bugzilla-daemon at mindrot.org
2021-Dec-11 09:08 UTC
[Bug 3373] New: "IPQoS le" sets incorrect DSCP
https://bugzilla.mindrot.org/show_bug.cgi?id=3373
Bug ID: 3373
Summary: "IPQoS le" sets incorrect DSCP
Product: Portable OpenSSH
Version: 8.8p1
Hardware: All
OS: Linux
Status: NEW
Severity: normal
Priority: P5
Component: ssh
Assignee: unassigned-bugs at mindrot.org
Reporter: daisuke.higashi at gmail.com
** Bug Description
"IPQoS le" (Lower Effort) sets outgoing packet's DSCP to 000000
(BE).
** Expected behavior
It should be 000001 as per [RFC8622] and [bz2986].
** How to reproduce
1. ssh -o "IPQoS le" <remotehost>
2. tcpdump -v -n port 22 host <remotehost>
3. watch "tos" field in IP header (or "class" in IPv6)
-> Correct DSCP for LE is 000001 (tos 0x04), but we see tos=0x0
(DSCP=0)
======================17:31:03.455484 IP (tos 0x0, ttl 64, id 31594, offset 0,
flags [DF],
proto TCP (6), length 52)
*.*.*.108.55566 > *.*.*.*.22: Flags [.], cksum 0xd6b3 (incorrect ->
0xe00d), seq 1661, ack 1463, win 259, options [nop,nop,TS val
4016640841 ecr 3998457139], length 0
======================
** Patch for fix
IPTOS_DSCP_LE definition is wrong. If we want DSCP=0000001b, IPTOS
value set must be 00000100b (two bits shift).
--- openssh-8.8p1.org/defines.h 2021-12-11 17:23:14.008544689 +0900
+++ openssh-8.8p1/defines.h 2021-12-11 17:24:02.755931851 +0900
@@ -97,7 +97,7 @@
# define IPTOS_DSCP_EF 0xb8
#endif /* IPTOS_DSCP_EF */
#ifndef IPTOS_DSCP_LE
-# define IPTOS_DSCP_LE 0x01
+# define IPTOS_DSCP_LE 0x04
#endif /* IPTOS_DSCP_LE */
#ifndef IPTOS_PREC_CRITIC_ECP
# define IPTOS_PREC_CRITIC_ECP 0xa0
--
You are receiving this mail because:
You are watching the assignee of the bug.
bugzilla-daemon at mindrot.org
2021-Dec-11 10:57 UTC
[Bug 3373] "IPQoS le" sets incorrect DSCP
https://bugzilla.mindrot.org/show_bug.cgi?id=3373
Darren Tucker <dtucker at dtucker.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Blocks| |3353
CC| |dtucker at dtucker.net
--- Comment #1 from Darren Tucker <dtucker at dtucker.net> ---
Looks like the value comes from OpenBSD so we'll need to fix it there:
https://cvsweb.openbsd.org/src/sys/netinet/ip.h?rev=1.19&content-type=text/x-cvsweb-markup
Referenced Bugs:
https://bugzilla.mindrot.org/show_bug.cgi?id=3353
[Bug 3353] Tracking bug for openssh-8.9
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2021-Dec-14 23:53 UTC
[Bug 3373] "IPQoS le" sets incorrect DSCP
https://bugzilla.mindrot.org/show_bug.cgi?id=3373
Darren Tucker <dtucker at dtucker.net> changed:
What |Removed |Added
----------------------------------------------------------------------------
Resolution|--- |FIXED
Status|NEW |RESOLVED
--- Comment #2 from Darren Tucker <dtucker at dtucker.net> ---
Fixed in OpenBSD and OpenSSH. Thanks for the report.
--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
bugzilla-daemon at mindrot.org
2022-Feb-25 02:56 UTC
[Bug 3373] "IPQoS le" sets incorrect DSCP
https://bugzilla.mindrot.org/show_bug.cgi?id=3373
Damien Miller <djm at mindrot.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|RESOLVED |CLOSED
--- Comment #3 from Damien Miller <djm at mindrot.org> ---
closing bugs resolved before openssh-8.9
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.