From 9ab0a77eda0ffe7912c3da2d2a26a0a25d8d412a Mon Sep 17 00:00:00 2001 From: Amos Jeffries Date: Sun, 3 Apr 2011 06:17:09 -0600 Subject: [PATCH] Simulate DIRECT tunnel to origin peers on CONNECT Within reason. Check that at least the port matches. That gives us some small measure of reason to believe its the same protocol inside or the same app being CONNECTed to. --- src/neighbors.cc | 3 ++- src/tunnel.cc | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/neighbors.cc b/src/neighbors.cc index b1ac1f97c2..2fd10be90d 100644 --- a/src/neighbors.cc +++ b/src/neighbors.cc @@ -169,7 +169,8 @@ peerAllowedToUse(const peer * p, HttpRequest * request) } // CONNECT requests are proxy requests. Not to be forwarded to origin servers. - if (p->options.originserver && request->method == METHOD_CONNECT) + // Unless the destination port matches, in which case we MAY perform a 'DIRECT' to this peer. + if (p->options.originserver && request->method == METHOD_CONNECT && request->port != p->in_addr.GetPort()) return 0; if (p->peer_domain == NULL && p->access == NULL) diff --git a/src/tunnel.cc b/src/tunnel.cc index 0ae00b6d1e..2317ed027c 100644 --- a/src/tunnel.cc +++ b/src/tunnel.cc @@ -596,7 +596,7 @@ tunnelConnectDone(int fdnotused, const DnsLookupDetails &dns, comm_err_t status, err->callback_data = tunnelState; errorSend(tunnelState->client.fd(), err); } else { - if (tunnelState->servers->_peer) + if (tunnelState->servers->_peer && !tunnelState->servers->_peer->options.originserver) tunnelProxyConnected(tunnelState->server.fd(), tunnelState); else { tunnelConnected(tunnelState->server.fd(), tunnelState); @@ -791,7 +791,7 @@ tunnelPeerSelectComplete(FwdServer * fs, void *data) if (fs->_peer) { tunnelState->request->peer_login = fs->_peer->login; - tunnelState->request->flags.proxying = 1; + tunnelState->request->flags.proxying = (fs->_peer->options.originserver?0:1); } else { tunnelState->request->peer_login = NULL; tunnelState->request->flags.proxying = 0; -- 2.47.3