problem with X11 forwarding and use_localhost on Linux (solution) (fwd)

YOSHIFUJI Hideaki / 吉藤英明 yoshfuji at linux-ipv6.org
Thu May 2 22:31:11 EST 2002 

Hi,

I think we should try other AF for "x11_use_localhost" case.

--- openssh-3.1p1/channels.c	Tue Mar  5 10:57:45 2002
+++ openssh-3.1p1-fix/channels.c	Thu May  2 21:26:28 2002
@@ -2356,6 +2356,13 @@
 					continue;
 				}
 			}
+#ifdef IPV6_V6ONLY
+			if (ai->ai_family == AF_INET6) {
+				int on = 1;
+				if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) < 0)
+					debug("x11_create_display_inet: setsockopt(IPV6_V6ONLY) failed.");
+			}
+#endif
 			if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
 				debug("bind port %d: %.100s", port, strerror(errno));
 				close(sock);
@@ -2374,7 +2381,12 @@
 			if (num_socks == NUM_SOCKS)
 				break;
 #else
-			break;
+			if (x11_use_localhost) {
+				if (num_socks == NUM_SOCKS)
+					break;
+			} else {
+				break;
+			}
 #endif
 		}
 		freeaddrinfo(aitop);

In article <Pine.HPX.4.44.0204301333550.2022-100000 at jenny> (at Tue, 30 Apr 2002 13:35:52 -0700 (PDT)), Kevin Steves <kevin at atomicgears.com> says:

> itojun,
> 
> do you have any recommendations on this?
> 
> http://bugzilla.mindrot.org/show_bug.cgi?id=164
> 
> ---------- Forwarded message ----------
> Date: Mon, 29 Apr 2002 11:32:21 +0200
> From: Stig Venaas <Stig.Venaas at uninett.no>
> To: Kevin Steves <kevin at atomicgears.com>
> Cc: openssh-unix-dev at mindrot.org
> Subject: Re: problem with X11 forwarding and use_localhost on Linux
>     (solution)
> 
> On Thu, Apr 25, 2002 at 10:09:40AM -0700, Kevin Steves wrote:
> > : #else
> > :-                       break;
> > :+                       if (!x11_use_localhost || num_socks == NUM_SOCKS)
> > :+                               break;
> > : #endif
> > :                }
> > :                freeaddrinfo(aitop);
> >
> > this is what is in:
> > http://bugzilla.mindrot.org/show_bug.cgi?id=164
> 
> Right, I should have checked there.
> 
> > i still don't understand exactly why DONT_TRY_OTHER_AF is needed?
> 
> It's needed because if you first bind an IPv6 socket to the ANY address,
> then subsequent IPv4 bind will fail on Linux. You could of course remove
> DONT_TRY_OTHER_AF, but then you need to ignore the error on the IPv4 bind
> call. Currently it will clean up (closing the already opened IPv6 socket),
> and then try the next display (which will again fail) until MAX_DISPLAYS
> is reached, and it will then simply fail. If the code for the ANY case
> was separated from the x11_use_localhost case, you would only need
> DONT_TRY_OTHER_AF in the ANY part, that is the only part where Linux is
> different from *BSD.
> 
> Stig
> _______________________________________________
> openssh-unix-dev at mindrot.org mailing list
> http://www.mindrot.org/mailman/listinfo/openssh-unix-dev
> 
> 

-- 
Hideaki YOSHIFUJI @ USAGI Project <yoshfuji at linux-ipv6.org>
GPG FP: 9022 65EB 1ECF 3AD1 0BDF  80D8 4807 F894 E062 0EEA

More information about the openssh-unix-dev mailing list