Ubuntu
openssh package

openssh-client / ssh does not set IP Type-of-service field

Bug #1067522 reported by Steve Polyack
34
This bug affects 6 people
Affects Status Importance Assigned to Milestone
openssh (Debian)
Fix Released
Unknown
openssh (Ubuntu)
Fix Released
Medium
Unassigned
Precise
Won't Fix
Medium
Unassigned

Bug Description

The openssh-client bundled with Ubuntu 12.04 fails to set the IP Type of Service field to "minimize delay (0x10)" for interactive SSH sessions. Just about any other flavor of Linux/UNIX does this without any trouble. Even if I attempt to force the setting in /etc/ssh/sshd_config:
    IPQoS lowdelay
The outgoing SSH packets do not have the bit set.

See this example with tcpdump output:

[steve.polyack@galvatron ~]$ sudo tcpdump -i eth0 -vvv -tttt -n 'host 2.2.2.2 && dst port 22'
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
^Z
[1]+ Stopped sudo tcpdump -i eth0 -vvv -tttt -n 'host 2.2.2.2 && dst port 22'
[steve.polyack@galvatron ~]$ bg
[1]+ sudo tcpdump -i eth0 -vvv -tttt -n 'host 2.2.2.2 && dst port 22' &
[steve.polyack@galvatron ~]$ ssh 2.2.2.2
2012-10-16 17:20:39.113321 IP (tos 0x0, ttl 64, id 58664, offset 0, flags [DF], proto TCP (6), length 60)
    1.1.1.1.36127 > 2.2.2.2.22: Flags [S], cksum 0x2dd5 (incorrect -> 0x200d), seq 3930407303, win 14600, options [mss 1460,sackOK,TS val 1670554799 ecr 0,nop,wscale 7], length 0
2012-10-16 17:20:39.298676 IP (tos 0x0, ttl 64, id 58665, offset 0, flags [DF], proto TCP (6), length 52)
    1.1.1.1.36127 > 2.2.2.2.22: Flags [.], cksum 0x2dcd (incorrect -> 0x5cd6), seq 3930407304, ack 1359170341, win 115, options [nop,nop,TS val 1670554846 ecr 2310866035], length 0
2012-10-16 17:20:39.329979 IP (tos 0x0, ttl 64, id 58666, offset 0, flags [DF], proto TCP (6), length 52)
    1.1.1.1.36127 > 2.2.2.2.22: Flags [.], cksum 0x2dcd (incorrect -> 0x5c8c), seq 0, ack 40, win 115, options [nop,nop,TS val 1670554853 ecr 2310866063], length 0
2012-10-16 17:20:39.330082 IP (tos 0x0, ttl 64, id 58667, offset 0, flags [DF], proto TCP (6), length 91)
    1.1.1.1.36127 > 2.2.2.2.22: Flags [P.], cksum 0x2df4 (incorrect -> 0x9e6b), seq 0:39, ack 40, win 115, options [nop,nop,TS val 1670554853 ecr 2310866063], length 39
2012-10-16 17:20:39.759001 IP (tos 0x0, ttl 64, id 58668, offset 0, flags [DF], proto TCP (6), length 1324)
    1.1.1.1.36127 > 2.2.2.2.22: Flags [P.], cksum 0x32c5 (incorrect -> 0x916a), seq 39:1311, ack 776, win 126, options [nop,nop,TS val 1670554961 ecr 2310866492], length 1272

The problem persists even after login, once the SSH session is fully interactive:

2012-10-16 17:20:49.626239 IP (tos 0x0, ttl 64, id 58694, offset 0, flags [DF], proto TCP (6), length 116)
    1.1.1.1.36127 > 2.2.2.2.22: Flags [P.], cksum 0x2e0d (incorrect -> 0xb06e), seq 3479:3543, ack 5344, win 226, options [nop,nop,TS val 1670557427 ecr 2310876270], length 64

This causes problems in environements where QoS is used and IP ToS is obeyed.

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: openssh-client 1:5.9p1-5ubuntu1
ProcVersionSignature: Ubuntu 3.2.0-27.43-generic 3.2.21
Uname: Linux 3.2.0-27-generic x86_64
NonfreeKernelModules: nvidia
ApportVersion: 2.0.1-0ubuntu13
Architecture: amd64
Date: Tue Oct 16 17:14:19 2012
InstallationMedia: Ubuntu 11.04 "Natty Narwhal" - Release amd64 (20110427.1)
ProcEnviron:
 LANGUAGE=en_US:en
 TERM=xterm
 PATH=(custom, no user)
 LANG=en_US.UTF-8
 SHELL=/bin/bash
RelatedPackageVersions:
 ssh-askpass N/A
 libpam-ssh N/A
 keychain N/A
 ssh-askpass-gnome 1:5.9p1-5ubuntu1
SSHClientVersion: OpenSSH_5.9p1 Debian-5ubuntu1, OpenSSL 1.0.1 14 Mar 2012
SourcePackage: openssh
UpgradeStatus: Upgraded to precise on 2012-07-06 (102 days ago)
modified.conffile..etc.ssh.ssh.config: [modified]
mtime.conffile..etc.ssh.ssh.config: 2012-10-05T09:52:10.902327

See original description
Revision history for this message
Steve Polyack (steve-polyack) wrote :
Revision history for this message
Steve Polyack (steve-polyack) wrote :

If I build openssh from source and try it, the ToS bit is set appropriately:

2012-10-16 17:32:16.173736 IP (tos 0x10, ttl 64, id 38386, offset 0, flags [DF], proto TCP (6), length 52)
              1.1.1.1.36327 > 2.2.2.2.22: Flags [.], cksum 0x2dcd (incorrect -> 0x8a18), seq 3101, ack 3736, win 183, options [nop,nop,TS val 1670729064 ecr 2311548502], length 0

Furthermore, the manpage included with Ubuntu for ssh states:
  The default is “lowdelay” for interactive sessions and “throughput” for non-interactive sessions.

description: updated
Revision history for this message
Andreas Wundsam (andiwundsam) wrote :

This is an upstream bug in OpenSSH 5.9p1, that has also been reported for Debian as bug 671075.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=671075

"This is currently broken because a special case in the packet_connection_af function returns a boolean value
instead of an address family."

I have just tested that the patch attached by Nicolas to the debian package fixes the problem.

Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "fix_ip_tos.patch" of this bug report has been identified as being a patch. The ubuntu-reviewers team has been subscribed to the bug report so that they can review the patch. In the event that this is in fact not a patch you can resolve this situation by removing the tag 'patch' from the bug report and editing the attachment so that it is not flagged as a patch. Additionally, if you are member of the ubuntu-reviewers team please also unsubscribe the team from this bug report.

[This is an automated message performed by a Launchpad user owned by Brian Murray. Please contact him regarding any issues with the action taken in this bug report.]

tags: added: patch
Revision history for this message
Serge Hallyn (serge-hallyn) wrote :

Marking this confirmed due to the upstream report.

Thanks for filing the bug, and posting the patch!

Changed in openssh (Ubuntu):
importance: Undecided → Medium
status: New → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in openssh (Debian):
status: Unknown → Fix Released
Revision history for this message
gcc (chris+ubuntu-qwirx) wrote :

Please can we have this update in Ubuntu soon?

Revision history for this message
Tuomas Jormola (tjormola) wrote :

Yes please fix this for precise..

Revision history for this message
Ken Sharp (kennybobs) wrote :

This should be fixed in Quantal+ but is still apparent in Precise. Are there any plans to backport this?

Changed in openssh (Ubuntu):
status: Confirmed → Fix Committed
Colin Watson (cjwatson)
Changed in openssh (Ubuntu Precise):
status: New → Triaged
importance: Undecided → Medium
Changed in openssh (Ubuntu):
status: Fix Committed → Fix Released
Revision history for this message
Steve Langasek (vorlon) wrote :

The Precise Pangolin has reached end of life, so this bug will not be fixed for that release

Changed in openssh (Ubuntu Precise):
status: Triaged → Won't Fix
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.