[Pkg-privacy-commits] [obfsproxy] 291/353: Clean up error handling when the http proxy doesn't return status.
Ximin Luo
infinity0 at moszumanska.debian.org
Sat Aug 22 13:02:13 UTC 2015
This is an automated email from the git hooks/post-receive script.
infinity0 pushed a commit to branch master
in repository obfsproxy.
commit a79b8ae6a147fdebc59e6555ad5e985487c47f94
Author: Yawning Angel <yawning at torproject.org>
Date: Wed Apr 16 08:41:42 2014 +0000
Clean up error handling when the http proxy doesn't return status.
Some HTTP proxys opt to close the connection instead of returning a
HTTP status code on certain failures (Eg: polipo auth faliure, privoxy
ACL denial). This change logs a better error message to the obfsproxy
log when that happens.
As an added bonus the SOCKS5 server now knows about EHOSTUNREACH, so
a more informative response is sent on that failure type.
---
obfsproxy/network/http.py | 7 +++++--
obfsproxy/network/socks5.py | 18 +++++++++++++++++-
2 files changed, 22 insertions(+), 3 deletions(-)
diff --git a/obfsproxy/network/http.py b/obfsproxy/network/http.py
index 9aa62d1..bdf0c8b 100644
--- a/obfsproxy/network/http.py
+++ b/obfsproxy/network/http.py
@@ -1,4 +1,5 @@
from base64 import b64encode
+from twisted.internet.error import ConnectError
from twisted.internet.interfaces import IStreamClientEndpoint
from twisted.internet.protocol import ClientFactory
from twisted.internet.defer import Deferred
@@ -57,7 +58,9 @@ class HTTPConnectClient(HTTPClient):
if self.instance:
self.instance.connectionLost(reason)
else:
- self.onConnectionError(reason)
+ # Some HTTP proxies (Eg: polipo) are rude and opt to close the
+ # connection instead of sending a status code indicating failure.
+ self.onConnectionError(ConnectError("Proxy connection closed during setup"))
def handleEndHeaders(self):
log.info("HTTPConnectClient: Connected to %s:%d via %s:%d" % (log.safe_addr_str(self.host), self.port, log.safe_addr_str(self.proxy_addr.host), self.proxy_addr.port))
@@ -73,7 +76,7 @@ class HTTPConnectClient(HTTPClient):
def handleStatus(self, version, status, message):
if status != "200":
- self.onConnectionError(IOError("HTTPConnectClient: Proxy returned status: %s" % status))
+ self.onConnectionError(ConnectError("Proxy returned status: %s" % status))
def rawDataReceived(self, data):
log.debug("HTTPConnectClient: Received %d bytes of proxied data" % len(data))
diff --git a/obfsproxy/network/socks5.py b/obfsproxy/network/socks5.py
index 5cc62a2..02b4934 100644
--- a/obfsproxy/network/socks5.py
+++ b/obfsproxy/network/socks5.py
@@ -418,12 +418,28 @@ class SOCKSv5Protocol(protocol.Protocol):
self.sendReply(SOCKSv5Reply.TTLExpired)
elif failure.type == error.UnsupportedAddressFamily:
self.sendReply(SOCKSv5Reply.AddressTypeNotSupported)
+ elif failure.type == error.ConnectError:
+ # Twisted doesn't have a exception defined for EHOSTUNREACH,
+ # so the failure is a ConnectError. Try to catch this case
+ # and send a better reply, but fall back to a GeneralFailure.
+ reply = SOCKSv5Reply.GeneralFailure
+ try:
+ import errno
+ if hasattr(errno, "EHOSTUNREACH"):
+ if failure.value.osError == errno.EHOSTUNREACH:
+ reply = SOCKSv5Reply.HostUnreachable
+ if hasattr(errno, "WSAEHOSTUNREACH"):
+ if failure.value.osError == errno.WSAEHOSTUNREACH:
+ reply = SOCKSv5Reply.HostUnreachable
+ except Exception:
+ pass
+ self.sendReply(reply)
else:
self.sendReply(SOCKSv5Reply.GeneralFailure)
failure.trap(error.NoRouteError, error.ConnectionRefusedError,
error.TCPTimedOutError, error.TimeoutError,
- error.UnsupportedAddressFamily)
+ error.UnsupportedAddressFamily, error.ConnectError)
def processCmdBind(self, addr, port):
self.sendReply(SOCKSv5Reply.CommandNotSupported)
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-privacy/packages/obfsproxy.git
More information about the Pkg-privacy-commits
mailing list