[MINOR] frontend: only check for monitor-net rules if LI_O_CHK_MONNET is set
We can disable the monitor-net rules on a listener if this flag is not
set in the listener's options. This will be useful when we don't want
to check that fe->addr is set or not for non-TCP frontends.
diff --git a/include/types/protocols.h b/include/types/protocols.h
index 8f8faef..922a642 100644
--- a/include/types/protocols.h
+++ b/include/types/protocols.h
@@ -73,6 +73,7 @@
#define LI_O_NOQUICKACK 0x0004 /* disable quick ack of immediate data (linux) */
#define LI_O_DEF_ACCEPT 0x0008 /* wait up to 1 second for data before accepting */
#define LI_O_TCP_RULES 0x0010 /* run TCP rules checks on the incoming connection */
+#define LI_O_CHK_MONNET 0x0020 /* check the source against a monitor-net rule */
/* The listener will be directly referenced by the fdtab[] which holds its
* socket. The listener provides the protocol-specific accept() function to
diff --git a/src/cfgparse.c b/src/cfgparse.c
index 4131378..af27d98 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -5359,6 +5359,9 @@
if (!LIST_ISEMPTY(&curproxy->tcp_req.l4_rules))
listener->options |= LI_O_TCP_RULES;
+ if (curproxy->mon_mask.s_addr)
+ listener->options |= LI_O_CHK_MONNET;
+
/* smart accept mode is automatic in HTTP mode */
if ((curproxy->options2 & PR_O2_SMARTACC) ||
(curproxy->mode == PR_MODE_HTTP &&
diff --git a/src/frontend.c b/src/frontend.c
index 5af5582..04c3d9b 100644
--- a/src/frontend.c
+++ b/src/frontend.c
@@ -79,7 +79,7 @@
/* if this session comes from a known monitoring system, we want to ignore
* it as soon as possible, which means closing it immediately for TCP.
*/
- if (unlikely(p->mon_mask.s_addr &&
+ if (unlikely((l->options & LI_O_CHK_MONNET) &&
addr->ss_family == AF_INET &&
(((struct sockaddr_in *)addr)->sin_addr.s_addr & p->mon_mask.s_addr) == p->mon_net.s_addr)) {
if (p->mode == PR_MODE_TCP) {