extern/sshuttle
1
1
Fork 0
mirror of https://github.com/sshuttle/sshuttle.git synced 2024-11-22 07:53:43 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #552 from skuhl/systemd-resolved

Browse Source 
Intercept DNS requests sent by systemd-resolved.
This commit is contained in:
Brian May 2020-11-04 16:55:09 +11:00 committed by GitHub
commit 9b036fc689
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 64 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
docs/manpage.rst
View File

@ -104,10 +104,12 @@ Options
Capture local DNS requests and forward to the remote DNS Capture local DNS requests and forward to the remote DNS
server. All queries to any of the local system's DNS server. All queries to any of the local system's DNS
servers (/etc/resolv.conf) will be intercepted and servers (/etc/resolv.conf and, if it exists,
/run/systemd/resolve/resolv.conf) will be intercepted and
resolved on the remote side of the tunnel instead, there resolved on the remote side of the tunnel instead, there
using the DNS specified via the :option:`--to-ns` option, using the DNS specified via the :option:`--to-ns` option,
if specified. if specified. Only plain DNS traffic sent to these servers
on port 53 are captured.
.. option:: --ns-hosts=<server1[,server2[,server3[...]]]> .. option:: --ns-hosts=<server1[,server2[,server3[...]]]>

2
sshuttle/client.py
View File

@ -597,7 +597,7 @@ def main(listenip_v6, listenip_v4,
# redirect packets outgoing to this server to the remote host # redirect packets outgoing to this server to the remote host
# instead. # instead.
if dns: if dns:
nslist += resolvconf_nameservers() nslist += resolvconf_nameservers(True)
if to_nameserver is not None: if to_nameserver is not None:
to_nameserver = "%s@%s" % tuple(to_nameserver[1:]) to_nameserver = "%s@%s" % tuple(to_nameserver[1:])
else: else:

61
sshuttle/helpers.py
View File

@ -49,17 +49,64 @@ class Fatal(Exception):
pass pass
def resolvconf_nameservers(): def resolvconf_nameservers(systemd_resolved):
lines = [] """Retrieves a list of tuples (address type, address as a string) of
for line in open('/etc/resolv.conf'): the DNS servers used by the system to resolve hostnames.
If parameter is False, DNS servers are retrieved from only
/etc/resolv.conf. This behavior makes sense for the sshuttle
server.
If parameter is True, we retrieve information from both
/etc/resolv.conf and /run/systemd/resolve/resolv.conf (if it
exists). This behavior makes sense for the sshuttle client.
"""
# Historically, we just needed to read /etc/resolv.conf.
#
# If systemd-resolved is active, /etc/resolv.conf will point to
# localhost and the actual DNS servers that systemd-resolved uses
# are stored in /run/systemd/resolve/resolv.conf. For programs
# that use the localhost DNS server, having sshuttle read
# /etc/resolv.conf is sufficient. However, resolved provides other
# ways of resolving hostnames (such as via dbus) that may not
# route requests through localhost. So, we retrieve a list of DNS
# servers that resolved uses so we can intercept those as well.
#
# For more information about systemd-resolved, see:
# https://www.freedesktop.org/software/systemd/man/systemd-resolved.service.html
#
# On machines without systemd-resolved, we expect opening the
# second file will fail.
files = ['/etc/resolv.conf']
if systemd_resolved:
files += ['/run/systemd/resolve/resolv.conf']
nsservers = []
for f in files:
this_file_nsservers = []
try:
for line in open(f):
words = line.lower().split() words = line.lower().split()
if len(words) >= 2 and words[0] == 'nameserver': if len(words) >= 2 and words[0] == 'nameserver':
lines.append(family_ip_tuple(words[1])) this_file_nsservers.append(family_ip_tuple(words[1]))
return lines debug2("Found DNS servers in %s: %s\n" %
(f, [n[1] for n in this_file_nsservers]))
nsservers += this_file_nsservers
except OSError as e:
debug3("Failed to read %s when looking for DNS servers: %s\n" %
(f, e.strerror))
return nsservers
def resolvconf_random_nameserver(): def resolvconf_random_nameserver(systemd_resolved):
lines = resolvconf_nameservers() """Return a random nameserver selected from servers produced by
resolvconf_nameservers(). See documentation for
resolvconf_nameservers() for a description of the parameter.
"""
lines = resolvconf_nameservers(systemd_resolved)
if lines: if lines:
if len(lines) > 1: if len(lines) > 1:
# don't import this unless we really need it # don't import this unless we really need it

2
sshuttle/server.py
View File

@ -183,7 +183,7 @@ class DnsProxy(Handler):
self.tries += 1 self.tries += 1
if self.to_nameserver is None: if self.to_nameserver is None:
_, peer = resolvconf_random_nameserver() _, peer = resolvconf_random_nameserver(False)
port = 53 port = 53
else: else:
peer = self.to_ns_peer peer = self.to_ns_peer

4
tests/client/test_helpers.py
View File

@ -131,7 +131,7 @@ nameserver 2404:6800:4004:80c::3
nameserver 2404:6800:4004:80c::4 nameserver 2404:6800:4004:80c::4
""") """)
ns = sshuttle.helpers.resolvconf_nameservers() ns = sshuttle.helpers.resolvconf_nameservers(False)
assert ns == [ assert ns == [
(AF_INET, u'192.168.1.1'), (AF_INET, u'192.168.2.1'), (AF_INET, u'192.168.1.1'), (AF_INET, u'192.168.2.1'),
(AF_INET, u'192.168.3.1'), (AF_INET, u'192.168.4.1'), (AF_INET, u'192.168.3.1'), (AF_INET, u'192.168.4.1'),
@ -156,7 +156,7 @@ nameserver 2404:6800:4004:80c::2
nameserver 2404:6800:4004:80c::3 nameserver 2404:6800:4004:80c::3
nameserver 2404:6800:4004:80c::4 nameserver 2404:6800:4004:80c::4
""") """)
ns = sshuttle.helpers.resolvconf_random_nameserver() ns = sshuttle.helpers.resolvconf_random_nameserver(False)
assert ns in [ assert ns in [
(AF_INET, u'192.168.1.1'), (AF_INET, u'192.168.2.1'), (AF_INET, u'192.168.1.1'), (AF_INET, u'192.168.2.1'),
(AF_INET, u'192.168.3.1'), (AF_INET, u'192.168.4.1'), (AF_INET, u'192.168.3.1'), (AF_INET, u'192.168.4.1'),