patch for openssh-1.2.2p1

Sat Mar 11 20:40:36 EST 2000

On Wed, 8 Mar 2000, Hideaki YOSHIFUJI wrote:

> Hi,
> 
> openssh-1.2.2p1 seems to have 2 problems on ipv6 (and
> ipv4 mapped addresses).
> 
>  1. "BREAKIN ATTEMPT" warnings from ipv4 node
>  2. X forwarding

How does this patch look to you?

Regards,
Damien Miller

--
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)


-------------- next part --------------
Index: acconfig.h
===================================================================
RCS file: /var/cvs/openssh/acconfig.h,v
retrieving revision 1.53
diff -u -r1.53 acconfig.h

--- acconfig.h	2000/03/09 11:31:13	1.53
+++ acconfig.h	2000/03/11 09:38:46
@@ -153,6 +153,12 @@
 /* getaddrinfo is broken (if present) */
 #undef BROKEN_GETADDRINFO
 
+/* Workaround more Linux IPv6 bugs */
+#undef DONT_TRY_OTHER_AF
+
+/* Detect IPv4 in IPv6 mapped addresses and treat as IPv4 */
+#undef IPV4_IN_IPV6
+
 @BOTTOM@
 
 /* ******************* Shouldn't need to edit below this line ************** */
Index: canohost.c
===================================================================
RCS file: /var/cvs/openssh/canohost.c,v
retrieving revision 1.7
diff -u -r1.7 canohost.c
--- canohost.c	2000/01/14 04:45:48	1.7
+++ canohost.c	2000/03/11 09:38:49
@@ -42,6 +42,30 @@
 		debug("getpeername failed: %.100s", strerror(errno));
 		fatal_cleanup();
 	}
+
+#ifdef IPV4_IN_IPV6
+	if (from.ss_family == AF_INET6) {
+		struct sockaddr_in6 *from6 = (struct sockaddr_in6 *)&from;
+
+		/* Detect IPv4 in IPv6 mapped address and convert it to */
+		/* plain (AF_INET) IPv4 address */
+		if (IN6_IS_ADDR_V4MAPPED(&from6->sin6_addr)) {
+			struct sockaddr_in *from4 = (struct sockaddr_in *)&from;
+			struct in_addr addr;
+			u_int16_t port;
+
+			memcpy(&addr, ((char *)&from6->sin6_addr) + 12, sizeof(addr));
+			port = from6->sin6_port;
+
+			memset(&from, 0, sizeof(from));
+			
+			from4->sin_family = AF_INET;
+			memcpy(&from4->sin_addr, &addr, sizeof(addr));
+			from4->sin_port = port;
+		}
+	}
+#endif
+
 	if (getnameinfo((struct sockaddr *)&from, fromlen, ntop, sizeof(ntop),
 	     NULL, 0, NI_NUMERICHOST) != 0)
 		fatal("get_remote_hostname: getnameinfo NI_NUMERICHOST failed");
Index: channels.c
===================================================================
RCS file: /var/cvs/openssh/channels.c,v
retrieving revision 1.17
diff -u -r1.17 channels.c
--- channels.c	2000/03/03 11:35:33	1.17
+++ channels.c	2000/03/11 09:39:12
@@ -1215,8 +1215,12 @@
 				break;
 			}
 			socks[num_socks++] = sock;
+#ifndef DONT_TRY_OTHER_AF
 			if (num_socks == NUM_SOCKS)
 				break;
+#else
+			break;
+#endif
 		}
 		if (num_socks > 0)
 			break;
Index: configure.in
===================================================================
RCS file: /var/cvs/openssh/configure.in,v
retrieving revision 1.93
diff -u -r1.93 configure.in
--- configure.in	2000/03/11 09:05:12	1.93
+++ configure.in	2000/03/11 09:39:22
@@ -55,6 +55,8 @@
 	;;
 *-*-linux*)
 	no_dev_ptmx=1
+	AC_DEFINE(DONT_TRY_OTHER_AF)
+	inet6_default_4in6=yes
 	;;
 *-*-netbsd*)
 	need_dash_r=1
@@ -784,6 +786,26 @@
 	[
 		if test "x$withval" != "xno" ; then	
 			AC_DEFINE(IPV4_DEFAULT)
+		fi
+	]
+)
+
+AC_MSG_CHECKING([to convert IPv4 in IPv6-mapped addresses])
+AC_ARG_WITH(4in6,
+	[  --with-4in6             Check for and convert IPv4 in IPv6 mapped addresses],
+	[
+		if test "x$withval" != "xno" ; then
+			AC_MSG_RESULT(yes)
+			AC_DEFINE(IPV4_IN_IPV6)
+		else
+			AC_MSG_RESULT(no)
+		fi
+	],[
+		if test "x$inet6_default_4in6" = "xyes"; then
+			AC_MSG_RESULT([yes (default)])
+			AC_DEFINE(IPV4_IN_IPV6)
+		else
+			AC_MSG_RESULT([no (default)])
 		fi
 	]
 )
