diff --git a/ChangeLog b/ChangeLog
index ce08540bc..250ab58af 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,6 +3,9 @@
    - markus@cvs.openbsd.org  2001/01/29 09:55:37
      [channels.c channels.h clientloop.c serverloop.c]
      fix select overflow; ok deraadt@ and stevesk@
+   - markus@cvs.openbsd.org  2001/01/29 12:42:35
+     [canohost.c canohost.h channels.c clientloop.c]
+     add get_peer_ipaddr(socket), x11-fwd in ssh2 requires ipaddr, not DNS
 
 20000129
  - (stevesk) sftp-server.c: use %lld vs. %qd
diff --git a/canohost.c b/canohost.c
index 9fa33c260..f3a659328 100644
--- a/canohost.c
+++ b/canohost.c
@@ -12,7 +12,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: canohost.c,v 1.18 2001/01/21 19:05:45 markus Exp $");
+RCSID("$OpenBSD: canohost.c,v 1.19 2001/01/29 19:42:33 markus Exp $");
 
 #include "packet.h"
 #include "xmalloc.h"
@@ -187,6 +187,34 @@ get_canonical_hostname()
 	return canonical_host_name;
 }
 
+/*
+ * Returns the remote IP-address of socket as a string.  The returned
+ * string must be freed.
+ */
+
+char *
+get_peer_ipaddr(int socket)
+{
+	struct sockaddr_storage from;
+	socklen_t fromlen;
+	char ntop[NI_MAXHOST];
+
+	/* Get IP address of client. */
+	fromlen = sizeof(from);
+	memset(&from, 0, sizeof(from));
+	if (getpeername(socket, (struct sockaddr *) & from, &fromlen) < 0) {
+		debug("get_peer_ipaddr: getpeername failed: %.100s", strerror(errno));
+		return NULL;
+	}
+	/* Get the IP address in ascii. */
+	if (getnameinfo((struct sockaddr *)&from, fromlen, ntop, sizeof(ntop),
+	     NULL, 0, NI_NUMERICHOST) != 0) {
+		error("get_peer_ipaddr: getnameinfo NI_NUMERICHOST failed");
+		return NULL;
+	}
+	return xstrdup(ntop);
+}
+
 /*
  * Returns the IP-address of the remote host as a string.  The returned
  * string must not be freed.
@@ -196,38 +224,19 @@ const char *
 get_remote_ipaddr()
 {
 	static char *canonical_host_ip = NULL;
-	struct sockaddr_storage from;
-	socklen_t fromlen;
-	int socket;
-	char ntop[NI_MAXHOST];
 
-	/* Check whether we have chached the name. */
-	if (canonical_host_ip != NULL)
-		return canonical_host_ip;
-
-	/* If not a socket, return UNKNOWN. */
-	if (!packet_connection_is_on_socket()) {
-		canonical_host_ip = xstrdup("UNKNOWN");
-		return canonical_host_ip;
+	/* Check whether we have cached the ipaddr. */
+	if (canonical_host_ip == NULL) {
+		if (packet_connection_is_on_socket()) {
+			canonical_host_ip =
+			    get_peer_ipaddr(packet_get_connection_in());
+			if (canonical_host_ip == NULL)
+				fatal_cleanup();
+		} else {
+			/* If not on socket, return UNKNOWN. */
+			canonical_host_ip = xstrdup("UNKNOWN");
+		}
 	}
-	/* Get client socket. */
-	socket = packet_get_connection_in();
-
-	/* Get IP address of client. */
-	fromlen = sizeof(from);
-	memset(&from, 0, sizeof(from));
-	if (getpeername(socket, (struct sockaddr *) & from, &fromlen) < 0) {
-		debug("getpeername failed: %.100s", strerror(errno));
-		fatal_cleanup();
-	}
-	/* Get the IP address in ascii. */
-	if (getnameinfo((struct sockaddr *)&from, fromlen, ntop, sizeof(ntop),
-	     NULL, 0, NI_NUMERICHOST) != 0)
-		fatal("get_remote_hostname: getnameinfo NI_NUMERICHOST failed");
-
-	canonical_host_ip = xstrdup(ntop);
-
-	/* Return ip address string. */
 	return canonical_host_ip;
 }
 
diff --git a/canohost.h b/canohost.h
index ba04c59f5..982ec5949 100644
--- a/canohost.h
+++ b/canohost.h
@@ -1,4 +1,4 @@
-/*	$OpenBSD: canohost.h,v 1.2 2001/01/29 01:58:15 niklas Exp $	*/
+/*	$OpenBSD: canohost.h,v 1.3 2001/01/29 19:42:35 markus Exp $	*/
 
 /*
  * Author: Tatu Ylonen <ylo@cs.hut.fi>
@@ -25,12 +25,13 @@ char   *get_remote_hostname(int socket);
 const char *get_canonical_hostname(void);
 
 /*
- * Returns the remote IP address as an ascii string.  The value need not be
- * freed by the caller.
+ * Returns the IP-address of the remote host as a string.  The returned
+ * string must not be freed.
  */
 const char *get_remote_ipaddr(void);
 
-/* Returns the port number of the peer of the socket. */
+/* Returns the ipaddr/port number of the peer of the socket. */
+char *	get_peer_ipaddr(int socket);
 int     get_peer_port(int sock);
 
 /* Returns the port number of the remote/local host. */
diff --git a/channels.c b/channels.c
index 6aafc3dc3..82a2db05e 100644
--- a/channels.c
+++ b/channels.c
@@ -40,7 +40,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: channels.c,v 1.84 2001/01/29 16:55:36 markus Exp $");
+RCSID("$OpenBSD: channels.c,v 1.85 2001/01/29 19:42:35 markus Exp $");
 
 #include <openssl/rsa.h>
 #include <openssl/dsa.h>
@@ -546,7 +546,7 @@ channel_post_x11_listener(Channel *c, fd_set * readset, fd_set * writeset)
 	struct sockaddr addr;
 	int newsock, newch;
 	socklen_t addrlen;
-	char buf[16384], *remote_hostname;
+	char buf[16384], *remote_ipaddr;
 	int remote_port;
 
 	if (FD_ISSET(c->sock, readset)) {
@@ -557,10 +557,10 @@ channel_post_x11_listener(Channel *c, fd_set * readset, fd_set * writeset)
 			error("accept: %.100s", strerror(errno));
 			return;
 		}
-		remote_hostname = get_remote_hostname(newsock);
+		remote_ipaddr = get_peer_ipaddr(newsock);
 		remote_port = get_peer_port(newsock);
 		snprintf(buf, sizeof buf, "X11 connection from %.200s port %d",
-		    remote_hostname, remote_port);
+		    remote_ipaddr, remote_port);
 
 		newch = channel_new("x11",
 		    SSH_CHANNEL_OPENING, newsock, newsock, -1,
@@ -572,8 +572,8 @@ channel_post_x11_listener(Channel *c, fd_set * readset, fd_set * writeset)
 			packet_put_int(newch);
 			packet_put_int(c->local_window_max);
 			packet_put_int(c->local_maxpacket);
-			/* originator host and port */
-			packet_put_cstring(remote_hostname);
+			/* originator ipaddr and port */
+			packet_put_cstring(remote_ipaddr);
 			if (datafellows & SSH_BUG_X11FWD) {
 				debug("ssh2 x11 bug compat mode");
 			} else {
@@ -587,7 +587,7 @@ channel_post_x11_listener(Channel *c, fd_set * readset, fd_set * writeset)
 				packet_put_string(buf, strlen(buf));
 			packet_send();
 		}
-		xfree(remote_hostname);
+		xfree(remote_ipaddr);
 	}
 }
 
diff --git a/clientloop.c b/clientloop.c
index 49a943a73..721c27905 100644
--- a/clientloop.c
+++ b/clientloop.c
@@ -59,7 +59,7 @@
  */
 
 #include "includes.h"
-RCSID("$OpenBSD: clientloop.c,v 1.46 2001/01/29 16:55:36 markus Exp $");
+RCSID("$OpenBSD: clientloop.c,v 1.47 2001/01/29 19:42:35 markus Exp $");
 
 #include "ssh.h"
 #include "ssh1.h"
@@ -1069,6 +1069,8 @@ client_request_x11(const char *request_type, int rchan)
 	}
 	packet_done();
 	/* XXX check permission */
+	debug("client_request_x11: request from %s %d", originator,
+	    originator_port);
 	sock = x11_connect_display();
 	if (sock >= 0) {
 		newch = channel_new("x11",