From d181b4643fbf1dcafecbf7bd06e8cbe2e8d5e09d Mon Sep 17 00:00:00 2001 From: "@Ga_ryo_" Date: Wed, 29 Nov 2017 17:16:39 +0900 Subject: [PATCH 1/2] Fix #2594 --- mitmproxy/platform/osx.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/mitmproxy/platform/osx.py b/mitmproxy/platform/osx.py index f9de1fbf3..40a742e99 100644 --- a/mitmproxy/platform/osx.py +++ b/mitmproxy/platform/osx.py @@ -1,6 +1,7 @@ import subprocess from . import pf +import re """ Doing this the "right" way by using DIOCNATLOOK on the pf device turns out @@ -15,6 +16,7 @@ from . import pf """ STATECMD = ("sudo", "-n", "/sbin/pfctl", "-s", "state") +ipv4_mapped = re.compile("^::ffff:\d+.\d+.\d+.\d+$") def original_addr(csock): @@ -33,4 +35,6 @@ def original_addr(csock): raise RuntimeError( "Insufficient privileges to access pfctl. " "See http://docs.mitmproxy.org/en/latest/transparent/osx.html for details.") + if ipv4_mapped.match(peer[0]): + return pf.lookup(peer[0].replace("::ffff:", ""), peer[1], stxt) return pf.lookup(peer[0], peer[1], stxt) From 0fb48bc6a72bdd6a88e0b9ddbdd64db58a57daf4 Mon Sep 17 00:00:00 2001 From: Maximilian Hils Date: Tue, 12 Dec 2017 13:58:17 +0100 Subject: [PATCH 2/2] minor improvements, add tests for ipv4-mapped addresses --- mitmproxy/platform/osx.py | 4 ---- mitmproxy/platform/pf.py | 4 ++++ test/mitmproxy/platform/test_pf.py | 1 + 3 files changed, 5 insertions(+), 4 deletions(-) diff --git a/mitmproxy/platform/osx.py b/mitmproxy/platform/osx.py index 40a742e99..f9de1fbf3 100644 --- a/mitmproxy/platform/osx.py +++ b/mitmproxy/platform/osx.py @@ -1,7 +1,6 @@ import subprocess from . import pf -import re """ Doing this the "right" way by using DIOCNATLOOK on the pf device turns out @@ -16,7 +15,6 @@ import re """ STATECMD = ("sudo", "-n", "/sbin/pfctl", "-s", "state") -ipv4_mapped = re.compile("^::ffff:\d+.\d+.\d+.\d+$") def original_addr(csock): @@ -35,6 +33,4 @@ def original_addr(csock): raise RuntimeError( "Insufficient privileges to access pfctl. " "See http://docs.mitmproxy.org/en/latest/transparent/osx.html for details.") - if ipv4_mapped.match(peer[0]): - return pf.lookup(peer[0].replace("::ffff:", ""), peer[1], stxt) return pf.lookup(peer[0], peer[1], stxt) diff --git a/mitmproxy/platform/pf.py b/mitmproxy/platform/pf.py index c0397d789..bb5eb5152 100644 --- a/mitmproxy/platform/pf.py +++ b/mitmproxy/platform/pf.py @@ -1,3 +1,4 @@ +import re import sys @@ -8,6 +9,9 @@ def lookup(address, port, s): Returns an (address, port) tuple, or None. """ + # We may get an ipv4-mapped ipv6 address here, e.g. ::ffff:127.0.0.1. + # Those still appear as "127.0.0.1" in the table, so we need to strip the prefix. + address = re.sub("^::ffff:(?=\d+.\d+.\d+.\d+$)", "", address) s = s.decode() spec = "%s:%s" % (address, port) for i in s.split("\n"): diff --git a/test/mitmproxy/platform/test_pf.py b/test/mitmproxy/platform/test_pf.py index 3292d3456..b048a6970 100644 --- a/test/mitmproxy/platform/test_pf.py +++ b/test/mitmproxy/platform/test_pf.py @@ -15,6 +15,7 @@ class TestLookup: d = f.read() assert pf.lookup("192.168.1.111", 40000, d) == ("5.5.5.5", 80) + assert pf.lookup("::ffff:192.168.1.111", 40000, d) == ("5.5.5.5", 80) with pytest.raises(Exception, match="Could not resolve original destination"): pf.lookup("192.168.1.112", 40000, d) with pytest.raises(Exception, match="Could not resolve original destination"):