Merge branch 'master' into contentviews

8 files changed, 95 insertions, 35 deletions

diff --git a/libmproxy/proxy/__init__.py b/libmproxy/proxy/__init__.py
index d5297cb1..be7f5207 100644
--- a/libmproxy/proxy/__init__.py
+++ b/libmproxy/proxy/__init__.py
@@ -2,8 +2,10 @@ from __future__ import (absolute_import, print_function, division)
 
 from .server import ProxyServer, DummyServer
 from .config import ProxyConfig
+from .root_context import RootContext, Log
 
 __all__ = [
     "ProxyServer", "DummyServer",
     "ProxyConfig",
+    "RootContext", "Log",
 ]
diff --git a/libmproxy/proxy/config.py b/libmproxy/proxy/config.py
index 2a1b84cb..cd9eda5a 100644
--- a/libmproxy/proxy/config.py
+++ b/libmproxy/proxy/config.py
@@ -54,6 +54,8 @@ class ProxyConfig:
             authenticator=None,
             ignore_hosts=tuple(),
             tcp_hosts=tuple(),
+            http2=False,
+            rawtcp=False,
             ciphers_client=None,
             ciphers_server=None,
             certs=tuple(),
@@ -78,6 +80,8 @@ class ProxyConfig:
 
         self.check_ignore = HostMatcher(ignore_hosts)
         self.check_tcp = HostMatcher(tcp_hosts)
+        self.http2 = http2
+        self.rawtcp = rawtcp
         self.authenticator = authenticator
         self.cadir = os.path.expanduser(cadir)
         self.certstore = certutils.CertStore.from_store(
@@ -183,6 +187,8 @@ def process_proxy_options(parser, options):
         upstream_server=upstream_server,
         ignore_hosts=options.ignore_hosts,
         tcp_hosts=options.tcp_hosts,
+        http2=options.http2,
+        rawtcp=options.rawtcp,
         authenticator=authenticator,
         ciphers_client=options.ciphers_client,
         ciphers_server=options.ciphers_server,
@@ -192,4 +198,4 @@ def process_proxy_options(parser, options):
         ssl_verify_upstream_cert=options.ssl_verify_upstream_cert,
         ssl_verify_upstream_trusted_cadir=options.ssl_verify_upstream_trusted_cadir,
         ssl_verify_upstream_trusted_ca=options.ssl_verify_upstream_trusted_ca
-    )
\ No newline at end of file
+    )
diff --git a/libmproxy/proxy/modes/http_proxy.py b/libmproxy/proxy/modes/http_proxy.py
index 90c54cc6..c7502c24 100644
--- a/libmproxy/proxy/modes/http_proxy.py
+++ b/libmproxy/proxy/modes/http_proxy.py
@@ -10,7 +10,7 @@ class HttpProxy(Layer, ServerConnectionMixin):
             layer()
         finally:
             if self.server_conn:
-                self._disconnect()
+                self.disconnect()
 
 
 class HttpUpstreamProxy(Layer, ServerConnectionMixin):
@@ -23,4 +23,4 @@ class HttpUpstreamProxy(Layer, ServerConnectionMixin):
             layer()
         finally:
             if self.server_conn:
-                self._disconnect()
+                self.disconnect()
diff --git a/libmproxy/proxy/modes/reverse_proxy.py b/libmproxy/proxy/modes/reverse_proxy.py
index b57ac5eb..28f4e6f8 100644
--- a/libmproxy/proxy/modes/reverse_proxy.py
+++ b/libmproxy/proxy/modes/reverse_proxy.py
@@ -14,4 +14,4 @@ class ReverseProxy(Layer, ServerConnectionMixin):
             layer()
         finally:
             if self.server_conn:
-                self._disconnect()
+                self.disconnect()
diff --git a/libmproxy/proxy/modes/socks_proxy.py b/libmproxy/proxy/modes/socks_proxy.py
index ebaf939e..545c38d6 100644
--- a/libmproxy/proxy/modes/socks_proxy.py
+++ b/libmproxy/proxy/modes/socks_proxy.py
@@ -48,7 +48,7 @@ class Socks5Proxy(Layer, ServerConnectionMixin):
             self.client_conn.wfile.flush()
 
         except (socks.SocksError, NetLibError) as e:
-            raise Socks5Exception("SOCKS5 mode failure: %s" % repr(e), e)
+            raise Socks5Exception("SOCKS5 mode failure: %s" % repr(e))
 
         self.server_conn.address = connect_request.addr
 
@@ -57,4 +57,4 @@ class Socks5Proxy(Layer, ServerConnectionMixin):
             layer()
         finally:
             if self.server_conn:
-                self._disconnect()
+                self.disconnect()
diff --git a/libmproxy/proxy/modes/transparent_proxy.py b/libmproxy/proxy/modes/transparent_proxy.py
index 96ad86c4..da1d4632 100644
--- a/libmproxy/proxy/modes/transparent_proxy.py
+++ b/libmproxy/proxy/modes/transparent_proxy.py
@@ -14,11 +14,11 @@ class TransparentProxy(Layer, ServerConnectionMixin):
         try:
             self.server_conn.address = self.resolver.original_addr(self.client_conn.connection)
         except Exception as e:
-            raise ProtocolException("Transparent mode failure: %s" % repr(e), e)
+            raise ProtocolException("Transparent mode failure: %s" % repr(e))
 
         layer = self.ctx.next_layer(self)
         try:
             layer()
         finally:
             if self.server_conn:
-                self._disconnect()
+                self.disconnect()
diff --git a/libmproxy/proxy/root_context.py b/libmproxy/proxy/root_context.py
index 35909612..54bea1db 100644
--- a/libmproxy/proxy/root_context.py
+++ b/libmproxy/proxy/root_context.py
@@ -1,8 +1,13 @@
 from __future__ import (absolute_import, print_function, division)
+import string
+import sys
 
+import six
+
+from libmproxy.exceptions import ProtocolException
 from netlib.http.http1 import HTTP1Protocol
 from netlib.http.http2 import HTTP2Protocol
-
+from netlib.tcp import NetLibError
 from ..protocol import (
     RawTCPLayer, TlsLayer, Http1Layer, Http2Layer, is_tls_record_magic, ServerConnectionMixin
 )
@@ -11,31 +16,47 @@ from .modes import HttpProxy, HttpUpstreamProxy, ReverseProxy
 
 class RootContext(object):
     """
-    The outmost context provided to the root layer.
-    As a consequence, every layer has .client_conn, .channel, .next_layer() and .config.
+    The outermost context provided to the root layer.
+    As a consequence, every layer has access to methods and attributes defined here.
+
+    Attributes:
+        client_conn:
+            The :py:class:`client connection <libmproxy.models.ClientConnection>`.
+        channel:
+            A :py:class:`~libmproxy.controller.Channel` to communicate with the FlowMaster.
+            Provides :py:meth:`.ask() <libmproxy.controller.Channel.ask>` and
+            :py:meth:`.tell() <libmproxy.controller.Channel.tell>` methods.
+        config:
+            The :py:class:`proxy server's configuration <libmproxy.proxy.ProxyConfig>`
     """
 
     def __init__(self, client_conn, config, channel):
-        self.client_conn = client_conn  # Client Connection
-        self.channel = channel  # provides .ask() method to communicate with FlowMaster
-        self.config = config  # Proxy Configuration
+        self.client_conn = client_conn
+        self.channel = channel
+        self.config = config
 
     def next_layer(self, top_layer):
         """
         This function determines the next layer in the protocol stack.
 
         Arguments:
-            top_layer: the current top layer.
+            top_layer: the current innermost layer.
 
         Returns:
             The next layer
         """
+        layer = self._next_layer(top_layer)
+        return self.channel.ask("next_layer", layer)
 
+    def _next_layer(self, top_layer):
         # 1. Check for --ignore.
         if self.config.check_ignore(top_layer.server_conn.address):
             return RawTCPLayer(top_layer, logging=False)
 
-        d = top_layer.client_conn.rfile.peek(3)
+        try:
+            d = top_layer.client_conn.rfile.peek(3)
+        except NetLibError as e:
+            six.reraise(ProtocolException, ProtocolException(str(e)), sys.exc_info()[2])
         client_tls = is_tls_record_magic(d)
 
         # 2. Always insert a TLS layer, even if there's neither client nor server tls.
@@ -69,21 +90,30 @@ class RootContext(object):
             if alpn == HTTP1Protocol.ALPN_PROTO_HTTP1:
                 return Http1Layer(top_layer, 'transparent')
 
-        # 6. Assume HTTP1 by default
+        # 6. Check for raw tcp mode
+        is_ascii = (
+            len(d) == 3 and
+            # better be safe here and don't expect uppercase...
+            all(x in string.ascii_letters for x in d)
+        )
+        if self.config.rawtcp and not is_ascii:
+            return RawTCPLayer(top_layer)
+
+        # 7. Assume HTTP1 by default
         return Http1Layer(top_layer, 'transparent')
 
-        # In a future version, we want to implement TCP passthrough as the last fallback,
-        # but we don't have the UI part ready for that.
-        #
-        # d = top_layer.client_conn.rfile.peek(3)
-        # is_ascii = (
-        #     len(d) == 3 and
-        #     # better be safe here and don't expect uppercase...
-        #     all(x in string.ascii_letters for x in d)
-        # )
-        # # TODO: This could block if there are not enough bytes available?
-        # d = top_layer.client_conn.rfile.peek(len(HTTP2Protocol.CLIENT_CONNECTION_PREFACE))
-        # is_http2_magic = (d == HTTP2Protocol.CLIENT_CONNECTION_PREFACE)
+    def log(self, msg, level, subs=()):
+        """
+        Send a log message to the master.
+        """
+
+        full_msg = [
+            "{}: {}".format(repr(self.client_conn.address), msg)
+        ]
+        for i in subs:
+            full_msg.append("  -> " + i)
+        full_msg = "\n".join(full_msg)
+        self.channel.tell("log", Log(full_msg, level))
 
     @property
     def layers(self):
@@ -91,3 +121,9 @@ class RootContext(object):
 
     def __repr__(self):
         return "RootContext"
+
+
+class Log(object):
+    def __init__(self, msg, level="info"):
+        self.msg = msg
+        self.level = level
diff --git a/libmproxy/proxy/server.py b/libmproxy/proxy/server.py
index e9e8df09..88448172 100644
--- a/libmproxy/proxy/server.py
+++ b/libmproxy/proxy/server.py
@@ -3,15 +3,16 @@ from __future__ import (absolute_import, print_function, division)
 import traceback
 import sys
 import socket
+import six
 
 from netlib import tcp
 from netlib.http.http1 import HTTP1Protocol
 from netlib.tcp import NetLibError
-from ..exceptions import ProtocolException, ServerException
-from ..protocol import Log, Kill
+from ..exceptions import ProtocolException, ServerException, ClientHandshakeException
+from ..protocol import Kill
 from ..models import ClientConnection, make_error_response
 from .modes import HttpUpstreamProxy, HttpProxy, ReverseProxy, TransparentProxy, Socks5Proxy
-from .root_context import RootContext
+from .root_context import RootContext, Log
 
 
 class DummyServer:
@@ -39,7 +40,11 @@ class ProxyServer(tcp.TCPServer):
         try:
             super(ProxyServer, self).__init__((config.host, config.port))
         except socket.error as e:
-            raise ServerException('Error starting proxy server: ' + repr(e), e)
+            six.reraise(
+                ServerException,
+                ServerException('Error starting proxy server: ' + repr(e)),
+                sys.exc_info()[2]
+            )
         self.channel = None
 
     def start_slave(self, klass, channel):
@@ -116,7 +121,18 @@ class ConnectionHandler(object):
         except Kill:
             self.log("Connection killed", "info")
         except ProtocolException as e:
-            self.log(e, "info")
+
+            if isinstance(e, ClientHandshakeException):
+                self.log(
+                    "Client Handshake failed. "
+                    "The client may not trust the proxy's certificate for {}.".format(e.server),
+                    "error"
+                )
+                self.log(repr(e), "debug")
+            else:
+                self.log(repr(e), "error")
+
+                self.log(traceback.format_exc(), "debug")
             # If an error propagates to the topmost level,
             # we send an HTTP error response, which is both
             # understandable by HTTP clients and humans.
@@ -137,4 +153,4 @@ class ConnectionHandler(object):
 
     def log(self, msg, level):
         msg = "{}: {}".format(repr(self.client_conn.address), msg)
-        self.channel.tell("log", Log(msg, level))
\ No newline at end of file
+        self.channel.tell("log", Log(msg, level))