Bug 180 - [PATCH] sshd sets no ToS bit on connections with IPv4-mapped IPv6 addresses
Summary: [PATCH] sshd sets no ToS bit on connections with IPv4-mapped IPv6 addresses
Status: CLOSED FIXED
Alias: None
Product: Portable OpenSSH
Classification: Unclassified
Component: sshd (show other bugs)
Version: -current
Hardware: ix86 Linux
: P2 minor
Assignee: OpenSSH Bugzilla mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2002-03-22 22:56 AEDT by Oliver Wellnitz
Modified: 2004-04-14 12:24 AEST (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Oliver Wellnitz 2002-03-22 22:56:04 AEDT
sshd recognises IPv4-mapped IPv6 addresses as non-IPv4 connections and therefore
does not set the ToS bit.

The following patch solves this problem. Compatibility checks with
kerberos-enabled systems may be needed.

--- openssh-3.1p1/packet.c      Tue Mar  5 02:31:29 2002
+++ openssh-3.1p1-v4inv6-ToS/packet.c   Thu Mar 21 13:43:01 2002
@@ -178,13 +178,24 @@
 {
        struct sockaddr_storage to;
        socklen_t tolen = sizeof(to);
+       struct sockaddr_in6 *to6;

        memset(&to, 0, sizeof(to));
        if (getsockname(connection_out, (struct sockaddr *)&to, &tolen) < 0)
                return 0;
-       if (to.ss_family != AF_INET)
+       switch (to.ss_family) {
+       case AF_INET:
+               return 1;
+#ifdef IPV4_IN_IPV6
+       case AF_INET6:
+               to6 = (struct sockaddr_in6 *)&to;
+               if (IN6_IS_ADDR_V4MAPPED(&to6->sin6_addr))
+                       return 1;
                return 0;
-       return 1;
+#endif
+       default:
+               return 0;
+       }
 }
Comment 1 Damien Miller 2002-04-26 16:55:13 AEST
Committed something similar, please test CVS -current. In future, please attach
patches (Using the "Create a new attachment" link) rather than pasting them inline.
Comment 2 Markus Friedl 2002-04-26 17:50:52 AEST
This is what itojun wrote:

        On many systems, IP_TOS setsockopt on AF_INET6 socket does not work.
        This is because there is no standard behavior defined for
        setsockopt(IP_TOS) over AF_INET6 socket.

        Therefore, you will want to take either of the following routes:
        - apply the submitted patch itself, and ignore error returns
          at setsockopt(IP_TOS)
        - do not apply the patch, and convert IPv4-mapped address into
          normal IPv4 address before opening socket (hence we will use
          it as normal IPv4 address on AF_INET socket).
Comment 3 Damien Miller 2002-04-26 21:14:50 AEST
hmmm, does this apply to Linux's "original" implementation of IPv6 (where this
hack is occasionally needed) too?
Comment 4 Damien Miller 2002-04-26 21:16:46 AEST
FYI This hack is only switched on by default for Linux
Comment 5 Damien Miller 2004-04-14 12:24:18 AEST
Mass change of RESOLVED bugs to CLOSED