BUG/MINOR: session: Eval L4/L5 rules defined in the default section

It is possible to define TCP/HTTP rules in a named default section to inherit from it in a proxy. However, there is an issue with L4/L5 rules. Only the lists of the current frontend are checked to know if an eval must be performed. Nothing is done for an empty list. Of course, the lists of the default proxy must also be checked to be sure to not ignored default L4/L5 rules. It is now fixed. This patch should fix the issue #2637. It must be backported as far as 2.6.
2025-02-22 13:46:52 +00:00 · 2024-07-12 15:21:21 +02:00 · 2024-07-12 15:21:21 +02:00 · 0764445505
commit 0764445505
parent 9302869c95
1 changed files with 4 additions and 2 deletions
--- a/src/session.c
+++ b/src/session.c
@ -201,7 +201,8 @@ int session_accept_fd(struct connection *cli_conn)
 	/* now evaluate the tcp-request layer4 rules. We only need a session
 	 * and no stream for these rules.
 	 */
-	if (!LIST_ISEMPTY(&p->tcp_req.l4_rules) && !tcp_exec_l4_rules(sess)) {
+	if (((sess->fe->defpx && !LIST_ISEMPTY(&sess->fe->defpx->tcp_req.l4_rules)) ||
+	     !LIST_ISEMPTY(&p->tcp_req.l4_rules)) && !tcp_exec_l4_rules(sess)) {
 		/* let's do a no-linger now to close with a single RST. */
 		if (!(cli_conn->flags & CO_FL_FDLESS))
 			setsockopt(cfd, SOL_SOCKET, SO_LINGER, (struct linger *) &nolinger, sizeof(struct linger));
@ -493,7 +494,8 @@ int conn_complete_session(struct connection *conn)
 		conn->flags |= CO_FL_XPRT_TRACKED;

 	/* we may have some tcp-request-session rules */
-	if (!LIST_ISEMPTY(&sess->fe->tcp_req.l5_rules) && !tcp_exec_l5_rules(sess))
+	if (((sess->fe->defpx && !LIST_ISEMPTY(&sess->fe->defpx->tcp_req.l5_rules)) ||
+	     !LIST_ISEMPTY(&sess->fe->tcp_req.l5_rules)) && !tcp_exec_l5_rules(sess))
 		goto fail;

 	session_count_new(sess);