From: Nick Rogers <ncrogers@gmail.com>
Date: Fri, 8 Feb 2013 12:24:38 +0000 (-0700)
Subject: Bug 3767: tcp_outgoing_* ACLs do not obey acl_uses_indirect_client
X-Git-Tag: SQUID_3_4_0_1~301
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fbd3636ba685d5a2397352f7987114b284533f0b;p=thirdparty%2Fsquid.git

Bug 3767: tcp_outgoing_* ACLs do not obey acl_uses_indirect_client
---

diff --git a/src/forward.cc b/src/forward.cc
index caf14dbbac..5e0d1c470e 100644
--- a/src/forward.cc
+++ b/src/forward.cc
@@ -298,11 +298,12 @@ FwdState::Start(const Comm::ConnectionPointer &clientConn, StoreEntry *entry, Ht
     if ( Config.accessList.miss && !request->client_addr.IsNoAddr() &&
             request->protocol != AnyP::PROTO_INTERNAL && request->protocol != AnyP::PROTO_CACHE_OBJECT) {
         /**
-         * Check if this host is allowed to fetch MISSES from us (miss_access)
+         * Check if this host is allowed to fetch MISSES from us (miss_access).
+         * Intentionally replace the src_addr automatically selected by the checklist code
+         * we do NOT want the indirect client address to be tested here.
          */
         ACLFilledChecklist ch(Config.accessList.miss, request, NULL);
         ch.src_addr = request->client_addr;
-        ch.my_addr = request->my_addr;
         if (ch.fastCheck() == ACCESS_DENIED) {
             err_type page_id;
             page_id = aclGetDenyInfoPage(&Config.denyInfoList, AclMatchedName, 1);
@@ -1583,12 +1584,6 @@ tos_t
 GetTosToServer(HttpRequest * request)
 {
     ACLFilledChecklist ch(NULL, request, NULL);
-
-    if (request) {
-        ch.src_addr = request->client_addr;
-        ch.my_addr = request->my_addr;
-    }
-
     return aclMapTOS(Ip::Qos::TheConfig.tosToServer, &ch);
 }
 
@@ -1596,11 +1591,5 @@ nfmark_t
 GetNfmarkToServer(HttpRequest * request)
 {
     ACLFilledChecklist ch(NULL, request, NULL);
-
-    if (request) {
-        ch.src_addr = request->client_addr;
-        ch.my_addr = request->my_addr;
-    }
-
     return aclMapNfmark(Ip::Qos::TheConfig.nfmarkToServer, &ch);
 }