aboutsummaryrefslogtreecommitdiffstats
path: root/libmproxy/proxy.py
diff options
context:
space:
mode:
Diffstat (limited to 'libmproxy/proxy.py')
-rw-r--r--libmproxy/proxy.py191
1 files changed, 84 insertions, 107 deletions
diff --git a/libmproxy/proxy.py b/libmproxy/proxy.py
index 609ffb62..69e5f411 100644
--- a/libmproxy/proxy.py
+++ b/libmproxy/proxy.py
@@ -2,10 +2,12 @@ import sys, os, string, socket, time
import shutil, tempfile, threading
import SocketServer
from OpenSSL import SSL
-from netlib import odict, tcp, http, wsgi, certutils, http_status, http_auth
+from netlib import odict, tcp, http, certutils, http_status, http_auth
import utils, flow, version, platform, controller
+TRANSPARENT_SSL_PORTS = [443, 8443]
+
KILL = 0
@@ -97,10 +99,10 @@ class RequestReplayThread(threading.Thread):
self.flow.request, httpversion, code, msg, headers, content, server.cert,
server.rfile.first_byte_timestamp
)
- self.channel.ask(response)
+ self.channel.ask("response", response)
except (ProxyError, http.HttpError, tcp.NetLibError), v:
err = flow.Error(self.flow.request, str(v))
- self.channel.ask(err)
+ self.channel.ask("error", err)
class HandleSNI:
@@ -173,7 +175,7 @@ class ProxyHandler(tcp.BaseHandler):
self.server_conn.require_request = False
self.server_conn.conn_info = conn_info
- self.channel.ask(self.server_conn)
+ self.channel.ask("serverconnect", self.server_conn)
self.server_conn.connect()
except tcp.NetLibError, v:
raise ProxyError(502, v)
@@ -187,7 +189,7 @@ class ProxyHandler(tcp.BaseHandler):
def handle(self):
cc = flow.ClientConnect(self.client_address)
self.log(cc, "connect")
- self.channel.ask(cc)
+ self.channel.ask("clientconnect", cc)
while self.handle_request(cc) and not cc.close:
pass
cc.close = True
@@ -199,7 +201,7 @@ class ProxyHandler(tcp.BaseHandler):
[
"handled %s requests"%cc.requestcount]
)
- self.channel.tell(cd)
+ self.channel.tell("clientdisconnect", cd)
def handle_request(self, cc):
try:
@@ -209,84 +211,77 @@ class ProxyHandler(tcp.BaseHandler):
return
cc.requestcount += 1
- app = self.server.apps.get(request)
- if app:
- err = app.serve(request, self.wfile)
- if err:
- self.log(cc, "Error in wsgi app.", err.split("\n"))
- return
+ request_reply = self.channel.ask("request", request)
+ if request_reply is None or request_reply == KILL:
+ return
+ elif isinstance(request_reply, flow.Response):
+ request = False
+ response = request_reply
+ response_reply = self.channel.ask("response", response)
else:
- request_reply = self.channel.ask(request)
- if request_reply is None or request_reply == KILL:
- return
- elif isinstance(request_reply, flow.Response):
- request = False
- response = request_reply
- response_reply = self.channel.ask(response)
+ request = request_reply
+ if self.config.reverse_proxy:
+ scheme, host, port = self.config.reverse_proxy
+ elif self.config.forward_proxy:
+ scheme, host, port = self.config.forward_proxy
else:
- request = request_reply
- if self.config.reverse_proxy:
- scheme, host, port = self.config.reverse_proxy
- elif self.config.forward_proxy:
- scheme, host, port = self.config.forward_proxy
- else:
- scheme, host, port = request.scheme, request.host, request.port
-
- # If we've already pumped a request over this connection,
- # it's possible that the server has timed out. If this is
- # the case, we want to reconnect without sending an error
- # to the client.
- while 1:
- sc = self.get_server_connection(cc, scheme, host, port, self.sni, request=request)
- sc.send(request)
- if sc.requestcount == 1: # add timestamps only for first request (others are not directly affected)
- request.tcp_setup_timestamp = sc.tcp_setup_timestamp
- request.ssl_setup_timestamp = sc.ssl_setup_timestamp
- sc.rfile.reset_timestamps()
- try:
- tsstart = utils.timestamp()
- peername = sc.connection.getpeername()
- if peername:
- request.ip = peername[0]
- httpversion, code, msg, headers, content = http.read_response(
- sc.rfile,
- request.method,
- self.config.body_size_limit
- )
- except http.HttpErrorConnClosed, v:
- self.del_server_connection()
- if sc.requestcount > 1:
- continue
- else:
- raise
- except http.HttpError, v:
- raise ProxyError(502, "Invalid server response.")
+ scheme, host, port = request.scheme, request.host, request.port
+
+ # If we've already pumped a request over this connection,
+ # it's possible that the server has timed out. If this is
+ # the case, we want to reconnect without sending an error
+ # to the client.
+ while 1:
+ sc = self.get_server_connection(cc, scheme, host, port, self.sni, request=request)
+ sc.send(request)
+ if sc.requestcount == 1: # add timestamps only for first request (others are not directly affected)
+ request.tcp_setup_timestamp = sc.tcp_setup_timestamp
+ request.ssl_setup_timestamp = sc.ssl_setup_timestamp
+ sc.rfile.reset_timestamps()
+ try:
+ tsstart = utils.timestamp()
+ peername = sc.connection.getpeername()
+ if peername:
+ request.ip = peername[0]
+ httpversion, code, msg, headers, content = http.read_response(
+ sc.rfile,
+ request.method,
+ self.config.body_size_limit
+ )
+ except http.HttpErrorConnClosed, v:
+ self.del_server_connection()
+ if sc.requestcount > 1:
+ continue
else:
- break
-
- response = flow.Response(
- request, httpversion, code, msg, headers, content, sc.cert,
- sc.rfile.first_byte_timestamp
- )
- response_reply = self.channel.ask(response)
- # Not replying to the server invalidates the server
- # connection, so we terminate.
- if response_reply == KILL:
- sc.terminate()
+ raise
+ except http.HttpError, v:
+ raise ProxyError(502, "Invalid server response.")
+ else:
+ break
+ response = flow.Response(
+ request, httpversion, code, msg, headers, content, sc.cert,
+ sc.rfile.first_byte_timestamp
+ )
+ response_reply = self.channel.ask("response", response)
+ # Not replying to the server invalidates the server
+ # connection, so we terminate.
if response_reply == KILL:
+ sc.terminate()
+
+ if response_reply == KILL:
+ return
+ else:
+ response = response_reply
+ self.send_response(response)
+ if request and http.connection_close(request.httpversion, request.headers):
+ return
+ # We could keep the client connection when the server
+ # connection needs to go away. However, we want to mimic
+ # behaviour as closely as possible to the client, so we
+ # disconnect.
+ if http.connection_close(response.httpversion, response.headers):
return
- else:
- response = response_reply
- self.send_response(response)
- if request and http.connection_close(request.httpversion, request.headers):
- return
- # We could keep the client connection when the server
- # connection needs to go away. However, we want to mimic
- # behaviour as closely as possible to the client, so we
- # disconnect.
- if http.connection_close(response.httpversion, response.headers):
- return
except (IOError, ProxyError, http.HttpError, tcp.NetLibError), e:
if hasattr(e, "code"):
cc.error = "%s: %s"%(e.code, e.msg)
@@ -295,7 +290,7 @@ class ProxyHandler(tcp.BaseHandler):
if request:
err = flow.Error(request, cc.error)
- self.channel.ask(err)
+ self.channel.ask("error", err)
self.log(
cc, cc.error,
["url: %s"%request.get_url()]
@@ -315,7 +310,7 @@ class ProxyHandler(tcp.BaseHandler):
msg.append(" -> "+i)
msg = "\n".join(msg)
l = Log(msg)
- self.channel.tell(l)
+ self.channel.tell("log", l)
def find_cert(self, cc, host, port, sni):
if self.config.certfile:
@@ -432,10 +427,12 @@ class ProxyHandler(tcp.BaseHandler):
content = http.read_http_body_request(
self.rfile, self.wfile, headers, httpversion, self.config.body_size_limit
)
- return flow.Request(
+ r = flow.Request(
client_conn, httpversion, host, port, scheme, method, path, headers, content,
self.rfile.first_byte_timestamp, utils.timestamp()
)
+ r.set_live(self.rfile, self.wfile)
+ return r
def _read_request_origin_form(self, client_conn, scheme, host, port):
"""
@@ -463,10 +460,12 @@ class ProxyHandler(tcp.BaseHandler):
content = http.read_http_body_request(
self.rfile, self.wfile, headers, httpversion, self.config.body_size_limit
)
- return flow.Request(
+ r = flow.Request(
client_conn, httpversion, host, port, scheme, method, path, headers, content,
self.rfile.first_byte_timestamp, utils.timestamp()
)
+ r.set_live(self.rfile, self.wfile)
+ return r
def read_headers(self, authenticate=False):
headers = http.read_headers(self.rfile)
@@ -526,7 +525,6 @@ class ProxyServer(tcp.TCPServer):
except socket.error, v:
raise ProxyServerError('Error starting proxy server: ' + v.strerror)
self.channel = None
- self.apps = AppRegistry()
def start_slave(self, klass, channel):
slave = klass(channel, self)
@@ -541,28 +539,6 @@ class ProxyServer(tcp.TCPServer):
h.finish()
-class AppRegistry:
- def __init__(self):
- self.apps = {}
-
- def add(self, app, domain, port):
- """
- Add a WSGI app to the registry, to be served for requests to the
- specified domain, on the specified port.
- """
- self.apps[(domain, port)] = wsgi.WSGIAdaptor(app, domain, port, version.NAMEVERSION)
-
- def get(self, request):
- """
- Returns an WSGIAdaptor instance if request matches an app, or None.
- """
- if (request.host, request.port) in self.apps:
- return self.apps[(request.host, request.port)]
- if "host" in request.headers:
- host = request.headers["host"][0]
- return self.apps.get((host, request.port), None)
-
-
class DummyServer:
bound = False
def __init__(self, config):
@@ -590,7 +566,6 @@ def certificate_option_group(parser):
)
-TRANSPARENT_SSL_PORTS = [443, 8443]
def process_proxy_options(parser, options):
if options.cert:
@@ -633,7 +608,9 @@ def process_proxy_options(parser, options):
if options.clientcerts:
options.clientcerts = os.path.expanduser(options.clientcerts)
if not os.path.exists(options.clientcerts) or not os.path.isdir(options.clientcerts):
- return parser.error("Client certificate directory does not exist or is not a directory: %s"%options.clientcerts)
+ return parser.error(
+ "Client certificate directory does not exist or is not a directory: %s"%options.clientcerts
+ )
if (options.auth_nonanonymous or options.auth_singleuser or options.auth_htpasswd):
if options.auth_singleuser:
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-06 00:11:34 +0000