From 86e6b6ebf85553b261aea69eb14a77fae78a19bb Mon Sep 17 00:00:00 2001 From: Tim Duesterhus Date: Tue, 14 May 2019 20:57:59 +0200 Subject: [PATCH] MEDIUM: Make '(cli|con|srv)timeout' directive fatal They were deprecated with HAProxy 1.5. Time to remove them. --- contrib/syntax-highlight/haproxy.vim | 4 +- doc/configuration.txt | 139 +-------------------------- include/types/global.h | 6 +- src/proxy.c | 29 +++--- 4 files changed, 25 insertions(+), 153 deletions(-) diff --git a/contrib/syntax-highlight/haproxy.vim b/contrib/syntax-highlight/haproxy.vim index c13b2c089..48fd78c63 100644 --- a/contrib/syntax-highlight/haproxy.vim +++ b/contrib/syntax-highlight/haproxy.vim @@ -40,7 +40,7 @@ syn match hapIp1 /\(\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}\)\?:\d\{1,5}/ syn match hapIp2 /,\(\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}\)\?:\d\{1,5}/hs=s+1 nextgroup=hapIp2 contained " Parameters -syn keyword hapParam chroot cliexp clitimeout contimeout +syn keyword hapParam chroot cliexp syn keyword hapParam daemon debug disabled syn keyword hapParam enabled syn keyword hapParam fullconn @@ -56,7 +56,7 @@ syn keyword hapParam rspdel rspdeny skipwhite nextgroup=hapRegexp syn keyword hapParam rspidel rspideny skipwhite nextgroup=hapRegexp syn keyword hapParam reqsetbe reqisetbe skipwhite nextgroup=hapRegexp2 syn keyword hapParam reqadd reqiadd rspadd rspiadd -syn keyword hapParam server source srvexp srvtimeout +syn keyword hapParam server source srvexp syn keyword hapParam uid ulimit-n user syn keyword hapParam reqrep reqirep rsprep rspirep skipwhite nextgroup=hapRegexp syn keyword hapParam errorloc errorloc302 errorloc303 skipwhite nextgroup=hapStatus diff --git a/doc/configuration.txt b/doc/configuration.txt index db51c07d1..279a781e8 100644 --- a/doc/configuration.txt +++ b/doc/configuration.txt @@ -2345,9 +2345,7 @@ bind-process X X X X capture cookie - X X - capture request header - X X - capture response header - X X - -clitimeout (deprecated) X X X - compression X X X X -contimeout (deprecated) X - X X cookie X - X X declare capture - X X - default-server X - X X @@ -2476,7 +2474,6 @@ server - - X X server-state-file-name X - X X server-template - - X X source X - X X -srvtimeout (deprecated) X - X X stats admin - X X X stats auth X X X X stats enable X X X X @@ -2508,15 +2505,12 @@ tcp-response inspect-delay - - X X timeout check X - X X timeout client X X X - timeout client-fin X X X - -timeout clitimeout (deprecated) X X X - timeout connect X - X X -timeout contimeout (deprecated) X - X X timeout http-keep-alive X X X X timeout http-request X X X X timeout queue X - X X timeout server X - X X timeout server-fin X - X X -timeout srvtimeout (deprecated) X - X X timeout tarpit X X X X timeout tunnel X - X X transparent (deprecated) X - X X @@ -3112,40 +3106,6 @@ capture response header len about logging. -clitimeout (deprecated) - Set the maximum inactivity time on the client side. - May be used in sections : defaults | frontend | listen | backend - yes | yes | yes | no - Arguments : - is the timeout value is specified in milliseconds by default, but - can be in any other unit if the number is suffixed by the unit, - as explained at the top of this document. - - The inactivity timeout applies when the client is expected to acknowledge or - send data. In HTTP mode, this timeout is particularly important to consider - during the first phase, when the client sends the request, and during the - response while it is reading data sent by the server. The value is specified - in milliseconds by default, but can be in any other unit if the number is - suffixed by the unit, as specified at the top of this document. In TCP mode - (and to a lesser extent, in HTTP mode), it is highly recommended that the - client timeout remains equal to the server timeout in order to avoid complex - situations to debug. It is a good practice to cover one or several TCP packet - losses by specifying timeouts that are slightly above multiples of 3 seconds - (e.g. 4 or 5 seconds). - - This parameter is specific to frontends, but can be specified once for all in - "defaults" sections. This is in fact one of the easiest solutions not to - forget about it. An unspecified timeout results in an infinite timeout, which - is not recommended. Such a usage is accepted and works but reports a warning - during startup because it may results in accumulation of expired sessions in - the system if the system's timeouts are not configured either. - - This parameter is provided for compatibility but is currently deprecated. - Please use "timeout client" instead. - - See also : "timeout client", "timeout http-request", "timeout server", and - "srvtimeout". - compression algo ... compression type ... compression offload @@ -3226,38 +3186,6 @@ compression offload compression type text/html text/plain -contimeout (deprecated) - Set the maximum time to wait for a connection attempt to a server to succeed. - May be used in sections : defaults | frontend | listen | backend - yes | no | yes | yes - Arguments : - is the timeout value is specified in milliseconds by default, but - can be in any other unit if the number is suffixed by the unit, - as explained at the top of this document. - - If the server is located on the same LAN as haproxy, the connection should be - immediate (less than a few milliseconds). Anyway, it is a good practice to - cover one or several TCP packet losses by specifying timeouts that are - slightly above multiples of 3 seconds (e.g. 4 or 5 seconds). By default, the - connect timeout also presets the queue timeout to the same value if this one - has not been specified. Historically, the contimeout was also used to set the - tarpit timeout in a listen section, which is not possible in a pure frontend. - - This parameter is specific to backends, but can be specified once for all in - "defaults" sections. This is in fact one of the easiest solutions not to - forget about it. An unspecified timeout results in an infinite timeout, which - is not recommended. Such a usage is accepted and works but reports a warning - during startup because it may results in accumulation of failed sessions in - the system if the system's timeouts are not configured either. - - This parameter is provided for backwards compatibility but is currently - deprecated. Please use "timeout connect", "timeout queue" or "timeout tarpit" - instead. - - See also : "timeout connect", "timeout queue", "timeout tarpit", - "timeout server", "contimeout". - - cookie [ rewrite | insert | prefix ] [ indirect ] [ nocache ] [ postonly ] [ preserve ] [ httponly ] [ secure ] [ domain ]* [ maxidle ] [ maxlife ] @@ -8521,46 +8449,6 @@ source [:] [interface ] the Linux kernel on www.balabit.com, the "bind" keyword. -srvtimeout (deprecated) - Set the maximum inactivity time on the server side. - May be used in sections : defaults | frontend | listen | backend - yes | no | yes | yes - Arguments : - is the timeout value specified in milliseconds by default, but - can be in any other unit if the number is suffixed by the unit, - as explained at the top of this document. - - The inactivity timeout applies when the server is expected to acknowledge or - send data. In HTTP mode, this timeout is particularly important to consider - during the first phase of the server's response, when it has to send the - headers, as it directly represents the server's processing time for the - request. To find out what value to put there, it's often good to start with - what would be considered as unacceptable response times, then check the logs - to observe the response time distribution, and adjust the value accordingly. - - The value is specified in milliseconds by default, but can be in any other - unit if the number is suffixed by the unit, as specified at the top of this - document. In TCP mode (and to a lesser extent, in HTTP mode), it is highly - recommended that the client timeout remains equal to the server timeout in - order to avoid complex situations to debug. Whatever the expected server - response times, it is a good practice to cover at least one or several TCP - packet losses by specifying timeouts that are slightly above multiples of 3 - seconds (e.g. 4 or 5 seconds minimum). - - This parameter is specific to backends, but can be specified once for all in - "defaults" sections. This is in fact one of the easiest solutions not to - forget about it. An unspecified timeout results in an infinite timeout, which - is not recommended. Such a usage is accepted and works but reports a warning - during startup because it may results in accumulation of expired sessions in - the system if the system's timeouts are not configured either. - - This parameter is provided for compatibility but is currently deprecated. - Please use "timeout server" instead. - - See also : "timeout server", "timeout tunnel", "timeout client" and - "clitimeout". - - stats admin { if | unless } Enable statistics admin level if/unless a condition is matched May be used in sections : defaults | frontend | listen | backend @@ -10499,7 +10387,6 @@ timeout check timeout client -timeout clitimeout (deprecated) Set the maximum inactivity time on the client side. May be used in sections : defaults | frontend | listen | backend yes | yes | yes | no @@ -10534,12 +10421,7 @@ timeout clitimeout (deprecated) This also applies to HTTP/2 connections, which will be closed with GOAWAY. - This parameter replaces the old, deprecated "clitimeout". It is recommended - to use it to write new configurations. The form "timeout clitimeout" is - provided only by backwards compatibility but its use is strongly discouraged. - - See also : "clitimeout", "timeout server", "timeout tunnel", - "timeout http-request". + See also : "timeout server", "timeout tunnel", "timeout http-request". timeout client-fin @@ -10570,7 +10452,6 @@ timeout client-fin timeout connect -timeout contimeout (deprecated) Set the maximum time to wait for a connection attempt to a server to succeed. May be used in sections : defaults | frontend | listen | backend yes | no | yes | yes @@ -10593,12 +10474,7 @@ timeout contimeout (deprecated) during startup because it may results in accumulation of failed sessions in the system if the system's timeouts are not configured either. - This parameter replaces the old, deprecated "contimeout". It is recommended - to use it to write new configurations. The form "timeout contimeout" is - provided only by backwards compatibility but its use is strongly discouraged. - - See also: "timeout check", "timeout queue", "timeout server", "contimeout", - "timeout tarpit". + See also: "timeout check", "timeout queue", "timeout server", "timeout tarpit". timeout http-keep-alive @@ -10712,11 +10588,10 @@ timeout queue connection timeout ("timeout connect") is used, for backwards compatibility with older versions with no "timeout queue" parameter. - See also : "timeout connect", "contimeout". + See also : "timeout connect". timeout server -timeout srvtimeout (deprecated) Set the maximum inactivity time on the server side. May be used in sections : defaults | frontend | listen | backend yes | no | yes | yes @@ -10752,11 +10627,7 @@ timeout srvtimeout (deprecated) during startup because it may results in accumulation of expired sessions in the system if the system's timeouts are not configured either. - This parameter replaces the old, deprecated "srvtimeout". It is recommended - to use it to write new configurations. The form "timeout srvtimeout" is - provided only by backwards compatibility but its use is strongly discouraged. - - See also : "srvtimeout", "timeout client" and "timeout tunnel". + See also : "timeout client" and "timeout tunnel". timeout server-fin @@ -10805,7 +10676,7 @@ timeout tarpit ("timeout connect") is used, for backwards compatibility with older versions with no "timeout tarpit" parameter. - See also : "timeout connect", "contimeout". + See also : "timeout connect". timeout tunnel diff --git a/include/types/global.h b/include/types/global.h index ce8a93d3e..df0111c79 100644 --- a/include/types/global.h +++ b/include/types/global.h @@ -252,9 +252,9 @@ extern int atexit_flag; /* unassigned : 0x00000001 (previously: WARN_BLOCK_DEPRECATED) */ /* unassigned : 0x00000002 */ /* unassigned : 0x00000004 (previously: WARN_REDISPATCH_DEPRECATED) */ -#define WARN_CLITO_DEPRECATED 0x00000008 -#define WARN_SRVTO_DEPRECATED 0x00000010 -#define WARN_CONTO_DEPRECATED 0x00000020 +/* unassigned : 0x00000008 (previously: WARN_CLITO_DEPRECATED) */ +/* unassigned : 0x00000010 (previously: WARN_SRVTO_DEPRECATED) */ +/* unassigned : 0x00000020 (previously: WARN_CONTO_DEPRECATED) */ #define WARN_FORCECLOSE_DEPRECATED 0x00000040 #define WARN_REQREP_DEPRECATED 0x00000080 diff --git a/src/proxy.c b/src/proxy.c index 78babd5bb..469529d1f 100644 --- a/src/proxy.c +++ b/src/proxy.c @@ -204,7 +204,6 @@ static int proxy_parse_timeout(char **args, int section, struct proxy *proxy, const char *res, *name; int *tv = NULL; int *td = NULL; - int warn = 0; retval = 0; @@ -213,7 +212,7 @@ static int proxy_parse_timeout(char **args, int section, struct proxy *proxy, args++; name = args[0]; - if (!strcmp(args[0], "client") || (!strcmp(args[0], "clitimeout") && (warn = WARN_CLITO_DEPRECATED))) { + if (!strcmp(args[0], "client")) { name = "client"; tv = &proxy->timeout.client; td = &defpx->timeout.client; @@ -230,12 +229,12 @@ static int proxy_parse_timeout(char **args, int section, struct proxy *proxy, tv = &proxy->timeout.httpreq; td = &defpx->timeout.httpreq; cap = PR_CAP_FE | PR_CAP_BE; - } else if (!strcmp(args[0], "server") || (!strcmp(args[0], "srvtimeout") && (warn = WARN_SRVTO_DEPRECATED))) { + } else if (!strcmp(args[0], "server")) { name = "server"; tv = &proxy->timeout.server; td = &defpx->timeout.server; cap = PR_CAP_BE; - } else if (!strcmp(args[0], "connect") || (!strcmp(args[0], "contimeout") && (warn = WARN_CONTO_DEPRECATED))) { + } else if (!strcmp(args[0], "connect")) { name = "connect"; tv = &proxy->timeout.connect; td = &defpx->timeout.connect; @@ -260,6 +259,15 @@ static int proxy_parse_timeout(char **args, int section, struct proxy *proxy, tv = &proxy->timeout.serverfin; td = &defpx->timeout.serverfin; cap = PR_CAP_BE; + } else if (!strcmp(args[0], "clitimeout")) { + memprintf(err, "the '%s' directive is not supported anymore since HAProxy 2.1. Use 'timeout client'.", args[0]); + return -1; + } else if (!strcmp(args[0], "srvtimeout")) { + memprintf(err, "the '%s' directive is not supported anymore since HAProxy 2.1. Use 'timeout server'.", args[0]); + return -1; + } else if (!strcmp(args[0], "contimeout")) { + memprintf(err, "the '%s' directive is not supported anymore since HAProxy 2.1. Use 'timeout connect'.", args[0]); + return -1; } else { memprintf(err, "'timeout' supports 'client', 'server', 'connect', 'check', " @@ -300,13 +308,6 @@ static int proxy_parse_timeout(char **args, int section, struct proxy *proxy, memprintf(err, "overwriting 'timeout %s' which was already specified", name); retval = 1; } - else if (warn) { - if (!already_warned(warn)) { - memprintf(err, "the '%s' directive is now deprecated in favor of 'timeout %s', and will not be supported in future versions.", - args[0], name); - retval = 1; - } - } if (*args[2] != 0) { memprintf(err, "'timeout %s' : unexpected extra argument '%s' after value '%s'.", name, args[2], args[1]); @@ -1672,9 +1673,9 @@ void proxy_adjust_all_maxconn() static struct cfg_kw_list cfg_kws = {ILH, { { CFG_GLOBAL, "hard-stop-after", proxy_parse_hard_stop_after }, { CFG_LISTEN, "timeout", proxy_parse_timeout }, - { CFG_LISTEN, "clitimeout", proxy_parse_timeout }, - { CFG_LISTEN, "contimeout", proxy_parse_timeout }, - { CFG_LISTEN, "srvtimeout", proxy_parse_timeout }, + { CFG_LISTEN, "clitimeout", proxy_parse_timeout }, /* This keyword actually fails to parse, this line remains for better error messages. */ + { CFG_LISTEN, "contimeout", proxy_parse_timeout }, /* This keyword actually fails to parse, this line remains for better error messages. */ + { CFG_LISTEN, "srvtimeout", proxy_parse_timeout }, /* This keyword actually fails to parse, this line remains for better error messages. */ { CFG_LISTEN, "rate-limit", proxy_parse_rate_limit }, { CFG_LISTEN, "max-keep-alive-queue", proxy_parse_max_ka_queue }, { CFG_LISTEN, "declare", proxy_parse_declare },