[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#295731: ssh fails to bind link-scope IPv6 addresses



Le lundi 11 décembre 2006 17:34, vous avez écrit :
> I agree with the problem on bridges but not on a normal system

I cannot agree. It would really suck when the requirement for a scope ID 
would depend on the run-time configuration of the system, and the Linux 
kernel IPv6 implementors probably felt the same. Having to link-local 
is not anymore a router thing; any laptop with both wired and wireless 
access card will have both of them at any given time.

Plus, this is a kernel issue, not a SSH one. And sorry, but in IETF 
terminology, "may" means the implementor is free to do or not do. "if 
known" refers to the fact that the scope ID might have been defined 
already such as while binding the socket to a specific interface.

> Anyway, no standard user reads such RFCs.

No "standard user" uses link-local addresses with any program, because 
no sane system administrator advertises link-local addresses in the 
DNS. Not even ping6 can handle them without explicit interface 
specification. Why should OpenSSH do?

> So if you want to close
> this bug, either document that in getaddrinfo(3) _and_ let the ssh
> manpage refer to that (a normal user does not know that ssh is using
> that function) or document that directly in the ssh manpage.

So then every program that makes use of getaddrinfo (and there are 
probably hundreds of them out there) should document this?! That would 
be competely insane. Besides, why would the SSH documentation know of 
(OS-specific) getaddrinfo() internals?

I surely agree that many IPv6 beginners get caught by the 
helpless "Invalid argument" error message in various IPv6-enabled 
programs, but that's it. Besides, I'm sure that most of these would not 
find the solution in the documentation anyway.

> I don't mind adding an "%eth0" to the address but without
> documentation, it is useless. Some remotely available RFC (that
> doesn't mention the '%') is not sufficient, neither is a reference to
> the some source code snippet.

Nobody told you to use link-local addresses either. That is certainly 
not in "the documentation" except to warn you that it does not work 
like normal addresses.

-- 
Rémi Denis-Courmont

Attachment: pgp7YxkaJJWZz.pgp
Description: PGP signature


Reply to: