Created attachment 149652 [details] Patch secure/usr.bin/ssh and crypto/openssh to skip IPv6 addresses I build my world with NO_INET6 set -- until my ISP offers IPv6, there is just no point. After upgrading to 10.1, one of the cronjobs here started to generate (and e-mail) a warning: socket: Address family not supported by protocol family The warning comes from crypto/openssh/sshconnect.c and the attached patch shuts it off. It seems necessary to patch the imported source (of OpenSSH), but I can't think of another way to do it properly... Maybe, the resolver should not return the AAAA-records on non-INET6 systems, but that seems bogus: the records exist and the resolver ought to return them without trying to foresee, how the caller might (mis)use them. Please, review the attached patch. It changes the existing if into a switch making it easier to #ifdef individual options later (some day we might have a NO_INET4 option).
Looks good, but we need to check whether similar changes may be needed elsewhere in the code.
Note that we do have WITHOUT_INET and WITHOUT_INET_SUPPORT src.conf options. I am disinclined to carry a local patch to OpenSSH to implement this. If openssh-portable gains the ability to configure without support for INET or INET6 we could connect it to our bespoke build infrastructure.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=e5ff8e7977434b150a66bb3e472c6d0e0f644cfa commit e5ff8e7977434b150a66bb3e472c6d0e0f644cfa Author: Dag-Erling Smørgrav <des@FreeBSD.org> AuthorDate: 2025-11-04 11:31:48 +0000 Commit: Dag-Erling Smørgrav <des@FreeBSD.org> CommitDate: 2025-11-04 11:31:48 +0000 openssh: Don't try to bind to unsupported addresses When selecting an address to bind to, skip IPv4 addresses if the kernel does not support the inet feature, and IPv6 addresses if the kernel does not support the inet6 feature. PR: 195231 MFC after: 1 week Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D53561 crypto/openssh/sshconnect.c | 6 ++++++ 1 file changed, 6 insertions(+)
Does the original issue still reproduces? I tried building world WITHOUT_INET6, and was not able to reproduce it.
Ah, I should have paid more attention to the error message in the problem description. I think Mikhail misdiagnosed the problem, and my patch doesn't actually do anything useful. I'll revert it for now.
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=96e215ad8173185337cf3057b80f2a0723ca201a commit 96e215ad8173185337cf3057b80f2a0723ca201a Author: Dag-Erling Smørgrav <des@FreeBSD.org> AuthorDate: 2025-11-04 20:13:11 +0000 Commit: Dag-Erling Smørgrav <des@FreeBSD.org> CommitDate: 2025-11-04 20:13:11 +0000 Revert "openssh: Don't try to bind to unsupported addresses" This doesn't actually do anything useful, since getifaddrs() will only return supported addresses. The root cause of the issue described in the PR lies earlier in the connection timeline, around the start of the ssh_create_socket() function. This reverts commit e5ff8e7977434b150a66bb3e472c6d0e0f644cfa. PR: 195231 crypto/openssh/sshconnect.c | 6 ------ 1 file changed, 6 deletions(-)
(In reply to Jose Luis Duran from comment #4) To reproduce the problem, you need a kernel (and optionally world) with either only IPv4 or only IPv6 support and a target that has both A and AAAA records in DNS, and getaddrinfo() must return an unsupported address before any of the supported ones (e.g. AAAA first if you have a kernel with only IPv4), which can be tricky to achieve reliably while testing.
(In reply to Dag-Erling Smørgrav from comment #7) Yes, it is not trivially-reproduced, but that's no reason to revert the fix...
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=5818b6ee552b302f5300934f9b8cb94881867a5f commit 5818b6ee552b302f5300934f9b8cb94881867a5f Author: Dag-Erling Smørgrav <des@FreeBSD.org> AuthorDate: 2025-11-21 06:28:13 +0000 Commit: Dag-Erling Smørgrav <des@FreeBSD.org> CommitDate: 2025-11-21 06:28:24 +0000 openssh: Don't attempt to connect to unsupported addresses When iterating over known addresses for the requested target host name, skip those that are not supported by the running kernel. MFC after: 1 week PR: 195231 Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D53588 crypto/openssh/FREEBSD-upgrade | 7 +++++++ crypto/openssh/sshconnect.c | 9 +++++++++ 2 files changed, 16 insertions(+)
A commit in branch stable/15 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=4004f9a70c10b2e6b8e71595f731605484308e5c commit 4004f9a70c10b2e6b8e71595f731605484308e5c Author: Dag-Erling Smørgrav <des@FreeBSD.org> AuthorDate: 2025-11-21 06:28:13 +0000 Commit: Dag-Erling Smørgrav <des@FreeBSD.org> CommitDate: 2025-11-25 03:18:24 +0000 openssh: Don't attempt to connect to unsupported addresses When iterating over known addresses for the requested target host name, skip those that are not supported by the running kernel. MFC after: 1 week PR: 195231 Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D53588 (cherry picked from commit 5818b6ee552b302f5300934f9b8cb94881867a5f) crypto/openssh/FREEBSD-upgrade | 7 +++++++ crypto/openssh/sshconnect.c | 9 +++++++++ 2 files changed, 16 insertions(+)
A commit in branch stable/14 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=00e4b169f4090e3b4bf1454c989df82d94b7d62e commit 00e4b169f4090e3b4bf1454c989df82d94b7d62e Author: Dag-Erling Smørgrav <des@FreeBSD.org> AuthorDate: 2025-11-21 06:28:13 +0000 Commit: Dag-Erling Smørgrav <des@FreeBSD.org> CommitDate: 2025-11-25 03:19:17 +0000 openssh: Don't attempt to connect to unsupported addresses When iterating over known addresses for the requested target host name, skip those that are not supported by the running kernel. MFC after: 1 week PR: 195231 Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D53588 (cherry picked from commit 5818b6ee552b302f5300934f9b8cb94881867a5f) crypto/openssh/FREEBSD-upgrade | 7 +++++++ crypto/openssh/sshconnect.c | 9 +++++++++ 2 files changed, 16 insertions(+)
A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=f6bd9b266dc4aa342f735a7ade07061f54f7f740 commit f6bd9b266dc4aa342f735a7ade07061f54f7f740 Author: Dag-Erling Smørgrav <des@FreeBSD.org> AuthorDate: 2025-11-21 06:28:13 +0000 Commit: Dag-Erling Smørgrav <des@FreeBSD.org> CommitDate: 2025-11-25 03:19:35 +0000 openssh: Don't attempt to connect to unsupported addresses When iterating over known addresses for the requested target host name, skip those that are not supported by the running kernel. MFC after: 1 week PR: 195231 Reviewed by: emaste Differential Revision: https://reviews.freebsd.org/D53588 (cherry picked from commit 5818b6ee552b302f5300934f9b8cb94881867a5f) crypto/openssh/FREEBSD-upgrade | 6 ++++++ crypto/openssh/sshconnect.c | 9 +++++++++ 2 files changed, 15 insertions(+)