diff options
| author | Scott Kuhl <kuhl@mtu.edu> | 2021-05-27 16:21:42 -0400 |
|---|---|---|
| committer | Scott Kuhl <kuhl@mtu.edu> | 2021-05-27 21:48:43 -0400 |
| commit | a7df12cd68334ca5e5b89adf7fba2e2f3ca9f382 (patch) | |
| tree | a0544462e275920bcbd85997d020b9c4bdbb2b59 /sshuttle/client.py | |
| parent | bc54ffe398db54379f74ec0262f077e59ddde802 (diff) | |
Fix --tmark option
Even when --tmark was used, the iptables code always used '1' for the
mark. This patch corrects the problem.
Previously, it wasn't clear if the tmark should be supplied in
hexadecimal or as an integer. This makes it use hexadecimal, checks
that the input is hexadecimal, and updates the associated
documentation.
This patch also makes --ttl information get passed to the firewall in
a way that matches how other information gets passed. The ttl and
tmark information are passed next to each other in many places and
this patch also makes the order consistent.
Diffstat (limited to 'sshuttle/client.py')
| -rw-r--r-- | sshuttle/client.py | 11 |
1 files changed, 6 insertions, 5 deletions
diff --git a/sshuttle/client.py b/sshuttle/client.py index 647fb27..96b1a88 100644 --- a/sshuttle/client.py +++ b/sshuttle/client.py @@ -205,8 +205,7 @@ class FirewallClient: argvbase = ([sys.executable, sys.argv[0]] + ['-v'] * (helpers.verbose or 0) + ['--method', method_name] + - ['--firewall'] + - ['--ttl', str(ttl)]) + ['--firewall']) if ssyslog._p: argvbase += ['--syslog'] @@ -261,7 +260,7 @@ class FirewallClient: def setup(self, subnets_include, subnets_exclude, nslist, redirectport_v6, redirectport_v4, dnsport_v6, dnsport_v4, udp, - user, tmark, ttl): + user, ttl, tmark): self.subnets_include = subnets_include self.subnets_exclude = subnets_exclude self.nslist = nslist @@ -311,7 +310,9 @@ class FirewallClient: else: user = b'%d' % self.user - self.pfile.write(b'GO %d %s\n' % (udp, user)) + self.pfile.write(b'GO %d %s %d %s\n' % + (udp, user, self.ttl, + bytes(self.tmark, 'ascii'))) self.pfile.flush() line = self.pfile.readline() @@ -1003,7 +1004,7 @@ def main(listenip_v6, listenip_v4, # start the firewall fw.setup(subnets_include, subnets_exclude, nslist, redirectport_v6, redirectport_v4, dnsport_v6, dnsport_v4, - required.udp, user, tmark, ttl) + required.udp, user, ttl, tmark) # start the client process try: |