diff options
author | Brian May <brian@linuxpenguins.xyz> | 2016-01-17 16:16:36 +1100 |
---|---|---|
committer | Brian May <brian@linuxpenguins.xyz> | 2016-01-17 16:19:13 +1100 |
commit | 262affe94fff020aafddc3491c677a5b7853bf66 (patch) | |
tree | f42b5eafecc4924e178fdfbc22e8d0f049c4396d | |
parent | d80b590a71c48933969fe04190e748067561c8c3 (diff) |
Use Sphinx for documentation
See #60
-rw-r--r-- | MANIFEST.in | 6 | ||||
-rw-r--r-- | README.rst | 219 | ||||
-rw-r--r-- | docs/Makefile | 177 | ||||
-rw-r--r-- | docs/conf.py | 261 | ||||
-rw-r--r-- | docs/how-it-works.rst | 37 | ||||
-rw-r--r-- | docs/index.rst | 24 | ||||
-rw-r--r-- | docs/installation.rst | 11 | ||||
-rw-r--r-- | docs/make.bat | 242 | ||||
-rw-r--r-- | docs/manpage.rst (renamed from sshuttle/sshuttle.md) | 208 | ||||
-rw-r--r-- | docs/overview.rst | 26 | ||||
-rw-r--r-- | docs/requirements.rst | 35 | ||||
-rw-r--r-- | docs/support.rst | 11 | ||||
-rw-r--r-- | docs/trivia.rst | 36 | ||||
-rw-r--r-- | docs/usage.rst | 100 |
14 files changed, 1077 insertions, 316 deletions
diff --git a/MANIFEST.in b/MANIFEST.in index a3604cd..119620f 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -5,4 +5,8 @@ include MANIFEST.in include LICENSE include run include tox.ini -recursive-include sshuttle *.py *.md +recursive-include docs *.bat +recursive-include docs *.py +recursive-include docs *.rst +recursive-include docs Makefile +recursive-include sshuttle *.py @@ -26,89 +26,6 @@ common case: TCP-over-TCP, which has terrible performance (see below). -Client side Requirements ------------------------- - -- sudo, or root access on your client machine. - (The server doesn't need admin access.) -- Python 2.7 or Python 3.5. - -+-------+--------+------------+-----------------------------------------------+ -| OS | Method | Features | Requirements | -+=======+========+============+===============================================+ -| Linux | NAT | * IPv4 TCP + iptables DNAT, REDIRECT, and ttl modules. | -+ +--------+------------+-----------------------------------------------+ -| | TPROXY | * IPv4 TCP + Linux with TPROXY support. | -| | | * IPv4 UDP + Python 3.5 preferred (see below). | -| | | * IPv6 TCP + Python 2 may require PyXAPI_ (see below). | -| | | * IPv6 UDP + | -+-------+--------+------------+-----------------------------------------------+ -| MacOS | PF | * IPv4 TCP + You need to have the pfctl command. | -+-------+--------+------------+-----------------------------------------------+ - -.. _PyXAPI: http://www.pps.univ-paris-diderot.fr/~ylg/PyXAPI/ - -Server side Requirements ------------------------- -Python 2.7 or Python 3.5. - - -Additional Suggested Software ------------------------------ - -- You may want to use autossh, available in various package management - systems - - -Additional information for TPROXY ---------------------------------- -TPROXY is the only method that supports full support of IPv6 and UDP. - -Full UDP or DNS support with the TPROXY method requires the ``recvmsg()`` -syscall. This is not available in Python 2, however is in Python 3.5 and -later. Under Python 2 you might find it sufficient installing PyXAPI_ to get -the ``recvmsg()`` function. - -There are some things you need to consider for TPROXY to work: - -- The following commands need to be run first as root. This only needs to be - done once after booting up:: - - ip route add local default dev lo table 100 - ip rule add fwmark 1 lookup 100 - ip -6 route add local default dev lo table 100 - ip -6 rule add fwmark 1 lookup 100 - -- The ``--auto-nets`` feature does not detect IPv6 routes automatically. Add IPv6 - routes manually. e.g. by adding ``'::/0'`` to the end of the command line. - -- The client needs to be run as root. e.g.:: - - sudo SSH_AUTH_SOCK="$SSH_AUTH_SOCK" $HOME/tree/sshuttle.tproxy/sshuttle --method=tproxy ... - -- You may need to exclude the IP address of the server you are connecting to. - Otherwise sshuttle may attempt to intercept the ssh packets, which will not - work. Use the ``--exclude`` parameter for this. - -- Similarly, UDP return packets (including DNS) could get intercepted and - bounced back. This is the case if you have a broad subnet such as - ``0.0.0.0/0`` or ``::/0`` that includes the IP address of the client. Use the - ``--exclude`` parameter for this. - -- You need the ``--method=tproxy`` parameter, as above. - -- The routes for the outgoing packets must already exist. For example, if your - connection does not have IPv6 support, no IPv6 routes will exist, IPv6 - packets will not be generated and sshuttle cannot intercept them:: - - telnet -6 www.google.com 80 - Trying 2404:6800:4001:805::1010... - telnet: Unable to connect to remote host: Network is unreachable - - Add some dummy routes to external interfaces. Make sure they get removed - however after sshuttle exits. - - Obtaining sshuttle ------------------ @@ -122,145 +39,9 @@ Obtaining sshuttle ./setup.py install -Usage ------ - -- Forward all traffic:: - - sshuttle -r username@sshserver 0.0.0.0/0 - -- By default sshuttle will automatically choose a method to use. Override with - the ``--method=`` parameter. - -- There is a shortcut for 0.0.0.0/0 for those that value - their wrists:: - - sshuttle -r username@sshserver 0/0 - -- If you would also like your DNS queries to be proxied - through the DNS server of the server you are connect to:: - - sshuttle --dns -r username@sshserver 0/0 - - The above is probably what you want to use to prevent - local network attacks such as Firesheep and friends. - -(You may be prompted for one or more passwords; first, the local password to -become root using sudo, and then the remote ssh password. Or you might have -sudo and ssh set up to not require passwords, in which case you won't be -prompted at all.) - - -Usage Notes ------------ - -That's it! Now your local machine can access the remote network as if you -were right there. And if your "client" machine is a router, everyone on -your local network can make connections to your remote network. - -You don't need to install sshuttle on the remote server; -the remote server just needs to have python available. -sshuttle will automatically upload and run its source code -to the remote python interpreter. - -This creates a transparent proxy server on your local machine for all IP -addresses that match 0.0.0.0/0. (You can use more specific IP addresses if -you want; use any number of IP addresses or subnets to change which -addresses get proxied. Using 0.0.0.0/0 proxies *everything*, which is -interesting if you don't trust the people on your local network.) - -Any TCP session you initiate to one of the proxied IP addresses will be -captured by sshuttle and sent over an ssh session to the remote copy of -sshuttle, which will then regenerate the connection on that end, and funnel -the data back and forth through ssh. - -Fun, right? A poor man's instant VPN, and you don't even have to have -admin access on the server. - - -Support -------- - -Mailing list: - -* Subscribe by sending a message to <sshuttle+subscribe@googlegroups.com> -* List archives are at: http://groups.google.com/group/sshuttle - -Issue tracker and pull requests at github: - -* https://github.com/sshuttle/sshuttle - - -Theory of Operation -------------------- - -sshuttle is not exactly a VPN, and not exactly port forwarding. It's kind -of both, and kind of neither. - -It's like a VPN, since it can forward every port on an entire network, not -just ports you specify. Conveniently, it lets you use the "real" IP -addresses of each host rather than faking port numbers on localhost. - -On the other hand, the way it *works* is more like ssh port forwarding than -a VPN. Normally, a VPN forwards your data one packet at a time, and -doesn't care about individual connections; ie. it's "stateless" with respect -to the traffic. sshuttle is the opposite of stateless; it tracks every -single connection. - -You could compare sshuttle to something like the old `Slirp -<http://en.wikipedia.org/wiki/Slirp>`_ program, which was a userspace TCP/IP -implementation that did something similar. But it operated on a -packet-by-packet basis on the client side, reassembling the packets on the -server side. That worked okay back in the "real live serial port" days, -because serial ports had predictable latency and buffering. - -But you can't safely just forward TCP packets over a TCP session (like ssh), -because TCP's performance depends fundamentally on packet loss; it -*must* experience packet loss in order to know when to slow down! At -the same time, the outer TCP session (ssh, in this case) is a reliable -transport, which means that what you forward through the tunnel *never* -experiences packet loss. The ssh session itself experiences packet loss, of -course, but TCP fixes it up and ssh (and thus you) never know the -difference. But neither does your inner TCP session, and extremely screwy -performance ensues. - -sshuttle assembles the TCP stream locally, multiplexes it statefully over -an ssh session, and disassembles it back into packets at the other end. So -it never ends up doing TCP-over-TCP. It's just data-over-TCP, which is -safe. -Useless Trivia --------------- -This section written by Avery Pennarun <apenwarr@gmail.com>. -Back in 1998 (12 years ago! Yikes!), I released the first version of `Tunnel -Vision <http://alumnit.ca/wiki/?TunnelVisionReadMe>`_, a semi-intelligent VPN -client for Linux. Unfortunately, I made two big mistakes: I implemented the -key exchange myself (oops), and I ended up doing TCP-over-TCP (double oops). -The resulting program worked okay - and people used it for years - but the -performance was always a bit funny. And nobody ever found any security flaws -in my key exchange, either, but that doesn't mean anything. :) -The same year, dcoombs and I also released Fast Forward, a proxy server -supporting transparent proxying. Among other things, we used it for -automatically splitting traffic across more than one Internet connection (a -tool we called "Double Vision"). -I was still in university at the time. A couple years after that, one of my -professors was working with some graduate students on the technology that would -eventually become `Slipstream Internet Acceleration -<http://www.slipstream.com/>`_. He asked me to do a contract for him to build -an initial prototype of a transparent proxy server for mobile networks. The -idea was similar to sshuttle: if you reassemble and then disassemble the TCP -packets, you can reduce latency and improve performance vs. just forwarding -the packets over a plain VPN or mobile network. (It's unlikely that any of my -code has persisted in the Slipstream product today, but the concept is still -pretty cool. I'm still horrified that people use plain TCP on complex mobile -networks with crazily variable latency, for which it was never really -intended.) -That project I did for Slipstream was what first gave me the idea to merge -the concepts of Fast Forward, Double Vision, and Tunnel Vision into a single -program that was the best of all worlds. And here we are, at last, 10 years -later. You're welcome. diff --git a/docs/Makefile b/docs/Makefile new file mode 100644 index 0000000..1d19aef --- /dev/null +++ b/docs/Makefile @@ -0,0 +1,177 @@ +# Makefile for Sphinx documentation +# + +# You can set these variables from the command line. +SPHINXOPTS = +SPHINXBUILD = sphinx-build +PAPER = +BUILDDIR = _build + +# User-friendly check for sphinx-build +ifeq ($(shell which $(SPHINXBUILD) >/dev/null 2>&1; echo $$?), 1) +$(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don't have Sphinx installed, grab it from http://sphinx-doc.org/) +endif + +# Internal variables. +PAPEROPT_a4 = -D latex_paper_size=a4 +PAPEROPT_letter = -D latex_paper_size=letter +ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) . +# the i18n builder cannot share the environment and doctrees with the others +I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) . + +.PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest gettext + +help: + @echo "Please use \`make <target>' where <target> is one of" + @echo " html to make standalone HTML files" + @echo " dirhtml to make HTML files named index.html in directories" + @echo " singlehtml to make a single large HTML file" + @echo " pickle to make pickle files" + @echo " json to make JSON files" + @echo " htmlhelp to make HTML files and a HTML help project" + @echo " qthelp to make HTML files and a qthelp project" + @echo " devhelp to make HTML files and a Devhelp project" + @echo " epub to make an epub" + @echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter" + @echo " latexpdf to make LaTeX files and run them through pdflatex" + @echo " latexpdfja to make LaTeX files and run them through platex/dvipdfmx" + @echo " text to make text files" + @echo " man to make manual pages" + @echo " texinfo to make Texinfo files" + @echo " info to make Texinfo files and run them through makeinfo" + @echo " gettext to make PO message catalogs" + @echo " changes to make an overview of all changed/added/deprecated items" + @echo " xml to make Docutils-native XML files" + @echo " pseudoxml to make pseudoxml-XML files for display purposes" + @echo " linkcheck to check all external links for integrity" + @echo " doctest to run all doctests embedded in the documentation (if enabled)" + +clean: + rm -rf $(BUILDDIR)/* + +html: + $(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html + @echo + @echo "Build finished. The HTML pages are in $(BUILDDIR)/html." + +dirhtml: + $(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml + @echo + @echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml." + +singlehtml: + $(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml + @echo + @echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml." + +pickle: + $(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle + @echo + @echo "Build finished; now you can process the pickle files." + +json: + $(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json + @echo + @echo "Build finished; now you can process the JSON files." + +htmlhelp: + $(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp + @echo + @echo "Build finished; now you can run HTML Help Workshop with the" \ + ".hhp project file in $(BUILDDIR)/htmlhelp." + +qthelp: + $(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp + @echo + @echo "Build finished; now you can run "qcollectiongenerator" with the" \ + ".qhcp project file in $(BUILDDIR)/qthelp, like this:" + @echo "# qcollectiongenerator $(BUILDDIR)/qthelp/sshuttle.qhcp" + @echo "To view the help file:" + @echo "# assistant -collectionFile $(BUILDDIR)/qthelp/sshuttle.qhc" + +devhelp: + $(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp + @echo + @echo "Build finished." + @echo "To view the help file:" + @echo "# mkdir -p $$HOME/.local/share/devhelp/sshuttle" + @echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/sshuttle" + @echo "# devhelp" + +epub: + $(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub + @echo + @echo "Build finished. The epub file is in $(BUILDDIR)/epub." + +latex: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo + @echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex." + @echo "Run \`make' in that directory to run these through (pdf)latex" \ + "(use \`make latexpdf' here to do that automatically)." + +latexpdf: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo "Running LaTeX files through pdflatex..." + $(MAKE) -C $(BUILDDIR)/latex all-pdf + @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." + +latexpdfja: + $(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex + @echo "Running LaTeX files through platex and dvipdfmx..." + $(MAKE) -C $(BUILDDIR)/latex all-pdf-ja + @echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex." + +text: + $(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text + @echo + @echo "Build finished. The text files are in $(BUILDDIR)/text." + +man: + $(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man + @echo + @echo "Build finished. The manual pages are in $(BUILDDIR)/man." + +texinfo: + $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo + @echo + @echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo." + @echo "Run \`make' in that directory to run these through makeinfo" \ + "(use \`make info' here to do that automatically)." + +info: + $(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo + @echo "Running Texinfo files through makeinfo..." + make -C $(BUILDDIR)/texinfo info + @echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo." + +gettext: + $(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale + @echo + @echo "Build finished. The message catalogs are in $(BUILDDIR)/locale." + +changes: + $(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes + @echo + @echo "The overview file is in $(BUILDDIR)/changes." + +linkcheck: + $(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck + @echo + @echo "Link check complete; look for any errors in the above output " \ + "or in $(BUILDDIR)/linkcheck/output.txt." + +doctest: + $(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest + @echo "Testing of doctests in the sources finished, look at the " \ + "results in $(BUILDDIR)/doctest/output.txt." + +xml: + $(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml + @echo + @echo "Build finished. The XML files are in $(BUILDDIR)/xml." + +pseudoxml: + $(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml + @echo + @echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml." diff --git a/docs/conf.py b/docs/conf.py new file mode 100644 index 0000000..851b6d2 --- /dev/null +++ b/docs/conf.py @@ -0,0 +1,261 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- +# +# sshuttle documentation build configuration file, created by +# sphinx-quickstart on Sun Jan 17 12:13:47 2016. +# +# This file is execfile()d with the current directory set to its +# containing dir. +# +# Note that not all possible configuration values are present in this +# autogenerated file. +# +# All configuration values have a default; values that are commented out +# serve to show the default. + +# import sys +# import os + +# If extensions (or modules to document with autodoc) are in another directory, +# add these directories to sys.path here. If the directory is relative to the +# documentation root, use os.path.abspath to make it absolute, like shown here. +# sys.path.insert(0, os.path.abspath('.')) + +# -- General configuration ------------------------------------------------ + +# If your documentation needs a minimal Sphinx version, state it here. +# needs_sphinx = '1.0' + +# Add any Sphinx extension module names here, as strings. They can be +# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom +# ones. +extensions = [ + 'sphinx.ext.todo', + 'sphinx.ext.coverage', +] + +# Add any paths that contain templates here, relative to this directory. +templates_path = ['_templates'] + +# The suffix of source filenames. +source_suffix = '.rst' + +# The encoding of source files. +# source_encoding = 'utf-8-sig' + +# The master toctree document. +master_doc = 'index' + +# General information about the project. +project = 'sshuttle' +copyright = '2016, Brian May' + +# The version info for the project you're documenting, acts as replacement for +# |version| and |release|, also used in various other places throughout the +# built documents. +# +# The short X.Y version. +from setuptools_scm import get_version +version = get_version(root="..") +# The full version, including alpha/beta/rc tags. +release = version + +# The language for content autogenerated by Sphinx. Refer to documentation +# for a list of supported languages. +# language = None + +# There are two options for replacing |today|: either, you set today to some +# non-false value, then it is used: +# today = '' +# Else, today_fmt is used as the format for a strftime call. +# today_fmt = '%B %d, %Y' + +# List of patterns, relative to source directory, that match files and +# directories to ignore when looking for source files. +exclude_patterns = ['_build'] + +# The reST default role (used for this markup: `text`) to use for all +# documents. +# default_role = None + +# If true, '()' will be appended to :func: etc. cross-reference text. +# add_function_parentheses = True + +# If true, the current module name will be prepended to all description +# unit titles (such as .. function::). +# add_module_names = True + +# If true, sectionauthor and moduleauthor directives will be shown in the +# output. They are ignored by default. +# show_authors = False + +# The name of the Pygments (syntax highlighting) style to use. +pygments_style = 'sphinx' + +# A list of ignored prefixes for module index sorting. +# modindex_common_prefix = [] + +# If true, keep warnings as "system message" paragraphs in the built documents. +# keep_warnings = False + + +# -- Options for HTML output ---------------------------------------------- + +# The theme to use for HTML and HTML Help pages. See the documentation for +# a list of builtin themes. +html_theme = 'default' + +# Theme options are theme-specific and customize the look and feel of a theme +# further. For a list of options available for each theme, see the +# documentation. +# html_theme_options = {} + +# Add any paths that contain custom themes here, relative to this directory. +# html_theme_path = [] + +# The name for this set of Sphinx documents. If None, it defaults to +# "<project> v<release> documentation". +# html_title = None + +# A shorter title for the navigation bar. Default is the same as html_title. +# html_short_title = None + +# The name of an image file (relative to this directory) to place at the top +# of the sidebar. +# html_logo = None + +# The name of an image file (within the static path) to use as favicon of the +# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32 +# pixels large. +# html_favicon = None + +# Add any paths that contain custom static files (such as style sheets) here, +# relative to this directory. They are copied after the builtin static files, +# so a file named "default.css" will overwrite the builtin "default.css". +html_static_path = ['_static'] + +# Add any extra paths that contain custom files (such as robots.txt or +# .htaccess) here, relative to this directory. These files are copied +# directly to the root of the documentation. +# html_extra_path = [] + +# If not '', a 'Last updated on:' timestamp is inserted at every page bottom, +# using the given strftime format. +# html_last_updated_fmt = '%b %d, %Y' + +# If true, SmartyPants will be used to convert quotes and dashes to +# typographically correct entities. +# html_use_smartypants = True + +# Custom sidebar templates, maps document names to template names. +# html_sidebars = {} + +# Additional templates that should be rendered to pages, maps page names to +# template names. +# html_additional_pages = {} + +# If false, no module index is generated. +# html_domain_indices = True + +# If false, no index is generated. +# html_use_index = True + +# If true, the index is split into individual pages for each letter. +# html_split_index = False + +# If true, links to the reST sources are added to the pages. +# html_show_sourcelink = True + +# If true, "Created using Sphinx" is shown in the HTML footer. Default is True. +# html_show_sphinx = True + +# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True. +# html_show_copyright = True + +# If true, an OpenSearch description file will be output, and all pages will +# contain a <link> tag referring to it. The value of this option must be the +# base URL from which the finished HTML is served. +# html_use_opensearch = '' + +# This is the file name suffix for HTML files (e.g. ".xhtml"). +# html_file_suffix = None + +# Output file base name for HTML help builder. +htmlhelp_basename = 'sshuttledoc' + + +# -- Options for LaTeX output --------------------------------------------- + +latex_elements = { + # The paper size ('letterpaper' or 'a4paper'). + # 'papersize': 'letterpaper', + + # The font size ('10pt', '11pt' or '12pt'). + # 'pointsize': '10pt', + + # Additional stuff for the LaTeX preamble. + # 'preamble': '', +} + +# Grouping the document tree into LaTeX files. List of tuples +# (source start file, target name, title, +# author, documentclass [howto, manual, or own class]). +latex_documents = [ + ('index', 'sshuttle.tex', 'sshuttle documentation', 'Brian May', 'manual'), +] + +# The name of an image file (relative to this directory) to place at the top of +# the title page. +# latex_logo = None + +# For "manual" documents, if this is true, then toplevel headings are parts, +# not chapters. +# latex_use_parts = False + +# If true, show page references after internal links. +# latex_show_pagerefs = False + +# If true, show URL addresses after external links. +# latex_show_urls = False + +# Documents to append as an appendix to all manuals. +# latex_appendices = [] + +# If false, no module index is generated. +# latex_domain_indices = True + + +# -- Options for manual page output --------------------------------------- + +# One entry per manual page. List of tuples +# (source start file, name, description, authors, manual section). +man_pages = [ + ('manpage', 'sshuttle', 'sshuttle documentation', ['Brian May'], 1) +] + +# If true, show URL addresses after external links. +# man_show_urls = False + + +# -- Options for Texinfo output ------------------------------------------- + +# Grouping the document tree into Texinfo files. List of tuples +# (source start file, target name, title, author, +# dir menu entry, description, category) +texinfo_documents = [ + ('index', 'sshuttle', 'sshuttle documentation', + 'Brian May', 'sshuttle', 'A transparent proxy-based VPN using ssh', + 'Miscellaneous'), +] + +# Documents to append as an appendix to all manuals. +# texinfo_appendices = [] + +# If false, no module index is generated. +# texinfo_domain_indices = True + +# How to display URL addresses: 'footnote', 'no', or 'inline'. +# texinfo_show_urls = 'footnote' + +# If true, do not generate a @detailmenu in the "Top" node's menu. +# texinfo_no_detailmenu = False diff --git a/docs/how-it-works.rst b/docs/how-it-works.rst new file mode 100644 index 0000000..7f6cad9 --- /dev/null +++ b/docs/how-it-works.rst @@ -0,0 +1,37 @@ +How it works +============ +sshuttle is not exactly a VPN, and not exactly port forwarding. It's kind +of both, and kind of neither. + +It's like a VPN, since it can forward every port on an entire network, not +just ports you specify. Conveniently, it lets you use the "real" IP +addresses of each host rather than faking port numbers on localhost. + +On the other hand, the way it *works* is more like ssh port forwarding than +a VPN. Normally, a VPN forwards your data one packet at a time, and +doesn't care about individual connections; ie. it's "stateless" with respect +to the traffic. sshuttle is the opposite of stateless; it tracks every +single connection. + +You could compare sshuttle to something like the old `Slirp +<http://en.wikipedia.org/wiki/Slirp>`_ program, which was a userspace TCP/IP +implementation that did something similar. But it operated on a +packet-by-packet basis on the client side, reassembling the packets on the +server side. That worked okay back in the "real live serial port" days, +because serial ports had predictable latency and buffering. + +But you can't safely just forward TCP packets over a TCP session (like ssh), +because TCP's performance depends fundamentally on packet loss; it +*must* experience packet loss in order to know when to slow down! At +the same time, the outer TCP session (ssh, in this case) is a reliable +transport, which means that what you forward through the tunnel *never* +experiences packet loss. The ssh session itself experiences packet loss, of +course, but TCP fixes it up and ssh (and thus you) never know the +difference. But neither does your inner TCP session, and extremely screwy +performance ensues. + +sshuttle assembles the TCP stream locally, multiplexes it statefully over +an ssh session, and disassembles it back into packets at the other end. So +it never ends up doing TCP-over-TCP. It's just data-over-TCP, which is +safe. + diff --git a/docs/index.rst b/docs/index.rst new file mode 100644 index 0000000..360b7f9 --- /dev/null +++ b/docs/index.rst @@ -0,0 +1,24 @@ +sshuttle: where transparent proxy meets VPN meets ssh +===================================================== + +Contents: + +.. toctree:: + :maxdepth: 2 + + overview + requirements + installation + usage + Manpage <manpage> + how-it-works + support + trivia + + +Indices and tables +================== + +* :ref:`genindex` +* :ref:`search` + diff --git a/docs/installation.rst b/docs/installation.rst new file mode 100644 index 0000000..12ed19a --- /dev/null +++ b/docs/installation.rst @@ -0,0 +1,11 @@ +Installation +============ + +- From PyPI:: + + pip install sshuttle + +- Clone:: + + git clone https://github.com/sshuttle/sshuttle.git + ./setup.py install diff --git a/docs/make.bat b/docs/make.bat new file mode 100644 index 0000000..47c89de --- /dev/null +++ b/docs/make.bat @@ -0,0 +1,242 @@ +@ECHO OFF
+
+REM Command file for Sphinx documentation
+
+if "%SPHINXBUILD%" == "" (
+ set SPHINXBUILD=sphinx-build
+)
+set BUILDDIR=_build
+set ALLSPHINXOPTS=-d %BUILDDIR%/doctrees %SPHINXOPTS% .
+set I18NSPHINXOPTS=%SPHINXOPTS% .
+if NOT "%PAPER%" == "" (
+ set ALLSPHINXOPTS=-D latex_paper_size=%PAPER% %ALLSPHINXOPTS%
+ set I18NSPHINXOPTS=-D latex_paper_size=%PAPER% %I18NSPHINXOPTS%
+)
+
+if "%1" == "" goto help
+
+if "%1" == "help" (
+ :help
+ echo.Please use `make ^<target^>` where ^<target^> is one of
+ echo. html to make standalone HTML files
+ echo. dirhtml to make HTML files named index.html in directories
+ echo. singlehtml to make a single large HTML file
+ echo. pickle to make pickle files
+ echo. json to make JSON files
+ echo. htmlhelp to make HTML files and a HTML help project
+ echo. qthelp to make HTML files and a qthelp project
+ echo. devhelp to make HTML files and a Devhelp project
+ echo. epub to make an epub
+ echo. latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter
+ echo. text to make text files
+ echo. man to make manual pages
+ echo. texinfo to make Texinfo files
+ echo. gettext to make PO message catalogs
+ echo. changes to make an overview over all changed/added/deprecated items
+ echo. xml to make Docutils-native XML files
+ echo. pseudoxml to make pseudoxml-XML files for display purposes
+ echo. linkcheck to check all external links for integrity
+ echo. doctest to run all doctests embedded in the documentation if enabled
+ goto end
+)
+
+if "%1" == "clean" (
+ for /d %%i in (%BUILDDIR%\*) do rmdir /q /s %%i
+ del /q /s %BUILDDIR%\*
+ goto end
+)
+
+
+%SPHINXBUILD% 2> nul
+if errorlevel 9009 (
+ echo.
+ echo.The 'sphinx-build' command was not found. Make sure you have Sphinx
+ echo.installed, then set the SPHINXBUILD environment variable to point
+ echo.to the full path of the 'sphinx-build' executable. Alternatively you
+ echo.may add the Sphinx directory to PATH.
+ echo.
+ echo.If you don't have Sphinx installed, grab it from
+ echo.http://sphinx-doc.org/
+ exit /b 1
+)
+
+if "%1" == "html" (
+ %SPHINXBUILD% -b html %ALLSPHINXOPTS% %BUILDDIR%/html
+ if errorlevel 1 exit /b 1
+ echo.
+ echo.Build finished. The HTML pages are in %BUILDDIR%/html.
+ goto end
+)
+
+if "%1" == "dirhtml" (
+ %SPHINXBUILD% -b dirhtml %ALLSPHINXOPTS% %BUILDDIR%/dirhtml
+ if errorlevel 1 exit /b 1
+ echo.
+ echo.Build finished. The HTML pages are in %BUILDDIR%/dirhtml.
+ goto end
+)
+
+if "%1" == "singlehtml" (
+ %SPHINXBUILD% -b singlehtml %ALLSPHINXOPTS% %BUILDDIR%/singlehtml
+ if errorlevel 1 exit /b 1
+ echo.
+ echo.Build finished. The HTML pages are in %BUILDDIR%/singlehtml.
+ goto end
+)
+
+if "%1" == "pickle" (
+ %SPHINXBUILD% -b pickle %ALLSPHINXOPTS% %BUILDDIR%/pickle
+ if errorlevel 1 exit /b 1
+ echo.
+ echo.Build finished; now you can process the pickle files.
+ goto end
+)
+
+if "%1" == "json" (
+ %SPHINXBUILD% -b json %ALLSPHINXOPTS% %BUILDDIR%/json
+ if errorlevel 1 exit /b 1
+ echo.
+ echo.Build finished; now you can process the JSON files.
+ goto end
+)
+
+if "%1" == "htmlhelp" (
+ %SPHINXBUILD% -b htmlhelp %ALLSPHINXOPTS% %BUILDDIR%/htmlhelp
+ if errorlevel 1 exit /b 1
+ echo.
+ echo.Build finished; now you can run HTML Help Workshop with the ^
+.hhp project file in %BUILDDIR%/htmlhelp.
+ goto end
+)
+
+if "%1" == "qthelp" (
+ %SPHINXBUILD% -b qthelp %ALLSPHINXOPTS% %BUILDDIR%/qthelp
+ if errorlevel 1 exit /b 1
+ echo.
|