Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Only attempt to set TTL for IPv4, FreeBSD at least complains for v6. #660

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Only attempt to set TTL for IPv4, FreeBSD at least complains for v6. #660

wants to merge 1 commit into from

Conversation

DanielO
Copy link

@DanielO DanielO commented Jul 8, 2021

Without this any TCPv6 connection going to my FreeBSD machine causes sshuttle to crash:

[osx 11:12] ~ >sshuttle -r me@freebsd.server 10.0.2.0/24 1234:5678:9abc:1::/24 
c : Connected to server.
Traceback (most recent call last):
  File "<string>", line 1, in <module>
  File "assembler.py", line 45, in <module>
  File "sshuttle.server", line 397, in main
  File "sshuttle.ssnet", line 616, in runonce
  File "sshuttle.ssnet", line 504, in callback
  File "sshuttle.ssnet", line 492, in handle
  File "sshuttle.ssnet", line 407, in got_packet
  File "sshuttle.server", line 345, in new_channel
  File "sshuttle.ssnet", line 589, in connect_dst
OSError: [Errno 22] Invalid argument
c : fatal: ssh connection to server (pid 82423) exited with returncode 1
Connection failed

Where line 589 is "outsock.setsockopt(socket.SOL_IP, socket.IP_TTL, 63)".

skuhl added a commit to skuhl/sshuttle that referenced this pull request Jul 12, 2021
@skuhl
Remove ttl hack & require -r option.
bc065e3 
Previously, it was possible to run sshuttle locally without using ssh
and connecting to a remote server. In this configuration, traffic was
redirected to the sshuttle server running on the localhost. However,
the firewall needed to distinguish between traffic leaving the
sshuttle server and traffic that originated from the machine that
still needed to be routed through the sshuttle server. The TTL of the
packets leaving the sshuttle server were manipulated to indicate to
the firewall what should happen. The TTL was adjusted for all packets
leaving the sshuttle server (even if it wasn't necessary because the
server and client were running on different machines).

Changing the TTL caused trouble and some machines, and
the --ttl option was added as a workaround to change how the TTL was
set for traffic leaving sshuttle. All of this added complexity to the
code for a feature (running the server on localhost) that is likely
only used for testing and rarely used by others.

This commit updates the associated documentation, but doesn't fully
fix the ipfw method since I am unable to test that.

This change will also make sshuttle fail to work if -r is used to
specify a localhost. Pull request sshuttle#610 partially addresses that issue.

For example, see: sshuttle#240, sshuttle#490, sshuttle#660, sshuttle#606.
@skuhl skuhl mentioned this pull request Jul 12, 2021
Merged
@brianmay
Copy link
Member

I think this is redundant now #661 was merged.

Regardless, thanks for you contribution.

@brianmay brianmay closed this Jul 15, 2021
@DanielO
Copy link
Author

DanielO commented Jul 15, 2021

Thanks, I tested after you merged #661 and it works on FreeBSD (unsurprisingly!)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@DanielO @brianmay
Morty Proxy This is a proxified and sanitized view of the page, visit original site.