Skip to content
Commits on Aug 11, 2012
Commits on Jul 6, 2012
  1. Merge branch 'fqdn'

    * fqdn:
      hostwatch: handle fully qualified domain names
      auto-hosts: don't add hosts that aren't being routed by sshuttle.
  2. @georgeguimaraes

    hostwatch: handle fully qualified domain names

    georgeguimaraes committed with
    (slightly modified by apenwarr)
  3. auto-hosts: don't add hosts that aren't being routed by sshuttle.

    I've been meaning to add this patch for a long time, but it's especially
    important once we add FQDN support to --auto-hosts.  Basically, auto-hosts
    will still discover all the hostnames it can, but we'll only add them to
    /etc/hosts if their IP address is in one of the routed subnet ranges.  That
    prevents polluting the /etc/hosts file with cruft.
  4. @tianyicui

    Added --exclude-from feature.

    tianyicui committed with
    (Slightly modified by apenwarr)
  5. @nomadium
  6. catch SIGINT and SIGTERM too.

    There were still a few conditions under some OSes that would cause to terminate without cleaning up the firewall settings.  'pkill
    sshuttle' was one of them.  Ignore a couple more signals to further ensure a
    correct cleanup.
    (This only affects sshuttle --firewall, which is a subprocess of the main
    sshuttle process.  The firewall is supposed to exit automatically whenever
    the client exits, and so far that part seems to work reliably.)
  7. slightly rearrange previous commit.

    Add some documentation about the int() vs long() and the reason behind
    _shl().  Instead of "from __future__ import generators", just don't use
Commits on Apr 20, 2012
  1. @scommab
Commits on Feb 7, 2012
  1. @drheld

    Fix for systems with unxpected configurations.

    drheld committed with
    If the expected arch directory doesn't exist, give up and don't specify arch at
    all. Currently it expands to '*' which fails.
    [slightly modified by apenwarr]
Commits on Jan 9, 2012
  1. clean up repeated calls to

    And make sshuttle exit with a well-defined exit code (111) if it needs to
  2. workaround MacOS 10.7 Lion bug.

    On top of the bug that already existed in 10.6, Lion also makes the sysctl
    needed to fix the problem into a read-only variable, so we have to actually
    change it at kernel boot time and force people to reboot.  Nice job, Apple.
Commits on Jan 6, 2012
  1. Add a --version (-V) option.

    Now that we imported the feature from redo, might as well use it.
  2. Import the non-pandoc manpage generator from redo.

    This makes it easier (possible?) to generate sshuttle.8 from on
    MacOS.  We also import the git-enhanced version numbering magic so the
    generated manpage can have a real version number.
  3. Use the new arguments from redo v0.10.

    Jimmy Tang committed with
    (apenwarr: also updates to the matching, latest minimal/do)
  4. firewall: catch SIGHUP and SIGPIPE.

    Not sure if this will fix anything, but it might stop the problem reported
    on some MacOS versions where the firewall doesn't get cleaned up correctly.
Commits on Jan 2, 2012
  1. ui-macos/ fix wait() to avoid deadlock.

    If the subprocess was trying to write to its stdout/stderr, its process
    would never actually finish because it was blocked waiting for us to read
    it, but we were blocked on waitpid().  Instead, use waitpid(WNOHANG) and
    continually read from the subprocess (which should be a blocking operation)
    until it exits.
  2. ipfw: don't use 'log' parameter.

    I guess we were causing the kernel to syslog on every single packet on
    MacOS.  Oops.
Commits on May 31, 2011
  1. @brianmay
  2. @brianmay
  3. @brianmay
Commits on May 30, 2011
  1. deal with a possible connect/getsockopt(SO_ERROR) race.

    Seems to affect Linux servers.  Ed Maste says the patch fixes it for him.
Commits on May 15, 2011
  1. @brianmay
Commits on May 8, 2011
  1. ui-macos/bits/ skip ppc64 architecture.

    I don't have a Mac that can build it.  Hopefully ppc will run fine on ppc64.
  2. ui-macos/bits/ report which platforms we're compiling for.

    Just as a quick reminder, in case you're building a fat binary and you don't
    have all the architectures actually installed.
  3. @grissiom fix little bug

    grissiom committed with
    The ssh hostname should immediately follow the -r parameter.
  4. ui-macos/ fix a compatibility problem on MacOS for PPC.

    @objc.accessor isn't the right thing to use for a Core Data Validation
    function.  Yowee, PyObjc sure is non-obvious.
Commits on May 3, 2011
  1. ui-macos/bits/ auto-determine arches to build for.

    Some people don't have all of them installed, so auto-detect them by
    looking at the available arches in /usr/libexec.
  2. @leto
  3. Insert two binary NUL bytes (\0) before SSHUTTLE0001 sync string.

    ...and search for those null bytes before looking for the sync string.
    This helps when people have misconfigured .bashrc to print messages even in
    non-interactive mode.  (On my Debian Lenny system, .bashrc doesn't seem to
    run when you do 'ssh localhost ls', but on MacOS servers, it does.  Hmm...)
  4. use 'exec python -c' instead of just 'python -c'.

    This gets rid of an extra intermediate sh process on the server that we were
    keeping for no good reason, since it would exit as soon as python exited
Something went wrong with that request. Please try again.