HEX
Server: LiteSpeed
System: Linux cpir1.prohostdns.com 4.18.0-553.123.2.lve.el8.x86_64 #1 SMP Thu May 7 23:17:13 UTC 2026 x86_64
User: pelakir (2976)
PHP: 8.2.31
Disabled: exec, shell_exec, system, passthru, proc_open, proc_close, proc_terminate, proc_get_status, popen, pclose, pcntl_exec
Upload Files
File: //usr/lib/python3.6/site-packages/sshuttle/methods/__pycache__/pf.cpython-36.opt-1.pyc
3

��^<C�@s�ddlZddlZddlZddlZddlZddlZddlZddlZddl	Z	ddl
mZddlm
Z
mZmZmZmZmZmZmZmZddlmZddlmZmZmZmZmZddlmZddgd�Z da!Gd	d
�d
e"�Z#Gdd�de#�Z$Gd
d�de#�Z%Gdd�de$�Z&Gdd�de$�Z'ejdk�r(e&�Z(n4ejj)d��r>e%�Z(nej*�j+d��rVe'�Z(ne$�Z(ddd�Z,dd�Z-dd�Z.Gdd�de�Z/dS)�N)�ioctl)	�c_char�c_uint8�c_uint16�c_uint32�Union�	Structure�sizeof�	addressof�memmove)�
subnet_weight)�debug1�debug2�debug3�Fatal�family_to_string)�
BaseMethodT)�started_by_sshuttle�loaded_by_sshuttle�Xtokenc@s�eZdZdZdZdZdZdZdZdZ	dZ
dZGdd�de�Z
d	d
�Zdd�Zed
d��Zdd�Zedd��Zedd��Zd"dd�Zd#dd�Zedd��Zedd��Zedd��Zed d!��ZdS)$�Generici��r�ic@s*eZdZGdd�de�ZdefgZdZdS)zGeneric.pf_addrc@s>eZdZdefdedfdedfdedfdedfgZd	S)
zGeneric.pf_addr._pfaZv4Zv6�Zaddr8�Zaddr16rZaddr32N)�__name__�
__module__�__qualname__rrr�_fields_�r r �/usr/lib/python3.6/pf.py�_pfa&s



r"�pfaN)r#)rrrrr"rZ_anonymous_r r r r!�pf_addr%s
r$cCs�d|_td|_dt|j�d@d>Btd�d>Bd	B|_d
t|j�d@d>Btd�d>Bd
B|_dt|j�d@d>Btd�d>BdB|_	dS)N�ipi@li�r�Dr���3lll)
�statusr�pfioc_pooladdrr	�
pfioc_natlook�ord�DIOCNATLOOK�
pfioc_rule�DIOCCHANGERULE�DIOCBEGINADDRS)�selfr r r!�__init__0s

((zGeneric.__init__cCs&d|jkr"td�tdd7<dS)NsINFO:
Status: Disabledz-er�)r*�pfctl�_pf_context)r2r r r!�enableAs
zGeneric.enablecCs4td|�tddkr td�tdd8<dS)Nz-a %s -F allrr4z-d)r5r6)�anchorr r r!�disableFszGeneric.disablec
Cs�dd�||||gD�\}}}}tj||�}tj||�}t|�}	|j�}
||
_|j|
_||
_tt	|
j
�||	�tt	|
j�||	�|j|
||�t
t�|jtt|
�jt	|
���tj|
jt|	jt	|
j��j�}tj|j|
j��}||fS)NcSsg|]}t|��qSr )�int)�.0�vr r r!�
<listcomp>Osz%Generic.query_nat.<locals>.<listcomp>)�socketZ	inet_pton�lenr,�proto�PF_OUT�	direction�afrr
�saddr�daddr�_add_natlook_portsr�
pf_get_devr.rr	Zfrom_addressZ	inet_ntop�rdaddr�rawZntohs�_get_natlook_port�rdxport)
r2�familyr@Zsrc_ip�src_portZdst_ip�dst_portZ
packed_src_ipZ
packed_dst_ipZlength�pnl�ip�portr r r!�	query_natMs"
zGeneric.query_natcCstj|�|_tj|�|_dS)N)r>�htons�sxport�dxport)rOrMrNr r r!rFgszGeneric._add_natlook_portscCs|S)Nr )�xportr r r!rJlszGeneric._get_natlook_portNcCsD|dkrtd�d}||_d|jd�|kr@|j|j|jd��dS)Nz-s allrz
anchor "%s"�ASCII)r5r*�encode�_add_anchor_rule�PF_PASS)r2r8r*r r r!�add_anchorsps
zGeneric.add_anchorscCs�|dkr|j�}tt|�|j|t|jt|���tt|�|jtj	d|�d�tt|�|j
tj	d|j�d�tt
�tj|�tt|�|j
tj	d|j�d�tt
�tj|�dS)N�Ir)r/rr
�ANCHOR_CALL_OFFSET�min�
MAXPATHLENr?�RULE_ACTION_OFFSET�struct�pack�
ACTION_OFFSET�PF_CHANGE_GET_TICKETrrG�pfr0�PF_CHANGE_ADD_TAIL)r2�kind�name�prr r r!rYwszGeneric._add_anchor_rulecCs|tjkrdSdS)Nsinetsinet6)r>�AF_INET)rLr r r!�
_inet_version�szGeneric._inet_versioncCs|tjkrdSdS)Ns	127.0.0.1s::1)r>rj)rLr r r!�_lo_addr�szGeneric._lo_addrcCs$td|jd��td||�dS)Nzrules:
rWz-a %s -f /dev/stdin)r�decoder5)r8�rulesr r r!�	add_rules�szGeneric.add_rulescCsdtd�dkS)Nsskipz-s Interfaces -i lo -vr)r5r r r r!�has_skip_loopback�szGeneric.has_skip_loopback)N)N)rrrr_rfrdrZ�PF_RDRrArc�POOL_TICKET_OFFSETr]rr$r3r7�staticmethodr9rRrFrJr[rYrkrlrorpr r r r!rs,

rcsZeZdZdZdd�Z�fdd�Z�fdd�Z�fdd	�Zd�fdd�	Z�fd
d�Z	�Z
S)�FreeBsdi�cCs.Gdd�dt�}tj|�}td|_||_|S)Nc
@s^eZdZejZdefdefdefdefdefdefdefdefd	efd
efdefdefgZd
S)z&FreeBsd.__new__.<locals>.pfioc_natlookrDrE�rsaddrrHrTrU�rsxportrKrCr@�
proto_variantrBN)rrrrr$rrrr r r r!r,�sr,i�)rr�__new__rr/r,)�clsr,Zfreebsdr r r!rx�s


zFreeBsd.__new__cs0tjddg�}tt|�j�|dkr,dtd<dS)NZkldloadrerTr)�ssubprocess�call�superrtr7r6)r2�
returncode)�	__class__r r!r7�szFreeBsd.enablecs6tt|�j|�tdr2tddkr2tjddg�dS)NrrrZ	kldunloadre)r|rtr9r6rzr{)r2r8)r~r r!r9�szFreeBsd.disablecsJtd�d}d|jd�|kr2|j|j|jd��tt|�j||d�dS)Nz-s allrz
rdr-anchor "%s"rW)r*)r5rXrYrqr|rtr[)r2r8r*)r~r r!r[�szFreeBsd.add_anchorsNcs\|p
|j�}|j�}tt�|j|�tt|�|j|dd�d�tt	|�j
|||d�dS)Nrr)ri)r/r+rrGr1rr
rrr|rtrY)r2rgrhriZppa)r~r r!rY�s
zFreeBsd._add_anchor_rulecs�|j|��|j|��g}���fdd�|D�}�fdd�|D�}	|r�|jddjdd�|D���|jd��|f�|	jd��d	j|||	�d	}
tt|�j||
�dS)
Ncs&g|]\}}|sd��|��f�qS)s:rdr pass on lo0 %s proto tcp from ! %s to %s -> %s port %rr )r;�exclude�subnet)�inet_version�lo_addrrQr r!r=�sz%FreeBsd.add_rules.<locals>.<listcomp>cs,g|]$\}}|sd�|fn
d�|f�qS)s3pass out route-to lo0 %s proto tcp to %s keep statespass out %s proto tcp to %sr )r;rr�)r�r r!r=�sstable <dns_servers> {%s}�,cSsg|]}|djd��qS)r4rW)rX)r;�nsr r r!r=�ssCrdr pass on lo0 %s proto udp to <dns_servers> port 53 -> %s port %rsFpass out route-to lo0 %s proto udp to <dns_servers> port 53 keep state�
)rkrl�append�joinr|rtro)r2r8�includesrQ�dnsport�nslistrL�tables�translating_rules�filtering_rulesrn)r~)r�r�rQr!ro�s(


zFreeBsd.add_rules)N)rrrr`rxr7r9r[rYro�
__classcell__r r )r~r!rt�s	rtcs@eZdZdZdZdZ�fdd�Z�fdd�Z�fdd	�Z�Z	S)
�OpenBsdri�ics2Gdd�dt�}td|_||_tt|�j�dS)Nc@sjeZdZejZdefdefdefdefdefdefdefdefd	efd
efdefdefd
efdefgZdS)z'OpenBsd.__init__.<locals>.pfioc_natlookrDrErurHZrdomainZrrdomainrTrUrvrKrCr@rwrBN)rrrrr$rrrr r r r!r,�sr,i`
)rrr/r,r|r�r3)r2r,)r~r r!r3�s
zOpenBsd.__init__cs&|j�rtdd�tt|�j|�dS)Nz
-f /dev/stdinsmatch on lo
)rpr5r|r�r[)r2r8)r~r r!r[s
zOpenBsd.add_anchorscs�|j|��|j|��g}���fdd�|D�}�fdd�|D�}	|r�|jddjdd�|D���|jd��|f�|	jd��d	j|||	�d	}
tt|�j||
�dS)
Ncs$g|]\}}|sd�|��f�qS)s6pass in on lo0 %s proto tcp to %s divert-to %s port %rr )r;rr�)r�r�rQr r!r=sz%OpenBsd.add_rules.<locals>.<listcomp>cs,g|]$\}}|sd�|fn
d�|f�qS)s3pass out %s proto tcp to %s route-to lo0 keep statespass out %s proto tcp to %sr )r;rr�)r�r r!r=#sstable <dns_servers> {%s}r�cSsg|]}|djd��qS)r4rW)rX)r;r�r r r!r=-ssFpass in on lo0 %s proto udp to <dns_servers> port 53 rdr-to %s port %rsFpass out %s proto udp to <dns_servers> port 53 route-to lo0 keep stater�)rkrlr�r�r|r�ro)r2r8r�rQr�r�rLr�r�r�rn)r~)r�r�rQr!ros(


zOpenBsd.add_rules)
rrrrrr`r]r3r[ror�r r )r~r!r��sr�csLeZdZdZ�fdd�Zdd�Zdd�Z�fdd	�Zd
d�Zdd
�Z	�Z
S)�Darwini�csFGdd�dt��G�fdd�dt�}td|_||_tt|�j�dS)Nc@s"eZdZdefdefdefgZdS)z'Darwin.__init__.<locals>.pf_state_xportrQZcall_idZspiN)rrrrrrr r r r!�pf_state_xport?sr�c
s^eZdZejZdefdefdefdefd�fd�fd�fd�fd	efd
efdefdefgZd
S)z&Darwin.__init__.<locals>.pfioc_natlookrDrErurHrTrUrvrKrCr@rwrBN)rrrrr$rrr )r�r r!r,Dsr,i )rrrr/r,r|r�r3)r2r,)r~)r�r!r3>s

zDarwin.__init__cCs,td�}tdjtjd|d�jd��dS)Nz-ErsToken : (.+)r4)r5r6r��re�search�group)r2�or r r!r7Wsz
Darwin.enablecCs2td|�tdr.tdtdj�jd��dS)Nz-a %s -F allrz-X %srW)r5r6�poprm)r2r8r r r!r9[szDarwin.disablecs&|j�rtdd�tt|�j|�dS)Nz
-f /dev/stdinspass on lo
)rpr5r|r�r[)r2r8)r~r r!r[`s
zDarwin.add_anchorscCs tj|�|j_tj|�|j_dS)N)r>rSrTrQrU)r2rOrMrNr r r!rFhszDarwin._add_natlook_portscCs|jS)N)rQ)r2rVr r r!rJlszDarwin._get_natlook_port)rrrr`r3r7r9r[rFrJr�r r )r~r!r�;sr�cs eZdZdZ�fdd�Z�ZS)�PfSensei�cstd|_tt|�j�dS)Ni()rr/r|r�r3)r2)r~r r!r3ss
zPfSense.__init__)rrrr`r3r�r r )r~r!r�psr��darwinZopenbsdZpfSensecCsrdgtj|�}tddj|��tjddd�}tj|tjtjtj|d�}|j	|�}|j
rntd||j
f��|S)	Nr5z>> %s
� �PATH�C)r��LC_ALL)�stdin�stdout�stderr�envz%r returned %d)�shlex�splitr
r��os�environrz�Popen�PIPEZcommunicater}r)�argsr��argvr��pr�r r r!r5�s

r5cCstdkrtjdtj�atS)Nz/dev/pf)�_pf_fdr��open�O_RDWRr r r r!rG�srGcCsd|tjkrdnd|fS)Nz
sshuttle%s-%d��6)r>rj)rLrQr r r!�
pf_get_anchor�sr�cs<eZdZ�fdd�Zdd�Zdd�Zdd�Zd	d
�Z�ZS)�Methodcstt|�j�}d|_|S)NT)r|r��get_supported_featuresZipv6)r2�result)r~r r!r��szMethod.get_supported_featurescCs
|jj}y|j�}WnBtjk
rVtj�dd�\}}|jdtj	krR|j
�SYnX|j
�}|jtj|dj
d�|d|dj
d�|df}d|}|j|�|j�|j�}	t|jd�d|	jd��|	jd��r|	dd�jd	�\}
}|
jd�t|�fS|j
�S)
NrrrWr4sQUERY_PF_NAT %d,%d,%s,%d,%s,%d
z > sQUERY_PF_NAT_SUCCESS �r�)Zfirewall�pfileZgetpeernamer>�error�sys�exc_infor��errnoZEINVALZgetsocknamerLZIPPROTO_TCPrX�write�flush�readlinerrm�
startswithr�r:)r2Zsockr�Zpeer�_�e�proxyr�Zout_lineZin_linerPrQr r r!�
get_tcp_dstip�s(
zMethod.get_tcp_dstipc	Cs�|tjtjgkr tdt|���|r,td��|r�g}xNt|td�D]>\}	}
}}}
}|j|d|jd�|
|
rtd|
|fndff�qBWt	||�}t
j|�t
j||||||�t
j
�dS)Nz1Address family "%s" unsupported by pf method_namez#UDP not supported by pf method_name)�keys%s/%d%srWs port %d:%dr%)r>rj�AF_INET6�	Exceptionr�sortedrr�rXr�rer[ror7)r2rQr�r�rLZsubnets�udp�userr�r�ZswidthZsexcludeZsnetZfportZlportr8r r r!�setup_firewall�s$ 

zMethod.setup_firewallcCs@|tjtjgkr tdt|���|r,td��tjt||��dS)Nz1Address family "%s" unsupported by pf method_namez#UDP not supported by pf method_name)r>rjr�r�rrer9r�)r2rQrLr�r�r r r!�restore_firewall�szMethod.restore_firewallcCs�|jd�rxy,tj|dd�jd��}tjjd|�Wn2tk
rh}ztjjd|�WYdd}~XnXtjj�dSdSdS)Nz
QUERY_PF_NAT �
�,zQUERY_PF_NAT_SUCCESS %s,%r
zQUERY_PF_NAT_FAILURE %s
TF)	r�rerRr�r�r�r��IOErrorr�)r2�line�dstr�r r r!�firewall_command�s
"
zMethod.firewall_command)	rrrr�r�r�r�r�r�r r )r~r!r��s

r�)N)0r�r��platformr�r>r�ra�
subprocessrzr�ZfcntlrZctypesrrrrrrr	r
rZsshuttle.firewallrZsshuttle.helpersr
rrrrZsshuttle.methodsrr6r��objectrrtr�r�r�rer��version�endswithr5rGr�r�r r r r!�<module>sD,XF5