From 55ae1ab9e46bb8c10931cadfe685319e4fa9170c Mon Sep 17 00:00:00 2001 From: Willy Tarreau Date: Mon, 15 Jun 2020 18:08:07 +0200 Subject: [PATCH] BUG/MINOR: tcp-rules: tcp-response must check the buffer's fullness It's unclear why the buffer length wasn't considered when tcp-response rules were added in 1.5-dev3 with commit 97679e790 ("[MEDIUM] Implement tcp inspect response rules"). But it's impossible to write working tcp-response content rules as they're always waiting for the expiration and do not consider the fact that the buffer is full. It's likely that tcp-response content rules were only used with HTTP traffic. This may be backported to stable versions, though it's not very important considering that that nobody reported this in 10 years. --- src/tcp_rules.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/tcp_rules.c b/src/tcp_rules.c index 703bd4fbb..e09cc3c10 100644 --- a/src/tcp_rules.c +++ b/src/tcp_rules.c @@ -260,8 +260,8 @@ int tcp_inspect_response(struct stream *s, struct channel *rep, int an_bit) * - if one rule returns OK, then return OK * - if one rule returns KO, then return KO */ - - if (rep->flags & CF_SHUTR || tick_is_expired(rep->analyse_exp, now_ms)) + if ((rep->flags & CF_SHUTR) || channel_full(rep, global.tune.maxrewrite) || + !s->be->tcp_rep.inspect_delay || tick_is_expired(rep->analyse_exp, now_ms)) partial = SMP_OPT_FINAL; else partial = 0;