I gave in and built my own SLAB kernel and modules; I'm not too happy with the result (suspend works but I've had some lockups that I'm blaming the video driver for for now) but I'm going to move forward with it anyway.
Had a near miss with noticing that Gutsy's ssh supports setting GSSAPITrustDns=no but the documentation points out that this just means passing the value to GSSAPI... which then goes back out to DNS to (mis)canonicalize it anyway, which misses the point, and lets me get back to work on this project :-)
A bunch of grinding, and discovering the need to copy the {{{struct addrinfo}}} and the contained ai_addr in the cache, and I've got a successful, if crude, tool...
Given strdup I'm sort of surprised not to find a corresponding memdup, so I put one in. (The code would be more readable with a gnu-style xstrdup and xmemdup so maybe I'll add those later; for now the debugging code still gets in the way...)
Current state: grabs the IPv4 address that the first getaddrinfo call returns, as it goes by, and saves it; when getnameinfo is called with that address, stuff the originally-supplied name in the result, over the result that actually came back.
However, those can wait until I get some feedback - it now accomplishes the primary goal, which was to let me drop my hack-and-slash patches to ssh and just maintain a separate module. Think of it as "Aspect Oriented Programming... in C" :-)
A quick ltrace points out that it's just getaddrinfo and getnameinfo...
Thinking about the problem a little more, an easy way to do this without full hostalias style configuration is to simply "sniff" the getaddrinfo result, and provide a fake getnameinfo when it comes back. For a brutally simple first cut (again based on the strace results) we won't even try to maintain an in-memory database - we'll just stash the first value we see go by, and report that we're doing so.
To find an example for testing,
{{{ for cmd in /usr/bin/; do
fi; done }}}
Sadly, pretty much all of these are either inconvenient to run for a simple test, or do something else by default, so it ends up being easiest to just test ssh itself (though if that gets in the way, writing a little test program is the obvious step.)
Hmm, got stuck a little on the first wrap attempt returning EAI_NONAME; gdb helped show that it was doing what I expected, which was unenlightening... but I wish I had gdb --args years ago...
LD_PRELOAD=./falsely_symmetric.so gdb --args /usr/bin/ssh HOST -p XXX id
Turns out that explicitly referencing /lib/libc.so.6 is inaccurate; ldd shows that libc.so.6 in this particular ssh instance is actually resolving to /lib/tls/i686/cmov/libc.so.6 which is a different build... instead, using the path-searching libc.so.6 in the dlopen call works.
While digging, I realized I could test the concept by looking for a return of the "wrong" answer from getnameinfo and staple in the replacement; this appears to be partly successful, but wasn't enough by itself. Another round with ltrace appears to show that it's doing the right thing, but using the "wrong" GSSAPI name... however, that's on the current (Ubuntu 6.06LTS) version of ssh. I shoveled the library over to an etch system, and it worked there! Since I'm going to move to Ubuntu 7.10 as soon as the fglrx vs. SLUB issue is resolved, I won't try subverting things more deeply and just wait until I'm on the far side.
Idea: try an ldpreload hostname hack for ssh, instead of custom builds, for machines with NAT tunnels (as posted to hiveminder)
(Also handles otherwise inconsistent reverse DNS.)