blob: 1a474e946814a3884728a22f38e9a2f33a5015cf (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
|
import subprocess
import lsof
"""
Doing this the "right" way by using DIOCNATLOOK on the pf device turns out
to be a pain. Apple has made a number of modifications to the data
structures returned, and compiling userspace tools to test and work with
this turns out to be a pain in the ass. Parsing lsof output is short,
simple, and works.
"""
class Resolver:
STATECMD = ("sudo", "-n", "/usr/sbin/lsof", "-n", "-P", "-i", "TCP")
def __init__(self):
pass
def original_addr(self, csock):
peer = csock.getpeername()
try:
stxt = subprocess.check_output(self.STATECMD, stderr=subprocess.STDOUT)
except subprocess.CalledProcessError:
return None
return lsof.lookup(peer[0], peer[1], stxt)
|