brianmay
commented
2 years ago Thanks for this. Any change you could please submit as a pull request?
For example, see instructions here: https://opensource.com/article/19/7/create-pull-request-github
Open JohnHay opened 2 years ago
brianmay
commented
2 years ago Thanks for this. Any change you could please submit as a pull request?
For example, see instructions here: https://opensource.com/article/19/7/create-pull-request-github
JohnHay
commented
2 years ago I did. I also removed the ttl 63 hack.
I have only tested it with tcp / https. No udp or dns testing.
JohnHay
commented
2 years ago Thanks for merging it Brian.
If I may ask, when will the next release / tag be? I would like to get the FreeBSD sshuttle package updated with this in, but need a tag that can be specified.
rsyncnet
commented
2 years ago Hmm ...
A long time ago - 2017 - we (rsync.net) paid somebody to rework/fix the ipfw support in sshuttle. We also paid them to enable the UDP support in FreeBSD.
I don't remember the details but I think he did end up contributing code to the main project here but he also had a kernel patch for FreeBSD that made the --udp mode work properly.
It kind of fell apart after that and I don't know if any of this work actually got imported properly into either sshuttle or FreeBSD.
JohnHay: Do you see any evidence of work from 2017 coming from Ermal Luçi ? Was there code in sshuttle related to ipfw-on-freebsd that came from that author / time period ? Is there any code in FreeBSD codebase related to the UDP functionality of sshuttle ?
I am asking because we (rsync.net) would be very interested to pay for additional integration of ipfw, UDP support, and general operability with FreeBSD. Let me know what you think and if you have time for this, etc. - I will check this issue thread ...
Thanks.
JohnHay
commented
2 years ago His code to re-intoduce the ipfw method was pulled into sshuttle in Jan 2017. https://github.com/sshuttle/sshuttle/commit/5e90491344983230f63455538b7ec6938cbf36ea#diff-1149657a175980a4d6117864a07ed447469f813819180fa7da1ac23a71db6bd5
And his FreeBSD code to add IP_ORIGDSTADDR and IPV6_ORIGDSTADDR was added in March 2017. https://reviews.freebsd.org/rS314722
It does not look like sshuttle/ipfw was updated after the FreeBSD commit though. There is some udp code there, but the udp and ipv6 capabilities for the ipfw method are turned off and IP*_ORIGDSTADDR are not mentioned there.
On Sat, 1 Jan 2022 at 08:56, rsyncnet @.***> wrote:
Hmm ...
A long time ago - 2017 - we (rsync.net) paid somebody to rework/fix the ipfw support in sshuttle. We also paid them to enable the UDP support.
I don't remember the details but I think he did end up contributing code to the main project here but he also had a kernel patch for FreeBSD that made the --udp mode work properly.
It kind of fell apart after that and I don't know if any of this work actually got imported properly into either sshuttle or FreeBSD.
JohnHay: Do you see any evidence of work from 2017 coming from Ermal Luçi ? Was there code in sshuttle related to ipfw-on-freebsd that came from that author / time period ? Is there any code in FreeBSD codebase related to the UDP functionality of sshuttle ?
I am asking because we (rsync.net) would be very interested to pay for additional integration of ipfw, UDP support, and general operability with FreeBSD. Let me know what you think and if you have time for this, etc. - I will check this issue thread ...
Thanks.
— Reply to this email directly, view it on GitHub https://github.com/sshuttle/sshuttle/issues/704#issuecomment-1003515835, or unsubscribe https://github.com/notifications/unsubscribe-auth/ACMTV2FHNSJLY2QUJDJO5KDUT2QQLANCNFSM5KKNO2EA . Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
You are receiving this because you authored the thread.Message ID: @.***>
rsyncnet
commented
2 years ago @JohnHay Thank you.
We'd like to support a full and on-going integration of ipfw (and FreeBSD support, generally) into sshuttle as well as whatever support is needed on the FreeBSD side for UDP, ipv6, etc.
Would you please email info@rsync.net and let me know - one way or another - if you have the time and inclination to do this ?
Thanks again and Happy New Year to you!
The ipfw method is broken. The patch makes it work on FreeBSD 13 and I guess most if not all other versions. There are 4 pieces in the patch:
1 - Change the check-state to only "ipfw -q add 1 check-state". The extra "ip from any to any" causes an error. I'm not sure if it was ever allowed.
2 - Add fport and lport (unused) to the for that parse subnets. Otherwise python is unhappy with "ValueError: too many values to unpack (expected 4)"
3 - Indent the else to the same depth as the if.
4 - Changetext from tproxy to ipfw.
With this it worked for what I needed.
sshuttle.diff.txt