Simulate DIRECT tunnel to origin peers on CONNECT

Within reason. Check that at least the port matches. That gives us some
small measure of reason to believe its the same protocol inside or the
same app being CONNECTed to.

diff --git a/src/neighbors.cc b/src/neighbors.cc
index b1ac1f97c219b596d9d22eae46ee1c1b7c3167a7..2fd10be90de74ce7658eb870bc14e10804a14e06 100644 (file)
--- a/src/neighbors.cc
+++ b/src/neighbors.cc
@@ -169,7 +169,8 @@ peerAllowedToUse(const peer * p, HttpRequest * request)
     }
 
     // CONNECT requests are proxy requests. Not to be forwarded to origin servers.
-    if (p->options.originserver && request->method == METHOD_CONNECT)
+    // Unless the destination port matches, in which case we MAY perform a 'DIRECT' to this peer.
+    if (p->options.originserver && request->method == METHOD_CONNECT && request->port != p->in_addr.GetPort())
         return 0;
 
     if (p->peer_domain == NULL && p->access == NULL)

diff --git a/src/tunnel.cc b/src/tunnel.cc
index 0ae00b6d1e116b2f4d86d5563158c2805bcdeb18..2317ed027ceedcfc90f2286f4cd950cac3886e9b 100644 (file)
--- a/src/tunnel.cc
+++ b/src/tunnel.cc
@@ -596,7 +596,7 @@ tunnelConnectDone(int fdnotused, const DnsLookupDetails &dns, comm_err_t status,
         err->callback_data = tunnelState;
         errorSend(tunnelState->client.fd(), err);
     } else {
-        if (tunnelState->servers->_peer)
+        if (tunnelState->servers->_peer && !tunnelState->servers->_peer->options.originserver)
             tunnelProxyConnected(tunnelState->server.fd(), tunnelState);
         else {
             tunnelConnected(tunnelState->server.fd(), tunnelState);
@@ -791,7 +791,7 @@ tunnelPeerSelectComplete(FwdServer * fs, void *data)
 
     if (fs->_peer) {
         tunnelState->request->peer_login = fs->_peer->login;
-        tunnelState->request->flags.proxying = 1;
+        tunnelState->request->flags.proxying = (fs->_peer->options.originserver?0:1);
     } else {
         tunnelState->request->peer_login = NULL;
         tunnelState->request->flags.proxying = 0;