Simulate DIRECT tunnel to origin peers on CONNECT

Within reason. Check that at least the port matches. That gives us some
small measure of reason to believe its the same protocol inside or the
same app being CONNECTed to.

diff --git a/src/neighbors.cc b/src/neighbors.cc
index ad9ec5bbda536c5c779a8872dcf72290617ded37..569fa7bc5653506f1c05df5b186f365545439d55 100644 (file)
--- a/src/neighbors.cc
+++ b/src/neighbors.cc
@@ -168,7 +168,8 @@ peerAllowedToUse(const peer * p, HttpRequest * request)
     }
 
     // CONNECT requests are proxy requests. Not to be forwarded to origin servers.
-    if (p->options.originserver && request->method == METHOD_CONNECT)
+    // Unless the destination port matches, in which case we MAY perform a 'DIRECT' to this peer.
+    if (p->options.originserver && request->method == METHOD_CONNECT && request->port != p->in_addr.GetPort())
         return 0;
 
     if (p->peer_domain == NULL && p->access == NULL)

diff --git a/src/tunnel.cc b/src/tunnel.cc
index 052ec9f050c70e92ccb8d79dafbd39465f7f819f..eacc43585702516fdc00c41cfa62a3c0092294c0 100644 (file)
--- a/src/tunnel.cc
+++ b/src/tunnel.cc
@@ -589,7 +589,7 @@ tunnelConnectDone(int fdnotused, const DnsLookupDetails &dns, comm_err_t status,
         err->callback_data = tunnelState;
         errorSend(tunnelState->client.fd(), err);
     } else {
-        if (tunnelState->servers->_peer)
+        if (tunnelState->servers->_peer && !tunnelState->servers->_peer->options.originserver)
             tunnelProxyConnected(tunnelState->server.fd(), tunnelState);
         else {
             tunnelConnected(tunnelState->server.fd(), tunnelState);
@@ -772,7 +772,7 @@ tunnelPeerSelectComplete(FwdServer * fs, void *data)
 
     if (fs->_peer) {
         tunnelState->request->peer_login = fs->_peer->login;
-        tunnelState->request->flags.proxying = 1;
+        tunnelState->request->flags.proxying = (fs->_peer->options.originserver?0:1);
     } else {
         tunnelState->request->peer_login = NULL;
         tunnelState->request->flags.proxying = 0;