diff options
| author | Daniel Jeffery <11964037+danjeffery@users.noreply.github.com> | 2019-06-07 20:12:21 -0600 |
|---|---|---|
| committer | Brian May <brian@linuxpenguins.xyz> | 2019-06-08 12:12:21 +1000 |
| commit | 3e2ad68796fc5f30b33e1d23b0419d85f41efdb3 (patch) | |
| tree | 60cae38591b4be4c31c5de36a215769638b49a5d | |
| parent | 635cf8605e15bcce6a8ac2f3cf4e1ac3c006712d (diff) | |
Fix tests for existing PR-312 (#337)
* use addrtype match to return the LOCAL trafik
* Add assertion for the new LOCAL firewall rule added in PR 312.
* Fix linter complaints
| -rw-r--r-- | sshuttle/client.py | 9 | ||||
| -rw-r--r-- | sshuttle/methods/nat.py | 6 | ||||
| -rw-r--r-- | tests/client/test_methods_nat.py | 2 |
3 files changed, 15 insertions, 2 deletions
diff --git a/sshuttle/client.py b/sshuttle/client.py index a02334c..f405027 100644 --- a/sshuttle/client.py +++ b/sshuttle/client.py @@ -602,8 +602,13 @@ def main(listenip_v6, listenip_v4, except KeyError: raise Fatal("User %s does not exist." % user) - required.ipv6 = len(subnets_v6) > 0 or listenip_v6 is not None - required.ipv4 = len(subnets_v4) > 0 or listenip_v4 is not None + if fw.method.name != 'nat': + required.ipv6 = len(subnets_v6) > 0 or listenip_v6 is not None + required.ipv4 = len(subnets_v4) > 0 or listenip_v4 is not None + else: + required.ipv6 = None + required.ipv4 = None + required.udp = avail.udp required.dns = len(nslist) > 0 required.user = False if user is None else True diff --git a/sshuttle/methods/nat.py b/sshuttle/methods/nat.py index d198b4f..912555d 100644 --- a/sshuttle/methods/nat.py +++ b/sshuttle/methods/nat.py @@ -50,6 +50,12 @@ class Method(BaseMethod): _ipt('-I', 'OUTPUT', '1', *args) _ipt('-I', 'PREROUTING', '1', *args) + # Firstly we always skip all LOCAL addtrype address, i.e. avoid + # tunnelling the traffic designated to all local TCP/IP addresses. + _ipt('-A', chain, '-j', 'RETURN', + '-m', 'addrtype', + '--dst-type', 'LOCAL') + # create new subnet entries. for _, swidth, sexclude, snet, fport, lport \ in sorted(subnets, key=subnet_weight, reverse=True): diff --git a/tests/client/test_methods_nat.py b/tests/client/test_methods_nat.py index af64c11..94bbabf 100644 --- a/tests/client/test_methods_nat.py +++ b/tests/client/test_methods_nat.py @@ -140,6 +140,8 @@ def test_setup_firewall(mock_ipt_chain_exists, mock_ipt_ttl, mock_ipt): call(AF_INET, 'nat', '-I', 'OUTPUT', '1', '-j', 'sshuttle-1025'), call(AF_INET, 'nat', '-I', 'PREROUTING', '1', '-j', 'sshuttle-1025'), call(AF_INET, 'nat', '-A', 'sshuttle-1025', '-j', 'RETURN', + '-m', 'addrtype', '--dst-type', 'LOCAL'), + call(AF_INET, 'nat', '-A', 'sshuttle-1025', '-j', 'RETURN', '--dest', u'1.2.3.66/32', '-p', 'tcp', '--dport', '8080:8080') ] mock_ipt_chain_exists.reset_mock() |