From ffeede9b39c8d269766fd56d02eb7e78d8d13bb2 Mon Sep 17 00:00:00 2001
From: Ivaylo Popov <popov.ivo@gmail.com>
Date: Mon, 27 May 2013 23:09:42 -0400
Subject: Use lsof instead of pfctl to find target host on OSX in transparent
 mode.

---
 libmproxy/platform/lsof.py | 17 +++++++++++++++++
 libmproxy/platform/osx.py  |  8 ++++----
 libmproxy/platform/pf.py   | 16 ----------------
 3 files changed, 21 insertions(+), 20 deletions(-)
 create mode 100644 libmproxy/platform/lsof.py
 delete mode 100644 libmproxy/platform/pf.py

diff --git a/libmproxy/platform/lsof.py b/libmproxy/platform/lsof.py
new file mode 100644
index 00000000..25c0e33f
--- /dev/null
+++ b/libmproxy/platform/lsof.py
@@ -0,0 +1,17 @@
+import re
+
+def lookup(address, port, s):
+    """
+        Parse the pfctl state output s, to look up the destination host
+        matching the client (address, port).
+
+        Returns an (address, port) tuple, or None.
+    """
+    spec = "%s:%s"%(address, port)
+    for i in s.split("\n"):
+        if "ESTABLISHED" in i and spec in i:
+            m = re.match(".* (\S*)->%s" % spec, i)
+            if m:
+                s = m.group(1).split(":")
+                if len(s) == 2:
+                    return s[0], int(s[1])
diff --git a/libmproxy/platform/osx.py b/libmproxy/platform/osx.py
index dda5d9af..1a474e94 100644
--- a/libmproxy/platform/osx.py
+++ b/libmproxy/platform/osx.py
@@ -1,16 +1,16 @@
 import subprocess
-import pf
+import lsof
 
 """
     Doing this the "right" way by using DIOCNATLOOK on the pf device turns out
     to be a pain. Apple has made a number of modifications to the data
     structures returned, and compiling userspace tools to test and work with
-    this turns out to be a pain in the ass. Parsing pfctl output is short,
+    this turns out to be a pain in the ass. Parsing lsof output is short,
     simple, and works.
 """
 
 class Resolver:
-    STATECMD = ("sudo", "-n", "/sbin/pfctl", "-s", "state")
+    STATECMD = ("sudo", "-n", "/usr/sbin/lsof", "-n", "-P", "-i", "TCP")
     def __init__(self):
         pass
 
@@ -20,4 +20,4 @@ class Resolver:
             stxt = subprocess.check_output(self.STATECMD, stderr=subprocess.STDOUT)
         except subprocess.CalledProcessError:
             return None
-        return pf.lookup(peer[0], peer[1], stxt)
+        return lsof.lookup(peer[0], peer[1], stxt)
diff --git a/libmproxy/platform/pf.py b/libmproxy/platform/pf.py
deleted file mode 100644
index 062d3311..00000000
--- a/libmproxy/platform/pf.py
+++ /dev/null
@@ -1,16 +0,0 @@
-
-def lookup(address, port, s):
-    """
-        Parse the pfctl state output s, to look up the destination host
-        matching the client (address, port).
-
-        Returns an (address, port) tuple, or None.
-    """
-    spec = "%s:%s"%(address, port)
-    for i in s.split("\n"):
-        if "ESTABLISHED:ESTABLISHED" in i and spec in i:
-            s = i.split()
-            if len(s) > 4:
-                s = s[4].split(":")
-                if len(s) == 2:
-                    return s[0], int(s[1])
-- 
cgit v1.2.3