Move X-Forwarded-For handled into C code

Remove adding of X-Forwarded-For from builtin.vcl and put it into the
C code that runs before vcl_recv.  This makes it more likely that it's
properly set when the user VCL runs.

Fixes: #1454

bin/varnishd/builtin.vcl

@@ -45,14 +45,6 @@ vcl 4.0;
 # Client side
 
 sub vcl_recv {
-    if (req.restarts == 0) {
-        if (req.http.x-forwarded-for) {
-            set req.http.X-Forwarded-For =
-                req.http.X-Forwarded-For + ", " + client.ip;
-        } else {
-            set req.http.X-Forwarded-For = client.ip;
-        }
-    }
     if (req.method != "GET" &&
       req.method != "HEAD" &&
       req.method != "PUT" &&

bin/varnishd/cache/cache_req_fsm.c

@@ -660,6 +660,7 @@ cnt_recv(struct worker *wrk, struct req *req)
 {
 	unsigned recv_handling;
 	struct SHA256Context sha256ctx;
+	char *xff;
 
 	CHECK_OBJ_NOTNULL(wrk, WORKER_MAGIC);
 	CHECK_OBJ_NOTNULL(req, REQ_MAGIC);
@@ -688,6 +689,16 @@ cnt_recv(struct worker *wrk, struct req *req)
 	req->hash_always_miss = 0;
 	req->hash_ignore_busy = 0;
 	req->client_identity = NULL;
+	if (req->restarts == 0) {
+		if (http_GetHdr(req->http, H_X_Forwarded_For, &xff)) {
+			http_Unset(req->http, H_X_Forwarded_For);
+			http_PrintfHeader(req->http, "X-Forwarded-For: %s, %s", xff,
+					  req->sp->client_addr_str);
+		} else {
+			http_PrintfHeader(req->http, "X-Forwarded-For: %s",
+					  req->sp->client_addr_str);
+		}
+	}
 
 	http_CollectHdr(req->http, H_Cache_Control);
 

include/tbl/http_headers.h

@@ -94,5 +94,6 @@ HTTPH("Vary",			H_Vary,			0					  )	/* RFC2616 14.44 */
 HTTPH("Via",			H_Via,			0					  )	/* RFC2616 14.45 */
 HTTPH("Warning",		H_Warning,		0					  )	/* RFC2616 14.46 */
 HTTPH("WWW-Authenticate",	H_WWW_Authenticate,	0					  )	/* RFC2616 14.47 */
+HTTPH("X-Forwarded-For",	H_X_Forwarded_For,	0					  )	/* Not RFC */
 
 /*lint -restore */