MINOR: log/backend: prevent tcp-{request,response} use with LOG mode

We start implementing some postparsing compatibility checks for log
backends.

Here we report a warning if user tries to use tcp-{request,response} rules
with log backend, and we properly ignore such rules when inherited from
defaults section.

src/log.c

@@ -41,6 +41,7 @@
 #include <haproxy/ssl_sock.h>
 #include <haproxy/stconn.h>
 #include <haproxy/stream.h>
+#include <haproxy/action.h>
 #include <haproxy/time.h>
 #include <haproxy/hash.h>
 #include <haproxy/tools.h>
@@ -874,6 +875,32 @@ static void log_backend_srv_down(struct server *srv)
 	HA_RWLOCK_WRUNLOCK(LBPRM_LOCK, &p->lbprm.lock);
 }
 
+/* check that current configuration is compatible with "mode log" */
+static int _postcheck_log_backend_compat(struct proxy *be)
+{
+	int err_code = ERR_NONE;
+
+	if (!LIST_ISEMPTY(&be->tcp_req.inspect_rules) ||
+	    !LIST_ISEMPTY(&be->tcp_req.l4_rules) ||
+	    !LIST_ISEMPTY(&be->tcp_req.l5_rules)) {
+		ha_warning("Cannot use tcp-request rules with 'mode log' in %s '%s'. They will be ignored.\n",
+			   proxy_type_str(be), be->id);
+
+		err_code |= ERR_WARN;
+		free_act_rules(&be->tcp_req.inspect_rules);
+		free_act_rules(&be->tcp_req.l4_rules);
+		free_act_rules(&be->tcp_req.l5_rules);
+	}
+	if (!LIST_ISEMPTY(&be->tcp_rep.inspect_rules)) {
+		ha_warning("Cannot use tcp-response rules with 'mode log' in %s '%s'. They will be ignored.\n",
+			   proxy_type_str(be), be->id);
+
+		err_code |= ERR_WARN;
+		free_act_rules(&be->tcp_rep.inspect_rules);
+	}
+	return err_code;
+}
+
 static int postcheck_log_backend(struct proxy *be)
 {
 	char *msg = NULL;
@@ -885,6 +912,10 @@ static int postcheck_log_backend(struct proxy *be)
 	    (be->flags & (PR_FL_DISABLED|PR_FL_STOPPED)))
 		return ERR_NONE; /* nothing to do */
 
+	err_code |= _postcheck_log_backend_compat(be);
+	if (err_code & ERR_CODE)
+		return err_code;
+
 	/* First time encoutering this log backend, perform some init
 	 */
 	be->lbprm.set_server_status_up = log_backend_srv_up;

src/tcp_rules.c

@@ -103,7 +103,9 @@ int tcp_inspect_request(struct stream *s, struct channel *req, int an_bit)
 
 	DBG_TRACE_ENTER(STRM_EV_STRM_ANA|STRM_EV_TCP_ANA, s);
 
-	def_rules = ((s->be->defpx && (an_bit == AN_REQ_INSPECT_FE || s->be->defpx != sess->fe->defpx)) ? &s->be->defpx->tcp_req.inspect_rules : NULL);
+	def_rules = ((s->be->defpx &&
+	              (sess->fe->mode == PR_MODE_TCP || sess->fe->mode == PR_MODE_HTTP) &&
+	              (an_bit == AN_REQ_INSPECT_FE || s->be->defpx != sess->fe->defpx)) ? &s->be->defpx->tcp_req.inspect_rules : NULL);
 	rules = &s->be->tcp_req.inspect_rules;
 
 	/* We don't know whether we have enough data, so must proceed
@@ -286,7 +288,7 @@ int tcp_inspect_response(struct stream *s, struct channel *rep, int an_bit)
 
 	DBG_TRACE_ENTER(STRM_EV_STRM_ANA|STRM_EV_TCP_ANA, s);
 
-	def_rules = (s->be->defpx ? &s->be->defpx->tcp_rep.inspect_rules : NULL);
+	def_rules = (s->be->defpx && (s->be->mode == PR_MODE_TCP || s->be->mode == PR_MODE_HTTP) ? &s->be->defpx->tcp_rep.inspect_rules : NULL);
 	rules = &s->be->tcp_rep.inspect_rules;
 
 	/* We don't know whether we have enough data, so must proceed
@@ -484,7 +486,7 @@ int tcp_exec_l4_rules(struct session *sess)
 	if (!conn)
 		return result;
 
-	if  (sess->fe->defpx)
+	if  (sess->fe->defpx && (sess->fe->mode == PR_MODE_TCP || sess->fe->mode == PR_MODE_HTTP))
 		px = sess->fe->defpx;
 
   restart:
@@ -579,7 +581,7 @@ int tcp_exec_l5_rules(struct session *sess)
 	int result = 1;
 	enum acl_test_res ret;
 
-	if  (sess->fe->defpx)
+	if  (sess->fe->defpx && (sess->fe->mode == PR_MODE_TCP || sess->fe->mode == PR_MODE_HTTP))
 		px = sess->fe->defpx;
 
   restart: