From: Willy Tarreau <w@1wt.eu>
Date: Thu, 26 Jun 2025 09:55:47 +0000 (+0200)
Subject: MEDIUM: proxy: deprecate the "transparent" and "option transparent" directives
X-Git-Tag: v3.3-dev2~11
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e93f3ea3f8;p=thirdparty%2Fhaproxy.git

MEDIUM: proxy: deprecate the "transparent" and "option transparent" directives

As discussed here [1], "transparent" (already deprecated) and
"option transparent" are horrible hacks which should really disappear
in favor of "server xxx 0.0.0.0" which doesn't rely on hackish code
path. This old feature is now deprecated in 3.3 and will disappear in
3.5, as indicated here [2]. A warning is emitted when used, explaining
how to proceed, and how to silence the warning using the global
"expose-deprecated-directives" if needed. The doc was updated to
reflect this new state.

[1] https://github.com/orgs/haproxy/discussions/2921
[2] https://github.com/haproxy/wiki/wiki/Breaking-changes
---

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 414dfe3bd..a7621f7b9 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -5578,7 +5578,7 @@ option tcp-smart-accept              (*)  X          X         X         -
 option tcp-smart-connect             (*)  X          -         X         X
 option tcpka                              X          X         X         X
 option tcplog                             X          X         X         -
-option transparent                   (*)  X          -         X         X
+option transparent      (deprecated) (*)  X          -         X         X
 option idle-close-on-response        (*)  X          X         X         -
 external-check command                    X          -         X         X
 external-check path                       X          -         X         X
diff --git a/src/cfgparse-listen.c b/src/cfgparse-listen.c
index 31a911101..62b79f388 100644
--- a/src/cfgparse-listen.c
+++ b/src/cfgparse-listen.c
@@ -2054,8 +2054,19 @@ stats_error_parsing:
 		/* try to match option within cfg_opts */
 		if (cfg_parse_listen_match_option(file, linenum, kwm, cfg_opts, &err_code, args,
 		                                  PR_MODES, PR_CAP_NONE,
-		                                  &curproxy->options, &curproxy->no_options))
+		                                  &curproxy->options, &curproxy->no_options)) {
+			if (strcmp(args[1], "transparent") == 0) {
+				if (!deprecated_directives_allowed) {
+					ha_warning("parsing [%s:%d]: option '%s' is deprecated in 3.3 and will be removed in 3.5. "
+					           "The modern way to do the same is to create a server with address 0.0.0.0. It is "
+					           "still possible to silence this warning by setting 'expose-deprecated-directives' "
+					           "in the 'global' section, but do not wait to fix your configuration!\n",
+					           file, linenum, args[1]);
+					err_code |= ERR_WARN;
+				}
+			}
 			goto out;
+		}
 		if (err_code & ERR_CODE)
 			goto out;
 
@@ -2574,6 +2585,14 @@ stats_error_parsing:
 		curproxy->options |= PR_O_TRANSP;
 		if (alertif_too_many_args(0, file, linenum, args, &err_code))
 			goto out;
+		if (!deprecated_directives_allowed) {
+			ha_warning("parsing [%s:%d]: '%s' is deprecated in 3.3 and will be removed in 3.5. "
+			           "The modern way to do the same is to create a server with address 0.0.0.0. It is "
+			           "still possible to silence this warning by setting 'expose-deprecated-directives' "
+			           "in the 'global' section, but do not wait to fix your configuration!\n",
+			           file, linenum, args[0]);
+			err_code |= ERR_WARN;
+		}
 	}
 #endif
 	else if (strcmp(args[0], "maxconn") == 0) {  /* maxconn */