Updated by Library Project Script . 20210731#7
Merged
wisdark merged 102 commits intowisdark:masterfrom Jul 31, 2021
Merged
Conversation
Bumps [setuptools-scm](https://github.com/pypa/setuptools_scm) from 4.1.2 to 5.0.1. - [Release notes](https://github.com/pypa/setuptools_scm/releases) - [Changelog](https://github.com/pypa/setuptools_scm/blob/master/CHANGELOG.rst) - [Commits](pypa/setuptools-scm@v4.1.2...v5.0.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Bumps [pytest](https://github.com/pytest-dev/pytest) from 6.1.2 to 6.2.0. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/master/CHANGELOG.rst) - [Commits](pytest-dev/pytest@6.1.2...6.2.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
….0.1 Bump setuptools-scm from 4.1.2 to 5.0.1
Bump pytest from 6.1.2 to 6.2.0
Due to message from CI: DEPRECATION: Python 3.5 reached the end of its life on September 13th, 2020. Please upgrade your Python as Python 3.5 is no longer maintained. pip 21.0 will drop support for Python 3.5 in January 2021. pip 21.0 will remove support for this functionality.
Bumps [pytest](https://github.com/pytest-dev/pytest) from 6.2.0 to 6.2.1. - [Release notes](https://github.com/pytest-dev/pytest/releases) - [Changelog](https://github.com/pytest-dev/pytest/blob/master/CHANGELOG.rst) - [Commits](pytest-dev/pytest@6.2.0...6.2.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Bump pytest from 6.2.0 to 6.2.1
Bumps [mock](https://github.com/testing-cabal/mock) from 2.0.0 to 4.0.3. - [Release notes](https://github.com/testing-cabal/mock/releases) - [Changelog](https://github.com/testing-cabal/mock/blob/master/CHANGELOG.rst) - [Commits](testing-cabal/mock@2.0.0...4.0.3) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
…rk option to allow different network mapping. Signed-off-by: Samuel Bernardo <samuel@lip.pt>
Signed-off-by: Samuel Bernardo <samuel@lip.pt>
Signed-off-by: Samuel Bernardo <samuel@lip.pt>
Signed-off-by: Samuel Bernardo <samuel@lip.pt>
Signed-off-by: Samuel Bernardo <samuel@lip.pt>
Signed-off-by: Samuel Bernardo <samuel@lip.pt>
Signed-off-by: Samuel Bernardo <samuel@lip.pt>
Add an "is_supported()" function to the different methods so that each method can include whatever logic they wish to indicate if they are supported on a particular machine. Previously, methods/__init__.py contained all of the logic for selecting individual methods. Now, it iterates through a list of possible options and stops on the first method that it finds that is_supported(). Currently, the decision is made based on the presence of programs in the PATH. In the future, things such as the platform sshuttle is running on could be considered.
When users put parameters in a config file and pass them to sshuttle using '@', they might copy the quotes from the command line into the config file. This fix first ensures that we strip whitespace from the beginning/end of each line in the config file. Then, if the line begins and ends with a matching quote character, strip those too. Fixes #573.
This commit rewrites the log() function so that it will append a newline at the end of the message if none is present. It doesn't make sense to print a log message without a newline since the next log message (which will write a prefix) expects to be starting at the beginning of a line. Although it isn't strictly necessary, this commit also removes any newlines at the ends of messages. If I missed any, including the newline at the end of the message will continue to work as it did before. Previously, some calls were missing the newline at the end even though including it was necessary for subsequent messages to appear correctly. This code also cleans up some redundant prefixes. The log() method will prepend the prefix and the different processes should set their prefix as soon as they start. Multiline messages are still supported (although the prefix for the additional lines was changed to match the length of the prefix used for the first line).
* Improve error messages related to sshuttle server. There are many GitHub issues related to the cryptic message: fatal: expected server init string 'SSHUTTLE0001'; got b'' The code that prints that message is after another check that is intended to verify that the server is still running. This code was faulty since the server is still running when rv==None (but exited when rv==0). I corrected this problem and then investigated ways to clarify the error message. I added additional exit codes for the server: 97 (exec in the shell returned), 98 (the python exec() function called returned). The end result is that the cryptic error message above will now print a more appropriate error message that should aid in debugging. I also changed the server so that it catches Fatal() and exits with exit code 99 (like the client does). Previously, it was just an unhandled exception on the server. I suspect some of the error messages were caused by restricted shells. I also investigated and added comments about how sshuttle might behave if it is being run on a server that has a restricted shell. This commit also replaces a couple of exit() calls in cmdline.py with 'return' since exit() is intended for interactive use. This change doesn't impact the server. * Remind user to exclude remote host when server exits with 255.
If you use the tproxy method with a large subnet (such as 0/0), then (1) you may not receive UDP packets that sshuttle/tproxy can handle and (2) you are unable to connect to your machine using an IP that your computer recognizes as its own. To resolve those issues, any traffic to an IP that the host knows is local, does not go through the sshuttle chains.
Because the supported version is python3.6 and above.
Because mock can be replace by unittest.mock
It used to be necessary to fix the version of attrs when using pytest. This problem has been fixed now, so I removed it. https://stackoverflow.com/a/58198754
Bumps [pytest-cov](https://github.com/pytest-dev/pytest-cov) from 2.10.1 to 2.11.0. - [Release notes](https://github.com/pytest-dev/pytest-cov/releases) - [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst) - [Commits](pytest-dev/pytest-cov@v2.10.1...v2.11.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
Bumps [pytest-cov](https://github.com/pytest-dev/pytest-cov) from 2.11.0 to 2.11.1. - [Release notes](https://github.com/pytest-dev/pytest-cov/releases) - [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst) - [Commits](pytest-dev/pytest-cov@v2.11.0...v2.11.1) Signed-off-by: dependabot-preview[bot] <support@dependabot.com>
sshuttle has a --latency-buffer-size parameter, but it only changes the buffer size on the client and not the server. Therefore, increasing or decreasing the number doesn't make any change in download performance (like the documentation indicates that it should). You can test this change by setting up a sshuttle connection and downloading a large file through sshuttle. With this patch, you should find that increasing --latency-buffer-size increases the download speed. Without the patch, the parameter should have little impact on performance.
Even when --tmark was used, the iptables code always used '1' for the mark. This patch corrects the problem. Previously, it wasn't clear if the tmark should be supplied in hexadecimal or as an integer. This makes it use hexadecimal, checks that the input is hexadecimal, and updates the associated documentation. This patch also makes --ttl information get passed to the firewall in a way that matches how other information gets passed. The ttl and tmark information are passed next to each other in many places and this patch also makes the order consistent.
11 years ago in commit 384d0e7, hostwatch was updated to use netstat to find hosts, and _check_smb()/_check_nmb() were edited to immediately return. This patch removes all of the unused code in these two functions.
Adding IPv6 support to the nat method is straightforward after the previous work to add IPv6 support for nft.
The output in the examples provided in the man page hadn't been updated as sshuttle changed its output over time. The example of testing sshuttle without a remote host was removed. It was the first example previously and it is something that is unlikely users will wish to do. Also: - Update some --help messages. - Manpage: Fix a typo. - Manpage: Mention that host specified with -r can be an ssh alias. - Eliminate variable only used once.
…udoers.d/ The problem and patch was originally submitted aayla-secura. I made a minor improvement to the error message.
Fix --tmark option
Remove dead code in hostwatch.py
Update documentation
Fix #637: sudoers-add should always write to /etc/sudoers.d/...
Add IPv6 support to nat (iptables) method.
Bumps [pytest-cov](https://github.com/pytest-dev/pytest-cov) from 2.12.0 to 2.12.1. - [Release notes](https://github.com/pytest-dev/pytest-cov/releases) - [Changelog](https://github.com/pytest-dev/pytest-cov/blob/master/CHANGELOG.rst) - [Commits](pytest-dev/pytest-cov@v2.12.0...v2.12.1) --- updated-dependencies: - dependency-name: pytest-cov dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Bump pytest-cov from 2.12.0 to 2.12.1
If an exception occurs in hostwatch, sshuttle exits. Problems read/writing the ~/.sshuttle.hosts cache file on the remote machine would therefore cause sshuttle to exit. With this patch, we simply continue running without writing/reading the cache file in the remote home directory. This serves as an alternate fix for pull request #322 which proposed storing the cache file elsewhere. A list of included changes: - If we can't read or write the host cache file on the server, continue running. Hosts can be collected through the netstat, /etc/hosts, etc and the information can be reconstructed each run if a cache file isn't available to read. We write a log() message when this occurs. - Add additional types of exceptions to handle. - Continue even if we cannot read /etc/hosts on the server. - Update man page to mention the cache file on the remote host. - Indicate that messages are related to remote host instead of local host. - Add comments and descriptions to the code.
Improve hostwatch robustness and documentation
replace psutil with os
Remove psutil from requirements.txt
If pfctl returns non-zero when setting up the firewall, sshuttle exits and indicates the exit status code. This patch makes it so the output of pfctl is also printed so the user can get a better idea of what caused the problem. For example: issue #491
Print pfctl error message when it returns non-zero.
Previously, it was possible to run sshuttle locally without using ssh and connecting to a remote server. In this configuration, traffic was redirected to the sshuttle server running on the localhost. However, the firewall needed to distinguish between traffic leaving the sshuttle server and traffic that originated from the machine that still needed to be routed through the sshuttle server. The TTL of the packets leaving the sshuttle server were manipulated to indicate to the firewall what should happen. The TTL was adjusted for all packets leaving the sshuttle server (even if it wasn't necessary because the server and client were running on different machines). Changing the TTL caused trouble and some machines, and the --ttl option was added as a workaround to change how the TTL was set for traffic leaving sshuttle. All of this added complexity to the code for a feature (running the server on localhost) that is likely only used for testing and rarely used by others. This commit updates the associated documentation, but doesn't fully fix the ipfw method since I am unable to test that. This change will also make sshuttle fail to work if -r is used to specify a localhost. Pull request #610 partially addresses that issue. For example, see: #240, #490, #660, #606.
Remove ttl hack & require -r option.
Previously, we printed the server's python version in server.py. Moving it to assembler.py means that it can be printed earlier so that it can be seen before a potential error that could occur during assembly. Additionally, the path to the python executable used by the server was added to the output as well. An example of where this would be useful: #666
If sudo's use_pty is enabled, the setsid() call in firewall.py will fail (see #664). When I ignore the error, sshuttle does not behave properly. This patch explains to the user what is happening and suggests a workaround. It might be possible to make sshuttle work with use_pty in the future.
Print server's python version earlier
Improve error message when sudo's use_pty option is enabled.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
13 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.