From dfc913347413f698901d7bd8d56b92c4ac9dd0a7 Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfaulet@haproxy.com>
Date: Thu, 25 Mar 2021 17:19:04 +0100
Subject: [PATCH] MINOR: action: Use a generic function to check validity of
 an action rule list

The check_action_rules() function is now used to check the validity of an
action rule list. It is used from check_config_validity() function to check
L5/6/7 rulesets.

(cherry picked from commit 42c6cf950111736327863de5e82036a1d51deb04)
[cf: This patch is in fact a fix because the "tcp-resonse content" ruleset
     was not fully configured. It was ignored during Post-parsing
     stage. This patch should fix a bug reported in #1263 by @ HiggTh. It
     must be backported in all stable versions.]
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
---
 include/haproxy/action.h |    5 ++++
 src/action.c             |   22 +++++++++++++++
 src/cfgparse.c           |   70 ++++++----------------------------------------
 3 files changed, 36 insertions(+), 61 deletions(-)

diff --git a/include/haproxy/action.h b/include/haproxy/action.h
index c7ce92d..216de45 100644
--- a/include/haproxy/action.h
+++ b/include/haproxy/action.h
@@ -74,6 +74,11 @@ static inline void action_build_list(struct list *keywords,
 		*p = '\0';
 }
 
+/* Check an action ruleset validity. It returns the number of error encountered
+ * andd err_code is updated if a warning is emitted.
+ */
+int check_action_rules(struct list *rules, struct proxy *px, int *err_code);
+
 /* Find and check the target table used by an action track-sc*. This
  * function should be called during the configuration validity check.
  *
diff --git a/src/action.c b/src/action.c
index ee68072..38195b3 100644
--- a/src/action.c
+++ b/src/action.c
@@ -22,6 +22,28 @@
 #include <haproxy/tools.h>
 
 
+/* Check an action ruleset validity. It returns the number of error encountered
+ * andd err_code is updated if a warning is emitted.
+ */
+int check_action_rules(struct list *rules, struct proxy *px, int *err_code)
+{
+	struct act_rule *rule;
+	char *errmsg = NULL;
+	int err = 0;
+
+	list_for_each_entry(rule, rules, list) {
+		if (rule->check_ptr && !rule->check_ptr(rule, px, &errmsg)) {
+			ha_alert("Proxy '%s': %s.\n", px->id, errmsg);
+			err++;
+		}
+
+		free(errmsg);
+		errmsg = NULL;
+	}
+
+	return err;
+}
+
 /* Find and check the target table used by an action track-sc*. This
  * function should be called during the configuration validity check.
  *
diff --git a/src/cfgparse.c b/src/cfgparse.c
index 8a05271..5ef7e89 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -34,7 +34,7 @@
 #include <unistd.h>
 
 #include <haproxy/acl.h>
-#include <haproxy/action-t.h>
+#include <haproxy/action.h>
 #include <haproxy/api.h>
 #include <haproxy/auth.h>
 #include <haproxy/backend.h>
@@ -2224,7 +2224,6 @@ int check_config_validity()
 		struct switching_rule *rule;
 		struct server_rule *srule;
 		struct sticking_rule *mrule;
-		struct act_rule *arule;
 		struct logsrv *tmplogsrv;
 		unsigned int next_id;
 		int nbproc;
@@ -2719,65 +2718,14 @@ int check_config_validity()
 			}
 		}
 
-		/* check validity for 'tcp-request' layer 4 rules */
-		list_for_each_entry(arule, &curproxy->tcp_req.l4_rules, list) {
-			err = NULL;
-			if (arule->check_ptr && !arule->check_ptr(arule, curproxy, &err)) {
-				ha_alert("Proxy '%s': %s.\n", curproxy->id, err);
-				free(err);
-				cfgerr++;
-			}
-		}
-
-		/* check validity for 'tcp-request' layer 5 rules */
-		list_for_each_entry(arule, &curproxy->tcp_req.l5_rules, list) {
-			err = NULL;
-			if (arule->check_ptr && !arule->check_ptr(arule, curproxy, &err)) {
-				ha_alert("Proxy '%s': %s.\n", curproxy->id, err);
-				free(err);
-				cfgerr++;
-			}
-		}
-
-		/* check validity for 'tcp-request' layer 6 rules */
-		list_for_each_entry(arule, &curproxy->tcp_req.inspect_rules, list) {
-			err = NULL;
-			if (arule->check_ptr && !arule->check_ptr(arule, curproxy, &err)) {
-				ha_alert("Proxy '%s': %s.\n", curproxy->id, err);
-				free(err);
-				cfgerr++;
-			}
-		}
-
-		/* check validity for 'http-request' layer 7 rules */
-		list_for_each_entry(arule, &curproxy->http_req_rules, list) {
-			err = NULL;
-			if (arule->check_ptr && !arule->check_ptr(arule, curproxy, &err)) {
-				ha_alert("Proxy '%s': %s.\n", curproxy->id, err);
-				free(err);
-				cfgerr++;
-			}
-		}
-
-		/* check validity for 'http-response' layer 7 rules */
-		list_for_each_entry(arule, &curproxy->http_res_rules, list) {
-			err = NULL;
-			if (arule->check_ptr && !arule->check_ptr(arule, curproxy, &err)) {
-				ha_alert("Proxy '%s': %s.\n", curproxy->id, err);
-				free(err);
-				cfgerr++;
-			}
-		}
-
-		/* check validity for 'http-after-response' layer 7 rules */
-		list_for_each_entry(arule, &curproxy->http_after_res_rules, list) {
-			err = NULL;
-			if (arule->check_ptr && !arule->check_ptr(arule, curproxy, &err)) {
-				ha_alert("Proxy '%s': %s.\n", curproxy->id, err);
-				free(err);
-				cfgerr++;
-			}
-		}
+		/* check validity for 'tcp-request' layer 4/5/6/7 rules */
+		cfgerr += check_action_rules(&curproxy->tcp_req.l4_rules, curproxy, &err_code);
+		cfgerr += check_action_rules(&curproxy->tcp_req.l5_rules, curproxy, &err_code);
+		cfgerr += check_action_rules(&curproxy->tcp_req.inspect_rules, curproxy, &err_code);
+		cfgerr += check_action_rules(&curproxy->tcp_rep.inspect_rules, curproxy, &err_code);
+		cfgerr += check_action_rules(&curproxy->http_req_rules, curproxy, &err_code);
+		cfgerr += check_action_rules(&curproxy->http_res_rules, curproxy, &err_code);
+		cfgerr += check_action_rules(&curproxy->http_after_res_rules, curproxy, &err_code);
 
 		if (curproxy->table && curproxy->table->peers.name) {
 			struct peers *curpeers;
-- 
1.7.10.4