From 2704963e6134d63304dfca5cf5893017ffd739e7 Mon Sep 17 00:00:00 2001 From: Zack B Date: Tue, 1 Jul 2014 14:37:52 -0700 Subject: add resolver for FreeBSD using pfctl --- libmproxy/platform/__init__.py | 3 +++ libmproxy/platform/osx.py | 4 ++++ libmproxy/platform/pf.py | 8 +++++++- 3 files changed, 14 insertions(+), 1 deletion(-) diff --git a/libmproxy/platform/__init__.py b/libmproxy/platform/__init__.py index 09197ded..79f2f5df 100644 --- a/libmproxy/platform/__init__.py +++ b/libmproxy/platform/__init__.py @@ -7,3 +7,6 @@ if sys.platform == "linux2": elif sys.platform == "darwin": import osx resolver = osx.Resolver +elif "freebsd" in sys.platform: + import osx + resolver = osx.Resolver diff --git a/libmproxy/platform/osx.py b/libmproxy/platform/osx.py index dda5d9af..3a91ac2b 100644 --- a/libmproxy/platform/osx.py +++ b/libmproxy/platform/osx.py @@ -7,6 +7,10 @@ import pf structures returned, and compiling userspace tools to test and work with this turns out to be a pain in the ass. Parsing pfctl output is short, simple, and works. + + Note: Also Tested with FreeBSD 10 pkgng Python 2.7.x. + Should work almost exactly as on Mac OS X and except with some changes to + the output processing of pfctl (see pf.py). """ class Resolver: diff --git a/libmproxy/platform/pf.py b/libmproxy/platform/pf.py index 062d3311..32529e59 100644 --- a/libmproxy/platform/pf.py +++ b/libmproxy/platform/pf.py @@ -1,3 +1,4 @@ +import sys def lookup(address, port, s): """ @@ -11,6 +12,11 @@ def lookup(address, port, s): if "ESTABLISHED:ESTABLISHED" in i and spec in i: s = i.split() if len(s) > 4: - s = s[4].split(":") + if "freebsd" in sys.platform: + # strip parentheses for FreeBSD pfctl + s = s[3][1:-1].split(":") + else: + s = s[4].split(":") + if len(s) == 2: return s[0], int(s[1]) -- cgit v1.2.3 From e601ade924681773b406e5c816aee8886c75b2d4 Mon Sep 17 00:00:00 2001 From: Zack B Date: Tue, 1 Jul 2014 15:08:42 -0700 Subject: only support FreeBSD 10+ --- libmproxy/platform/__init__.py | 2 +- libmproxy/platform/pf.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/libmproxy/platform/__init__.py b/libmproxy/platform/__init__.py index 79f2f5df..7f570133 100644 --- a/libmproxy/platform/__init__.py +++ b/libmproxy/platform/__init__.py @@ -7,6 +7,6 @@ if sys.platform == "linux2": elif sys.platform == "darwin": import osx resolver = osx.Resolver -elif "freebsd" in sys.platform: +elif sys.platform == "freebsd10": import osx resolver = osx.Resolver diff --git a/libmproxy/platform/pf.py b/libmproxy/platform/pf.py index 32529e59..dc0f6104 100644 --- a/libmproxy/platform/pf.py +++ b/libmproxy/platform/pf.py @@ -12,7 +12,7 @@ def lookup(address, port, s): if "ESTABLISHED:ESTABLISHED" in i and spec in i: s = i.split() if len(s) > 4: - if "freebsd" in sys.platform: + if sys.platform == "freebsd10": # strip parentheses for FreeBSD pfctl s = s[3][1:-1].split(":") else: -- cgit v1.2.3 From 64c265b71037ae9074bbaef33f3a168987b1090f Mon Sep 17 00:00:00 2001 From: Zack B Date: Tue, 1 Jul 2014 16:33:48 -0700 Subject: added unit test update. coverage still at 97% --- test/data/pf02 | 4 ++++ test/test_platform_pf.py | 12 +++++++----- 2 files changed, 11 insertions(+), 5 deletions(-) create mode 100644 test/data/pf02 diff --git a/test/data/pf02 b/test/data/pf02 new file mode 100644 index 00000000..e4dc18b3 --- /dev/null +++ b/test/data/pf02 @@ -0,0 +1,4 @@ +No ALTQ support in kernel +ALTQ related functions disabled +all tcp 127.0.0.1:8080 (5.5.5.6:80) <- 192.168.1.111:40001 FIN_WAIT_2:FIN_WAIT_2 +all tcp 127.0.0.1:8080 (5.5.5.5:80) <- 192.168.1.111:40000 ESTABLISHED:ESTABLISHED diff --git a/test/test_platform_pf.py b/test/test_platform_pf.py index f048fdcc..d617cd87 100644 --- a/test/test_platform_pf.py +++ b/test/test_platform_pf.py @@ -1,13 +1,15 @@ -import tutils +import tutils, sys from libmproxy.platform import pf class TestLookup: def test_simple(self): - p = tutils.test_data.path("data/pf01") - d = open(p,"rb").read() + if sys.platform == "freebsd10": + p = tutils.test_data.path("data/pf02") + d = open(p,"rb").read() + else: + p = tutils.test_data.path("data/pf01") + d = open(p,"rb").read() assert pf.lookup("192.168.1.111", 40000, d) == ("5.5.5.5", 80) assert not pf.lookup("192.168.1.112", 40000, d) assert not pf.lookup("192.168.1.111", 40001, d) - - -- cgit v1.2.3