About bug 640857

[Darren Tucker]

On Tue, May 08, 2012 at 08:41:57AM +0000, CHEN Kun carol wrote:
> https://bugzilla.redhat.com/show_bug.cgi?id=640857
> I'm writing to ask whether this bug is fixed in your openSSH 6.0.

Yes, it was fixed a while ago and is in 6.0p1.

---------------------
PatchSet 6063 
Date: 2009/11/18 17:48:30
Author: djm
Branch: HEAD
Tag: (none) 
Branches: 
Log:
 - (djm) [channels.c misc.c misc.h sshd.c] add missing setsockopt() to
   set IPV6_V6ONLY for local forwarding with GatwayPorts=yes. Unify
   setting IPV6_V6ONLY behind a new function misc.c:sock_set_v6only()
   report and fix from jan.kratochvil AT redhat.com

Members: 
	ChangeLog:1.5320->1.5321 
	channels.c:1.285->1.286 
	misc.c:1.89->1.90 
	misc.h:1.41->1.42 
	sshd.c:1.386->1.387 

Index: openssh/ChangeLog
diff -u openssh/ChangeLog:1.5320 openssh/ChangeLog:1.5321
--- openssh/ChangeLog:1.5320	Sat Nov  7 16:03:14 2009
+++ openssh/ChangeLog	Wed Nov 18 17:48:30 2009
@@ -1,4 +1,10 @@
 20091107
+ - (djm) [channels.c misc.c misc.h sshd.c] add missing setsockopt() to
+   set IPV6_V6ONLY for local forwarding with GatwayPorts=yes. Unify
+   setting IPV6_V6ONLY behind a new function misc.c:sock_set_v6only()
+   report and fix from jan.kratochvil AT redhat.com
+
+20091107
  - (dtucker) [authfile.c] Fall back to 3DES for the encryption of private
     keys when built with OpenSSL versions that don't do AES.
 
Index: openssh/channels.c
diff -u openssh/channels.c:1.285 openssh/channels.c:1.286
--- openssh/channels.c:1.285	Fri Aug 28 11:02:37 2009
+++ openssh/channels.c	Wed Nov 18 17:48:30 2009
@@ -2577,6 +2577,8 @@
 		}
 
 		channel_set_reuseaddr(sock);
+		if (ai->ai_family == AF_INET6)
+			sock_set_v6only(sock);
 
 		debug("Local forwarding listening on %s port %s.",
 		    ntop, strport);
@@ -3108,13 +3110,8 @@
 					continue;
 				}
 			}
-#ifdef IPV6_V6ONLY
-			if (ai->ai_family == AF_INET6) {
-				int on = 1;
-				if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) < 0)
-					error("setsockopt IPV6_V6ONLY: %.100s", strerror(errno));
-			}
-#endif
+			if (ai->ai_family == AF_INET6)
+				sock_set_v6only(sock);
 			if (x11_use_localhost)
 				channel_set_reuseaddr(sock);
 			if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {
Index: openssh/misc.c
diff -u openssh/misc.c:1.89 openssh/misc.c:1.90
--- openssh/misc.c:1.89	Sun Feb 22 08:47:02 2009
+++ openssh/misc.c	Wed Nov 18 17:48:30 2009
@@ -849,3 +849,14 @@
 	tv->tv_usec = (ms % 1000) * 1000;
 }
 
+void
+sock_set_v6only(int s)
+{
+#ifdef IPV6_V6ONLY
+	int on = 1;
+
+	debug3("%s: set socket %d IPV6_V6ONLY", __func__, s);
+	if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) == -1)
+		error("setsockopt IPV6_V6ONLY: %s", strerror(errno));
+#endif
+}
Index: openssh/misc.h
diff -u openssh/misc.h:1.41 openssh/misc.h:1.42
--- openssh/misc.h:1.41	Fri Jun 13 06:42:45 2008
+++ openssh/misc.h	Wed Nov 18 17:48:30 2009
@@ -35,6 +35,7 @@
 void	 sanitise_stdfd(void);
 void	 ms_subtract_diff(struct timeval *, int *);
 void	 ms_to_timeval(struct timeval *, int);
+void	 sock_set_v6only(int);
 
 struct passwd *pwcopy(struct passwd *);
 const char *ssh_gai_strerror(int);
Index: openssh/sshd.c
diff -u openssh/sshd.c:1.386 openssh/sshd.c:1.387
--- openssh/sshd.c:1.386	Sun Jun 21 20:26:17 2009
+++ openssh/sshd.c	Wed Nov 18 17:48:30 2009
@@ -979,15 +979,9 @@
 		    &on, sizeof(on)) == -1)
 			error("setsockopt SO_REUSEADDR: %s", strerror(errno));
 
-#ifdef IPV6_V6ONLY
 		/* Only communicate in IPv6 over AF_INET6 sockets. */
-		if (ai->ai_family == AF_INET6) {
-			if (setsockopt(listen_sock, IPPROTO_IPV6, IPV6_V6ONLY,
-			    &on, sizeof(on)) == -1)
-				error("setsockopt IPV6_V6ONLY: %s",
-				    strerror(errno));
-		}
-#endif
+		if (ai->ai_family == AF_INET6)
+			sock_set_v6only(listen_sock);
 
 		debug("Bind to port %s on %s.", strport, ntop);
 

-- 
Darren Tucker (dtucker at zip.com.au)
GPG key 8FF4FA69 / D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.