Use lsof instead of pfctl to find target host on OSX in transparent mode.
This commit is contained in:
parent
82cb1dae41
commit
ffeede9b39
|
@ -1,3 +1,4 @@
|
|||
import re
|
||||
|
||||
def lookup(address, port, s):
|
||||
"""
|
||||
|
@ -8,9 +9,9 @@ def lookup(address, port, s):
|
|||
"""
|
||||
spec = "%s:%s"%(address, port)
|
||||
for i in s.split("\n"):
|
||||
if "ESTABLISHED:ESTABLISHED" in i and spec in i:
|
||||
s = i.split()
|
||||
if len(s) > 4:
|
||||
s = s[4].split(":")
|
||||
if "ESTABLISHED" in i and spec in i:
|
||||
m = re.match(".* (\S*)->%s" % spec, i)
|
||||
if m:
|
||||
s = m.group(1).split(":")
|
||||
if len(s) == 2:
|
||||
return s[0], int(s[1])
|
|
@ -1,16 +1,16 @@
|
|||
import subprocess
|
||||
import pf
|
||||
import lsof
|
||||
|
||||
"""
|
||||
Doing this the "right" way by using DIOCNATLOOK on the pf device turns out
|
||||
to be a pain. Apple has made a number of modifications to the data
|
||||
structures returned, and compiling userspace tools to test and work with
|
||||
this turns out to be a pain in the ass. Parsing pfctl output is short,
|
||||
this turns out to be a pain in the ass. Parsing lsof output is short,
|
||||
simple, and works.
|
||||
"""
|
||||
|
||||
class Resolver:
|
||||
STATECMD = ("sudo", "-n", "/sbin/pfctl", "-s", "state")
|
||||
STATECMD = ("sudo", "-n", "/usr/sbin/lsof", "-n", "-P", "-i", "TCP")
|
||||
def __init__(self):
|
||||
pass
|
||||
|
||||
|
@ -20,4 +20,4 @@ class Resolver:
|
|||
stxt = subprocess.check_output(self.STATECMD, stderr=subprocess.STDOUT)
|
||||
except subprocess.CalledProcessError:
|
||||
return None
|
||||
return pf.lookup(peer[0], peer[1], stxt)
|
||||
return lsof.lookup(peer[0], peer[1], stxt)
|
||||
|
|
Loading…
Reference in New Issue