-
Notifications
You must be signed in to change notification settings - Fork 361
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Test leaking TCP/UDP/ICMP packets in split tunnel
- Loading branch information
Showing
16 changed files
with
717 additions
and
162 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,32 @@ | ||
use std::net::SocketAddr; | ||
|
||
use clap::Parser; | ||
|
||
/// CLI tool that queries <https://am.i.mullvad.net> to check if the machine is connected to | ||
/// Mullvad VPN. | ||
#[derive(Parser)] | ||
pub struct Opt { | ||
/// Interactive mode, press enter to check if you are Mullvad. | ||
#[clap(short, long)] | ||
pub interactive: bool, | ||
|
||
/// Timeout for network connections (in millis). | ||
#[clap(short, long, default_value = "2000")] | ||
pub timeout: u64, | ||
|
||
/// Try to send some junk data over TCP to <leak>. | ||
#[clap(long, requires = "leak")] | ||
pub leak_tcp: bool, | ||
|
||
/// Try to send some junk data over UDP to <leak>. | ||
#[clap(long, requires = "leak")] | ||
pub leak_udp: bool, | ||
|
||
/// Try to send ICMP request to <leak>. | ||
#[clap(long, requires = "leak")] | ||
pub leak_icmp: bool, | ||
|
||
/// Target of <leak_tcp>, <leak_udp> or <leak_icmp>. | ||
#[clap(long)] | ||
pub leak: Option<SocketAddr>, | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
pub mod cli; | ||
pub mod net; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
use clap::Parser; | ||
use eyre::{eyre, Context}; | ||
use reqwest::blocking::Client; | ||
use serde::Deserialize; | ||
use std::{io::stdin, time::Duration}; | ||
|
||
use connection_checker::cli::Opt; | ||
use connection_checker::net::{send_ping, send_tcp, send_udp}; | ||
|
||
fn main() -> eyre::Result<()> { | ||
let opt = Opt::parse(); | ||
color_eyre::install()?; | ||
|
||
if opt.interactive { | ||
let stdin = stdin(); | ||
for line in stdin.lines() { | ||
let _ = line.wrap_err("Failed to read from stdin")?; | ||
test_connection(&opt)?; | ||
} | ||
} else { | ||
test_connection(&opt)?; | ||
} | ||
|
||
Ok(()) | ||
} | ||
|
||
fn test_connection(opt: &Opt) -> eyre::Result<bool> { | ||
if let Some(destination) = opt.leak { | ||
if opt.leak_tcp { | ||
let _ = send_tcp(opt, destination); | ||
} | ||
if opt.leak_udp { | ||
let _ = send_udp(opt, destination); | ||
} | ||
if opt.leak_icmp { | ||
let _ = send_ping(opt, destination.ip()); | ||
} | ||
} | ||
am_i_mullvad(opt) | ||
} | ||
|
||
/// Check if connected to Mullvad and print the result to stdout | ||
fn am_i_mullvad(opt: &Opt) -> eyre::Result<bool> { | ||
#[derive(Debug, Deserialize)] | ||
struct Response { | ||
ip: String, | ||
mullvad_exit_ip_hostname: Option<String>, | ||
} | ||
|
||
let url = "https://am.i.mullvad.net/json"; | ||
|
||
let client = Client::new(); | ||
let response: Response = client | ||
.get(url) | ||
.timeout(Duration::from_millis(opt.timeout)) | ||
.send() | ||
.and_then(|r| r.json()) | ||
.wrap_err_with(|| eyre!("Failed to GET {url}"))?; | ||
|
||
if let Some(server) = &response.mullvad_exit_ip_hostname { | ||
println!( | ||
"You are connected to Mullvad (server {}). Your IP address is {}", | ||
server, response.ip | ||
); | ||
Ok(true) | ||
} else { | ||
println!( | ||
"You are not connected to Mullvad. Your IP address is {}", | ||
response.ip | ||
); | ||
Ok(false) | ||
} | ||
} |
Oops, something went wrong.