Date: Tue, 15 Feb 2000 21:34:05 +0900 (JST) From: sumikawa@ebina.hitachi.co.jp To: torstenb@vmunix.org, Arjan.deVet@adv.iae.nl Cc: sumikawa@ebina.hitachi.co.jp Subject: Re: ssh IPv6 changes cause bad interactive behavior? Message-ID: <200002151234.VAA59929@prince.net.ebina.hitachi.co.jp> In-Reply-To: <20000214200501.A11734@adv.iae.nl> References: <20000214200501.A11734@adv.iae.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
Arjan> Now I noticed something strange: when logged in into a remote machine Arjan> and running mutt the cursor keys do not get recognized anymore most of Arjan> the time. I did a tcpdump and two packets are being sent but the second Arjan> packet waits for the acknowledgement of the first packet. Arjan> I looked into the patch-?? files and it turns out that patch-al and Arjan> patch-bk have #if 0 ... #endif around the TCP_NODELAY and similar Arjan> setsockopt calls. After removing these #if 0's I got the normal behavior Arjan> back again. #if 0 ... #endif are for OSes which does not support TCP_NODELAY of IPv6 TCP. We must remove it since FreeBSD-current support it. Torsten, I attached the patch for patch-al. It also fixes the bug that IPv4-only kernel can't connect to a dualstack host and restore old compatibility codes.(See, http://www.freebsd.org/cgi/cvsweb.cgi/ports/security/ssh/patches/patch-al?rev=1.8) And please remove patch-bk. It is not necessary. --- Munechika SUMIKAWA @ KAME Project / FreeBSD.org Index: patch-al =================================================================== RCS file: /home/ncvs/ports/security/ssh/patches/patch-al,v retrieving revision 1.9 diff -u -r1.9 patch-al --- patch-al 2000/01/14 19:37:34 1.9 +++ patch-al 2000/02/15 12:31:21 @@ -1,5 +1,5 @@ -*** sshconnect.c.orig Wed May 12 13:19:29 1999 ---- sshconnect.c Wed Jan 12 00:34:55 2000 +*** sshconnect.c.orig Wed May 12 20:19:29 1999 +--- sshconnect.c Tue Feb 15 20:33:49 2000 *************** *** 337,343 **** @@ -18,7 +18,7 @@ int sock; *************** -*** 345,385 **** +*** 345,387 **** bind our own socket to a privileged port. */ if (privileged) { @@ -28,7 +28,7 @@ { ! sock = socket(AF_INET, SOCK_STREAM, 0); if (sock < 0) - fatal("socket: %.100s", strerror(errno)); +! fatal("socket: %.100s", strerror(errno)); ! /* Initialize the desired sockaddr_in structure. */ ! memset(&sin, 0, sizeof(sin)); @@ -49,7 +49,7 @@ close(sock); continue; } - fatal("bind: %.100s", strerror(errno)); +! fatal("bind: %.100s", strerror(errno)); } debug("Allocated local port %d.", p); } @@ -58,9 +58,11 @@ /* Just create an ordinary socket on arbitrary port. */ ! sock = socket(AF_INET, SOCK_STREAM, 0); if (sock < 0) - fatal("socket: %.100s", strerror(errno)); +! fatal("socket: %.100s", strerror(errno)); } ---- 345,392 ---- + return sock; + } +--- 345,401 ---- bind our own socket to a privileged port. */ if (privileged) { @@ -68,11 +70,17 @@ ! int errgai; ! char strport[PORTSTRLEN]; int p; ++ #if (defined(__OpenBSD__) || defined(__FreeBSD__)) && !defined(SOCKS) ++ p = 1023; /* Compat with old FreeBSD */ ++ sock = rresvport_af(&p, family); ++ if (sock < 0) ++ error("rresvport_af: %.100s", strerror(errno)); ++ #else for (p = 1023; p > 512; p--) { ! sock = socket(family, SOCK_STREAM, 0); if (sock < 0) - fatal("socket: %.100s", strerror(errno)); +! error("socket: %.100s", strerror(errno)); ! /* Initialize the desired addrinfo structure. */ ! memset(&hints, 0, sizeof(hints)); @@ -81,7 +89,7 @@ ! hints.ai_socktype = SOCK_STREAM; ! sprintf(strport, "%d", p); ! if ((errgai = getaddrinfo(NULL, strport, &hints, &ai)) != 0) -! fatal("getaddrinfo: %.100s", gai_strerror(errgai)); +! error("getaddrinfo: %.100s", gai_strerror(errgai)); /* Try to bind the socket to the privileged port. */ #if defined(SOCKS) @@ -97,18 +105,21 @@ + freeaddrinfo(ai); continue; } - fatal("bind: %.100s", strerror(errno)); +! error("bind: %.100s", strerror(errno)); } - debug("Allocated local port %d.", p); + freeaddrinfo(ai); ++ #endif + debug("Allocated local port %d.", p); } else { /* Just create an ordinary socket on arbitrary port. */ ! sock = socket(family, SOCK_STREAM, 0); if (sock < 0) - fatal("socket: %.100s", strerror(errno)); +! error("socket: %.100s", strerror(errno)); } + return sock; + } *************** *** 396,409 **** the daemon. */ @@ -125,7 +136,7 @@ #if defined(SO_LINGER) && defined(ENABLE_SO_LINGER) struct linger linger; #endif /* SO_LINGER */ ---- 403,421 ---- +--- 410,428 ---- the daemon. */ int ssh_connect(const char *host, int port, int connection_attempts, @@ -157,7 +168,7 @@ /* If a proxy command is given, connect using it. */ if (proxy_command != NULL && *proxy_command) return ssh_proxy_connect(host, port, original_real_uid, proxy_command, ---- 433,438 ---- +--- 440,445 ---- *************** *** 432,440 **** @@ -169,7 +180,7 @@ /* Try to connect several times. On some machines, the first time will sometimes fail. In general socket code appears to behave quite magically on many machines. */ ---- 440,467 ---- +--- 447,474 ---- /* No proxy command. */ @@ -303,7 +314,7 @@ #endif /* SOCKS */ { /* Successful connection. */ ---- 470,496 ---- +--- 477,505 ---- if (attempt > 0) debug("Trying again..."); @@ -322,6 +333,8 @@ sock = ssh_create_socket(original_real_uid, ! !anonymous && geteuid() == UID_ROOT, ! ai->ai_family); +! if (sock < 0) +! continue; /* Connect to the host. */ #if defined(SOCKS) @@ -355,7 +368,7 @@ /* Return failure if we didn't get a successful connection. */ if (attempt >= connection_attempts) ---- 503,517 ---- +--- 512,526 ---- returned an error. */ shutdown(sock, 2); close(sock); @@ -372,20 +385,6 @@ /* Return failure if we didn't get a successful connection. */ if (attempt >= connection_attempts) *************** -*** 578,586 **** ---- 522,532 ---- - /* Set socket options. We would like the socket to disappear as soon as - it has been closed for whatever reason. */ - /* setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, (void *)&on, sizeof(on)); */ -+ #if 0 /* XXX */ - #if defined(TCP_NODELAY) && defined(ENABLE_TCP_NODELAY) - setsockopt(sock, IPPROTO_TCP, TCP_NODELAY, (void *)&on, sizeof(on)); - #endif /* TCP_NODELAY */ -+ #endif /* 0 */ - #if defined(SO_LINGER) && defined(ENABLE_SO_LINGER) - linger.l_onoff = 1; - linger.l_linger = 15; -*************** *** 946,952 **** int ap_opts, ret_stat = 0; krb5_keyblock *session_key = 0; @@ -394,7 +393,7 @@ memset(&auth, 0 , sizeof(auth)); remotehost = (char *) get_canonical_hostname(); ---- 892,898 ---- +--- 899,905 ---- int ap_opts, ret_stat = 0; krb5_keyblock *session_key = 0; krb5_ap_rep_enc_part *repl = 0; To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200002151234.VAA59929>