search

monkeyWie / proxyee

HTTP proxy server,support HTTPS&websocket.MITM impl,intercept and tamper HTTPS traffic.
MIT License
1.52k stars 572 forks source link

[iptables -j REJECT/DROP][java.net.SocketException: Connection reset] Q:How to handle these exceptions? #234

Open freedom1b2830 opened 1 year ago

freedom1b2830 commented 1 year ago

The situation is this, some ip addresses are blocked by iptables (iptables -A OUTPUT -d ip -j REJECT). Because of this, the proxy gives these exceptions:

окт. 11, 2022 12:43:15 PM io.netty.channel.AbstractChannelHandlerContext invokeExceptionCaught
WARNING: An exception 'java.lang.NullPointerException: Cannot invoke "com.github.monkeywie.proxyee.handler.HttpProxyServerHandler.getExceptionHandle()" because the return value of "io.netty.channel.ChannelPipeline.get(String)" is null' [enable DEBUG level for full stacktrace] was thrown by a user handler's exceptionCaught() method while handling the following exception:
java.net.SocketException: Connection reset
    at java.base/sun.nio.ch.SocketChannelImpl.throwConnectionReset(SocketChannelImpl.java:394)
    at java.base/sun.nio.ch.SocketChannelImpl.read(SocketChannelImpl.java:426)
    at io.netty.buffer.PooledByteBuf.setBytes(PooledByteBuf.java:258)
    at io.netty.buffer.AbstractByteBuf.writeBytes(AbstractByteBuf.java:1132)
    at io.netty.channel.socket.nio.NioSocketChannel.doReadBytes(NioSocketChannel.java:357)
    at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:151)
    at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:722)
    at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:658)
    at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:584)
    at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:496)
    at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
    at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
    at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
    at java.base/java.lang.Thread.run(Thread.java:833)

How to assign a handler for these exceptions/silence these exceptions?

freedom1b2830 commented 1 year ago

also how to do it? "enable DEBUG level for full stacktrace"

monkeyWie commented 1 year ago

can you post code?

freedom1b2830 commented 1 year ago

https://github.com/freedom1b2830/cocoon/blob/main/cocoon-webproxy/src/main/java/freedom1b2830/cocoon/webproxy/WebProxy.java

monkeyWie commented 1 year ago

Unable to reproduce, can you provide the simplest and reproducible code?

freedom1b2830 commented 1 year ago

https://github.com/freedom1b2830/monkeyWieBug maven java8+

monkeyWie commented 1 year ago

@freedom1b2830 Pls provide specific reproduction steps, such as:

1. xxx
2. xxx
3. curl -k -x 127.0.0.1:9999 https://www.google.com
freedom1b2830 commented 1 year ago

1.generated a root certificate 2.added it to the trusted centers in the systems (trust anchor –store /path) 3.configured firefox (http+https proxy) 4.I visited sites where there are resources from blocked domains through iptables (iptables -A OUTPUT -d $blockedIP -j REJECT)

monkeyWie commented 1 year ago

@freedom1b2830 I still can't reproduce the problem, can you test with curl command? My test:

1. add a line of code `domainsBlockRegEx.add("baidu.com")` 
2. ping www.badu.com get ip 14.215.177.39
3. sudo iptables -A OUTPUT -d 14.215.177.39 -j REJECT
4. start server
5. curl -k -x 127.0.0.1:9999 https://www.baidu.com

and it no exception. image

freedom1b2830 commented 1 year ago

the application was suspended at the time of the NPE being thrown out

heap dump 1.zip

in code:

@Override
    public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception {
        ctx.channel().close();
        clientChannel.close();
        HttpProxyExceptionHandle exceptionHandle = ((HttpProxyServerHandler) clientChannel.pipeline()
                .get("serverHandle")).getExceptionHandle();
        exceptionHandle.afterCatch(clientChannel, ctx.channel(), cause);
    }

(HttpProxyServerHandler) clientChannel.pipeline().get("serverHandle")==null

I am getting an exception in this thread

"nioEventLoopGroup-2-4" #38 prio=10 os_prio=0 cpu=397,75ms elapsed=199,42s tid=0x00007f284c083b70 nid=107057 runnable  [0x00007f2839df6000]
   java.lang.Thread.State: RUNNABLE
    at com.github.monkeywie.proxyee.handler.HttpProxyClientHandler.exceptionCaught(HttpProxyClientHandler.java:55)
    at io.netty.channel.AbstractChannelHandlerContext.invokeExceptionCaught(AbstractChannelHandlerContext.java:302)
    at io.netty.channel.AbstractChannelHandlerContext.invokeExceptionCaught(AbstractChannelHandlerContext.java:281)
    at io.netty.channel.AbstractChannelHandlerContext.fireExceptionCaught(AbstractChannelHandlerContext.java:273)
    at io.netty.channel.CombinedChannelDuplexHandler$DelegatingChannelHandlerContext.fireExceptionCaught(CombinedChannelDuplexHandler.java:424)
    at io.netty.channel.ChannelHandlerAdapter.exceptionCaught(ChannelHandlerAdapter.java:92)
    at io.netty.channel.CombinedChannelDuplexHandler$1.fireExceptionCaught(CombinedChannelDuplexHandler.java:145)
    at io.netty.channel.ChannelInboundHandlerAdapter.exceptionCaught(ChannelInboundHandlerAdapter.java:143)
    at io.netty.channel.CombinedChannelDuplexHandler.exceptionCaught(CombinedChannelDuplexHandler.java:231)
    at io.netty.channel.AbstractChannelHandlerContext.invokeExceptionCaught(AbstractChannelHandlerContext.java:302)
    at io.netty.channel.AbstractChannelHandlerContext.invokeExceptionCaught(AbstractChannelHandlerContext.java:281)
    at io.netty.channel.AbstractChannelHandlerContext.fireExceptionCaught(AbstractChannelHandlerContext.java:273)
    at io.netty.handler.ssl.SslHandler.exceptionCaught(SslHandler.java:1105)
    at io.netty.channel.AbstractChannelHandlerContext.invokeExceptionCaught(AbstractChannelHandlerContext.java:302)
    at io.netty.channel.AbstractChannelHandlerContext.invokeExceptionCaught(AbstractChannelHandlerContext.java:281)
    at io.netty.channel.AbstractChannelHandlerContext.fireExceptionCaught(AbstractChannelHandlerContext.java:273)
    at io.netty.channel.DefaultChannelPipeline$HeadContext.exceptionCaught(DefaultChannelPipeline.java:1377)
    at io.netty.channel.AbstractChannelHandlerContext.invokeExceptionCaught(AbstractChannelHandlerContext.java:302)
    at io.netty.channel.AbstractChannelHandlerContext.invokeExceptionCaught(AbstractChannelHandlerContext.java:281)
    at io.netty.channel.DefaultChannelPipeline.fireExceptionCaught(DefaultChannelPipeline.java:907)
    at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.handleReadException(AbstractNioByteChannel.java:125)
    at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:177)
    at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:722)
    at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:658)
    at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:584)
    at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:496)
    at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:997)
    at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
    at io.netty.util.concurrent.FastThreadLocalRunnable.run(FastThreadLocalRunnable.java:30)
    at java.lang.Thread.run(java.base@18.0.2/Thread.java:833)

   Locked ownable synchronizers:
    - None