MEDIUM: htx: Deprecate the option 'http-tunnel' and ignore it in HTX

The option http-tunnel disables any HTTP processing past the first
transaction. In HTX, it works for full h1 transactions. As for the legacy HTTP,
it is a workaround, but it works. But it is impossible to make it works with an
h2 connection. In such case, it has no effect, the stream is closed at the end
of the transaction. So to avoid any inconsistancies between h1 and h2
connections, this option is now always ignored when the HTX is enabled. It is
also a good opportinity to deprecate an old and ugly option. A warning is
emitted during HAProxy startup to encourage users to remove this option.

Note that in legacy HTTP, this option only works with full h1 transactions
too. If an h2 connection is established on a frontend with this option enabled,
it will have no effect at all. But we keep it for the legacy HTTP for
compatibility purpose. It will be removed with the legacy HTTP.

So to be short, if you have to really (REALLY) use it, it will only work for
legacy HTTP frontends with H1 clients.

The documentation has been updated accordingly.

This patch must be backported to 1.9. It is not strictly speaking required but
it will ease futur backports.

doc/configuration.txt

@@ -185,7 +185,7 @@ waiting for new requests, just as if it was a keep-alive HTTP connection.
 HAProxy supports 4 connection modes :
   - keep alive    : all requests and responses are processed (default)
   - tunnel        : only the first request and response are processed,
-                    everything else is forwarded with no analysis.
+                    everything else is forwarded with no analysis (deprecated).
   - server close  : the server-facing connection is closed after the response.
   - close         : the connection is actively closed after end of response.
 
@@ -2047,8 +2047,10 @@ the backend's. HAProxy supports 4 connection modes :
   - TUN: tunnel ("option http-tunnel") : this was the default mode for versions
     1.0 to 1.5-dev21 : only the first request and response are processed, and
     everything else is forwarded with no analysis at all. This mode should not
-    be used as it creates lots of trouble with logging and HTTP processing. It
-    is supported only on frontends.
+    be used as it creates lots of trouble with logging and HTTP processing.
+    And because it cannot work in HTTP/2, this option is deprecated and it is
+    only supported on legacy HTTP frontends. In HTX, it is ignored and a
+    warning is emitted during HAProxy startup.
 
   - SCL: server close ("option http-server-close") : the server-facing
     connection is closed after the end of the response is received, but the
@@ -2166,7 +2168,7 @@ option http-keep-alive               (*)  X          X         X         X
 option http-no-delay                 (*)  X          X         X         X
 option http-pretend-keepalive        (*)  X          -         X         X
 option http-server-close             (*)  X          X         X         X
-option http-tunnel                   (*)  X          X         X         -
+option http-tunnel      (deprecated) (*)  X          X         X         -
 option http-use-proxy-header         (*)  X          X         X         -
 option http-use-htx                  (*)  X          X         X         X
 option httpchk                            X          -         X         X
@@ -6145,13 +6147,17 @@ no option http-server-close
              "option http-keep-alive", and "1.1. The HTTP transaction model".
 
 
-option http-tunnel
-no option http-tunnel
-  Disable or enable HTTP connection processing after first transaction
+option http-tunnel    (deprecated)
+no option http-tunnel (deprecated)
+  Disable or enable HTTP connection processing after first transaction.
   May be used in sections :   defaults | frontend | listen | backend
                                  yes   |    yes   |   yes  |   no
   Arguments : none
 
+  Warning : Because it cannot work in HTTP/2, this option is deprecated and it
+  is only supported on legacy HTTP frontends. In HTX, it is ignored and a
+  warning is emitted during HAProxy startup.
+
   By default HAProxy operates in keep-alive mode with regards to persistent
   connections: for each connection it processes each request and response, and
   leaves the connection idle on both sides between the end of a response and

src/cfgparse.c

@@ -3539,6 +3539,16 @@ out_uri_auth_compat:
 			newsrv->mux_proto = mux_ent;
 		}
 
+		/* the option "http-tunnel" is ignored when HTX is enabled and
+		 * only works with the legacy HTTP. So emit a warning if the
+		 * option is set on a HTX frontend. */
+		if ((curproxy->cap & PR_CAP_FE) && curproxy->options2 & PR_O2_USE_HTX &&
+		    (curproxy->options & PR_O_HTTP_MODE) == PR_O_HTTP_TUN) {
+			ha_warning("config : %s '%s' : the option 'http-tunnel' is ignored for HTX proxies.\n",
+				   proxy_type_str(curproxy), curproxy->id);
+			curproxy->options &= ~PR_O_HTTP_MODE;
+		}
+
 		/* initialize idle conns lists */
 		for (newsrv = curproxy->srv; newsrv; newsrv = newsrv->next) {
 			int i;

src/mux_h1.c

@@ -616,10 +616,7 @@ static void h1_set_cli_conn_mode(struct h1s *h1s, struct h1m *h1m)
 	struct proxy *fe = h1s->h1c->px;
 	int flag = H1S_F_WANT_KAL; /* For client connection: server-close == keepalive */
 
-	/* Tunnel mode can only by set on the frontend */
-	if ((fe->options & PR_O_HTTP_MODE) == PR_O_HTTP_TUN)
-		flag = H1S_F_WANT_TUN;
-	else if ((fe->options & PR_O_HTTP_MODE) == PR_O_HTTP_CLO)
+	if ((fe->options & PR_O_HTTP_MODE) == PR_O_HTTP_CLO)
 		flag = H1S_F_WANT_CLO;
 
 	/* flags order: CLO > SCL > TUN > KAL */
@@ -668,10 +665,6 @@ static void h1_set_srv_conn_mode(struct h1s *h1s, struct h1m *h1m)
 	int flag =  H1S_F_WANT_KAL;
 	int fe_flags = sess ? sess->fe->options : 0;
 
-	/* Tunnel mode can only by set on the frontend */
-	if ((fe_flags & PR_O_HTTP_MODE) == PR_O_HTTP_TUN)
-		flag = H1S_F_WANT_TUN;
-
 	/* For the server connection: server-close == httpclose */
 	if ((fe_flags & PR_O_HTTP_MODE) == PR_O_HTTP_SCL ||
 	    (be->options & PR_O_HTTP_MODE) == PR_O_HTTP_SCL ||

src/proto_htx.c

@@ -2298,12 +2298,8 @@ int htx_response_forward_body(struct stream *s, struct channel *res, int an_bit)
 
 void htx_adjust_conn_mode(struct stream *s, struct http_txn *txn)
 {
-	struct proxy *fe = strm_fe(s);
 	int tmp = TX_CON_WANT_CLO;
 
-	if ((fe->options & PR_O_HTTP_MODE) == PR_O_HTTP_TUN)
-		tmp = TX_CON_WANT_TUN;
-
 	if ((txn->flags & TX_CON_WANT_MSK) < tmp)
 		txn->flags = (txn->flags & ~TX_CON_WANT_MSK) | tmp;
 }