- (djm) [channels.c misc.c misc.h sshd.c] add missing setsockopt() to

   set IPV6_V6ONLY for local forwarding with GatwayPorts=yes. Unify
   setting IPV6_V6ONLY behind a new function misc.c:sock_set_v6only()
   report and fix from jan.kratochvil AT redhat.com

diff --git a/ChangeLog b/ChangeLog
index 9a17b25ae9ebe2184c064657b64edac4666a7d4c..c2e6cadc679315e07517cc79acd840c0d5ec8e04 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+20091107
+ - (djm) [channels.c misc.c misc.h sshd.c] add missing setsockopt() to
+   set IPV6_V6ONLY for local forwarding with GatwayPorts=yes. Unify
+   setting IPV6_V6ONLY behind a new function misc.c:sock_set_v6only()
+   report and fix from jan.kratochvil AT redhat.com
+
 20091107
  - (dtucker) [authfile.c] Fall back to 3DES for the encryption of private
     keys when built with OpenSSL versions that don't do AES.

diff --git a/channels.c b/channels.c
index e8b8aa07e16eb91897a1acf424a44f538c959f55..22e7f628b0302bf5f0418d1cfbc05457ffd3a128 100644 (file)
--- a/channels.c
+++ b/channels.c
@@ -2577,6 +2577,8 @@ channel_setup_fwd_listener(int type, const char *listen_addr,
                }
 
                channel_set_reuseaddr(sock);
+               if (ai->ai_family == AF_INET6)
+                       sock_set_v6only(sock);
 
                debug("Local forwarding listening on %s port %s.",
                    ntop, strport);
@@ -3108,13 +3110,8 @@ x11_create_display_inet(int x11_display_offset, int x11_use_localhost,
                                        continue;
                                }
                        }
-#ifdef IPV6_V6ONLY
-                       if (ai->ai_family == AF_INET6) {
-                               int on = 1;
-                               if (setsockopt(sock, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) < 0)
-                                       error("setsockopt IPV6_V6ONLY: %.100s", strerror(errno));
-                       }
-#endif
+                       if (ai->ai_family == AF_INET6)
+                               sock_set_v6only(sock);
                        if (x11_use_localhost)
                                channel_set_reuseaddr(sock);
                        if (bind(sock, ai->ai_addr, ai->ai_addrlen) < 0) {

diff --git a/misc.c b/misc.c
index 143dbf0e2d019aa097e642d9854e60c5274a080e..4dc152310055f0b4c106c89fe94c97e62a55423c 100644 (file)
--- a/misc.c
+++ b/misc.c
@@ -849,3 +849,14 @@ ms_to_timeval(struct timeval *tv, int ms)
        tv->tv_usec = (ms % 1000) * 1000;
 }
 
+void
+sock_set_v6only(int s)
+{
+#ifdef IPV6_V6ONLY
+       int on = 1;
+
+       debug3("%s: set socket %d IPV6_V6ONLY", __func__, s);
+       if (setsockopt(s, IPPROTO_IPV6, IPV6_V6ONLY, &on, sizeof(on)) == -1)
+               error("setsockopt IPV6_V6ONLY: %s", strerror(errno));
+#endif
+}

diff --git a/misc.h b/misc.h
index 5da170d2fd82f402a469ca858b6bcedef039bd50..e26b0aaff67b947a7ebe82d79d9eaa53cc811130 100644 (file)
--- a/misc.h
+++ b/misc.h
@@ -35,6 +35,7 @@ char  *tohex(const void *, size_t);
 void    sanitise_stdfd(void);
 void    ms_subtract_diff(struct timeval *, int *);
 void    ms_to_timeval(struct timeval *, int);
+void    sock_set_v6only(int);
 
 struct passwd *pwcopy(struct passwd *);
 const char *ssh_gai_strerror(int);

diff --git a/sshd.c b/sshd.c
index 13a455d1feefdd8565bd2bb075eb07b483ef9a54..04d8f9fa090d03fe74793d393472531d0d3c63c3 100644 (file)
--- a/sshd.c
+++ b/sshd.c
@@ -979,15 +979,9 @@ server_listen(void)
                    &on, sizeof(on)) == -1)
                        error("setsockopt SO_REUSEADDR: %s", strerror(errno));
 
-#ifdef IPV6_V6ONLY
                /* Only communicate in IPv6 over AF_INET6 sockets. */
-               if (ai->ai_family == AF_INET6) {
-                       if (setsockopt(listen_sock, IPPROTO_IPV6, IPV6_V6ONLY,
-                           &on, sizeof(on)) == -1)
-                               error("setsockopt IPV6_V6ONLY: %s",
-                                   strerror(errno));
-               }
-#endif
+               if (ai->ai_family == AF_INET6)
+                       sock_set_v6only(listen_sock);
 
                debug("Bind to port %s on %s.", strport, ntop);