> Now the following mux command (on client with ControlMaster connected > and running and ControlPath set appropriately): > > $ ssh -O forward -R ':0:localhost:3502' <hostaddr> > > Port ... (set with an empty bind_address) should be bind to wildcard > address, not localhost. The same -R option given for ControlMaster (or non- > multiplexed ssh client) works as expected. (Answering to myself...) The reason seems to be that the unset bind_address (i.e. NULL) is transformed into an empty string in mux.c:mux_client_forward(): buffer_put_cstring(&m, fwd->listen_host == NULL ? "" : fwd->listen_host); Separation between an unset and an empty bind_address is now lost; ControlMaster in turn nullifies such an empty listen_addr, resulting in a localhost bind. This happens in mux.c:process_mux_open_fwd(): if (*listen_addr == '\0') { free(listen_addr); listen_addr = NULL; } I guess this is done because the Buffer (i.e. the underlying sshbuf) does not differentiate NULL string from an empty one. And NULL is assumed/preferred here because it's safer. -- Sami _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev