New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Version from 42.1.0 can't connect to 127.0.0.1 with System SOCKS proxy #975

Closed
YuGe opened this Issue Oct 4, 2017 · 20 comments

Comments

Projects
None yet
6 participants
@YuGe

YuGe commented Oct 4, 2017

Hi,
I found Postgresql JDBC Driver cannot connect to local postgresql server when I set a system SOCKS proxy.

org.postgresql.util.PSQLException: The connection attempt failed.
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:275)
at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49)
at org.postgresql.jdbc.PgConnection.(PgConnection.java:194)
at org.postgresql.Driver.makeConnection(Driver.java:450)
at org.postgresql.Driver.connect(Driver.java:252)
at java.sql.DriverManager.getConnection(DriverManager.java:664)
at java.sql.DriverManager.getConnection(DriverManager.java:208)
at org.apache.ibatis.datasource.unpooled.UnpooledDataSource.doGetConnection(UnpooledDataSource.java:201)
at org.apache.ibatis.datasource.unpooled.UnpooledDataSource.doGetConnection(UnpooledDataSource.java:196)
at org.apache.ibatis.datasource.unpooled.UnpooledDataSource.getConnection(UnpooledDataSource.java:93)
at org.apache.ibatis.datasource.pooled.PooledDataSource.popConnection(PooledDataSource.java:404)
.......

Caused by: java.net.UnknownHostException: 127.0.0.1
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:184)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:589)
at org.postgresql.core.PGStream.(PGStream.java:68)
at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:144)
... 69 more

system: macOS High Sierra
java: 1.8.0_144

@davecramer

This comment has been minimized.

Member

davecramer commented Oct 4, 2017

@YuGe can you try with the latest code before I go chase this down ?

@jgangemi

This comment has been minimized.

jgangemi commented Oct 5, 2017

seeing this same behavior with version 42.1.4.

[HikariPool-1 connection adder] ERROR org.postgresql.ds.common.BaseDataSource - Failed to create a Non-Pooling DataSource from PostgreSQL JDBC Driver 42.1.4 for fwptools at jdbc:postgresql://172.16.3.128:32774/fwptools?loginTimeout=30: org.postgresql.util.PSQLException: The connection attempt failed.
[HikariPool-1 connection adder] ERROR org.postgresql.Driver - Connection error: 
org.postgresql.util.PSQLException: The connection attempt failed.
	at org.postgresql.Driver$ConnectThread.getResult(Driver.java:401)
	at org.postgresql.Driver.connect(Driver.java:259)
	at java.sql.DriverManager.getConnection(DriverManager.java:664)
	at java.sql.DriverManager.getConnection(DriverManager.java:247)
	at org.postgresql.ds.common.BaseDataSource.getConnection(BaseDataSource.java:94)
	at com.zaxxer.hikari.pool.PoolBase.newConnection(PoolBase.java:375)
	at com.zaxxer.hikari.pool.PoolBase.newPoolEntry(PoolBase.java:204)
	at com.zaxxer.hikari.pool.HikariPool.createPoolEntry(HikariPool.java:445)
	at com.zaxxer.hikari.pool.HikariPool.access$200(HikariPool.java:72)
	at com.zaxxer.hikari.pool.HikariPool$PoolEntryCreator.call(HikariPool.java:632)
	at com.zaxxer.hikari.pool.HikariPool$PoolEntryCreator.call(HikariPool.java:618)
	at java.util.concurrent.FutureTask.run(FutureTask.java:266)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
	at java.lang.Thread.run(Thread.java:745)
Caused by: java.net.UnknownHostException: 172.16.3.128
	at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:184)
	at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
	at java.net.Socket.connect(Socket.java:589)
	at org.postgresql.core.PGStream.<init>(PGStream.java:68)
	at org.postgresql.core.v3.ConnectionFactoryImpl.openConnectionImpl(ConnectionFactoryImpl.java:144)
	at org.postgresql.core.ConnectionFactory.openConnection(ConnectionFactory.java:49)
	at org.postgresql.jdbc.PgConnection.<init>(PgConnection.java:194)
	at org.postgresql.Driver.makeConnection(Driver.java:450)
	at org.postgresql.Driver.access$100(Driver.java:60)
	at org.postgresql.Driver$ConnectThread.run(Driver.java:360)
	... 1 more

in this case 172.16.3.128 is the ip of my docker vm that the jvm is told to ignore via

-DsocksProxyHost=127.0.0.1 -DsocksProxyPort=9998 -DsocksNonProxyHosts=172.16.3.128

the last driver version that works w/ this configuration is 42.0.0

looking through the changelog history, i see a reference to #774 which i am guessing is the cause of this behavior.

@davecramer

This comment has been minimized.

Member

davecramer commented Oct 5, 2017

so can you use the snapshot to test to make sure this fixes it?

@jgangemi

This comment has been minimized.

jgangemi commented Oct 5, 2017

42.1.5-SNAPSHOT?

is it pushed to maven central?

@davecramer

This comment has been minimized.

Member

davecramer commented Oct 5, 2017

hmmm apparently not, somehow I thought it was. It is easy enough to compile though

@jgangemi

This comment has been minimized.

jgangemi commented Oct 5, 2017

if you can get it pushed up there, i can test to see if it fixes the issue.

@jgangemi

This comment has been minimized.

jgangemi commented Oct 5, 2017

i compiled from source - unfortunately the problem still exists.

@davecramer

This comment has been minimized.

Member

davecramer commented Oct 5, 2017

@jgangemi

This comment has been minimized.

jgangemi commented Oct 5, 2017

not at the moment, but maybe later today. i'm not sure how the pool would affect this given there are no issues w/ older version of the driver.

@davecramer

This comment has been minimized.

Member

davecramer commented Oct 5, 2017

@jgangemi

This comment has been minimized.

jgangemi commented Oct 5, 2017

it works in 42.0.0 and then breaks in anything past it. 42.1.0 introduced PR #774 which is what i believe is causing the breakage.

@jorsol

This comment has been minimized.

Contributor

jorsol commented Oct 5, 2017

This might require a revert of that PR since it's giving problems.

@jkutner do you have any comments on this problem?

@jgangemi

This comment has been minimized.

jgangemi commented Oct 5, 2017

i get what's trying to be accomplished here but i'm not sure how to easily fix it. i believe part of the problem is that the socksNonProxyHosts system property is not being taken into account. the code just checks to see if a proxy is in use and if so, immediately defer.

maybe the lookup could be deferred and if fails to resolve via the proxy it could be tried locally or vice versa.

one way i've worked around this is to just create entries in my local /etc/hosts files for the remote systems that need to be resolved. i realize that won't work for everyone but might help some.

@jkutner

This comment has been minimized.

Contributor

jkutner commented Oct 6, 2017

@jorsol thanks for the ping. I can make a patch quickly if that is preferable to reverting. however, I'm unsure of the best solution. I think we have three options:

  • Explicitly check for localhost, or 127.0.0.1 and disable the deferred host resolution.
  • Attempt to resolve the hostname if the deferred resolution fails (i.e. try to resolve the hostname with new InetSocketAddress if socket.connect fails).
  • Add an option to explicitly disable the deferred resolution (i.e. never use the socks proxy).

How do other libraries/frameworks deal with localhost and a socksProxyHost? There might be a precedent.

@davecramer

This comment has been minimized.

Member

davecramer commented Oct 6, 2017

@jkutner I'd prefer not to revert.

I'm less inclined to add yet another option for this, so I'm inclined to go with checking for localhost

@jkutner

This comment has been minimized.

Contributor

jkutner commented Oct 6, 2017

@davecramer I'm happy to make that change. But I'm still uncertain if it's the correct behavior. If you configure a SOCKS proxy for the Safari browser on the Mac, it tries to resolve localhost through the proxy. There is an option in Preferences to "Bypass proxy settings" for certain Host & Domains.

I'd like to take some time to investigate how other JVM frameworks handle this case.

@davecramer

This comment has been minimized.

Member

davecramer commented Oct 6, 2017

@jkutner thanks, that would be appreciated

@vlsi

This comment has been minimized.

Member

vlsi commented Oct 6, 2017

It looks like http://bugs.java.com/bugdatabase/view_bug.do?bug_id=5001942 was fixed in 1.8u65.
That is 1.8u65+ should be able to get "system settings" for proxy configuration, and it should be able to use socksNonProxyHosts if provided.

@jkutner

This comment has been minimized.

Contributor

jkutner commented Oct 7, 2017

@visi thanks for the info! I'll use this to make a patch.

jkutner added a commit to jkutner/pgjdbc that referenced this issue Oct 9, 2017

fix: Added support for socksNonProxyHosts property (pgjdbc#975)
When a socksProxyHost is configured, there needs to be an escape valve
so that some hosts are resolved immediately. The Java Networking spec[1]
does not specify such an option, but the socksNonProxyHosts is used in the
sun.net.spi.DefaultProxySelector. The behavior is mentioned in bug report
5001942[2]. This commit uses the DefaultProxySelector.select method to
determine if the host should be resolved immediately.

[1] http://docs.oracle.com/javase/8/docs/technotes/guides/net/proxies.html
[2] http://bugs.java.com/bugdatabase/view_bug.do?bug_id=5001942

jkutner added a commit to jkutner/pgjdbc that referenced this issue Oct 9, 2017

fix: Added support for socksNonProxyHosts property (pgjdbc#975)
When a socksProxyHost is configured, there needs to be an escape valve
so that some hosts are resolved immediately. The Java Networking spec[1]
does not specify such an option, but the socksNonProxyHosts is used in the
sun.net.spi.DefaultProxySelector. The behavior is mentioned in bug report
5001942[2]. This commit uses the DefaultProxySelector.select method to
determine if the host should be resolved immediately.

[1] http://docs.oracle.com/javase/8/docs/technotes/guides/net/proxies.html
[2] http://bugs.java.com/bugdatabase/view_bug.do?bug_id=5001942

jkutner added a commit to jkutner/pgjdbc that referenced this issue Oct 9, 2017

fix: Added support for socksNonProxyHosts property (pgjdbc#975)
When a socksProxyHost is configured, there needs to be an escape valve
so that some hosts are resolved immediately. The Java Networking spec[1]
does not specify such an option, but the socksNonProxyHosts is used in the
sun.net.spi.DefaultProxySelector. The behavior is mentioned in bug report
5001942[2]. This commit uses the DefaultProxySelector.select method to
determine if the host should be resolved immediately.

[1] http://docs.oracle.com/javase/8/docs/technotes/guides/net/proxies.html
[2] http://bugs.java.com/bugdatabase/view_bug.do?bug_id=5001942

jkutner added a commit to jkutner/pgjdbc that referenced this issue Oct 9, 2017

fix: Added support for socksNonProxyHosts property (pgjdbc#975)
When a socksProxyHost is configured, there needs to be an escape valve
so that some hosts are resolved immediately. The Java Networking spec[1]
does not specify such an option, but the socksNonProxyHosts is used in the
sun.net.spi.DefaultProxySelector. The behavior is mentioned in bug report
5001942[2]. This commit uses the DefaultProxySelector.select method to
determine if the host should be resolved immediately.

[1] http://docs.oracle.com/javase/8/docs/technotes/guides/net/proxies.html
[2] http://bugs.java.com/bugdatabase/view_bug.do?bug_id=5001942

jkutner added a commit to jkutner/pgjdbc that referenced this issue Oct 9, 2017

fix: Added support for socksNonProxyHosts property (pgjdbc#975)
When a socksProxyHost is configured, there needs to be an escape valve
so that some hosts are resolved immediately. The Java Networking spec[1]
does not specify such an option, but the socksNonProxyHosts is used in the
sun.net.spi.DefaultProxySelector. The behavior is mentioned in bug report
5001942[2]. This commit uses the DefaultProxySelector.select method to
determine if the host should be resolved immediately.

[1] http://docs.oracle.com/javase/8/docs/technotes/guides/net/proxies.html
[2] http://bugs.java.com/bugdatabase/view_bug.do?bug_id=5001942

jkutner added a commit to jkutner/pgjdbc that referenced this issue Oct 19, 2017

fix: Added support for socksNonProxyHosts property (pgjdbc#975)
When a socksProxyHost is configured, there needs to be an escape value
so that some hosts are resolved immediately. The Java Networking spec[1]
does not specify such an option, but the socksNonProxyHosts is used in the
sun.net.spi.DefaultProxySelector. The behavior is mentioned in bug report
5001942[2]. This commit reimplements the logic in the DefaultProxySelector.select
method to determine if the host should be resolved immediately.

[1] http://docs.oracle.com/javase/8/docs/technotes/guides/net/proxies.html
[2] http://bugs.java.com/bugdatabase/view_bug.do?bug_id=5001942

jkutner added a commit to jkutner/pgjdbc that referenced this issue Oct 19, 2017

fix: Added support for socksNonProxyHosts property (pgjdbc#975)
When a socksProxyHost is configured, there needs to be an escape value
so that some hosts are resolved immediately. The Java Networking spec[1]
does not specify such an option, but the socksNonProxyHosts is used in the
sun.net.spi.DefaultProxySelector. The behavior is mentioned in bug report
5001942[2]. This commit reimplements the logic in the DefaultProxySelector.select
method to determine if the host should be resolved immediately.

[1] http://docs.oracle.com/javase/8/docs/technotes/guides/net/proxies.html
[2] http://bugs.java.com/bugdatabase/view_bug.do?bug_id=5001942

jkutner added a commit to jkutner/pgjdbc that referenced this issue Oct 24, 2017

fix: Added support for socksNonProxyHosts property (pgjdbc#975)
When a socksProxyHost is configured, there needs to be an escape value
so that some hosts are resolved immediately. The Java Networking spec[1]
does not specify such an option, but the socksNonProxyHosts is used in the
sun.net.spi.DefaultProxySelector. The behavior is mentioned in bug report
5001942[2]. This commit reimplements the logic in the DefaultProxySelector.select
method to determine if the host should be resolved immediately.

[1] http://docs.oracle.com/javase/8/docs/technotes/guides/net/proxies.html
[2] http://bugs.java.com/bugdatabase/view_bug.do?bug_id=5001942

jkutner added a commit to jkutner/pgjdbc that referenced this issue Oct 25, 2017

fix: Added support for socksNonProxyHosts property (pgjdbc#975)
When a socksProxyHost is configured, there needs to be an escape value
so that some hosts are resolved immediately. The Java Networking spec[1]
does not specify such an option, but the socksNonProxyHosts is used in the
sun.net.spi.DefaultProxySelector. The behavior is mentioned in bug report
5001942[2]. This commit reimplements the logic in the DefaultProxySelector.select
method to determine if the host should be resolved immediately.

[1] http://docs.oracle.com/javase/8/docs/technotes/guides/net/proxies.html
[2] http://bugs.java.com/bugdatabase/view_bug.do?bug_id=5001942

davecramer added a commit that referenced this issue Oct 26, 2017

fix: Added support for socksNonProxyHosts property (#975) (#985)
When a socksProxyHost is configured, there needs to be an escape value
so that some hosts are resolved immediately. The Java Networking spec[1]
does not specify such an option, but the socksNonProxyHosts is used in the
sun.net.spi.DefaultProxySelector. The behavior is mentioned in bug report
5001942[2]. This commit reimplements the logic in the DefaultProxySelector.select
method to determine if the host should be resolved immediately.

[1] http://docs.oracle.com/javase/8/docs/technotes/guides/net/proxies.html
[2] http://bugs.java.com/bugdatabase/view_bug.do?bug_id=5001942

@vlsi vlsi added this to the 42.1.5 milestone Oct 26, 2017

davecramer added a commit to davecramer/pgjdbc that referenced this issue Oct 30, 2017

fix: Added support for socksNonProxyHosts property (pgjdbc#975) (pgjd…
…bc#985)

When a socksProxyHost is configured, there needs to be an escape value
so that some hosts are resolved immediately. The Java Networking spec[1]
does not specify such an option, but the socksNonProxyHosts is used in the
sun.net.spi.DefaultProxySelector. The behavior is mentioned in bug report
5001942[2]. This commit reimplements the logic in the DefaultProxySelector.select
method to determine if the host should be resolved immediately.

[1] http://docs.oracle.com/javase/8/docs/technotes/guides/net/proxies.html
[2] http://bugs.java.com/bugdatabase/view_bug.do?bug_id=5001942

@vlsi vlsi modified the milestones: 42.1.5, 42.2.0 Jan 8, 2018

rhavermans added a commit to bolcom/pgjdbc that referenced this issue Jul 13, 2018

fix: Added support for socksNonProxyHosts property (pgjdbc#975) (pgjd…
…bc#985)

When a socksProxyHost is configured, there needs to be an escape value
so that some hosts are resolved immediately. The Java Networking spec[1]
does not specify such an option, but the socksNonProxyHosts is used in the
sun.net.spi.DefaultProxySelector. The behavior is mentioned in bug report
5001942[2]. This commit reimplements the logic in the DefaultProxySelector.select
method to determine if the host should be resolved immediately.

[1] http://docs.oracle.com/javase/8/docs/technotes/guides/net/proxies.html
[2] http://bugs.java.com/bugdatabase/view_bug.do?bug_id=5001942

rhavermans added a commit to bolcom/pgjdbc that referenced this issue Jul 13, 2018

fix: Added support for socksNonProxyHosts property (pgjdbc#975) (pgjd…
…bc#985)

When a socksProxyHost is configured, there needs to be an escape value
so that some hosts are resolved immediately. The Java Networking spec[1]
does not specify such an option, but the socksNonProxyHosts is used in the
sun.net.spi.DefaultProxySelector. The behavior is mentioned in bug report
5001942[2]. This commit reimplements the logic in the DefaultProxySelector.select
method to determine if the host should be resolved immediately.

[1] http://docs.oracle.com/javase/8/docs/technotes/guides/net/proxies.html
[2] http://bugs.java.com/bugdatabase/view_bug.do?bug_id=5001942
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment