make sure that existing python2 compatibility is not broken by this feature

scripts/Containerfile

@@ -1,15 +1,40 @@
-FROM docker.io/linuxserver/openssh-server:latest
 # https://hub.docker.com/r/linuxserver/openssh-server/
+ARG BASE_IMAGE=docker.io/linuxserver/openssh-server:version-9.3_p2-r1
 
-RUN apk add --no-cache bash python3 nginx iperf3
+FROM ${BASE_IMAGE} as pyenv
 
-# suppress linuxserver.io logo printing
+# https://github.com/pyenv/pyenv/wiki#suggested-build-environment
-RUN  sed -i '1 a exec &>/dev/null' /etc/s6-overlay/s6-rc.d/init-adduser/run
+RUN apk add --no-cache build-base git libffi-dev openssl-dev bzip2-dev zlib-dev readline-dev sqlite-dev
+ENV PYENV_ROOT=/pyenv
+RUN curl https://raw.githubusercontent.com/pyenv/pyenv-installer/master/bin/pyenv-installer | bash
+RUN /pyenv/bin/pyenv install 2.7
+RUN /pyenv/bin/pyenv install 3.6
+RUN /pyenv/bin/pyenv install 3.8
+RUN /pyenv/bin/pyenv install 3.10
+RUN bash -xc 'rm -rf /pyenv/{.git,plugins} /pyenv/versions/*/lib/*/{test,config,config-*linux-gnu}' && \
+    find /pyenv -type d -name __pycache__ -exec rm -rf {} + && \
+    find /pyenv -type f -name '*.py[co]' -delete
 
+FROM ${BASE_IMAGE}
+
+RUN apk add --no-cache bash nginx iperf3
+
+# pyenv setup
+ENV PYENV_ROOT=/pyenv
+ENV PATH=/pyenv/shims:/pyenv/bin:$PATH
+COPY --from=pyenv /pyenv /pyenv
+
+# OpenSSH Server variables
 ENV PUID=1000
 ENV PGID=1000
 ENV PASSWORD_ACCESS=true
 ENV USER_NAME=test
 ENV USER_PASSWORD=test
 ENV LOG_STDOUT=true
-COPY ./setup.service /etc/services.d/setup.service/run
+
+# suppress linuxserver.io logo printing, chnage sshd config
+RUN sed -i '1 a exec &>/dev/null' /etc/s6-overlay/s6-rc.d/init-adduser/run
+
+# https://www.linuxserver.io/blog/2019-09-14-customizing-our-containers
+# To customize the container and start other components 
+COPY container.setup.sh /custom-cont-init.d/setup.sh

scripts/README.md

@@ -3,11 +3,17 @@
 ```bash
 test-bed up -d # start containers
 
-exec-sshuttle <node> [--copy-id] [--sshuttle-bin=/path/to/sshuttle] [sshuttle-args...]
+exec-sshuttle <node-id> [--copy-id] [--server-py=2.7|3.6|3.8] [--client-py=2.7|3.6|3.8] [--sshuttle-bin=/path/to/sshuttle] [sshuttle-args...]
+    # --copy-id  -> optionally do ssh-copy-id to make it passwordless
+    # --sshuttle-bin -> use another sshuttle binary instead of one from dev setup
+    # --server-py  -> Python version to use in server. (manged by pyenv)
+    # --client-py -> Python version to use in client (manged by pyenv)
 
 exec-sshuttle node-1 # start sshuttle to connect to node-1
 
 exec-tool curl node-1  # curl to nginx instance running on node1 via IP that is only reachable via sshuttle
 exec-tool iperf3 node-1 # measure throughput to node-1
 
+run-benchmark node-1 --client-py=3.10
+
 ```

scripts/container.setup.sh

@@ -3,8 +3,6 @@
 
 set -e
 
-echo -e ">>> Setting up $(hostname) | id: $(id) | $(python --version) \nip: $(ip a)\n route: $(ip r)"
-
 function with_set_x() {
     set -x
     "$@"
@@ -15,20 +13,31 @@ function with_set_x() {
     } 2>/dev/null
 }
 
+
+function log() {
+    echo "$*" >&2
+}
+
+log ">>> Setting up $(hostname) | id: $(id)\nIP:\n$(ip a)\nRoutes:\n$(ip r)\npyenv:\n$(pyenv versions)"
+
+echo "
+AcceptEnv PYENV_VERSION
+" >> /etc/ssh/sshd_config
+
 iface="$(ip route | awk '/default/ { print $5 }')"
 default_gw="$(ip route | awk '/default/ { print $3 }')"
 for addr in ${ADD_IP_ADDRESSES//,/ }; do
-    echo ">>> Adding $addr to interface $iface"
+    log ">>> Adding $addr to interface $iface"
     net_addr=$(ipcalc -n "$addr" | awk -F= '{print $2}')
     with_set_x ip addr add "$addr" dev "$iface"
     with_set_x ip route add "$net_addr" via "$default_gw" dev "$iface" # so that sshuttle -N can discover routes
 done
 
-echo ">>> Starting iperf3 server"
+log ">>> Starting iperf3 server"
 iperf3 --server --port 5001 &
 
 mkdir -p /www
-echo -e "<h5>Hello from $(hostname)</h5>
+echo "<h5>Hello from $(hostname)</h5>
 <pre>
 <u>ip address</u>
 $(ip address)
@@ -52,5 +61,5 @@ http {
     }
 }" >/etc/nginx/nginx.conf
 
-echo ">>> Starting nginx"
+log ">>> Starting nginx"
-exec nginx
+nginx &

scripts/exec-sshuttle

@@ -11,7 +11,12 @@ function with_set_x() {
     } 2>/dev/null
 }
 
+function log() {
+    echo "$*" >&2
+}
+
 ssh_cmd='ssh -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null'
+ssh_copy_id=false
 args=()
 while [[ $# -gt 0 ]]; do
     arg=$1
@@ -20,10 +25,23 @@ while [[ $# -gt 0 ]]; do
     -v)
         ssh_cmd+='-v'
         ;;
+    -r)
+        args+=("$arg" "$1")
+        shift
+        continue
+        ;;
     --copy-id)
         ssh_copy_id=true
         continue
         ;;
+    --server-py=*)
+        server_pyenv_ver="${arg#*=}"
+        continue
+        ;;
+    --client-py=*)
+        client_pyenv_ver="${arg#*=}"
+        continue
+        ;;
     -6)
         ipv6_only=true
         continue
@@ -47,6 +65,9 @@ port="2222"
 user="test:test"
 
 if [[ $node == node-* ]]; then
+    pycmd="/pyenv/shims/python"
+    ssh_cmd+=" -o SetEnv=PYENV_VERSION=${server_pyenv_ver:-'3'}"
+    args=("--python=$pycmd" "${args[@]}")
     host=$("$(dirname "$0")/test-bed" get-ip "$node")
     index=${node#node-}
     if [[ $ipv6_only == true ]]; then
@@ -58,27 +79,45 @@ else
     host=$node
 fi
 
-if [[ "${#args[@]}" -ne 0  && "${args[$((${#args[@]} - 1))]}" != *.* && "${args[$((${#args[@]} - 1))]}" != *:* ]]; then
-    echo "No subnet specified. Using -N" >&2
-    args+=('-N')
-fi
-
 if ! command -v sshpass >/dev/null; then
-    echo "sshpass is not found. You might have to manually enter ssh password: 'test'" >&2
+    log "sshpass is not found. You might have to manually enter ssh password: 'test'"
     user=${user%:*}
 fi
 
 if [[ $ssh_copy_id == true ]]; then
-    echo "Trying to make it passwordless" >&2
+    log "Trying to make it passwordless"
     with_set_x ssh-copy-id -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -p "$port" "$user@$host"
 fi
 
 if [[ -z $sshuttle_bin || "$sshuttle_bin" == dev ]]; then
     cd "$(dirname "$0")/.."
     export PYTHONPATH="."
-    sshuttle_bin="./run"
+    if [[ -n $client_pyenv_ver ]]; then
+        log "Using pyenv version: $client_pyenv_ver"
+        command -v pyenv &>/dev/null || log "You have to install pyenv to use --client-py" && exit 1
+        sshuttle_cmd=(/usr/bin/env PYENV_VERSION="$client_pyenv_ver" pyenv exec python -m sshuttle)
+    else
+        log "Using best python version availble"
+        if [ -x "$(command -v python3)" ] &&
+            python3 -c "import sys; sys.exit(not sys.version_info > (3, 5))"; then
+            sshuttle_cmd=(python3 -m sshuttle)
+        else
+            sshuttle_cmd=(python -m sshuttle)
+        fi
+    fi
+else
+    [[ -n $client_pyenv_ver ]] && log "Can't specify --client-py when --sshuttle-bin is specified" && exit 1
+    sshuttle_cmd=("$sshuttle_bin")
+fi
+
+if [[ " ${args[*]} " != *" --ssh-cmd "* ]]; then
+    args=("--ssh-cmd" "$ssh_cmd" "${args[@]}")
+fi
+
+if [[ " ${args[*]} " != *" -r "* ]]; then
+    args=("-r" "$user@$host:$port" "${args[@]}")
 fi
 
 set -x
-$sshuttle_bin --version
+"${sshuttle_cmd[@]}" --version
-exec "${sshuttle_bin}" -r "$user@$host:$port" --ssh-cmd "$ssh_cmd" "${args[@]}"
+exec "${sshuttle_cmd[@]}" "${args[@]}"

scripts/exec-tool

@@ -1,6 +1,22 @@
 #!/usr/bin/env bash
 set -e
 
+
+function with_set_x() {
+    set -x
+    "$@"
+    {
+        ec=$?
+        set +x
+        return $ec
+    } 2>/dev/null
+}
+
+function log() {
+    echo "$*" >&2
+}
+
+
 args=()
 while [[ $# -gt 0 ]]; do
     arg=$1
@@ -40,16 +56,6 @@ fi
 
 connect_timeout_sec=3
 
-function with_set_x() {
-    set -x
-    "$@"
-    {
-        ec=$?
-        set +x
-        return $ec
-    } 2>/dev/null
-}
-
 case "$tool" in
 ping)
     with_set_x exec ping -W $connect_timeout_sec "${args[@]}" "$host"
@@ -74,7 +80,7 @@ ab)
     with_set_x exec ab -s $connect_timeout_sec "${args[@]}" "http://$host:$port/"
     ;;
 *)
-    echo "Unknown tool: $tool" >&2
+    log "Unknown tool: $tool"
     exit 2
     ;;
 esac

scripts/run-benchmark

@@ -12,13 +12,17 @@ function with_set_x() {
     } 2>/dev/null
 }
 
+function log() {
+    echo "$*" >&2
+}
+
 ./test-bed up -d
 
 benchmark() {
-    local sshuttle_bin="${1?:}"
+    log -e "\n======== Benchmarking sshuttle | Args: [$*]  ========"
-    local node="${2:-"node-1"}"
+    local node=$1
-    echo -e "\n======== Benchmarking sshuttle: $sshuttle_bin  ========"
+    shift
-    with_set_x ./exec-sshuttle "$node" --sshuttle-bin="$sshuttle_bin" --listen 55771 &
+    with_set_x ./exec-sshuttle "$node" --listen 55771 "$@" &
     sshuttle_pid=$!
     trap 'kill -0 $sshuttle_pid &>/dev/null && kill -15 $sshuttle_pid' EXIT
     while ! nc -z localhost 55771; do sleep 0.1; done
@@ -28,9 +32,9 @@ benchmark() {
     wait $sshuttle_pid || true
 }
 
-if [[ "$1" ]]; then
+if [[ $# -gt 0 ]]; then
-    benchmark "$1"
+    benchmark "${@}"
 else
-    benchmark "${SSHUTTLE_BIN:-sshuttle}" node-1
+    benchmark node-1 --sshuttle-bin="${SSHUTTLE_BIN:-sshuttle}"
-    benchmark dev node-1
+    benchmark node-1 --sshuttle-bin=dev
 fi

scripts/test-bed

@@ -18,7 +18,7 @@ function with_set_x() {
 
 function build() {
     # podman build -t ghcr.io/sshuttle/sshuttle-testbed .
-    with_set_x docker build -t ghcr.io/sshuttle/sshuttle-testbed -f Containerfile .
+    with_set_x docker build --progress=plain -t ghcr.io/sshuttle/sshuttle-testbed -f Containerfile .
 }
 
 function compose() {

sshuttle/methods/windivert.py

@@ -413,15 +413,15 @@ class Method(BaseMethod):
                 first_ip = ip_net.network_address.exploded
                 last_ip = ip_net.broadcast_address.exploded
                 if first_ip == last_ip:
-                    _subney_filter = f"{af.filter}.DstAddr=={first_ip}"
+                    _subnet_filter = f"{af.filter}.DstAddr=={first_ip}"
                 else:
-                    _subney_filter = f"{af.filter}.DstAddr>={first_ip} and {af.filter}.DstAddr<={last_ip}"
+                    _subnet_filter = f"{af.filter}.DstAddr>={first_ip} and {af.filter}.DstAddr<={last_ip}"
                 if ports:
                     if ports[0] == ports[1]:
-                        _subney_filter += f" and {proto.filter}.DstPort=={ports[0]}"
+                        _subnet_filter += f" and {proto.filter}.DstPort=={ports[0]}"
                     else:
-                        _subney_filter += f" and tcp.DstPort>={ports[0]} and tcp.DstPort<={ports[1]}"
+                        _subnet_filter += f" and tcp.DstPort>={ports[0]} and tcp.DstPort<={ports[1]}"
-                (subnet_exclude_filters if exclude else subnet_include_filters).append(f'({_subney_filter})')
+                (subnet_exclude_filters if exclude else subnet_include_filters).append(f"({_subnet_filter})")
             _af_filter = f"{af.filter}"
             if subnet_include_filters:
                 _af_filter += f" and ({' or '.join(subnet_include_filters)})"
@@ -430,7 +430,7 @@ class Method(BaseMethod):
                 _af_filter += f" and (({' or '.join(subnet_exclude_filters)})? false : true)"
             proxy_ip, proxy_port = c["proxy_addr"]
             # Avoids proxy outbound traffic getting directed to itself
-            proxy_guard_filter = f'(({af.filter}.DstAddr=={proxy_ip.exploded} and tcp.DstPort=={proxy_port})? false : true)'
+            proxy_guard_filter = f"(({af.filter}.DstAddr=={proxy_ip.exploded} and tcp.DstPort=={proxy_port})? false : true)"
             _af_filter += f" and {proxy_guard_filter}"
             af_filters.append(_af_filter)
         if not af_filters:

sshuttle/server.py

@@ -5,6 +5,7 @@ import traceback
 import time
 import sys
 import os
+import io
 
 
 import sshuttle.ssnet as ssnet
@@ -281,7 +282,7 @@ def main(latency_control, latency_buffer_size, auto_hosts, to_nameserver,
         sys.stdout.flush()
 
         handlers = []
-        mux = Mux(sys.stdin.buffer, sys.stdout.buffer)
+        mux = Mux(io.FileIO(0, mode='r'), io.FileIO(1, mode='w'))
         handlers.append(mux)
 
         debug1('auto-nets:' + str(auto_nets))

sshuttle/ssh.py

@@ -240,7 +240,8 @@ def connect(ssh_cmd, rhostport, python, stderr, add_cmd_delimiter, options):
                     fd = p.stdout.fileno()
                     for data in iter(lambda: os.read(fd, 16384), b''):
                         s1.sendall(data)
-                        # debug3(f"<<<<< p.stdout.read() {len(data)} {data[:min(32,len(data))]}...")
+                        # debug3("<<<<< p.stdout.read() %d %r...", len(data), data[:min(32, len(data))])
+
                 finally:
                     debug2("Thread 'stream_stdout_to_sock' exiting")
                     s1.close()
@@ -249,7 +250,7 @@ def connect(ssh_cmd, rhostport, python, stderr, add_cmd_delimiter, options):
             def stream_sock_to_stdin():
                 try:
                     for data in iter(lambda: s1.recv(16384), b''):
-                        # debug3(f">>>>> p.stdout.write() {len(data)} {data[:min(32,len(data))]}...")
+                        # debug3("<<<<< p.stdout.write() %d %r...", len(data), data[:min(32, len(data))])
                         while data:
                             n = p.stdin.write(data)
                             data = data[n:]

sshuttle/ssnet.py

@@ -77,7 +77,8 @@ def _fds(socks):
 def _nb_clean(func, *args):
     try:
         return func(*args)
-    except OSError:
+    except (OSError, socket.error):
+        # Note: In python2 socket.error != OSError (In python3, they are same)
         _, e = sys.exc_info()[:2]
         if e.errno not in (errno.EWOULDBLOCK, errno.EAGAIN):
             raise
@@ -433,7 +434,7 @@ class Mux(Handler):
         set_non_blocking_io(self.wfile.fileno())
         if self.outbuf and self.outbuf[0]:
             wrote = _nb_clean(self.wfile.write, self.outbuf[0])
-            self.wfile.flush()
+            # self.wfile.flush()
             debug2('mux wrote: %r/%d' % (wrote, len(self.outbuf[0])))
             if wrote:
                 self.outbuf[0] = self.outbuf[0][wrote:]
@@ -446,6 +447,7 @@ class Mux(Handler):
             # If LATENCY_BUFFER_SIZE is inappropriately large, we will
             # get a MemoryError here. Read no more than 1MiB.
             read = _nb_clean(self.rfile.read, min(1048576, LATENCY_BUFFER_SIZE))
+            debug2('mux read: %r' % len(read))
         except OSError:
             _, e = sys.exc_info()[:2]
             raise Fatal('other end: %r' % e)

tests/client/test_firewall.py

@@ -157,7 +157,7 @@ def test_main(mock_get_method, mock_setup_daemon, mock_rewrite_etc_hosts):
             None,
             None,
             '0x01'),
-        call().wait_for_firewall_ready(os.getpid()),
+        call().wait_for_firewall_ready(12345),
         call().restore_firewall(1024, AF_INET6, True, None, None),
         call().restore_firewall(1025, AF_INET, True, None, None),
     ]