accept it and forward the
# connection to the server (local port 25)
# - if the address is in the black list, then immediately drop it
-# - otherwise, wait up to 3 seconds. If the client talks during this time,
+# - otherwise, wait up to 35 seconds. If the client talks during this time,
# drop the connection.
# - then accept the connection if it passes all the tests.
#
@@ -17,19 +17,28 @@
mode tcp
bind :8025
- timeout client 6s
- timeout server 6s
- timeout connect 6s
+ timeout client 60s
+ timeout server 60s
+ timeout queue 60s
+ timeout connect 5s
- tcp-request inspect-delay 4s
+ tcp-request inspect-delay 35s
acl white_list src 127.0.0.2
- acl black_list src 127.0.0.3
- acl talkative req_len gt 0
+ acl black_fast src 127.0.0.3 # those ones are immediately rejected
+ acl black_slow src 127.0.0.4 # those ones are rejected after a delay
tcp-request content accept if white_list
- tcp-request content reject if black_list
- tcp-request content reject if talkative
+ tcp-request content reject if black_fast
+ tcp-request content reject if black_slow WAIT_END
+ tcp-request content reject if REQ_CONTENT
+ # note that it is possible to wait for the end of the analysis period
+ # before rejecting undesired contents
+ # tcp-request content reject if REQ_CONTENT WAIT_END
+
+ # on Linux+transparent proxy patch, it's useful to reuse the client'IP
+ # source 0.0.0.0 usesrc clientip
balance roundrobin
server mail 127.0.0.1:25
+