From a6e0c7e8f0c20276f2f7cb2d9332a806e8493c18 Mon Sep 17 00:00:00 2001 From: smill Date: Sat, 3 Sep 2016 12:22:09 +0000 Subject: Introduced the capability to spoof the source address of outgoing sessions + an accompanying shim loader. --- netlib/tcp.py | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) (limited to 'netlib/tcp.py') diff --git a/netlib/tcp.py b/netlib/tcp.py index e5c84165..aaea9459 100644 --- a/netlib/tcp.py +++ b/netlib/tcp.py @@ -605,7 +605,7 @@ class ConnectionCloser(object): class TCPClient(_Connection): - def __init__(self, address, source_address=None): + def __init__(self, address, source_address=None, spoof_source_address=None): super(TCPClient, self).__init__(None) self.address = address self.source_address = source_address @@ -613,6 +613,7 @@ class TCPClient(_Connection): self.server_certs = [] self.ssl_verification_error = None # type: Optional[exceptions.InvalidCertificateException] self.sni = None + self.spoof_source_address = spoof_source_address @property def address(self): @@ -729,6 +730,11 @@ class TCPClient(_Connection): def connect(self): try: connection = socket.socket(self.address.family, socket.SOCK_STREAM) + if self.spoof_source_address: + if os.geteuid() != 0: + raise RuntimeError("Insufficient privileges to set socket option") + else: + connection.setsockopt(socket.SOL_IP, 19, 1) if self.source_address: connection.bind(self.source_address()) connection.connect(self.address()) -- cgit v1.2.3 From fbfedbdc8f02bc36191d3fbf0f5cb7756331c89d Mon Sep 17 00:00:00 2001 From: smill Date: Sun, 4 Sep 2016 01:30:27 +0000 Subject: Improved error-handling / supplemented documention. --- netlib/tcp.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'netlib/tcp.py') diff --git a/netlib/tcp.py b/netlib/tcp.py index aaea9459..37460743 100644 --- a/netlib/tcp.py +++ b/netlib/tcp.py @@ -731,10 +731,11 @@ class TCPClient(_Connection): try: connection = socket.socket(self.address.family, socket.SOCK_STREAM) if self.spoof_source_address: - if os.geteuid() != 0: - raise RuntimeError("Insufficient privileges to set socket option") - else: + try: connection.setsockopt(socket.SOL_IP, 19, 1) + except socket.error as e: + raise exceptions.ProtocolException( + "Failed to spoof the source address: " + e.strerror) if self.source_address: connection.bind(self.source_address()) connection.connect(self.address()) @@ -874,6 +875,7 @@ class BaseHandler(_Connection): class Counter: + def __init__(self): self._count = 0 self._lock = threading.Lock() -- cgit v1.2.3 From e278ce6455b63eb9da61f0e92d7f25cbdf881d8b Mon Sep 17 00:00:00 2001 From: smill Date: Sun, 4 Sep 2016 01:35:03 +0000 Subject: Removed a mistakenly inserted newline character. --- netlib/tcp.py | 1 - 1 file changed, 1 deletion(-) (limited to 'netlib/tcp.py') diff --git a/netlib/tcp.py b/netlib/tcp.py index 37460743..1fd0164f 100644 --- a/netlib/tcp.py +++ b/netlib/tcp.py @@ -875,7 +875,6 @@ class BaseHandler(_Connection): class Counter: - def __init__(self): self._count = 0 self._lock = threading.Lock() -- cgit v1.2.3 From 2ecd89fc51676a98c25a80857584923aae9248a1 Mon Sep 17 00:00:00 2001 From: smill Date: Mon, 5 Sep 2016 10:49:39 +0000 Subject: Made it possible to modify the server_conn.connection attribute, using the serverconnect stub. --- netlib/tcp.py | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'netlib/tcp.py') diff --git a/netlib/tcp.py b/netlib/tcp.py index 1fd0164f..c3b8a407 100644 --- a/netlib/tcp.py +++ b/netlib/tcp.py @@ -729,10 +729,15 @@ class TCPClient(_Connection): def connect(self): try: - connection = socket.socket(self.address.family, socket.SOCK_STREAM) + if not self.connection: + connection = socket.socket(self.address.family, socket.SOCK_STREAM) + else: + connection = self.connection + if self.spoof_source_address: try: - connection.setsockopt(socket.SOL_IP, 19, 1) + if not connection.getsockopt(socket.SOL_IP, 19): + connection.setsockopt(socket.SOL_IP, 19, 1) except socket.error as e: raise exceptions.ProtocolException( "Failed to spoof the source address: " + e.strerror) -- cgit v1.2.3 From 9429f1bc7b33846c71d7c06f92506a4fc4c68049 Mon Sep 17 00:00:00 2001 From: smill Date: Wed, 14 Sep 2016 19:10:13 +0000 Subject: Prevent crash in case of a connection timeout. --- netlib/tcp.py | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'netlib/tcp.py') diff --git a/netlib/tcp.py b/netlib/tcp.py index c3b8a407..4e988ee3 100644 --- a/netlib/tcp.py +++ b/netlib/tcp.py @@ -484,12 +484,14 @@ class _Connection(object): if not isinstance(self.connection, SSL.Connection): if not getattr(self.wfile, "closed", False): try: - self.wfile.flush() - self.wfile.close() + if self.wfile: + self.wfile.flush() + self.wfile.close() except exceptions.TcpDisconnect: pass - self.rfile.close() + if self.rfile: + self.rfile.close() else: try: self.connection.shutdown() -- cgit v1.2.3 From 3962a11575ec6118cff8ba10ec81b9679e68faa2 Mon Sep 17 00:00:00 2001 From: "smill@cuckoo.sh" Date: Thu, 22 Sep 2016 08:15:34 +0000 Subject: Commented on IP_TRANSPARENT and changed an exception type. --- netlib/tcp.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'netlib/tcp.py') diff --git a/netlib/tcp.py b/netlib/tcp.py index 4e988ee3..47200bed 100644 --- a/netlib/tcp.py +++ b/netlib/tcp.py @@ -738,10 +738,11 @@ class TCPClient(_Connection): if self.spoof_source_address: try: + # 19 is `IP_TRANSPARENT`, which is only available on Python 3.3+ on some OSes if not connection.getsockopt(socket.SOL_IP, 19): connection.setsockopt(socket.SOL_IP, 19, 1) except socket.error as e: - raise exceptions.ProtocolException( + raise exceptions.TcpException( "Failed to spoof the source address: " + e.strerror) if self.source_address: connection.bind(self.source_address()) -- cgit v1.2.3 From ab546a7348740e36e7092649606fdb0df95bd2a3 Mon Sep 17 00:00:00 2001 From: "smill@cuckoo.sh" Date: Thu, 22 Sep 2016 08:29:07 +0000 Subject: Introduced comment regarding socket manipulation through the server_conn stub. --- netlib/tcp.py | 1 + 1 file changed, 1 insertion(+) (limited to 'netlib/tcp.py') diff --git a/netlib/tcp.py b/netlib/tcp.py index 47200bed..2c55de85 100644 --- a/netlib/tcp.py +++ b/netlib/tcp.py @@ -731,6 +731,7 @@ class TCPClient(_Connection): def connect(self): try: + # Allow the socket to be manipulated by using the server_conn stub. if not self.connection: connection = socket.socket(self.address.family, socket.SOCK_STREAM) else: -- cgit v1.2.3 From e5b79a6d728584cceb918ffbf73c54ec55e948b5 Mon Sep 17 00:00:00 2001 From: Maximilian Hils Date: Thu, 22 Sep 2016 01:58:01 -0700 Subject: minor cleanup --- netlib/tcp.py | 17 ++++++----------- 1 file changed, 6 insertions(+), 11 deletions(-) (limited to 'netlib/tcp.py') diff --git a/netlib/tcp.py b/netlib/tcp.py index 2c55de85..eea10425 100644 --- a/netlib/tcp.py +++ b/netlib/tcp.py @@ -484,14 +484,12 @@ class _Connection(object): if not isinstance(self.connection, SSL.Connection): if not getattr(self.wfile, "closed", False): try: - if self.wfile: - self.wfile.flush() - self.wfile.close() + self.wfile.flush() + self.wfile.close() except exceptions.TcpDisconnect: pass - if self.rfile: - self.rfile.close() + self.rfile.close() else: try: self.connection.shutdown() @@ -731,11 +729,7 @@ class TCPClient(_Connection): def connect(self): try: - # Allow the socket to be manipulated by using the server_conn stub. - if not self.connection: - connection = socket.socket(self.address.family, socket.SOCK_STREAM) - else: - connection = self.connection + connection = socket.socket(self.address.family, socket.SOCK_STREAM) if self.spoof_source_address: try: @@ -744,7 +738,8 @@ class TCPClient(_Connection): connection.setsockopt(socket.SOL_IP, 19, 1) except socket.error as e: raise exceptions.TcpException( - "Failed to spoof the source address: " + e.strerror) + "Failed to spoof the source address: " + e.strerror + ) if self.source_address: connection.bind(self.source_address()) connection.connect(self.address()) -- cgit v1.2.3