From: Amos Jeffries <squid3@treenet.co.nz>
Date: Sun, 3 Apr 2011 12:17:09 +0000 (-0600)
Subject: Simulate DIRECT tunnel to origin peers on CONNECT
X-Git-Tag: take06~27^2~40
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=9ab0a77eda0ffe7912c3da2d2a26a0a25d8d412a;p=thirdparty%2Fsquid.git

Simulate DIRECT tunnel to origin peers on CONNECT

Within reason. Check that at least the port matches. That gives us some
small measure of reason to believe its the same protocol inside or the
same app being CONNECTed to.
---

diff --git a/src/neighbors.cc b/src/neighbors.cc
index b1ac1f97c2..2fd10be90d 100644
--- a/src/neighbors.cc
+++ b/src/neighbors.cc
@@ -169,7 +169,8 @@ peerAllowedToUse(const peer * p, HttpRequest * request)
     }
 
     // CONNECT requests are proxy requests. Not to be forwarded to origin servers.
-    if (p->options.originserver && request->method == METHOD_CONNECT)
+    // Unless the destination port matches, in which case we MAY perform a 'DIRECT' to this peer.
+    if (p->options.originserver && request->method == METHOD_CONNECT && request->port != p->in_addr.GetPort())
         return 0;
 
     if (p->peer_domain == NULL && p->access == NULL)
diff --git a/src/tunnel.cc b/src/tunnel.cc
index 0ae00b6d1e..2317ed027c 100644
--- a/src/tunnel.cc
+++ b/src/tunnel.cc
@@ -596,7 +596,7 @@ tunnelConnectDone(int fdnotused, const DnsLookupDetails &dns, comm_err_t status,
         err->callback_data = tunnelState;
         errorSend(tunnelState->client.fd(), err);
     } else {
-        if (tunnelState->servers->_peer)
+        if (tunnelState->servers->_peer && !tunnelState->servers->_peer->options.originserver)
             tunnelProxyConnected(tunnelState->server.fd(), tunnelState);
         else {
             tunnelConnected(tunnelState->server.fd(), tunnelState);
@@ -791,7 +791,7 @@ tunnelPeerSelectComplete(FwdServer * fs, void *data)
 
     if (fs->_peer) {
         tunnelState->request->peer_login = fs->_peer->login;
-        tunnelState->request->flags.proxying = 1;
+        tunnelState->request->flags.proxying = (fs->_peer->options.originserver?0:1);
     } else {
         tunnelState->request->peer_login = NULL;
         tunnelState->request->flags.proxying = 0;