From 192060902bea4e43b86aaf4d69f4a6d3aadb39dd Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Mon, 15 Jun 2020 18:08:07 +0200 Subject: [PATCH] BUG/MINOR: tcp-rules: tcp-response must check the buffer's fullness It's unclear why the buffer length wasn't considered when tcp-response rules were added in 1.5-dev3 with commit 97679e790 ("[MEDIUM] Implement tcp inspect response rules"). But it's impossible to write working tcp-response content rules as they're always waiting for the expiration and do not consider the fact that the buffer is full. It's likely that tcp-response content rules were only used with HTTP traffic. This may be backported to stable versions, though it's not very important considering that that nobody reported this in 10 years. (cherry picked from commit 55ae1ab9e46bb8c10931cadfe685319e4fa9170c) Signed-off-by: Christopher Faulet --- src/tcp_rules.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/tcp_rules.c b/src/tcp_rules.c index 27cc0c2..6dfd652 100644 --- a/src/tcp_rules.c +++ b/src/tcp_rules.c @@ -291,8 +291,8 @@ int tcp_inspect_response(struct stream *s, struct channel *rep, int an_bit) * - if one rule returns OK, then return OK * - if one rule returns KO, then return KO */ - - if (rep->flags & CF_SHUTR || tick_is_expired(rep->analyse_exp, now_ms)) + if ((rep->flags & CF_SHUTR) || channel_full(rep, global.tune.maxrewrite) || + !s->be->tcp_rep.inspect_delay || tick_is_expired(rep->analyse_exp, now_ms)) partial = SMP_OPT_FINAL; else partial = 0; -- 1.7.10.4