From e5755aa05dbafe639502e0bf043bc6003b13d23b Mon Sep 17 00:00:00 2001 From: Amos Jeffries Date: Sun, 3 Apr 2011 06:20:26 -0600 Subject: [PATCH] Simulate DIRECT tunnel to origin peers on CONNECT Within reason. Check that at least the port matches. That gives us some small measure of reason to believe its the same protocol inside or the same app being CONNECTed to. --- src/neighbors.cc | 3 ++- src/tunnel.cc | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/src/neighbors.cc b/src/neighbors.cc index ad9ec5bbda..569fa7bc56 100644 --- a/src/neighbors.cc +++ b/src/neighbors.cc @@ -168,7 +168,8 @@ peerAllowedToUse(const peer * p, HttpRequest * request) } // CONNECT requests are proxy requests. Not to be forwarded to origin servers. - if (p->options.originserver && request->method == METHOD_CONNECT) + // Unless the destination port matches, in which case we MAY perform a 'DIRECT' to this peer. + if (p->options.originserver && request->method == METHOD_CONNECT && request->port != p->in_addr.GetPort()) return 0; if (p->peer_domain == NULL && p->access == NULL) diff --git a/src/tunnel.cc b/src/tunnel.cc index 052ec9f050..eacc435857 100644 --- a/src/tunnel.cc +++ b/src/tunnel.cc @@ -589,7 +589,7 @@ tunnelConnectDone(int fdnotused, const DnsLookupDetails &dns, comm_err_t status, err->callback_data = tunnelState; errorSend(tunnelState->client.fd(), err); } else { - if (tunnelState->servers->_peer) + if (tunnelState->servers->_peer && !tunnelState->servers->_peer->options.originserver) tunnelProxyConnected(tunnelState->server.fd(), tunnelState); else { tunnelConnected(tunnelState->server.fd(), tunnelState); @@ -772,7 +772,7 @@ tunnelPeerSelectComplete(FwdServer * fs, void *data) if (fs->_peer) { tunnelState->request->peer_login = fs->_peer->login; - tunnelState->request->flags.proxying = 1; + tunnelState->request->flags.proxying = (fs->_peer->options.originserver?0:1); } else { tunnelState->request->peer_login = NULL; tunnelState->request->flags.proxying = 0; -- 2.47.3