I attempted to implement support for direct-streamlocal@openssh.com channels in my own SSH implementation and found that the documentation in the OpenSSH PROTOCOL file doesn't match the implementation in OpenSSH. The PROTOCOL file describes the channel open message as:

        byte            SSH_MSG_CHANNEL_OPEN
        string          "direct-streamlocal@openssh.com"
        uint32          sender channel
        uint32          initial window size
        uint32          maximum packet size
        string          socket path

However, the implementation tacks some additional data to the end:

                packet_start(SSH2_MSG_CHANNEL_OPEN);
                packet_put_cstring(rtype);
                packet_put_int(c->self);
                packet_put_int(c->local_window_max);
                packet_put_int(c->local_maxpacket);
                if (strcmp(rtype, "direct-tcpip") == 0) {
                        /* target host, port */
                        packet_put_cstring(c->path);
                        packet_put_int(c->host_port);
                } else if (strcmp(rtype, "direct-streamlocal@openssh.com") == 0) {
                        /* target path */
                        packet_put_cstring(c->path);
                } else if (strcmp(rtype, "forwarded-streamlocal@openssh.com") == 0) {
                        /* listen path */
                        packet_put_cstring(c->path);
                } else {
                        /* listen address, port */
                        packet_put_cstring(c->path);
                        packet_put_int(local_port);
                }
                if (strcmp(rtype, "forwarded-streamlocal@openssh.com") == 0) {
                        /* reserved for future owner/mode info */
                        packet_put_cstring("");
                } else {
-->                     /* originator host and port */
-->                     packet_put_cstring(remote_ipaddr);
-->                     packet_put_int((u_int)remote_port);
                }
                packet_send();

It correctly special-cases forwarded-streamlocal, but for all other cases (including direct-streamlocal) it appends the remote IP add and port, even though these values are not applicable in the direct-streamlocal case.

This may be difficult to fix in a backward-compatible manner, since the code in serverloop.c actually seems to be expecting to get a host & port:

        target = packet_get_string(NULL);
        originator = packet_get_string(NULL);
        originator_port = packet_get_int();
        packet_check_eom();

So, perhaps the right thing here is to update the documentation in PROTOCOL to match the current implementation. It seems odd to send this information when it looks like it will always be an empty string and a port of zero, though, especially given that "port" information makes no sense for this type of connection.