Introduce SOCKS5 proxy support #1180
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…oDB instances behind firewalls. JAVA-4347
vbabanin
commented
Aug 16, 2023
| @@ -51,6 +58,27 @@ public static void enableSni(final String host, final SSLParameters sslParameter | |||
| } | |||
| } | |||
|
|
|||
| public static void configureSslSocket(final Socket socket, final SslSettings sslSettings, final InetSocketAddress inetSocketAddress) throws | |||
There was a problem hiding this comment.
The code of this method has been relocated without any alterations from its original location in SocketStreamHelper.java#L9
vbabanin
changed the title
stIncMale
requested changes
Aug 17, 2023
JAVA-4347
JAVA-4347
|
All checks are now passing now. @vbabanin can you manually reconfigure to run the new socks tasks? |
Done, I have added |
stIncMale
requested changes
Aug 19, 2023
driver-reactive-streams/src/main/com/mongodb/reactivestreams/client/MongoClients.java
Outdated
Show resolved
Hide resolved
driver-core/src/main/com/mongodb/connection/SocketSettings.java
Outdated
Show resolved
Hide resolved
driver-core/src/main/com/mongodb/internal/connection/SocksSocket.java
Outdated
Show resolved
Hide resolved
driver-core/src/main/com/mongodb/internal/connection/SocksSocket.java
Outdated
Show resolved
Hide resolved
driver-core/src/main/com/mongodb/internal/connection/SocksSocket.java
Outdated
Show resolved
Hide resolved
driver-core/src/main/com/mongodb/internal/connection/SocksSocket.java
Outdated
Show resolved
Hide resolved
jyemin
reviewed
Aug 21, 2023
stIncMale
requested changes
Aug 21, 2023
driver-core/src/main/com/mongodb/internal/connection/SocketStream.java
Outdated
Show resolved
Hide resolved
Comment on lines
111
to
119
| if (socket != null && !socket.isConnected()) { | ||
| socket.connect(proxyAddress, remainingMillis(timeout)); | ||
| inputStream = socket.getInputStream(); | ||
| outputStream = socket.getOutputStream(); | ||
| } else { | ||
| super.connect(proxyAddress, remainingMillis(timeout)); | ||
| inputStream = getInputStream(); | ||
| outputStream = getOutputStream(); | ||
| } |
There was a problem hiding this comment.
When we call Socket.connect from SocketStream.initializeSocket for a scenario without a proxy, we try in a loop all InetSocketAddresses to which ServerAddress is resolved.
When we call socket.connect/super.connect here while connecting to a proxy, we don't do the same. Instead, we pick a single InetSocketAddress to which ProxySettings.getHost&getPort may be resolved, and do only one attempt.
It seems to me that we should try all IP addresses corresponding to the proxy host when connecting to a proxy, similarly to what we do when we connect to MongoDB directly.
There was a problem hiding this comment.
It is been decided to handle this in a separate DRIVERS ticket because it requires spec changes. I am going to create one.
UPD: DRIVERS-2719
driver-core/src/main/com/mongodb/internal/connection/SocketStream.java
Outdated
Show resolved
Hide resolved
|
I have now reviewed all the changes in the PR. |
Co-authored-by: Valentin Kovalenko <[email protected]>
Co-authored-by: Valentin Kovalenko <[email protected]>
Co-authored-by: Valentin Kovalenko <[email protected]>
Co-authored-by: Valentin Kovalenko <[email protected]>
Co-authored-by: Valentin Kovalenko <[email protected]>
…et.java Co-authored-by: Valentin Kovalenko <[email protected]>
PR fixes. JAVA-4347
jyemin
requested changes
Sep 1, 2023
driver-core/src/test/functional/com/mongodb/client/model/AggregatesTest.java
Outdated
Show resolved
Hide resolved
JAVA-4347
- Eliminate KMIP server configuration from SOCKS5 tests. - Organize SOCKS5 proxy tests into separate tasks for authenticated and non-authenticated scenarios. - Enhance unit test coverage. JAVA-4347
JAVA-4347
stIncMale
reviewed
Sep 5, 2023
stIncMale
reviewed
Sep 5, 2023
driver-reactive-streams/src/main/com/mongodb/reactivestreams/client/MongoClients.java
Outdated
Show resolved
Hide resolved
driver-scala/src/main/scala/org/mongodb/scala/connection/ProxySettings.scala
Outdated
Show resolved
Hide resolved
driver-scala/src/main/scala/org/mongodb/scala/connection/package.scala
Outdated
Show resolved
Hide resolved
driver-core/src/main/com/mongodb/connection/SocketSettings.java
Outdated
Show resolved
Hide resolved
stIncMale
reviewed
Sep 5, 2023
…lient/MongoClients.java Co-authored-by: Valentin Kovalenko <[email protected]>
Co-authored-by: Valentin Kovalenko <[email protected]>
Co-authored-by: Valentin Kovalenko <[email protected]>
Co-authored-by: Valentin Kovalenko <[email protected]>
Co-authored-by: Valentin Kovalenko <[email protected]>
JAVA-4347
JAVA-4347
JAVA-4347
…sult report. JAVA-4347
jyemin
approved these changes
Sep 5, 2023
.evergreen/.evg.yml
Outdated
| matrix_spec: { os: "linux", ssl: ["nossl", "ssl"], version: [ "latest" ], topology: ["replicaset"] } | ||
| display_name: "Socks5: ${version} ${topology} ${ssl} ${jdk} ${os}" | ||
| matrix_spec: { os: "linux", ssl: ["nossl", "ssl"], version: [ "latest" ], topology: ["replicaset"], socks_auth: ["auth", "noauth"] } | ||
| display_name: "${socks_auth} SOCKS5 proxy: ${version} ${topology} ${ssl} ${jdk} ${os}" |
There was a problem hiding this comment.
Let's move socks_auth after SOCKS5 proxy so that they sort together in the display
stIncMale
reviewed
Sep 6, 2023
driver-sync/src/test/functional/com/mongodb/client/Socks5ProseTest.java
Outdated
Show resolved
Hide resolved
driver-core/src/main/com/mongodb/internal/connection/SocksSocket.java
Outdated
Show resolved
Hide resolved
driver-core/src/main/com/mongodb/internal/connection/SocksSocket.java
Outdated
Show resolved
Hide resolved
stIncMale
reviewed
Sep 6, 2023
driver-core/src/main/com/mongodb/internal/connection/SocksSocket.java
Outdated
Show resolved
Hide resolved
JAVA-4347
stIncMale
approved these changes
Sep 7, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary:
The MongoDB community has expressed the need for SOCKS5 proxy support. This PR introduces support for SOCKS5 proxy configuration for the synchronous version of the driver.
Changes:
Added support for configuring SOCKS5 proxy settings in MongoClientSettings, AutoEncryptionSettings and ClientEncryptionSettings.
Added SocksSocket which implements RFC19128 and RFC1929
Impact:
This feature enhances the driver's versatility and expands its usability in diverse networking scenarios. With this addition, users facing network restrictions, such as those accessing MongoDB deployments behind firewalls, can now seamlessly connect and interact with their databases.
Related links:
Specification
JAVA-4347