Bug#650521: QoS/DSCP names false translated to ToS hex value

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#650521: QoS/DSCP names false translated to ToS hex value
From: martin f krafft <madduck@debian.org>
Date: Wed, 30 Nov 2011 16:14:28 +0100
Message-id: <[🔎] 20111130151428.GA434@albatross.gern.madduck.net>
Reply-to: martin f krafft <madduck@debian.org>, 650521@bugs.debian.org

Package: openssh-client
Version: 1:5.9p1-2
Severity: normal

In addition to #650512, there is another bug with the way ssh
sets the ToS flag on outgoing packets.

The ToS field (8 bit) is partitioned as follows:

                                       ToS
<---------|---------|---------|---------|--------|---------|---------|--------->
<---------|---------|---------|---------|--------|---------><--------|--------->
                            DSCP                                    ECN

The OpenSSH client currently translates DSCP classes directly into
their hex code and fills the entire ToS field with that. Instead, it
should bitshift the DSCP number by 2 bits to the left and OR it with
the ECN number.

E.g. class cs1 ("throughput", 0x08) becomes "000010|00". When
written directly into the ToS field, that yields a DSCP of 0x02,
which is undefined.

The 0x08 should only be written into the highest 6 bits, and the ToS
field should be 0x20 afterwards.

The same applies to class cs2 ("lowdelay", 0x10), which is written
as 00010000 (DSCP class 0x04, which is also undefined), when instead
it should be 0x40.

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.1.0-1-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_NZ, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages openssh-client depends on:
ii  adduser                3.113              
ii  debconf [debconf-2.0]  1.5.41             
ii  dpkg                   1.16.1.1           
ii  libc6                  2.13-21            
ii  libedit2               2.11-20080614-3    
ii  libgssapi-krb5-2       1.9.1+dfsg-3       
ii  libselinux1            2.1.0-4            
ii  libssl1.0.0            1.0.0e-2.1         
ii  passwd                 1:4.1.4.2+svn3283-3
ii  zlib1g                 1:1.2.3.4.dfsg-3   

Versions of packages openssh-client recommends:
ii  openssh-blacklist        0.4.1    
ii  openssh-blacklist-extra  <none>   
ii  xauth                    1:1.0.6-1

Versions of packages openssh-client suggests:
ii  gtk-led-askpass [ssh-askpass]  0.11-1
ii  keychain                       <none>
ii  libpam-ssh                     <none>
ii  monkeysphere                   0.35-2

-- Configuration Files:
/etc/ssh/ssh_config changed [not included]

-- no debconf information


-- 
 .''`.   martin f. krafft <madduck@d.o>      Related projects:
: :'  :  proud Debian developer               http://debiansystem.info
`. `'`   http://people.debian.org/~madduck    http://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems

Attachment: digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Reply to:

Prev by Date: Bug#650512: IPQoS not honoured
Previous by thread: Bug#650512: IPQoS not honoured
Index(es):
- Date
- Thread