MacOS precompiled app package for sshuttle-0.61

MacOS precompiled app package for sshuttle-0.60
MacOS precompiled app package for sshuttle-0.53
2025-07-05 17:20:35 +02:00 · 2012-07-06 16:26:45 -04:00 · 2012-01-08 19:16:05 -05:00 · 2011-05-03 14:22:54 -07:00 · 2011-03-20 04:13:09 -07:00
28 changed files with 340 additions and 243 deletions
--- a/VPN.app/Contents/MacOS/Sshuttle
+++ b/VPN.app/Contents/MacOS/Sshuttle
--- a/VPN.app/Contents/Resources/English.lproj/MainMenu.nib
+++ b/VPN.app/Contents/Resources/English.lproj/MainMenu.nib
--- a/VPN.app/Contents/Resources/askpass.pyc
+++ b/VPN.app/Contents/Resources/askpass.pyc
--- a/VPN.app/Contents/Resources/main.py
+++ b/VPN.app/Contents/Resources/main.py
@ -78,6 +78,11 @@ class Runner:
            if pid == self.pid:
                if os.WIFEXITED(code):
                    self.rv = os.WEXITSTATUS(code)
                    if self.rv == 111:
                        NSRunAlertPanel('Sshuttle',
                            'Please restart your computer to finish '
                            'installing Sshuttle.',
                            'Restart Later', None, None)
                else:
                    self.rv = -os.WSTOPSIG(code)
                self.serverobj.setConnected_(False)
@ -87,7 +92,10 @@ class Runner:
        return self.rv
    def wait(self):
-        return self._try_wait(0)
+        rv = None
        while rv is None:
            self.gotdata(None)
            rv = self._try_wait(os.WNOHANG)
    def poll(self):
        return self._try_wait(os.WNOHANG)
--- a/VPN.app/Contents/Resources/models.py
+++ b/VPN.app/Contents/Resources/models.py
@ -3,6 +3,7 @@ import my
 configchange_callback = setconnect_callback = None
 objc_validator = objc.signature('@@:N^@o^@')
 def config_changed():
@ -39,7 +40,7 @@ class SshuttleNet(NSObject):
    def setSubnet_(self, v):
        self._k_subnet = v
        config_changed()
-    @objc.accessor
+    @objc_validator
    def validateSubnet_error_(self, value, error):
        #print 'validateSubnet!'
        return True, _validate_ip(value), error
@ -49,7 +50,7 @@ class SshuttleNet(NSObject):
    def setWidth_(self, v):
        self._k_width = v
        config_changed()
-    @objc.accessor
+    @objc_validator
    def validateWidth_error_(self, value, error):
        #print 'validateWidth!'
        return True, _validate_width(value), error
@ -118,7 +119,7 @@ class SshuttleServer(NSObject):
        self._k_host = v
        self.setTitle_(None)
        config_changed()
-    @objc.accessor
+    @objc_validator
    def validateHost_error_(self, value, error):
        #print 'validatehost! %r %r %r' % (self, value, error)
        while value.startswith('-'):
--- a/VPN.app/Contents/Resources/models.pyc
+++ b/VPN.app/Contents/Resources/models.pyc
--- a/VPN.app/Contents/Resources/my.pyc
+++ b/VPN.app/Contents/Resources/my.pyc
--- a/VPN.app/Contents/Resources/sshuttle/client.py
+++ b/VPN.app/Contents/Resources/sshuttle/client.py
@ -102,7 +102,7 @@ class FirewallClient:
        self.subnets_include = subnets_include
        self.subnets_exclude = subnets_exclude
        self.dnsport = dnsport
-        argvbase = ([sys.argv[0]] +
+        argvbase = ([sys.argv[1], sys.argv[0], sys.argv[1]] +
                    ['-v'] * (helpers.verbose or 0) +
                    ['--firewall', str(port), str(dnsport)])
        if ssyslog._p:
@ -171,10 +171,71 @@ class FirewallClient:
    def done(self):
        self.pfile.close()
        rv = self.p.wait()
-        if rv:
+        if rv == EXITCODE_NEEDS_REBOOT:
            raise FatalNeedsReboot()
        elif rv:
            raise Fatal('cleanup: %r returned %d' % (self.argv, rv))
 def onaccept(listener, mux, handlers):
    global _extra_fd
    try:
        sock,srcip = listener.accept()
    except socket.error, e:
        if e.args[0] in [errno.EMFILE, errno.ENFILE]:
            debug1('Rejected incoming connection: too many open files!\n')
            # free up an fd so we can eat the connection
            os.close(_extra_fd)
            try:
                sock,srcip = listener.accept()
                sock.close()
            finally:
                _extra_fd = os.open('/dev/null', os.O_RDONLY)
            return
        else:
            raise
    dstip = original_dst(sock)
    debug1('Accept: %s:%r -> %s:%r.\n' % (srcip[0],srcip[1],
                                          dstip[0],dstip[1]))
    if dstip[1] == listener.getsockname()[1] and islocal(dstip[0]):
        debug1("-- ignored: that's my address!\n")
        sock.close()
        return
    chan = mux.next_channel()
    if not chan:
        log('warning: too many open channels.  Discarded connection.\n')
        sock.close()
        return
    mux.send(chan, ssnet.CMD_CONNECT, '%s,%s' % dstip)
    outwrap = MuxWrapper(mux, chan)
    handlers.append(Proxy(SockWrapper(sock, sock), outwrap))
 dnsreqs = {}
 def dns_done(chan, data):
    peer,sock,timeout = dnsreqs.get(chan) or (None,None,None)
    debug3('dns_done: channel=%r peer=%r\n' % (chan, peer))
    if peer:
        del dnsreqs[chan]
        debug3('doing sendto %r\n' % (peer,))
        sock.sendto(data, peer)
 def ondns(listener, mux, handlers):
    pkt,peer = listener.recvfrom(4096)
    now = time.time()
    if pkt:
        debug1('DNS request from %r: %d bytes\n' % (peer, len(pkt)))
        chan = mux.next_channel()
        dnsreqs[chan] = peer,listener,now+30
        mux.send(chan, ssnet.CMD_DNS_REQ, pkt)
        mux.channels[chan] = lambda cmd,data: dns_done(chan,data)
    for chan,(peer,sock,timeout) in dnsreqs.items():
        if timeout < now:
            del dnsreqs[chan]
    debug3('Remaining DNS requests: %d\n' % len(dnsreqs))
 def _main(listener, fw, ssh_cmd, remotename, python, latency_control,
          dnslistener, seed_hosts, auto_nets,
          syslog, daemon):
@ -198,7 +259,14 @@ def _main(listener, fw, ssh_cmd, remotename, python, latency_control,
    handlers.append(mux)
    expected = 'SSHUTTLE0001'
    try:
        v = 'x'
        while v and v != '\0':
            v = serversock.recv(1)
        v = 'x'
        while v and v != '\0':
            v = serversock.recv(1)
        initstring = serversock.recv(len(expected))
    except socket.error, e:
        if e.args[0] == errno.ECONNRESET:
@ -248,63 +316,10 @@ def _main(listener, fw, ssh_cmd, remotename, python, latency_control,
                fw.sethostip(name, ip)
    mux.got_host_list = onhostlist
-    def onaccept():
+    handlers.append(Handler([listener], lambda: onaccept(listener, mux, handlers)))
        global _extra_fd
        try:
            sock,srcip = listener.accept()
        except socket.error, e:
            if e.args[0] in [errno.EMFILE, errno.ENFILE]:
                debug1('Rejected incoming connection: too many open files!\n')
                # free up an fd so we can eat the connection
                os.close(_extra_fd)
                try:
                    sock,srcip = listener.accept()
                    sock.close()
                finally:
                    _extra_fd = os.open('/dev/null', os.O_RDONLY)
                return
            else:
                raise
        dstip = original_dst(sock)
        debug1('Accept: %s:%r -> %s:%r.\n' % (srcip[0],srcip[1],
                                              dstip[0],dstip[1]))
        if dstip[1] == listener.getsockname()[1] and islocal(dstip[0]):
            debug1("-- ignored: that's my address!\n")
            sock.close()
            return
        chan = mux.next_channel()
        if not chan:
            log('warning: too many open channels.  Discarded connection.\n')
            sock.close()
            return
        mux.send(chan, ssnet.CMD_CONNECT, '%s,%s' % dstip)
        outwrap = MuxWrapper(mux, chan)
        handlers.append(Proxy(SockWrapper(sock, sock), outwrap))
    handlers.append(Handler([listener], onaccept))
    dnsreqs = {}
    def dns_done(chan, data):
        peer,timeout = dnsreqs.get(chan) or (None,None)
        debug3('dns_done: channel=%r peer=%r\n' % (chan, peer))
        if peer:
            del dnsreqs[chan]
            debug3('doing sendto %r\n' % (peer,))
            dnslistener.sendto(data, peer)
    def ondns():
        pkt,peer = dnslistener.recvfrom(4096)
        now = time.time()
        if pkt:
            debug1('DNS request from %r: %d bytes\n' % (peer, len(pkt)))
            chan = mux.next_channel()
            dnsreqs[chan] = peer,now+30
            mux.send(chan, ssnet.CMD_DNS_REQ, pkt)
            mux.channels[chan] = lambda cmd,data: dns_done(chan,data)
        for chan,(peer,timeout) in dnsreqs.items():
            if timeout < now:
                del dnsreqs[chan]
        debug3('Remaining DNS requests: %d\n' % len(dnsreqs))
    if dnslistener:
-        handlers.append(Handler([dnslistener], ondns))
+        handlers.append(Handler([dnslistener], lambda: ondns(dnslistener, mux, handlers)))
    if seed_hosts != None:
        debug1('seed_hosts: %r\n' % seed_hosts)
--- a/VPN.app/Contents/Resources/sshuttle/client.pyc
+++ b/VPN.app/Contents/Resources/sshuttle/client.pyc
--- a/VPN.app/Contents/Resources/sshuttle/compat/init.pyc
+++ b/VPN.app/Contents/Resources/sshuttle/compat/init.pyc
--- a/VPN.app/Contents/Resources/sshuttle/compat/ssubprocess.pyc
+++ b/VPN.app/Contents/Resources/sshuttle/compat/ssubprocess.pyc
--- a/VPN.app/Contents/Resources/sshuttle/firewall.py
+++ b/VPN.app/Contents/Resources/sshuttle/firewall.py
@ -1,4 +1,4 @@
-import re, errno, socket, select, struct
+import re, errno, socket, select, signal, struct
 import compat.ssubprocess as ssubprocess
 import helpers, ssyslog
 from helpers import *
@ -6,6 +6,27 @@ from helpers import *
 # python doesn't have a definition for this
 IPPROTO_DIVERT = 254
 # return values from sysctl_set
 SUCCESS = 0
 SAME = 1
 FAILED = -1
 NONEXIST = -2
 def nonfatal(func, *args):
    try:
        func(*args)
    except Fatal, e:
        log('error: %s\n' % e)
 def _call(argv):
    debug1('>> %s\n' % ' '.join(argv))
    rv = ssubprocess.call(argv)
    if rv:
        raise Fatal('%r returned %d' % (argv, rv))
    return rv
 def ipt_chain_exists(name):
    argv = ['iptables', '-t', 'nat', '-nL']
@ -20,10 +41,7 @@ def ipt_chain_exists(name):
 def ipt(*args):
    argv = ['iptables', '-t', 'nat'] + list(args)
-    debug1('>> %s\n' % ' '.join(argv))
+    _call(argv)
    rv = ssubprocess.call(argv)
    if rv:
        raise Fatal('%r returned %d' % (argv, rv))
 _no_ttl_module = False
@ -57,9 +75,9 @@ def do_iptables(port, dnsport, subnets):
    # basic cleanup/setup of chains
    if ipt_chain_exists(chain):
-        ipt('-D', 'OUTPUT', '-j', chain)
+        nonfatal(ipt, '-D', 'OUTPUT', '-j', chain)
-        ipt('-D', 'PREROUTING', '-j', chain)
+        nonfatal(ipt, '-D', 'PREROUTING', '-j', chain)
-        ipt('-F', chain)
+        nonfatal(ipt, '-F', chain)
        ipt('-X', chain)
    if subnets or dnsport:
@ -128,6 +146,42 @@ def _fill_oldctls(prefix):
        raise Fatal('%r returned no data' % (argv,))
 KERNEL_FLAGS_PATH = '/Library/Preferences/SystemConfiguration/com.apple.Boot'
 KERNEL_FLAGS_NAME = 'Kernel Flags'
 def _defaults_read_kernel_flags():
    argv = ['defaults', 'read', KERNEL_FLAGS_PATH, KERNEL_FLAGS_NAME]
    debug1('>> %s\n' % ' '.join(argv))
    p = ssubprocess.Popen(argv, stdout = ssubprocess.PIPE)
    flagstr = p.stdout.read().strip()
    rv = p.wait()
    if rv:
        raise Fatal('%r returned %d' % (argv, rv))
    flags = flagstr and flagstr.split(' ') or []
    return flags
 def _defaults_write_kernel_flags(flags):
    flagstr = ' '.join(flags)
    argv = ['defaults', 'write', KERNEL_FLAGS_PATH, KERNEL_FLAGS_NAME,
            flagstr]
    _call(argv)
    argv = ['plutil', '-convert', 'xml1', KERNEL_FLAGS_PATH + '.plist']
    _call(argv)
 def defaults_write_kernel_flag(name, val):
    flags = _defaults_read_kernel_flags()
    found = 0
    for i in range(len(flags)):
        if flags[i].startswith('%s=' % name):
            found += 1
            flags[i] = '%s=%s' % (name, val)
    if not found:
        flags.insert(0, '%s=%s' % (name, val))
    _defaults_write_kernel_flags(flags)
 def _sysctl_set(name, val):
    argv = ['sysctl', '-w', '%s=%s' % (name, val)]
    debug1('>> %s\n' % ' '.join(argv))
@ -143,11 +197,15 @@ def sysctl_set(name, val, permanent=False):
        _fill_oldctls(PREFIX)
    if not (name in _oldctls):
        debug1('>> No such sysctl: %r\n' % name)
-        return
+        return NONEXIST
    oldval = _oldctls[name]
-    if val != oldval:
+    if val == oldval:
        return SAME
    rv = _sysctl_set(name, val)
-        if rv==0 and permanent:
+    if rv != 0:
        return FAILED
    if permanent:
        debug1('>>   ...saving permanently in /etc/sysctl.conf\n')
        f = open('/etc/sysctl.conf', 'a')
        f.write('\n'
@ -156,6 +214,7 @@ def sysctl_set(name, val, permanent=False):
        f.close()
    else:
        _changedctls.append(name)
    return SUCCESS
 def _udp_unpack(p):
@ -193,10 +252,7 @@ def _handle_diversion(divertsock, dnsport):
 def ipfw(*args):
    argv = ['ipfw', '-q'] + list(args)
-    debug1('>> %s\n' % ' '.join(argv))
+    _call(argv)
    rv = ssubprocess.call(argv)
    if rv:
        raise Fatal('%r returned %d' % (argv, rv))
 def do_ipfw(port, dnsport, subnets):
@ -214,7 +270,39 @@ def do_ipfw(port, dnsport, subnets):
    if subnets or dnsport:
        sysctl_set('net.inet.ip.fw.enable', 1)
-        sysctl_set('net.inet.ip.scopedroute', 0, permanent=True)
+
        # This seems to be needed on MacOS 10.6 and 10.7.  For more
        # information, see:
        #   http://groups.google.com/group/sshuttle/browse_thread/thread/bc32562e17987b25/6d3aa2bb30a1edab
        # and
        #   http://serverfault.com/questions/138622/transparent-proxying-leaves-sockets-with-syn-rcvd-in-macos-x-10-6-snow-leopard
        changeflag = sysctl_set('net.inet.ip.scopedroute', 0, permanent=True)
        if changeflag == SUCCESS:
            log("\n"
                "        WARNING: ONE-TIME NETWORK DISRUPTION:\n"
                "        =====================================\n"
                "sshuttle has changed a MacOS kernel setting to work around\n"
                "a bug in MacOS 10.6.  This will cause your network to drop\n"
                "within 5-10 minutes unless you restart your network\n"
                "interface (change wireless networks or unplug/plug the\n"
                "ethernet port) NOW, then restart sshuttle.  The fix is\n"
                "permanent; you only have to do this once.\n\n")
            sys.exit(1)
        elif changeflag == FAILED:
            # On MacOS 10.7, the scopedroute sysctl became read-only, so
            # we have to fix it using a kernel boot parameter instead,
            # which requires rebooting.  For more, see:
            #   http://groups.google.com/group/sshuttle/browse_thread/thread/a42505ca33e1de80/e5e8f3e5a92d25f7
            log('Updating kernel boot flags.\n')
            defaults_write_kernel_flag('net.inet.ip.scopedroute', 0)
            log("\n"
                "        YOU MUST REBOOT TO USE SSHUTTLE\n"
                "        ===============================\n"
                "sshuttle has changed a MacOS kernel boot-time setting\n"
                "to work around a bug in MacOS 10.7 Lion.  You will need\n"
                "to reboot before it takes effect.  You only have to\n"
                "do this once.\n\n")
            sys.exit(EXITCODE_NEEDS_REBOOT)
        ipfw('add', sport, 'check-state', 'ip',
             'from', 'any', 'to', 'any')
@ -224,11 +312,11 @@ def do_ipfw(port, dnsport, subnets):
        for swidth,sexclude,snet in sorted(subnets, reverse=True):
            if sexclude:
                ipfw('add', sport, 'skipto', xsport,
-                     'log', 'tcp',
+                     'tcp',
                     'from', 'any', 'to', '%s/%s' % (snet,swidth))
            else:
                ipfw('add', sport, 'fwd', '127.0.0.1,%d' % port,
-                     'log', 'tcp',
+                     'tcp',
                     'from', 'any', 'to', '%s/%s' % (snet,swidth),
                     'not', 'ipttl', '42', 'keep-state', 'setup')
@ -270,12 +358,12 @@ def do_ipfw(port, dnsport, subnets):
        for ip in nslist:
            # relabel and then catch outgoing DNS requests
            ipfw('add', sport, 'divert', sport,
-                 'log', 'udp',
+                 'udp',
                 'from', 'any', 'to', '%s/32' % ip, '53',
                 'not', 'ipttl', '42')
        # relabel DNS responses
        ipfw('add', sport, 'divert', sport,
-             'log', 'udp',
+             'udp',
             'from', 'any', str(dnsport), 'to', 'any',
             'not', 'ipttl', '42')
@ -379,6 +467,13 @@ def main(port, dnsport, syslog):
    sys.stdout.write('READY\n')
    sys.stdout.flush()
    # don't disappear if our controlling terminal or stdout/stderr
    # disappears; we still have to clean up.
    signal.signal(signal.SIGHUP, signal.SIG_IGN)
    signal.signal(signal.SIGPIPE, signal.SIG_IGN)
    signal.signal(signal.SIGTERM, signal.SIG_IGN)
    signal.signal(signal.SIGINT, signal.SIG_IGN)
    # ctrl-c shouldn't be passed along to me.  When the main sshuttle dies,
    # I'll die automatically.
    os.setsid()
--- a/VPN.app/Contents/Resources/sshuttle/firewall.pyc
+++ b/VPN.app/Contents/Resources/sshuttle/firewall.pyc
--- a/VPN.app/Contents/Resources/sshuttle/helpers.py
+++ b/VPN.app/Contents/Resources/sshuttle/helpers.py
@ -1,4 +1,4 @@
-import sys, os, socket
+import sys, os, socket, errno
 logprefix = ''
 verbose = 0
@ -30,6 +30,11 @@ class Fatal(Exception):
    pass
 EXITCODE_NEEDS_REBOOT = 111
 class FatalNeedsReboot(Fatal):
    pass
 def list_contains_any(l, sub):
    for i in sub:
        if i in l:
--- a/VPN.app/Contents/Resources/sshuttle/helpers.pyc
+++ b/VPN.app/Contents/Resources/sshuttle/helpers.pyc
--- a/VPN.app/Contents/Resources/sshuttle/hostwatch.py
+++ b/VPN.app/Contents/Resources/sshuttle/hostwatch.py
@ -13,7 +13,11 @@ _nmb_ok = True
 _smb_ok = True
 hostnames = {}
 queue = {}
-null = open('/dev/null', 'rb+')
+try:
    null = open('/dev/null', 'wb')
 except IOError, e:
    log('warning: %s\n' % e)
    null = os.popen("sh -c 'while read x; do :; done'", 'wb', 4096)
 def _is_ip(s):
--- a/VPN.app/Contents/Resources/sshuttle/hostwatch.pyc
+++ b/VPN.app/Contents/Resources/sshuttle/hostwatch.pyc
--- a/VPN.app/Contents/Resources/sshuttle/main.py
+++ b/VPN.app/Contents/Resources/sshuttle/main.py
@ -1,4 +1,3 @@
 #!/usr/bin/env python
 import sys, os, re
 import helpers, options, client, server, firewall, hostwatch
 import compat.ssubprocess as ssubprocess
@ -55,15 +54,17 @@ l,listen=  transproxy to this ip address and port number [127.0.0.1:0]
 H,auto-hosts scan for remote hostnames and update local /etc/hosts
 N,auto-nets  automatically determine subnets to route
 dns        capture local DNS requests and forward to the remote DNS server
-python=    path to python interpreter on the remote server [python]
+python=    path to python interpreter on the remote server
 r,remote=  ssh hostname (and optional username) of remote sshuttle server
 x,exclude= exclude this subnet (can be used more than once)
 exclude-from=  exclude the subnets in a file (whitespace separated)
 v,verbose  increase debug message verbosity
 e,ssh-cmd= the command to use to connect to the remote [ssh]
 seed-hosts= with -H, use these hostnames for initial scan (comma-separated)
 no-latency-control  sacrifice latency to improve bandwidth benchmarks
 wrap=      restart counting channel numbers after this number (for testing)
 D,daemon   run in the background as a daemon
 V,version  print sshuttle's version number
 syslog     send log messages to syslog (default if you use --daemon)
 pidfile=   pidfile name (only if using --daemon) [./sshuttle.pid]
 server     (internal use only)
@ -71,8 +72,12 @@ firewall   (internal use only)
 hostwatch  (internal use only)
 """
 o = options.Options(optspec)
-(opt, flags, extra) = o.parse(sys.argv[1:])
+(opt, flags, extra) = o.parse(sys.argv[2:])
 if opt.version:
    import version
    print version.TAG
    sys.exit(0)
 if opt.daemon:
    opt.syslog = 1
 if opt.wrap:
@ -100,6 +105,8 @@ try:
        for k,v in flags:
            if k in ('-x','--exclude'):
                excludes.append(v)
            if k in ('-X', '--exclude-from'):
                excludes += open(v).read().split()
        remotename = opt.remote
        if remotename == '' or remotename == '-':
            remotename = None
@ -122,6 +129,9 @@ try:
                             parse_subnets(includes),
                             parse_subnets(excludes),
                             opt.syslog, opt.daemon, opt.pidfile))
 except FatalNeedsReboot, e:
    log('You must reboot before using sshuttle.\n')
    sys.exit(EXITCODE_NEEDS_REBOOT)
 except Fatal, e:
    log('fatal: %s\n' % e)
    sys.exit(99)
--- a/VPN.app/Contents/Resources/sshuttle/options.pyc
+++ b/VPN.app/Contents/Resources/sshuttle/options.pyc
--- a/VPN.app/Contents/Resources/sshuttle/server.py
+++ b/VPN.app/Contents/Resources/sshuttle/server.py
@ -43,7 +43,12 @@ def _maskbits(netmask):
 def _shl(n, bits):
-    return n * int(2**bits)
+    # we use our own implementation of left-shift because
    # results may be different between older and newer versions
    # of python for numbers like 1<<32.  We use long() because
    # int(2**32) doesn't work in older python, which has limited
    # int sizes.
    return n * long(2**bits)
 def _list_routes():
@ -68,9 +73,11 @@ def _list_routes():
 def list_routes():
    l = []
    for (ip,width) in _list_routes():
        if not ip.startswith('0.') and not ip.startswith('127.'):
-            yield (ip,width)
+            l.append((ip,width))
    return l
 def _exc_dump():
@ -110,16 +117,51 @@ class DnsProxy(Handler):
    def __init__(self, mux, chan, request):
        sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
        Handler.__init__(self, [sock])
        self.sock = sock
        self.timeout = time.time()+30
        self.mux = mux
        self.chan = chan
        self.tries = 0
        self.peer = None
        self.request = request
        self.sock = sock
        self.sock.setsockopt(socket.SOL_IP, socket.IP_TTL, 42)
-        self.sock.connect((resolvconf_random_nameserver(), 53))
+        self.try_send()
-        self.sock.send(request)
+
    def try_send(self):
        if self.tries >= 3:
            return
        self.tries += 1
        self.peer = resolvconf_random_nameserver()
        self.sock.connect((self.peer, 53))
        debug2('DNS: sending to %r\n' % self.peer)
        try:
            self.sock.send(self.request)
        except socket.error, e:
            if e.args[0] in ssnet.NET_ERRS:
                # might have been spurious; try again.
                # Note: these errors sometimes are reported by recv(),
                # and sometimes by send().  We have to catch both.
                debug2('DNS send to %r: %s\n' % (self.peer, e))
                self.try_send()
                return
            else:
                log('DNS send to %r: %s\n' % (self.peer, e))
                return
    def callback(self):
        try:
            data = self.sock.recv(4096)
        except socket.error, e:
            if e.args[0] in ssnet.NET_ERRS:
                # might have been spurious; try again.
                # Note: these errors sometimes are reported by recv(),
                # and sometimes by send().  We have to catch both.
                debug2('DNS recv from %r: %s\n' % (self.peer, e))
                self.try_send()
                return
            else:
                log('DNS recv from %r: %s\n' % (self.peer, e))
                return
        debug2('DNS response: %d bytes\n' % len(data))
        self.mux.send(self.chan, ssnet.CMD_DNS_RESPONSE, data)
        self.ok = False
@ -138,7 +180,7 @@ def main():
        debug1('  %s/%d\n' % r)
    # synchronization header
-    sys.stdout.write('SSHUTTLE0001')
+    sys.stdout.write('\0\0SSHUTTLE0001')
    sys.stdout.flush()
    handlers = []
--- a/VPN.app/Contents/Resources/sshuttle/server.pyc
+++ b/VPN.app/Contents/Resources/sshuttle/server.pyc
--- a/VPN.app/Contents/Resources/sshuttle/ssh.py
+++ b/VPN.app/Contents/Resources/sshuttle/ssh.py
@ -73,16 +73,23 @@ def connect(ssh_cmd, rhostport, python, stderr, options):
    if not rhost:
-        argv = [python, '-c', pyscript]
+        # ignore the --python argument when running locally; we already know
        # which python version works.
        argv = [sys.argv[1], '-c', pyscript]
    else:
        if ssh_cmd:
            sshl = ssh_cmd.split(' ')
        else:
            sshl = ['ssh']
        if python:
            pycmd = "'%s' -c '%s'" % (python, pyscript)
        else:
            pycmd = ("P=python2; $P -V 2>/dev/null || P=python; "
                     "exec \"$P\" -c '%s'") % pyscript
        argv = (sshl + 
                portl + 
                ipv6flag + 
-                [rhost, '--', "'%s' -c '%s'" % (python, pyscript)])
+                [rhost, '--', pycmd])
    (s1,s2) = socket.socketpair()
    def setup():
        # runs in the child process
--- a/VPN.app/Contents/Resources/sshuttle/ssh.pyc
+++ b/VPN.app/Contents/Resources/sshuttle/ssh.pyc
--- a/VPN.app/Contents/Resources/sshuttle/sshuttle
+++ b/VPN.app/Contents/Resources/sshuttle/sshuttle
@ -1,131 +1,12 @@
-#!/usr/bin/env python
+#!/bin/sh
-import sys, os, re
+EXE=$0
-import helpers, options, client, server, firewall, hostwatch
+for i in 1 2 3 4 5 6 7 8 9 10; do
-import compat.ssubprocess as ssubprocess
+	[ -L "$EXE" ] || break
-from helpers import *
+	EXE=$(readlink "$EXE")
-
+done
-
+DIR=$(dirname "$EXE")
-# list of:
+if python2 -V 2>/dev/null; then
-# 1.2.3.4/5 or just 1.2.3.4
+	exec python2 "$DIR/main.py" python2 "$@"
-def parse_subnets(subnets_str):
+else
-    subnets = []
+	exec python "$DIR/main.py" python "$@"
-    for s in subnets_str:
+fi
        m = re.match(r'(\d+)(?:\.(\d+)\.(\d+)\.(\d+))?(?:/(\d+))?$', s)
        if not m:
            raise Fatal('%r is not a valid IP subnet format' % s)
        (a,b,c,d,width) = m.groups()
        (a,b,c,d) = (int(a or 0), int(b or 0), int(c or 0), int(d or 0))
        if width == None:
            width = 32
        else:
            width = int(width)
        if a > 255 or b > 255 or c > 255 or d > 255:
            raise Fatal('%d.%d.%d.%d has numbers > 255' % (a,b,c,d))
        if width > 32:
            raise Fatal('*/%d is greater than the maximum of 32' % width)
        subnets.append(('%d.%d.%d.%d' % (a,b,c,d), width))
    return subnets
 # 1.2.3.4:567 or just 1.2.3.4 or just 567
 def parse_ipport(s):
    s = str(s)
    m = re.match(r'(?:(\d+)\.(\d+)\.(\d+)\.(\d+))?(?::)?(?:(\d+))?$', s)
    if not m:
        raise Fatal('%r is not a valid IP:port format' % s)
    (a,b,c,d,port) = m.groups()
    (a,b,c,d,port) = (int(a or 0), int(b or 0), int(c or 0), int(d or 0),
                      int(port or 0))
    if a > 255 or b > 255 or c > 255 or d > 255:
        raise Fatal('%d.%d.%d.%d has numbers > 255' % (a,b,c,d))
    if port > 65535:
        raise Fatal('*:%d is greater than the maximum of 65535' % port)
    if a == None:
        a = b = c = d = 0
    return ('%d.%d.%d.%d' % (a,b,c,d), port)
 optspec = """
 sshuttle [-l [ip:]port] [-r [username@]sshserver[:port]] <subnets...>
 sshuttle --server
 sshuttle --firewall <port> <subnets...>
 sshuttle --hostwatch
 --
 l,listen=  transproxy to this ip address and port number [127.0.0.1:0]
 H,auto-hosts scan for remote hostnames and update local /etc/hosts
 N,auto-nets  automatically determine subnets to route
 dns        capture local DNS requests and forward to the remote DNS server
 python=    path to python interpreter on the remote server [python]
 r,remote=  ssh hostname (and optional username) of remote sshuttle server
 x,exclude= exclude this subnet (can be used more than once)
 v,verbose  increase debug message verbosity
 e,ssh-cmd= the command to use to connect to the remote [ssh]
 seed-hosts= with -H, use these hostnames for initial scan (comma-separated)
 no-latency-control  sacrifice latency to improve bandwidth benchmarks
 wrap=      restart counting channel numbers after this number (for testing)
 D,daemon   run in the background as a daemon
 syslog     send log messages to syslog (default if you use --daemon)
 pidfile=   pidfile name (only if using --daemon) [./sshuttle.pid]
 server     (internal use only)
 firewall   (internal use only)
 hostwatch  (internal use only)
 """
 o = options.Options(optspec)
 (opt, flags, extra) = o.parse(sys.argv[1:])
 if opt.daemon:
    opt.syslog = 1
 if opt.wrap:
    import ssnet
    ssnet.MAX_CHANNEL = int(opt.wrap)
 helpers.verbose = opt.verbose
 try:
    if opt.server:
        if len(extra) != 0:
            o.fatal('no arguments expected')
        server.latency_control = opt.latency_control
        sys.exit(server.main())
    elif opt.firewall:
        if len(extra) != 2:
            o.fatal('exactly two arguments expected')
        sys.exit(firewall.main(int(extra[0]), int(extra[1]), opt.syslog))
    elif opt.hostwatch:
        sys.exit(hostwatch.hw_main(extra))
    else:
        if len(extra) < 1 and not opt.auto_nets:
            o.fatal('at least one subnet (or -N) expected')
        includes = extra
        excludes = ['127.0.0.0/8']
        for k,v in flags:
            if k in ('-x','--exclude'):
                excludes.append(v)
        remotename = opt.remote
        if remotename == '' or remotename == '-':
            remotename = None
        if opt.seed_hosts and not opt.auto_hosts:
            o.fatal('--seed-hosts only works if you also use -H')
        if opt.seed_hosts:
            sh = re.split(r'[\s,]+', (opt.seed_hosts or "").strip())
        elif opt.auto_hosts:
            sh = []
        else:
            sh = None
        sys.exit(client.main(parse_ipport(opt.listen or '0.0.0.0:0'),
                             opt.ssh_cmd,
                             remotename,
                             opt.python,
                             opt.latency_control,
                             opt.dns,
                             sh,
                             opt.auto_nets,
                             parse_subnets(includes),
                             parse_subnets(excludes),
                             opt.syslog, opt.daemon, opt.pidfile))
 except Fatal, e:
    log('fatal: %s\n' % e)
    sys.exit(99)
 except KeyboardInterrupt:
    log('\n')
    log('Keyboard interrupt: exiting.\n')
    sys.exit(1)
--- a/VPN.app/Contents/Resources/sshuttle/ssnet.py
+++ b/VPN.app/Contents/Resources/sshuttle/ssnet.py
@ -42,6 +42,10 @@ cmd_to_name = {
 }
 NET_ERRS = [errno.ECONNREFUSED, errno.ETIMEDOUT,
            errno.EHOSTUNREACH, errno.ENETUNREACH,
            errno.EHOSTDOWN, errno.ENETDOWN]
 def _add(l, elem):
    if not elem in l:
@ -86,7 +90,7 @@ class SockWrapper:
    def __init__(self, rsock, wsock, connect_to=None, peername=None):
        global _swcount
        _swcount += 1
-        debug3('creating new SockWrapper (%d now exist\n)' % _swcount)
+        debug3('creating new SockWrapper (%d now exist)\n' % _swcount)
        self.exc = None
        self.rsock = rsock
        self.wsock = wsock
@ -101,7 +105,7 @@ class SockWrapper:
        _swcount -= 1
        debug1('%r: deleting (%d remain)\n' % (self, _swcount))
        if self.exc:
-            debug1('%r: error was: %r\n' % (self, self.exc))
+            debug1('%r: error was: %s\n' % (self, self.exc))
    def __repr__(self):
        if self.rsock == self.wsock:
@ -124,20 +128,45 @@ class SockWrapper:
            return  # already connected
        self.rsock.setblocking(False)
        debug3('%r: trying connect to %r\n' % (self, self.connect_to))
        if socket.inet_aton(self.connect_to[0])[0] == '\0':
            self.seterr(Exception("Can't connect to %r: "
                                  "IP address starts with zero\n"
                                  % (self.connect_to,)))
            self.connect_to = None
            return
        try:
            self.rsock.connect(self.connect_to)
            # connected successfully (Linux)
            self.connect_to = None
        except socket.error, e:
-            debug3('%r: connect result: %r\n' % (self, e))
+            debug3('%r: connect result: %s\n' % (self, e))
            if e.args[0] == errno.EINVAL:
                # this is what happens when you call connect() on a socket
                # that is now connected but returned EINPROGRESS last time,
                # on BSD, on python pre-2.5.1.  We need to use getsockopt()
                # to get the "real" error.  Later pythons do this
                # automatically, so this code won't run.
                realerr = self.rsock.getsockopt(socket.SOL_SOCKET,
                                                socket.SO_ERROR)
                e = socket.error(realerr, os.strerror(realerr))
                debug3('%r: fixed connect result: %s\n' % (self, e))
            if e.args[0] in [errno.EINPROGRESS, errno.EALREADY]:
                pass  # not connected yet
            elif e.args[0] == 0:
                # connected successfully (weird Linux bug?)
                # Sometimes Linux seems to return EINVAL when it isn't
                # invalid.  This *may* be caused by a race condition
                # between connect() and getsockopt(SO_ERROR) (ie. it
                # finishes connecting in between the two, so there is no
                # longer an error).  However, I'm not sure of that.
                #
                # I did get at least one report that the problem went away
                # when we added this, however.
                self.connect_to = None
            elif e.args[0] == errno.EISCONN:
                # connected successfully (BSD)
                self.connect_to = None
-            elif e.args[0] in [errno.ECONNREFUSED, errno.ETIMEDOUT,
+            elif e.args[0] in NET_ERRS + [errno.EACCES, errno.EPERM]:
                               errno.EHOSTUNREACH, errno.ENETUNREACH,
                               errno.EACCES, errno.EPERM]:
                # a "normal" kind of error
                self.connect_to = None
                self.seterr(e)
--- a/VPN.app/Contents/Resources/sshuttle/ssnet.pyc
+++ b/VPN.app/Contents/Resources/sshuttle/ssnet.pyc
--- a/VPN.app/Contents/Resources/sshuttle/ssyslog.pyc
+++ b/VPN.app/Contents/Resources/sshuttle/ssyslog.pyc
--- a/VPN.app/Contents/Resources/sshuttle/stresstest.py
+++ b/VPN.app/Contents/Resources/sshuttle/stresstest.py
@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/env python
 import sys, os, socket, select, struct, time
 listener = socket.socket()
Author	SHA1	Message	Date
Avery Pennarun	87ca53cbc4	MacOS precompiled app package for sshuttle-0.61	2012-07-06 16:26:45 -04:00
Avery Pennarun	d5c3aa61b8	MacOS precompiled app package for sshuttle-0.60	2012-01-08 19:16:05 -05:00
Avery Pennarun	5b57de2404	MacOS precompiled app package for sshuttle-0.53	2011-05-03 14:22:54 -07:00
Avery Pennarun	cde9521825	MacOS precompiled app package for sshuttle-0.52	2011-03-20 04:13:09 -07:00