[BUG] "option transparent" is for backend, not frontend !
"option transparent" was set and checked on frontends only while it
is purely a backend thing as it replaces the "balance" mode. For this
reason, it did only work in "listen" sections. This change will then
not affect the rare users of this option.
diff --git a/doc/configuration.txt b/doc/configuration.txt
index f92176a..b2cb48f 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -569,7 +569,7 @@
option tcpka X X X X
option tcplog X X X X
[no] option tcpsplice X X X X
-[no] option transparent X X X -
+[no] option transparent X - X X
redirect - X X X
redisp X - X X (deprecated)
redispatch X - X X (deprecated)
@@ -619,7 +619,7 @@
timeout server X - X X
timeout srvtimeout X - X X (deprecated)
timeout tarpit X X X X
-transparent X X X - (deprecated)
+transparent X - X X (deprecated)
use_backend - X X -
----------------------+----------+----------+---------+---------
keyword defaults frontend listen backend
@@ -2314,7 +2314,7 @@
no option transparent
Enable client-side transparent proxying
May be used in sections : defaults | frontend | listen | backend
- yes | yes | yes | no
+ yes | no | yes | yes
Arguments : none
This option was introduced in order to provide layer 7 persistence to layer 3
@@ -2329,9 +2329,6 @@
Note that contrary to a common belief, this option does NOT make HAProxy
present the client's IP to the server when establishing the connection.
- Use of this option is really discouraged, and since no really valid use of it
- has been reported for years, it will probably be removed in future versions.
-
See also: the "usersrc" argument of the "source" keyword, and the
"transparent" option of the "bind" keyword.
@@ -3589,7 +3586,7 @@
transparent (deprecated)
Enable client-side transparent proxying
May be used in sections : defaults | frontend | listen | backend
- yes | yes | yes | no
+ yes | no | yes | yes
Arguments : none
This keyword was introduced in order to provide layer 7 persistence to layer
@@ -3606,9 +3603,6 @@
Note that contrary to a common belief, this option does NOT make HAProxy
present the client's IP to the server when establishing the connection.
- Use of this option is really discouraged, and since no really valid use of it
- has been reported for years, it will probably be removed in future versions.
-
See also: "option transparent"
diff --git a/src/backend.c b/src/backend.c
index c8a84be..a8ffdb6 100644
--- a/src/backend.c
+++ b/src/backend.c
@@ -1412,7 +1412,7 @@
}
}
else if (!*(int *)&s->be->dispatch_addr.sin_addr &&
- !(s->fe->options & PR_O_TRANSP)) {
+ !(s->be->options & PR_O_TRANSP)) {
err = SRV_STATUS_NOSRV;
goto out;
}
@@ -1467,7 +1467,7 @@
/* if this server remaps proxied ports, we'll use
* the port the client connected to with an offset. */
if (s->srv->state & SRV_MAPPORTS) {
- if (!(s->fe->options & PR_O_TRANSP) && !(s->flags & SN_FRT_ADDR_SET))
+ if (!(s->be->options & PR_O_TRANSP) && !(s->flags & SN_FRT_ADDR_SET))
get_frt_addr(s);
if (s->frt_addr.ss_family == AF_INET) {
s->srv_addr.sin_port = htons(ntohs(s->srv_addr.sin_port) +
@@ -1482,7 +1482,7 @@
/* connect to the defined dispatch addr */
s->srv_addr = s->be->dispatch_addr;
}
- else if (s->fe->options & PR_O_TRANSP) {
+ else if (s->be->options & PR_O_TRANSP) {
/* in transparent mode, use the original dest addr if no dispatch specified */
if (!(s->flags & SN_FRT_ADDR_SET))
get_frt_addr(s);
diff --git a/src/cfgparse.c b/src/cfgparse.c
index 8668dfb..d41edf7 100644
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -107,7 +107,7 @@
{ "tcpsplice", PR_O_TCPSPLICE, PR_CAP_BE|PR_CAP_FE, LSTCHK_TCPSPLICE|LSTCHK_NETADM },
#endif
#ifdef TPROXY
- { "transparent", PR_O_TRANSP, PR_CAP_FE, 0 },
+ { "transparent", PR_O_TRANSP, PR_CAP_BE, 0 },
#endif
{ NULL, 0, 0, 0 }