BUG/MINOR: session: Eval L4/L5 rules defined in the default section
It is possible to define TCP/HTTP rules in a named default section to
inherit from it in a proxy. However, there is an issue with L4/L5 rules.
Only the lists of the current frontend are checked to know if an eval must
be performed. Nothing is done for an empty list. Of course, the lists of the
default proxy must also be checked to be sure to not ignored default L4/L5
rules. It is now fixed.
This patch should fix the issue #2637. It must be backported as far as 2.6.
(cherry picked from commit 076444550583acc11ef7fce7e7e740f039125696)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit 9a55572ff879815b68ed7b7f5da9065688fe6158)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit de949e8a48e9ffa221d73497a6e8fd6094c74551)
Signed-off-by: Willy Tarreau <w@1wt.eu>
diff --git a/src/session.c b/src/session.c
index d46c0f5..e4a3ad5 100644
--- a/src/session.c
+++ b/src/session.c
@@ -193,7 +193,8 @@
/* now evaluate the tcp-request layer4 rules. We only need a session
* and no stream for these rules.
*/
- if (!LIST_ISEMPTY(&p->tcp_req.l4_rules) && !tcp_exec_l4_rules(sess)) {
+ if (((sess->fe->defpx && !LIST_ISEMPTY(&sess->fe->defpx->tcp_req.l4_rules)) ||
+ !LIST_ISEMPTY(&p->tcp_req.l4_rules)) && !tcp_exec_l4_rules(sess)) {
/* let's do a no-linger now to close with a single RST. */
if (!(cli_conn->flags & CO_FL_FDLESS))
setsockopt(cfd, SOL_SOCKET, SO_LINGER, (struct linger *) &nolinger, sizeof(struct linger));
@@ -480,7 +481,8 @@
conn->flags |= CO_FL_XPRT_TRACKED;
/* we may have some tcp-request-session rules */
- if (!LIST_ISEMPTY(&sess->fe->tcp_req.l5_rules) && !tcp_exec_l5_rules(sess))
+ if (((sess->fe->defpx && !LIST_ISEMPTY(&sess->fe->defpx->tcp_req.l5_rules)) ||
+ !LIST_ISEMPTY(&sess->fe->tcp_req.l5_rules)) && !tcp_exec_l5_rules(sess))
goto fail;
session_count_new(sess);