minor improvements, add tests for ipv4-mapped addresses

This commit is contained in:
Maximilian Hils 2017-12-12 13:58:17 +01:00
parent d181b4643f
commit 0fb48bc6a7
3 changed files with 5 additions and 4 deletions

View File

@ -1,7 +1,6 @@
import subprocess
from . import pf
import re
"""
Doing this the "right" way by using DIOCNATLOOK on the pf device turns out
@ -16,7 +15,6 @@ import re
"""
STATECMD = ("sudo", "-n", "/sbin/pfctl", "-s", "state")
ipv4_mapped = re.compile("^::ffff:\d+.\d+.\d+.\d+$")
def original_addr(csock):
@ -35,6 +33,4 @@ def original_addr(csock):
raise RuntimeError(
"Insufficient privileges to access pfctl. "
"See http://docs.mitmproxy.org/en/latest/transparent/osx.html for details.")
if ipv4_mapped.match(peer[0]):
return pf.lookup(peer[0].replace("::ffff:", ""), peer[1], stxt)
return pf.lookup(peer[0], peer[1], stxt)

View File

@ -1,3 +1,4 @@
import re
import sys
@ -8,6 +9,9 @@ def lookup(address, port, s):
Returns an (address, port) tuple, or None.
"""
# We may get an ipv4-mapped ipv6 address here, e.g. ::ffff:127.0.0.1.
# Those still appear as "127.0.0.1" in the table, so we need to strip the prefix.
address = re.sub("^::ffff:(?=\d+.\d+.\d+.\d+$)", "", address)
s = s.decode()
spec = "%s:%s" % (address, port)
for i in s.split("\n"):

View File

@ -15,6 +15,7 @@ class TestLookup:
d = f.read()
assert pf.lookup("192.168.1.111", 40000, d) == ("5.5.5.5", 80)
assert pf.lookup("::ffff:192.168.1.111", 40000, d) == ("5.5.5.5", 80)
with pytest.raises(Exception, match="Could not resolve original destination"):
pf.lookup("192.168.1.112", 40000, d)
with pytest.raises(Exception, match="Could not resolve original destination"):