On Mon, 26 Jul 2021, Dmitry Belyavskiy wrote: > The solution can be made more or less portable: BSD systems support similar > functionality SO_BINDANY, which can make it more acceptable upstream. > FreeBSD support different flag names with the same semantics in different > versions: IP_FREEBIND, IP_NONLOCALOK for older versions, > IP_BINDANY/IPV6_BINDANY. Using such options in FreeBSD and other BSD > systems may require extra privileges. I don't know whether IP_FREEBIND is exactly equivalent to SO_BINDANY. The getsockopt(2) manual page on OpenBSD talks discusses SO_BINDANY primarily in the context of transparent proxying and mentions that packet filter rules need to be configured to actually use it. It isn't clear whether it offers the same "prospective use" as what you want from IP_FREEBIND. Couldn't you achieve the same result without modification to sshd by using the ip_nonlocal_bind flag in the Linux kernel? -d _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
