Commit Graph

19 Commits

Author SHA1 Message Date
Daniel Roethlisberger
352b199166 Remove spurious space in netfilter output 2014-11-17 23:41:21 +01:00
Daniel Roethlisberger
6adaf00540 Fix pid_t removal for non-pf engines 2014-11-14 01:00:12 +01:00
Daniel Roethlisberger
c3922d9852 Refactor process lookup out of NAT engine code
Local process lookup is independent of the NAT engine used, it depends
only on the operating system's process enumeration API.  Moving the code
out of NAT lookup also makes it work for static and SNI proxyspecs.
2014-11-14 00:41:27 +01:00
Daniel Roethlisberger
18aca24a2c Return 0 with pid -1 if no process matches 2014-11-13 23:59:18 +01:00
Daniel Roethlisberger
8c21170cd3 Break lines to 80 cols 2014-11-13 23:58:58 +01:00
Daniel Roethlisberger
d9d8674792 Fix memory leak in libproc lookup code 2014-11-10 20:44:26 +01:00
Landon Fuller
9204418c80 Thread pid lookup support through the NAT API.
This exposes the pid lookup code as a standard attribute
of NAT lookup -- if a matching process cannot be found,
or if pid lookup isn't supported by the NAT backend,
a pid of -1 is returned.

This also adds the local_pid to the pxyconn context; this
will be used to populate log strings.
2014-10-18 13:16:02 -06:00
Landon Fuller
bcc74385ab Log the full process path, rather than the MAXCOMLEN-max process name. 2014-10-18 02:34:46 -06:00
Landon Fuller
55e8da7653 Wire up lookup of the local process/socket originating the proxied connection.
This uses Mac OS X's libproc to find the first process that owns
a matching socket. Currently, the results are simply logged;
the next step will be exposing this generically via
the NAT engine lookup API.
2014-10-18 02:23:25 -06:00
Landon Fuller
7a5147cddf Add libproc to the build configuration. 2014-10-18 00:09:26 -06:00
Daniel Roethlisberger
a42db4d3fe Also undefine rdport in Mac pf support hack 2014-01-10 15:09:21 +01:00
Daniel Roethlisberger
6643d832d9 Add experimental support for pf on Mac OS X
Support pf rdr on Mac OS X 10.7, 10.8 and 10.9 by including the missing
Apple headers in the source tree and enable private Apple code.  Since
we are using an interface marked private by Apple, this code is very
experimental.

Issue:		#15
Reported by:	Amit Chowdhary
2014-01-10 15:03:13 +01:00
Daniel Roethlisberger
ca923ee7f1 Update copyright notices to 2014 2014-01-06 14:09:18 +01:00
Daniel Roethlisberger
c972501063 Update copyright notices 2013-04-24 20:36:38 +02:00
Daniel Roethlisberger
6b4b121da2 Fix address family check in netfilter NAT lookup
Use src_addr instead of the (yet to be set) dst_addr for determining the
address family.  Fixes issue #4.
2012-09-27 17:30:19 +02:00
Daniel Roethlisberger
6106940e0c Omit nat_getsockname_lookup_cb() unless it is used 2012-08-06 08:33:39 +02:00
Daniel Roethlisberger
fda4f57aa7 Remove unused IPv6 code for netfilter NAT engine 2012-06-05 23:24:53 +02:00
Daniel Roethlisberger
f76077c00f Undefine IPv6 compat defs to fix nat_version()
For Linux netfilter, IPV6_ORIGINAL_DST and SOL_IPV6 are defined to
SO_ORIGINAL_DST and SOL_IP respectively if they are not defined by the
system headers (they aren't defined on vanilla kernels).  Undefine these
compatibility definitions after use, in order not to mess up the
diagnostic output of nat_version().
2012-04-13 21:14:33 +02:00
Daniel Roethlisberger
4cfdef405a Initial import of sslsplit-0.4.2 2012-04-13 14:47:30 +02:00