Check if client and server are running on same machine. #610
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This patch checks to see if the client and the server are running on the same machine. The client creates a temporary file that the server then looks for. If the server finds the file, it knows it is on the same machine as the client and it deletes the file. Next, if the client detects that the file has been deleted by the server, it assumes that it is running on the same machine as the server. This check is necessary since a user may specify a remote host with "-r" that actually points back to the same machine the client is on. This commit uses tempfile.mkstemp() which was added in Python 2.3. Functionally, this commit does nothing except add a debug message about if the client and server are on the same machine. It also sets a variable which contains this information for potential future use. Potential future uses include... 1) If the TTL hack is removed, this can be used to print a error message since running the client and server on the same machine would no longer be supported. 2) If the TTL hack is continued, we could disable the hack when the client and the server are on different machines.
skuhl
added a commit
to skuhl/sshuttle
that referenced
this pull request
Jul 12, 2021
Previously, it was possible to run sshuttle locally without using ssh and connecting to a remote server. In this configuration, traffic was redirected to the sshuttle server running on the localhost. However, the firewall needed to distinguish between traffic leaving the sshuttle server and traffic that originated from the machine that still needed to be routed through the sshuttle server. The TTL of the packets leaving the sshuttle server were manipulated to indicate to the firewall what should happen. The TTL was adjusted for all packets leaving the sshuttle server (even if it wasn't necessary because the server and client were running on different machines). Changing the TTL caused trouble and some machines, and the --ttl option was added as a workaround to change how the TTL was set for traffic leaving sshuttle. All of this added complexity to the code for a feature (running the server on localhost) that is likely only used for testing and rarely used by others. This commit updates the associated documentation, but doesn't fully fix the ipfw method since I am unable to test that. This change will also make sshuttle fail to work if -r is used to specify a localhost. Pull request sshuttle#610 partially addresses that issue. For example, see: sshuttle#240, sshuttle#490, sshuttle#660, sshuttle#606.
Since sshuttle's TTL code was removed in a recent commit, this code will cause sshuttle to exit when the host specified with -r is actually the localhost.
|
Now that #661 is merged in, this can be merged in too (assuming we want a check like this). |
646c6cf to
fd6b6bb
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This patch checks to see if the client and the server are running on
the same machine. The client creates a temporary file that the server
then looks for. If the server finds the file, it knows it is on the
same machine as the client and it deletes the file. Next, if the
client detects that the file has been deleted by the server, it
assumes that it is running on the same machine as the server.
This check is necessary since a user may specify a remote host with
"-r" that actually points back to the same machine the client is on.
This commit uses tempfile.mkstemp() which was added in Python 2.3.
Functionally, this commit does nothing except add a debug message
about if the client and server are on the same machine. It also sets a
variable which contains this information for potential future use.
Potential future uses include...
If the TTL hack is removed, this can be used to print a error
message since running the client and server on the same machine would
no longer be supported.
If the TTL hack is continued, we could disable the hack when the
client and the server are on different machines.