[MINOR] tcp-inspect: permit the use of no-delay inspection

Sometimes it may make sense to be able to immediately apply a verdict without waiting at all. It was not possible because no inspect-delay meant no inspection at all. This is now fixed.
2009-03-15 14:43:58 +01:00 · 2009-03-15 14:43:58 +01:00 · d869b24119
commit d869b24119
parent 3cd9af228f
3 changed files with 8 additions and 4 deletions
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@ -3627,7 +3627,10 @@ tcp-request inspect-delay <timeout>
  rules for every new chunk which gets in, taking into account the fact that
  those data are partial. If no rule matches before the aforementionned delay,
  a last check is performed upon expiration, this time considering that the
-  contents are definitive.
+  contents are definitive. If no delay is set, haproxy will not wait at all
+  and will immediately apply a verdict based on the available information.
+  Obviously this is unlikely to be very useful and might even be racy, so such
+  setups are not recommended.

  As soon as a rule matches, the request is released and continues as usual. If
  the timeout is reached and no rule matches, the default policy will be to let
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@ -3469,7 +3469,8 @@ int readcfgfile(const char *file)
 			if (curproxy->mode == PR_MODE_HTTP)
 				listener->analysers |= AN_REQ_HTTP_HDR;

-			if (curproxy->tcp_req.inspect_delay)
+			if (curproxy->tcp_req.inspect_delay ||
+			    !LIST_ISEMPTY(&curproxy->tcp_req.inspect_rules))
 				listener->analysers |= AN_REQ_INSPECT;

 			listener = listener->next;
--- a/src/proto_tcp.c
+++ b/src/proto_tcp.c
@ -404,7 +404,7 @@ int tcp_inspect_request(struct session *s, struct buffer *req)
 	 * - if one rule returns KO, then return KO
 	 */

-	if (req->flags & BF_SHUTR || tick_is_expired(req->analyse_exp, now_ms))
+	if (req->flags & BF_SHUTR || !s->fe->tcp_req.inspect_delay || tick_is_expired(req->analyse_exp, now_ms))
 		partial = 0;
 	else
 		partial = ACL_PARTIAL;
@ -417,7 +417,7 @@ int tcp_inspect_request(struct session *s, struct buffer *req)
 			if (ret == ACL_PAT_MISS) {
 				buffer_write_dis(req);
 				/* just set the request timeout once at the beginning of the request */
-				if (!tick_isset(req->analyse_exp))
+				if (!tick_isset(req->analyse_exp) && s->fe->tcp_req.inspect_delay)
 					req->analyse_exp = tick_add_ifset(now_ms, s->fe->tcp_req.inspect_delay);
 				return 0;
 			}