Has anyone successfully used the standard FC4 x86_64 RPM version of ssh ( v4.2p1) to connect over IPv6? My attempts result in a TCP checksum error when the client sends the ssh protocol assertion. I have a screenshot of an Ethereal capture of the session that's about 270KB, but I'm not sure what the rules are for posting images/attachments, so I'll hold off on that for now. Here's a synopsis.
Frames 1-3: IPv6 address discovery. Frames 4-6: TCP 3-way handshake. Frame 7: SSH server asserts ssh protocol 2 to client. Frame 8: Client ACKs Frame 7. Frame 9: Client asserts ssh protocol 2 to server. Checksum error! Frame 10: Client retransmits. Checksum error again! and so on until Frame 17: Server gives up and issues FIN/ACK to client.
Another oddity: If I modify the server sshd_config by setting AddressFamily to inet6, it still accepts IPv4 connections (and the IPv6 connection attempt still fails) after restarting sshd.
I'm new to IPv6, so I could certainly have a configuration issue getting in the way here, but ping6 works between the hosts, and the Ethereal capture doesn't show anything out of the ordinary with respect to the source and destination addresses. Before I go and custom build ssh, I'd like verification that the Fedora-supplied ssh rpm actually does or doesn't work straight out of the box under IPv6.
Thanks, Jay
What kernel version are you using?
Jay
On 11/8/05, Per Steinar Iversen PerSteinar.Iversen@hio.no wrote:
On Tue, 8 Nov 2005, Jay Cliburn wrote:
Has anyone successfully used the standard FC4 x86_64 RPM version of ssh
(
v4.2p1) to connect over IPv6?
It works fine for me, also between two FC4 x86_64 machines. No checksum errors observed.
-psi
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
On 11/9/05, Jay Cliburn jlistaddr@gmail.com wrote:
What kernel version are you using?
Jay
On 11/8/05, Per Steinar Iversen PerSteinar.Iversen@hio.no wrote:
On Tue, 8 Nov 2005, Jay Cliburn wrote:
Has anyone successfully used the standard FC4 x86_64 RPM version of
ssh (
v4.2p1) to connect over IPv6?
It works fine for me, also between two FC4 x86_64 machines. No checksum errors observed.
-psi
-- fedora-list mailing list fedora-list@redhat.com To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Ooops! I top posted. Sorry.
Per, what kernel version are you using?
Jay
On Tue, Nov 08, 2005 at 07:54:34AM -0600, Jay Cliburn wrote:
Has anyone successfully used the standard FC4 x86_64 RPM version of ssh ( v4.2p1) to connect over IPv6? My attempts result in a TCP checksum error when the client sends the ssh protocol assertion.
Did you solve this problem? If so, what was the cause? If not, are you using an Intel Gigabit Ethernet NIC (e1000)?
Best regards, Daniel
On 12/19/05, Daniel Roesen dr@cluenet.de wrote:
On Tue, Nov 08, 2005 at 07:54:34AM -0600, Jay Cliburn wrote:
Has anyone successfully used the standard FC4 x86_64 RPM version of ssh ( v4.2p1) to connect over IPv6? My attempts result in a TCP checksum error when the client sends the ssh protocol assertion.
Did you solve this problem? If so, what was the cause? If not, are you using an Intel Gigabit Ethernet NIC (e1000)?
Ah yes... Fond memories of pulling my hair out late at night, whistling down empty holes, unanswered cries for help in the IPv6 wilderness...
Turned out to be a kernel module bug for my via-velocity gigabit ethernet NIC. The VIA Velocity 6122 gigabit chip doesn't support offloaded TCP checksumming under IPv6, but the via-velocity driver distributed with Fedora doesn't make any provision for that -- it assumes offloaded TCP checksumming is always appropriate, no matter the protocol.
I filed a bug over at bugzilla. https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=173760
Jay
On Mon, Dec 19, 2005 at 07:11:19PM -0600, J. K. Cliburn wrote:
Turned out to be a kernel module bug for my via-velocity gigabit ethernet NIC. The VIA Velocity 6122 gigabit chip doesn't support offloaded TCP checksumming under IPv6, but the via-velocity driver distributed with Fedora doesn't make any provision for that -- it assumes offloaded TCP checksumming is always appropriate, no matter the protocol.
Hehe, this is EXACTLY what I thought of too, but I had this problem with e1000. Took me days of troubleshooting to find out what was going on. Fixed by disabling sendfile() support in Apache and ProFTPD.
Best regards, Daniel
-
Daniel Roesen -
J. K. Cliburn -
Jay Cliburn -
Per Steinar Iversen