Fix tests for existing PR-312 (sshuttle#337)

danjeffery · brianmay · commit 3e2ad68796fc · 2019-06-08T12:12:21.000+10:00
* use addrtype match to return the LOCAL trafik

* Add assertion for the new LOCAL firewall rule added in PR 312.

* Fix linter complaints
diff --git a/sshuttle/client.py b/sshuttle/client.py
@@ -602,8 +602,13 @@ def main(listenip_v6, listenip_v4,
         except KeyError:
             raise Fatal("User %s does not exist." % user)
 
-    required.ipv6 = len(subnets_v6) > 0 or listenip_v6 is not None
-    required.ipv4 = len(subnets_v4) > 0 or listenip_v4 is not None
+    if fw.method.name != 'nat':
+        required.ipv6 = len(subnets_v6) > 0 or listenip_v6 is not None
+        required.ipv4 = len(subnets_v4) > 0 or listenip_v4 is not None
+    else:
+        required.ipv6 = None
+        required.ipv4 = None
+
     required.udp = avail.udp
     required.dns = len(nslist) > 0
     required.user = False if user is None else True
diff --git a/sshuttle/methods/nat.py b/sshuttle/methods/nat.py
@@ -50,6 +50,12 @@ def _ipm(*args):
         _ipt('-I', 'OUTPUT', '1', *args)
         _ipt('-I', 'PREROUTING', '1', *args)
 
+        # Firstly we always skip all LOCAL addtrype address, i.e. avoid
+        # tunnelling the traffic designated to all local TCP/IP addresses.
+        _ipt('-A', chain, '-j', 'RETURN',
+             '-m', 'addrtype',
+             '--dst-type', 'LOCAL')
+
         # create new subnet entries.
         for _, swidth, sexclude, snet, fport, lport \
                 in sorted(subnets, key=subnet_weight, reverse=True):
diff --git a/tests/client/test_methods_nat.py b/tests/client/test_methods_nat.py
@@ -139,6 +139,8 @@ def test_setup_firewall(mock_ipt_chain_exists, mock_ipt_ttl, mock_ipt):
         call(AF_INET, 'nat', '-F', 'sshuttle-1025'),
         call(AF_INET, 'nat', '-I', 'OUTPUT', '1', '-j', 'sshuttle-1025'),
         call(AF_INET, 'nat', '-I', 'PREROUTING', '1', '-j', 'sshuttle-1025'),
+        call(AF_INET, 'nat', '-A', 'sshuttle-1025', '-j', 'RETURN',
+             '-m', 'addrtype', '--dst-type', 'LOCAL'),
         call(AF_INET, 'nat', '-A', 'sshuttle-1025', '-j', 'RETURN',
              '--dest', u'1.2.3.66/32', '-p', 'tcp', '--dport', '8080:8080')
     ]

Original file line number	Diff line number	Diff line change
`@@ -139,6 +139,8 @@ def test_setup_firewall(mock_ipt_chain_exists, mock_ipt_ttl, mock_ipt):`
`139`	`139`	`call(AF_INET, 'nat', '-F', 'sshuttle-1025'),`
`140`	`140`	`call(AF_INET, 'nat', '-I', 'OUTPUT', '1', '-j', 'sshuttle-1025'),`
`141`	`141`	`call(AF_INET, 'nat', '-I', 'PREROUTING', '1', '-j', 'sshuttle-1025'),`
	`142`	`+ call(AF_INET, 'nat', '-A', 'sshuttle-1025', '-j', 'RETURN',`
	`143`	`+ '-m', 'addrtype', '--dst-type', 'LOCAL'),`
`142`	`144`	`call(AF_INET, 'nat', '-A', 'sshuttle-1025', '-j', 'RETURN',`
`143`	`145`	`'--dest', u'1.2.3.66/32', '-p', 'tcp', '--dport', '8080:8080')`
`144`	`146`	`]`