Re: sshd 7.8p1 close connection from VMware Fusion NAT Port Forwarding

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 

confirmed that sshd 7.7p1 with "IPQoS af21 cs1" also closed connection.

On Tue, Aug 28, 2018 at 6:19 PM Stuart Henderson <stu@xxxxxxxxxxxxxxx>
wrote:

> On 2018/08/28 14:17, Damien Miller wrote:
> > On Mon, 27 Aug 2018, Stuart Henderson wrote:
> >
> > > On 2018-08-27, Zach Cheung <kuroro.zhang@xxxxxxxxx> wrote:
> > > > After upgrading my VMware Fusion (10.1.3) Arch Guest to the latest
> with
> > > > OpenSSH upgraded from 7.7p1 to 7.8p1, found that ssh from macOS
> Sierra
> > > > (10.12.6) host to Arch guest via local NAT port forwarding failed,
> but via
> > > > Arch LAN IP worked, downgraded OpenSSH from 7.8p1 to 7.7p1 fixed the
> > > > problem.
> > > >
> > > > Any idea about this bug?
> > >
> > > I bet it is the QoS change. Try "IPQoS lowdelay,throughput".
> >
> > Do you have any insight into what is breaking here? I don't believe
> > changing the default DSCP values should break connections...
>
> I think it's probably a NAT bug in VMware Fusion. tcpdump might
> give more clues as to how it's broken (maybe it's mangling packets,
> maybe it's just rejecting them) but actually fixing it would need
> VMware's involvement.
>
> Short description: OpenSSH 7.8 started marking packets with DSCP
> (af21 for interactive, cs1 for bulk) instead of IP TOS ("lowdelay"
> for interactive, "throughput" for bulk). VMware Fusion with NAT
> port-forwarding to sshd in the guest fails with OpenSSH 7.8.
> It should be possible to replicate this failure with older OpenSSH
> (6.0 or newer) by using "IPQoS af21 cs1" in sshd_config in the guest.
>
> Unless any VMware people are reading this, it's probably best if one
> of their customers reports it as a bug, I can't imagine it would be
> that complicated to fix, the problem will be getting the report past
> front-line support and on to the right person.
>
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev@xxxxxxxxxxx
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux