dtucker at zip
May 8, 2012, 4:10 AM
Post #2 of 2
(221 views)
Permalink
|
On Tue, May 08, 2012 at 08:41:57AM +0000, CHEN Kun carol wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=640857
> I'm writing to ask whether this bug is fixed in your openSSH 6.0.
Yes, it was fixed a while ago and is in 6.0p1.
---------------------
PatchSet 6063
Date: 2009/11/18 17:48:30
Author: djm
Branch: HEAD
Tag: (none)
Branches:
Log:
- (djm) [channels.c misc.c misc.h sshd.c] add missing setsockopt() to
set IPV6_V6ONLY for local forwarding with GatwayPorts=yes. Unify
setting IPV6_V6ONLY behind a new function misc.c:sock_set_v6only()
report and fix from jan.kratochvil AT redhat.com
Members:
ChangeLog:1.5320->1.5321
channels.c:1.285->1.286
misc.c:1.89->1.90
misc.h:1.41->1.42
sshd.c:1.386->1.387
Index: openssh/ChangeLog
diff -u openssh/ChangeLog:1.5320 openssh/ChangeLog:1.5321
--- openssh/ChangeLog:1.5320 Sat Nov 7 16:03:14 2009
+++ openssh/ChangeLog Wed Nov 18 17:48:30 2009
@@ -1,4 +1,10 @@
20091107
+ - (djm) [channels.c misc.c misc.h sshd.c] add missing setsockopt() to
+ set IPV6_V6ONLY for local forwarding with GatwayPorts=yes. Unify
+ setting IPV6_V6ONLY behind a new function misc.c:sock_set_v6only()
+ report and fix from jan.kratochvil AT redhat.com
+
+20091107
- (dtucker) [authfile.c] Fall back to 3DES for the encryption of private
keys when built with OpenSSL versions that don't do AES.
Index: openssh/channels.c
diff -u openssh/channels.c:1.285 openssh/channels.c:1.286
--- openssh/channels.c:1.285 Fri Aug 28 11:02:37 2009
+++ openssh/channels.c Wed Nov 18 17:48:30 2009
@@ -2577,6 +2577,8 @@
}
channel_set_reuseaddr(sock);
+ if (ai->ai_family == AF_INET6)
+ sock_set_v6only(sock);
debug("Local forwarding listening on %s port %s.",
ntop, strport);
@@ -3108,13 +3110,8 @@
continue;
}
}
-#ifdef IPV6_V6ONLY
- if (ai->ai_family == AF_INET6) {
- int on = 1;
- if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) < 0)
- error("setsockopt IPV6_V6ONLY: %.100s", strerror(errno));
- }
-#endif
+ if (ai->ai_family == AF_INET6)
+ sock_set_v6only(sock);
if (x11_use_localhost)
channel_set_reuseaddr(sock);
if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
Index: openssh/misc.c
diff -u openssh/misc.c:1.89 openssh/misc.c:1.90
--- openssh/misc.c:1.89 Sun Feb 22 08:47:02 2009
+++ openssh/misc.c Wed Nov 18 17:48:30 2009
@@ -849,3 +849,14 @@
tv->tv_usec = (ms % 1000) * 1000;
}
+void
+sock_set_v6only(int s)
+{
+#ifdef IPV6_V6ONLY
+ int on = 1;
+
+ debug3("%s: set socket %d IPV6_V6ONLY", __func__, s);
+ if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) == -1)
+ error("setsockopt IPV6_V6ONLY: %s", strerror(errno));
+#endif
+}
Index: openssh/misc.h
diff -u openssh/misc.h:1.41 openssh/misc.h:1.42
--- openssh/misc.h:1.41 Fri Jun 13 06:42:45 2008
+++ openssh/misc.h Wed Nov 18 17:48:30 2009
@@ -35,6 +35,7 @@
void sanitise_stdfd(void);
void ms_subtract_diff(struct timeval *, int *);
void ms_to_timeval(struct timeval *, int);
+void sock_set_v6only(int);
struct passwd *pwcopy(struct passwd *);
const char *ssh_gai_strerror(int);
Index: openssh/sshd.c
diff -u openssh/sshd.c:1.386 openssh/sshd.c:1.387
--- openssh/sshd.c:1.386 Sun Jun 21 20:26:17 2009
+++ openssh/sshd.c Wed Nov 18 17:48:30 2009
@@ -979,15 +979,9 @@
&on, sizeof(on)) == -1)
error("setsockopt SO_REUSEADDR: %s", strerror(errno));
-#ifdef IPV6_V6ONLY
/* Only communicate in IPv6 over AF_INET6 sockets. */
- if (ai->ai_family == AF_INET6) {
- if (setsockopt(listen_sock, IPPROTO_IPV6, IPV6_V6ONLY,
- &on, sizeof(on)) == -1)
- error("setsockopt IPV6_V6ONLY: %s",
- strerror(errno));
- }
-#endif
+ if (ai->ai_family == AF_INET6)
+ sock_set_v6only(listen_sock);
debug("Bind to port %s on %s.", strport, ntop);
--
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev [at] mindrot
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
|
