[BUG] "option transparent" is for backend, not frontend !

"option transparent" was set and checked on frontends only while it is purely a backend thing as it replaces the "balance" mode. For this reason, it did only work in "listen" sections. This change will then not affect the rare users of this option. (cherry picked from commit 4b1f85912c5dfd7e53dfa31d3e9dd3113747c702) (cherry picked from commit c34da593ed579f373d1176fb510a1e59c474ba6d)
2026-01-17 06:41:00 +01:00 · 2008-12-23 23:13:55 +01:00 · 2008-12-23 23:13:55 +01:00 · 20e102e2af
commit 20e102e2af
parent c7585ed7e7
3 changed files with 8 additions and 14 deletions
--- a/doc/configuration.txt
+++ b/doc/configuration.txt
@ -562,7 +562,7 @@ option ssl-hello-chk        X          -         X         X
 option tcpka                X          X         X         X
 option tcplog               X          X         X         X
 [no] option tcpsplice       X          X         X         X
-[no] option transparent     X          X         X         -
+[no] option transparent     X          -         X         X
 redisp                      X          -         X         X  (deprecated)
 redispatch                  X          -         X         X  (deprecated)
 reqadd                      -          X         X         X
@ -607,7 +607,7 @@ timeout queue               X          -         X         X
 timeout server              X          -         X         X
 timeout srvtimeout          X          -         X         X  (deprecated)
 timeout tarpit              X          X         X         X
-transparent                 X          X         X         -  (deprecated)
+transparent                 X          -         X         X  (deprecated)
 use_backend                 -          X         X         -
 ----------------------+----------+----------+---------+---------
 keyword                 defaults   frontend   listen    backend
@ -2181,7 +2181,7 @@ option transparent
 no option transparent
  Enable client-side transparent proxying
  May be used in sections :   defaults | frontend | listen | backend
-                                 yes   |    yes   |   yes  |    no
+                                 yes   |    no    |   yes  |   yes
  Arguments : none

  This option was introduced in order to provide layer 7 persistence to layer 3
@ -2196,9 +2196,6 @@ no option transparent
  Note that contrary to a common belief, this option does NOT make HAProxy
  present the client's IP to the server when establishing the connection.

-  Use of this option is really discouraged, and since no really valid use of it
-  has been reported for years, it will probably be removed in future versions.
-
  See also: the "usersrc" argument of the "source" keyword, and the
            "transparent" option of the "bind" keyword.

@ -3250,7 +3247,7 @@ timeout tarpit <timeout>
 transparent (deprecated)
  Enable client-side transparent proxying
  May be used in sections :   defaults | frontend | listen | backend
-                                 yes   |    yes   |   yes  |    no
+                                 yes   |    no    |   yes  |   yes
  Arguments : none

  This keyword was introduced in order to provide layer 7 persistence to layer
@ -3267,9 +3264,6 @@ transparent (deprecated)
  Note that contrary to a common belief, this option does NOT make HAProxy
  present the client's IP to the server when establishing the connection.

-  Use of this option is really discouraged, and since no really valid use of it
-  has been reported for years, it will probably be removed in future versions.
-
  See also: "option transparent"


--- a/src/backend.c
+++ b/src/backend.c
@ -1005,7 +1005,7 @@ int assign_server(struct session *s)
 		}
 	}
 	else if (!*(int *)&s->be->dispatch_addr.sin_addr &&
-		 !(s->fe->options & PR_O_TRANSP)) {
+		 !(s->be->options & PR_O_TRANSP)) {
 		err = SRV_STATUS_NOSRV;
 		goto out;
 	}
@ -1060,7 +1060,7 @@ int assign_server_address(struct session *s)
 		/* if this server remaps proxied ports, we'll use
 		 * the port the client connected to with an offset. */
 		if (s->srv->state & SRV_MAPPORTS) {
-			if (!(s->fe->options & PR_O_TRANSP) && !(s->flags & SN_FRT_ADDR_SET))
+			if (!(s->be->options & PR_O_TRANSP) && !(s->flags & SN_FRT_ADDR_SET))
 				get_frt_addr(s);
 			if (s->frt_addr.ss_family == AF_INET) {
 				s->srv_addr.sin_port = htons(ntohs(s->srv_addr.sin_port) +
@ -1075,7 +1075,7 @@ int assign_server_address(struct session *s)
 		/* connect to the defined dispatch addr */
 		s->srv_addr = s->be->dispatch_addr;
 	}
-	else if (s->fe->options & PR_O_TRANSP) {
+	else if (s->be->options & PR_O_TRANSP) {
 		/* in transparent mode, use the original dest addr if no dispatch specified */
 		socklen_t salen = sizeof(s->srv_addr);

--- a/src/cfgparse.c
+++ b/src/cfgparse.c
@ -109,7 +109,7 @@ static const struct {
 	{ "tcpsplice",    PR_O_TCPSPLICE,  PR_CAP_BE|PR_CAP_FE, LSTCHK_TCPSPLICE|LSTCHK_NETADM },
 #endif
 #ifdef TPROXY
-	{ "transparent",  PR_O_TRANSP,     PR_CAP_FE, 0 },
+	{ "transparent",  PR_O_TRANSP,     PR_CAP_BE, 0 },
 #endif

 	{ NULL, 0, 0, 0 }