sshd recognises IPv4-mapped IPv6 addresses as non-IPv4 connections and therefore does not set the ToS bit. The following patch solves this problem. Compatibility checks with kerberos-enabled systems may be needed. --- openssh-3.1p1/packet.c Tue Mar 5 02:31:29 2002 +++ openssh-3.1p1-v4inv6-ToS/packet.c Thu Mar 21 13:43:01 2002 @@ -178,13 +178,24 @@ { struct sockaddr_storage to; socklen_t tolen = sizeof(to); + struct sockaddr_in6 *to6; memset(&to, 0, sizeof(to)); if (getsockname(connection_out, (struct sockaddr *)&to, &tolen) < 0) return 0; - if (to.ss_family != AF_INET) + switch (to.ss_family) { + case AF_INET: + return 1; +#ifdef IPV4_IN_IPV6 + case AF_INET6: + to6 = (struct sockaddr_in6 *)&to; + if (IN6_IS_ADDR_V4MAPPED(&to6->sin6_addr)) + return 1; return 0; - return 1; +#endif + default: + return 0; + } }
Committed something similar, please test CVS -current. In future, please attach patches (Using the "Create a new attachment" link) rather than pasting them inline.
This is what itojun wrote: On many systems, IP_TOS setsockopt on AF_INET6 socket does not work. This is because there is no standard behavior defined for setsockopt(IP_TOS) over AF_INET6 socket. Therefore, you will want to take either of the following routes: - apply the submitted patch itself, and ignore error returns at setsockopt(IP_TOS) - do not apply the patch, and convert IPv4-mapped address into normal IPv4 address before opening socket (hence we will use it as normal IPv4 address on AF_INET socket).
hmmm, does this apply to Linux's "original" implementation of IPv6 (where this hack is occasionally needed) too?
FYI This hack is only switched on by default for Linux
Mass change of RESOLVED bugs to CLOSED