From: Cristian Rodríguez <crodriguez@owncloud.com>
Date: Sat, 23 Apr 2022 23:08:45 +0000 (+0000)
Subject: Set IP_BIND_ADDRESS_NO_PORT on outbound tcp sockets
X-Git-Tag: release-1.16.1rc1~1^2~1^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=refs%2Fpull%2F668%2Fhead;p=thirdparty%2Funbound.git

Set IP_BIND_ADDRESS_NO_PORT on outbound tcp sockets

When bound to a local address the kernel does not know if the socket
will listen() or connect() and must reserve a port inmediately after
bind() effectively limiting the random port range to ~32k.
when IP_BIND_ADDRESS_NO_PORT is set, the kernel delays source port
allocation until the time the complete 4-tuple is known allowing
a much larger number of combinations
---

diff --git a/services/outside_network.c b/services/outside_network.c
index 4578bf8fc..2a081ad71 100644
--- a/services/outside_network.c
+++ b/services/outside_network.c
@@ -247,6 +247,9 @@ pick_outgoing_tcp(struct pending_tcp* pend, struct waiting_tcp* w, int s)
 	if(addr_is_ip6(&pi->addr, pi->addrlen))
 		((struct sockaddr_in6*)&pi->addr)->sin6_port = 0;
 	else	((struct sockaddr_in*)&pi->addr)->sin_port = 0;
+#ifdef IP_BIND_ADDRESS_NO_PORT
+	setsockopt(s, SOL_IP, IP_BIND_ADDRESS_NO_PORT, &(int) {1}, sizeof(int));
+#endif
 	if(bind(s, (struct sockaddr*)&pi->addr, pi->addrlen) != 0) {
 #ifndef USE_WINSOCK
 #ifdef EADDRNOTAVAIL