Mobile: +32 498725202
I'm seeing this on 10.7.2 as well, but only when using sshuttle via
the GUI interface (CLI works fine)...although it doesn't seem to drop
connectivity completely, just DNS lookups start to fail and restarting
the machine has been the only way I've found to fix it. Everything
looks as expected in the network preferences and toggling the
connection and/or renewing my DHCP lease makes no difference.
It doesn't matter whether I send DNS requests though a server or not,
as soon as I disconnect using the GUI, DNS lookups will fail. It just
seems like something in the cleanup process fails. I haven't seen
anything too strange in the system.log, but will continue to
investigate to see if I can provide more details. I just wanted to
confirm that I am also seeing some weirdness on Lion.
Aaron Bull Schaefer
Hi, the diagnosis here is obviously correct - those firewall rules
should get cleared when sshuttle exits and they obviously aren't being
cleared - but I don't understand why. They absolutely do get cleared
for me (although I haven't tried on Lion in particular).
How are you killing the connection in the GUI? Can you try out the
latest github.com/apenwarr/master branch, as I just made some slight
changes to it yesterday?
Definitely want to get this fixed up.
Can you actually 'kill -9' the sshuttle sub-process and tell me what
happens? Specifically, the child process of the GUI process, not the
actual GUI process itself, or any of the sub-sub processes.
This is where, on Linux, I would run 'strace -p 37696' in another
window while I ran 'kill -9 37692'. We need to know why 37696 is
dying without clearing out the firewall rules, even though you're not
killing it explicitly. It must be dying due to some error, but I
don't know what error that is.
Do you know how to use dtrace? It's supposedly 'better' than strace,
but it's never done anything useful for me. Supposedly it should be
able to tell you things like what syscall was running when it died,
and that's what I need to know. Weird that it doesn't happen for me.
Sure, I understand that if you're building on Lion, you shouldn't
expect PPC support. But the build script in sshuttle already very
nearly auto-selects which platforms it needs to build for; it's just
doing it wrong, apparently. It should just need a tiny bit of
firewall.py | 7 ++++++-
1 files changed, 6 insertions(+), 1 deletions(-)
mode change 100644 => 100755 main.py
diff --git a/firewall.py b/firewall.py
index 4fd8c79..291b7fd 100644
@@ -1,4 +1,4 @@
-import re, errno, socket, select, struct
+import re, errno, socket, select, signal, struct
import compat.ssubprocess as ssubprocess
import helpers, ssyslog
from helpers import *
@@ -398,6 +398,11 @@ def main(port, dnsport, syslog):
+ # don't disappear if our controlling terminal or stdout/stderr
+ # disappears; we still have to clean up.
+ signal.signal(signal.SIGHUP, signal.SIG_IGN)
+ signal.signal(signal.SIGPIPE, signal.SIG_IGN)
# ctrl-c shouldn't be passed along to me. When the main sshuttle dies,
# I'll die automatically.
diff --git a/main.py b/main.py
old mode 100644
new mode 100755
Me neither. Piece of junk, I'm afraid. I eventually ended up having
to go with a hunch :)
I'll push it to github tomorrow.
I extracted out the parts of your patch that apply to redo, and
applied those. I have not applied the Lion patch until we can get one
that's less gross. :)