MEDIUM: http: Ignore http-tunnel option on backend

This option is frontends specific, so there is no reason to support it on
backends. So now, it is ignored if it is set on a backend and a warning is
emitted during the startup. The change is quite trivial, but the commit is
tagged as MEDIUM because it is a small breakage with previous versions and
configurations using this options could emit a warning now.

diff --git a/doc/configuration.txt b/doc/configuration.txt
index a589f505b9c5b8a8457f228bfd6428fe6279caf7..f0999d64a3c6322ece056500d1b43319c1f746c3 100644 (file)
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -1994,7 +1994,8 @@ the backend's. HAProxy supports 5 connection modes :
   - TUN: tunnel ("option http-tunnel") : this was the default mode for versions
     1.0 to 1.5-dev21 : only the first request and response are processed, and
     everything else is forwarded with no analysis at all. This mode should not
-    be used as it creates lots of trouble with logging and HTTP processing.
+    be used as it creates lots of trouble with logging and HTTP processing. It
+    is supported only on frontends.
 
   - PCL: passive close ("option httpclose") : exactly the same as tunnel mode,
     but with "Connection: close" appended in both directions to try to make
@@ -2012,19 +2013,19 @@ frontend and a backend can be determined by both proxy modes according to the
 following matrix, but in short, the modes are symmetric, keep-alive is the
 weakest option and force close is the strongest.
 
-                          Backend mode
+                    Backend mode
 
-                | KAL | TUN | PCL | SCL | FCL
-            ----+-----+-----+-----+-----+----
-            KAL | KAL | TUN | PCL | SCL | FCL
-            ----+-----+-----+-----+-----+----
-            TUN | TUN | TUN | PCL | SCL | FCL
- Frontend   ----+-----+-----+-----+-----+----
-   mode     PCL | PCL | PCL | PCL | FCL | FCL
-            ----+-----+-----+-----+-----+----
-            SCL | SCL | SCL | FCL | SCL | FCL
-            ----+-----+-----+-----+-----+----
-            FCL | FCL | FCL | FCL | FCL | FCL
+                | KAL | PCL | SCL | FCL
+            ----+-----+-----+-----+----
+            KAL | KAL | PCL | SCL | FCL
+            ----+-----+-----+-----+----
+            TUN | TUN | PCL | SCL | FCL
+ Frontend   ----+-----+-----+-----+----
+   mode     PCL | PCL | PCL | FCL | FCL
+            ----+-----+-----+-----+----
+            SCL | SCL | FCL | SCL | FCL
+            ----+-----+-----+-----+----
+            FCL | FCL | FCL | FCL | FCL
 
 
 
@@ -2118,7 +2119,7 @@ option http-keep-alive               (*)  X          X         X         X
 option http-no-delay                 (*)  X          X         X         X
 option http-pretend-keepalive        (*)  X          -         X         X
 option http-server-close             (*)  X          X         X         X
-option http-tunnel                   (*)  X          X         X         X
+option http-tunnel                   (*)  X          X         X         -
 option http-use-proxy-header         (*)  X          X         X         -
 option httpchk                            X          -         X         X
 option httpclose                     (*)  X          X         X         X
@@ -5989,7 +5990,7 @@ option http-tunnel
 no option http-tunnel
   Disable or enable HTTP connection processing after first transaction
   May be used in sections :   defaults | frontend | listen | backend
-                                 yes   |    yes   |   yes  |   yes
+                                 yes   |    yes   |   yes  |   no
   Arguments : none
 
   By default HAProxy operates in keep-alive mode with regards to persistent
@@ -6009,6 +6010,11 @@ no option http-tunnel
   cookie processing or content switching will only work for the first request
   and will be ignored after the first response.
 
+  This option may be set on frontend and listen sections. Using it on a backend
+  section will be ignored and a warning will be reported during the startup. It
+  is a frontend related option, so there is no real reason to set it on a
+  backend.
+
   If this option has been enabled in a "defaults" section, it can be disabled
   in a specific instance by prepending the "no" keyword before it.
 

diff --git a/src/cfgparse.c b/src/cfgparse.c
index 2ac22b55e210814edf0d7b726084a337e2ea3992..1e73e32e1c4035c6c8d055aa9bbc1693d14f8cc7 100644 (file)
--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@@ -4761,6 +4761,10 @@ stats_error_parsing:
                        }
                }
                else if (strcmp(args[1], "http-tunnel") == 0) {
+                       if (warnifnotcap(curproxy, PR_CAP_FE, file, linenum, args[1], NULL)) {
+                               err_code |= ERR_WARN;
+                               goto out;
+                       }
                        if (alertif_too_many_args_idx(0, 1, file, linenum, args, &err_code))
                                goto out;
                        if (kwm == KWM_STD) {