-
Notifications
You must be signed in to change notification settings - Fork 361
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Test leaking TCP/UDP/ICMP packets in split tunnel
- Loading branch information
Showing
18 changed files
with
819 additions
and
155 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,36 @@ | ||
use std::net::SocketAddr; | ||
|
||
use clap::Parser; | ||
|
||
/// CLI tool that queries <https://am.i.mullvad.net> to check if the machine is connected to | ||
/// Mullvad VPN. | ||
#[derive(Parser)] | ||
pub struct Opt { | ||
/// Interactive mode, press enter to check if you are Mullvad. | ||
#[clap(short, long)] | ||
pub interactive: bool, | ||
|
||
/// Timeout for network connection to am.i.mullvad (in millis). | ||
#[clap(short, long, default_value = "3000")] | ||
pub timeout: u64, | ||
|
||
/// Try to send some junk data over TCP to <leak>. | ||
#[clap(long, requires = "leak")] | ||
pub leak_tcp: bool, | ||
|
||
/// Try to send some junk data over UDP to <leak>. | ||
#[clap(long, requires = "leak")] | ||
pub leak_udp: bool, | ||
|
||
/// Try to send ICMP request to <leak>. | ||
#[clap(long, requires = "leak")] | ||
pub leak_icmp: bool, | ||
|
||
/// Target of <leak_tcp>, <leak_udp> or <leak_icmp>. | ||
#[clap(long)] | ||
pub leak: Option<SocketAddr>, | ||
|
||
/// Timeout for leak check network connections (in millis). | ||
#[clap(long, default_value = "1000")] | ||
pub leak_timeout: u64, | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
pub mod cli; | ||
pub mod net; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,73 @@ | ||
use clap::Parser; | ||
use eyre::{eyre, Context}; | ||
use reqwest::blocking::Client; | ||
use serde::Deserialize; | ||
use std::{io::stdin, time::Duration}; | ||
|
||
use connection_checker::cli::Opt; | ||
use connection_checker::net::{send_ping, send_tcp, send_udp}; | ||
|
||
fn main() -> eyre::Result<()> { | ||
let opt = Opt::parse(); | ||
color_eyre::install()?; | ||
|
||
if opt.interactive { | ||
let stdin = stdin(); | ||
for line in stdin.lines() { | ||
let _ = line.wrap_err("Failed to read from stdin")?; | ||
test_connection(&opt)?; | ||
} | ||
} else { | ||
test_connection(&opt)?; | ||
} | ||
|
||
Ok(()) | ||
} | ||
|
||
fn test_connection(opt: &Opt) -> eyre::Result<bool> { | ||
if let Some(destination) = opt.leak { | ||
if opt.leak_tcp { | ||
let _ = send_tcp(opt, destination); | ||
} | ||
if opt.leak_udp { | ||
let _ = send_udp(opt, destination); | ||
} | ||
if opt.leak_icmp { | ||
let _ = send_ping(opt, destination.ip()); | ||
} | ||
} | ||
am_i_mullvad(opt) | ||
} | ||
|
||
/// Check if connected to Mullvad and print the result to stdout | ||
fn am_i_mullvad(opt: &Opt) -> eyre::Result<bool> { | ||
#[derive(Debug, Deserialize)] | ||
struct Response { | ||
ip: String, | ||
mullvad_exit_ip_hostname: Option<String>, | ||
} | ||
|
||
let url = "https://am.i.mullvad.net/json"; | ||
|
||
let client = Client::new(); | ||
let response: Response = client | ||
.get(url) | ||
.timeout(Duration::from_millis(opt.timeout)) | ||
.send() | ||
.and_then(|r| r.json()) | ||
.wrap_err_with(|| eyre!("Failed to GET {url}"))?; | ||
|
||
if let Some(server) = &response.mullvad_exit_ip_hostname { | ||
println!( | ||
"You are connected to Mullvad (server {}). Your IP address is {}", | ||
server, response.ip | ||
); | ||
Ok(true) | ||
} else { | ||
println!( | ||
"You are not connected to Mullvad. Your IP address is {}", | ||
response.ip | ||
); | ||
Ok(false) | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,78 @@ | ||
use eyre::{eyre, Context}; | ||
use std::{ | ||
io::Write, | ||
net::{IpAddr, Ipv4Addr, SocketAddr}, | ||
time::Duration, | ||
}; | ||
|
||
use crate::cli::Opt; | ||
|
||
pub fn send_tcp(opt: &Opt, destination: SocketAddr) -> eyre::Result<()> { | ||
let bind_addr: SocketAddr = SocketAddr::new(Ipv4Addr::new(0, 0, 0, 0).into(), 0); | ||
|
||
let family = match &destination { | ||
SocketAddr::V4(_) => socket2::Domain::IPV4, | ||
SocketAddr::V6(_) => socket2::Domain::IPV6, | ||
}; | ||
let sock = socket2::Socket::new(family, socket2::Type::STREAM, Some(socket2::Protocol::TCP)) | ||
.wrap_err(eyre!("Failed to create TCP socket"))?; | ||
|
||
eprintln!("Leaking TCP packets to {destination}"); | ||
|
||
sock.bind(&socket2::SockAddr::from(bind_addr)) | ||
.wrap_err(eyre!("Failed to bind TCP socket to {bind_addr}"))?; | ||
|
||
let timeout = Duration::from_millis(opt.leak_timeout); | ||
sock.set_write_timeout(Some(timeout))?; | ||
sock.set_read_timeout(Some(timeout))?; | ||
|
||
sock.connect_timeout(&socket2::SockAddr::from(destination), timeout) | ||
.wrap_err(eyre!("Failed to connect to {destination}"))?; | ||
|
||
let mut stream = std::net::TcpStream::from(sock); | ||
stream | ||
.write_all(b"hello there") | ||
.wrap_err(eyre!("Failed to send message to {destination}"))?; | ||
|
||
Ok(()) | ||
} | ||
|
||
pub fn send_udp(_opt: &Opt, destination: SocketAddr) -> Result<(), eyre::Error> { | ||
let bind_addr: SocketAddr = SocketAddr::new(Ipv4Addr::new(0, 0, 0, 0).into(), 0); | ||
|
||
eprintln!("Leaking UDP packets to {destination}"); | ||
|
||
let family = match &destination { | ||
SocketAddr::V4(_) => socket2::Domain::IPV4, | ||
SocketAddr::V6(_) => socket2::Domain::IPV6, | ||
}; | ||
let sock = socket2::Socket::new(family, socket2::Type::DGRAM, Some(socket2::Protocol::UDP)) | ||
.wrap_err("Failed to create UDP socket")?; | ||
|
||
sock.bind(&socket2::SockAddr::from(bind_addr)) | ||
.wrap_err(eyre!("Failed to bind UDP socket to {bind_addr}"))?; | ||
|
||
//log::debug!("Send message from {bind_addr} to {destination}/UDP"); | ||
|
||
let std_socket = std::net::UdpSocket::from(sock); | ||
std_socket | ||
.send_to(b"Hello there!", destination) | ||
.wrap_err(eyre!("Failed to send message to {destination}"))?; | ||
|
||
Ok(()) | ||
} | ||
|
||
pub fn send_ping(opt: &Opt, destination: IpAddr) -> eyre::Result<()> { | ||
eprintln!("Leaking IMCP packets to {destination}"); | ||
|
||
ping::ping( | ||
destination, | ||
Some(Duration::from_millis(opt.leak_timeout)), | ||
None, | ||
None, | ||
None, | ||
None, | ||
)?; | ||
|
||
Ok(()) | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.