Bug 3478: Partial fix: Connection-auth on intercepted connections is broken

Currenty in the case of intercepted connections each request is open a new
connection to the destination server, even if the connection is a valid pinned
connection.
This patch fixes this problem and reuses pinned connections on intercepted
requests.

This is a Measurement Factory project

diff --git a/src/forward.cc b/src/forward.cc
index 5b8d3ddb3da9ad9dc2fb79750f64d0ddc853c25c..e1bfc88f250616b7d72cbcd406ba98ebe4d4c83a 100644 (file)
--- a/src/forward.cc
+++ b/src/forward.cc
@@ -129,12 +129,7 @@ void FwdState::start(Pointer aSelf)
     const bool isIntercepted = request && !request->flags.redirected && (request->flags.intercepted || request->flags.spoof_client_ip);
     const bool useOriginalDst = Config.onoff.client_dst_passthru || (request && !request->flags.hostVerified);
     if (isIntercepted && useOriginalDst) {
-        Comm::ConnectionPointer p = new Comm::Connection();
-        p->remote = clientConn->local;
-        p->peerType = ORIGINAL_DST;
-        getOutgoingAddress(request, p);
-        serverDestinations.push_back(p);
-
+        selectPeerForIntercepted();
         // destination "found". continue with the forwarding.
         startConnectionOrFail();
     } else {
@@ -143,6 +138,31 @@ void FwdState::start(Pointer aSelf)
     }
 }
 
+/// bypasses peerSelect() when dealing with intercepted requests
+void
+FwdState::selectPeerForIntercepted()
+{
+    // use pinned connection if available
+    Comm::ConnectionPointer p;
+    if (ConnStateData *client = request->pinnedConnection())
+        p = client->validatePinnedConnection(request, NULL);
+
+    if (p != NULL && Comm::IsConnOpen(p)) {
+        debugs(17, 3, HERE << "reusing a pinned conn: " << *p);
+        /* duplicate peerSelectPinned() effects */
+        p->peerType = PINNED;
+        entry->ping_status = PING_DONE;     /* Skip ICP */
+    } else {
+        p = new Comm::Connection();
+        p->peerType = ORIGINAL_DST;
+        p->remote = clientConn->local;
+        getOutgoingAddress(request, p);
+        debugs(17, 3, HERE << "opening a new conn: " << *p);
+    }
+
+    serverDestinations.push_back(p);
+}
+
 void
 FwdState::completed()
 {

diff --git a/src/forward.h b/src/forward.h
index b7d40e2d30e9185a6eb2a00e5826d50135e6f079..691167a4fd6f6ffc83d8c3a494fe215233fc5da5 100644 (file)
--- a/src/forward.h
+++ b/src/forward.h
@@ -69,6 +69,7 @@ private:
     FwdState(const Comm::ConnectionPointer &client, StoreEntry *, HttpRequest *);
     void start(Pointer aSelf);
 
+    void selectPeerForIntercepted();
     static void logReplyStatus(int tries, http_status status);
     void doneWithRetries();
     void completed();