X forwarding: trying to forward to busy local port

Darren Tucker dtucker at zip.com.au
Wed Feb 14 23:18:58 EST 2007 

Lars Kruse wrote:
> Hi,
> 
>>> 1) improved "is this port usable on all interfaces?"-detection
>>> ipv4/ipv6 mixed openssh daemons should behave like pure ipv4 daemons:
>>> unusable DISPLAY settings may never be offered to clients
>> I think it's a Linuxism: IPv6 sockets prevent binding to IPv4 sockets
>> on the same port but not vice versa.
> hm - I do not know any details regarding this behaviour ...
> 
> To make sure, that you understand me right, I was studying the source
> code of "x11_create_display_inet" in "channel.c" again.
> If I am not mistaken, then the loop
>    for (ai = aitop; ai; ai = ai->ai_next)
> tries to connect to all available ports according to the given
> restrictions (especially: address family). If at least one port is
> usable, then this one is used for the X session.
> 
> 
> Case 1: both ipv4 and ipv6 socket of a given port are available
> no problem - both sockets are bound for the X session.
> 
> Case 2: only the ipv4 socket of the port is available
> no problem - as the display "localhost:???" (ipv4 address) is returned,
> clients will only connect to the ipv4 port, anyway.
> 
> Case 3: only the ipv6 socket of the port is available
> this seems to be a problem: an ipv6 port is bound, but an ipv4 address
> is returned as the display setting (DISPLAY=localhost:??? instead of
> DISPLAY=ip6-localhost:???).
> 
> 
> Could it be, that the return value of the DISPLAY setting does not
> depend on the acquired sockets for now? (always returning an ip4
> address)

For X11UseLocalhost=yes it always uses a string of "localhost" 
(session_setup_x11fwd in session.c).

Potentially it could either get the address family from 
x11_create_display_inet, or maybe call getsockname on the socket and use 
that (provided "::1:0" is a valid display name, I have no idea if X 
would choke on that).

The wrinkle is that some xlibs (or xauths?) do special things with the 
string "localhost", eg map it to a Unix domain socket.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
     Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

More information about the openssh-unix-dev mailing list