On 05/24/2013 05:58 PM, Alex Rousskov wrote: > When talking to a cache_peer (i.e., sending a CONNECT request before > tunneling the transaction), tunnel code is using a clever hack: Squid > does not parse the CONNECT response from peer but blindly forwards it to > the client. This works great and simplifies code a lot, except when the > client connection was intercepted and, hence, the client did not send a > CONNECT request and is not expecting a CONNECT response. > > In those situations, the patch accumulates, parses, and strips the peer > CONNECT response (or closes connection on errors). > > The existing tunnel I/O code is too simple to accommodate that task -- > it cannot accumulate read data (its I/O buffers work in lockstep > fashion, writing everything it reads before reading again). Instead of > rewriting the entire tunnel code to use more complex buffers, I added a > temporary accumulation buffer for the CONNECT response. That buffer is > not allocated unless it is needed and does not grow beyond > SQUID_TCP_SO_RCVBUF size, just like the simple buffers.
I will commit this fix shortly unless there are last-minute objections. Thank you, Alex.
