mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2025-08-06 23:27:04 +02:00
[MINOR] tcp-inspect: permit the use of no-delay inspection
Sometimes it may make sense to be able to immediately apply a verdict without waiting at all. It was not possible because no inspect-delay meant no inspection at all. This is now fixed.
This commit is contained in:
parent
3cd9af228f
commit
d869b24119
@ -3627,7 +3627,10 @@ tcp-request inspect-delay <timeout>
|
|||||||
rules for every new chunk which gets in, taking into account the fact that
|
rules for every new chunk which gets in, taking into account the fact that
|
||||||
those data are partial. If no rule matches before the aforementionned delay,
|
those data are partial. If no rule matches before the aforementionned delay,
|
||||||
a last check is performed upon expiration, this time considering that the
|
a last check is performed upon expiration, this time considering that the
|
||||||
contents are definitive.
|
contents are definitive. If no delay is set, haproxy will not wait at all
|
||||||
|
and will immediately apply a verdict based on the available information.
|
||||||
|
Obviously this is unlikely to be very useful and might even be racy, so such
|
||||||
|
setups are not recommended.
|
||||||
|
|
||||||
As soon as a rule matches, the request is released and continues as usual. If
|
As soon as a rule matches, the request is released and continues as usual. If
|
||||||
the timeout is reached and no rule matches, the default policy will be to let
|
the timeout is reached and no rule matches, the default policy will be to let
|
||||||
|
@ -3469,7 +3469,8 @@ int readcfgfile(const char *file)
|
|||||||
if (curproxy->mode == PR_MODE_HTTP)
|
if (curproxy->mode == PR_MODE_HTTP)
|
||||||
listener->analysers |= AN_REQ_HTTP_HDR;
|
listener->analysers |= AN_REQ_HTTP_HDR;
|
||||||
|
|
||||||
if (curproxy->tcp_req.inspect_delay)
|
if (curproxy->tcp_req.inspect_delay ||
|
||||||
|
!LIST_ISEMPTY(&curproxy->tcp_req.inspect_rules))
|
||||||
listener->analysers |= AN_REQ_INSPECT;
|
listener->analysers |= AN_REQ_INSPECT;
|
||||||
|
|
||||||
listener = listener->next;
|
listener = listener->next;
|
||||||
|
@ -404,7 +404,7 @@ int tcp_inspect_request(struct session *s, struct buffer *req)
|
|||||||
* - if one rule returns KO, then return KO
|
* - if one rule returns KO, then return KO
|
||||||
*/
|
*/
|
||||||
|
|
||||||
if (req->flags & BF_SHUTR || tick_is_expired(req->analyse_exp, now_ms))
|
if (req->flags & BF_SHUTR || !s->fe->tcp_req.inspect_delay || tick_is_expired(req->analyse_exp, now_ms))
|
||||||
partial = 0;
|
partial = 0;
|
||||||
else
|
else
|
||||||
partial = ACL_PARTIAL;
|
partial = ACL_PARTIAL;
|
||||||
@ -417,7 +417,7 @@ int tcp_inspect_request(struct session *s, struct buffer *req)
|
|||||||
if (ret == ACL_PAT_MISS) {
|
if (ret == ACL_PAT_MISS) {
|
||||||
buffer_write_dis(req);
|
buffer_write_dis(req);
|
||||||
/* just set the request timeout once at the beginning of the request */
|
/* just set the request timeout once at the beginning of the request */
|
||||||
if (!tick_isset(req->analyse_exp))
|
if (!tick_isset(req->analyse_exp) && s->fe->tcp_req.inspect_delay)
|
||||||
req->analyse_exp = tick_add_ifset(now_ms, s->fe->tcp_req.inspect_delay);
|
req->analyse_exp = tick_add_ifset(now_ms, s->fe->tcp_req.inspect_delay);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user