summaryrefslogtreecommitdiffstats
path: root/sshuttle/client.py
diff options
context:
space:
mode:
authorScott Kuhl <kuhl@mtu.edu>2021-05-27 16:21:42 -0400
committerScott Kuhl <kuhl@mtu.edu>2021-05-27 21:48:43 -0400
commita7df12cd68334ca5e5b89adf7fba2e2f3ca9f382 (patch)
treea0544462e275920bcbd85997d020b9c4bdbb2b59 /sshuttle/client.py
parentbc54ffe398db54379f74ec0262f077e59ddde802 (diff)
Fix --tmark option
Even when --tmark was used, the iptables code always used '1' for the mark. This patch corrects the problem. Previously, it wasn't clear if the tmark should be supplied in hexadecimal or as an integer. This makes it use hexadecimal, checks that the input is hexadecimal, and updates the associated documentation. This patch also makes --ttl information get passed to the firewall in a way that matches how other information gets passed. The ttl and tmark information are passed next to each other in many places and this patch also makes the order consistent.
Diffstat (limited to 'sshuttle/client.py')
-rw-r--r--sshuttle/client.py11
1 files changed, 6 insertions, 5 deletions
diff --git a/sshuttle/client.py b/sshuttle/client.py
index 647fb27..96b1a88 100644
--- a/sshuttle/client.py
+++ b/sshuttle/client.py
@@ -205,8 +205,7 @@ class FirewallClient:
argvbase = ([sys.executable, sys.argv[0]] +
['-v'] * (helpers.verbose or 0) +
['--method', method_name] +
- ['--firewall'] +
- ['--ttl', str(ttl)])
+ ['--firewall'])
if ssyslog._p:
argvbase += ['--syslog']
@@ -261,7 +260,7 @@ class FirewallClient:
def setup(self, subnets_include, subnets_exclude, nslist,
redirectport_v6, redirectport_v4, dnsport_v6, dnsport_v4, udp,
- user, tmark, ttl):
+ user, ttl, tmark):
self.subnets_include = subnets_include
self.subnets_exclude = subnets_exclude
self.nslist = nslist
@@ -311,7 +310,9 @@ class FirewallClient:
else:
user = b'%d' % self.user
- self.pfile.write(b'GO %d %s\n' % (udp, user))
+ self.pfile.write(b'GO %d %s %d %s\n' %
+ (udp, user, self.ttl,
+ bytes(self.tmark, 'ascii')))
self.pfile.flush()
line = self.pfile.readline()
@@ -1003,7 +1004,7 @@ def main(listenip_v6, listenip_v4,
# start the firewall
fw.setup(subnets_include, subnets_exclude, nslist,
redirectport_v6, redirectport_v4, dnsport_v6, dnsport_v4,
- required.udp, user, tmark, ttl)
+ required.udp, user, ttl, tmark)
# start the client process
try: