Hi,
attached is a patch which fixes a configuration mistake regarding the
'tcp-request' option. If you have the following in your configuration
file:
acl localnet dst 10.0.0.0/8
tcp-request content reject if localnet
This will work fine, but if you change the 'tcp-request' line and remove
the 'if' haproxy-1.3.17 will segfault, I think the following changelog
entry in 1.3.18 addresses this problem:
[BUG] fix parser crash on unconditional tcp content rules
But now in 1.3.18 the default behaviour is a bit weird. If you remove
the 'if' statement the haproxy will reject every connection, regardless
of matching to 'localnet' or not and the configuration seems to be valid,
but which is definetly not what expected.
I have changed this to the following behaviour: If nothing is specified
after accept or reject the default condition will apply (like source and
documentation says) and if there is some parameter after accept or
reject it has to be 'if' or 'unless' anything else will result in:
[ALERT] 131/012555 (27042) : parsing [/etc/haproxy/haproxy.cfg:94] :
'tcp-request content reject' expects 'if', 'unless' or nothing, but
found 'localnet'
[ALERT] 131/012555 (27042) : Error reading configuration file :
/etc/haproxy/haproxy.cfg
I think this is much more accurate. At least it took me some time to
verify why the hell my configuration file is valid, but did not work as
expected. :)
--Maik
diff -Nur haproxy-1.3.18/src/proto_tcp.c
haproxy-1.3.18-tcp-request-condition-fix/src/proto_tcp.c
--- haproxy-1.3.18/src/proto_tcp.c 2009-05-10 20:27:47.000000000 +0200
+++ haproxy-1.3.18-tcp-request-condition-fix/src/proto_tcp.c 2009-05-12
01:25:48.000000000 +0200
@@ -509,6 +509,13 @@
pol = ACL_COND_IF;
else if (!strcmp(args[3], "unless"))
pol = ACL_COND_UNLESS;
+ else {
+ if (args[3][0] != '\0') {
+ snprintf(err, errlen, "'%s %s %s' expects 'if',
'unless' or nothing, but found '%s'",
+ args[0], args[1], args[2], args[3]);
+ return -1;
+ }
+ }
/* Note: we consider "if TRUE" when there is no condition */
if (pol != ACL_COND_NONE &&
