HEX
Server: LiteSpeed
System: Linux cpir1.prohostdns.com 4.18.0-553.123.2.lve.el8.x86_64 #1 SMP Thu May 7 23:17:13 UTC 2026 x86_64
User: pelakir (2976)
PHP: 8.2.31
Disabled: exec, shell_exec, system, passthru, proc_open, proc_close, proc_terminate, proc_get_status, popen, pclose, pcntl_exec
Upload Files
File: //proc/thread-self/root/lib/python3.6/site-packages/sshuttle/methods/__pycache__/pf.cpython-36.pyc
3

��^<C�@s�ddlZddlZddlZddlZddlZddlZddlZddlZddl	Z	ddl
mZddlm
Z
mZmZmZmZmZmZmZmZddlmZddlmZmZmZmZmZddlmZddgd�Z da!Gd	d
�d
e"�Z#Gdd�de#�Z$Gd
d�de#�Z%Gdd�de$�Z&Gdd�de$�Z'ejdk�r(e&�Z(n4ejj)d��r>e%�Z(nej*�j+d��rVe'�Z(ne$�Z(ddd�Z,dd�Z-dd�Z.Gdd�de�Z/dS)�N)�ioctl)	�c_char�c_uint8�c_uint16�c_uint32�Union�	Structure�sizeof�	addressof�memmove)�
subnet_weight)�debug1�debug2�debug3�Fatal�family_to_string)�
BaseMethodT)�started_by_sshuttle�loaded_by_sshuttle�Xtokenc@s�eZdZdZdZdZdZdZdZdZ	dZ
dZGdd�de�Z
d	d
�Zdd�Zed
d��Zdd�Zedd��Zedd��Zd"dd�Zd#dd�Zedd��Zedd��Zedd��Zed d!��ZdS)$�Generici��r�ic@s*eZdZGdd�de�ZdefgZdZdS)zGeneric.pf_addrc@s>eZdZdefdedfdedfdedfdedfgZd	S)
zGeneric.pf_addr._pfaZv4Zv6�Zaddr8�Zaddr16rZaddr32N)�__name__�
__module__�__qualname__rrr�_fields_�r r �/usr/lib/python3.6/pf.py�_pfa&s



r"�pfaN)r#)rrrrr"rZ_anonymous_r r r r!�pf_addr%s
r$cCs�d|_td|_dt|j�d@d>Btd�d>Bd	B|_d
t|j�d@d>Btd�d>Bd
B|_dt|j�d@d>Btd�d>BdB|_	dS)N�ipi@li�r�Dr���3lll)
�statusr�pfioc_pooladdrr	�
pfioc_natlook�ord�DIOCNATLOOK�
pfioc_rule�DIOCCHANGERULE�DIOCBEGINADDRS)�selfr r r!�__init__0s

((zGeneric.__init__cCs&d|jkr"td�tdd7<dS)NsINFO:
Status: Disabledz-er�)r*�pfctl�_pf_context)r2r r r!�enableAs
zGeneric.enablecCs4td|�tddkr td�tdd8<dS)Nz-a %s -F allrr4z-d)r5r6)�anchorr r r!�disableFszGeneric.disablec
Cs�dd�||||gD�\}}}}tj||�}tj||�}t|�t|�ksJt�t|�}	|j�}
||
_|j|
_||
_t	t
|
j�||	�t	t
|
j�||	�|j
|
||�tt�|jtt|
�jt
|
���tj|
jt|	jt
|
j��j�}tj|j|
j��}||fS)NcSsg|]}t|��qSr )�int)�.0�vr r r!�
<listcomp>Osz%Generic.query_nat.<locals>.<listcomp>)�socketZ	inet_pton�len�AssertionErrorr,�proto�PF_OUT�	direction�afrr
�saddr�daddr�_add_natlook_portsr�
pf_get_devr.rr	Zfrom_addressZ	inet_ntop�rdaddr�rawZntohs�_get_natlook_port�rdxport)
r2�familyrAZsrc_ip�src_portZdst_ip�dst_portZ
packed_src_ipZ
packed_dst_ipZlength�pnl�ip�portr r r!�	query_natMs$
zGeneric.query_natcCstj|�|_tj|�|_dS)N)r>�htons�sxport�dxport)rPrNrOr r r!rGgszGeneric._add_natlook_portscCs|S)Nr )�xportr r r!rKlszGeneric._get_natlook_portNcCsD|dkrtd�d}||_d|jd�|kr@|j|j|jd��dS)Nz-s allrz
anchor "%s"�ASCII)r5r*�encode�_add_anchor_rule�PF_PASS)r2r8r*r r r!�add_anchorsps
zGeneric.add_anchorscCs�|dkr|j�}tt|�|j|t|jt|���tt|�|jtj	d|�d�tt|�|j
tj	d|j�d�tt
�tj|�tt|�|j
tj	d|j�d�tt
�tj|�dS)N�Ir)r/rr
�ANCHOR_CALL_OFFSET�min�
MAXPATHLENr?�RULE_ACTION_OFFSET�struct�pack�
ACTION_OFFSET�PF_CHANGE_GET_TICKETrrH�pfr0�PF_CHANGE_ADD_TAIL)r2�kind�name�prr r r!rZwszGeneric._add_anchor_rulecCs|tjkrdSdS)Nsinetsinet6)r>�AF_INET)rMr r r!�
_inet_version�szGeneric._inet_versioncCs|tjkrdSdS)Ns	127.0.0.1s::1)r>rk)rMr r r!�_lo_addr�szGeneric._lo_addrcCs2t|t�st�td|jd��td||�dS)Nzrules:
rXz-a %s -f /dev/stdin)�
isinstance�bytesr@r�decoder5)r8�rulesr r r!�	add_rules�szGeneric.add_rulescCsdtd�dkS)Nsskipz-s Interfaces -i lo -vr)r5r r r r!�has_skip_loopback�szGeneric.has_skip_loopback)N)N)rrrr`rgrer[�PF_RDRrBrd�POOL_TICKET_OFFSETr^rr$r3r7�staticmethodr9rSrGrKr\rZrlrmrrrsr r r r!rs,

rcsZeZdZdZdd�Z�fdd�Z�fdd�Z�fdd	�Zd�fdd�	Z�fd
d�Z	�Z
S)�FreeBsdi�cCs.Gdd�dt�}tj|�}td|_||_|S)Nc
@s^eZdZejZdefdefdefdefdefdefdefdefd	efd
efdefdefgZd
S)z&FreeBsd.__new__.<locals>.pfioc_natlookrErF�rsaddrrIrUrV�rsxportrLrDrA�
proto_variantrCN)rrrrr$rrrr r r r!r,�sr,i�)rr�__new__rr/r,)�clsr,Zfreebsdr r r!r{�s


zFreeBsd.__new__cs0tjddg�}tt|�j�|dkr,dtd<dS)NZkldloadrfrTr)�ssubprocess�call�superrwr7r6)r2�
returncode)�	__class__r r!r7�szFreeBsd.enablecs6tt|�j|�tdr2tddkr2tjddg�dS)NrrrZ	kldunloadrf)rrwr9r6r}r~)r2r8)r�r r!r9�szFreeBsd.disablecsJtd�d}d|jd�|kr2|j|j|jd��tt|�j||d�dS)Nz-s allrz
rdr-anchor "%s"rX)r*)r5rYrZrtrrwr\)r2r8r*)r�r r!r\�szFreeBsd.add_anchorsNcs\|p
|j�}|j�}tt�|j|�tt|�|j|dd�d�tt	|�j
|||d�dS)Nrr)rj)r/r+rrHr1rr
rurrwrZ)r2rhrirjZppa)r�r r!rZ�s
zFreeBsd._add_anchor_rulecs�|j|��|j|��g}���fdd�|D�}�fdd�|D�}	|r�|jddjdd�|D���|jd��|f�|	jd��d	j|||	�d	}
tt|�j||
�dS)
Ncs&g|]\}}|sd��|��f�qS)s:rdr pass on lo0 %s proto tcp from ! %s to %s -> %s port %rr )r;�exclude�subnet)�inet_version�lo_addrrRr r!r=�sz%FreeBsd.add_rules.<locals>.<listcomp>cs,g|]$\}}|sd�|fn
d�|f�qS)s3pass out route-to lo0 %s proto tcp to %s keep statespass out %s proto tcp to %sr )r;r�r�)r�r r!r=�sstable <dns_servers> {%s}�,cSsg|]}|djd��qS)r4rX)rY)r;�nsr r r!r=�ssCrdr pass on lo0 %s proto udp to <dns_servers> port 53 -> %s port %rsFpass out route-to lo0 %s proto udp to <dns_servers> port 53 keep state�
)rlrm�append�joinrrwrr)r2r8�includesrR�dnsport�nslistrM�tables�translating_rules�filtering_rulesrq)r�)r�r�rRr!rr�s(


zFreeBsd.add_rules)N)rrrrar{r7r9r\rZrr�
__classcell__r r )r�r!rw�s	rwcs@eZdZdZdZdZ�fdd�Z�fdd�Z�fdd	�Z�Z	S)
�OpenBsdri�ics2Gdd�dt�}td|_||_tt|�j�dS)Nc@sjeZdZejZdefdefdefdefdefdefdefdefd	efd
efdefdefd
efdefgZdS)z'OpenBsd.__init__.<locals>.pfioc_natlookrErFrxrIZrdomainZrrdomainrUrVryrLrDrArzrCN)rrrrr$rrrr r r r!r,�sr,i`
)rrr/r,rr�r3)r2r,)r�r r!r3�s
zOpenBsd.__init__cs&|j�rtdd�tt|�j|�dS)Nz
-f /dev/stdinsmatch on lo
)rsr5rr�r\)r2r8)r�r r!r\s
zOpenBsd.add_anchorscs�|j|��|j|��g}���fdd�|D�}�fdd�|D�}	|r�|jddjdd�|D���|jd��|f�|	jd��d	j|||	�d	}
tt|�j||
�dS)
Ncs$g|]\}}|sd�|��f�qS)s6pass in on lo0 %s proto tcp to %s divert-to %s port %rr )r;r�r�)r�r�rRr r!r=sz%OpenBsd.add_rules.<locals>.<listcomp>cs,g|]$\}}|sd�|fn
d�|f�qS)s3pass out %s proto tcp to %s route-to lo0 keep statespass out %s proto tcp to %sr )r;r�r�)r�r r!r=#sstable <dns_servers> {%s}r�cSsg|]}|djd��qS)r4rX)rY)r;r�r r r!r=-ssFpass in on lo0 %s proto udp to <dns_servers> port 53 rdr-to %s port %rsFpass out %s proto udp to <dns_servers> port 53 route-to lo0 keep stater�)rlrmr�r�rr�rr)r2r8r�rRr�r�rMr�r�r�rq)r�)r�r�rRr!rrs(


zOpenBsd.add_rules)
rrrrurar^r3r\rrr�r r )r�r!r��sr�csLeZdZdZ�fdd�Zdd�Zdd�Z�fdd	�Zd
d�Zdd
�Z	�Z
S)�Darwini�csFGdd�dt��G�fdd�dt�}td|_||_tt|�j�dS)Nc@s"eZdZdefdefdefgZdS)z'Darwin.__init__.<locals>.pf_state_xportrRZcall_idZspiN)rrrrrrr r r r!�pf_state_xport?sr�c
s^eZdZejZdefdefdefdefd�fd�fd�fd�fd	efd
efdefdefgZd
S)z&Darwin.__init__.<locals>.pfioc_natlookrErFrxrIrUrVryrLrDrArzrCN)rrrrr$rrr )r�r r!r,Dsr,i )rrrr/r,rr�r3)r2r,)r�)r�r!r3>s

zDarwin.__init__cCs,td�}tdjtjd|d�jd��dS)Nz-ErsToken : (.+)r4)r5r6r��re�search�group)r2�or r r!r7Wsz
Darwin.enablecCs2td|�tdr.tdtdj�jd��dS)Nz-a %s -F allrz-X %srX)r5r6�poprp)r2r8r r r!r9[szDarwin.disablecs&|j�rtdd�tt|�j|�dS)Nz
-f /dev/stdinspass on lo
)rsr5rr�r\)r2r8)r�r r!r\`s
zDarwin.add_anchorscCs tj|�|j_tj|�|j_dS)N)r>rTrUrRrV)r2rPrNrOr r r!rGhszDarwin._add_natlook_portscCs|jS)N)rR)r2rWr r r!rKlszDarwin._get_natlook_port)rrrrar3r7r9r\rGrKr�r r )r�r!r�;sr�cs eZdZdZ�fdd�Z�ZS)�PfSensei�cstd|_tt|�j�dS)Ni()rr/rr�r3)r2)r�r r!r3ss
zPfSense.__init__)rrrrar3r�r r )r�r!r�psr��darwinZopenbsdZpfSensecCsrdgtj|�}tddj|��tjddd�}tj|tjtjtj|d�}|j	|�}|j
rntd||j
f��|S)	Nr5z>> %s
� �PATH�C)r��LC_ALL)�stdin�stdout�stderr�envz%r returned %d)�shlex�splitr
r��os�environr}�Popen�PIPEZcommunicater�r)�argsr��argvr��pr�r r r!r5�s

r5cCstdkrtjdtj�atS)Nz/dev/pf)�_pf_fdr��open�O_RDWRr r r r!rH�srHcCsd|tjkrdnd|fS)Nz
sshuttle%s-%d��6)r>rk)rMrRr r r!�
pf_get_anchor�sr�cs<eZdZ�fdd�Zdd�Zdd�Zdd�Zd	d
�Z�ZS)�Methodcstt|�j�}d|_|S)NT)rr��get_supported_featuresZipv6)r2�result)r�r r!r��szMethod.get_supported_featurescCs
|jj}y|j�}WnBtjk
rVtj�dd�\}}|jdtj	krR|j
�SYnX|j
�}|jtj|dj
d�|d|dj
d�|df}d|}|j|�|j�|j�}	t|jd�d|	jd��|	jd��r|	dd�jd	�\}
}|
jd�t|�fS|j
�S)
NrrrXr4sQUERY_PF_NAT %d,%d,%s,%d,%s,%d
z > sQUERY_PF_NAT_SUCCESS �r�)Zfirewall�pfileZgetpeernamer>�error�sys�exc_infor��errnoZEINVALZgetsocknamerMZIPPROTO_TCPrY�write�flush�readlinerrp�
startswithr�r:)r2Zsockr�Zpeer�_�e�proxyr�Zout_lineZin_linerQrRr r r!�
get_tcp_dstip�s(
zMethod.get_tcp_dstipc	Cs�|tjtjgkr tdt|���|r,td��|r�g}xNt|td�D]>\}	}
}}}
}|j|d|jd�|
|
rtd|
|fndff�qBWt	||�}t
j|�t
j||||||�t
j
�dS)Nz1Address family "%s" unsupported by pf method_namez#UDP not supported by pf method_name)�keys%s/%d%srXs port %d:%dr%)r>rk�AF_INET6�	Exceptionr�sortedrr�rYr�rfr\rrr7)r2rRr�r�rMZsubnets�udp�userr�r�ZswidthZsexcludeZsnetZfportZlportr8r r r!�setup_firewall�s$ 

zMethod.setup_firewallcCs@|tjtjgkr tdt|���|r,td��tjt||��dS)Nz1Address family "%s" unsupported by pf method_namez#UDP not supported by pf method_name)r>rkr�r�rrfr9r�)r2rRrMr�r�r r r!�restore_firewall�szMethod.restore_firewallcCs�|jd�rxy,tj|dd�jd��}tjjd|�Wn2tk
rh}ztjjd|�WYdd}~XnXtjj�dSdSdS)Nz
QUERY_PF_NAT �
�,zQUERY_PF_NAT_SUCCESS %s,%r
zQUERY_PF_NAT_FAILURE %s
TF)	r�rfrSr�r�r�r��IOErrorr�)r2�line�dstr�r r r!�firewall_command�s
"
zMethod.firewall_command)	rrrr�r�r�r�r�r�r r )r�r!r��s

r�)N)0r�r��platformr�r>r�rb�
subprocessr}r�ZfcntlrZctypesrrrrrrr	r
rZsshuttle.firewallrZsshuttle.helpersr
rrrrZsshuttle.methodsrr6r��objectrrwr�r�r�rfr��version�endswithr5rHr�r�r r r r!�<module>sD,XF5