From 49d2a2826aec4c0aba41ea76b1bb7fa446d6fd55 Mon Sep 17 00:00:00 2001
From: Damien Miller <djm@mindrot.org>
Date: Sun, 20 Jan 2008 08:56:00 +1100
Subject:  - (djm) Only listen for IPv6 connections on AF_INET6 sockets; patch
 from    tsr2600 AT gmail.com

---
 ChangeLog |  4 +++-
 sshd.c    | 10 ++++++++++
 2 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/ChangeLog b/ChangeLog
index 7f3b0ea9e..cea5164e6 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,8 @@
 20080119
  - (djm) Silence noice from expr in ssh-copy-id; patch from
    mikel AT mikelward.com
+ - (djm) Only listen for IPv6 connections on AF_INET6 sockets; patch from
+   tsr2600 AT gmail.com
 
 20080102
  - (dtucker) [configure.ac] Fix message for -fstack-protector-all test.
@@ -3523,4 +3525,4 @@
    OpenServer 6 and add osr5bigcrypt support so when someone migrates
    passwords between UnixWare and OpenServer they will still work. OK dtucker@
 
-$Id: ChangeLog,v 1.4818 2008/01/19 18:52:04 djm Exp $
+$Id: ChangeLog,v 1.4819 2008/01/19 21:56:00 djm Exp $
diff --git a/sshd.c b/sshd.c
index 9019411ac..27c38ba53 100644
--- a/sshd.c
+++ b/sshd.c
@@ -976,6 +976,16 @@ server_listen(void)
 		    &on, sizeof(on)) == -1)
 			error("setsockopt SO_REUSEADDR: %s", strerror(errno));
 
+#ifdef IPV6_V6ONLY
+		/* Only communicate in IPv6 over AF_INET6 sockets. */
+		if (ai->ai_family == AF_INET6) {
+			if (setsockopt(listen_sock, IPPROTO_IPV6, IPV6_V6ONLY,
+			    &on, sizeof(on)) == -1)
+				error("setsockopt IPV6_V6ONLY: %s",
+				    strerror(errno));
+		}
+#endif
+
 		debug("Bind to port %s on %s.", strport, ntop);
 
 		/* Bind the socket to the desired port. */
-- 
cgit v1.2.3