Avery Pennarun
9b23fd2c01
Do non-blocking connect().
...
This way we don't freeze the entire proxy when someone tries to connect to a
nonexistent IP address (oops).
2010-05-02 02:43:10 -04:00
Avery Pennarun
81c89ce9be
Don't bother with a backtrace when we produce certain fatal errors.
...
We'll introduce a new "Fatal" exception for this purpose, and throw it when
we just want to print a user message and abort immediately.
2010-05-02 02:29:23 -04:00
Avery Pennarun
2dd328ada4
Add a -v (and -vv) flag and decrease default message verbosity.
2010-05-02 02:14:20 -04:00
Avery Pennarun
a244b325cb
iptables: add a PREROUTING rule so we can proxy for other machines too.
...
If you run sshuttle on a router, it can handle vpn'ing for all the boxes on
your network.
2010-05-02 02:00:58 -04:00
Avery Pennarun
10069f99e2
Clean up SockWrapper.peername stuff.
...
Some fds don't have peernames, and sometimes the peername isn't very
helpful, so let's fill it in by hand when appropriate.
2010-05-02 01:52:05 -04:00
Avery Pennarun
ea12048418
ssh.py: use 'exec sshuttle' to get rid of the extra sh process.
2010-05-02 01:30:40 -04:00
Avery Pennarun
bfd506dcdc
Improve some debugging information to find the weird data problem.
...
Turns out list.pop() removes the *last* item, not the first one. Oops. It
all works great for queues of only one item... :)
2010-05-02 01:25:09 -04:00
Avery Pennarun
915a96b0ec
We now have a server that works... some of the time.
...
There still seem to be some weird timing and/or closing-related bugs, since
I can't load the eqldata project correctly unless I use --noserver.
2010-05-02 00:52:06 -04:00
Avery Pennarun
d435c41bdb
stdin and stdout have different fds, so make SockWrapper take *two* socks.
...
We'll need this when we have a SockWrapper pointing at a Mux on a subprocess
pipe.
2010-05-01 23:32:30 -04:00
Avery Pennarun
5f0bfb5d9e
Basic implementation of a multiplex protocol - client side only.
...
Currently the 'server' is just a pipe to run 'hd' (hexdump) for looking at
the client-side results. Lame, but true.
2010-05-01 23:14:42 -04:00
Avery Pennarun
9f514d7a15
Smarter listenport selection.
...
Now if we aren't given an explicit port, we always initiate the port search
at 12300 and count upward looking for an available port.
Normally the kernel will assign us a random port, but that's not ideal
in our case because we'd like to use the same port numbers whenever
possible; that avoids piling up crap inside iptables in the (hopefully
unlikely) event that we die without cleaning up correctly.
2010-05-01 21:50:43 -04:00
Avery Pennarun
ad459e2918
iptables.py: completely replace ipt script.
...
Doing it in python instead of shell makes the code a bit less error prone.
Plus we can parse the iptables output and avoid triggering iptables errors.
2010-05-01 21:34:05 -04:00
Avery Pennarun
8278dcfb5d
Parse options correctly; call ./ipt automatically.
2010-05-01 21:14:19 -04:00
Avery Pennarun
550048370e
Move some code that'll be useful for the server into ssnet.py.
2010-05-01 20:48:11 -04:00
Avery Pennarun
3766d4d506
Don't "import * from socket".
2010-05-01 20:26:16 -04:00
Avery Pennarun
651b945299
Prevent loopbacks caused by telnetting to the transproxy port directly.
2010-05-01 20:20:54 -04:00
Avery Pennarun
dc643ccdc4
Clean up log messages slightly.
2010-05-01 20:14:17 -04:00
Avery Pennarun
72ed385b7f
Really basic transproxying on localhost.
...
When regenerating outgoing connections, we set TTL=42 to prevent re-proxying
of requests. That's a little hacky, but at least it avoids infinite loops.
2010-05-01 20:03:50 -04:00
Avery Pennarun
a818105dfe
client now listens on a socket and gets SO_ORIGINAL_DST correctly.
2010-05-01 18:03:45 -04:00
Avery Pennarun
f84b87d7eb
ipt: example script for how to set up an iptables transproxy.
2010-05-01 17:15:18 -04:00
Avery Pennarun
2f3c86e962
Initial commit.
...
Importing options.py, ssh.py, and LICENSE from the bup project.
2010-05-01 16:15:37 -04:00