Support receiving PROXY protocol version 1 and 2.

PROXY protocol has been developed by Willy Tarreau of HAProxy for
communicating original src and dst IP:port details between proxies and
load balancers in a protocol-agnostic way.

stunnel, HAProxy and some other HTTP proxying software are already
enabled and by adding support to Squid we can effectively chain these
proxies without having to rely on X-Forwarded-For headers.

This patch adds http_port mode flag (require-proxy-header) to signal the
protocol is in use, parsing and processing logics for the PROXY protocol
headers on new connections, and the proxy_protocol_access control to
manage inbound connections.
 The indirect client security/trust model remains unchanged. As do all
HTTP related logics on the connection once PROXY protocol header has
been received.

Furture Work:
 * support sending PROXY protocol to cache_peers
 * support receiving PROXY protocol on https_port
 * rework the PROXY parse logics as a Parser-NG child parser.

diff --cc doc/release-notes/release-3.5.sgml
index 250479d82cf695e458619c90c48c043efdb57470,45e56322908c07cf7489e4d25df9e7ef2f4df244..8f5f0e702ec7c053934bd35449169c9f71b65d92
--- 1/doc/release-notes/release-3.5.sgml
--- 2/doc/release-notes/release-3.5.sgml
+++ b/doc/release-notes/release-3.5.sgml
@@@ -223,6 -224,41 +224,50 @@@ Most user-facing changes are reflected 
      <item>No caching support -- no reliable Request URIs for that (see above).
  </itemize>
  
 - proxy_protocol_access allow localhost
+ <sect1>Receive PROXY protocol, Versions 1 & 2
+ <p>More info at <url url="http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt">
+ 
+ <p>PROXY protocol provides a simple way for proxies and tunnels of any kind to
+    relay the original client source details without having to alter or understand
+    the protocol being relayed on the connection.
+ 
+ <p>Squid currently supports receiving HTTP traffic from a client proxy using this protocol.
+    An http_port which has been configured to receive this protocol may only be used to
+    receive traffic from client software sending in this protocol.
+    HTTP traffic without the PROXY header is not accepted on such a port.
+ 
+ <p>The <em>accel</em> and <em>intercept</em> options are still used to identify the
+    traffic syntax being delivered by the client proxy.
+ 
+ <p>Squid can be configured by adding an <em>http_port</em>
+    with the <em>require-proxy-header</em> mode flag. The <em>proxy_protocol_access</em>
+    must also be configured with <em>src</em> ACLs to whitelist proxies which are
+    trusted to send correct client details.
+ 
+ <p>Forward-proxy traffic from a client proxy:
+ <verbatim>
++ acl frontend src 192.0.2.1
+  http_port 3128 require-proxy-header
 - proxy_protocol_access allow localhost
++ proxy_protocol_access allow frontend
+ </verbatim>
+ 
+ <p>Intercepted traffic from a client proxy or tunnel:
+ <verbatim>
++ acl frontend src 192.0.2.2
+  http_port 3128 intercept require-proxy-header
 -   Use of <em>require-proxy-header</em> on <em>https_port</em> is not supported.
++ proxy_protocol_access allow frontend
++</verbatim>
++
++<p>Reverse-proxy traffic from a frontend load balancer sending PROXY protocol:
++<verbatim>
++ acl frontend src 192.0.2.3
++ http_port 3128 accel require-proxy-header
++ proxy_protocol_access allow frontend
+ </verbatim>
+ 
+ <p><em>Known Issue:</em>
++   Use of <em>require-proxy-header</em> on <em>https_port</em> and <em>ftp_port</em> is not supported.
+ 
  
  <sect>Changes to squid.conf since Squid-3.4
  <p>

diff --cc src/client_side.cc
Simple merge