Set IP_BIND_ADDRESS_NO_PORT on outbound tcp sockets

When bound to a local address the kernel does not know if the socket
will listen() or connect() and must reserve a port inmediately after
bind() effectively limiting the random port range to ~32k.
when IP_BIND_ADDRESS_NO_PORT is set, the kernel delays source port
allocation until the time the complete 4-tuple is known allowing
a much larger number of combinations

diff --git a/services/outside_network.c b/services/outside_network.c
index 4578bf8fc451dba6ad5e398cdd28973acdd937d6..2a081ad71078d2e09b5e4f0fe257c9e73fa43b3b 100644 (file)
--- a/services/outside_network.c
+++ b/services/outside_network.c
@@ -247,6 +247,9 @@ pick_outgoing_tcp(struct pending_tcp* pend, struct waiting_tcp* w, int s)
        if(addr_is_ip6(&pi->addr, pi->addrlen))
                ((struct sockaddr_in6*)&pi->addr)->sin6_port = 0;
        else    ((struct sockaddr_in*)&pi->addr)->sin_port = 0;
+#ifdef IP_BIND_ADDRESS_NO_PORT
+       setsockopt(s, SOL_IP, IP_BIND_ADDRESS_NO_PORT, &(int) {1}, sizeof(int));
+#endif
        if(bind(s, (struct sockaddr*)&pi->addr, pi->addrlen) != 0) {
 #ifndef USE_WINSOCK
 #ifdef EADDRNOTAVAIL