2010-05-01 22:15:37 +02:00
|
|
|
#!/usr/bin/env python
|
2010-05-02 05:14:42 +02:00
|
|
|
import sys, os, re
|
2010-05-02 08:14:20 +02:00
|
|
|
import helpers, options, client, server, iptables
|
2010-05-02 08:23:42 +02:00
|
|
|
from helpers import *
|
2010-05-02 03:14:19 +02:00
|
|
|
|
|
|
|
|
|
|
|
# list of:
|
|
|
|
# 1.2.3.4/5 or just 1.2.3.4
|
|
|
|
def parse_subnets(subnets_str):
|
|
|
|
subnets = []
|
|
|
|
for s in subnets_str:
|
2010-05-02 03:30:59 +02:00
|
|
|
m = re.match(r'(\d+)(?:\.(\d+)\.(\d+)\.(\d+))?(?:/(\d+))?$', s)
|
2010-05-02 03:14:19 +02:00
|
|
|
if not m:
|
2010-05-02 08:23:42 +02:00
|
|
|
raise Fatal('%r is not a valid IP subnet format' % s)
|
2010-05-02 03:14:19 +02:00
|
|
|
(a,b,c,d,width) = m.groups()
|
|
|
|
(a,b,c,d) = (int(a or 0), int(b or 0), int(c or 0), int(d or 0))
|
|
|
|
if width == None:
|
|
|
|
width = 32
|
|
|
|
else:
|
|
|
|
width = int(width)
|
|
|
|
if a > 255 or b > 255 or c > 255 or d > 255:
|
2010-05-02 08:23:42 +02:00
|
|
|
raise Fatal('%d.%d.%d.%d has numbers > 255' % (a,b,c,d))
|
2010-05-02 03:14:19 +02:00
|
|
|
if width > 32:
|
2010-05-02 08:23:42 +02:00
|
|
|
raise Fatal('*/%d is greater than the maximum of 32' % width)
|
2010-05-02 03:14:19 +02:00
|
|
|
subnets.append(('%d.%d.%d.%d' % (a,b,c,d), width))
|
|
|
|
return subnets
|
|
|
|
|
|
|
|
|
|
|
|
# 1.2.3.4:567 or just 1.2.3.4 or just 567
|
|
|
|
def parse_ipport(s):
|
|
|
|
s = str(s)
|
|
|
|
m = re.match(r'(?:(\d+)\.(\d+)\.(\d+)\.(\d+))?(?::)?(?:(\d+))?$', s)
|
|
|
|
if not m:
|
2010-05-02 08:23:42 +02:00
|
|
|
raise Fatal('%r is not a valid IP:port format' % s)
|
2010-05-02 03:14:19 +02:00
|
|
|
(a,b,c,d,port) = m.groups()
|
|
|
|
(a,b,c,d,port) = (int(a or 0), int(b or 0), int(c or 0), int(d or 0),
|
|
|
|
int(port or 0))
|
|
|
|
if a > 255 or b > 255 or c > 255 or d > 255:
|
2010-05-02 08:23:42 +02:00
|
|
|
raise Fatal('%d.%d.%d.%d has numbers > 255' % (a,b,c,d))
|
2010-05-02 03:14:19 +02:00
|
|
|
if port > 65535:
|
2010-05-02 08:23:42 +02:00
|
|
|
raise Fatal('*:%d is greater than the maximum of 65535' % port)
|
2010-05-02 03:14:19 +02:00
|
|
|
if a == None:
|
|
|
|
a = b = c = d = 0
|
|
|
|
return ('%d.%d.%d.%d' % (a,b,c,d), port)
|
|
|
|
|
2010-05-02 02:03:50 +02:00
|
|
|
|
|
|
|
optspec = """
|
|
|
|
sshuttle [-l [ip:]port] [-r [username@]sshserver] <subnets...>
|
2010-05-02 03:14:19 +02:00
|
|
|
sshuttle --iptables <port> <subnets...>
|
|
|
|
sshuttle --server
|
2010-05-02 02:03:50 +02:00
|
|
|
--
|
|
|
|
l,listen= transproxy to this ip address and port number [default=0]
|
|
|
|
r,remote= ssh hostname (and optional username) of remote sshuttle server
|
2010-05-02 08:14:20 +02:00
|
|
|
v,verbose increase debug message verbosity
|
2010-05-02 05:14:42 +02:00
|
|
|
noserver don't use a separate server process (mostly for debugging)
|
2010-05-02 02:03:50 +02:00
|
|
|
server [internal use only]
|
|
|
|
iptables [internal use only]
|
|
|
|
"""
|
|
|
|
o = options.Options('sshuttle', optspec)
|
|
|
|
(opt, flags, extra) = o.parse(sys.argv[1:])
|
|
|
|
|
2010-05-02 08:14:20 +02:00
|
|
|
helpers.verbose = opt.verbose
|
|
|
|
|
2010-05-02 08:23:42 +02:00
|
|
|
try:
|
|
|
|
if opt.server:
|
|
|
|
sys.exit(server.main())
|
|
|
|
elif opt.iptables:
|
|
|
|
if len(extra) < 1:
|
|
|
|
o.fatal('at least one argument expected')
|
|
|
|
sys.exit(iptables.main(int(extra[0]),
|
|
|
|
parse_subnets(extra[1:])))
|
|
|
|
else:
|
|
|
|
if len(extra) < 1:
|
|
|
|
o.fatal('at least one subnet expected')
|
|
|
|
remotename = opt.remote
|
|
|
|
if remotename == '' or remotename == '-':
|
|
|
|
remotename = None
|
|
|
|
sys.exit(client.main(parse_ipport(opt.listen or '0.0.0.0:0'),
|
|
|
|
not opt.noserver,
|
|
|
|
remotename,
|
|
|
|
parse_subnets(extra)))
|
|
|
|
except Fatal, e:
|
|
|
|
log('fatal: %s\n' % e)
|
|
|
|
sys.exit(99)
|
|
|
|
except KeyboardInterrupt:
|
2010-05-03 01:29:03 +02:00
|
|
|
log('\n')
|
|
|
|
log('Keyboard interrupt: exiting.\n')
|
2010-05-02 08:23:42 +02:00
|
|
|
sys.exit(1)
|