Mailing List Archive: [Bug 3526] Config option AddressFamily has no effect?

[Bug 3526] Config option AddressFamily has no effect?

bugzilla-daemon at mindrot

Oct 11, 2023, 4:27 PM

Post #1 of 7 (167 views)

https://bugzilla.mindrot.org/show_bug.cgi?id=3526

--- Comment #5 from Damien Miller <djm@mindrot.org> ---
Created attachment 3741
--> https://bugzilla.mindrot.org/attachment.cgi?id=3741&action=edit
filter addresses by AddressFamily at connect time

Please give this patch a try

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 3526] Config option AddressFamily has no effect? [ In reply to ]

bugzilla-daemon at mindrot

Oct 11, 2023, 4:27 PM

Post #2 of 7 (167 views)

https://bugzilla.mindrot.org/show_bug.cgi?id=3526

Damien Miller <djm@mindrot.org> changed:

What |Removed |Added
----------------------------------------------------------------------------
Blocks| |3628

Referenced Bugs:

https://bugzilla.mindrot.org/show_bug.cgi?id=3628
[Bug 3628] tracking bug for openssh-9.6
--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 3526] Config option AddressFamily has no effect? [ In reply to ]

bugzilla-daemon at mindrot

Oct 15, 2023, 3:32 PM

Post #3 of 7 (161 views)

https://bugzilla.mindrot.org/show_bug.cgi?id=3526

--- Comment #6 from nix-muell@gmx.net ---
(In reply to Damien Miller from comment #5)
> Created attachment 3741 [details]
> filter addresses by AddressFamily at connect time
>
> Please give this patch a try

This made ssh skip any address (connect only if an address family has
been specified).
It works exactly as expected, though, when I changed
`options.address_family != -1` to
`options.address_family != 0`
Tested on macOS and Debian 12.

Looking at the code in ssh.c and readconf.c, I too expected -1 to be
correct and certainly do not understand what's going on there.

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 3526] Config option AddressFamily has no effect? [ In reply to ]

bugzilla-daemon at mindrot

Oct 15, 2023, 4:46 PM

Post #4 of 7 (161 views)

https://bugzilla.mindrot.org/show_bug.cgi?id=3526

--- Comment #7 from Damien Miller <djm@mindrot.org> ---
could you try replacing the -1 with AF_UNSPEC?

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 3526] Config option AddressFamily has no effect? [ In reply to ]

bugzilla-daemon at mindrot

Oct 16, 2023, 3:22 PM

Post #5 of 7 (160 views)

https://bugzilla.mindrot.org/show_bug.cgi?id=3526

nix-muell@gmx.net changed:

What |Removed |Added
----------------------------------------------------------------------------
Attachment #3741|0 |1
is obsolete| |

--- Comment #8 from nix-muell@gmx.net ---
Created attachment 3746
--> https://bugzilla.mindrot.org/attachment.cgi?id=3746&action=edit
filter addresses by AddressFamily at connect time

(In reply to Damien Miller from comment #7)
> could you try replacing the -1 with AF_UNSPEC?
Yep, that flies.

Another improvement: If no address matches the configured address
family, the error message would just "failure".
Making it `errno = EAFNOSUPPORT;` (instead of errno = 0) results in a
nice(r) "Address family not supported by protocol family".
Not quite the "Could not resolve hostname" that would result from
non-canonicalized hosts, but better than just plain "failure".

I also think this new if block should be inserted right after the first
one. That would spare otherwise wasted getnameinfo lookups.

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 3526] Config option AddressFamily has no effect? [ In reply to ]

bugzilla-daemon at mindrot

Oct 16, 2023, 3:28 PM

Post #6 of 7 (160 views)

https://bugzilla.mindrot.org/show_bug.cgi?id=3526

--- Comment #9 from nix-muell@gmx.net ---
> Making it `errno = EAFNOSUPPORT;` (instead of errno = 0) results in
> a nice(r) "Address family not supported by protocol family".
Then again, that might be misleading. And platform dependant? Not quite
sure here.

--
You are receiving this mail because:
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs

[Bug 3526] Config option AddressFamily has no effect? [ In reply to ]

bugzilla-daemon at mindrot

Oct 16, 2023, 7:23 PM

Post #7 of 7 (160 views)

https://bugzilla.mindrot.org/show_bug.cgi?id=3526

--- Comment #10 from Damien Miller <djm@mindrot.org> ---
It was after the getnameinfo() block because we need that to do the
name->address conversion

--
You are receiving this mail because:
You are watching someone on the CC list of the bug.
You are watching the assignee of the bug.
_______________________________________________
openssh-bugs mailing list
openssh-bugs@mindrot.org
https://lists.mindrot.org/mailman/listinfo/openssh-bugs