#207651 - ssh: netstat reports wrong source IP and claims tcp6

Debian Bug report logs - #207651
ssh: netstat reports wrong source IP and claims tcp6

Reported by: Mario Lang <[email protected]>

Date: Thu, 28 Aug 2003 14:48:05 UTC

Severity: wishlist

Found in version 1:3.6.1p2-5

Display info messages

Report forwarded to [email protected], Matthew Vernon <[email protected]>:
Bug#207651; Package ssh. (full text, mbox, link).

Acknowledgement sent to Mario Lang <[email protected]>:
New Bug report received and forwarded. Copy sent to Matthew Vernon <[email protected]>. (full text, mbox, link).

Package: ssh Version: 1:3.6.1p2-5 Severity: important I just noticed something very strange. When I execute netstat -np|grep :22 on my home machine, it reports a wrong source IP, and it reports that this is an tcp6 connection, which it isn't: # netstat -np|grep :22 tcp6 0 0 ::ffff:80.109.223.66:22 ::ffff:129.27.9.7:41517 ESTABLISHED13566/sshd: mlang [ My true source IP is 129.27.9.73. This is reported correctly by netstat, when for instance looking at a connection to port 80: # netstat -np|grep 66:80 tcp 0 0 80.109.223.66:80 129.27.9.73:41554 ESTABLISHED22520/apache The ssh connection was initiated without any extra fluff. Just ssh user@hostname This is reproducible, and only happens with sshd to my knowledge. -- System Information Debian Release: testing/unstable Kernel Version: Linux lexx 2.4.19 #1 Thu Aug 29 15:11:07 CEST 2002 i686 GNU/Linux Versions of the packages ssh depends on: ii adduser 3.50 Add and remove users and groups ii debconf 1.2.42 Debian configuration management system ii libc6 2.3.2-2 GNU C Library: Shared libraries and Timezone ii libpam-modules 0.76-12 Pluggable Authentication Modules for PAM ii libpam0g 0.76-12 Pluggable Authentication Modules library ii libssl0.9.7 0.9.7b-2 SSL shared libraries ii libwrap0 7.6-ipv6.1-3 Wietse Venema's TCP wrappers library ii zlib1g 1.1.4-13 compression library - runtime -- CYa, Mario

Information forwarded to [email protected], Matthew Vernon <[email protected]>:
Bug#207651; Package ssh. (full text, mbox, link).

Acknowledgement sent to Colin Watson <[email protected]>:
Extra info received and forwarded to list. Copy sent to Matthew Vernon <[email protected]>. (full text, mbox, link).

severity 207651 wishlist thanks On Thu, Aug 28, 2003 at 04:42:34PM +0200, Mario Lang wrote: > Package: ssh > Version: 1:3.6.1p2-5 > Severity: important > > I just noticed something very strange. > > When I execute netstat -np|grep :22 on my home machine, > it reports a wrong source IP, and it reports that this is an > tcp6 connection, which it isn't: > > # netstat -np|grep :22 > tcp6 0 0 ::ffff:80.109.223.66:22 ::ffff:129.27.9.7:41517 ESTABLISHED13566/sshd: mlang [ sshd is mapping IPv4 addresses into the region of IPv6 reserved for IPv4 compatibility. This is a little weird, but normal on machines that have IPv6 support. > My true source IP is 129.27.9.73. I think you'll find that netstat is truncating the IPv6-mapped version, "::ffff:129.27.9.73", in order to fit it into the allotted space. The truncation might be a bug in net-tools. Other than that I'm afraid I don't see any bug here, so I'm downgrading to wishlist for now. Could you elaborate on what problem you think merits an important bug? Thanks, -- Colin Watson [[email protected]]

Severity set to `wishlist'. Request was from Colin Watson <[email protected]> to [email protected]. (full text, mbox, link).

Debian bug tracking system administrator <[email protected]>. Last modified: Tue May 13 15:49:30 2025; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU General Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Debian Bug report logs - #207651 ssh: netstat reports wrong source IP and claims tcp6

Debian Bug report logs - #207651
ssh: netstat reports wrong source IP and claims tcp6