From: Christos Tsantilas <chtsanti@users.sourceforge.net>
Date: Wed, 18 Jul 2012 17:40:51 +0000 (+0300)
Subject: Bug 3478: Partial fix: Connection-auth on intercepted connections is broken
X-Git-Tag: sourceformat-review-1~174
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7c75511b5785426f4d9017c58ff3c1886d40c8ab;p=thirdparty%2Fsquid.git

Bug 3478: Partial fix: Connection-auth on intercepted connections is broken
Currenty in the case of intercepted connections each request is open a new
connection to the destination server, even if the connection is a valid pinned
connection.
This patch fixes this problem and reuses pinned connections on intercepted
requests.

This is a Measurement Factory project
---

diff --git a/src/forward.cc b/src/forward.cc
index 5b8d3ddb3d..e1bfc88f25 100644
--- a/src/forward.cc
+++ b/src/forward.cc
@@ -129,12 +129,7 @@ void FwdState::start(Pointer aSelf)
     const bool isIntercepted = request && !request->flags.redirected && (request->flags.intercepted || request->flags.spoof_client_ip);
     const bool useOriginalDst = Config.onoff.client_dst_passthru || (request && !request->flags.hostVerified);
     if (isIntercepted && useOriginalDst) {
-        Comm::ConnectionPointer p = new Comm::Connection();
-        p->remote = clientConn->local;
-        p->peerType = ORIGINAL_DST;
-        getOutgoingAddress(request, p);
-        serverDestinations.push_back(p);
-
+        selectPeerForIntercepted();
         // destination "found". continue with the forwarding.
         startConnectionOrFail();
     } else {
@@ -143,6 +138,31 @@ void FwdState::start(Pointer aSelf)
     }
 }
 
+/// bypasses peerSelect() when dealing with intercepted requests
+void
+FwdState::selectPeerForIntercepted()
+{
+    // use pinned connection if available
+    Comm::ConnectionPointer p;
+    if (ConnStateData *client = request->pinnedConnection())
+        p = client->validatePinnedConnection(request, NULL);
+
+    if (p != NULL && Comm::IsConnOpen(p)) {
+        debugs(17, 3, HERE << "reusing a pinned conn: " << *p);
+        /* duplicate peerSelectPinned() effects */
+        p->peerType = PINNED;
+        entry->ping_status = PING_DONE;     /* Skip ICP */
+    } else {
+        p = new Comm::Connection();
+        p->peerType = ORIGINAL_DST;
+        p->remote = clientConn->local;
+        getOutgoingAddress(request, p);
+        debugs(17, 3, HERE << "opening a new conn: " << *p);
+    }
+
+    serverDestinations.push_back(p);
+}
+
 void
 FwdState::completed()
 {
diff --git a/src/forward.h b/src/forward.h
index b7d40e2d30..691167a4fd 100644
--- a/src/forward.h
+++ b/src/forward.h
@@ -69,6 +69,7 @@ private:
     FwdState(const Comm::ConnectionPointer &client, StoreEntry *, HttpRequest *);
     void start(Pointer aSelf);
 
+    void selectPeerForIntercepted();
     static void logReplyStatus(int tries, http_status status);
     void doneWithRetries();
     void completed();