Skip site navigation (1)Skip section navigation (2)
Date:      Sat, 22 Dec 2018 02:55:00 +0300
From:      Yuri Pankov <yuripv@yuripv.net>
To:        =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= <des@FreeBSD.org>
Cc:        freebsd-current <current@freebsd.org>
Subject:   workaround for VMware WS NAT bug triggered by OpenSSH 7.8p1 changes
Message-ID:  <7c62852d-8be2-e351-99ba-d9e85f4c8a71@yuripv.net>

next in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--TqPqiUNwPUb4a2XM8oPk8mDB5mLAFV03B
Content-Type: multipart/mixed; boundary="U4ybSsOLfMyrv5BMcnAylgrTt8f3Jn1iC";
 protected-headers="v1"
From: Yuri Pankov <yuripv@yuripv.net>
To: =?UTF-8?Q?Dag-Erling_Sm=c3=b8rgrav?= <des@FreeBSD.org>
Cc: freebsd-current <current@freebsd.org>
Message-ID: <7c62852d-8be2-e351-99ba-d9e85f4c8a71@yuripv.net>
Subject: workaround for VMware WS NAT bug triggered by OpenSSH 7.8p1 changes

--U4ybSsOLfMyrv5BMcnAylgrTt8f3Jn1iC
Content-Type: multipart/mixed;
 boundary="------------B62CC6903F713B5198EED8DA"
Content-Language: en-US

This is a multi-part message in MIME format.
--------------B62CC6903F713B5198EED8DA
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: quoted-printable

Hi,

There's apparently a bug in VMware Workstation NAT implementation, made
visible by the change to default values of IPQoS in OpenSSH 7.8p1,
making all ssh connections from the guest behind the NAT to fail with
obscure "Fssh_packet_write_wait: Connection to 192.168.1.53 port 22:
Broken pipe".

I wonder if we could integrate the attached patch (or some smarter
version of it) for the time being as the bug affects several major WS
releases, and it's not immediately clear where the problem is.

The change itself:

https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/readconf.c#rev1=
=2E284

The bug reports (some of them):

https://bugzilla.redhat.com/show_bug.cgi?id=3D1624437
https://communities.vmware.com/message/2803219#2803219

The patch itself is attached.

--------------B62CC6903F713B5198EED8DA
Content-Type: text/plain; charset=UTF-8;
 name="vmwssh.diff"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
 filename="vmwssh.diff"

ZGlmZiAtLWdpdCBhL2NyeXB0by9vcGVuc3NoL3JlYWRjb25mLmMgYi9jcnlwdG8vb3BlbnNz
aC9yZWFkY29uZi5jCmluZGV4IGY5N2E2YWM3MmE5NS4uOWVkNjkwMmEwZjQ2IDEwMDY0NAot
LS0gYS9jcnlwdG8vb3BlbnNzaC9yZWFkY29uZi5jCisrKyBiL2NyeXB0by9vcGVuc3NoL3Jl
YWRjb25mLmMKQEAgLTE2LDYgKzE2LDkgQEAKIF9fUkNTSUQoIiRGcmVlQlNEJCIpOwogCiAj
aW5jbHVkZSA8c3lzL3R5cGVzLmg+CisjaWZkZWYgVk1XQVJFX0dVRVNUX1dPUktBUk9VTkQK
KyNpbmNsdWRlIDxzeXMvc3lzY3RsLmg+CisjZW5kaWYKICNpbmNsdWRlIDxzeXMvc3RhdC5o
PgogI2luY2x1ZGUgPHN5cy9zb2NrZXQuaD4KICNpbmNsdWRlIDxzeXMvd2FpdC5oPgpAQCAt
MTk1NCw2ICsxOTU3LDE1IEBAIGZpbGxfZGVmYXVsdF9vcHRpb25zKE9wdGlvbnMgKiBvcHRp
b25zKQogewogCWNoYXIgKmFsbF9jaXBoZXIsICphbGxfbWFjLCAqYWxsX2tleCwgKmFsbF9r
ZXk7CiAJaW50IHI7CisjaWZkZWYgVk1XQVJFX0dVRVNUX1dPUktBUk9VTkQKKwljaGFyIHNj
dmFsWzddOwkvKiAidm13YXJlXDAiICovCisJc2l6ZV90IHNjc2l6ID0gc2l6ZW9mKHNjdmFs
KTsKKwlpbnQgdm13Z3Vlc3QgPSAwOworCisJaWYgKHN5c2N0bGJ5bmFtZSgia2Vybi52bV9n
dWVzdCIsIHNjdmFsLCAmc2NzaXosIE5VTEwsIDApID09IDAgJiYKKwkgICAgc3RyY21wKHNj
dmFsLCAidm13YXJlIikgPT0gMCkKKwkJdm13Z3Vlc3QgPSAxOworI2VuZGlmCiAKIAlpZiAo
b3B0aW9ucy0+Zm9yd2FyZF9hZ2VudCA9PSAtMSkKIAkJb3B0aW9ucy0+Zm9yd2FyZF9hZ2Vu
dCA9IDA7CkBAIC0yMDg4LDggKzIxMDAsMTggQEAgZmlsbF9kZWZhdWx0X29wdGlvbnMoT3B0
aW9ucyAqIG9wdGlvbnMpCiAJaWYgKG9wdGlvbnMtPnZpc3VhbF9ob3N0X2tleSA9PSAtMSkK
IAkJb3B0aW9ucy0+dmlzdWFsX2hvc3Rfa2V5ID0gMDsKIAlpZiAob3B0aW9ucy0+aXBfcW9z
X2ludGVyYWN0aXZlID09IC0xKQorI2lmZGVmIFZNV0FSRV9HVUVTVF9XT1JLQVJPVU5ECisJ
CWlmICh2bXdndWVzdCkKKwkJCW9wdGlvbnMtPmlwX3Fvc19pbnRlcmFjdGl2ZSA9IElQVE9T
X0xPV0RFTEFZOworCQllbHNlCisjZW5kaWYKIAkJb3B0aW9ucy0+aXBfcW9zX2ludGVyYWN0
aXZlID0gSVBUT1NfRFNDUF9BRjIxOwogCWlmIChvcHRpb25zLT5pcF9xb3NfYnVsayA9PSAt
MSkKKyNpZmRlZiBWTVdBUkVfR1VFU1RfV09SS0FST1VORAorCQlpZiAodm13Z3Vlc3QpCisJ
CQlvcHRpb25zLT5pcF9xb3NfYnVsayA9IElQVE9TX1RIUk9VR0hQVVQ7CisJCWVsc2UKKyNl
bmRpZgogCQlvcHRpb25zLT5pcF9xb3NfYnVsayA9IElQVE9TX0RTQ1BfQ1MxOwogCWlmIChv
cHRpb25zLT5yZXF1ZXN0X3R0eSA9PSAtMSkKIAkJb3B0aW9ucy0+cmVxdWVzdF90dHkgPSBS
RVFVRVNUX1RUWV9BVVRPOwpkaWZmIC0tZ2l0IGEvc2VjdXJlL3Vzci5iaW4vc3NoL01ha2Vm
aWxlIGIvc2VjdXJlL3Vzci5iaW4vc3NoL01ha2VmaWxlCmluZGV4IDYxNGNjNzYyN2ZjNS4u
MDIzZmE0YTU1YmU5IDEwMDY0NAotLS0gYS9zZWN1cmUvdXNyLmJpbi9zc2gvTWFrZWZpbGUK
KysrIGIvc2VjdXJlL3Vzci5iaW4vc3NoL01ha2VmaWxlCkBAIC0zNyw2ICszNyw5IEBAIExJ
QkFERCs9CWNyeXB0bwogQ0ZMQUdTKz0gLURYQVVUSF9QQVRIPVwiJHtMT0NBTEJBU0V9L2Jp
bi94YXV0aFwiCiAuZW5kaWYKIAorIyBXb3JrYXJvdW5kIFZNd2FyZSBXb3Jrc3RhdGlvbiBO
QVQgYnVnCitDRkxBR1MrPS1EVk1XQVJFX0dVRVNUX1dPUktBUk9VTkQKKwogLmluY2x1ZGUg
PGJzZC5wcm9nLm1rPgogCiAuUEFUSDoJJHtTU0hESVJ9Cg==
--------------B62CC6903F713B5198EED8DA--

--U4ybSsOLfMyrv5BMcnAylgrTt8f3Jn1iC--

--TqPqiUNwPUb4a2XM8oPk8mDB5mLAFV03B
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEE+Gq3PsPeLT4tL/9wk4vgf7Eq4WwFAlwdfVQACgkQk4vgf7Eq
4WwxUQf/cXDPiKQH/XMwnusDJ4QVJ8lN0Yzlz+oEmST55yOaCo+fgmS5orfVhpCS
V0f00O/4QDcQV7Dci2/oVSlWpbk8JOKOfucJZy/G4u5tQZexd8XS1sfvZvjbKPeX
0+Xb5/AeZLAmaZsqq+TElEvM/j8CUgd8ERqKTZJdsOLgnOu6rVhmjlw/IVkwyBUK
GPe8F0CqEFoQlCpF1KX2Viuo/Nrmnt1lizQZDrNK7KeML664SxEpk3Y4tW4HaEg+
Bo6OHBrnA1sO68bruOTNXWxp7CuGetLS8aj24BYXPh2ADCdvcLC7jRPSbhWSS/9X
biaBChL01Mpu+RlWJiBsHqan7w2rRg==
=M0Di
-----END PGP SIGNATURE-----

--TqPqiUNwPUb4a2XM8oPk8mDB5mLAFV03B--



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?7c62852d-8be2-e351-99ba-d9e85f4c8a71>