BUG/MAJOR: tcp: tcp rulesets were still broken

Commit cc87a11 ("MEDIUM: tcp: add register keyword system.") broke the
TCP ruleset by merging custom rules and accept. It was fixed a first time
by commit e91ffd0 ("BUG/MAJOR: tcp: only call registered actions when
they're registered") but the accept action still didn't work anymore
and was causing the matching rule to simply be ignored.

Since the code introduced a very fragile behaviour by not even mentionning
that accept and custom were silently merged, let's fix this once for all by
adding an explicit check for the accept action. Nevertheless, as previously
mentionned, the action should be changed so that custom is the only action
and the continue vs break indication directly comes from the callee.

No backport is needed, this bug only affects 1.6-dev.

src/proto_tcp.c

@@ -1158,7 +1158,10 @@ int tcp_inspect_request(struct stream *s, struct channel *req, int an_bit)
 		if (ret) {
 resume_execution:
 			/* we have a matching rule. */
-			if (rule->action == TCP_ACT_REJECT) {
+			if (rule->action == TCP_ACT_ACCEPT) {
+				break;
+			}
+			else if (rule->action == TCP_ACT_REJECT) {
 				channel_abort(req);
 				channel_abort(&s->res);
 				req->analysers = 0;
@@ -1323,7 +1326,10 @@ int tcp_inspect_response(struct stream *s, struct channel *rep, int an_bit)
 		if (ret) {
 resume_execution:
 			/* we have a matching rule. */
-			if (rule->action == TCP_ACT_REJECT) {
+			if (rule->action == TCP_ACT_ACCEPT) {
+				break;
+			}
+			else if (rule->action == TCP_ACT_REJECT) {
 				channel_abort(rep);
 				channel_abort(&s->req);
 				rep->analysers = 0;
@@ -1399,7 +1405,10 @@ int tcp_exec_req_rules(struct session *sess)
 
 		if (ret) {
 			/* we have a matching rule. */
-			if (rule->action == TCP_ACT_REJECT) {
+			if (rule->action == TCP_ACT_ACCEPT) {
+				break;
+			}
+			else if (rule->action == TCP_ACT_REJECT) {
 				sess->fe->fe_counters.denied_conn++;
 				if (sess->listener->counters)
 					sess->listener->counters->denied_conn++;