BUG/MINOR: tcp-rules: Don't forward close during tcp-response content rules eval

When the tcp-response content ruleset evaluation is delayed because of an
ACL condition, the close forwarding on the client side is not explicitly
blocked. So it is possible to close the client side before the end of the
response evaluation.

To fix the issue, this is now done in all cases where some data are
missing. Concretely, channel_dont_close() is called in "missing_data" goto
label.

Note it is only a theorical bug (or pending bug). It is not possible to
trigger it for now because an ACL cannot wait for more data when a close was
received. But the code remains a bit weak. It is safer this way. It is
especially mandatory for the "force yield" option that should be added soon.

This patch could be backported to all stable versions.

src/tcp_rules.c

@@ -383,7 +383,6 @@ int tcp_inspect_response(struct stream *s, struct channel *rep, int an_bit)
 					}
 					s->waiting_entity.type = STRM_ENTITY_RULE;
 					s->waiting_entity.ptr  = rule;
-					channel_dont_close(rep);
 					goto missing_data;
 				case ACT_RET_DENY:
 					s->last_entity.type = STRM_ENTITY_RULE;
@@ -445,6 +444,7 @@ int tcp_inspect_response(struct stream *s, struct channel *rep, int an_bit)
 
  missing_data:
 	/* just set the analyser timeout once at the beginning of the response */
+	channel_dont_close(rep);
 	if (!tick_isset(s->rules_exp) && s->be->tcp_rep.inspect_delay)
 		s->rules_exp = tick_add(now_ms, s->be->tcp_rep.inspect_delay);
 	rep->analyse_exp = tick_first((tick_is_expired(rep->analyse_exp, now_ms) ? 0 : rep->analyse_exp), s->rules_exp);