Commit Graph

26 Commits

Author SHA1 Message Date
Brian May
1820264dd5
Merge pull request #647 from skuhl/man-page-updates
Update documentation
2021-05-31 07:48:56 +10:00
Scott Kuhl
851b26cb13 Update documentation
The output in the examples provided in the man page hadn't been
updated as sshuttle changed its output over time.

The example of testing sshuttle without a remote host was removed. It
was the first example previously and it is something that is unlikely
users will wish to do.

Also:
 - Update some --help messages.
 - Manpage: Fix a typo.
 - Manpage: Mention that host specified with -r can be an ssh alias.
 - Eliminate variable only used once.
2021-05-29 21:54:47 -04:00
Scott Kuhl
a7df12cd68 Fix --tmark option
Even when --tmark was used, the iptables code always used '1' for the
mark. This patch corrects the problem.

Previously, it wasn't clear if the tmark should be supplied in
hexadecimal or as an integer. This makes it use hexadecimal, checks
that the input is hexadecimal, and updates the associated
documentation.

This patch also makes --ttl information get passed to the firewall in
a way that matches how other information gets passed. The ttl and
tmark information are passed next to each other in many places and
this patch also makes the order consistent.
2021-05-27 21:48:43 -04:00
Kees Hink
0e51da519f Allow comments in configuration file 2021-02-16 07:51:32 +11:00
Kees Hink
a22c453d5e Remove trailing whitespace 2021-02-16 07:51:32 +11:00
Samuel Bernardo
76b8b83e22 Add .gitignore .vscode/ path. Resolve the issue #374 adding tproxy mark option to allow different network mapping.
Signed-off-by: Samuel Bernardo <samuel@lip.pt>
2020-12-28 10:20:46 +11:00
Brian May
4a65f97c8b Drop testing of Python 3.5
Due to message from CI:

DEPRECATION: Python 3.5 reached the end of its life on September 13th,
2020. Please upgrade your Python as Python 3.5 is no longer maintained.
pip 21.0 will drop support for Python 3.5 in January 2021. pip 21.0 will
remove support for this functionality.
2020-12-16 20:11:13 +11:00
Scott Kuhl
502960d796 Intercept DNS requests sent by systemd-resolved.
Previously, we would find DNS servers we wish to intercept traffic on
by reading /etc/resolv.conf. On systems using systemd-resolved,
/etc/resolv.conf points to localhost and then systemd-resolved
actually uses the DNS servers listed in
/run/systemd/resolve/resolv.conf. Many programs will route the DNS
traffic through localhost as /etc/resolv.conf indicates and sshuttle
would capture it. However, systemd-resolved also provides other
interfaces for programs to resolve hostnames besides the localhost
server in /etc/resolv.conf.

This patch adds systemd-resolved's servers into the list of DNS
servers when --dns is used.

Note that sshuttle will continue to fail to intercept any traffic sent
to port 853 for DNS over TLS (which systemd-resolved also supports).

For more info, see:
sshuttle issue #535
https://www.freedesktop.org/software/systemd/man/systemd-resolved.service.html
https://github.com/systemd/systemd/issues/6076
2020-10-25 12:29:32 -04:00
Scott Kuhl
c02b93e719 nft IPv6 documentation (and other minor doc updates)
Update docs to indicate that IPv6 is supported with the nft method.

- Adds nft into the requirements.rst file.

- Update description of what happens when a hostname is used in a
  subnet.

- Add ipfw to list of methods.

- Indicate that --auto-nets does not work with IPv6. Previously this
  was only mentioned in tproxy.rst

- Clarify that we try to use "python3" on the server before trying
  "python".
2020-10-22 20:17:09 -04:00
Nicolas Stalder
9d704b3503 Document -s/--subnets option in man page 2020-10-19 13:35:03 +02:00
Akimasa Shimobayashi
c0a81353ab
Fix doc about --listen option (#500)
* Can't use this option twice, separate by comma actually.

* Broke the line because it was too long.
2020-08-05 20:28:36 +10:00
Joshua Li
61bbbca956 another python 3.5 change 2020-06-10 16:46:52 -07:00
Brian May
36d34b18da Fix various errors in documentation 2020-02-09 19:45:13 +11:00
Julian Wollrath
3edeb726b8 Simplify nftables based method 2020-02-07 07:53:47 +11:00
William Mantly
69d3f7dc64 Auto sudoers file (#269)
* added sudoers options to command line arguments

* added sudoers options to command line arguments

* template for sudoers file

* Added option for GUI sudo

* added support for GUI sudo

* script for auto adding sudo file

* sudoers auto add works and validates

* small change

* Clean up for CI

* removed code that belongs in another PR

* added path for package bins

* added sudoers bin

* added sudoers-add to setup file

* fixed issue with sudoers bash script

* auto sudoers now works

* added --sudoers-no-modify option

* bin now works with ./run

* removed debug print

* Updated sudoers-add script

* Fixed error passing sudoers config to script

* more dynamic building of sudoers file

* added option to specify sudoers.d file name

* fixed indent issue

* fixed indent issue

* indent issue

* clean up

* formating

* docs

* fix for flags

* Update usage.rst

* removed shell=true

* cleared CI errors

* cleared CI errors

* removed random

* cleared linter issue

* cleared linter issue

* cleared linter issue

* updated sudoers-add script

* safer temp file

* moved bin directory

* moved bin directory

* removed print

* fixed spacing issue

* sudoers commands must only containe upper case latters
2019-12-13 08:15:31 +11:00
Joseph Barker
23516ebd71 Add option for latency control buffer size
This commit resolves #297, allowing the buffers used in the latency control to be changed with a command line option ‘--latency-buffer-size’.

We do this by changing a module variable in ssnet.py (similar to the MAX_CHANNEL variable) which seems to be the simplest code change without extensive hacking.

Documentation is also updated.
2019-11-08 08:01:52 +11:00
André Draszik
531a17c151 docs: document --ns-hosts --to-ns and update --dns
--ns-hosts is available since commit d2ee34d71c
("dns: Added --ns-hosts to tunnel only some requests")
(released as v0.72), but was never documented.

--to-ns is available since commit be559fc78b
("Fix case where there is no --dns.") after several
bugfixes, released as v0.78.4, but was never
documented.
2018-12-29 15:02:18 +11:00
David Landry
0b1a260436 Fix typo in docs 2018-12-03 14:34:42 +11:00
Todor Gaidarov
efc854c33e Document --version option 2018-11-29 08:02:58 +11:00
Benedikt Waldvogel
cecccc2efd Doc: Fix typo 2018-06-07 07:00:17 +10:00
vieira
d9d61e6ab2 Documentation for loading options from configuration file 2018-01-30 17:08:30 +11:00
João Vieira
c4a41ada09 Adds support for tunneling specific port ranges (#144)
* Adds support for tunneling specific port ranges

This set of changes implements the ability of specifying a port or port
range for an IP or subnet to only tunnel those ports for that subnet.
Also supports excluding a port or port range for a given IP or subnet.

When, for a given subnet, there are intercepting ranges being added and
excluded, the most specific, i.e., smaller range, takes precedence. In
case of a tie the exclusion wins.

For different subnets, the most specific, i.e., largest swidth, takes
precedence independent of any eventual port ranges.

Examples:
Tunnels all traffic to the 188.0.0.0/8 subnet except those to port 443.
```
sshuttle -r <server> 188.0.0.0/8 -x 188.0.0.0/8:443
```

Only tunnels traffic to port 80 of the 188.0.0.0/8 subnet.
```
sshuttle -r <server> 188.0.0.0/8:80
```

Tunnels traffic to the 188.0.0.0/8 subnet and the port range that goes
from 80 to 89.
```
sshuttle -r <server> 188.0.0.0/8:80-89 -x 188.0.0.0/8:80-90
```

* Allow subnets to be specified with domain names

Simplifies the implementation of address parsing by using
socket.getaddrinfo(), which can handle domain resolution, IPv4 and IPv6
addresses. This was proposed and mostly implemented by @DavidBuchanan314
in #146.

Signed-off-by: David Buchanan <DavidBuchanan314@users.noreply.github.com>
Signed-off-by: João Vieira <vieira@yubo.be>

* Also use getaddrinfo for parsing listen addr:port

* Fixes tests for tunneling a port range

* Updates documentation to include port/port range

Adds some examples with subnet:port and subnet:port-port.
Also clarifies the versions of Python supported on the server while
maintaining the recommendation for Python 2.7, 3.5 or later.
Mentions support for pfSense.

* In Py2 only named arguments may follow *expression

Fixes issue in Python 2.7 where *expression may only be followed by
named arguments.

* Use right regex to extract ip4/6, mask and ports

* Tests for parse_subnetport
2017-05-07 13:18:13 +10:00
Dan Lenski
5a20783baa tweak docs to match @vieira's changes 2016-05-02 21:40:53 -07:00
Brian May
0392a779a2 Update usage documentation 2016-01-20 21:19:44 +11:00
Brian May
59865269ac Update documentation
Closes #60.
2016-01-17 18:34:10 +11:00
Brian May
262affe94f Use Sphinx for documentation
See #60
2016-01-17 16:19:13 +11:00