Gitiles
Code Review Sign In
git01.mediatek.com / haproxy / d869b2411955aec7d0710d914f50ae62b25f58a3^! / .
commitd869b2411955aec7d0710d914f50ae62b25f58a3[log] [tgz]
authorWilly Tarreau <w@1wt.eu>Sun Mar 15 14:43:58 2009 +0100
committerWilly Tarreau <w@1wt.eu>Sun Mar 15 14:43:58 2009 +0100
tree831ba975173e4f82d21c6a624ee4e2350caca2db
parent3cd9af228f919acb314d47e1403a32160257cae5 [diff]
[MINOR] tcp-inspect: permit the use of no-delay inspection

Sometimes it may make sense to be able to immediately apply a verdict
without waiting at all. It was not possible because no inspect-delay
meant no inspection at all. This is now fixed.

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 3949764..324b424 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt

@@ -3627,7 +3627,10 @@
   rules for every new chunk which gets in, taking into account the fact that
   those data are partial. If no rule matches before the aforementionned delay,
   a last check is performed upon expiration, this time considering that the
-  contents are definitive.
+  contents are definitive. If no delay is set, haproxy will not wait at all
+  and will immediately apply a verdict based on the available information.
+  Obviously this is unlikely to be very useful and might even be racy, so such
+  setups are not recommended.
 
   As soon as a rule matches, the request is released and continues as usual. If
   the timeout is reached and no rule matches, the default policy will be to let

diff --git a/src/cfgparse.c b/src/cfgparse.c
index 08fad67..1158988 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c

@@ -3469,7 +3469,8 @@
 			if (curproxy->mode == PR_MODE_HTTP)
 				listener->analysers |= AN_REQ_HTTP_HDR;
 
-			if (curproxy->tcp_req.inspect_delay)
+			if (curproxy->tcp_req.inspect_delay ||
+			    !LIST_ISEMPTY(&curproxy->tcp_req.inspect_rules))
 				listener->analysers |= AN_REQ_INSPECT;
 
 			listener = listener->next;

diff --git a/src/proto_tcp.c b/src/proto_tcp.c
index 2fb6a85..ec9d23a 100644
--- a/src/proto_tcp.c
+++ b/src/proto_tcp.c

@@ -404,7 +404,7 @@
 	 * - if one rule returns KO, then return KO
 	 */
 
-	if (req->flags & BF_SHUTR || tick_is_expired(req->analyse_exp, now_ms))
+	if (req->flags & BF_SHUTR || !s->fe->tcp_req.inspect_delay || tick_is_expired(req->analyse_exp, now_ms))
 		partial = 0;
 	else
 		partial = ACL_PARTIAL;
@@ -417,7 +417,7 @@
 			if (ret == ACL_PAT_MISS) {
 				buffer_write_dis(req);
 				/* just set the request timeout once at the beginning of the request */
-				if (!tick_isset(req->analyse_exp))
+				if (!tick_isset(req->analyse_exp) && s->fe->tcp_req.inspect_delay)
 					req->analyse_exp = tick_add_ifset(now_ms, s->fe->tcp_req.inspect_delay);
 				return 0;
 			}