Package: openssh-client Version: 1:5.9p1-2 Severity: normal In addition to #650512, there is another bug with the way ssh sets the ToS flag on outgoing packets. The ToS field (8 bit) is partitioned as follows: ToS <---------|---------|---------|---------|--------|---------|---------|---------> <---------|---------|---------|---------|--------|---------><--------|---------> DSCP ECN The OpenSSH client currently translates DSCP classes directly into their hex code and fills the entire ToS field with that. Instead, it should bitshift the DSCP number by 2 bits to the left and OR it with the ECN number. E.g. class cs1 ("throughput", 0x08) becomes "000010|00". When written directly into the ToS field, that yields a DSCP of 0x02, which is undefined. The 0x08 should only be written into the highest 6 bits, and the ToS field should be 0x20 afterwards. The same applies to class cs2 ("lowdelay", 0x10), which is written as 00010000 (DSCP class 0x04, which is also undefined), when instead it should be 0x40. -- System Information: Debian Release: wheezy/sid APT prefers unstable APT policy: (500, 'unstable'), (1, 'experimental') Architecture: amd64 (x86_64) Kernel: Linux 3.1.0-1-amd64 (SMP w/8 CPU cores) Locale: LANG=en_NZ, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages openssh-client depends on: ii adduser 3.113 ii debconf [debconf-2.0] 1.5.41 ii dpkg 1.16.1.1 ii libc6 2.13-21 ii libedit2 2.11-20080614-3 ii libgssapi-krb5-2 1.9.1+dfsg-3 ii libselinux1 2.1.0-4 ii libssl1.0.0 1.0.0e-2.1 ii passwd 1:4.1.4.2+svn3283-3 ii zlib1g 1:1.2.3.4.dfsg-3 Versions of packages openssh-client recommends: ii openssh-blacklist 0.4.1 ii openssh-blacklist-extra <none> ii xauth 1:1.0.6-1 Versions of packages openssh-client suggests: ii gtk-led-askpass [ssh-askpass] 0.11-1 ii keychain <none> ii libpam-ssh <none> ii monkeysphere 0.35-2 -- Configuration Files: /etc/ssh/ssh_config changed [not included] -- no debconf information -- .''`. martin f. krafft <madduck@d.o> Related projects: : :' : proud Debian developer http://debiansystem.info `. `'` http://people.debian.org/~madduck http://vcs-pkg.org `- Debian - when you have better things to do than fixing systems
Attachment:
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)