In connect_to() in channels.c there is a loop trying to connect to each address returned by getaddrinfo() until connect() is successful or EINPROGRESS is returned. The socket is non-blocking so unless something immediately fails, EINPROGRESS is returned and we happily leave the loop. Then when we later attempt to write to the socket, we realize that we're not connected. No route to host, connection refused etc. I would like sshd to try another address if possible when this happens. Or in other words, loop through all candidates until we are absolutely positive we have established a connection. I think this can be done by selecting the socket for writing without actually writing anything. I'm happy to elaborate why this is a real life problem if necessary.
The fix for Bug #207 may be useful here
Created attachment 1498 [details] try subsequent addresses This patch should fix the bug. (better late than never)
Target release openssh-5.1
Fix committed and will be in openssh-5.1: > CVSROOT: /cvs > Module name: src > Changes by: djm@cvs.openbsd.org 2008/05/08 22:55:57 > > Modified files: > usr.bin/ssh : channels.c channels.h clientloop.c serverloop.c > > Log message: > Try additional addresses when connecting to a port forward destination > whose DNS name resolves to more than one address. The previous behaviour > was to try the first address and give up. > > Reported by stig AT venaas.com in bz#343 > > great feedback and ok markus@
Mass update RESOLVED->CLOSED after release of openssh-5.1