2012-12-31 22:13:56 +00:00
|
|
|
import subprocess
|
2013-05-28 03:09:42 +00:00
|
|
|
import lsof
|
2012-09-16 23:05:20 +00:00
|
|
|
|
2012-12-31 22:13:56 +00:00
|
|
|
"""
|
|
|
|
Doing this the "right" way by using DIOCNATLOOK on the pf device turns out
|
|
|
|
to be a pain. Apple has made a number of modifications to the data
|
|
|
|
structures returned, and compiling userspace tools to test and work with
|
2013-05-28 03:09:42 +00:00
|
|
|
this turns out to be a pain in the ass. Parsing lsof output is short,
|
2012-12-31 22:13:56 +00:00
|
|
|
simple, and works.
|
|
|
|
"""
|
2012-06-30 03:42:10 +00:00
|
|
|
|
|
|
|
class Resolver:
|
2013-05-28 03:09:42 +00:00
|
|
|
STATECMD = ("sudo", "-n", "/usr/sbin/lsof", "-n", "-P", "-i", "TCP")
|
2012-09-16 23:05:20 +00:00
|
|
|
def __init__(self):
|
2012-12-31 22:13:56 +00:00
|
|
|
pass
|
2012-09-16 23:05:20 +00:00
|
|
|
|
2012-06-30 03:42:10 +00:00
|
|
|
def original_addr(self, csock):
|
2012-12-31 22:13:56 +00:00
|
|
|
peer = csock.getpeername()
|
2012-12-31 22:24:11 +00:00
|
|
|
try:
|
|
|
|
stxt = subprocess.check_output(self.STATECMD, stderr=subprocess.STDOUT)
|
|
|
|
except subprocess.CalledProcessError:
|
|
|
|
return None
|
2013-05-28 03:09:42 +00:00
|
|
|
return lsof.lookup(peer[0], peer[1], stxt)
|