From 74f67af8d49b623bb9b96a170705613ad6815eb4 Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfaulet@haproxy.com>
Date: Mon, 16 Dec 2019 13:07:14 +0100
Subject: [PATCH] MINOR: http-rules: Handle denied/aborted/invalid connections
 from HTTP rules

The new possible results for a custom action (deny/abort/invalid) are now handled
during HTTP rules evaluation. These codes are mapped on HTTP rules ones :

  * ACT_RET_DENY => HTTP_RULE_RES_DENY
  * ACT_RET_ABRT => HTTP_RULE_RES_ABRT
  * ACT_RET_INV  => HTTP_RULE_RES_BADREQ

For now, no custom action uses these new codes.
---
 src/http_ana.c | 42 ++++++++++++++++++++++++++++++------------
 1 file changed, 30 insertions(+), 12 deletions(-)

diff --git a/src/http_ana.c b/src/http_ana.c
index 983c5eb09..14a86a1b2 100644
--- a/src/http_ana.c
+++ b/src/http_ana.c
@@ -3176,21 +3176,30 @@ static enum rule_result http_req_get_intercept_rule(struct proxy *px, struct lis
 					act_flags |= ACT_FLAG_FINAL;
 
 				switch (rule->action_ptr(rule, px, s->sess, s, act_flags)) {
-					case ACT_RET_ERR:
-						rule_ret = HTTP_RULE_RES_ERROR;
-						goto end;
 					case ACT_RET_CONT:
 						break;
 					case ACT_RET_STOP:
 						rule_ret = HTTP_RULE_RES_STOP;
 						goto end;
-					case ACT_RET_DONE:
-						rule_ret = HTTP_RULE_RES_DONE;
-						goto end;
 					case ACT_RET_YIELD:
 						s->current_rule = rule;
 						rule_ret = HTTP_RULE_RES_YIELD;
 						goto end;
+					case ACT_RET_ERR:
+						rule_ret = HTTP_RULE_RES_ERROR;
+						goto end;
+					case ACT_RET_DONE:
+						rule_ret = HTTP_RULE_RES_DONE;
+						goto end;
+					case ACT_RET_DENY:
+						rule_ret = HTTP_RULE_RES_DENY;
+						goto end;
+					case ACT_RET_ABRT:
+						rule_ret = HTTP_RULE_RES_ABRT;
+						goto end;
+					case ACT_RET_INV:
+						rule_ret = HTTP_RULE_RES_BADREQ;
+						goto end;
 				}
 				break;
 
@@ -3580,21 +3589,30 @@ resume_execution:
 					act_flags |= ACT_FLAG_FINAL;
 
 				switch (rule->action_ptr(rule, px, s->sess, s, act_flags)) {
-					case ACT_RET_ERR:
-						rule_ret = HTTP_RULE_RES_ERROR;
-						goto end;
 					case ACT_RET_CONT:
 						break;
 					case ACT_RET_STOP:
 						rule_ret = HTTP_RULE_RES_STOP;
 						goto end;
-					case ACT_RET_DONE:
-						rule_ret = HTTP_RULE_RES_DONE;
-						goto end;
 					case ACT_RET_YIELD:
 						s->current_rule = rule;
 						rule_ret = HTTP_RULE_RES_YIELD;
 						goto end;
+					case ACT_RET_ERR:
+						rule_ret = HTTP_RULE_RES_ERROR;
+						goto end;
+					case ACT_RET_DONE:
+						rule_ret = HTTP_RULE_RES_DONE;
+						goto end;
+					case ACT_RET_DENY:
+						rule_ret = HTTP_RULE_RES_DENY;
+						goto end;
+					case ACT_RET_ABRT:
+						rule_ret = HTTP_RULE_RES_ABRT;
+						goto end;
+					case ACT_RET_INV:
+						rule_ret = HTTP_RULE_RES_BADREQ;
+						goto end;
 				}
 				break;