kozorizki/haproxy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

MEDIUM: Make '(cli|con|srv)timeout' directive fatal

Browse Source 
They were deprecated with HAProxy 1.5. Time to remove them.
This commit is contained in:
Tim Duesterhus 2019-05-14 20:57:59 +02:00 committed by Willy Tarreau
parent dac168bc15
commit 86e6b6ebf8
4 changed files with 25 additions and 153 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
contrib/syntax-highlight/haproxy.vim
View File

@ -40,7 +40,7 @@ syn match hapIp1 /\(\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}\)\?:\d\{1,5}/
syn match hapIp2 /,\(\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}\)\?:\d\{1,5}/hs=s+1 nextgroup=hapIp2 contained
" Parameters
syn keyword hapParam chroot cliexp clitimeout contimeout
syn keyword hapParam chroot cliexp
syn keyword hapParam daemon debug disabled
syn keyword hapParam enabled
syn keyword hapParam fullconn
@ -56,7 +56,7 @@ syn keyword hapParam rspdel rspdeny skipwhite nextgroup=hapRegexp
syn keyword hapParam rspidel rspideny skipwhite nextgroup=hapRegexp
syn keyword hapParam reqsetbe reqisetbe skipwhite nextgroup=hapRegexp2
syn keyword hapParam reqadd reqiadd rspadd rspiadd
syn keyword hapParam server source srvexp srvtimeout
syn keyword hapParam server source srvexp
syn keyword hapParam uid ulimit-n user
syn keyword hapParam reqrep reqirep rsprep rspirep skipwhite nextgroup=hapRegexp
syn keyword hapParam errorloc errorloc302 errorloc303 skipwhite nextgroup=hapStatus

139
doc/configuration.txt
View File

@ -2345,9 +2345,7 @@ bind-process X X X X
capture cookie - X X -
capture request header - X X -
capture response header - X X -
clitimeout (deprecated) X X X -
compression X X X X
contimeout (deprecated) X - X X
cookie X - X X
declare capture - X X -
default-server X - X X
@ -2476,7 +2474,6 @@ server - - X X
server-state-file-name X - X X
server-template - - X X
source X - X X
srvtimeout (deprecated) X - X X
stats admin - X X X
stats auth X X X X
stats enable X X X X
@ -2508,15 +2505,12 @@ tcp-response inspect-delay - - X X
timeout check X - X X
timeout client X X X -
timeout client-fin X X X -
timeout clitimeout (deprecated) X X X -
timeout connect X - X X
timeout contimeout (deprecated) X - X X
timeout http-keep-alive X X X X
timeout http-request X X X X
timeout queue X - X X
timeout server X - X X
timeout server-fin X - X X
timeout srvtimeout (deprecated) X - X X
timeout tarpit X X X X
timeout tunnel X - X X
transparent (deprecated) X - X X
@ -3112,40 +3106,6 @@ capture response header <name> len <length>
about logging.
clitimeout <timeout> (deprecated)
Set the maximum inactivity time on the client side.
May be used in sections : defaults | frontend | listen | backend
yes | yes | yes | no
Arguments :
<timeout> is the timeout value is specified in milliseconds by default, but
can be in any other unit if the number is suffixed by the unit,
as explained at the top of this document.
The inactivity timeout applies when the client is expected to acknowledge or
send data. In HTTP mode, this timeout is particularly important to consider
during the first phase, when the client sends the request, and during the
response while it is reading data sent by the server. The value is specified
in milliseconds by default, but can be in any other unit if the number is
suffixed by the unit, as specified at the top of this document. In TCP mode
(and to a lesser extent, in HTTP mode), it is highly recommended that the
client timeout remains equal to the server timeout in order to avoid complex
situations to debug. It is a good practice to cover one or several TCP packet
losses by specifying timeouts that are slightly above multiples of 3 seconds
(e.g. 4 or 5 seconds).
This parameter is specific to frontends, but can be specified once for all in
"defaults" sections. This is in fact one of the easiest solutions not to
forget about it. An unspecified timeout results in an infinite timeout, which
is not recommended. Such a usage is accepted and works but reports a warning
during startup because it may results in accumulation of expired sessions in
the system if the system's timeouts are not configured either.
This parameter is provided for compatibility but is currently deprecated.
Please use "timeout client" instead.
See also : "timeout client", "timeout http-request", "timeout server", and
"srvtimeout".
compression algo <algorithm> ...
compression type <mime type> ...
compression offload
@ -3226,38 +3186,6 @@ compression offload
compression type text/html text/plain
contimeout <timeout> (deprecated)
Set the maximum time to wait for a connection attempt to a server to succeed.
May be used in sections : defaults | frontend | listen | backend
yes | no | yes | yes
Arguments :
<timeout> is the timeout value is specified in milliseconds by default, but
can be in any other unit if the number is suffixed by the unit,
as explained at the top of this document.
If the server is located on the same LAN as haproxy, the connection should be
immediate (less than a few milliseconds). Anyway, it is a good practice to
cover one or several TCP packet losses by specifying timeouts that are
slightly above multiples of 3 seconds (e.g. 4 or 5 seconds). By default, the
connect timeout also presets the queue timeout to the same value if this one
has not been specified. Historically, the contimeout was also used to set the
tarpit timeout in a listen section, which is not possible in a pure frontend.
This parameter is specific to backends, but can be specified once for all in
"defaults" sections. This is in fact one of the easiest solutions not to
forget about it. An unspecified timeout results in an infinite timeout, which
is not recommended. Such a usage is accepted and works but reports a warning
during startup because it may results in accumulation of failed sessions in
the system if the system's timeouts are not configured either.
This parameter is provided for backwards compatibility but is currently
deprecated. Please use "timeout connect", "timeout queue" or "timeout tarpit"
instead.
See also : "timeout connect", "timeout queue", "timeout tarpit",
"timeout server", "contimeout".
cookie <name> [ rewrite | insert | prefix ] [ indirect ] [ nocache ]
[ postonly ] [ preserve ] [ httponly ] [ secure ]
[ domain <domain> ]* [ maxidle <idle> ] [ maxlife <life> ]
@ -8521,46 +8449,6 @@ source <addr>[:<port>] [interface <name>]
the Linux kernel on www.balabit.com, the "bind" keyword.
srvtimeout <timeout> (deprecated)
Set the maximum inactivity time on the server side.
May be used in sections : defaults | frontend | listen | backend
yes | no | yes | yes
Arguments :
<timeout> is the timeout value specified in milliseconds by default, but
can be in any other unit if the number is suffixed by the unit,
as explained at the top of this document.
The inactivity timeout applies when the server is expected to acknowledge or
send data. In HTTP mode, this timeout is particularly important to consider
during the first phase of the server's response, when it has to send the
headers, as it directly represents the server's processing time for the
request. To find out what value to put there, it's often good to start with
what would be considered as unacceptable response times, then check the logs
to observe the response time distribution, and adjust the value accordingly.
The value is specified in milliseconds by default, but can be in any other
unit if the number is suffixed by the unit, as specified at the top of this
document. In TCP mode (and to a lesser extent, in HTTP mode), it is highly
recommended that the client timeout remains equal to the server timeout in
order to avoid complex situations to debug. Whatever the expected server
response times, it is a good practice to cover at least one or several TCP
packet losses by specifying timeouts that are slightly above multiples of 3
seconds (e.g. 4 or 5 seconds minimum).
This parameter is specific to backends, but can be specified once for all in
"defaults" sections. This is in fact one of the easiest solutions not to
forget about it. An unspecified timeout results in an infinite timeout, which
is not recommended. Such a usage is accepted and works but reports a warning
during startup because it may results in accumulation of expired sessions in
the system if the system's timeouts are not configured either.
This parameter is provided for compatibility but is currently deprecated.
Please use "timeout server" instead.
See also : "timeout server", "timeout tunnel", "timeout client" and
"clitimeout".
stats admin { if | unless } <cond>
Enable statistics admin level if/unless a condition is matched
May be used in sections : defaults | frontend | listen | backend
@ -10499,7 +10387,6 @@ timeout check <timeout>
timeout client <timeout>
timeout clitimeout <timeout> (deprecated)
Set the maximum inactivity time on the client side.
May be used in sections : defaults | frontend | listen | backend
yes | yes | yes | no
@ -10534,12 +10421,7 @@ timeout clitimeout <timeout> (deprecated)
This also applies to HTTP/2 connections, which will be closed with GOAWAY.
This parameter replaces the old, deprecated "clitimeout". It is recommended
to use it to write new configurations. The form "timeout clitimeout" is
provided only by backwards compatibility but its use is strongly discouraged.
See also : "clitimeout", "timeout server", "timeout tunnel",
"timeout http-request".
See also : "timeout server", "timeout tunnel", "timeout http-request".
timeout client-fin <timeout>
@ -10570,7 +10452,6 @@ timeout client-fin <timeout>
timeout connect <timeout>
timeout contimeout <timeout> (deprecated)
Set the maximum time to wait for a connection attempt to a server to succeed.
May be used in sections : defaults | frontend | listen | backend
yes | no | yes | yes
@ -10593,12 +10474,7 @@ timeout contimeout <timeout> (deprecated)
during startup because it may results in accumulation of failed sessions in
the system if the system's timeouts are not configured either.
This parameter replaces the old, deprecated "contimeout". It is recommended
to use it to write new configurations. The form "timeout contimeout" is
provided only by backwards compatibility but its use is strongly discouraged.
See also: "timeout check", "timeout queue", "timeout server", "contimeout",
"timeout tarpit".
See also: "timeout check", "timeout queue", "timeout server", "timeout tarpit".
timeout http-keep-alive <timeout>
@ -10712,11 +10588,10 @@ timeout queue <timeout>
connection timeout ("timeout connect") is used, for backwards compatibility
with older versions with no "timeout queue" parameter.
See also : "timeout connect", "contimeout".
See also : "timeout connect".
timeout server <timeout>
timeout srvtimeout <timeout> (deprecated)
Set the maximum inactivity time on the server side.
May be used in sections : defaults | frontend | listen | backend
yes | no | yes | yes
@ -10752,11 +10627,7 @@ timeout srvtimeout <timeout> (deprecated)
during startup because it may results in accumulation of expired sessions in
the system if the system's timeouts are not configured either.
This parameter replaces the old, deprecated "srvtimeout". It is recommended
to use it to write new configurations. The form "timeout srvtimeout" is
provided only by backwards compatibility but its use is strongly discouraged.
See also : "srvtimeout", "timeout client" and "timeout tunnel".
See also : "timeout client" and "timeout tunnel".
timeout server-fin <timeout>
@ -10805,7 +10676,7 @@ timeout tarpit <timeout>
("timeout connect") is used, for backwards compatibility with older versions
with no "timeout tarpit" parameter.
See also : "timeout connect", "contimeout".
See also : "timeout connect".
timeout tunnel <timeout>

6
include/types/global.h
View File

@ -252,9 +252,9 @@ extern int atexit_flag;
/* unassigned : 0x00000001 (previously: WARN_BLOCK_DEPRECATED) */
/* unassigned : 0x00000002 */
/* unassigned : 0x00000004 (previously: WARN_REDISPATCH_DEPRECATED) */
#define WARN_CLITO_DEPRECATED 0x00000008
#define WARN_SRVTO_DEPRECATED 0x00000010
#define WARN_CONTO_DEPRECATED 0x00000020
/* unassigned : 0x00000008 (previously: WARN_CLITO_DEPRECATED) */
/* unassigned : 0x00000010 (previously: WARN_SRVTO_DEPRECATED) */
/* unassigned : 0x00000020 (previously: WARN_CONTO_DEPRECATED) */
#define WARN_FORCECLOSE_DEPRECATED 0x00000040
#define WARN_REQREP_DEPRECATED 0x00000080

29
src/proxy.c
View File

@ -204,7 +204,6 @@ static int proxy_parse_timeout(char **args, int section, struct proxy *proxy,
const char *res, *name;
int *tv = NULL;
int *td = NULL;
int warn = 0;
retval = 0;
@ -213,7 +212,7 @@ static int proxy_parse_timeout(char **args, int section, struct proxy *proxy,
args++;
name = args[0];
if (!strcmp(args[0], "client") || (!strcmp(args[0], "clitimeout") && (warn = WARN_CLITO_DEPRECATED))) {
if (!strcmp(args[0], "client")) {
name = "client";
tv = &proxy->timeout.client;
td = &defpx->timeout.client;
@ -230,12 +229,12 @@ static int proxy_parse_timeout(char **args, int section, struct proxy *proxy,
tv = &proxy->timeout.httpreq;
td = &defpx->timeout.httpreq;
cap = PR_CAP_FE | PR_CAP_BE;
} else if (!strcmp(args[0], "server") || (!strcmp(args[0], "srvtimeout") && (warn = WARN_SRVTO_DEPRECATED))) {
} else if (!strcmp(args[0], "server")) {
name = "server";
tv = &proxy->timeout.server;
td = &defpx->timeout.server;
cap = PR_CAP_BE;
} else if (!strcmp(args[0], "connect") || (!strcmp(args[0], "contimeout") && (warn = WARN_CONTO_DEPRECATED))) {
} else if (!strcmp(args[0], "connect")) {
name = "connect";
tv = &proxy->timeout.connect;
td = &defpx->timeout.connect;
@ -260,6 +259,15 @@ static int proxy_parse_timeout(char **args, int section, struct proxy *proxy,
tv = &proxy->timeout.serverfin;
td = &defpx->timeout.serverfin;
cap = PR_CAP_BE;
} else if (!strcmp(args[0], "clitimeout")) {
memprintf(err, "the '%s' directive is not supported anymore since HAProxy 2.1. Use 'timeout client'.", args[0]);
return -1;
} else if (!strcmp(args[0], "srvtimeout")) {
memprintf(err, "the '%s' directive is not supported anymore since HAProxy 2.1. Use 'timeout server'.", args[0]);
return -1;
} else if (!strcmp(args[0], "contimeout")) {
memprintf(err, "the '%s' directive is not supported anymore since HAProxy 2.1. Use 'timeout connect'.", args[0]);
return -1;
} else {
memprintf(err,
"'timeout' supports 'client', 'server', 'connect', 'check', "
@ -300,13 +308,6 @@ static int proxy_parse_timeout(char **args, int section, struct proxy *proxy,
memprintf(err, "overwriting 'timeout %s' which was already specified", name);
retval = 1;
}
else if (warn) {
if (!already_warned(warn)) {
memprintf(err, "the '%s' directive is now deprecated in favor of 'timeout %s', and will not be supported in future versions.",
args[0], name);
retval = 1;
}
}
if (*args[2] != 0) {
memprintf(err, "'timeout %s' : unexpected extra argument '%s' after value '%s'.", name, args[2], args[1]);
@ -1672,9 +1673,9 @@ void proxy_adjust_all_maxconn()
static struct cfg_kw_list cfg_kws = {ILH, {
{ CFG_GLOBAL, "hard-stop-after", proxy_parse_hard_stop_after },
{ CFG_LISTEN, "timeout", proxy_parse_timeout },
{ CFG_LISTEN, "clitimeout", proxy_parse_timeout },
{ CFG_LISTEN, "contimeout", proxy_parse_timeout },
{ CFG_LISTEN, "srvtimeout", proxy_parse_timeout },
{ CFG_LISTEN, "clitimeout", proxy_parse_timeout }, /* This keyword actually fails to parse, this line remains for better error messages. */
{ CFG_LISTEN, "contimeout", proxy_parse_timeout }, /* This keyword actually fails to parse, this line remains for better error messages. */
{ CFG_LISTEN, "srvtimeout", proxy_parse_timeout }, /* This keyword actually fails to parse, this line remains for better error messages. */
{ CFG_LISTEN, "rate-limit", proxy_parse_rate_limit },
{ CFG_LISTEN, "max-keep-alive-queue", proxy_parse_max_ka_queue },
{ CFG_LISTEN, "declare", proxy_parse_declare },