Skip to content

Commit

Permalink
fixup: vent frustration
Browse files Browse the repository at this point in the history
  • Loading branch information
hulthe committed Dec 20, 2024
1 parent eaa18f9 commit 087d0f2
Showing 1 changed file with 12 additions and 3 deletions.
15 changes: 12 additions & 3 deletions leak-checker/src/traceroute/platform/windows.rs
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,11 @@ pub struct AsyncIcmpSocketImpl(tokio::net::UdpSocket);
pub struct AsyncUdpSocketWindows(tokio::net::UdpSocket);

/// Implementation of traceroute using `ping.exe`
///
/// This monstrosity exists because the Windows firewall is not helpful enough to allow us to
/// permit a process (the daemon) to receive ICMP TimeExceeded packets. We can get around this by
/// using `ping.exe`, which does work for some reason. My best guess is that it has special kernel
/// access to be able to do this.
pub async fn traceroute_using_ping(opt: &TracerouteOpt) -> anyhow::Result<LeakStatus> {
let interface_ip = get_interface_ip(&opt.interface)?;

Expand All @@ -44,12 +49,16 @@ pub async fn traceroute_using_ping(opt: &TracerouteOpt) -> anyhow::Result<LeakSt
ping_tasks.push(async move {
sleep(probe_delay).await;

log::debug!("sending probe packet (ttl={ttl})");

// ping.exe will send ICMP Echo packets to the destination, and since it's running in
// the kernel it will be able to receive TimeExceeded responses.
let ping_path = r"C:\Windows\System32\ping.exe";
let output = tokio::process::Command::new(ping_path)
.args(["-i", &ttl.to_string()])
.args(["-n", "1"])
.args(["-n", "1"]) // number of pings
.args(["-w", &SEND_TIMEOUT.as_millis().to_string()])
.args(["-S", &interface_ip.to_string()])
.args(["-S", &interface_ip.to_string()]) // bind to interface IP
.arg(opt.destination.to_string())
.kill_on_drop(true)
.output()
Expand All @@ -64,7 +73,7 @@ pub async fn traceroute_using_ping(opt: &TracerouteOpt) -> anyhow::Result<LeakSt
log::trace!("ping stdout: {stdout}");
log::trace!("ping stderr: {_stderr}");

// Dumbly search stdout for a line that looks like this:
// Dumbly parse stdout for a line that looks like this:
// Reply from <ip>: TTL expired

if !stdout.contains("TTL expired") {
Expand Down

0 comments on commit 087d0f2

Please sign in to comment.