Date: Sat, 22 Dec 2018 17:58:39 -0800 From: Enji Cooper <yaneurabeya@gmail.com> To: Cy Schubert <Cy.Schubert@cschubert.com> Cc: Yuri Pankov <yuripv@yuripv.net>, Mark Peek <mp@freebsd.org>, Warner Losh <imp@bsdimp.com>, =?utf-8?Q?Dag-Erling_Sm=C3=B8rgrav?= <des@freebsd.org>, freebsd-current <current@freebsd.org> Subject: Re: workaround for VMware WS NAT bug triggered by OpenSSH 7.8p1 changes Message-ID: <82004750-097A-47E5-9981-86B4B7A5F755@gmail.com> In-Reply-To: <201812222103.wBML3C8G053162@slippy.cwsent.com> References: <201812222103.wBML3C8G053162@slippy.cwsent.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--Apple-Mail=_637E3201-9939-4613-85D7-E55AE3063E96 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=utf-8 > On Dec 22, 2018, at 1:03 PM, Cy Schubert <Cy.Schubert@cschubert.com> = wrote: =E2=80=A6 > Regarding the Red Hat bugzilla bug, looks like they're doing the right > thing by reaching out to VMware. This should be our position as well. > Add it to ssh_config or sshd_config if one must but have VMware fix > their bugs. Putting workarounds in our O/S to work around a bug in = some > other vendor's virtualization is something I don't support. If we must > add the #ifdefs to our ssh, then add an UPDATING entry to say that to > enable it put VMWARE_GUEST_WORKAROUND or however we choose to enable = it > in src.conf. This is the reason why I CCed mp@ :).. Mark works for VMware (I worked = with him a bit when I was at Isilon). =E2=80=A6 > We, FreeBSD, should try to open a ticket or reach out to VMware to add > a +1 to the issue that RH has already opened. This is the right thing > to do. In this case we should consider ourselves an O/S vendor too, > which BTW we are. Yes, but unless there=E2=80=99s a champion internal to the project = driving this, it=E2=80=99s up to individual users to drive the bug = report/fix. If, however, there were regular regression tests run with = VMware (and this can be done with pyvmomi/paramiko, etc), then we the = project could provide this guarantee to VMware and vice versa if VMware = invested the time in making this so--which I thought they did with = 10.x=E2=80=A6 but if they don=E2=80=99t have an easy way to verify = changes, there=E2=80=99s a bit of a chicken and egg problem. > BTW the 2018-11-08 entry in the RH bug talks about adding the > workaround to sshd_config. =E2=80=A6 which is what I did instead of making the code change. Thanks so very much for the patch and (more importantly) for the = discussion/solution Yuri!! I really appreciate your unblocking me. Cheers, -Enji --Apple-Mail=_637E3201-9939-4613-85D7-E55AE3063E96 Content-Transfer-Encoding: 7bit Content-Disposition: attachment; filename=signature.asc Content-Type: application/pgp-signature; name=signature.asc Content-Description: Message signed with OpenPGP -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEE5bk3FaGcY5rvqmb79YOpJmkwhhUFAlwe688ACgkQ9YOpJmkw hhWlkQ//WfEx4qPAwnf9GMmh5qYRqV8Dht5GTmiVtJlwLBq/0dCQkq60eWjwSqHR tqNLl7Mysli7IzI30GyutiYeW0vhib7sJkAPb/bGMwESFLkJTUacEKGE4lNIDOdt KhQAUQpom4MYaRicVcEqmoNru2WTkBQ/tVCM67KPalWOjwXGUxpmR6oyR5Fzvr3o FaLTFW7/zC30G77QinMf3lEYew4cemGJkF9Q5BLwu/1f4VyhjjsNMkz3Nq/5a/eb xXiWJUUX5XIDnUtSmyOFC4ThYaMe+6hxe5VB0BEbIjZZCCUEdgL0mZv64DO3am1D bcvYJQ182WINAvgVKHQv3a5947GPErz6Jtv23jx4vcpJWaPZzgUbkgW4Zd+2x48r +iVvwwOzx+2+lEO1I0PVf0gsobxEQ3x1kbX7wxWdXp5AqymFCptYZQOv4DtCqQKa mmxubFtJi6aHJMpeFpPsnfMB4JCiPHrwj65dCsQxxavIw50Znkz6eys6xqH4MUa2 4l9WOFjYMfwf1Ld/8g1rMCnELGrYhk2B4FGnYXlOHOa/cv942dEybwwFtjdwIThG gAp2zkCzQBKWBJ4bmxEH9WNt+6Nc9aCvMncbEnrYKQEmzreyY4t3akDjsabBJ2wb J1FFOnvxUXcvSl16U8DHoGkrVSLpVYRpbhBlzxyfDSzRfbF8aEY= =Bnql -----END PGP SIGNATURE----- --Apple-Mail=_637E3201-9939-4613-85D7-E55AE3063E96--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?82004750-097A-47E5-9981-86B4B7A5F755>