Rename 'tproxy' flags to 'spoof_client_ip' for a better description of their purpose.

diff --git a/src/ACLChecklist.cc b/src/ACLChecklist.cc
index 24f0f33c262190edc9a60f8fcbc65aee6ac7d42c..795456658485f80c1610a8531bda501ca4d30a8c 100644 (file)
--- a/src/ACLChecklist.cc
+++ b/src/ACLChecklist.cc
@@ -53,7 +53,7 @@ ACLChecklist::authenticated()
     } else if (request->flags.accelerated) {
         /* WWW authorization on accelerated requests */
         headertype = HDR_AUTHORIZATION;
-    } else if (request->flags.intercepted || request->flags.tproxy) {
+    } else if (request->flags.intercepted || request->flags.spoof_client_ip) {
         debugs(28, DBG_IMPORTANT, HERE << " authentication not applicable on intercepted requests.");
         return -1;
     } else {

diff --git a/src/ProtoPort.h b/src/ProtoPort.h
index f17864a61b62bdbc7604b040f30d26f4bde3a3df..a9ece3f2c2db57029a28ebaaba6c948630a7ed44 100644 (file)
--- a/src/ProtoPort.h
+++ b/src/ProtoPort.h
@@ -19,11 +19,11 @@ struct http_port_list
     char *name;                /* visible name */
     char *defaultsite;         /* default web site */
 
-    unsigned int intercepted:1;  /* intercepting proxy */
-    unsigned int tproxy:1;       /* spoof client ip using TPROXY */
-    unsigned int accel:1;        /* HTTP accelerator */
-    unsigned int vhost:1;        /* uses host header */
-    unsigned int sslBump:1;      /* intercepts CONNECT requests */
+    unsigned int intercepted:1;        /**< intercepting proxy port */
+    unsigned int spoof_client_ip:1;    /**< spoof client ip if possible */
+    unsigned int accel:1;              /**< HTTP accelerator */
+    unsigned int vhost:1;              /**< uses host header */
+    unsigned int sslBump:1;            /**< intercepts CONNECT requests */
 
     int vport;                 /* virtual port support, -1 for dynamic, >0 static*/
     int disable_pmtu_discovery;

diff --git a/src/cache_cf.cc b/src/cache_cf.cc
index ad48e07b0545b798b0db6c4ada76034e1b3a659e..44a7c0bd99bea6a7990717c6801ad83ddfb418a2 100644 (file)
--- a/src/cache_cf.cc
+++ b/src/cache_cf.cc
@@ -2931,7 +2931,7 @@ parse_http_port_option(http_port_list * s, char *token)
         }
 #endif
     } else if (strcmp(token, "tproxy") == 0) {
-        s->tproxy = 1;
+        s->spoof_client_ip = 1;
         IPInterceptor.StartTransparency();
 #if USE_IPV6
         /* INET6: until target TPROXY is known to work on IPv6 SOCKET, force wildcard to IPv4 */

diff --git a/src/client_side.cc b/src/client_side.cc
index c44f31f7cbbbfe2f622e2a2ac6e0350ffc86835b..e381cafcd5acb833342305701938a5eded7c35d4 100644 (file)
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -2222,7 +2222,7 @@ clientProcessRequest(ConnStateData *conn, HttpParser *hp, ClientSocketContext *c
         request->flags.intercepted = http->flags.intercepted;
     }
     if(IPInterceptor.TransparentActive()) {
-        request->flags.tproxy = conn->port->tproxy;
+        request->flags.spoof_client_ip = conn->port->spoof_client_ip;
     }
 
     if (internalCheck(request->urlpath.buf())) {
@@ -2732,7 +2732,7 @@ connStateCreate(const IPAddress &peer, const IPAddress &me, int fd, http_port_li
     result->in.buf = (char *)memAllocBuf(CLIENT_REQ_BUF_SZ, &result->in.allocatedSize);
     result->port = cbdataReference(port);
 
-    if(port->intercepted || port->tproxy) {
+    if(port->intercepted || port->spoof_client_ip) {
         IPAddress dst;
 
         if (IPInterceptor.NatLookup(fd, me, peer, dst) == 0) {
@@ -3115,7 +3115,7 @@ clientHttpConnectionsOpen(void)
 
         enter_suid();
 
-        if(s->tproxy) {
+        if(s->spoof_client_ip) {
             fd = comm_openex(SOCK_STREAM, IPPROTO_TCP, s->s, (COMM_NONBLOCKING|COMM_TRANSPARENT), 0, "HTTP Socket");
         } else {
             fd = comm_open(SOCK_STREAM, IPPROTO_TCP, s->s, COMM_NONBLOCKING, "HTTP Socket");
@@ -3132,7 +3132,7 @@ clientHttpConnectionsOpen(void)
 
         debugs(1, 1, "Accepting " <<
                (s->intercepted ? " intercepted" : "") <<
-               (s->tproxy ? " spoofing" : "") <<
+               (s->spoof_client_ip ? " spoofing" : "") <<
                (s->sslBump ? " bumpy" : "") <<
                (s->accel ? " accelerated" : "") 
                << " HTTP connections at " << s->s

diff --git a/src/forward.cc b/src/forward.cc
index 965cd44422da4925c05a067e0bc810500c8c4df4..124323e87c8ea08826e1b7ad7ec9b3c00a8f053d 100644 (file)
--- a/src/forward.cc
+++ b/src/forward.cc
@@ -268,7 +268,7 @@ FwdState::fwdStart(int client_fd, StoreEntry *entry, HttpRequest *request)
 
         /* If we need to transparently proxy the request
          * then we need the client source protocol, address and port */
-        if(request->flags.tproxy) {
+        if(request->flags.spoof_client_ip) {
             fwd->src = request->client_addr;
             // AYJ: do we need to pass on the transparent flag also?
         }
@@ -795,7 +795,7 @@ FwdState::connectStart()
         ctimeout = Config.Timeout.connect;
     }
 
-    if (request->flags.tproxy)
+    if (request->flags.spoof_client_ip)
         client_addr = request->client_addr;
 
     if (ftimeout < 0)
@@ -835,7 +835,7 @@ FwdState::connectStart()
 
     debugs(17, 3, "fwdConnectStart: got outgoing addr " << outgoing << ", tos " << tos);
 
-    if (request->flags.tproxy) {
+    if (request->flags.spoof_client_ip) {
         fd = comm_openex(SOCK_STREAM, IPPROTO_TCP, outgoing, (COMM_NONBLOCKING|COMM_TRANSPARENT), tos, url);
     } else {
         fd = comm_openex(SOCK_STREAM, IPPROTO_TCP, outgoing, COMM_NONBLOCKING, tos, url);
@@ -879,11 +879,11 @@ FwdState::connectStart()
     } else {
 
 #if LINUX_TPROXY2
-        if (request->flags.tproxy) {
+        if (request->flags.spoof_client_ip) {
             // try to set the outgoing address using TPROXY v2
             // if it fails we abort any further TPROXY actions on this connection
             if(IPInterceptor.SetTproxy2OutgoingAddr(int fd, const IPAddress &src) == -1) {
-                request->flags.tproxy = 0;
+                request->flags.spoof_client_ip = 0;
             }
         }
 #endif
@@ -1222,7 +1222,7 @@ getOutgoingAddr(HttpRequest * request)
 {
     ACLChecklist ch;
 
-    if (request && request->flags.tproxy)
+    if (request && request->flags.spoof_client_ip)
         return request->client_addr;
 
     if (request)

diff --git a/src/http.cc b/src/http.cc
index 1b14f7521082143312559e04053cf8fd83d7d2f4..76db4503dd1c3a7534c275febb7db148e6e6fce2 100644 (file)
--- a/src/http.cc
+++ b/src/http.cc
@@ -1230,7 +1230,7 @@ HttpStateData::processReplyBody()
             closeHandler = NULL;
             fwd->unregister(fd);
 
-            if (orig_request->flags.tproxy)
+            if (orig_request->flags.spoof_client_ip)
                 client_addr = orig_request->client_addr;
 
             if (_peer) {

diff --git a/src/structs.h b/src/structs.h
index 30c00f32969d80078590b28bd62a6ece5c099425..9f626336392f4bc79b98e3e5bd3c0e52aed2fa40 100644 (file)
--- a/src/structs.h
+++ b/src/structs.h
@@ -1024,12 +1024,11 @@ struct _iostats
 
 struct request_flags
 {
-    request_flags(): range(0),nocache(0),ims(0),auth(0),cachable(0),hierarchical(0),loopdetect(0),proxy_keepalive(0),proxying(0),refresh(0),redirected(0),need_validation(0),accelerated(0),intercepted(0),internal(0),internalclient(0),must_keepalive(0),destinationIPLookedUp_(0)
+    request_flags(): range(0),nocache(0),ims(0),auth(0),cachable(0),hierarchical(0),loopdetect(0),proxy_keepalive(0),proxying(0),refresh(0),redirected(0),need_validation(0),accelerated(0),intercepted(0),spoof_client_ip(0),internal(0),internalclient(0),must_keepalive(0),destinationIPLookedUp_(0)
     {
 #if HTTP_VIOLATIONS
         nocache_hack = 0;
 #endif
-       tproxy = 0;
     }
 
     unsigned int range:1;
@@ -1049,7 +1048,7 @@ struct request_flags
 #endif
     unsigned int accelerated:1;
     unsigned int intercepted:1;  /**< transparently intercepted request */
-    unsigned int tproxy:1;  /**< spoof client ip using tproxy */
+    unsigned int spoof_client_ip:1;  /**< spoof client ip if possible */
     unsigned int internal:1;
     unsigned int internalclient:1;
     unsigned int must_keepalive:1;