aboutsummaryrefslogtreecommitdiffstats
path: root/libmproxy/protocol2/http.py
diff options
context:
space:
mode:
Diffstat (limited to 'libmproxy/protocol2/http.py')
-rw-r--r--libmproxy/protocol2/http.py96
1 files changed, 75 insertions, 21 deletions
diff --git a/libmproxy/protocol2/http.py b/libmproxy/protocol2/http.py
index cabec806..eadde3b3 100644
--- a/libmproxy/protocol2/http.py
+++ b/libmproxy/protocol2/http.py
@@ -2,22 +2,24 @@ from __future__ import (absolute_import, print_function, division)
from .. import version
from ..exceptions import InvalidCredentials, HttpException, ProtocolException
-from .layer import Layer, ServerConnectionMixin
+from .layer import Layer
from libmproxy import utils
from .messages import SetServer, Connect, Reconnect, Kill
from libmproxy.protocol import KILL
from libmproxy.protocol.http import HTTPFlow
from libmproxy.protocol.http_wrappers import HTTPResponse, HTTPRequest
-from libmproxy.protocol2.tls import TlsLayer
from netlib import tcp
from netlib.http import status_codes, http1, HttpErrorConnClosed
from netlib.http.semantics import CONTENT_MISSING
from netlib import odict
-from netlib.tcp import NetLibError
+from netlib.tcp import NetLibError, Address
from netlib.http.http1 import HTTP1Protocol
from netlib.http.http2 import HTTP2Protocol
+# TODO: The HTTP2 layer is missing multiplexing, which requires a major rewrite.
+
+
class Http1Layer(Layer):
def __init__(self, ctx, mode):
super(Http1Layer, self).__init__(ctx)
@@ -26,7 +28,6 @@ class Http1Layer(Layer):
self.server_protocol = HTTP1Protocol(self.server_conn)
def __call__(self):
- from .http import HttpLayer
layer = HttpLayer(self, self.mode)
for message in layer():
yield message
@@ -40,11 +41,12 @@ class Http2Layer(Layer):
self.server_protocol = HTTP2Protocol(self.server_conn, is_server=False)
def __call__(self):
- from .http import HttpLayer
+ # FIXME: Handle Reconnect etc.
layer = HttpLayer(self, self.mode)
for message in layer():
yield message
+
def make_error_response(status_code, message, headers=None):
response = status_codes.RESPONSES.get(status_code, "Unknown")
body = """
@@ -73,6 +75,7 @@ def make_error_response(status_code, message, headers=None):
def make_connect_request(address):
+ address = Address.wrap(address)
return HTTPRequest(
"authority", "CONNECT", None, address.host, address.port, None, (1, 1),
odict.ODictCaseless(), ""
@@ -93,6 +96,22 @@ def make_connect_response(httpversion):
)
+class ConnectServerConnection(object):
+ """
+ "Fake" ServerConnection to represent state after a CONNECT request to an upstream proxy.
+ """
+ def __init__(self, address, ctx):
+ self.address = tcp.Address.wrap(address)
+ self._ctx = ctx
+
+ @property
+ def via(self):
+ return self._ctx.server_conn
+
+ def __getattr__(self, item):
+ return getattr(self.via, item)
+
+
class HttpLayer(Layer):
"""
HTTP 1 Layer
@@ -122,12 +141,8 @@ class HttpLayer(Layer):
# Regular Proxy Mode: Handle CONNECT
if self.mode == "regular" and request.form_in == "authority":
- yield SetServer((request.host, request.port), False, None)
- self.send_to_client(make_connect_response(request.httpversion))
- layer = self.ctx.next_layer(self)
- for message in layer():
- if not self._handle_server_message(message):
- yield message
+ for message in self.handle_regular_mode_connect(request):
+ yield message
return
# Make sure that the incoming request matches our expectations
@@ -149,12 +164,50 @@ class HttpLayer(Layer):
if self.check_close_connection(flow):
return
+ # Upstream Proxy Mode: Handle CONNECT
if flow.request.form_in == "authority" and flow.response.code == 200:
- raise NotImplementedError("Upstream mode CONNECT not implemented")
+ for message in self.handle_upstream_mode_connect(flow.request.copy()):
+ yield message
+ return
+
except (HttpErrorConnClosed, NetLibError) as e:
make_error_response(502, repr(e))
raise ProtocolException(repr(e), e)
+ def handle_regular_mode_connect(self, request):
+ yield SetServer((request.host, request.port), False, None)
+ self.send_to_client(make_connect_response(request.httpversion))
+ layer = self.ctx.next_layer(self)
+ for message in layer():
+ yield message
+
+ def handle_upstream_mode_connect(self, connect_request):
+ layer = self.ctx.next_layer(self)
+ self.server_conn = ConnectServerConnection((connect_request.host, connect_request.port), self.ctx)
+
+ for message in layer():
+ if message == Connect:
+ if not self.server_conn:
+ yield message
+ self.send_to_server(connect_request)
+ else:
+ pass # swallow the message
+ elif message == Reconnect:
+ yield message
+ self.send_to_server(connect_request)
+ elif message == SetServer:
+ if message.depth == 1:
+ if self.ctx.server_conn:
+ yield Reconnect()
+ connect_request.host = message.address.host
+ connect_request.port = message.address.port
+ self.server_conn.address = message.address
+ else:
+ message.depth -= 1
+ yield message
+ else:
+ yield message
+
def check_close_connection(self, flow):
"""
Checks if the connection should be closed depending on the HTTP
@@ -236,9 +289,9 @@ class HttpLayer(Layer):
if flow is None or flow == KILL:
yield Kill()
- if flow.response.stream:
+ if flow.response.stream and isinstance(self.server_protocol, http1.HTTP1Protocol):
flow.response.content = CONTENT_MISSING
- elif isinstance(self.server_protocol, http1.HTTP1Protocol):
+ else:
flow.response.content = self.server_protocol.read_http_body(
self.server_conn,
flow.response.headers,
@@ -274,11 +327,11 @@ class HttpLayer(Layer):
if flow.request.form_in == "authority":
flow.request.scheme = "http" # pseudo value
else:
- flow.request.host = self.ctx.server_address.host
- flow.request.port = self.ctx.server_address.port
+ flow.request.host = self.ctx.server_conn.address.host
+ flow.request.port = self.ctx.server_conn.address.port
flow.request.scheme = "https" if self.server_conn.tls_established else "http"
- # TODO: Expose ChangeServer functionality to inline scripts somehow? (yield_from_callback?)
+ # TODO: Expose SetServer functionality to inline scripts somehow? (yield_from_callback?)
request_reply = self.channel.ask("request", flow)
if request_reply is None or request_reply == KILL:
yield Kill()
@@ -292,25 +345,26 @@ class HttpLayer(Layer):
tls = (flow.request.scheme == "https")
if self.mode == "regular" or self.mode == "transparent":
# If there's an existing connection that doesn't match our expectations, kill it.
- if self.server_address != address or tls != self.server_conn.ssl_established:
+ if address != self.server_conn.address or tls != self.server_conn.ssl_established:
yield SetServer(address, tls, address.host)
# Establish connection is neccessary.
if not self.server_conn:
yield Connect()
- # ChangeServer is not guaranteed to work with TLS:
+ # SetServer is not guaranteed to work with TLS:
# If there's not TlsLayer below which could catch the exception,
# TLS will not be established.
if tls and not self.server_conn.tls_established:
raise ProtocolException("Cannot upgrade to SSL, no TLS layer on the protocol stack.")
else:
+ if not self.server_conn:
+ yield Connect()
if tls:
raise HttpException("Cannot change scheme in upstream proxy mode.")
"""
# This is a very ugly (untested) workaround to solve a very ugly problem.
- # FIXME: Check if connected first.
- if self.server_conn.tls_established and not ssl:
+ if self.server_conn and self.server_conn.tls_established and not ssl:
yield Reconnect()
elif ssl and not hasattr(self, "connected_to") or self.connected_to != address:
if self.server_conn.tls_established:
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-16 09:26:31 +0000