Added --exclude-from feature.

(Slightly modified by apenwarr)

Documentation/sshuttle.md

@@ -71,6 +71,10 @@ entire subnet to the VPN.
     are taken automatically from the server's routing
     table.
     
+--dns
+:   capture local DNS requests and forward to the remote DNS
+    server.
+    
 --python
 :   specify the name/path of the remote python interpreter. 
     The default is just `python`, which means to use the
@@ -90,6 +94,10 @@ entire subnet to the VPN.
     `0/0 -x 1.2.3.0/24` to forward everything except the
     local subnet over the VPN, for example.
 
+--exclude-from=*file*
+:   exclude the subnets specified in a file, one subnet per
+    line. Useful when you have lots of subnets to exclude.
+
 -v, --verbose
 :   print more information about the session.  This option
     can be used more than once for increased verbosity.  By

clean.do

@@ -1,2 +1,2 @@
-redo ui-macos/clean Documentation/clean
+redo ui-macos/clean Documentation/clean version/clean
 rm -f *~ */*~ .*~ */.*~ *.8 *.tmp */*.tmp *.pyc */*.pyc

firewall.py

@@ -471,6 +471,8 @@ def main(port, dnsport, syslog):
     # disappears; we still have to clean up.
     signal.signal(signal.SIGHUP, signal.SIG_IGN)
     signal.signal(signal.SIGPIPE, signal.SIG_IGN)
+    signal.signal(signal.SIGTERM, signal.SIG_IGN)
+    signal.signal(signal.SIGINT, signal.SIG_IGN)
 
     # ctrl-c shouldn't be passed along to me.  When the main sshuttle dies,
     # I'll die automatically.

main.py

@@ -57,6 +57,7 @@ dns        capture local DNS requests and forward to the remote DNS server
 python=    path to python interpreter on the remote server
 r,remote=  ssh hostname (and optional username) of remote sshuttle server
 x,exclude= exclude this subnet (can be used more than once)
+exclude-from=  exclude the subnets in a file (whitespace separated)
 v,verbose  increase debug message verbosity
 e,ssh-cmd= the command to use to connect to the remote [ssh]
 seed-hosts= with -H, use these hostnames for initial scan (comma-separated)
@@ -104,6 +105,8 @@ try:
         for k,v in flags:
             if k in ('-x','--exclude'):
                 excludes.append(v)
+            if k in ('-X', '--exclude-from'):
+                excludes += open(v).read().split()
         remotename = opt.remote
         if remotename == '' or remotename == '-':
             remotename = None

server.py

@@ -43,7 +43,12 @@ def _maskbits(netmask):
     
     
 def _shl(n, bits):
-    return n * int(2**bits)
+    # we use our own implementation of left-shift because
+    # results may be different between older and newer versions
+    # of python for numbers like 1<<32.  We use long() because
+    # int(2**32) doesn't work in older python, which has limited
+    # int sizes.
+    return n * long(2**bits)
 
 
 def _list_routes():
@@ -68,9 +73,11 @@ def _list_routes():
 
 
 def list_routes():
+    l = []
     for (ip,width) in _list_routes():
         if not ip.startswith('0.') and not ip.startswith('127.'):
-            yield (ip,width)
+            l.append((ip,width))
+    return l
 
 
 def _exc_dump():

ui-macos/bits/runpython.do

@@ -2,12 +2,14 @@ exec >&2
 redo-ifchange runpython.c
 ARCHES=""
 printf "Platforms: "
-for d in /usr/libexec/gcc/darwin/*; do
+if [ -d /usr/libexec/gcc/darwin ]; then
-    PLAT=$(basename "$d")
+    for d in /usr/libexec/gcc/darwin/*; do
-    [ "$PLAT" != "ppc64" ] || continue  # fails for some reason on my Mac
+        PLAT=$(basename "$d")
-    ARCHES="$ARCHES -arch $PLAT"
+        [ "$PLAT" != "ppc64" ] || continue  # fails for some reason on my Mac
-    printf "$PLAT "
+        ARCHES="$ARCHES -arch $PLAT"
-done
+        printf "$PLAT "
+    done
+fi
 printf "\n"
 gcc $ARCHES \
 	-Wall -o $3 runpython.c \