Permalink
Commits on Jan 2, 2012
  1. @apenwarr

    ui-macos/main.py: fix wait() to avoid deadlock.

    If the subprocess was trying to write to its stdout/stderr, its process
    would never actually finish because it was blocked waiting for us to read
    it, but we were blocked on waitpid().  Instead, use waitpid(WNOHANG) and
    continually read from the subprocess (which should be a blocking operation)
    until it exits.
    apenwarr committed Jan 2, 2012
  2. @apenwarr

    ipfw: don't use 'log' parameter.

    I guess we were causing the kernel to syslog on every single packet on
    MacOS.  Oops.
    apenwarr committed Jan 2, 2012
Commits on May 31, 2011
  1. @brianmay @apenwarr
  2. @brianmay @apenwarr
  3. @brianmay @apenwarr
Commits on May 30, 2011
  1. @apenwarr

    ssnet.py: deal with a possible connect/getsockopt(SO_ERROR) race.

    Seems to affect Linux servers.  Ed Maste says the patch fixes it for him.
    apenwarr committed May 30, 2011
Commits on May 15, 2011
  1. @brianmay @apenwarr
Commits on May 8, 2011
  1. @apenwarr

    ui-macos/bits/runpython.do: skip ppc64 architecture.

    I don't have a Mac that can build it.  Hopefully ppc will run fine on ppc64.
    apenwarr committed May 8, 2011
  2. @apenwarr

    ui-macos/bits/runpython.do: report which platforms we're compiling for.

    Just as a quick reminder, in case you're building a fat binary and you don't
    have all the architectures actually installed.
    apenwarr committed May 8, 2011
  3. @grissiom @apenwarr

    README.md: fix little bug

    The ssh hostname should immediately follow the -r parameter.
    grissiom committed with apenwarr May 5, 2011
  4. @apenwarr

    ui-macos/models.py: fix a compatibility problem on MacOS for PPC.

    @objc.accessor isn't the right thing to use for a Core Data Validation
    function.  Yowee, PyObjc sure is non-obvious.
    apenwarr committed May 8, 2011
Commits on May 3, 2011
  1. @apenwarr
  2. @apenwarr

    ui-macos/bits/runpython.do: auto-determine arches to build for.

    Some people don't have all of them installed, so auto-detect them by
    looking at the available arches in /usr/libexec.
    apenwarr committed May 3, 2011
  3. @leto @apenwarr
  4. @apenwarr

    Insert two binary NUL bytes (\0) before SSHUTTLE0001 sync string.

    ...and search for those null bytes before looking for the sync string.
    
    This helps when people have misconfigured .bashrc to print messages even in
    non-interactive mode.  (On my Debian Lenny system, .bashrc doesn't seem to
    run when you do 'ssh localhost ls', but on MacOS servers, it does.  Hmm...)
    apenwarr committed May 3, 2011
  5. @apenwarr

    ssh.py: use 'exec python -c' instead of just 'python -c'.

    This gets rid of an extra intermediate sh process on the server that we were
    keeping for no good reason, since it would exit as soon as python exited
    anyway.
    apenwarr committed May 3, 2011
  6. @apenwarr

    Handle EHOSTDOWN, ENETDOWN.

    Someone on the mailing list reported getting these.
    
    Also centralize the list of these errors, so we don't have different parts
    of the code supporting a different subset of them.  Now just use
    ssnet.NET_ERRS.
    apenwarr committed May 3, 2011
Commits on Apr 25, 2011
  1. @apenwarr
  2. @kaizoku @apenwarr

    Dereference symlink for sshuttle launch script

    (Modified slightly by apenwarr)
    kaizoku committed with apenwarr Apr 10, 2011
  3. @apenwarr

    Don't try to connect to remote IPs that start with zero.

    For some reason, on Linux servers this returns EINVAL.  I don't like just
    treating EINVAL as non-fatal in general, so let's catch this specific case
    and ignore it.
    
    Reported by Reza Mohammadi on the mailing list.  Interestingly, it's kind of
    hard to trigger this crash since the client would have to request the
    connection, and that connection shouldn't exist because the original client
    program would have already gotten EINVAL.  But my MacOS machine can generate
    such a connection, so a MacOS->Linux sshuttle could trigger this.
    apenwarr committed Apr 25, 2011
Commits on Apr 6, 2011
  1. @apenwarr

    DNS: auto-retry if we get an error on send/recv to DNS server.

    A few people have reported that they have one or more invalid DNS servers in
    /etc/resolv.conf, which they don't notice because the normal resolver
    library just skips the broken ones.  sshuttle would abort because it got an
    unexpected socket error, which isn't so good.
    apenwarr committed Apr 6, 2011
Commits on Mar 21, 2011
  1. @apenwarr

    On FreeBSD, avoid a crash caused by buggy socket.connect() in python …

    …pre-2.5.
    
    Bug reported by Ed Maste.  The fix in later versions of python is documented
    here:
    http://mail.python.org/pipermail/python-bugs-list/2006-August/034667.html
    
    We're basically just doing the same thing when we see EINVAL.  Note that
    this doesn't happen on Linux because connect() is more forgiving.
    apenwarr committed Mar 21, 2011
  2. @apenwarr

    repr(socket.error) is useless in some versions of python.

    So let's use %s instead of %r to print it, so that log messages can be more
    useful.  This only affects one message at debug3 for now, so it's not too
    exciting.
    apenwarr committed Mar 21, 2011
Commits on Mar 20, 2011
  1. @apenwarr

    server.py: handle (throw away) ECONNREFUSED from the DNS server.

    This might happen occasionally on a flakey network.  Reported by Ed Maste.
    apenwarr committed Mar 20, 2011
Commits on Mar 15, 2011
  1. @apenwarr

    hostwatch.py: avoid using /dev/null on the server.

    According to at least one report, there are some slightly insane servers out
    there that have /dev/null set to non-user-writable.  This is totally broken,
    but we want sshuttle to work with as many servers as possible, so let's fake
    it up a bit instead.
    
    We don't try to avoid /dev/null on the client; sshuttle needs root access
    anyway, and if you're root, you can just fix your stupid /dev/null
    permissions.
    apenwarr committed Mar 15, 2011
Commits on Feb 28, 2011
  1. @jcftang @apenwarr
Commits on Feb 27, 2011
  1. @apenwarr

    all.do: add some hints about how to run sshuttle.

    This is mostly so that people know how to find the MacOS GUI app, which was
    previously rather non-obvious.
    apenwarr committed Feb 27, 2011
  2. @apenwarr

    Replace make-based build with redo-based build.

    Including a copy of minimal/do as 'do' in the top directory.  To build, just
    run './do' or 'make'.
    
    This also builds the ui-macos directory automatically if you're on MacOS.
    apenwarr committed Feb 27, 2011
  3. @apenwarr

    firewall.py: make it super clear when we apply the MacOS fix.

    Print a message to stderr, then abort.  But only the first time.
    apenwarr committed Feb 27, 2011
  4. @apenwarr

    README/sshuttle.1: add a note about the MacOS kernel bug.

    And its side effects.
    
    Reported by David Held / Antonio d'Souza.
    apenwarr committed Feb 27, 2011
Commits on Feb 21, 2011
  1. @apenwarr

    firewall.py: iptables: failure to delete a rule isn't always fatal.

    If the previous run of sshuttle didn't manage to clean up after itself, it
    might have left the sshuttle-12300 chain intact, but the OUTPUT chain might
    not refer to it anymore.  That would cause the *next* run of sshuttle to
    barf when trying to delete the OUTPUT entry, and then never get to the part
    where it just tries to delete the old chain so it can continue.
    
    Now only the last delete command (the one that actually deletes the chain)
    is fatal if it fails; the others just print a scary message, but that should
    only happen once in your life if you're unlucky.
    apenwarr committed Feb 21, 2011
Commits on Feb 8, 2011
  1. @apenwarr

    server: workaround for idiotic ArchLinux renaming of python to python2.

    First try running under python2, then python if that doesn't exist.
    apenwarr committed Feb 7, 2011
Commits on Feb 7, 2011
  1. @apenwarr

    client: workaround for idiotic ArchLinux renaming of python to python2.

    First try running under python2, then python if that doesn't exist.
    apenwarr committed Feb 7, 2011
Commits on Feb 5, 2011
  1. @apenwarr

    firewall.py: MacOS: permanently set the net.inet.ip.scopedroute sysctl.

    If this sysctl isn't set to 0 at the time your network interface is brought
    up, and we later change it, then the MacOS (10.6.6 at least) ARP table gets
    totally confused and networking stops working about 15 minutes later, until
    you down and re-up the interface.  The symptom is that pings outside your
    LAN would give results like this:
    
        ping: sendto: no route to host
    
    and "arp -a -n" would show *two* entries for your default gateway instead of
    just one.
    
    sshuttle was helpfully putting the sysctl back the way it was when it shuts
    down, so you would fix your network by downing the interface, so sshuttle
    would abort and change the sysctl back, then you would re-up the interface,
    then restart sshuttle, and sshuttle would change the sysctl back and restart
    the cycle: it would break again a few minutes later.
    
    That's annoying, and it gives sshuttle a bad reputation for being the thing
    that breaks your network.  I can't find a *really* good workaround for the
    bug, so barring that, let's just permanently set the sysctl to 0 and not
    change it back on exit.  That should just leave your computer back how it
    worked in MacOS 10.5, as far as I know, which seems harmless.  At least I've
    been running my Mac that way for a few days and I haven't seen any
    weirdness.
    
    Now, doing *that* would still mean that the first sshuttle session after a
    reboot would still break the network, since sysctl changes are lost on
    reboot.  Thus, let's be extra hardcore and write it to /etc/sysctl.conf so
    that it goes the way we want it after a reboot.  Thus, sshuttle should break
    your network at most once.  Which still sucks, but hopefully nobody will
    notice.
    apenwarr committed Feb 5, 2011
  2. @apenwarr

    ui-macos: move the noLatencyControl setting to a per-connection setting.

    I think some connections you'll want to optimize for latency, and others for
    bandwidth.  Probably.
    
    Also, use a dropdown box instead of a checkbox; that way we can make it more
    clear what each of the settings means.
    
    While we're here, adjust all the anchor settings for the different display
    items so that resizing the dialog box works sensibly.
    apenwarr committed Feb 5, 2011