From 42c6cf950111736327863de5e82036a1d51deb04 Mon Sep 17 00:00:00 2001
From: Christopher Faulet <cfaulet@haproxy.com>
Date: Thu, 25 Mar 2021 17:19:04 +0100
Subject: [PATCH] MINOR: action: Use a generic function to check validity of an
 action rule list

The check_action_rules() function is now used to check the validity of an
action rule list. It is used from check_config_validity() function to check
L5/6/7 rulesets.
---
 include/haproxy/action.h |  5 +++
 src/action.c             | 22 +++++++++++++
 src/cfgparse.c           | 70 ++++++----------------------------------
 3 files changed, 36 insertions(+), 61 deletions(-)

diff --git a/include/haproxy/action.h b/include/haproxy/action.h
index 845c0fd8b9..62fba7ed3d 100644
--- a/include/haproxy/action.h
+++ b/include/haproxy/action.h
@@ -76,6 +76,11 @@ static inline void action_build_list(struct list *keywords,
 		*p = '\0';
 }
 
+/* Check an action ruleset validity. It returns the number of error encountered
+ * andd err_code is updated if a warning is emitted.
+ */
+int check_action_rules(struct list *rules, struct proxy *px, int *err_code);
+
 /* Find and check the target table used by an action track-sc*. This
  * function should be called during the configuration validity check.
  *
diff --git a/src/action.c b/src/action.c
index 29eae81138..7b017f6185 100644
--- a/src/action.c
+++ b/src/action.c
@@ -23,6 +23,28 @@
 #include <haproxy/tools.h>
 
 
+/* Check an action ruleset validity. It returns the number of error encountered
+ * andd err_code is updated if a warning is emitted.
+ */
+int check_action_rules(struct list *rules, struct proxy *px, int *err_code)
+{
+	struct act_rule *rule;
+	char *errmsg = NULL;
+	int err = 0;
+
+	list_for_each_entry(rule, rules, list) {
+		if (rule->check_ptr && !rule->check_ptr(rule, px, &errmsg)) {
+			ha_alert("Proxy '%s': %s.\n", px->id, errmsg);
+			err++;
+		}
+
+		free(errmsg);
+		errmsg = NULL;
+	}
+
+	return err;
+}
+
 /* Find and check the target table used by an action track-sc*. This
  * function should be called during the configuration validity check.
  *
diff --git a/src/cfgparse.c b/src/cfgparse.c
index 6f8522e41e..5562185eb4 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -34,7 +34,7 @@
 #include <unistd.h>
 
 #include <haproxy/acl.h>
-#include <haproxy/action-t.h>
+#include <haproxy/action.h>
 #include <haproxy/api.h>
 #include <haproxy/auth.h>
 #include <haproxy/backend.h>
@@ -2007,7 +2007,6 @@ int check_config_validity()
 		struct switching_rule *rule;
 		struct server_rule *srule;
 		struct sticking_rule *mrule;
-		struct act_rule *arule;
 		struct logsrv *tmplogsrv;
 		unsigned int next_id;
 		int nbproc;
@@ -2494,65 +2493,14 @@ int check_config_validity()
 			}
 		}
 
-		/* check validity for 'tcp-request' layer 4 rules */
-		list_for_each_entry(arule, &curproxy->tcp_req.l4_rules, list) {
-			err = NULL;
-			if (arule->check_ptr && !arule->check_ptr(arule, curproxy, &err)) {
-				ha_alert("Proxy '%s': %s.\n", curproxy->id, err);
-				free(err);
-				cfgerr++;
-			}
-		}
-
-		/* check validity for 'tcp-request' layer 5 rules */
-		list_for_each_entry(arule, &curproxy->tcp_req.l5_rules, list) {
-			err = NULL;
-			if (arule->check_ptr && !arule->check_ptr(arule, curproxy, &err)) {
-				ha_alert("Proxy '%s': %s.\n", curproxy->id, err);
-				free(err);
-				cfgerr++;
-			}
-		}
-
-		/* check validity for 'tcp-request' layer 6 rules */
-		list_for_each_entry(arule, &curproxy->tcp_req.inspect_rules, list) {
-			err = NULL;
-			if (arule->check_ptr && !arule->check_ptr(arule, curproxy, &err)) {
-				ha_alert("Proxy '%s': %s.\n", curproxy->id, err);
-				free(err);
-				cfgerr++;
-			}
-		}
-
-		/* check validity for 'http-request' layer 7 rules */
-		list_for_each_entry(arule, &curproxy->http_req_rules, list) {
-			err = NULL;
-			if (arule->check_ptr && !arule->check_ptr(arule, curproxy, &err)) {
-				ha_alert("Proxy '%s': %s.\n", curproxy->id, err);
-				free(err);
-				cfgerr++;
-			}
-		}
-
-		/* check validity for 'http-response' layer 7 rules */
-		list_for_each_entry(arule, &curproxy->http_res_rules, list) {
-			err = NULL;
-			if (arule->check_ptr && !arule->check_ptr(arule, curproxy, &err)) {
-				ha_alert("Proxy '%s': %s.\n", curproxy->id, err);
-				free(err);
-				cfgerr++;
-			}
-		}
-
-		/* check validity for 'http-after-response' layer 7 rules */
-		list_for_each_entry(arule, &curproxy->http_after_res_rules, list) {
-			err = NULL;
-			if (arule->check_ptr && !arule->check_ptr(arule, curproxy, &err)) {
-				ha_alert("Proxy '%s': %s.\n", curproxy->id, err);
-				free(err);
-				cfgerr++;
-			}
-		}
+		/* check validity for 'tcp-request' layer 4/5/6/7 rules */
+		cfgerr += check_action_rules(&curproxy->tcp_req.l4_rules, curproxy, &err_code);
+		cfgerr += check_action_rules(&curproxy->tcp_req.l5_rules, curproxy, &err_code);
+		cfgerr += check_action_rules(&curproxy->tcp_req.inspect_rules, curproxy, &err_code);
+		cfgerr += check_action_rules(&curproxy->tcp_rep.inspect_rules, curproxy, &err_code);
+		cfgerr += check_action_rules(&curproxy->http_req_rules, curproxy, &err_code);
+		cfgerr += check_action_rules(&curproxy->http_res_rules, curproxy, &err_code);
+		cfgerr += check_action_rules(&curproxy->http_after_res_rules, curproxy, &err_code);
 
 		/* Warn is a switch-mode http is used on a TCP listener with servers but no backend */
 		if (!curproxy->defbe.name && LIST_ISEMPTY(&curproxy->switching_rules) && curproxy->srv) {