On Thu, May 04, 2006 at 05:22:33PM +1000, Mark Ennis
wrote:> I have been experiencing a problem with using X11 forwarding on an IPv6
> enabled host (both CentOS 4.3 and Feddora Core 5 in x86) when
> X11UseLocalhost is off.
>
> Having looked at the code and the previous discussion regarding
> http://bugzilla.mindrot.org/show_bug.cgi?id=164 I think the problem is
> due to the IPV6_V6ONLY code interacting poorly with the
> DONT_TRY_OTHER_AF hack. Basically, on current Linux systems which
> support the IPV6_V6ONLY socket option, the forwarded socket is created
> for IPV6 only and then the DONT_TRY_OTHER_AF prevents an IPV4 listen
> socket from also being created. Thus, only forwarding X11 connections
> over IPV6 are then supported.
>
> I would recommend addressing this by changing the DONT_TRY_OTHER_AF hack
> to apply only where the the IPV6_V6ONLY socket option is not supported.
> For example:
Seems reasonable to me, but I don't use IPv6 (for X11 or otherwise). A
unified diff for the same patch is below (easier to read).
Another alternative would be unsetting DONT_TRY_OTHER_AF if IPV6_V6ONLY
is defined.
Index: channels.c
==================================================================RCS file:
/usr/local/src/security/openssh/cvs/openssh_cvs/channels.c,v
retrieving revision 1.229
diff -u -p -r1.229 channels.c
--- channels.c 23 Apr 2006 02:06:03 -0000 1.229
+++ channels.c 9 May 2006 06:40:04 -0000
@@ -2825,7 +2825,7 @@ x11_create_display_inet(int x11_display_
break;
}
socks[num_socks++] = sock;
-#ifndef DONT_TRY_OTHER_AF
+#if defined(IPV6_V6ONLY) || !defined(DONT_TRY_OTHER_AF)
if (num_socks == NUM_SOCKS)
break;
#else
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.