powered by Jive Software

Bad address request to socks proxy

Hello, I have spark-2.9.4 on debian gnu/linux 10 and we use SOCKS proxy in our company’s network.
connecting to external XMPP server outside over SOCKS fails:

júl 21, 2021 10:35:31 AM org.jivesoftware.spark.util.log.Log error
SEVERE: Exception in Login:
org.jivesoftware.smack.SmackException$ConnectionException: The following addresses failed: ‘xxx.redacted.sk:5222’ failed because: java.io.IOException: SOCKS: Connection not allowed by ruleset
at org.jivesoftware.smack.SmackException$ConnectionException.from(SmackException.java:292)

packet capture says that spark asks SOCKS server to connect to IP address and port of the SOCKS server itself (which fails) instead of connecting to the real server IP/port:

You can see that the requested remote address and port are equal to the address/port of SOCKS Server:

Frame 17: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Raw packet data
Internet Protocol Version 4, Src: 10.x.x.10, Dst: 10.y.y.15
Transmission Control Protocol, Src Port: 60978, Dst Port: 1080, Seq: 5, Ack: 3, Len: 10
Socks Protocol
Version: 5
Command: Connect (1)
Reserved: 0
Address Type: IPv4 (1)
Remote Address: 10.y.y.15
Port: 1080

Frame 18: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Raw packet data
Internet Protocol Version 4, Src: 10.y.y.15, Dst: 10.x.x.10
Transmission Control Protocol, Src Port: 1080, Dst Port: 60978, Seq: 3, Ack: 15, Len: 10
Socks Protocol
Version: 5
Results(V5): Connection not allowed by ruleset (2)
Reserved: 0
Address Type: IPv4 (1)
Remote Address: 10.y.y.15
Port: 1080

this applies to Spark 2.9.4, I am running Debian GNU Linux 10, Spark installed from .deb package downloaded from spark website.

I’m not sure that you’re supposed to be able to connect to an XMPP server over SOCKS5 in the first place. Are you trying to use it as some sort of proxy?

I know of XMPP clients using a SOCKS5 server to transfer files between them, where the bulk of the data would be transferred through the SOCKS server, instead of through the XMPP server - but the actual XMPP connection would also be used by those clients, for all of the ‘normal’ XMPP traffic (and orchestration of the file transfer).

yes, our company policy requires us to use application proxy servers - either HTTP proxy (that allows us to tunnel TCP connections using CONNECT request) or SOCKS which is generic TCP/UDP proxy and allows receiving connections as well. They are even alternatives in spark menu Advanced / Proxy.

HTTP proxy works, spark sends request CONNECT server.example.com:5222
(destination_server:destination_port)
with SOCKS spark sends request to connect sock_ip:1080 which means asking the SOCKS server to connect to itself and SOCKS server refuses.
the requested IP and port should be of cource the destination IP and port of openfire jabber server

this is what wireshark shows:

Frame 17: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Raw packet data
Internet Protocol Version 4, Src: 10.x.x.x, Dst: 10.y.y.y
Transmission Control Protocol, Src Port: 60978, Dst Port: 1080, Seq: 5, Ack: 3, Len: 10
Socks Protocol
Version: 5
Command: Connect (1)
Reserved: 0
Address Type: IPv4 (1)
Remote Address: 10.y.y.y
Port: 1080

Frame 18: 62 bytes on wire (496 bits), 62 bytes captured (496 bits)
Raw packet data
Internet Protocol Version 4, Src: 10.y.y.y, Dst: 10.x.x.x
Transmission Control Protocol, Src Port: 1080, Dst Port: 60978, Seq: 3, Ack: 15, Len: 10
Socks Protocol
Version: 5
Results(V5): Connection not allowed by ruleset (2)
Reserved: 0
Address Type: IPv4 (1)
Remote Address: 10.y.y.y
Port: 1080