Startup crash under user account with Kubuntu 16.10 AMD64, 0/0 subnet and --method tproxy #136
Description
I am trying to start sshuttle 0.78.1 (package from Ubuntu's package archive) under regular user account, but it crashing:
sshuttle -vvv 0/0 --method tproxy -r user@server.com
Starting sshuttle proxy.
firewall manager: Starting firewall with Python version 3.5.2+
firewall manager: ready method name tproxy.
IPv6 enabled: True
UDP enabled: True
DNS enabled: False
Binding redirector: 12300
TCP redirector listening on ('::1', 12300, 0, 0).
TCP redirector listening with <socket.socket fd=5, family=AddressFamily.AF_INET6, type=SocketKind.SOCK_STREAM, proto=0, laddr=('::1', 12300, 0, 0)>.
TCP redirector listening on ('127.0.0.1', 12300).
TCP redirector listening with <socket.socket fd=7, family=AddressFamily.AF_INET, type=SocketKind.SOCK_STREAM, proto=0, laddr=('127.0.0.1', 12300)>.
UDP redirector listening on ('::1', 12300, 0, 0).
UDP redirector listening with <socket.socket fd=8, family=AddressFamily.AF_INET6, type=SocketKind.SOCK_DGRAM, proto=0, laddr=('::1', 12300, 0, 0)>.
UDP redirector listening on ('127.0.0.1', 12300).
UDP redirector listening with <socket.socket fd=9, family=AddressFamily.AF_INET, type=SocketKind.SOCK_DGRAM, proto=0, laddr=('127.0.0.1', 12300)>.
Traceback (most recent call last):
File "/usr/bin/sshuttle", line 9, in <module>
load_entry_point('sshuttle==0.78.1', 'console_scripts', 'sshuttle')()
File "/usr/lib/python3/dist-packages/sshuttle/cmdline.py", line 74, in main
opt.daemon, opt.pidfile)
File "/usr/lib/python3/dist-packages/sshuttle/client.py", line 711, in main
fw.method.setup_tcp_listener(tcp_listener)
File "/usr/lib/python3/dist-packages/sshuttle/methods/tproxy.py", line 142, in setup_tcp_listener
tcp_listener.setsockopt(socket.SOL_IP, IP_TRANSPARENT, 1)
File "/usr/lib/python3/dist-packages/sshuttle/client.py", line 107, in setsockopt
self.v6.setsockopt(level, optname, value)
PermissionError: [Errno 1] Operation not permitted
Using --disable-ipv6 doesn't change anything.
Under root there is no problem with same arguments.
Of course, if user doesn't have rights to capture all data from whole host, it should be reported.
Reported not by crash, but via graceful shutdown with friendly error message, maybe?