@Override public final void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception { if(cause instanceof DecoderException && cause != null) { cause = cause.getCause(); } errorHandler.logError(cause, false); if(cause instanceof NotSslRecordException) { log.warn("Someone ({}) speaks transport plaintext instead of ssl, will close the channel", ctx.channel().remoteAddress()); ctx.channel().close(); return; } else if (cause instanceof SSLException) { log.error("SSL Problem "+cause.getMessage(),cause); ctx.channel().close(); return; } else if (cause instanceof SSLHandshakeException) { log.error("Problem during handshake "+cause.getMessage()); ctx.channel().close(); return; } super.exceptionCaught(ctx, cause); }
@Override public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) { // Close the connection when an exception is raised. if (cause instanceof NotSslRecordException) { LOGGER.warn("Invalid SSL/TLS record on channel, closing", cause); } else { LOGGER.error("Uncaught exception, closing", cause); } ctx.close(); }
@Override protected void onException(TcpChannel channel, Exception e) { if (lifecycle.started()) { Throwable cause = e; if(e instanceof DecoderException && e != null) { cause = e.getCause(); } errorHandler.logError(cause, false); if(cause instanceof NotSslRecordException) { logger.warn("Someone ({}) speaks transport plaintext instead of ssl, will close the channel", "??remoteaddress??"); TcpChannel.closeChannel(channel, false); return; } else if (cause instanceof SSLException) { logger.error("SSL Problem "+cause.getMessage(),cause); TcpChannel.closeChannel(channel, false); return; } else if (cause instanceof SSLHandshakeException) { logger.error("Problem during handshake "+cause.getMessage()); TcpChannel.closeChannel(channel, false); return; } } super.onException(channel, e); }
@Override public final void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception { if(SearchGuardSSLNettyTransport.this.lifecycle.started()) { if(cause instanceof DecoderException && cause != null) { cause = cause.getCause(); } errorHandler.logError(cause, false); if(cause instanceof NotSslRecordException) { logger.warn("Someone ({}) speaks transport plaintext instead of ssl, will close the channel", ctx.channel().remoteAddress()); ctx.channel().close(); return; } else if (cause instanceof SSLException) { logger.error("SSL Problem "+cause.getMessage(),cause); ctx.channel().close(); return; } else if (cause instanceof SSLHandshakeException) { logger.error("Problem during handshake "+cause.getMessage()); ctx.channel().close(); return; } } super.exceptionCaught(ctx, cause); }
default void handleUnexpectedException(ChannelHandlerContext ctx, Throwable cause) { if (cause instanceof DecoderException) { if (cause.getCause() instanceof UnsupportedCommandException) { log.debug("Input command is invalid. Closing socket. Reason {}. Address {}", cause.getMessage(), ctx.channel().remoteAddress()); } else if (cause.getCause() instanceof SSLException) { log.debug("Unsecured connection attempt. Channel : {}. Reason : {}", ctx.channel().remoteAddress(), cause.getMessage()); } else { log.error("DecoderException.", cause); } ctx.close(); } else if (cause instanceof NotSslRecordException) { log.debug("Not secure connection attempt detected. {}. IP {}", cause.getMessage(), ctx.channel().remoteAddress()); ctx.close(); } else if (cause instanceof SSLException) { log.warn("SSL exception. {}.", cause.getMessage()); ctx.close(); } else if (cause instanceof IOException) { log.trace("Blynk server IOException.", cause); } else { String message = cause == null ? "" : cause.getMessage(); if (message != null && message.contains("OutOfDirectMemoryError")) { log.error("OutOfDirectMemoryError!!!"); } else { log.error("Unexpected error! Handler class : {}. Name : {}. Reason : {}. Channel : {}.", ctx.handler().getClass(), ctx.name(), message, ctx.channel()); log.debug(cause); } } }
@Override protected final void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) throws Exception { if(this.lifecycle.started()) { if(cause instanceof DecoderException && cause != null) { cause = cause.getCause(); } errorHandler.logError(cause, true); if(cause instanceof NotSslRecordException) { logger.warn("Someone ({}) speaks http plaintext instead of ssl, will close the channel", ctx.channel().remoteAddress()); ctx.channel().close(); return; } else if (cause instanceof SSLException) { logger.error("SSL Problem "+cause.getMessage(),cause); ctx.channel().close(); return; } else if (cause instanceof SSLHandshakeException) { logger.error("Problem during handshake "+cause.getMessage()); ctx.channel().close(); return; } } super.exceptionCaught(ctx, cause); }
/** * returns true is the exception was caused by the connection being closed */ public static boolean shouldNotIgnoreException(Throwable cause) { String message = String.valueOf(cause.getMessage()).toLowerCase(); // is ssl exception if (cause.getCause() instanceof SSLException || cause instanceof DecoderException | cause instanceof NotSslRecordException) { return false; } // first try to match connection reset / broke peer based on the regex. // This is the fastest way but may fail on different jdk impls or OS's if (IGNORABLE_ERROR_MESSAGE.matcher(message).matches()) { return false; } // Inspect the StackTraceElements to see if it was a connection reset / broken pipe or not StackTraceElement[] elements = cause.getStackTrace(); for (StackTraceElement element : elements) { String classname = element.getClassName(); String methodname = element.getMethodName(); // skip all classes that belong to the io.netty package if (classname.startsWith("io.netty.")) { continue; } // check if the method name is read if not skip it if (!"read".equals(methodname)) { continue; } // This will also match against SocketInputStream which is used by openjdk 7 and maybe // also others if (IGNORABLE_CLASS_IN_STACK.matcher(classname).matches()) { return false; } try { // No match by now.. Try to load the class via classloader and inspect it. // This is mainly done as other JDK implementations may differ in name of // the impl. Class<?> clazz = PlatformDependent.getClassLoader(ExceptionHandler.class).loadClass(classname); if (SocketChannel.class.isAssignableFrom(clazz) || DatagramChannel.class.isAssignableFrom(clazz)) { return false; } // also match against SctpChannel via String matching as it may not present. if (PlatformDependent.javaVersion() >= 7 && "com.sun.nio.sctp.SctpChannel".equals(clazz.getSuperclass().getName())) { return false; } } catch (ClassNotFoundException e) { // This should not happen just ignore } } return true; }
private boolean isNotSslException(Throwable cause) { return !(cause.getCause() instanceof SSLException || cause instanceof DecoderException | cause instanceof NotSslRecordException); }
