extern/sshuttle
1
1
Fork 0
mirror of https://github.com/sshuttle/sshuttle.git synced 2024-11-23 08:23:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Fixes some style issues and minor bugs

Browse Source
This commit is contained in:
vieira 2017-11-11 01:30:58 +00:00 committed by Brian May
parent 9f238ebca8
commit 71d65f3831
17 changed files with 78 additions and 86 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
.prospector.yml
View File

@ -10,6 +10,11 @@ pylint:
- bare-except - bare-except
- protected-access - protected-access
- no-else-return - no-else-return
- unused-argument
- method-hidden
- arguments-differ
- wrong-import-position
- raising-bad-type
pep8: pep8:
options: options:

12
sshuttle/client.py
View File

@ -112,8 +112,8 @@ def daemon_cleanup():
class MultiListener: class MultiListener:
def __init__(self, type=socket.SOCK_STREAM, proto=0): def __init__(self, kind=socket.SOCK_STREAM, proto=0):
self.type = type self.type = kind
self.proto = proto self.proto = proto
self.v6 = None self.v6 = None
self.v4 = None self.v4 = None
@ -746,22 +746,22 @@ def main(listenip_v6, listenip_v4,
# Last minute sanity checks. # Last minute sanity checks.
# These should never fail. # These should never fail.
# If these do fail, something is broken above. # If these do fail, something is broken above.
if len(subnets_v6) > 0: if subnets_v6:
assert required.ipv6 assert required.ipv6
if redirectport_v6 == 0: if redirectport_v6 == 0:
raise Fatal("IPv6 subnets defined but not listening") raise Fatal("IPv6 subnets defined but not listening")
if len(nslist_v6) > 0: if nslist_v6:
assert required.dns assert required.dns
assert required.ipv6 assert required.ipv6
if dnsport_v6 == 0: if dnsport_v6 == 0:
raise Fatal("IPv6 ns servers defined but not listening") raise Fatal("IPv6 ns servers defined but not listening")
if len(subnets_v4) > 0: if subnets_v4:
if redirectport_v4 == 0: if redirectport_v4 == 0:
raise Fatal("IPv4 subnets defined but not listening") raise Fatal("IPv4 subnets defined but not listening")
if len(nslist_v4) > 0: if nslist_v4:
if dnsport_v4 == 0: if dnsport_v4 == 0:
raise Fatal("IPv4 ns servers defined but not listening") raise Fatal("IPv4 ns servers defined but not listening")

4
sshuttle/cmdline.py
View File

@ -45,8 +45,8 @@ def main():
if opt.listen: if opt.listen:
ipport_v6 = None ipport_v6 = None
ipport_v4 = None ipport_v4 = None
list = opt.listen.split(",") lst = opt.listen.split(",")
for ip in list: for ip in lst:
family, ip, port = parse_ipport(ip) family, ip, port = parse_ipport(ip)
if family == socket.AF_INET6: if family == socket.AF_INET6:
ipport_v6 = (ip, port) ipport_v6 = (ip, port)

11
sshuttle/firewall.py
View File

@ -2,6 +2,7 @@ import errno
import socket import socket
import signal import signal
import sshuttle.ssyslog as ssyslog import sshuttle.ssyslog as ssyslog
import sshuttle.sdnotify as sdnotify
import sys import sys
import os import os
import platform import platform
@ -164,7 +165,7 @@ def main(method_name, syslog):
_, _, ports = line.partition(" ") _, _, ports = line.partition(" ")
ports = ports.split(",") ports = ports.split(",")
if len(ports) != 4: if len(ports) != 4:
raise Fatal('firewall: expected 4 ports but got %n' % len(ports)) raise Fatal('firewall: expected 4 ports but got %d' % len(ports))
port_v6 = int(ports[0]) port_v6 = int(ports[0])
port_v4 = int(ports[1]) port_v4 = int(ports[1])
dnsport_v6 = int(ports[2]) dnsport_v6 = int(ports[2])
@ -203,14 +204,14 @@ def main(method_name, syslog):
try: try:
debug1('firewall manager: setting up.\n') debug1('firewall manager: setting up.\n')
if len(subnets_v6) > 0 or len(nslist_v6) > 0: if subnets_v6 or nslist_v6:
debug2('firewall manager: setting up IPv6.\n') debug2('firewall manager: setting up IPv6.\n')
method.setup_firewall( method.setup_firewall(
port_v6, dnsport_v6, nslist_v6, port_v6, dnsport_v6, nslist_v6,
socket.AF_INET6, subnets_v6, udp, socket.AF_INET6, subnets_v6, udp,
user) user)
if len(subnets_v4) > 0 or len(nslist_v4) > 0: if subnets_v4 or nslist_v4:
debug2('firewall manager: setting up IPv4.\n') debug2('firewall manager: setting up IPv4.\n')
method.setup_firewall( method.setup_firewall(
port_v4, dnsport_v4, nslist_v4, port_v4, dnsport_v4, nslist_v4,
@ -249,7 +250,7 @@ def main(method_name, syslog):
pass pass
try: try:
if len(subnets_v6) > 0 or len(nslist_v6) > 0: if subnets_v6 or nslist_v6:
debug2('firewall manager: undoing IPv6 changes.\n') debug2('firewall manager: undoing IPv6 changes.\n')
method.restore_firewall(port_v6, socket.AF_INET6, udp, user) method.restore_firewall(port_v6, socket.AF_INET6, udp, user)
except: except:
@ -262,7 +263,7 @@ def main(method_name, syslog):
pass pass
try: try:
if len(subnets_v4) > 0 or len(nslist_v4) > 0: if subnets_v4 or nslist_v4:
debug2('firewall manager: undoing IPv4 changes.\n') debug2('firewall manager: undoing IPv4 changes.\n')
method.restore_firewall(port_v4, socket.AF_INET, udp, user) method.restore_firewall(port_v4, socket.AF_INET, udp, user)
except: except:

2
sshuttle/hostwatch.py
View File

@ -251,7 +251,7 @@ def _enqueue(op, *args):
def _stdin_still_ok(timeout): def _stdin_still_ok(timeout):
r, w, x = select.select([sys.stdin.fileno()], [], [], timeout) r, _, _ = select.select([sys.stdin.fileno()], [], [], timeout)
if r: if r:
b = os.read(sys.stdin.fileno(), 4096) b = os.read(sys.stdin.fileno(), 4096)
if not b: if not b:

3
sshuttle/methods/__init__.py
View File

@ -74,7 +74,8 @@ class BaseMethod(object):
"Feature %s not supported with method %s.\n" % "Feature %s not supported with method %s.\n" %
(key, self.name)) (key, self.name))
def setup_firewall(self, port, dnsport, nslist, family, subnets, udp, user): def setup_firewall(self, port, dnsport, nslist, family, subnets, udp,
user):
raise NotImplementedError() raise NotImplementedError()
def restore_firewall(self, port, family, udp, user): def restore_firewall(self, port, family, udp, user):

33
sshuttle/methods/ipfw.py
View File

@ -1,6 +1,4 @@
import os import os
import sys
import struct
import subprocess as ssubprocess import subprocess as ssubprocess
from sshuttle.methods import BaseMethod from sshuttle.methods import BaseMethod
from sshuttle.helpers import log, debug1, debug3, \ from sshuttle.helpers import log, debug1, debug3, \
@ -31,9 +29,9 @@ IPV6_RECVDSTADDR = 74
if recvmsg == "python": if recvmsg == "python":
def recv_udp(listener, bufsize): def recv_udp(listener, bufsize):
debug3('Accept UDP python using recvmsg.\n') debug3('Accept UDP python using recvmsg.\n')
data, ancdata, msg_flags, srcip = listener.recvmsg(4096, socket.CMSG_SPACE(4)) data, ancdata, _, srcip = \
listener.recvmsg(4096, socket.CMSG_SPACE(4))
dstip = None dstip = None
family = None
for cmsg_level, cmsg_type, cmsg_data in ancdata: for cmsg_level, cmsg_type, cmsg_data in ancdata:
if cmsg_level == socket.SOL_IP and cmsg_type == IP_RECVDSTADDR: if cmsg_level == socket.SOL_IP and cmsg_type == IP_RECVDSTADDR:
port = 53 port = 53
@ -44,13 +42,13 @@ if recvmsg == "python":
elif recvmsg == "socket_ext": elif recvmsg == "socket_ext":
def recv_udp(listener, bufsize): def recv_udp(listener, bufsize):
debug3('Accept UDP using socket_ext recvmsg.\n') debug3('Accept UDP using socket_ext recvmsg.\n')
srcip, data, adata, flags = listener.recvmsg((bufsize,), socket.CMSG_SPACE(4)) srcip, data, adata, _ = \
listener.recvmsg((bufsize,), socket.CMSG_SPACE(4))
dstip = None dstip = None
family = None
for a in adata: for a in adata:
if a.cmsg_level == socket.SOL_IP and a.cmsg_type == IP_RECVDSTADDR: if a.cmsg_level == socket.SOL_IP and a.cmsg_type == IP_RECVDSTADDR:
port = 53 port = 53
ip = socket.inet_ntop(socket.AF_INET, cmsg_data[0:4]) ip = socket.inet_ntop(socket.AF_INET, a.cmsg_data[0:4])
dstip = (ip, port) dstip = (ip, port)
break break
return (srcip, dstip, data[0]) return (srcip, dstip, data[0])
@ -75,7 +73,7 @@ def ipfw_rule_exists(n):
if not ('ipttl 42' in line or 'check-state' in line): if not ('ipttl 42' in line or 'check-state' in line):
log('non-sshuttle ipfw rule: %r\n' % line.strip()) log('non-sshuttle ipfw rule: %r\n' % line.strip())
raise Fatal('non-sshuttle ipfw rule #%d already exists!' % n) raise Fatal('non-sshuttle ipfw rule #%d already exists!' % n)
found = True found = True
rv = p.wait() rv = p.wait()
if rv: if rv:
raise Fatal('%r returned %d' % (argv, rv)) raise Fatal('%r returned %d' % (argv, rv))
@ -193,7 +191,8 @@ class Method(BaseMethod):
#if udp_listener.v6 is not None: #if udp_listener.v6 is not None:
# udp_listener.v6.setsockopt(SOL_IPV6, IPV6_RECVDSTADDR, 1) # udp_listener.v6.setsockopt(SOL_IPV6, IPV6_RECVDSTADDR, 1)
def setup_firewall(self, port, dnsport, nslist, family, subnets, udp, user): def setup_firewall(self, port, dnsport, nslist, family, subnets, udp,
user):
# IPv6 not supported # IPv6 not supported
if family not in [socket.AF_INET]: if family not in [socket.AF_INET]:
raise Exception( raise Exception(
@ -224,7 +223,7 @@ class Method(BaseMethod):
ipfw_noexit('table', '124', 'flush') ipfw_noexit('table', '124', 'flush')
dnscount = 0 dnscount = 0
for f, ip in [i for i in nslist if i[0] == family]: for _, ip in [i for i in nslist if i[0] == family]:
ipfw('table', '124', 'add', '%s' % (ip)) ipfw('table', '124', 'add', '%s' % (ip))
dnscount += 1 dnscount += 1
if dnscount > 0: if dnscount > 0:
@ -232,23 +231,14 @@ class Method(BaseMethod):
'udp', 'udp',
'from', 'any', 'to', 'table(124)', 'from', 'any', 'to', 'table(124)',
'not', 'ipttl', '42') 'not', 'ipttl', '42')
"""if udp: ipfw('add', '1', 'allow',
ipfw('add', '1', 'skipto', '2',
'udp',
'from', 'any', 'to', 'table(125)')
ipfw('add', '1', 'fwd', '127.0.0.1,%d' % port,
'udp',
'from', 'any', 'to', 'table(126)',
'not', 'ipttl', '42')
"""
ipfw('add', '1', 'allow',
'udp', 'udp',
'from', 'any', 'to', 'any', 'from', 'any', 'to', 'any',
'ipttl', '42') 'ipttl', '42')
if subnets: if subnets:
# create new subnet entries # create new subnet entries
for f, swidth, sexclude, snet \ for _, swidth, sexclude, snet \
in sorted(subnets, key=lambda s: s[1], reverse=True): in sorted(subnets, key=lambda s: s[1], reverse=True):
if sexclude: if sexclude:
ipfw('table', '125', 'add', '%s/%s' % (snet, swidth)) ipfw('table', '125', 'add', '%s/%s' % (snet, swidth))
@ -265,4 +255,3 @@ class Method(BaseMethod):
ipfw_noexit('table', '124', 'flush') ipfw_noexit('table', '124', 'flush')
ipfw_noexit('table', '125', 'flush') ipfw_noexit('table', '125', 'flush')
ipfw_noexit('table', '126', 'flush') ipfw_noexit('table', '126', 'flush')

11
sshuttle/methods/nat.py
View File

@ -12,7 +12,8 @@ class Method(BaseMethod):
# the multiple copies shouldn't have overlapping subnets, or only the most- # the multiple copies shouldn't have overlapping subnets, or only the most-
# recently-started one will win (because we use "-I OUTPUT 1" instead of # recently-started one will win (because we use "-I OUTPUT 1" instead of
# "-A OUTPUT"). # "-A OUTPUT").
def setup_firewall(self, port, dnsport, nslist, family, subnets, udp, user): def setup_firewall(self, port, dnsport, nslist, family, subnets, udp,
user):
# only ipv4 supported with NAT # only ipv4 supported with NAT
if family != socket.AF_INET: if family != socket.AF_INET:
raise Exception( raise Exception(
@ -50,7 +51,7 @@ class Method(BaseMethod):
_ipt('-I', 'PREROUTING', '1', *args) _ipt('-I', 'PREROUTING', '1', *args)
# create new subnet entries. # create new subnet entries.
for f, swidth, sexclude, snet, fport, lport \ for _, swidth, sexclude, snet, fport, lport \
in sorted(subnets, key=subnet_weight, reverse=True): in sorted(subnets, key=subnet_weight, reverse=True):
tcp_ports = ('-p', 'tcp') tcp_ports = ('-p', 'tcp')
if fport: if fport:
@ -65,7 +66,7 @@ class Method(BaseMethod):
'--dest', '%s/%s' % (snet, swidth), '--dest', '%s/%s' % (snet, swidth),
*(tcp_ports + ('--to-ports', str(port)))) *(tcp_ports + ('--to-ports', str(port))))
for f, ip in [i for i in nslist if i[0] == family]: for _, ip in [i for i in nslist if i[0] == family]:
_ipt_ttl('-A', chain, '-j', 'REDIRECT', _ipt_ttl('-A', chain, '-j', 'REDIRECT',
'--dest', '%s/32' % ip, '--dest', '%s/32' % ip,
'-p', 'udp', '-p', 'udp',
@ -97,8 +98,8 @@ class Method(BaseMethod):
# basic cleanup/setup of chains # basic cleanup/setup of chains
if ipt_chain_exists(family, table, chain): if ipt_chain_exists(family, table, chain):
if user is not None: if user is not None:
nonfatal(_ipm, '-D', 'OUTPUT', '-m', 'owner', '--uid-owner', str(user), nonfatal(_ipm, '-D', 'OUTPUT', '-m', 'owner', '--uid-owner',
'-j', 'MARK', '--set-mark', str(port)) str(user), '-j', 'MARK', '--set-mark', str(port))
args = '-m', 'mark', '--mark', str(port), '-j', chain args = '-m', 'mark', '--mark', str(port), '-j', chain
else: else:
args = '-j', chain args = '-j', chain

34
sshuttle/methods/pf.py
View File

@ -115,21 +115,21 @@ class Generic(object):
if ('\nanchor "%s"' % anchor).encode('ASCII') not in status: if ('\nanchor "%s"' % anchor).encode('ASCII') not in status:
self._add_anchor_rule(self.PF_PASS, anchor.encode('ASCII')) self._add_anchor_rule(self.PF_PASS, anchor.encode('ASCII'))
def _add_anchor_rule(self, type, name, pr=None): def _add_anchor_rule(self, kind, name, pr=None):
if pr is None: if pr is None:
pr = self.pfioc_rule() pr = self.pfioc_rule()
memmove(addressof(pr) + self.ANCHOR_CALL_OFFSET, name, memmove(addressof(pr) + self.ANCHOR_CALL_OFFSET, name,
min(self.MAXPATHLEN, len(name))) # anchor_call = name min(self.MAXPATHLEN, len(name))) # anchor_call = name
memmove(addressof(pr) + self.RULE_ACTION_OFFSET, memmove(addressof(pr) + self.RULE_ACTION_OFFSET,
struct.pack('I', type), 4) # rule.action = type struct.pack('I', kind), 4) # rule.action = kind
memmove(addressof(pr) + self.ACTION_OFFSET, struct.pack( memmove(addressof(pr) + self.ACTION_OFFSET, struct.pack(
'I', self.PF_CHANGE_GET_TICKET), 4) # action = PF_CHANGE_GET_TICKET 'I', self.PF_CHANGE_GET_TICKET), 4) # action = PF_CHANGE_GET_TICKET
ioctl(pf_get_dev(), pf.DIOCCHANGERULE, pr) ioctl(pf_get_dev(), pf.DIOCCHANGERULE, pr)
memmove(addressof(pr) + self.ACTION_OFFSET, struct.pack( memmove(addressof(pr) + self.ACTION_OFFSET, struct.pack(
'I', self.PF_CHANGE_ADD_TAIL), 4) # action = PF_CHANGE_ADD_TAIL 'I', self.PF_CHANGE_ADD_TAIL), 4) # action = PF_CHANGE_ADD_TAIL
ioctl(pf_get_dev(), pf.DIOCCHANGERULE, pr) ioctl(pf_get_dev(), pf.DIOCCHANGERULE, pr)
@staticmethod @staticmethod
@ -176,9 +176,6 @@ class FreeBsd(Generic):
freebsd.pfioc_natlook = pfioc_natlook freebsd.pfioc_natlook = pfioc_natlook
return freebsd return freebsd
def __init__(self):
super(FreeBsd, self).__init__()
def enable(self): def enable(self):
returncode = ssubprocess.call(['kldload', 'pf']) returncode = ssubprocess.call(['kldload', 'pf'])
super(FreeBsd, self).enable() super(FreeBsd, self).enable()
@ -197,14 +194,14 @@ class FreeBsd(Generic):
self._add_anchor_rule(self.PF_RDR, anchor.encode('ASCII')) self._add_anchor_rule(self.PF_RDR, anchor.encode('ASCII'))
super(FreeBsd, self).add_anchors(anchor, status=status) super(FreeBsd, self).add_anchors(anchor, status=status)
def _add_anchor_rule(self, type, name): def _add_anchor_rule(self, kind, name, pr=None):
pr = self.pfioc_rule() pr = pr or self.pfioc_rule()
ppa = self.pfioc_pooladdr() ppa = self.pfioc_pooladdr()
ioctl(pf_get_dev(), self.DIOCBEGINADDRS, ppa) ioctl(pf_get_dev(), self.DIOCBEGINADDRS, ppa)
# pool ticket # pool ticket
memmove(addressof(pr) + self.POOL_TICKET_OFFSET, ppa[4:8], 4) memmove(addressof(pr) + self.POOL_TICKET_OFFSET, ppa[4:8], 4)
super(FreeBsd, self)._add_anchor_rule(type, name, pr=pr) super(FreeBsd, self)._add_anchor_rule(kind, name, pr=pr)
def add_rules(self, anchor, includes, port, dnsport, nslist, family): def add_rules(self, anchor, includes, port, dnsport, nslist, family):
inet_version = self._inet_version(family) inet_version = self._inet_version(family)
@ -224,7 +221,7 @@ class FreeBsd(Generic):
for exclude, subnet in includes for exclude, subnet in includes
] ]
if len(nslist) > 0: if nslist:
tables.append( tables.append(
b'table <dns_servers> {%s}' % b'table <dns_servers> {%s}' %
b','.join([ns[1].encode("ASCII") for ns in nslist])) b','.join([ns[1].encode("ASCII") for ns in nslist]))
@ -294,7 +291,7 @@ class OpenBsd(Generic):
for exclude, subnet in includes for exclude, subnet in includes
] ]
if len(nslist) > 0: if nslist:
tables.append( tables.append(
b'table <dns_servers> {%s}' % b'table <dns_servers> {%s}' %
b','.join([ns[1].encode("ASCII") for ns in nslist])) b','.join([ns[1].encode("ASCII") for ns in nslist]))
@ -440,11 +437,8 @@ class Method(BaseMethod):
return sock.getsockname() return sock.getsockname()
def setup_firewall(self, port, dnsport, nslist, family, subnets, udp, user): def setup_firewall(self, port, dnsport, nslist, family, subnets, udp,
tables = [] user):
translating_rules = []
filtering_rules = []
if family not in [socket.AF_INET, socket.AF_INET6]: if family not in [socket.AF_INET, socket.AF_INET6]:
raise Exception( raise Exception(
'Address family "%s" unsupported by pf method_name' 'Address family "%s" unsupported by pf method_name'
@ -452,12 +446,12 @@ class Method(BaseMethod):
if udp: if udp:
raise Exception("UDP not supported by pf method_name") raise Exception("UDP not supported by pf method_name")
if len(subnets) > 0: if subnets:
includes = [] includes = []
# If a given subnet is both included and excluded, list the # If a given subnet is both included and excluded, list the
# exclusion first; the table will ignore the second, opposite # exclusion first; the table will ignore the second, opposite
# definition # definition
for f, swidth, sexclude, snet, fport, lport \ for _, swidth, sexclude, snet, fport, lport \
in sorted(subnets, key=subnet_weight, reverse=True): in sorted(subnets, key=subnet_weight, reverse=True):
includes.append((sexclude, b"%s/%d%s" % ( includes.append((sexclude, b"%s/%d%s" % (
snet.encode("ASCII"), snet.encode("ASCII"),

11
sshuttle/methods/tproxy.py
View File

@ -33,7 +33,7 @@ IPV6_RECVORIGDSTADDR = IPV6_ORIGDSTADDR
if recvmsg == "python": if recvmsg == "python":
def recv_udp(listener, bufsize): def recv_udp(listener, bufsize):
debug3('Accept UDP python using recvmsg.\n') debug3('Accept UDP python using recvmsg.\n')
data, ancdata, msg_flags, srcip = listener.recvmsg( data, ancdata, _, srcip = listener.recvmsg(
4096, socket.CMSG_SPACE(24)) 4096, socket.CMSG_SPACE(24))
dstip = None dstip = None
family = None family = None
@ -64,7 +64,7 @@ if recvmsg == "python":
elif recvmsg == "socket_ext": elif recvmsg == "socket_ext":
def recv_udp(listener, bufsize): def recv_udp(listener, bufsize):
debug3('Accept UDP using socket_ext recvmsg.\n') debug3('Accept UDP using socket_ext recvmsg.\n')
srcip, data, adata, flags = listener.recvmsg( srcip, data, adata, _ = listener.recvmsg(
(bufsize,), socket.CMSG_SPACE(24)) (bufsize,), socket.CMSG_SPACE(24))
dstip = None dstip = None
family = None family = None
@ -150,7 +150,8 @@ class Method(BaseMethod):
if udp_listener.v6 is not None: if udp_listener.v6 is not None:
udp_listener.v6.setsockopt(SOL_IPV6, IPV6_RECVORIGDSTADDR, 1) udp_listener.v6.setsockopt(SOL_IPV6, IPV6_RECVORIGDSTADDR, 1)
def setup_firewall(self, port, dnsport, nslist, family, subnets, udp, user): def setup_firewall(self, port, dnsport, nslist, family, subnets, udp,
user):
if family not in [socket.AF_INET, socket.AF_INET6]: if family not in [socket.AF_INET, socket.AF_INET6]:
raise Exception( raise Exception(
'Address family "%s" unsupported by tproxy method' 'Address family "%s" unsupported by tproxy method'
@ -193,7 +194,7 @@ class Method(BaseMethod):
_ipt('-A', tproxy_chain, '-m', 'socket', '-j', divert_chain, _ipt('-A', tproxy_chain, '-m', 'socket', '-j', divert_chain,
'-m', 'udp', '-p', 'udp') '-m', 'udp', '-p', 'udp')
for f, ip in [i for i in nslist if i[0] == family]: for _, ip in [i for i in nslist if i[0] == family]:
_ipt('-A', mark_chain, '-j', 'MARK', '--set-mark', '1', _ipt('-A', mark_chain, '-j', 'MARK', '--set-mark', '1',
'--dest', '%s/32' % ip, '--dest', '%s/32' % ip,
'-m', 'udp', '-p', 'udp', '--dport', '53') '-m', 'udp', '-p', 'udp', '--dport', '53')
@ -203,7 +204,7 @@ class Method(BaseMethod):
'-m', 'udp', '-p', 'udp', '--dport', '53', '-m', 'udp', '-p', 'udp', '--dport', '53',
'--on-port', str(dnsport)) '--on-port', str(dnsport))
for f, swidth, sexclude, snet, fport, lport \ for _, swidth, sexclude, snet, fport, lport \
in sorted(subnets, key=subnet_weight, reverse=True): in sorted(subnets, key=subnet_weight, reverse=True):
tcp_ports = ('-p', 'tcp') tcp_ports = ('-p', 'tcp')
tcp_ports = _ipt_proto_ports(tcp_ports, fport, lport) tcp_ports = _ipt_proto_ports(tcp_ports, fport, lport)

17
sshuttle/options.py
View File

@ -13,9 +13,9 @@ def parse_subnetport_file(s):
raw_config_lines = handle.readlines() raw_config_lines = handle.readlines()
subnets = [] subnets = []
for line_no, line in enumerate(raw_config_lines): for _, line in enumerate(raw_config_lines):
line = line.strip() line = line.strip()
if len(line) == 0: if not line:
continue continue
if line[0] == '#': if line[0] == '#':
continue continue
@ -81,8 +81,8 @@ def parse_ipport(s):
return (family,) + addr[:2] return (family,) + addr[:2]
def parse_list(list): def parse_list(lst):
return re.split(r'[\s,]+', list.strip()) if list else [] return re.split(r'[\s,]+', lst.strip()) if lst else []
class Concat(Action): class Concat(Action):
@ -120,7 +120,8 @@ parser.add_argument(
"-H", "--auto-hosts", "-H", "--auto-hosts",
action="store_true", action="store_true",
help=""" help="""
continuously scan for remote hostnames and update local /etc/hosts as they are found continuously scan for remote hostnames and update local /etc/hosts as
they are found
""" """
) )
parser.add_argument( parser.add_argument(
@ -151,7 +152,8 @@ parser.add_argument(
metavar="IP[:PORT]", metavar="IP[:PORT]",
type=parse_ipport, type=parse_ipport,
help=""" help="""
the DNS server to forward requests to; defaults to servers in /etc/resolv.conf on remote side if not given. the DNS server to forward requests to; defaults to servers in
/etc/resolv.conf on remote side if not given.
""" """
) )
@ -227,7 +229,8 @@ parser.add_argument(
metavar="HOSTNAME[,HOSTNAME]", metavar="HOSTNAME[,HOSTNAME]",
default=[], default=[],
help=""" help="""
comma-separated list of hostnames for initial scan (may be used with or without --auto-hosts) comma-separated list of hostnames for initial scan (may be used with
or without --auto-hosts)
""" """
) )
parser.add_argument( parser.add_argument(

2
sshuttle/sdnotify.py
View File

@ -16,7 +16,7 @@ def _notify(message):
debug1("Error creating socket to notify systemd: %s\n" % e) debug1("Error creating socket to notify systemd: %s\n" % e)
return False return False
if not message: if not message:
return False return False
assert isinstance(message, bytes) assert isinstance(message, bytes)

2
sshuttle/ssh.py
View File

@ -69,7 +69,7 @@ def connect(ssh_cmd, rhostport, python, stderr, options):
rhost = result[0].strip('[') rhost = result[0].strip('[')
if len(result) > 1: if len(result) > 1:
result[1] = result[1].strip(':') result[1] = result[1].strip(':')
if result[1] is not '': if result[1] != '':
portl = ['-p', str(int(result[1]))] portl = ['-p', str(int(result[1]))]
# can't disambiguate IPv6 colons and a port number. pass the hostname # can't disambiguate IPv6 colons and a port number. pass the hostname
# through. # through.

6
sshuttle/ssnet.py
View File

@ -271,7 +271,7 @@ class Handler:
def callback(self, sock): def callback(self, sock):
log('--no callback defined-- %r\n' % self) log('--no callback defined-- %r\n' % self)
(r, w, x) = select.select(self.socks, [], [], 0) (r, _, _) = select.select(self.socks, [], [], 0)
for s in r: for s in r:
v = s.recv(4096) v = s.recv(4096)
if not v: if not v:
@ -350,7 +350,7 @@ class Mux(Handler):
def next_channel(self): def next_channel(self):
# channel 0 is special, so we never allocate it # channel 0 is special, so we never allocate it
for timeout in range(1024): for _ in range(1024):
self.chani += 1 self.chani += 1
if self.chani > MAX_CHANNEL: if self.chani > MAX_CHANNEL:
self.chani = 1 self.chani = 1
@ -479,7 +479,7 @@ class Mux(Handler):
_add(w, self.wsock) _add(w, self.wsock)
def callback(self, sock): def callback(self, sock):
(r, w, x) = select.select([self.rsock], [self.wsock], [], 0) (r, w, _) = select.select([self.rsock], [self.wsock], [], 0)
if self.rsock in r: if self.rsock in r:
self.handle() self.handle()
if self.outbuf and self.wsock in w: if self.outbuf and self.wsock in w:

4
sshuttle/tests/client/test_options.py
View File

@ -51,7 +51,7 @@ def test_parse_subnetport_ip4_with_port():
for ip_repr, ip in _ip4_reprs.items(): for ip_repr, ip in _ip4_reprs.items():
assert sshuttle.options.parse_subnetport(':'.join((ip_repr, '80'))) \ assert sshuttle.options.parse_subnetport(':'.join((ip_repr, '80'))) \
== (socket.AF_INET, ip, 32, 80, 80) == (socket.AF_INET, ip, 32, 80, 80)
assert sshuttle.options.parse_subnetport(':'.join((ip_repr, '80-90'))) \ assert sshuttle.options.parse_subnetport(':'.join((ip_repr, '80-90')))\
== (socket.AF_INET, ip, 32, 80, 90) == (socket.AF_INET, ip, 32, 80, 90)
@ -97,5 +97,5 @@ def test_parse_subnetport_ip6_with_mask_and_port():
for ip_repr, ip in _ip6_reprs.items(): for ip_repr, ip in _ip6_reprs.items():
assert sshuttle.options.parse_subnetport('[' + ip_repr + '/128]:80') \ assert sshuttle.options.parse_subnetport('[' + ip_repr + '/128]:80') \
== (socket.AF_INET6, ip, 128, 80, 80) == (socket.AF_INET6, ip, 128, 80, 80)
assert sshuttle.options.parse_subnetport('[' + ip_repr + '/16]:80-90') \ assert sshuttle.options.parse_subnetport('[' + ip_repr + '/16]:80-90')\
== (socket.AF_INET6, ip, 16, 80, 90) == (socket.AF_INET6, ip, 16, 80, 90)

4
sshuttle/tests/client/test_sdnotify.py
View File

@ -1,6 +1,4 @@
from mock import Mock, patch, call from mock import Mock, patch, call
import sys
import io
import socket import socket
import sshuttle.sdnotify import sshuttle.sdnotify
@ -59,7 +57,7 @@ def test_notify(mock_get, mock_socket):
sock.sendto.return_value = 1 sock.sendto.return_value = 1
mock_get.return_value = '/run/valid_path' mock_get.return_value = '/run/valid_path'
mock_socket.return_value = sock mock_socket.return_value = sock
assert sshuttle.sdnotify.send(*messages) assert sshuttle.sdnotify.send(*messages)
assert sock.sendto.mock_calls == [ assert sock.sendto.mock_calls == [
call(b'\n'.join(messages), socket_path), call(b'\n'.join(messages), socket_path),

3
sshuttle/tests/server/test_server.py
View File

@ -1,8 +1,7 @@
import os
import io import io
import socket import socket
import sshuttle.server import sshuttle.server
from mock import patch, Mock, call from mock import patch, Mock
def test__ipmatch(): def test__ipmatch():