MEDIUM: Make '(cli|con|srv)timeout' directive fatal
They were deprecated with HAProxy 1.5. Time to remove them.
diff --git a/contrib/syntax-highlight/haproxy.vim b/contrib/syntax-highlight/haproxy.vim
index c13b2c0..48fd78c 100644
--- a/contrib/syntax-highlight/haproxy.vim
+++ b/contrib/syntax-highlight/haproxy.vim
@@ -40,7 +40,7 @@
syn match hapIp2 /,\(\d\{1,3}\.\d\{1,3}\.\d\{1,3}\.\d\{1,3}\)\?:\d\{1,5}/hs=s+1 nextgroup=hapIp2 contained
" Parameters
-syn keyword hapParam chroot cliexp clitimeout contimeout
+syn keyword hapParam chroot cliexp
syn keyword hapParam daemon debug disabled
syn keyword hapParam enabled
syn keyword hapParam fullconn
@@ -56,7 +56,7 @@
syn keyword hapParam rspidel rspideny skipwhite nextgroup=hapRegexp
syn keyword hapParam reqsetbe reqisetbe skipwhite nextgroup=hapRegexp2
syn keyword hapParam reqadd reqiadd rspadd rspiadd
-syn keyword hapParam server source srvexp srvtimeout
+syn keyword hapParam server source srvexp
syn keyword hapParam uid ulimit-n user
syn keyword hapParam reqrep reqirep rsprep rspirep skipwhite nextgroup=hapRegexp
syn keyword hapParam errorloc errorloc302 errorloc303 skipwhite nextgroup=hapStatus
diff --git a/doc/configuration.txt b/doc/configuration.txt
index db51c07..279a781 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -2345,9 +2345,7 @@
capture cookie - X X -
capture request header - X X -
capture response header - X X -
-clitimeout (deprecated) X X X -
compression X X X X
-contimeout (deprecated) X - X X
cookie X - X X
declare capture - X X -
default-server X - X X
@@ -2476,7 +2474,6 @@
server-state-file-name X - X X
server-template - - X X
source X - X X
-srvtimeout (deprecated) X - X X
stats admin - X X X
stats auth X X X X
stats enable X X X X
@@ -2508,15 +2505,12 @@
timeout check X - X X
timeout client X X X -
timeout client-fin X X X -
-timeout clitimeout (deprecated) X X X -
timeout connect X - X X
-timeout contimeout (deprecated) X - X X
timeout http-keep-alive X X X X
timeout http-request X X X X
timeout queue X - X X
timeout server X - X X
timeout server-fin X - X X
-timeout srvtimeout (deprecated) X - X X
timeout tarpit X X X X
timeout tunnel X - X X
transparent (deprecated) X - X X
@@ -3112,40 +3106,6 @@
about logging.
-clitimeout <timeout> (deprecated)
- Set the maximum inactivity time on the client side.
- May be used in sections : defaults | frontend | listen | backend
- yes | yes | yes | no
- Arguments :
- <timeout> is the timeout value is specified in milliseconds by default, but
- can be in any other unit if the number is suffixed by the unit,
- as explained at the top of this document.
-
- The inactivity timeout applies when the client is expected to acknowledge or
- send data. In HTTP mode, this timeout is particularly important to consider
- during the first phase, when the client sends the request, and during the
- response while it is reading data sent by the server. The value is specified
- in milliseconds by default, but can be in any other unit if the number is
- suffixed by the unit, as specified at the top of this document. In TCP mode
- (and to a lesser extent, in HTTP mode), it is highly recommended that the
- client timeout remains equal to the server timeout in order to avoid complex
- situations to debug. It is a good practice to cover one or several TCP packet
- losses by specifying timeouts that are slightly above multiples of 3 seconds
- (e.g. 4 or 5 seconds).
-
- This parameter is specific to frontends, but can be specified once for all in
- "defaults" sections. This is in fact one of the easiest solutions not to
- forget about it. An unspecified timeout results in an infinite timeout, which
- is not recommended. Such a usage is accepted and works but reports a warning
- during startup because it may results in accumulation of expired sessions in
- the system if the system's timeouts are not configured either.
-
- This parameter is provided for compatibility but is currently deprecated.
- Please use "timeout client" instead.
-
- See also : "timeout client", "timeout http-request", "timeout server", and
- "srvtimeout".
-
compression algo <algorithm> ...
compression type <mime type> ...
compression offload
@@ -3226,38 +3186,6 @@
compression type text/html text/plain
-contimeout <timeout> (deprecated)
- Set the maximum time to wait for a connection attempt to a server to succeed.
- May be used in sections : defaults | frontend | listen | backend
- yes | no | yes | yes
- Arguments :
- <timeout> is the timeout value is specified in milliseconds by default, but
- can be in any other unit if the number is suffixed by the unit,
- as explained at the top of this document.
-
- If the server is located on the same LAN as haproxy, the connection should be
- immediate (less than a few milliseconds). Anyway, it is a good practice to
- cover one or several TCP packet losses by specifying timeouts that are
- slightly above multiples of 3 seconds (e.g. 4 or 5 seconds). By default, the
- connect timeout also presets the queue timeout to the same value if this one
- has not been specified. Historically, the contimeout was also used to set the
- tarpit timeout in a listen section, which is not possible in a pure frontend.
-
- This parameter is specific to backends, but can be specified once for all in
- "defaults" sections. This is in fact one of the easiest solutions not to
- forget about it. An unspecified timeout results in an infinite timeout, which
- is not recommended. Such a usage is accepted and works but reports a warning
- during startup because it may results in accumulation of failed sessions in
- the system if the system's timeouts are not configured either.
-
- This parameter is provided for backwards compatibility but is currently
- deprecated. Please use "timeout connect", "timeout queue" or "timeout tarpit"
- instead.
-
- See also : "timeout connect", "timeout queue", "timeout tarpit",
- "timeout server", "contimeout".
-
-
cookie <name> [ rewrite | insert | prefix ] [ indirect ] [ nocache ]
[ postonly ] [ preserve ] [ httponly ] [ secure ]
[ domain <domain> ]* [ maxidle <idle> ] [ maxlife <life> ]
@@ -8520,46 +8448,6 @@
See also : the "source" server option in section 5, the Tproxy patches for
the Linux kernel on www.balabit.com, the "bind" keyword.
-
-srvtimeout <timeout> (deprecated)
- Set the maximum inactivity time on the server side.
- May be used in sections : defaults | frontend | listen | backend
- yes | no | yes | yes
- Arguments :
- <timeout> is the timeout value specified in milliseconds by default, but
- can be in any other unit if the number is suffixed by the unit,
- as explained at the top of this document.
-
- The inactivity timeout applies when the server is expected to acknowledge or
- send data. In HTTP mode, this timeout is particularly important to consider
- during the first phase of the server's response, when it has to send the
- headers, as it directly represents the server's processing time for the
- request. To find out what value to put there, it's often good to start with
- what would be considered as unacceptable response times, then check the logs
- to observe the response time distribution, and adjust the value accordingly.
-
- The value is specified in milliseconds by default, but can be in any other
- unit if the number is suffixed by the unit, as specified at the top of this
- document. In TCP mode (and to a lesser extent, in HTTP mode), it is highly
- recommended that the client timeout remains equal to the server timeout in
- order to avoid complex situations to debug. Whatever the expected server
- response times, it is a good practice to cover at least one or several TCP
- packet losses by specifying timeouts that are slightly above multiples of 3
- seconds (e.g. 4 or 5 seconds minimum).
-
- This parameter is specific to backends, but can be specified once for all in
- "defaults" sections. This is in fact one of the easiest solutions not to
- forget about it. An unspecified timeout results in an infinite timeout, which
- is not recommended. Such a usage is accepted and works but reports a warning
- during startup because it may results in accumulation of expired sessions in
- the system if the system's timeouts are not configured either.
-
- This parameter is provided for compatibility but is currently deprecated.
- Please use "timeout server" instead.
-
- See also : "timeout server", "timeout tunnel", "timeout client" and
- "clitimeout".
-
stats admin { if | unless } <cond>
Enable statistics admin level if/unless a condition is matched
@@ -10499,7 +10387,6 @@
timeout client <timeout>
-timeout clitimeout <timeout> (deprecated)
Set the maximum inactivity time on the client side.
May be used in sections : defaults | frontend | listen | backend
yes | yes | yes | no
@@ -10534,13 +10421,8 @@
This also applies to HTTP/2 connections, which will be closed with GOAWAY.
- This parameter replaces the old, deprecated "clitimeout". It is recommended
- to use it to write new configurations. The form "timeout clitimeout" is
- provided only by backwards compatibility but its use is strongly discouraged.
+ See also : "timeout server", "timeout tunnel", "timeout http-request".
- See also : "clitimeout", "timeout server", "timeout tunnel",
- "timeout http-request".
-
timeout client-fin <timeout>
Set the inactivity timeout on the client side for half-closed connections.
@@ -10570,7 +10452,6 @@
timeout connect <timeout>
-timeout contimeout <timeout> (deprecated)
Set the maximum time to wait for a connection attempt to a server to succeed.
May be used in sections : defaults | frontend | listen | backend
yes | no | yes | yes
@@ -10593,13 +10474,8 @@
during startup because it may results in accumulation of failed sessions in
the system if the system's timeouts are not configured either.
- This parameter replaces the old, deprecated "contimeout". It is recommended
- to use it to write new configurations. The form "timeout contimeout" is
- provided only by backwards compatibility but its use is strongly discouraged.
+ See also: "timeout check", "timeout queue", "timeout server", "timeout tarpit".
- See also: "timeout check", "timeout queue", "timeout server", "contimeout",
- "timeout tarpit".
-
timeout http-keep-alive <timeout>
Set the maximum allowed time to wait for a new HTTP request to appear
@@ -10712,11 +10588,10 @@
connection timeout ("timeout connect") is used, for backwards compatibility
with older versions with no "timeout queue" parameter.
- See also : "timeout connect", "contimeout".
+ See also : "timeout connect".
timeout server <timeout>
-timeout srvtimeout <timeout> (deprecated)
Set the maximum inactivity time on the server side.
May be used in sections : defaults | frontend | listen | backend
yes | no | yes | yes
@@ -10752,12 +10627,8 @@
during startup because it may results in accumulation of expired sessions in
the system if the system's timeouts are not configured either.
- This parameter replaces the old, deprecated "srvtimeout". It is recommended
- to use it to write new configurations. The form "timeout srvtimeout" is
- provided only by backwards compatibility but its use is strongly discouraged.
+ See also : "timeout client" and "timeout tunnel".
- See also : "srvtimeout", "timeout client" and "timeout tunnel".
-
timeout server-fin <timeout>
Set the inactivity timeout on the server side for half-closed connections.
@@ -10805,7 +10676,7 @@
("timeout connect") is used, for backwards compatibility with older versions
with no "timeout tarpit" parameter.
- See also : "timeout connect", "contimeout".
+ See also : "timeout connect".
timeout tunnel <timeout>
diff --git a/include/types/global.h b/include/types/global.h
index ce8a93d..df0111c 100644
--- a/include/types/global.h
+++ b/include/types/global.h
@@ -252,9 +252,9 @@
/* unassigned : 0x00000001 (previously: WARN_BLOCK_DEPRECATED) */
/* unassigned : 0x00000002 */
/* unassigned : 0x00000004 (previously: WARN_REDISPATCH_DEPRECATED) */
-#define WARN_CLITO_DEPRECATED 0x00000008
-#define WARN_SRVTO_DEPRECATED 0x00000010
-#define WARN_CONTO_DEPRECATED 0x00000020
+/* unassigned : 0x00000008 (previously: WARN_CLITO_DEPRECATED) */
+/* unassigned : 0x00000010 (previously: WARN_SRVTO_DEPRECATED) */
+/* unassigned : 0x00000020 (previously: WARN_CONTO_DEPRECATED) */
#define WARN_FORCECLOSE_DEPRECATED 0x00000040
#define WARN_REQREP_DEPRECATED 0x00000080
diff --git a/src/proxy.c b/src/proxy.c
index 78babd5..469529d 100644
--- a/src/proxy.c
+++ b/src/proxy.c
@@ -204,7 +204,6 @@
const char *res, *name;
int *tv = NULL;
int *td = NULL;
- int warn = 0;
retval = 0;
@@ -213,7 +212,7 @@
args++;
name = args[0];
- if (!strcmp(args[0], "client") || (!strcmp(args[0], "clitimeout") && (warn = WARN_CLITO_DEPRECATED))) {
+ if (!strcmp(args[0], "client")) {
name = "client";
tv = &proxy->timeout.client;
td = &defpx->timeout.client;
@@ -230,12 +229,12 @@
tv = &proxy->timeout.httpreq;
td = &defpx->timeout.httpreq;
cap = PR_CAP_FE | PR_CAP_BE;
- } else if (!strcmp(args[0], "server") || (!strcmp(args[0], "srvtimeout") && (warn = WARN_SRVTO_DEPRECATED))) {
+ } else if (!strcmp(args[0], "server")) {
name = "server";
tv = &proxy->timeout.server;
td = &defpx->timeout.server;
cap = PR_CAP_BE;
- } else if (!strcmp(args[0], "connect") || (!strcmp(args[0], "contimeout") && (warn = WARN_CONTO_DEPRECATED))) {
+ } else if (!strcmp(args[0], "connect")) {
name = "connect";
tv = &proxy->timeout.connect;
td = &defpx->timeout.connect;
@@ -260,6 +259,15 @@
tv = &proxy->timeout.serverfin;
td = &defpx->timeout.serverfin;
cap = PR_CAP_BE;
+ } else if (!strcmp(args[0], "clitimeout")) {
+ memprintf(err, "the '%s' directive is not supported anymore since HAProxy 2.1. Use 'timeout client'.", args[0]);
+ return -1;
+ } else if (!strcmp(args[0], "srvtimeout")) {
+ memprintf(err, "the '%s' directive is not supported anymore since HAProxy 2.1. Use 'timeout server'.", args[0]);
+ return -1;
+ } else if (!strcmp(args[0], "contimeout")) {
+ memprintf(err, "the '%s' directive is not supported anymore since HAProxy 2.1. Use 'timeout connect'.", args[0]);
+ return -1;
} else {
memprintf(err,
"'timeout' supports 'client', 'server', 'connect', 'check', "
@@ -300,13 +308,6 @@
memprintf(err, "overwriting 'timeout %s' which was already specified", name);
retval = 1;
}
- else if (warn) {
- if (!already_warned(warn)) {
- memprintf(err, "the '%s' directive is now deprecated in favor of 'timeout %s', and will not be supported in future versions.",
- args[0], name);
- retval = 1;
- }
- }
if (*args[2] != 0) {
memprintf(err, "'timeout %s' : unexpected extra argument '%s' after value '%s'.", name, args[2], args[1]);
@@ -1672,9 +1673,9 @@
static struct cfg_kw_list cfg_kws = {ILH, {
{ CFG_GLOBAL, "hard-stop-after", proxy_parse_hard_stop_after },
{ CFG_LISTEN, "timeout", proxy_parse_timeout },
- { CFG_LISTEN, "clitimeout", proxy_parse_timeout },
- { CFG_LISTEN, "contimeout", proxy_parse_timeout },
- { CFG_LISTEN, "srvtimeout", proxy_parse_timeout },
+ { CFG_LISTEN, "clitimeout", proxy_parse_timeout }, /* This keyword actually fails to parse, this line remains for better error messages. */
+ { CFG_LISTEN, "contimeout", proxy_parse_timeout }, /* This keyword actually fails to parse, this line remains for better error messages. */
+ { CFG_LISTEN, "srvtimeout", proxy_parse_timeout }, /* This keyword actually fails to parse, this line remains for better error messages. */
{ CFG_LISTEN, "rate-limit", proxy_parse_rate_limit },
{ CFG_LISTEN, "max-keep-alive-queue", proxy_parse_max_ka_queue },
{ CFG_LISTEN, "declare", proxy_parse_declare },