From 637b026540de4a328da6a214dc29e00906317cdc Mon Sep 17 00:00:00 2001 From: Christopher Faulet Date: Tue, 6 Jul 2021 11:25:36 +0200 Subject: [PATCH] Revert "MINOR: tcp-act: Add set-src/set-src-port for "tcp-request content" rules" This reverts commit 19bbbe05629ea947dd60d5b96d96f0066b047b97. For now, set-src/set-src-port actions are directly performed on the client connection. Using these actions at the stream level is really a problem with HTTP connection (See #90) because all requests are affected by this change and not only the current request. And it is worse with the H2, because several requests can set their source address into the same connection at the same time. It is already an issue when these actions are called from "http-request" rules. It is safer to wait a bit before adding the support to "tcp-request content" rules. The solution is to be able to set src/dst address on the stream and not on the connection when the action if performed from the L7 level.. Reverting the above commit means the issue #1303 is no longer fixed. This patch must be backported in all branches containing the above commit (as far as 2.0 for now). (cherry picked from commit 23048875a4eacf5d7d4450d677cb077e67778b95) Signed-off-by: Christopher Faulet (cherry picked from commit 390f49477159de53d0506cd52bd6ed323febde0a) Signed-off-by: Christopher Faulet --- doc/configuration.txt | 5 ----- src/tcp_act.c | 2 -- 2 files changed, 7 deletions(-) diff --git a/doc/configuration.txt b/doc/configuration.txt index 5ae6f4c..e49216f 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -11599,8 +11599,6 @@ tcp-request content [{if | unless} ] - sc-set-gpt0() { | } - set-dst - set-dst-port - - set-src - - set-src-port - set-var() - unset-var() - silent-drop @@ -11650,9 +11648,6 @@ tcp-request content [{if | unless} ] The "set-dst" and "set-dst-port" are used to set respectively the destination IP and port. More information on how to use it at "http-request set-dst". - The "set-src" and "set-src-port" are used to set respectively the source IP - and port. More information on how to use it at "http-request set-src". - The "set-var" is used to set the content of a variable. The variable is declared inline. For "tcp-request session" rules, only session-level variables can be used, without any layer7 contents. diff --git a/src/tcp_act.c b/src/tcp_act.c index 824e27d..6a9ebf7 100644 --- a/src/tcp_act.c +++ b/src/tcp_act.c @@ -323,8 +323,6 @@ static struct action_kw_list tcp_req_sess_actions = {ILH, { INITCALL1(STG_REGISTER, tcp_req_sess_keywords_register, &tcp_req_sess_actions); static struct action_kw_list tcp_req_cont_actions = {ILH, { - { "set-src", tcp_parse_set_src_dst }, - { "set-src-port", tcp_parse_set_src_dst }, { "set-dst" , tcp_parse_set_src_dst }, { "set-dst-port", tcp_parse_set_src_dst }, { "silent-drop", tcp_parse_silent_drop }, -- 1.7.10.4