From e93f3ea3f854e36088aac304d37806a7c5f83420 Mon Sep 17 00:00:00 2001
From: Willy Tarreau <w@1wt.eu>
Date: Thu, 26 Jun 2025 11:55:47 +0200
Subject: [PATCH] MEDIUM: proxy: deprecate the "transparent" and "option
 transparent" directives

As discussed here [1], "transparent" (already deprecated) and
"option transparent" are horrible hacks which should really disappear
in favor of "server xxx 0.0.0.0" which doesn't rely on hackish code
path. This old feature is now deprecated in 3.3 and will disappear in
3.5, as indicated here [2]. A warning is emitted when used, explaining
how to proceed, and how to silence the warning using the global
"expose-deprecated-directives" if needed. The doc was updated to
reflect this new state.

[1] https://github.com/orgs/haproxy/discussions/2921
[2] https://github.com/haproxy/wiki/wiki/Breaking-changes
---
 doc/configuration.txt |  2 +-
 src/cfgparse-listen.c | 21 ++++++++++++++++++++-
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/doc/configuration.txt b/doc/configuration.txt
index 414dfe3bd..a7621f7b9 100644
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@@ -5578,7 +5578,7 @@ option tcp-smart-accept              (*)  X          X         X         -
 option tcp-smart-connect             (*)  X          -         X         X
 option tcpka                              X          X         X         X
 option tcplog                             X          X         X         -
-option transparent                   (*)  X          -         X         X
+option transparent      (deprecated) (*)  X          -         X         X
 option idle-close-on-response        (*)  X          X         X         -
 external-check command                    X          -         X         X
 external-check path                       X          -         X         X
diff --git a/src/cfgparse-listen.c b/src/cfgparse-listen.c
index 31a911101..62b79f388 100644
--- a/src/cfgparse-listen.c
+++ b/src/cfgparse-listen.c
@@ -2054,8 +2054,19 @@ stats_error_parsing:
 		/* try to match option within cfg_opts */
 		if (cfg_parse_listen_match_option(file, linenum, kwm, cfg_opts, &err_code, args,
 		                                  PR_MODES, PR_CAP_NONE,
-		                                  &curproxy->options, &curproxy->no_options))
+		                                  &curproxy->options, &curproxy->no_options)) {
+			if (strcmp(args[1], "transparent") == 0) {
+				if (!deprecated_directives_allowed) {
+					ha_warning("parsing [%s:%d]: option '%s' is deprecated in 3.3 and will be removed in 3.5. "
+					           "The modern way to do the same is to create a server with address 0.0.0.0. It is "
+					           "still possible to silence this warning by setting 'expose-deprecated-directives' "
+					           "in the 'global' section, but do not wait to fix your configuration!\n",
+					           file, linenum, args[1]);
+					err_code |= ERR_WARN;
+				}
+			}
 			goto out;
+		}
 		if (err_code & ERR_CODE)
 			goto out;
 
@@ -2574,6 +2585,14 @@ stats_error_parsing:
 		curproxy->options |= PR_O_TRANSP;
 		if (alertif_too_many_args(0, file, linenum, args, &err_code))
 			goto out;
+		if (!deprecated_directives_allowed) {
+			ha_warning("parsing [%s:%d]: '%s' is deprecated in 3.3 and will be removed in 3.5. "
+			           "The modern way to do the same is to create a server with address 0.0.0.0. It is "
+			           "still possible to silence this warning by setting 'expose-deprecated-directives' "
+			           "in the 'global' section, but do not wait to fix your configuration!\n",
+			           file, linenum, args[0]);
+			err_code |= ERR_WARN;
+		}
 	}
 #endif
 	else if (strcmp(args[0], "maxconn") == 0) {  /* maxconn */
-- 
2.39.5