java.net.Socket should report the attempted address and port

Michael McMahon michael.x.mcmahon at oracle.com
Mon Apr 23 13:13:55 UTC 2018


I agree we should do something about this. I will make some enquiries with
the security folks here as to what might be permitted. I suspect either 
some kind
of debugging property/switch to enable it, or the limited information 
only being
provided when a security manager is enabled, might work.

I will get back with a firm proposal.

Thanks,

Michael.

On 23/04/2018, 10:05, Péter Gergely Horváth wrote:
> Hi Tobias,
>
> Thank you for pointing me to that thread: it's good to have that 
> context (it was sent before I joined the mailing list, so please bear 
> with me).
>
> I understand the JDK developers want to be safe than sorry around 
> reporting target addresses and I absolutely agree with that point.
>
> However considering how useful it would be to have this _optionally_ 
> for debugging, I am wondering if it would be possible to have a 
> dedicated Java system property defined for this (e.g. 
> 'java.net.socket.reportAddressInException' or something like that), 
> which would enable this behaviour (retaining the current behaviour of 
> *not reporting anything by default.*).
>
> What do you think about this, guys? With this in place both the 
> secure-by-default requirement would be met, and there would be a 
> powerful tool available to fight the horrors of debugging a running 
> complex distributed application from its logs.
>
> Thanks,
> Peter
>
>
>
>
>
> On Sun, Apr 22, 2018 at 10:21 PM, James Roper <james at lightbend.com 
> <mailto:james at lightbend.com>> wrote:
>
>     This would be especially useful in asynchronous applications -
>     since in those cases the exception rarely maps back to a place in
>     user code that would indicate what is being connected to. As
>     someone who has spent a lot of time supporting developers who use
>     asynchronous libraries and post exceptions of this nature
>     (supporting both in open source, eg on stack overflow, as well as
>     providing commercial support), where I don't have access to their
>     code base so I can't do the necessary investigations directly
>     myself, having the attempted address and port in the error message
>     would save a lot of time, and probably even prevent a lot of
>     people from requiring support in the first place.
>
>     On 22 April 2018 at 20:59, Péter Gergely Horváth
>     <peter.gergely.horvath at gmail.com
>     <mailto:peter.gergely.horvath at gmail.com>> wrote:
>
>         Hi All,
>
>         I am wondering if it would be possible to make a minor
>         improvement to the way *java.net.Socket* reports connectivity
>         errors and incorporate the attempted address, port and the
>         timeout used into the exception message.
>
>         The current implementation emits a generic error message,
>         which is not that helpful when one is operating a _large_
>         application. (Consider e.g. Big Data or complex legacy systems
>         written by someone else).
>
>         java.net.ConnectException: Connection refused (Connection refused)
>         at java.net.PlainSocketImpl.socketConnect(Native Method)
>         at java.net
>         <http://java.net>.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:350)
>         at java.net
>         <http://java.net>.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
>         at java.net
>         <http://java.net>.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
>         at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
>         at java.net.Socket.connect(Socket.java:589)
>         at java.net.Socket.connect(Socket.java:538)
>         at java.net.Socket.<init>(Socket.java:434)
>         at java.net.Socket.<init>(Socket.java:211)
>         at Sample.main(Sample.java:9)
>
>
>         I have looked into the JDK code base and implemented a patch
>         that reports the address, port and timeout used in the error
>         message without touching any native parts (see attached patch
>         file). I have tested this (created my own build of the JDK and
>         run a sample application against it) and it seems to work
>         properly.
>
>         Would it be possible to incorporate this change into the
>         official JDK code base? I do believe it would help a lot of
>         people out there.
>
>         Based on my understanding, once I have signed the OCA, I
>         should simply write an email to the group and request
>         a sponsor to pick up this issue. Could someone help me with this?
>
>         Thank you,
>         Peter
>
>
>
>
>
>
>
>
>
>
>     -- 
>     *James Roper*
>     /Senior Octonaut/
>
>     Lightbend <https://www.lightbend.com/> – Build reactive apps!
>     Twitter: @jroper <https://twitter.com/jroper>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.openjdk.java.net/pipermail/net-dev/attachments/20180423/40d19140/attachment-0001.html>


More information about the net-dev mailing list