Hi,
I make yesterday some tcpdump of ssh interactive and non-interactive
sessions between machines using Debian 13.
I was checking the IPv6 DSCP field and seen unknown values from
Wireshark dissector. I came to debian openssh sources, and it keeps
reverting a 2019 OpenSSH change "as a temporary fix" because there is
bad interactions with iptables -m tos and VMWare Player (has been fixed
in 2019). On the iptables side, the situation is unclear for me.
* This debian bug let me think there is no change considered by
upstream (netfilter developers) nor debian patch produced.
* openssh debian package keep applying
debian/patches/revert-ipqos-defaults.patch
o It is the solution of
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=923879
* I don't really know the burden around the old TOS to DSCP transition
* I don't even know if this topic was ever relevant in an IPv6 context
* I can't really find a matching bug in upstream bugzilla. I asked
today an account creation there.
Having very little old background on this topic, I see "wrong DSCP
values" (as undeclared in official DSCP registry :
https://www.iana.org/assignments/dscp-registry/dscp-registry.xhtml) on
current debian openssh default configurations, waiting after iptables fix.
Is someone know on which bug number this have been ever reported
upstream ? I can't find with "tos" keyword in Open or Closed tickets
after 2019.
Thanks for all the fishes,
--
Ludovic Pouzenc
www.pouzenc.fr
