Merge pull request #19 from naclander/patch-1

Remove no-latency-control assertion

README.md

@@ -13,10 +13,16 @@ Required Software
 
  - You need PyXAPI, available here:
    http://www.pps.univ-paris-diderot.fr/~ylg/PyXAPI/
- - You also need autossh, available in various package management systems
  - Python 2.x, both locally and the remote system
 
 
+Additional Suggested Software
+-----------------------------
+
+ - You may want to need autossh, available in various package management
+   systems
+
+
 sshuttle: where transparent proxy meets VPN meets ssh
 =====================================================
 
@@ -87,15 +93,15 @@ Usage on (Ubuntu) Linux
 Usage on other Linuxes and OSes
 -------------------------------
 
-  <tt>./sshuttle -r username@sshserver 0.0.0.0/0 -vv</tt>
+  <tt>src/sshuttle -r username@sshserver 0.0.0.0/0 -vv</tt>
 
  - There is a shortcut for 0.0.0.0/0 for those that value
    their wrists
-   <tt>./sshuttle -r username@sshserver 0/0 -vv</tt>
+   <tt>src/sshuttle -r username@sshserver 0/0 -vv</tt>
 
  - If you would also like your DNS queries to be proxied
    through the DNS server of the server you are connect to:
-   <tt>./sshuttle --dns -vvr username@sshserver 0/0</tt>
+   <tt>src/sshuttle --dns -vvr username@sshserver 0/0</tt>
 
    The above is probably what you want to use to prevent
    local network attacks such as Firesheep and friends.

packaging/control

@@ -1,14 +1,16 @@
 Package: sshuttle
-Version: 0.2
-Architecture: i386
+Version: 0+git
+Architecture: all
 Maintainer: Jim Wyllie <jwyllie83@gmail.com>
-Depends: autossh, upstart, python (>=2.6)
-Section: utils
+Depends: iptables, python (>= 2.6)
+Suggests: autossh
+Section: net
 Priority: optional
-Homepage: http://github.com/jwyllie83/sshuttle.udp
-Description: "Full-featured" VPN over an SSH tunnel, allowing full remote
- access somewhere where all you have is an SSH connection.  It works well if
- you generally find yourself in the following situation:
+Homepage: http://github.com/sshuttle/sshuttle
+Description: "Full-featured" VPN over an SSH tunnel
+ It allows full remote access somewhere where all you have is an SSH
+ connection.  It works well if you generally find yourself in the
+ following situation:
  .
  - Your client machine (or router) is Linux, FreeBSD, or MacOS.
  - You have access to a remote network via ssh.
@@ -22,5 +24,5 @@ Description: "Full-featured" VPN over an SSH tunnel, allowing full remote
     it's disabled by default on openssh servers; plus it does
     TCP-over-TCP, which has suboptimal performance
  .
- It also has hooks for more complicated setups (VPN-in-a-SSH-VPN, etc) to allow
+ It also has hooks for more complicated setups (VPN-in-a-SSH-VPN, etc.) to allow
  you to set it up as you like.

packaging/make_deb

@@ -24,6 +24,11 @@ cp ../src/sshuttle ${B}/usr/bin
 cp -r sshuttle.conf ${B}/etc/init
 cp prefixes.conf ${B}/etc/sshuttle
 cp tunnel.conf ${B}/etc/sshuttle
+# Remove MacOS X stuff from .deb
+rm -r ${B}/usr/share/sshuttle/ui-macos
+
+# Fix path to main.py
+sed -e 's:^DIR=.*$:DIR=/usr/share/sshuttle/:' -i ${B}/usr/bin/sshuttle
 
 # Copy the control file over, as well
 cp control ${B}/DEBIAN

src/client.py

@@ -554,7 +554,7 @@ def _main(tcp_listener, udp_listener, fw, ssh_cmd, remotename,
         if auto_nets:
             for line in routestr.strip().split('\n'):
                 (family, ip, width) = line.split(',', 2)
-                fw.auto_nets.append((family, ip, int(width)))
+                fw.auto_nets.append((int(family), ip, int(width)))
 
         # we definitely want to do this *after* starting ssh, or we might end
         # up intercepting the ssh connection!

src/firewall.py

@@ -337,7 +337,7 @@ def _handle_diversion(divertsock, dnsport):
         _real_dns_server[0] = dst
         dst = ('127.0.0.1', dnsport)
     elif src[1] == dnsport:
-        if islocal(src[0]):
+        if islocal(src[0], divertsock.family):
             debug3('...packet is a DNS response.\n')
             src = _real_dns_server[0]
     else:
@@ -490,16 +490,16 @@ def do_pf(port, dnsport, family, subnets, udp):
     filtering_rules = []
 
     if subnets:
-        include_subnets = filter(lambda s:not s[2], sorted(subnets, reverse=True))
-        if include_subnets:
-            tables.append('table <include_subnets> {%s}' % ','.join(["%s/%s" % (n[3], n[1]) for n in include_subnets]))
-            translating_rules.append('rdr pass on lo0 proto tcp to <include_subnets> -> 127.0.0.1 port %r' % port)
-            filtering_rules.append('pass out route-to lo0 inet proto tcp to <include_subnets> keep state')
+        includes=[]
+        # If a given subnet is both included and excluded, list the exclusion
+        # first; the table will ignore the second, opposite definition
+        for f, swidth, sexclude, snet \
+                in sorted(subnets, key=lambda s: (s[1], s[2]), reverse=True):
+                    includes.append("%s%s/%s" % ("!" if sexclude else "", snet, swidth))
 
-        exclude_subnets = filter(lambda s:s[2], sorted(subnets, reverse=True))
-        if exclude_subnets:
-            tables.append('table <exclude_subnets> {%s}' % ','.join(["%s/%s" % (n[3], n[1]) for n in exclude_subnets]))
-            filtering_rules.append('pass out route-to lo0 inet proto tcp to <exclude_subnets> keep state')
+        tables.append('table <forward_subnets> {%s}' % ','.join(includes))
+        translating_rules.append('rdr pass on lo0 proto tcp to <forward_subnets> -> 127.0.0.1 port %r' % port)
+        filtering_rules.append('pass out route-to lo0 inet proto tcp to <forward_subnets> keep state')
 
         if dnsport:
             nslist = resolvconf_nameservers()

src/options.py

@@ -61,6 +61,8 @@ def _remove_negative_k(k):
 
 
 def _tty_width():
+    if not hasattr(sys.stderr, "fileno"):
+        return _atoi(os.environ.get('WIDTH')) or 70
     s = struct.pack("HHHH", 0, 0, 0, 0)
     try:
         import fcntl

src/server.py

@@ -215,7 +215,6 @@ def main():
         helpers.logprefix = ' s: '
     else:
         helpers.logprefix = 'server: '
-    assert latency_control is not None
     debug1('latency control setting = %r\n' % latency_control)
 
     routes = list(list_routes())

src/ui-macos/main.py

@@ -1,7 +1,21 @@
 import sys
 import os
 import pty
-from AppKit import *
+from AppKit import (
+  objc,
+  NSApp,
+  NSApplicationMain,
+  NSAttributedString,
+  NSFileHandle,
+  NSFileHandleDataAvailableNotification,
+  NSImage,
+  NSMenu,
+  NSMenuItem,
+  NSNotificationCenter,
+  NSObject,
+  NSStatusBar,
+  NSVariableStatusItemLength,
+)
 import my
 import models
 import askpass
@@ -217,6 +231,7 @@ class SshuttleController(NSObject):
 
     @objc.IBAction
     def cmd_quit(self, sender):
+        NSStatusBar.systemStatusBar().removeStatusItem_(self.statusitem)
         NSApp.performSelector_withObject_afterDelay_(NSApp.terminate_,
                                                      None, 0.0)
 
@@ -365,11 +380,10 @@ class SshuttleController(NSObject):
         bar = NSStatusBar.systemStatusBar()
         statusitem = bar.statusItemWithLength_(NSVariableStatusItemLength)
         self.statusitem = statusitem
-        self.img_idle = my.Image('chicken-tiny-bw', 'png')
-        self.img_running = my.Image('chicken-tiny', 'png')
-        self.img_err = my.Image('chicken-tiny-err', 'png')
+        self.img_idle = NSImage.imageNamed_('ChickenIdleTemplate')
+        self.img_running = NSImage.imageNamed_('ChickenRunningTemplate')
+        self.img_err = NSImage.imageNamed_('ChickenErrorTemplate')
         statusitem.setImage_(self.img_idle)
-        statusitem.setHighlightMode_(True)
         statusitem.setMenu_(self.menu)
         self.fill_menu()
 

src/ui-macos/models.py

@@ -1,4 +1,4 @@
-from AppKit import *
+from AppKit import (objc, NSObject)
 import my
 
 

src/ui-macos/my.py

@@ -1,5 +1,11 @@
 import os
-from AppKit import *
+from AppKit import (
+  NSBundle,
+  NSData,
+  NSDictionary,
+  NSImage,
+  NSUserDefaults,
+)
 import PyObjCTools.AppHelper
 
 

src/ui-macos/sources.list.do

@@ -4,9 +4,9 @@ cat <<-EOF
 	app.icns
 	MainMenu.nib English.lproj/MainMenu.nib
 	UserDefaults.plist
-	chicken-tiny.png
-	chicken-tiny-bw.png
-	chicken-tiny-err.png
+	ChickenIdleTemplate.pdf
+	ChickenRunningTemplate.pdf
+	ChickenErrorTemplate.pdf
 EOF
 for d in *.py sshuttle/*.py sshuttle/sshuttle sshuttle/compat/*.py; do
 	echo $d