Fix up assorted SOCKS issues & limit interception to non-proxy traffic

Plan is to ship like this, with it only used on non-proxy traffic on
HTTP ports (very limited) and then slowly widen the net: move to all
ports with exclusions, and then potentially SOCKS over all to give us a
single consistent tunneling model (and later, metadata) everywhere.

Author: pimterry

app/src/main/java/tech/httptoolkit/android/ProxyDetails.kt

@@ -87,6 +87,7 @@ data class ProxyConfig(
      * Preferred capture protocol for this proxy. If null, only the default RAW
      * HTTP redirect behavior is supported.
      */
+    @Json(serializeNull = false)
     val captureProtocol: ProxyCaptureProtocol?
 ) : Parcelable
 

app/src/main/java/tech/httptoolkit/android/vpn/README.md

@@ -17,4 +17,6 @@ Some quick notes on how this all hangs together:
 * SessionManager allows opening and closing upstream sessions and their channels (TCP/UDP connections), registering each channel with `SocketNIODataService`.
 * SocketNIODataService runs on a single thread, using NIO to write VPN-received data from the session to the upstream channel when the channel is available, and to read data from upstream channels when it's received.
 * Data is sent back into the VPN (by both SessionHandler and the NIO thread) via ClientPacketWriter, which runs on its own thread, looping on a blocking queue to do each requested write.
-* SessionManager can be configured with traffic redirections, to redirect traffic on certain ports to different destinations (e.g. all outgoing traffic on 80/443 to a transparent proxy server).
+* SessionManager takes a CaptureController, which defines which traffic to modify and how.
+* CaptureController uses the destination address and the port capture configuration of the app to decide which packets to capture.
+* To capture them, SessionManager attaches a ProxyProtocolHandler (build by CaptureController) which captures the traffic according to the configured proxy protocol (e.g. raw redirection, SOCKS, etc).

app/src/main/java/tech/httptoolkit/android/vpn/SessionManager.java

@@ -182,16 +182,19 @@ public Session createNewTCPSession(int ip, int port, int srcIp, int srcPort) thr
 		if (existingSession != null) return existingSession;
 
 		String ips = PacketUtil.intToIPAddress(ip);
-		boolean shouldCapture = captureController.shouldCapture(ips, port);
-		SocketAddress socketAddress = shouldCapture
-				? captureController.getProxyAddress()
-				: new InetSocketAddress(ips, port);
-
-		ProxyProtocolHandler proxyHandler = shouldCapture
-				? captureController.getProxyHandler(ips, port)
-				: null;
-
-		Session session = new Session(SessionProtocol.TCP, srcIp, srcPort, ip, port, this, proxyHandler);
+		InetSocketAddress originalDestinationAddress = new InetSocketAddress(ips, port);
+		boolean shouldCapture = captureController.shouldCapture(originalDestinationAddress);
+
+		SocketAddress sessionAddress;
+		Session session;
+
+		if (shouldCapture) {
+			sessionAddress = captureController.getProxyAddress();
+			session = new Session(SessionProtocol.TCP, srcIp, srcPort, ip, port, this, captureController.getProxyHandler(ips, port));
+		} else {
+			sessionAddress = originalDestinationAddress;
+			session = new Session(SessionProtocol.TCP, srcIp, srcPort, ip, port, this, null);
+		}
 
 		SocketChannel channel;
 		channel = SocketChannel.open();
@@ -209,8 +212,8 @@ public Session createNewTCPSession(int ip, int port, int srcIp, int srcPort) thr
 		session.setChannel(channel);
 
 		// Initiate connection straight away, to reduce latency
-		Log.d(TAG,"Initiate connecting to remote tcp server: " + socketAddress.toString());
-		boolean connected = channel.connect(socketAddress);
+		Log.d(TAG,"Initiate connecting to remote tcp server: " + sessionAddress.toString());
+		boolean connected = channel.connect(sessionAddress);
 		session.setConnected(connected);
 
 		table.put(key, session);

app/src/main/java/tech/httptoolkit/android/vpn/capture/CaptureController.java

@@ -1,21 +1,12 @@
 package tech.httptoolkit.android.vpn.capture;
 
 import java.net.InetSocketAddress;
+import java.net.SocketAddress;
 import java.util.List;
 
 import tech.httptoolkit.android.ProxyConfig;
 import tech.httptoolkit.android.ProxyCaptureProtocol;
 
-/*
-Reader: in SocketChannelReader, we get data from the server and then push it to the client.
-    This needs to somehow push to the protocol handler instead until it's done.
-    Could be in session, but feels like that's doing too much already.
-
-Writer: NIO calls SocketChannelWriter.write, IFF session have data available (need to override that check somehow)
-    SCW.write writes client data to upstream server connection
-    Should instead write directly into protocol handler
- */
-
 public class CaptureController {
 
     private final InetSocketAddress proxyAddress;
@@ -40,11 +31,9 @@ public InetSocketAddress getProxyAddress() {
         return proxyAddress;
     }
 
-    public boolean shouldCapture(
-            String destIp,
-            int destPort
-    ) {
-        return this.portsToCapture.contains(destPort);
+    public boolean shouldCapture(InetSocketAddress destAddress) {
+        return !destAddress.equals(proxyAddress) &&
+                this.portsToCapture.contains(destAddress.getPort());
     }
 
     public ProxyProtocolHandler getProxyHandler(

app/src/main/java/tech/httptoolkit/android/vpn/capture/ProxyProtocolHandler.java

@@ -64,16 +64,4 @@ public boolean isPending() {
     public boolean hasFailed() {
         return state == State.FAILED;
     }
-    
-    public State getState() {
-        return state;
-    }
-    
-    public String getOriginalDestIp() {
-        return originalDestIp;
-    }
-    
-    public int getOriginalDestPort() {
-        return originalDestPort;
-    }
 }

app/src/main/java/tech/httptoolkit/android/vpn/capture/SOCKS5Handler.java

@@ -84,6 +84,7 @@ public void processHandshakeData(ByteBuffer data) {
                 } else {
                     Log.e(TAG, "SOCKS5 auth failed");
                     state = State.FAILED;
+                    throw new RuntimeException("SOCKS5 authentication failed");
                 }
                 return;
 
@@ -95,11 +96,13 @@ public void processHandshakeData(ByteBuffer data) {
                 } else {
                     Log.e(TAG, "SOCKS5 connect failed");
                     state = State.FAILED;
+                    throw new RuntimeException("SOCKS5 connection request failed");
                 }
                 return;
 
             default:
                 Log.w(TAG, "Unexpected data in SOCKS5 state: " + socksState);
+                throw new RuntimeException("Unexpected data in SOCKS5 state: " + socksState);
         }
     }
 }

app/src/main/java/tech/httptoolkit/android/vpn/socket/SocketChannelReader.java

@@ -102,7 +102,6 @@ private void readTCP(@NonNull Session session) {
 					readBuffer.limit(len);
 					readBuffer.flip();
 					sendToRequester(readBuffer, session);
-					readBuffer.clear();
 				} else if (len == -1) {
 					Log.d(TAG,"End of data from remote server, will send FIN to client");
 					Log.d(TAG,"send FIN to: " + session);
@@ -225,7 +224,6 @@ private void readUDP(Session session){
 					//create UDP packet
 					byte[] packetData = UDPPacketFactory.createResponsePacket(
 							session.getLastIpHeader(), session.getLastUdpHeader(), readBuffer);
-					readBuffer.clear();
 
 					//write to client
 					writer.write(packetData);