From 6bf86c73bae90bd6f0ed97e0df7c56199327a3bf Mon Sep 17 00:00:00 2001 From: Christopher Faulet Date: Fri, 13 Jan 2023 15:39:54 +0100 Subject: [PATCH] BUG/MINOR: bwlim: Fix parameters check for set-bandwidth-limit actions First, the inspect-delay is now tested if the action is used on a tcp-response content rule. Then, when an expressions scope is checked, we now take care to detect the right scope depending on the ruleset used (tcp-request, tcp-response, http-request or http-response). This patch could be backported to 2.7. --- src/flt_bwlim.c | 51 +++++++++++++++++++++++++++++++++++++++++++++---- 1 file changed, 47 insertions(+), 4 deletions(-) diff --git a/src/flt_bwlim.c b/src/flt_bwlim.c index ff39d660d..136be5c2d 100644 --- a/src/flt_bwlim.c +++ b/src/flt_bwlim.c @@ -450,10 +450,26 @@ int check_bwlim_action(struct act_rule *rule, struct proxy *px, char **err) } where = 0; - if (px->cap & PR_CAP_FE) - where |= (rule->from == ACT_F_HTTP_REQ ? SMP_VAL_FE_HRQ_HDR : SMP_VAL_FE_HRS_HDR); - if (px->cap & PR_CAP_BE) - where |= (rule->from == ACT_F_HTTP_REQ ? SMP_VAL_BE_HRQ_HDR : SMP_VAL_BE_HRS_HDR); + if (px->cap & PR_CAP_FE) { + if (rule->from == ACT_F_TCP_REQ_CNT) + where |= SMP_VAL_FE_REQ_CNT; + else if (rule->from == ACT_F_HTTP_REQ) + where |= SMP_VAL_FE_HRQ_HDR; + else if (rule->from == ACT_F_TCP_RES_CNT) + where |= SMP_VAL_FE_RES_CNT; + else if (rule->from == ACT_F_HTTP_RES) + where |= SMP_VAL_FE_HRS_HDR; + } + if (px->cap & PR_CAP_BE) { + if (rule->from == ACT_F_TCP_REQ_CNT) + where |= SMP_VAL_BE_REQ_CNT; + else if (rule->from == ACT_F_HTTP_REQ) + where |= SMP_VAL_BE_HRQ_HDR; + else if (rule->from == ACT_F_TCP_RES_CNT) + where |= SMP_VAL_BE_RES_CNT; + else if (rule->from == ACT_F_HTTP_RES) + where |= SMP_VAL_BE_HRS_HDR; + } if ((rule->action & BWLIM_ACT_LIMIT_EXPR) && rule->arg.act.p[1]) { struct sample_expr *expr = rule->arg.act.p[1]; @@ -473,6 +489,15 @@ int check_bwlim_action(struct act_rule *rule, struct proxy *px, char **err) proxy_type_str(px), px->id); } } + if (rule->from == ACT_F_TCP_RES_CNT && (px->cap & PR_CAP_BE)) { + if (!px->tcp_rep.inspect_delay && !(expr->fetch->val & SMP_VAL_BE_SRV_CON)) { + ha_warning("%s '%s' : a 'tcp-response content set-bandwidth-limit*' rule explicitly depending on response" + " contents without any 'tcp-response inspect-delay' setting." + " This means that this rule will randomly find its contents. This can be fixed by" + " setting the tcp-response inspect-delay.\n", + proxy_type_str(px), px->id); + } + } } if ((rule->action & BWLIM_ACT_PERIOD_EXPR) && rule->arg.act.p[2]) { @@ -491,6 +516,15 @@ int check_bwlim_action(struct act_rule *rule, struct proxy *px, char **err) " This means that this rule will randomly find its contents. This can be fixed by" " setting the tcp-request inspect-delay.\n", proxy_type_str(px), px->id); + } + } + if (rule->from == ACT_F_TCP_RES_CNT && (px->cap & PR_CAP_BE)) { + if (!px->tcp_rep.inspect_delay && !(expr->fetch->val & SMP_VAL_BE_SRV_CON)) { + ha_warning("%s '%s' : a 'tcp-response content set-bandwidth-limit*' rule explicitly depending on response" + " contents without any 'tcp-response inspect-delay' setting." + " This means that this rule will randomly find its contents. This can be fixed by" + " setting the tcp-response inspect-delay.\n", + proxy_type_str(px), px->id); } } } @@ -511,6 +545,15 @@ int check_bwlim_action(struct act_rule *rule, struct proxy *px, char **err) proxy_type_str(px), px->id); } } + if (rule->from == ACT_F_TCP_RES_CNT && (px->cap & PR_CAP_BE)) { + if (!px->tcp_rep.inspect_delay && !(conf->expr->fetch->val & SMP_VAL_BE_SRV_CON)) { + ha_warning("%s '%s' : a 'tcp-response content set-bandwidth-limit*' rule explicitly depending on response" + " contents without any 'tcp-response inspect-delay' setting." + " This means that this rule will randomly find its contents. This can be fixed by" + " setting the tcp-response inspect-delay.\n", + proxy_type_str(px), px->id); + } + } } end: