From: Amos Jeffries Date: Sun, 3 Apr 2011 12:20:26 +0000 (-0600) Subject: Simulate DIRECT tunnel to origin peers on CONNECT X-Git-Tag: SQUID_3_1_12~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e5755aa05dbafe639502e0bf043bc6003b13d23b;p=thirdparty%2Fsquid.git Simulate DIRECT tunnel to origin peers on CONNECT Within reason. Check that at least the port matches. That gives us some small measure of reason to believe its the same protocol inside or the same app being CONNECTed to. --- diff --git a/src/neighbors.cc b/src/neighbors.cc index ad9ec5bbda..569fa7bc56 100644 --- a/src/neighbors.cc +++ b/src/neighbors.cc @@ -168,7 +168,8 @@ peerAllowedToUse(const peer * p, HttpRequest * request) } // CONNECT requests are proxy requests. Not to be forwarded to origin servers. - if (p->options.originserver && request->method == METHOD_CONNECT) + // Unless the destination port matches, in which case we MAY perform a 'DIRECT' to this peer. + if (p->options.originserver && request->method == METHOD_CONNECT && request->port != p->in_addr.GetPort()) return 0; if (p->peer_domain == NULL && p->access == NULL) diff --git a/src/tunnel.cc b/src/tunnel.cc index 052ec9f050..eacc435857 100644 --- a/src/tunnel.cc +++ b/src/tunnel.cc @@ -589,7 +589,7 @@ tunnelConnectDone(int fdnotused, const DnsLookupDetails &dns, comm_err_t status, err->callback_data = tunnelState; errorSend(tunnelState->client.fd(), err); } else { - if (tunnelState->servers->_peer) + if (tunnelState->servers->_peer && !tunnelState->servers->_peer->options.originserver) tunnelProxyConnected(tunnelState->server.fd(), tunnelState); else { tunnelConnected(tunnelState->server.fd(), tunnelState); @@ -772,7 +772,7 @@ tunnelPeerSelectComplete(FwdServer * fs, void *data) if (fs->_peer) { tunnelState->request->peer_login = fs->_peer->login; - tunnelState->request->flags.proxying = 1; + tunnelState->request->flags.proxying = (fs->_peer->options.originserver?0:1); } else { tunnelState->request->peer_login = NULL; tunnelState->request->flags.proxying = 0;