Hi, openssh-1.2.2p1 seems to have 2 problems on ipv6 (and ipv4 mapped addresses). 1. "BREAKIN ATTEMPT" warnings from ipv4 node 2. X forwarding The following patche fixes them. Thanks. diff -ru openssh-1.2.2p1/canohost.c openssh-1.2.2p1-20000308/canohost.c --- openssh-1.2.2p1/canohost.c Fri Jan 14 13:45:48 2000 +++ openssh-1.2.2p1-20000308/canohost.c Wed Mar 8 00:25:18 2000 @@ -42,6 +42,22 @@ debug("getpeername failed: %.100s", strerror(errno)); fatal_cleanup(); } + +#ifdef IPV4_IN_IPV6 + if (((struct sockaddr *)&from)->sa_family == AF_INET6 && + IN6_IS_ADDR_V4MAPPED((&((struct sockaddr_in6 *)&from)->sin6_addr))){ + struct in_addr addr; + u_int16_t port; + memcpy(&addr, ((char *)&((struct sockaddr_in6 *)&from)->sin6_addr)+12, + sizeof(addr)); + port = ((struct sockaddr_in6 *)&from)->sin6_port; + memset(&from, 0, sizeof(from)); + ((struct sockaddr_in *)&from)->sin_family = AF_INET; + memcpy(&((struct sockaddr_in *)&from)->sin_addr, &addr, sizeof(addr)); + ((struct sockaddr_in *)&from)->sin_port = port; + } +#endif + if (getnameinfo((struct sockaddr *)&from, fromlen, ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST) != 0) fatal("get_remote_hostname: getnameinfo NI_NUMERICHOST failed"); diff -ru openssh-1.2.2p1/channels.c openssh-1.2.2p1-20000308/channels.c --- openssh-1.2.2p1/channels.c Fri Mar 3 20:35:33 2000 +++ openssh-1.2.2p1-20000308/channels.c Wed Mar 8 00:25:18 2000 @@ -1215,8 +1215,12 @@ break; } socks[num_socks++] = sock; +#ifndef DONT_TRY_OTHER_AF if (num_socks == NUM_SOCKS) break; +#else + break; +#endif } if (num_socks > 0) break; diff -ru openssh-1.2.2p1/config.h.in openssh-1.2.2p1-20000308/config.h.in --- openssh-1.2.2p1/config.h.in Tue Mar 7 20:05:59 2000 +++ openssh-1.2.2p1-20000308/config.h.in Wed Mar 8 00:25:18 2000 @@ -131,6 +131,9 @@ /* Use IPv4 for connection by default, IPv6 can still if explicity asked */ #undef IPV4_DEFAULT +/* Assume IPv4 mapped addresses IPv4 addresses */ +#undef IPV4_IN_IPV6 + /* getaddrinfo is broken (if present) */ #undef BROKEN_GETADDRINFO diff -ru openssh-1.2.2p1/configure.in openssh-1.2.2p1-20000308/configure.in --- openssh-1.2.2p1/configure.in Sun Mar 5 15:02:46 2000 +++ openssh-1.2.2p1-20000308/configure.in Wed Mar 8 00:26:15 2000 @@ -56,6 +56,8 @@ *-*-linux*) no_dev_ptmx=1 need_pty_removed_on_close=1 + CFLAGS="$CFLAGS -DDONT_TRY_OTHER_AF" + inet6_default_4in6=yes ;; *-*-netbsd*) need_dash_r=1 @@ -778,6 +780,26 @@ [ if test "x$withval" != "xno" ; then AC_DEFINE(IPV4_DEFAULT) + fi + ] +) + +AC_MSG_CHECKING([whether we assume IPv6-mapped addresses IPv4 addresses]) +AC_ARG_WITH(ipv4-in-ipv6, + [ --with-ipv4-in-ipv6 assumes ipv4 mapped addresses ipv4 addresses], + [ + if test "x$withval" != "xno" ; then + AC_MSG_RESULT(yes) + AC_DEFINE(IPV4_IN_IPV6) + else + AC_MSG_RESULT(no) + fi + ],[ + if test "x$inet6_default_4in6" = "xyes"; then + AC_MSG_RESULT([yes (default)]) + AC_DEFINE(IPV4_IN_IPV6) + else + AC_MSG_RESULT([no (default)]) fi ] ) -- Hideaki YOSHIFUJI <yoshfuji at ecei.tohoku.ac.jp> Web Page: http://www.ecei.tohoku.ac.jp/%7Eyoshfuji/ PGP5i FP: F731 6599 5EB2 BBA7 1515 1323 1806 A96F 5700 6B25
Anyone want to provide me with better detailed information as to what sigsuspend() really does. It seems to be linked to Ctrl-Z. Since Ctrl-Z at the password prompt does not re-enable shell echoing. thanks.
On Wed, 8 Mar 2000, Hideaki YOSHIFUJI wrote:> Hi, > > openssh-1.2.2p1 seems to have 2 problems on ipv6 (and > ipv4 mapped addresses). > > 1. "BREAKIN ATTEMPT" warnings from ipv4 node > 2. X forwardingHow does this patch look to you? Regards, Damien Miller -- | "Bombay is 250ms from New York in the new world order" - Alan Cox | Damien Miller - http://www.mindrot.org/ | Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work) -------------- next part -------------- Index: acconfig.h ==================================================================RCS file: /var/cvs/openssh/acconfig.h,v retrieving revision 1.53 diff -u -r1.53 acconfig.h --- acconfig.h 2000/03/09 11:31:13 1.53 +++ acconfig.h 2000/03/11 09:38:46 @@ -153,6 +153,12 @@ /* getaddrinfo is broken (if present) */ #undef BROKEN_GETADDRINFO +/* Workaround more Linux IPv6 bugs */ +#undef DONT_TRY_OTHER_AF + +/* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */ +#undef IPV4_IN_IPV6 + @BOTTOM@ /* ******************* Shouldn't need to edit below this line ************** */ Index: canohost.c ==================================================================RCS file: /var/cvs/openssh/canohost.c,v retrieving revision 1.7 diff -u -r1.7 canohost.c --- canohost.c 2000/01/14 04:45:48 1.7 +++ canohost.c 2000/03/11 09:38:49 @@ -42,6 +42,30 @@ debug("getpeername failed: %.100s", strerror(errno)); fatal_cleanup(); } + +#ifdef IPV4_IN_IPV6 + if (from.ss_family == AF_INET6) { + struct sockaddr_in6 *from6 = (struct sockaddr_in6 *)&from; + + /* Detect IPv4 in IPv6 mapped address and convert it to */ + /* plain (AF_INET) IPv4 address */ + if (IN6_IS_ADDR_V4MAPPED(&from6->sin6_addr)) { + struct sockaddr_in *from4 = (struct sockaddr_in *)&from; + struct in_addr addr; + u_int16_t port; + + memcpy(&addr, ((char *)&from6->sin6_addr) + 12, sizeof(addr)); + port = from6->sin6_port; + + memset(&from, 0, sizeof(from)); + + from4->sin_family = AF_INET; + memcpy(&from4->sin_addr, &addr, sizeof(addr)); + from4->sin_port = port; + } + } +#endif + if (getnameinfo((struct sockaddr *)&from, fromlen, ntop, sizeof(ntop), NULL, 0, NI_NUMERICHOST) != 0) fatal("get_remote_hostname: getnameinfo NI_NUMERICHOST failed"); Index: channels.c ==================================================================RCS file: /var/cvs/openssh/channels.c,v retrieving revision 1.17 diff -u -r1.17 channels.c --- channels.c 2000/03/03 11:35:33 1.17 +++ channels.c 2000/03/11 09:39:12 @@ -1215,8 +1215,12 @@ break; } socks[num_socks++] = sock; +#ifndef DONT_TRY_OTHER_AF if (num_socks == NUM_SOCKS) break; +#else + break; +#endif } if (num_socks > 0) break; Index: configure.in ==================================================================RCS file: /var/cvs/openssh/configure.in,v retrieving revision 1.93 diff -u -r1.93 configure.in --- configure.in 2000/03/11 09:05:12 1.93 +++ configure.in 2000/03/11 09:39:22 @@ -55,6 +55,8 @@ ;; *-*-linux*) no_dev_ptmx=1 + AC_DEFINE(DONT_TRY_OTHER_AF) + inet6_default_4in6=yes ;; *-*-netbsd*) need_dash_r=1 @@ -784,6 +786,26 @@ [ if test "x$withval" != "xno" ; then AC_DEFINE(IPV4_DEFAULT) + fi + ] +) + +AC_MSG_CHECKING([to convert IPv4 in IPv6-mapped addresses]) +AC_ARG_WITH(4in6, + [ --with-4in6 Check for and convert IPv4 in IPv6 mapped addresses], + [ + if test "x$withval" != "xno" ; then + AC_MSG_RESULT(yes) + AC_DEFINE(IPV4_IN_IPV6) + else + AC_MSG_RESULT(no) + fi + ],[ + if test "x$inet6_default_4in6" = "xyes"; then + AC_MSG_RESULT([yes (default)]) + AC_DEFINE(IPV4_IN_IPV6) + else + AC_MSG_RESULT([no (default)]) fi ] )
Apparently Analagous Threads
- problem with X11 forwarding and use_localhost on Linux (solution)
- X11 forwarding to IPv6 enabled host not working.
- problem with X11 forwarding and use_localhost on Linux (solution) (fwd)
- sys/queue.h
- openssh 5.0p1: Solaris - Failed to allocate internet-domain X11 display socket.