Replace netfilterqueue by modifying pr0cks to make the initial connection request

We only want i2p to create a tunnel to the requested host on i2p.
There's no need to modify any other packets at the moment

#1 - Forward using iptables, pr0xy and custom DNS

contained/bin/exec.sh

@@ -20,7 +20,7 @@ iptables -t nat -I OUTPUT 1 -j NFLOG
 # Make sure traffic to I2P isn't redirected elsewhere
 iptables -t nat -A OUTPUT -o eth0 \
     -p tcp --dport $I2PD_PORT \
-    -j NFQUEUE --queue-num 1
+    -j ACCEPT
 
 # Redirect all other traffic on eth0 to pr0cks
 iptables -t nat -A OUTPUT -o eth0 \
@@ -42,10 +42,8 @@ ulogd -d
 tcpdump -i any -w /mount/tcp.dmp &
 
 #python3 /opt/pr0cks/pr0cks.py --proxy socks5:172.16.200.10:4447
+python3 /opt/bin/fake-dns.py -s "/tmp/fake-dns" &
 python3 /opt/pr0cks/pr0cks.py \
         --proxy "http:${I2PD_IP}:${I2PD_PORT}" \
-         &> /mount/pr0xy.log &
+        --verbose
-python3 /opt/bin/fake-dns.py
+#         > /mount/pr0xy.log
-#python3 /opt/bin/fake-dns.py -p $DNS_PORT &> /mount/fake-dns.log &
-#python3 /opt/bin/nfqueue_filter.py
-#curl --proxy 172.16.200.10:4444 stats.i2p

contained/bin/nfqueue_filter.py

@@ -1,40 +0,0 @@
-# i2p-docker-proxy
-# Copyright (C) 2019 LoveIsGrief
-# 
-# This program is free software: you can redistribute it and/or modify
-# it under the terms of the GNU General Public License as published by
-# the Free Software Foundation, either version 3 of the License, or
-# (at your option) any later version.
-
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY; without even the implied warranty of
-# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-# GNU General Public License for more details.
-#
-# You should have received a copy of the GNU General Public License
-# along with this program.  If not, see <http://www.gnu.org/licenses/>.
-
-
-from netfilterqueue import NetfilterQueue
-
-
-def print_and_accept(pkt):
-    """
-
-    :param pkt:
-    :type pkt: netfilterqueue.Packet
-    :return:
-    :rtype:
-    """
-    print(pkt.get_payload())
-    pkt.accept()
-
-
-nfqueue = NetfilterQueue()
-nfqueue.bind(1, print_and_accept)
-try:
-    nfqueue.run()
-except KeyboardInterrupt:
-    print('')
-
-nfqueue.unbind()

contained/pr0cks/pr0cks.py

@@ -132,7 +132,15 @@ except ImportError:
     display("[-] WARNING: The following dependency is needed to proxify DNS through tcp: pip install dnslib")
 
 
-#Python socket module does not have this constant
+def reverse_ip_lookup(ip_address):
+    with socket.socket(socket.AF_UNIX, socket.SOCK_STREAM) as sock:
+        sock.connect("/tmp/fake-dns")
+        sock.sendall(bytes(ip_address.encode()))
+        # A host has a max length of 256 bytes
+        return sock.recv(256).decode()
+
+
+# Python socket module does not have this constant
 SO_ORIGINAL_DST = 80
 
 
@@ -146,12 +154,15 @@ class Socks5Conn(asyncore.dispatcher):
             odestdata = sock.getsockopt(socket.SOL_IP, SO_ORIGINAL_DST, 16)
             _, port, a1, a2, a3, a4 = struct.unpack("!HHBBBBxxxxxxxx", odestdata)
             address = "%d.%d.%d.%d" % (a1, a2, a3, a4)
+            host = reverse_ip_lookup(address)
             if self.verbose:
-                display('[+] Forwarding incoming connection from %s to %s through the proxy' % (repr(sock.getpeername()), (address, port)))
+                display('[+] Forwarding incoming connection from %s to %s through the proxy' % (
-            #connect to the original dst :
+                    repr(sock.getpeername()), (host, port)))
+            # connect to the original dst :
             self.conn_sock = socks.socksocket()
-            #self.conn_sock.settimeout(15)
+            # self.conn_sock.settimeout(15)
-            self.conn_sock.connect((address, port))
+            # TODO: catch connection error here
+            self.conn_sock.connect((host, port))
 
             self.sock_class = Socks5Conn(sock=self.conn_sock, conn=self)  # add a dispatcher to handle the other side
         else: