Add tproxy udp port mark filter that was missed in sshuttle#144, fixes sshuttle#367.

normanr · brianmay · commit 502b36e9902b · 2019-10-13T11:45:04.000+11:00
diff --git a/sshuttle/methods/tproxy.py b/sshuttle/methods/tproxy.py
@@ -244,7 +244,8 @@ def _ipt_proto_ports(proto, fport, lport):
                 else:
                     _ipt('-A', mark_chain, '-j', 'MARK', '--set-mark', '1',
                          '--dest', '%s/%s' % (snet, swidth),
-                         '-m', 'udp', '-p', 'udp')
+                         '-m', 'udp',
+                         *udp_ports)
                     _ipt('-A', tproxy_chain, '-j', 'TPROXY',
                          '--tproxy-mark', '0x1/0x1',
                          '--dest', '%s/%s' % (snet, swidth),
diff --git a/tests/client/test_methods_tproxy.py b/tests/client/test_methods_tproxy.py
@@ -168,7 +168,7 @@ def test_setup_firewall(mock_ipt_chain_exists, mock_ipt_ttl, mock_ipt):
              '--on-port', '1024'),
         call(AF_INET6, 'mangle', '-A', 'sshuttle-m-1024', '-j', 'MARK',
              '--set-mark', '1', '--dest', u'2404:6800:4004:80c::/64',
-             '-m', 'udp', '-p', 'udp'),
+             '-m', 'udp', '-p', 'udp', '--dport', '8000:9000'),
         call(AF_INET6, 'mangle', '-A', 'sshuttle-t-1024', '-j', 'TPROXY',
              '--tproxy-mark', '0x1/0x1', '--dest', u'2404:6800:4004:80c::/64',
              '-m', 'udp', '-p', 'udp', '--dport', '8000:9000',
