---------------------
PatchSet 303 
Date: 2002/12/10 10:30:36
Author: apbarrett
Branch: follow_xff
Tag: (none) 
Log:
Add a comment near the src_addr field of struct _aclCheck_t explaining
how it's sometimes copied from conn->peer or request->client_addr,
and sometimes from request->indirect_client_addr.  Add an XXX comment
explaining that this is ugly and that it would be better if we had
per-ACL granularity instead of the global acl_uses_indirect_client flag.

Members: 
	src/structs.h:1.9.2.2->1.9.2.3 

Index: squid3/src/structs.h
===================================================================
RCS file: /cvsroot/squid-sf//squid3/src/structs.h,v
retrieving revision 1.9.2.2
retrieving revision 1.9.2.3
diff -u -r1.9.2.2 -r1.9.2.3
--- squid3/src/structs.h	9 Dec 2002 14:51:51 -0000	1.9.2.2
+++ squid3/src/structs.h	10 Dec 2002 10:30:36 -0000	1.9.2.3
@@ -1,6 +1,6 @@
 
 /*
- * $Id: structs.h,v 1.9.2.2 2002/12/09 14:51:51 apbarrett Exp $
+ * $Id: structs.h,v 1.9.2.3 2002/12/10 10:30:36 apbarrett Exp $
  *
  *
  * SQUID Web Proxy Cache          http://www.squid-cache.org/
@@ -178,6 +178,21 @@
 
 struct _aclCheck_t {
     const acl_access *accessList;
+#if FOLLOW_X_FORWARDED_FOR
+    /*
+     * The src_addr field is usually the direct client address, copied
+     * from somewhere like conn->peer or request->client_addr, but if
+     * the acl_uses_indirect_client option is set, then it may be copied
+     * from request->indirect_client_addr instead.
+     *
+     * XXX: Current usage requires all users of ACLs to have conditional
+     *      code to set src_addr appropriately.  It would be better to
+     *      place such decision making in the ACL-related code rather
+     *      than in the callers of the ACL-related code.  It would be
+     *      even better if if we had per-ACL granularity instead of the
+     *      global acl_uses_indirect_client flag.
+     */
+#endif /* FOLLOW_X_FORWARDED_FOR */
     struct in_addr src_addr;
     struct in_addr dst_addr;
     struct in_addr my_addr;