Remove the ttl hack to allow the host and server to run on the same machine

from the ipfw method.
2024-11-22 07:53:43 +01:00 · 2021-12-20 11:52:09 +02:00 · 2021-12-20 11:52:09 +02:00 · 2665b67926
commit 2665b67926
parent 0cfee0ba84
1 changed files with 7 additions and 12 deletions
--- a/sshuttle/methods/ipfw.py
+++ b/sshuttle/methods/ipfw.py
@ -27,16 +27,17 @@ def recv_udp(listener, bufsize):


 def ipfw_rule_exists(n):
-    argv = ['ipfw', 'list']
+    argv = ['ipfw', 'list', '%d' % n]
    p = ssubprocess.Popen(argv, stdout=ssubprocess.PIPE, env=get_env())

    found = False
    for line in p.stdout:
        if line.startswith(b'%05d ' % n):
-            if not ('ipttl 63' in line or 'check-state' in line):
+            if not 'check-state :sshuttle' in line:
                log('non-sshuttle ipfw rule: %r' % line.strip())
                raise Fatal('non-sshuttle ipfw rule #%d already exists!' % n)
            found = True
+            break
    rv = p.wait()
    if rv:
        raise Fatal('%r returned %d' % (argv, rv))
@ -156,11 +157,6 @@ class Method(BaseMethod):

    def setup_firewall(self, port, dnsport, nslist, family, subnets, udp,
                       user, tmark):
-        # TODO: The ttl hack to allow the host and server to run on
-        # the same machine has been removed but this method hasn't
-        # been updated yet.
-        ttl = 63
-
        # IPv6 not supported
        if family not in [socket.AF_INET]:
            raise Exception(
@ -178,7 +174,7 @@ class Method(BaseMethod):
        if subnets or dnsport:
            sysctl_set('net.inet.ip.fw.enable', 1)

-        ipfw('add', '1', 'check-state')
+        ipfw('add', '1', 'check-state', ':sshuttle')

        ipfw('add', '1', 'skipto', '2',
             'tcp',
@ -186,7 +182,7 @@ class Method(BaseMethod):
        ipfw('add', '1', 'fwd', '127.0.0.1,%d' % port,
             'tcp',
             'from', 'any', 'to', 'table(126)',
-             'not', 'ipttl', '%d' % ttl, 'keep-state', 'setup')
+             'setup', 'keep-state', ':sshuttle')

        ipfw_noexit('table', '124', 'flush')
        dnscount = 0
@ -197,11 +193,10 @@ class Method(BaseMethod):
            ipfw('add', '1', 'fwd', '127.0.0.1,%d' % dnsport,
                 'udp',
                 'from', 'any', 'to', 'table(124)',
-                 'not', 'ipttl', '%d' % ttl)
+                 'keep-state', ':sshuttle')
        ipfw('add', '1', 'allow',
             'udp',
-             'from', 'any', 'to', 'any',
-             'ipttl', '%d' % ttl)
+             'from', 'any', 'to', 'any')

        if subnets:
            # create new subnet entries