Bug 4657: delay IDENT until after PROXY protocol handling

diff --git a/src/client_side.cc b/src/client_side.cc
index 976b96b75a8f37ed2f5f7c1acd3ea9c95039bb9a..882b8a5e89d4cf4f6f9a49d743d1c588fc8d0aa3 100644 (file)
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -1999,11 +1999,6 @@ ConnStateData::parseProxy1p0()
         if ((clientConnection->flags & COMM_TRANSPARENT))
             clientConnection->flags ^= COMM_TRANSPARENT; // prevent TPROXY spoofing of this new IP.
         debugs(33, 5, "PROXY/1.0 upgrade: " << clientConnection);
-
-        // repeat fetch ensuring the new client FQDN can be logged
-        if (Config.onoff.log_fqdn)
-            fqdncache_gethostbyaddr(clientConnection->remote, FQDN_LOOKUP_IF_MISS);
-
         return true;
 
     } else if (tok.skip(unknown)) {
@@ -2102,11 +2097,6 @@ ConnStateData::parseProxy2p0()
         break;
     }
     debugs(33, 5, "PROXY/2.0 upgrade: " << clientConnection);
-
-    // repeat fetch ensuring the new client FQDN can be logged
-    if (Config.onoff.log_fqdn)
-        fqdncache_gethostbyaddr(clientConnection->remote, FQDN_LOOKUP_IF_MISS);
-
     return true;
 }
 
@@ -2145,8 +2135,14 @@ ConnStateData::clientParseRequests()
             break;
 
         // try to parse the PROXY protocol header magic bytes
-        if (needProxyProtocolHeader_ && !parseProxyProtocolHeader())
-            break;
+        if (needProxyProtocolHeader_) {
+            if (!parseProxyProtocolHeader())
+                break;
+
+            // we have been waiting for PROXY to provide client-IP
+            // for some lookups, ie rDNS and IDENT.
+            whenClientIpKnown();
+        }
 
         if (Http::StreamPointer context = parseOneRequest()) {
             debugs(33, 5, clientConnection << ": done parsing a request");
@@ -2462,6 +2458,18 @@ ConnStateData::start()
     AsyncCall::Pointer call = JobCallback(33, 5, Dialer, this, ConnStateData::connStateClosed);
     comm_add_close_handler(clientConnection->fd, call);
 
+    needProxyProtocolHeader_ = port->flags.proxySurrogate;
+    if (needProxyProtocolHeader_) {
+        if (!proxyProtocolValidateClient()) // will close the connection on failure
+            return;
+    } else
+        whenClientIpKnown();
+
+}
+
+void
+ConnStateData::whenClientIpKnown()
+{
     if (Config.onoff.log_fqdn)
         fqdncache_gethostbyaddr(clientConnection->remote, FQDN_LOOKUP_IF_MISS);
 
@@ -2477,12 +2485,6 @@ ConnStateData::start()
 
     clientdbEstablished(clientConnection->remote, 1);
 
-    needProxyProtocolHeader_ = port->flags.proxySurrogate;
-    if (needProxyProtocolHeader_) {
-        if (!proxyProtocolValidateClient()) // will close the connection on failure
-            return;
-    }
-
 #if USE_DELAY_POOLS
     fd_table[clientConnection->fd].clientInfo = NULL;
 

diff --git a/src/client_side.h b/src/client_side.h
index dfb9b0d6d34a6ab96b304fb24dadf21ad8d9645c..b53c0f5eb2acf53a344b4276ad717e9b95b1e7f2 100644 (file)
--- a/src/client_side.h
+++ b/src/client_side.h
@@ -332,6 +332,10 @@ protected:
     /// timeout to use when waiting for the next request
     virtual time_t idleTimeout() const = 0;
 
+    /// Perform client data lookups that depend on client src-IP.
+    /// The PROXY protocol may require some data intput first.
+    void whenClientIpKnown();
+
     BodyPipe::Pointer bodyPipe; ///< set when we are reading request body
 
 private: