From 70e08c880cadc5b87eb5187787a65c7857e0750c Mon Sep 17 00:00:00 2001
From: Maximilian Hils <git@maximilianhils.com>
Date: Thu, 18 Feb 2021 23:07:18 +0100
Subject: [PATCH] don't reuse closed connections, refs #4451 (#4458)

---
 CHANGELOG.md                                  |  1 +
 mitmproxy/proxy/layers/http/__init__.py       |  1 +
 test/mitmproxy/proxy/layers/http/test_http.py | 23 +++++++++++++++++++
 3 files changed, 25 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 516d1b2f0..c0901cbe1 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -56,6 +56,7 @@ If you depend on these features, please raise your voice in
 * `--modify-headers` now works correctly when modifying a header that is also part of the filter expression (@Prinzhorn)
 * Fix SNI-related reproducibility issues when exporting to curl/httpie commands. (@dkasak)
 * Add option `export_preserve_original_ip` to force exported command to connect to IP from original request. Only supports curl at the moment. (@dkasak)
+* Major proxy protocol testing (@r00t-)
 * --- TODO: add new PRs above this line ---
 * ... and various other fixes, documentation improvements, dependency version bumps, etc.
 
diff --git a/mitmproxy/proxy/layers/http/__init__.py b/mitmproxy/proxy/layers/http/__init__.py
index ba294f003..76b38e3e9 100644
--- a/mitmproxy/proxy/layers/http/__init__.py
+++ b/mitmproxy/proxy/layers/http/__init__.py
@@ -628,6 +628,7 @@ class HttpLayer(layer.Layer):
                 h2_to_h1 = self.context.client.alpn == b"h2" and not conn_is_pending_or_h2
                 connection_suitable = (
                     event.connection_spec_matches(connection)
+                    and connection.connected
                     and not h2_to_h1
                 )
                 if connection_suitable:
diff --git a/test/mitmproxy/proxy/layers/http/test_http.py b/test/mitmproxy/proxy/layers/http/test_http.py
index 875d34e39..c8608e3a1 100644
--- a/test/mitmproxy/proxy/layers/http/test_http.py
+++ b/test/mitmproxy/proxy/layers/http/test_http.py
@@ -969,3 +969,26 @@ def test_upgrade(tctx, proto):
             << Log("Sent HTTP 101 response, but no protocol is enabled to upgrade to.", "warn")
             << CloseConnection(tctx.client)
         )
+
+
+def test_dont_reuse_closed(tctx):
+    """Test that a closed connection is not reused."""
+    server = Placeholder(Server)
+    server2 = Placeholder(Server)
+    assert (
+            Playbook(http.HttpLayer(tctx, HTTPMode.regular), hooks=False)
+            >> DataReceived(tctx.client, b"GET http://example.com/ HTTP/1.1\r\nHost: example.com\r\n\r\n")
+            << OpenConnection(server)
+            >> reply(None)
+            << SendData(server, b"GET / HTTP/1.1\r\nHost: example.com\r\n\r\n")
+            >> DataReceived(server, b"HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\n")
+            << SendData(tctx.client, b"HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\n")
+            >> ConnectionClosed(server)
+            << CloseConnection(server)
+            >> DataReceived(tctx.client, b"GET http://example.com/two HTTP/1.1\r\nHost: example.com\r\n\r\n")
+            << OpenConnection(server2)
+            >> reply(None)
+            << SendData(server2, b"GET /two HTTP/1.1\r\nHost: example.com\r\n\r\n")
+            >> DataReceived(server2, b"HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\n")
+            << SendData(tctx.client, b"HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\n")
+    )